Reporting to ISMP as a PSO

PSO discussion

Healthcare practitioners and organizations can submit patient safety information, including error reports, hazard reports, and survey data, to ISMP as a federally certified Patient Safety Organization (PSO). Federal legal is afforded to certain patient safety information submitted to ISMP as a PSO if the following criteria, described in detail in the Federal Patient Safety Act,1 are met:

  • The patient safety information was collected within the reporter's patient safety evaluation system.
  • The patient safety information is reported to ISMP by a healthcare provider.
  • The patient safety information is documented by the healthcare provider as being patient safety work product.

Information submitted to ISMP as a PSO that CANNOT be protected in the event of a lawsuit includes:

  • The basic facts, whether written or observed, regarding what happened
  • The patient's medical/health records
  • The patient's billing or discharge information
  • The provider's business records
  • Information collected to comply with external reporting obligations (e.g., state regulatory agencies, National Practitioner Data Bank)

Except as listed above, information derived from within a patient safety evaluation system during analysis of the event to determine why it happened, whether provided by you to ISMP or communicated back to you by ISMP, is granted federal protection. This means that the information cannot be used against the healthcare provider or any of its employees during a disciplinary action or civil lawsuit. The information is protected from legal discovery, and neither ISMP nor the healthcare provider will be required to disclose the data.

A contractual agreement between the healthcare provider and ISMP is NOT required for protection of the eligible patient safety information submitted to, or shared with, ISMP.

Eligible patient safety information received by ISMP from a provider through the PSO reporting portals will be considered protected patient safety work product unless otherwise directed by the provider, and thus afforded the highest degree of security and non-disclosure required by law. Patient safety work product will only be disclosed if it can be reasonably and contextually de-identified.

Please contact ISMP at 215-947-7797 to discuss any concerns or questions you have regarding the submission of patient safety information to ISMP as a PSO under the provisions of the Patient Safety Act.1

If you would like to report an event or other patient safety data with ISMP as a PSO, please click on the appropriate button below. 

Report a Medication Error to ISMP PSO

Report a Vaccine Error to ISMP PSO


Patient Safety Evaluation System (PSES) – the mechanism by which the provider collects, manages, and analyzes information; it is the protected space in which PSWP is assembled or developed for reporting to or from a PSO.

Patient Safety Organization (PSO) – an entity or a component of an organization that is listed by the Agency for Healthcare Research and Quality based upon a self-attestation that it meets certain criteria established in the Patient Safety Act.1 The primary activity of a PSO is to improve patient safety and healthcare quality.

Patient Safety Work Product (PSWP) – the information protected by the privilege and confidentiality protections of the Patient Safety Act.1 PSWP includes certain data, reports, records, memoranda, analyses (portions of root cause analyses), or written or oral statements related to analysis of a risk or event which are gathered to report to a PSO, or developed by a PSO in the conduct of defined patient safety activities. A provider’s business records and a patient’s original medical record or billing and discharge information cannot be considered PSWP; nor can the basic step-by-step factual description of what happened during an event. Only the analysis of why the event happened and further deliberation of this information is considered PSWP. External reporting obligations also cannot be satisfied with PSWP. Thus, information that is collected to comply with external reporting obligations, such as reporting obligations to state regulatory agencies and the National Practitioner Data Bank, cannot be considered PSWP.

Provider – an individual or entity licensed or otherwise authorized under State law to provide healthcare services.



  1. Department of Health and Human Services. Patient Safety and Quality Improvement; final rule (42 CFR Part 3). November 21, 2008. In: Federal Register. 2008;73(226):70731-814. Accessed on August 11, 2017.