CMS Patient Safety Structural Measure: Where Hospital Compliance Gets Complicated

A hospital attests “Yes” to all 25 Patient Safety Structural Measure (PSSM) statements. Months later, the organization is asked to produce board minutes documenting 20% patient safety agenda time. The minutes exist. The time allocation was never tracked. That is the PSSM compliance gap some hospitals are not prepared for: not the attestation, but the documentation required to support it.

The gap is predictable. Many hospitals working through PSSM have governance structures aligned with what the measure requires. What they often lack is documentation that is retrievable, time-stamped, and traceable to specific attestation statements. A notification system may work operationally without leaving an auditable trail of who was alerted and when. Board minutes may reflect patient safety discussions without ever recording how much of the meeting they consumed. The work is being done. The evidence that it happened is not always there to show for it.

Hospitals submit PSSM attestations annually through the National Healthcare Safety Network (NHSN), covering performance for the prior calendar year. Each of the five domains contains five statements, and a domain earns one point only when a hospital attests “Yes” to every one. There is no partial credit. For quality and patient safety leaders working through the documentation challenge, American Data Network (ADN) offers tools designed specifically to support the event reporting, complaint tracking, and safety culture documentation PSSM requires.

Key Takeaways

• PSSM attestation is only as strong as the documentation behind it: board minutes, notification records, dashboard reports, and committee materials that can be produced quickly and tied to specific attestation statements.
• The documentation gap is often not about governance structures, which many hospitals have in place, but about whether that work is captured in a form that can be produced quickly and tied to the statement it supports.
• Dashboards and tracking mechanisms are vital to meet PSSM domains and statement requirements, and to improve patient safety in hospitals in a documentable, auditable way.
• Organizations should be prepared to produce documentation that supports each attestation, particularly if their patient safety structures are reviewed as part of broader quality, safety, or compliance oversight.

What Does PSSM Compliance Actually Require? Three Areas of Operational Focus

Each of the five PSSM domains creates specific documentation expectations for hospitals that attest “Yes.” The PSSM Attestation Guide published by CMS provides examples and definitions for each statement, and is the clearest signal available about the types of evidence hospitals should be prepared to maintain.

#1. Governance requirements

Kathryn Biasotti, BSN, CPHRM, LNCC, MBA, principal with KB Consulting, who provides training on PSSM, notes that meeting PSSM requirements has to start at the top of the organization, with hospital leadership. Consider attestation statement A under Domain 1: “Our hospital senior governing board prioritizes safety as a core value, holds hospital leadership accountable for patient safety, and includes patient safety metrics to inform annual leadership performance reviews and compensation.”

Biasotti, who also volunteers with Patients for Patient Safety U.S., a non-profit group that seeks to enhance patient safety, highlights a key aspect of Domain 1 that could prove challenging for quality and patient safety leaders to demonstrate. For example, Domain 1 specifically requires a minimum amount of time that governing meetings must spend directly on patient safety: “Reporting on patient safety and workforce safety events and initiatives (such as safety outcomes, improvement work, risk assessments, event cause analysis, infection outbreak, culture of safety, or other patient safety topics) accounts for at least 20% of the regular board agenda and discussion time for senior governing board meetings.” (Statement D)

That 20% threshold is a CMS attestation requirement, not a suggestion. The minutes of your governance or board meeting should reflect it, Biasotti says, and organizations should be prepared to produce that documentation of those board-level discussions regarding safety, quality, and risk.

Consider, for example, a hospital whose board minutes log “patient safety update” as a standing agenda item but record no discussion time. That entry does not demonstrate 20% agenda coverage. It documents that the topic appeared on the agenda. The distinction matters: attestation requires evidence that patient safety occupied a substantive portion of the meeting, not simply that it was listed.

As background, tools such as the Institute for Healthcare Improvement’s (IHI) Framework for Effective Board Governance provide tips and best practices to help focus on patient safety.

#2. Documentation expectations

Domain 1’s Statement E requires that “C-suite executives and individuals on the governing board are notified within 3 business days of any confirmed serious safety events resulting in significant morbidity, mortality, or other harm.” That requirement is specific, and the documentation it demands is equally specific.

Meeting Statement E requires more than logging the event. You need a recorded digital trail of the communications surrounding it and the alerts that were made to executives. ADN’s Patient Safety Event Reporting Application is built to capture that documentation trail, with automated notifications and a task queue that keeps follow-through traceable.

Dashboards can also help hospitals meet and document PSSM attestation statements. While CMS allows for flexibility and choice, the requirement to monitor metrics remains a core competency. While acknowledging that “there is not a set of standardized outcome and process measures to monitor patient safety” (Domain 2, Statement B), CMS recommends harm indicators that may include:

• Agency for Healthcare Research and Quality (AHRQ) Patient Safety Indicators.
• Leapfrog Safety Measures.
• National Database of Nursing Quality Indicators safety measures.
• Centers for Disease Control and Prevention (CDC) NHSN measures.
• Measures reported in Centers for Medicare & Medicaid Services (CMS) quality programs.

Data-driven dashboards that collate and evaluate safety metrics keep event tracking structured and reportable, and represent one of the most direct ways to improve patient safety in hospitals in a form that satisfies the Hospital Inpatient Quality Reporting Program’s structural requirements.

#3. How compliance is verified

PSSM is an attestation-based measure submitted through NHSN, not a traditional survey standard. CMS does not send surveyors specifically to audit PSSM attestations the way it would investigate a Condition of Participation deficiency. But that distinction offers less protection than it might appear to.

Hospitals are subject to unannounced CMS surveys assessing compliance with Conditions of Participation, and those surveys involve document review, staff interviews, and direct observation. Under updated Quality Assessment and Performance Improvement (QAPI) Conditions of Participation guidance CMS issued in 2023, hospitals must maintain and demonstrate evidence of their QAPI program and governing body oversight. That creates practical overlap with several PSSM documentation areas, especially leadership oversight, patient safety metrics, and board-level accountability. Evidence of governing body oversight includes board meeting minutes showing quality and patient safety as a standing agenda item.

In practice, this means a hospital’s PSSM attestation posture and its broader survey readiness are not separate problems. The documentation that supports a “Yes” attestation to PSSM Domain 1 (board-level safety oversight, 20% agenda time, three-day notification for serious events) overlaps substantially with the documentation CMS surveyors already request during a QAPI review. Biasotti notes that hospitals should be prepared to produce evidence supporting their attestations, with documentation ready to produce rather than assembled after the fact.

Across the five domains, the documentation most commonly needed to support attestation includes:

• Board and committee meeting minutes: for PSSM Domain 1, these need to show not just that patient safety was discussed, but that it occupied at least 20% of meeting time. Minutes that list “patient safety update” as a line item without reflecting substantive discussion time will not support that attestation.
• Serious safety event notification records: Domain 1, Statement E requires C-suite and board notification within three business days of any confirmed serious safety event resulting in significant morbidity, mortality, or other harm. That trail needs to be retrievable by event, date, and recipient.
• Safety metric dashboards and reports: reviewers look for evidence that patient safety data is being tracked, analyzed, and acted on, not just collected. Under Domain 2, that means documented use of recognized harm indicators such as AHRQ Patient Safety Indicators, NHSN measures, or Leapfrog Safety Measures, with evidence that gaps informed improvement activities.
• Culture of safety survey results and follow-through: Domain 3 requires conducting a validated culture of safety survey annually (or every two years with pulse surveys), sharing results with the governing board and staff, and using those results to inform unit-based interventions. Documentation should show the survey results themselves, the improvement actions taken in response, and the connection between the two. Domain 3 also requires participation in a patient safety learning network. Membership in an AHRQ-listed Patient Safety Organization (PSO) satisfies that requirement and provides legal protections for event data shared within the network.
• PFAC composition documentation and rationale: Domain 5 requires that the Patient and Family Advisory Council (PFAC) reflect the patient population, and the PSSM Attestation Guide makes clear that hospitals must document not just the composition, but the reasoning behind it. This is an area where hospitals are most likely to have the structure but not the paper trail.
• Performance review documentation: Domain 1 requires that patient safety metrics inform annual leadership performance reviews and compensation. HR documentation connecting safety metrics to performance evaluations is the supporting evidence here, an area that often sits outside the Quality Officer’s direct control and requires cross-functional coordination.

Closing the PSSM Documentation Gap

What triggers a closer look is typically the same thing it has always been in CMS surveys: a gap between what a hospital says it does and what documentation shows. A hospital that attests “Yes” across all 25 statements but cannot quickly produce board minutes showing 20% patient safety agenda time, or a retrievable notification log for serious events, has created a documentation liability. PSSM scores will be publicly reported on Care Compare beginning in fall 2026, adding reputational stakes to the compliance picture.

ADN’s Patient Safety Event Reporting Application gives quality and patient safety leaders a structured way to capture events, automate notifications to executives, and maintain the retrievable documentation trail that Domains 1 and 2 require. For Domain 3, ADN’s Culture of Safety Survey services administer the AHRQ SOPS survey, analyze results, and deliver comprehensive reports, supporting both the attestation requirement and the governing board reporting it demands. ADN is also an AHRQ-listed Patient Safety Organization, satisfying Domain 3’s learning network participation requirement. For Domain 5, ADN’s Hospital Complaints and Grievances application supports the patient feedback and grievance tracking that patient engagement attestation requires.

PSSM makes documentation discipline essential: each attestation should be tied to clear, retrievable evidence. Working through each specific attestation statement and creating a checklist of the documentation required to support it will put quality and patient safety leaders in a prime position to meet PSSM requirements and withstand scrutiny if the organization is asked to support its attestation.