The Federal OCR has proposed new administrative rules. Its summary says:

"The proposed regulation addresses the listing and operation of PSOs, the privilege and confidentiality protection for patient safety work product, the disclosure permissions for patient safety work product, and the enforcement of the confidentiality protection.

"OCR’s enforcement responsibility includes the imposition of a civil money penalty for a knowing or reckless impermissible disclosure of patient safety work product. A civil money penalty may be imposed in an amount up to $10,000 for each violation. In addition, a principal may be separately liable for a civil money penalty based on a violation by its agent.

"The Patient Safety Act recognizes certain provisions of the HIPAA Privacy Rule are implicated by covered entity providers seeking the protections of the Patient Safety Act. The proposed regulation addresses how the HIPAA Privacy Rule disclosure permissions operate in conjunction with the proposed patient safety disclosure permissions.

"You may review the proposed regulation in the Federal Register (http://a257.g.akamaitech.net/7/257/2422/01jan20081800/edocket.access.gpo.gov/2008/pdf/E8-2375.pdf) or at the Regulations.gov web portal (http://www.regulations.gov/fdmspublic/component/main?main=DocumentDetail&o=09000064803acce8). If you wish to comment on the proposed regulation, you may do so through the Regulations.gov web portal or by mail or hand delivery of comments to AHRQ as specified in the preamble."

Because this is an important issue, I suggest that you check the referenced URL.