CMS is taking additional action to combat preventable patient harm by publishing its vision of excellence in patient safety. This vision outlines 25 “measures” (sets of standards) across five domains, accompanied by a scoring system that healthcare systems will use to self-assess and attest their achievement of these standards.The first annual attestation,for the calendar year 2025, is due March 2026, with results to become public at CMS Care Compare October 2026.
Attention to the rule and more investment in patient safety is compelling for healthcare systems aiming for high public scores and an undefined performance incentive. Many healthcare systems may initially find themselves scoring zero on a five-point scale unless they take action to align with CMS’s vision as the scoring system offers no partial credit for missed or incomplete measures in any of the five domains.
It would seem by design, almost every healthcare system in the US will self evaluate a score of zero on this five point scale in their first gap analysis.
Learn more below about PSSM and suggested next steps as your healthcare system looks to understand the scope and mechanism CMS is using to compel investment in patient safety, clinical quality, and risk management.
About the Author
Dan Corcoran is a 2025 committee chair for ASHRM’s Educational Development Content Committee (www.ashrm.org) and the CEO of SafeQual, a software company that provides enterprise software to reduce complexity and improve productivity in the pursuit of zero preventable harm. SafeQual offers software that will reduce the number of FTE’s required to to achieve higher scores in the CMS patient safety structural measure (PSSM).
The content below is formed from verbal conversations with healthcare leaders, advisors, and valued staff as SafeQual contrasted PSSM with the free SafeQual’s Operational Excellence Model for safety, quality, and risk management in determination of what additional software innovations could be offered to reduce complexity and improve productivity for our users.
Industry Articles and the CMS Rule in the Federal Register
If you are familiar with healthcare and the lack of progress in patient safety, skip this section.
“Who Killed Patient Safety”, is an excellence read on the challenges of healthcare patient safety.
For those without a background in safety, quality and risk management, I direct you to this easier to read article from the Betsy Lehman Center for Patient Safety :
https://betsylehmancenterma.gov/assets/uploads/CMS_PSSM_combined.pdf
Hospitals Impacted by the Rule
The rule applies to all acute care hospitals participating in the Hospital Inpatient Quality Reporting (IQR) and PPS Exempt Cancer Hospital Quality Reporting (PCHQR) programs.
However, certain types of hospitals, including psychiatric, rehabilitation, children’s hospitals, and critical access hospitals, are exempt from the requirements.
Those hospitals within the scope of the rule must ensure they comply with at least the reporting requirements to avoid Medicare payment reductions.
The Need for the CMS Patient Safety Structural Measure
Despite significant advances in healthcare, patient harm remains a pressing issue in many hospital settings. CMS’s new structural measure rule is a direct response to this challenge.
CMS is compelling hospitals to prioritize safety through enhanced culture and systems through a combination of promotion, transparency, and accountability to their vision of patient safety. In essence CMS is taking many best practices and raising them to be the standard for patient safety, organized into five domains with a pass/fail on each domain determined by adherence to 5 measures, each of which contains one or more standards in the form of a statement a healthcare system will attest “yes or no” is descriptive of their healthcare system.
For now, there are no real financial penalties to talk about, unless a healthcare system fails to provide a self attestation on their standing with each of the 25 measures, as yes/no, submitted on-time, into the proper form that will be available on-line in 2026. The single real financial penalty is in the form of reduced annual percentage updates to medicare payments.
Are there Any Teeth?
What are teeth then you might ask? They include
(a) Hospitals that fail to implement as many measures as other hospitals, face reputational harm, perhaps facing lower resulting revenue if in a competitive market, when CMS publishes hospital scores on the internet in Fall of 2026.
(b) Additional competition for talent and pride of their healthcare system over others.
(c) Withholding performance incentives hinted at in 2027, but not defined, in the rule1.
While in following years CMS may choose additional consequences, reputational harm is the most apparent consequence from a scoring system based on self attestations that is clearly intended to deliver shock value up front, as many healthcare systems first attempt at a gap analysis will reveal a score 0 on a scale of five points.
In addition hospitals sharing the same medicare code, need to attest together, and share the same score.2
1,2 Kathyrn Biasotti, https://www.linkedin.com/in/kathryn-biasotti-49680611b/
Key Domains of the Measure
The patient safety structural measure evaluates hospitals across five critical domains, each of which plays a big role in creating a safer healthcare environment:
- Leadership Commitment: Hospital leadership must demonstrate a firm commitment to eliminating preventable harm.
- Strategic Planning and Organizational Policy: Hospitals must establish clear strategies and policies that prioritize patient safety.
- Culture of Safety and Learning: This domain focuses on fostering a culture where safety is integrated into the hospital’s daily operations, emphasizing learning and continuous improvement.
- Accountability and Transparency: Hospitals must maintain transparency and accountability, ensuring that safety issues are addressed openly and promptly.
- Patient and Family Engagement: Active involvement of patients and families in safety initiatives is essential to prevent harm and improve outcomes.
How the CMS Patient Safety Structural Measure Works
Finishing each calendar year starting with 2025, hospitals will need to annually attest to a set of 25 statements related to the mentioned 25 measures, 5 each per 5 safety domains.
Each yes/no attestation is a statement of having implemented one or more standards described in the rule. Hospitals can earn up to five points – one point in each domain in which they provide affirmative attestations for every statement. No partial credit.
It is quite possible to be doing 80% of the standards described in these measures, and score zero.
Timeline and Public Transparency
Transparency is an important element of this measure.
From Fall 2026 onward, CMS will publicly share each hospital’s patient safety structural measure score on the Care Compare website on Medicare.gov. This public reporting will enable patients, families, and other stakeholders to evaluate hospitals’ commitment to safety.
August 2024 to 2025: A little bit of runway for healthcare systems to get into action
Calendar Year 2025: The first year healthcare systems are going to attest to each of the 25 measures.
Early March 2026: When Attestations, for Calendar 2025 are due
October 2026: Publication of scores on Medicare.gov
2027: First Financial penalties for not meeting the reporting needs on time March 2026
Rinse and repeat annually.
Burden or Opportunity
Has CMS effectively stepped in to respond to the article “Who Killed Patient Safety”?1
Presumably most healthcare system CEOs desire to avoid attesting “no” to any of the 25 structural measures on January 1, 2026, and if they do, they will invest to avoid repeating that again in 2026 or 2027.
It will be a burden to pursue so many measures / best practices at once.
- Some of these measures cannot be accomplished without additional personnel and modernization of the processes thousands of employees follow today.
- Most healthcare systems do not have enough time to estimate costs and formally budget the necessary expenditures on time for the coming year.
- At least some healthcare systems will view these measures as an invasion of their previously chosen strategies in providing quality clinical care. They could view the additional measures they need to pursue, or the reorganization of existing strategies, as costly with little incremental improvement on patient safety.
For safety, quality, compliance, and risk management leaders view this as an opportunity, they will have the necessary justification to pursue budgets for at least the following:
- Fill vital roles in patient safety, employee safety, clinical quality, process improvement, and risk management that are currently vacant.
- Expand their staffs temporarily for implementation and permanently to maintain a more potent operational tempo in safety, quality, and risk.
- Purchase new, or upgrade to modernize their patient safety and risk management software. The implementation of the latest software products from companies like RLDATIX, SafeQual, and perhaps others reduce the number of people required to maintain increased operational excellence.
- Software is virtually required for functions like:
- Incident Reporting
- Staff intensive workflows around ACA’s and RCA’s, the foundation for the data neede in many KPI’s
- Reliably manage the processes around CANDOR, insuring they are swift and effective always
- Rounding and Audits
- Calculating and reporting KPI’s
- Process document management including review and approval
- Software is desirable for
- Workforce Safety
- PDSA’s, FMEA’s,
- Software products focused on doing the above with less complexity and more productivity, like SafeQual, can enable healthcare systems to accomplish their goals with fewer staff additions.
- Software is virtually required for functions like:
Are there other opportunities?
- Rather than “adding on” new responsibilities to existing roles, will some healthcare systems redesign their systems, leveraging new software tools that support collaboration across thousands of healthcare staff?
- Consolidating / Deleting silo’s of data and the manual workflows that exist to support them.
- Will the patient experience change, with each care setting engaging more with patient families and representatives in the future when patients are harmed?
A Role for Artificial Intelligence (high level draft)
Reducing some of the future burden of PSSM may fall to generative artificial intelligence. Generative Artificial Intelligence (AI) can play a significant role in enhancing CMS patient safety structural measures. Here are a few ways AI can be integrated:
- Data Analysis and Reporting: AI can streamline the process of collecting and analyzing data required for CMS reporting. This can ensure more accurate and timely reporting of patient safety measures.
- Decision Support Systems: AI-powered decision support systems can assist healthcare providers in making more informed decisions, reducing the likelihood of errors3.
- Monitoring and Compliance: AI can continuously monitor compliance with safety protocols and alert staff to any deviations, ensuring that hospitals maintain high standards of patient safety3.
- Patient Safety Culture: AI tools can help assess and improve the culture of safety within healthcare organizations by analyzing feedback from staff and patients, identifying areas for improvement4.
Next Steps for you as a Risk Manager
- Education: Become familiar with the 5 domains and 25 measures to
- Know what conversations you need to be having with your CMO, CNO, in addition to your safety, quality, and risk management peers.
- Understand New Litigation Risks: Understand what best practices exist and determine how you can implement them.
- PSO: Become or delegate someone to become an expert on how your healthcare system operates with it’s PSO.
- Career Advancement: Consider if you are the leader your healthcare system needs, and if not, will you become that person or delegate? Will you become that person and have a strong second in command that can manage all the necessary details and delegation?
- ASHRM Playbooks: Look back at the wealth of information you can use from the materials on hand from ASHRM, especially the new leadership Playbook
https://www.ashrm.org/leadership-playbook
Next Steps for your Healthcare System
Consider the following steps:
- Leadership Engagement: Ensure leadership is aware of the extensive changes needed, including potential staffing, technology, and operational shifts. Is there a commitment to allocate resources for these changes or to conduct a gap analysis?
- Eliminate EGO in Initial GAP Analysis: Ensure any initial GAP analysis does not overstate the readiness of your healthcare system to score high on PSSM. The designers of the scoring system are well aware of the pitfalls of past attestation methods, making this version much harder to pass. Keep ego to a minimum, communicate that a score of 1 or less, is not unexpected as CMS is forcefully compelling change. embrace your healthcare system
- Staffing Needs: Assess whether there are urgent staffing vacancies that must be filled before moving forward. Is funding available to hire additional staff across patient safety, quality, risk, and compliance areas?
- Consulting Resources: If your budget allows, consider engaging consulting organizations, but be aware that their top resources may be booked quickly.
- Technology Assessment: Evaluate existing technology infrastructure. Are you facing technological debt that might hinder success? Will necessary technology decisions need to be made soon to ensure you have the data required before the end of 2025?
- Data & KPI’s: When conducting a gap analysis between the 25 PSSM measures and current practices in your healthcare system, emphasize the data and KPIs related to patient harm early on. Are incidents being reported at a convincing rate, such as 15 events per bed? Is apparent cause analysis (mini root cause) being conducted on 70% or more of events within 14 days? If not, prioritize the necessary efforts and resources to enhance safety culture and data collection. This foundational data is crucial.
- Strategic Assessment: Does this compliment or work against the strategic plans of your organization? Do existing partnerships and contracts need to be reconfigured to achieve any of the structural measures? Is there a cost involved for your healthcare system to support your partner’s role in your success? Are their new requirements you have of your vendors?
- Access to Resources: Are you funding your safety, quality, risk, and compliance leaders to participate in the industry organizations that support them, for example Risk Managers belong to ASHRM, patient safety leaders to IHI, and quality leaders to NAHQ? How about their supporting staff? These organizations hold the lowest cost resources, short of free, in aid of your leaders.
- Recovering Costs: How can you lobby CMS and commercial payers to foot the costs involved for your healthcare system, especially if they receive the financial benefits of reduced patient harm?
Final Thoughts
PSSM establishes a comprehensive standard for achieving patient safety through leadership, strategic planning, transparency, and patient inclusion. Many of the 25 new patient safety measures have been recognized as best practices for years, with educational resources readily available.
I extend my sincere appreciation to all those who have thoughtfully contributed to enhancing patient safety in any way .Congratulations to everyone whose ideas have been integrated into the Patient Safety Structural Measure (PSSM). I hope patient safety will indeed “be saved” and reward all of us with measurable improvement in patient outcomes in the years ahead.
There is reason to be optimistic. To comply with these new CMS patient safety structural measures, hospitals must invest in software tools, culture, and human resources to implement and sustain these standards. Educational resources from organizations such as ASHRM (e.g., the new leadership playbook), IHI (patient safety), and AHRQ (process improvement and clinical quality) will become more deeply engrained into the operations of our healthcare system.
For those starting this journey, I recommend a holistic organizational change rather than merely adding responsibilities to existing teams. Be proactive in learning and consider visiting organizations that have successfully implemented the best practices at the foundation of these measures, to gain insights and best practices.