Patient Safety Institute


Privacy & Security

Protecting the privacy and security of sensitive patient information is key to the mission of PSI and to its Board of Directors:

  • PSI's Board of Directors includes leading consumer advocates who will have governance over all patient privacy issues.
  • The PSI bylaws state that no identifiable individual data will ever be released by PSI to any other person or organization unless specifically authorized by the patient.
  • PSI is a voluntary initiative; the patient, his or her physician, and their hospital all must deliberately choose to participate and can opt out of the system at any time.
  • The patient's Social Security number will never be used as the de facto unique patient identifier.
  • PSI will employ an enhanced security technology to maintain patient confidentiality at a higher standard than is currently in use or mandated. This security feature requires that the digital identity of the patient, physician and clinic/hospital be authenticated before the patient's clinical information is released to the patient-approved physician.
  • Identifiable patient data will continue to be stored under the jurisdiction of the patient's physician and hospital and at their current locations.
  • Both the PSI communications network and data center will be protected by the latest in technological and physical security measures, to ensure that a breach of security in any part of the system will not yield identifiable clinical information.
  • All data that is transmitted to or from PSI is processed in a manner that equals or exceeds all federal and state mandated privacy, security and HIPAA statutes.