CMS Patient Safety Structural Measure (PSSM): Complete Guide + Hospital Calculator (2026)

By Paul C. Mullan, MD, MPH

Emergency Medicine Physician | Quality & Patient Safety Leader | AHDQ PSO Leader

Published: March 16, 2026 Last Updated: March 17, 2026

What Is the CMS Patient Safety Structural Measure?

Definition

The CMS Patient Safety Structural Measure (PSSM) is a federal reporting requirement for hospitals that evaluates whether a healthcare organization has the infrastructure, governance, and learning systems needed to prevent harm before it reaches a patient. It consists of 25 attestation statements across five domains, with a maximum facility score of five points. Hospitals must answer "Yes" to all five statements within a domain to earn one point for that domain.

Unlike traditional patient safety metrics that measure outcomes such as infection rates, the PSSM asks a fundamentally different question:

Why this matters:

• Required for CMS Hospital Inpatient Quality Reporting (IQR) and PPS-Exempt Cancer Hospital Quality Reporting (PCHQR) programs

• Evaluates safety infrastructure and leadership accountability, not clinical outcomes

• Attestation scores are reported publicly on CMS Care Compare, where patients, employers, and payers can compare hospital safety infrastructure side by side

• Hospitals that fail to report face Medicare reimbursement penalties beginning with FY2027 payment determinations

In practical terms: this measure asks whether your hospital has built the structures needed to learn from safety events in real time. Does your governing board receive serious safety event notifications within three business days? Does your hospital work with an AHRQ-listed PSO? Do staff have a confidential reporting system with a feedback loop? Those are the kinds of questions PSSM answers and where most hospitals discover their gaps. ⚡ Critical Deadline: The attestation window is April 1 to May 15 each year for the prior calendar year. Attestation is submitted through NHSN at the OrgID level. The PSSM is currently authorized through FY2027.

Because the 25 attestation statements, guides, protocols, and forms span multiple federal sources and are challenging to fully comprehend, we built a free PSSM calculator and checklist tool that consolidates them into a single assessment source.

Take the Free PSSM Calculator and Readiness Checklist →

What This Article Covers

• What the CMS Patient Safety Structural Measure actually evaluates and how it is scored

• Why CMS shifted from outcome measures to structural measures

• Key deadlines, IQR and PCHQR program requirements

• All 25 verbatim attestation statements organized by domain, with key references

• The specific infrastructure hospitals must demonstrate, domain by domain

• PSSM Operational Cadence Framework table to calendarize all activities (daily through bi-annual)

• PSSM Hospital Roles and Responsibilities table mapping of all activities to domains

• Why many organizations struggle with compliance, including the 5 to 10% reporting problem

• How the five HRO principles align with the 25 PSSM statements

• The free AHDQ PSO PSSM Calculator and Readiness Checklist

• The SAFER Scorecard for clinical debriefing readiness

• Step-by-step preparation guide for hospital leaders

• Frequently asked questions
  

Why CMS Created the Patient Safety Structural Measure

For decades, healthcare quality measurement focused almost exclusively on outcomes. If infection rates were low and mortality was acceptable, a hospital was considered to be performing well. But this approach had a critical blind spot: outcomes do not reveal whether a hospital has the systems required to prevent harm, or whether good outcomes are simply the product of low acuity in the underlying population or underreporting. Research has continued to highlight the scale of preventable patient harm. A landmark BMJ study estimated that medical errors represent the third highest leading cause of death in the United States. Despite decades of awareness, preventable harm persists at significant levels across healthcare systems.

The PSSM reflects a maturation of quality science: the recognition that durable safety improvement requires organizational infrastructure, not just measurement. This concept maps precisely to Avedis Donabedian's foundational structure-process-outcome framework, which has guided healthcare quality measurement since the 1960s: structures (such as governance, systems, and policies) enable reliable processes (such as event review, huddles, and feedback loops), which in turn produce better outcomes. (Donabedian A. The quality of care. JAMA. 1988;260(12):1743-1748.) The PSSM is a structural measure, and CMS's intent is that getting the structures right is a necessary precondition for the processes and outcomes to follow.

This shift aligns with frameworks developed by:

• AHRQ's Patient Safety program: AHRQ frames patient safety as a system-level challenge, offering a comprehensive library of tools for culture assessment, root cause analysis, incident reporting design, learning system development, and event communication, all of which map directly to specific PSSM attestation statements.

• The Institute for Healthcare Improvement (IHI): IHI's safety frameworks argue that safe care requires not just committed clinicians but disciplined organizational systems, including board-level leadership accountability, structured learning networks, workforce safety culture programs, and high-reliability practices that mirror the PSSM's five domains.

• The National Academy of Medicine's Learning Health System concept: NAM describes a learning health system as one where data from everyday clinical care is continuously fed back to improve the processes that generate it, the intellectual foundation for the PSSM domains on safety metrics dashboards, PSO membership, serious safety event analysis, and participation in external learning networks.
  

The PSSM builds on all five of the safety system commitments these frameworks share:

1. Leadership engagement: Governing boards and C-suite leaders must treat safety as a core organizational value with measurable accountability.

2. Strategic planning and just culture: Safety goals must be public, equity-aware, and accompanied by policies that distinguish error from recklessness.

3. Culture of safety and learning: Hospitals need validated culture surveys, serious safety event analysis teams, real-time dashboards, high reliability practices, and learning networks.

4. Accountability and transparency: Reporting systems must protect those who report, close the loop with feedback, and include post-harm communication and resolution processes.

5. Patient and family engagement: Patients and families are not passive recipients of care. They are essential members of the safety team, contributing to safety event reporting, rounding, discharge planning, and advisory governance.
   

In short: CMS is not just asking how many bad events happened. It is asking whether your organization is built to stop them.

IQR and PCHQR Program Requirements: What Hospitals Need to Know

The PSSM was added to the Hospital Inpatient Quality Reporting (IQR) Program and the Prospective Payment System (PPS)-Exempt Cancer Hospital Quality Reporting (PCHQR) Program through the fiscal year 2025 Medicare Hospital Inpatient Prospective Payment System final rule, published in August 2024.

Hospital Inpatient Quality Reporting (IQR) Program

The IQR program is a pay-for-reporting program that requires acute care hospitals paid under IPPS to submit quality data to CMS. Hospitals that do not meet reporting requirements face a reduction in their annual payment update. Beginning in 2026, IQR-participating hospitals must complete PSSM attestation annually during the April 1 to May 15 window for the prior calendar year. Attestation is submitted through NHSN at the facility's OrgID level.

PPS-Exempt Cancer Hospital Quality Reporting (PCHQR) Program

The PCHQR program requires the 11 PPS-exempt cancer hospitals designated under Section 1886(d)(1)(B)(v) of the Social Security Act to report quality measures. Like IQR hospitals, PCHQR hospitals must attest to the PSSM annually during the April 1 to May 15 window beginning in 2026. The PSSM is the same across both programs.

Critical Access Hospitals (CAHs)

CAHs are not required to report the PSSM but may submit PSSM data voluntarily.

CCN-Level Scoring

Each hospital attests at the OrgID level, but scores are reported and used at the CMS Certification Number (CCN) level. For multi-facility CCNs, the lowest facility score among hospitals sharing a CCN is assigned as the CCN Score. This has an important implication for health systems: one underperforming facility can drag down the system's reported score.

Where to Submit and How to Track

Hospitals submit PSSM data through NHSN. The Hospital and Group Line List (Patient Safety Structural Measure Report) in NHSN allows hospitals to review attestation responses, domain scores, and facility scores before the CMS deadline. For program-specific guidance, visit QualityNet or the Quality Reporting Center.

CMS PSSM Attestation Statements: Complete Reference with Key Resources

Table 1: CMS PSSM Attestation Statements: All 25 Verbatim Requirements with Key References and Free Resources

PSSM Organizational Cadence Framework Table

Knowing what your hospital needs to do is one thing, but knowing when to do it to stay in compliance is equally important. The PSSM Organizational Cadence Framework maps each required PSSM safety activity to a recommended frequency (daily, weekly, monthly, quarterly, or annually) so your team can build attestation-ready practices into existing workflows rather than scrambling before a survey (Table 2).

Table 2: PSSM Organizational Cadence Framework: Safety Activities Calendarized by Frequency and Domain. An Excel downloadable template is available below the table title.

Roles and Responsibilities: Who Does What for PSSM

PSSM compliance is not just one person's job. It spans from the board room to the family member at the bedside. The PSSM Roles and Responsibilities table breaks down who owns what tasks across your leadership structure, from the senior governing board and C-suite executives to patient safety officers, frontline managers, and clinical staff. Each activity is mapped to its corresponding PSSM domain so accountability is clear. Download the Excel template to start assigning owners at your hospital.

Table 3: PSSM Roles and Responsibilities: Hospital Staff Activities and Domain Alignment. An Excel download template is available below the table title.

Why Hospitals Struggle with PSSM Compliance

The goals of the Patient Safety Structural Measure are widely supported. Nearly every healthcare leader agrees that hospitals should have robust safety systems. Yet compliance challenges are common. Here is why.

Fragmented Reporting Infrastructure

Many hospitals operate multiple, disconnected tools: an internal reporting platform, a separate incident management system, a risk management database, and a paper-based process for certain unit types. Fragmentation prevents the synthesis of insights across the system. When data cannot be aggregated, patterns cannot be detected, and the learning component of the PSSM becomes nearly impossible to demonstrate.

The 5 to 10% Reporting Problem and What to Do About It

Even when reporting systems are technically available, the vast majority of harmful events and near misses are never captured. Research consistently shows that incident reporting systems miss the overwhelming majority of patient harm. A 2023 systematic review found that 2011 study by Hibbert and colleagues published in the International Journal for Quality in Health Care found that most studies showed that <5% of actual harm was reported, meaning that 95% of harm events typically are going unreported.

The implications for PSSM compliance are significant: a reporting system that only captures 5 to 10% of harm events is not, in any meaningful sense, a learning system. It is an administrative artifact.

This reframes how hospitals should think about D4-A and D3-D. Rather than treating incident reporting as the primary or sole mechanism for capturing safety intelligence, leading organizations are building layered event capture systems that treat everyday clinical communication as a source of safety data. These include:

• Safety briefings (a D3-D high-reliability team communication practice): Pre-shift or pre-procedure structured conversations that surface anticipated risks and role expectations before events occur, creating a proactive safety signal before harm has a chance to happen.

• Tiered safety huddles (a D3-D high-reliability practice): Daily structured conversations at the unit, department, and executive level that identify real-time operational concerns and near misses, and escalate them to leadership the same day.

• Clinical event debriefings (a D3-D high-reliability team communication practice): Structured post-event team conversations that capture frontline insights within minutes of a significant patient care event, before memory and context degrade. Research shows that debriefing surfaces issues that formal reporting systems routinely miss, including communication gaps, workflow failures, and latent system vulnerabilities.

• Patient and caregiver safety reports: D5-D specifically requires that hospitals incorporate patient and caregiver input about safety events and signals, a recognition that patients often see safety failures that clinical teams do not.
  

The integration of these learning mechanisms with formal reporting systems, so that insights from huddles and debriefs feed the same improvement infrastructure as incident reports, is what distinguishes a compliance-level reporting system from a genuine safety learning system.

Delayed Learning Cycles

Traditional event review processes can take weeks or months. By the time a root cause analysis is complete, the clinical team involved has often moved on, and key contextual details have faded. D3-D's inclusion of high-reliability team communication practices such as tiered huddles, briefings, and clinical debriefings reflects a CMS recognition that real-time learning is necessary alongside formal structured review.

Absent or Informal Debriefing After Clinical Event

Many hospitals lack a structured, reliable mechanism for capturing frontline insights immediately after clinical events. Informal hallway conversations happen, but they produce no documentation, no organizational learning, and no PSSM-relevant evidence. Without structured debriefing, hospitals miss one of the highest-value, lowest-cost safety improvement opportunities available, one that directly supports D3-D, D4-A, D4-B, and D1-C.

Domain 5 Activities are Underbuilt at Most Hospitals

Patient and Family Engagement is the domain most frequently overlooked in hospital safety programs. Many hospitals have a PFAC focused on amenities and patient experience rather than safety governance. D5-A requires that the PFAC have input into safety goal-setting, metrics selection, and improvement initiatives, and that PFAC members participate in board meetings. Building this infrastructure takes time and intentional redesign.

Governance Theater Versus Genuine Oversight

Some hospitals have patient safety committees that meet and generate minutes, but where safety metrics are reviewed without action, and safety concerns raised by frontline staff never reach the board. CMS is increasingly focused on the quality of governance, not just its existence. Documentation without engagement is unlikely to meet PSSM expectations in the long term.

How High-Reliability Organizations Approach Patient Safety Infrastructure

High-reliability organizations (HROs) achieve sustained safety performance in environments where failure is possible but catastrophic outcomes remain rare. Healthcare has increasingly adopted HRO principles as the foundation for patient safety strategy. The PSSM's five domains and 25 attestation statements are, in essence, a structured operationalization of HRO principles at the hospital level. The five HRO principles, as defined by Weick and Sutcliffe and applied in healthcare by the Joint Commission and IHI, are: (1) Preoccupation with Failure, (2) Reluctance to Simplify, (3) Sensitivity to Operations, (4) Commitment to Resilience, and (5) Deference to Expertise.

Table 4: Five Principles of High Reliability Organizations in Healthcare: CMS PSSM Alignment, Definitions, HRO Activities, and Strategic Thought Exercises

The SAFER Scorecard: Assessing Your Organization's High Reliability Organization Practices

The SAFER Assessment evaluates your organization's ability to establish a high-reliability system for learning from patient safety events using clinical debriefing processes and systems.

Debriefing is an HRO activity that aligns with all five of the HRO principles:

• Sensitivity to Operations: Debriefing brings leaders into direct contact with frontline accounts of what actually happened, creating real-time operational awareness that dashboards and reports cannot fully replicate.

• Reluctance to Simplify: A well-facilitated debrief actively resists premature conclusions, probing for system-level factors beneath surface-level event descriptions.

• Preoccupation with Failure: Debriefing treats every significant clinical event, including near misses, as a signal worth examining, not a minor deviation to move past.

• Deference to Expertise: Debriefs elevate the voice of the frontline clinician who was present and give their account primacy over retrospective administrative reconstruction.

• Commitment to Resilience: Regular debriefing builds team capacity to learn from adversity and adapt, the behavioral foundation of organizational resilience.
  

The SAFER Assessment also aligns directly with five PSSM attestation domains:

• D1-C Governing board ensures adequate resources to support patient safety, including communication and learning systems.

• D2-E Workforce safety improvement plan addressing psychological safety and team communication capacity.

• D3-D High reliability practices including team communication training in debriefing best practices and data infrastructure for tracking events.

• D3-E Participation in learning networks that share safety event data and implement best practices.

• D4-B Partnership with an AHRQ-listed PSO to carry out patient safety activities including collection and analysis of patient safety work product.
  

The evidence base for structured debriefing as a performance improvement tool is substantial. A landmark meta-analysis by Tannenbaum and Cerasoli (Human Factors, 2013) found that team and individual debriefs enhanced performance by an average of 25% across a wide range of settings and domains. In aviation, the systematic adoption of crew resource management and post-flight debriefing practices contributed to dramatic, sustained reductions in fatal accidet rates over several decades.

After completing the SAFER Assessment, hospital leaders receive a scored current-state scorecard that identifies gaps in debriefing infrastructure, culture, and process, and surfaces the highest-priority areas to address first.

Take the SAFER Assessment →

The Patient Safety Structural Measure Calculator and Readiness Checklist

🔎 Is your hospital actually ready to attest "Yes" to all 25 PSSM statements?

Because the 25 attestation statements, guides, protocols, and forms span multiple federal sources with information that is challenging to fully comprehend, many hospital leaders genuinely do not know where their gaps are until it is too late to close them before the April 1 to May 15 attestation window.

Take the Free AHDQ PSO PSSM Calculator and Readiness Checklist →

The CMS PSSM readiness calculator and checklist is designed for hospitals at every stage of their PSSM journey:

• For hospitals that can already attest "Yes" to all 25 statements: The calculator provides detailed guides, tools, and resources linked to each attestation statement to help strengthen documentation, sharpen practices, and maintain compliance with confidence through each annual reporting cycle.

• For hospitals earlier in their PSSM journey: The calculator identifies which attestation statements represent the highest-risk gaps given the all-or-nothing scoring rule, and provides free resources to help close each gap. Leaders can use the calculator as an internal tracking document and complete it multiple times to measure progress across reporting cycles.
  

The calculator and checklist includes:

• The verbatim attestation statements from the NHSN Patient Safety Attestation Form (CDC Form 57.133) so that your self-assessment maps precisely to what CMS will evaluate.

• Practical guidance drawn from the CMS PSSM Attestation Guide, including examples of compliant practices and domain-specific interpretive notes published by the Quality Reporting Center.

• The scoring rubric from the NHSN PSSM Protocol, including the all-or-nothing domain scoring rule and CCN-level scoring logic for health systems.

• Links to key free resources for each attestation statement, including AHRQ toolkits, IHI frameworks, TeamSTEPPS curriculum, RCA2 guides, the CANDOR toolkit, PFAC development resources, and NHSN enrollment guidance.

How the calculator and checklist works:

• Each of the 25 statements in the PSSM Calculator works the same way

• Read the attestation statement

• Select Yes, No, or Unknown based on your hospital's current status

• Expand the "Resources & How-to Guidance" dropdown for curated links

• Each link provides free resources for how to attest to each statement

• See example for attestation statement D1-A, in Figure 1 below
  

  
  

  Figure 1: How the PSSM Calculator Works: Sample Attestation Statement, Interactive Checklist Question, and Question-Specific Resources
  

  

  What you get when you've responded to all 25 statements:

• The calculator generates a PSSM Readiness Score - Executive Summary

• Your score is shown out of 5 possible domain points — one for each PSSM domain

• Domains that are passing and those with gaps are clearly identified

• Any "No" or "Unknown" responses are listed with specific missing attestation items.

• Download the summary as a PDF or email it to your team

• See Figure 2 below for a sample Executive Summary for a hospital with 20 of 25 "Yes" responses
  

  Figure 2: PSSM Calculator: Sample Readiness Score Executive Summary Output for a Hospital with 20 of 25 "Yes" Responses
  

  

  Take the Free AHDQ PSO PSSM Readiness Calculator and Checklist →
  

How Hospitals Can Prepare for the CMS Patient Safety Structural Measure

Step 1

Assess Current State Across All Five Domains

Use the AHDQ PSO PSSM Readiness Calculator and Checklist to evaluate all 25 attestation statements and identify which domains are at risk of a zero score due to the all-or-nothing scoring rule. Pay special attention to Domain 5. Patient and Family Engagement is the domain most frequently underbuilt, and it requires structural changes that cannot be accomplished quickly.

Step 2

Strengthen Reporting Access and Culture

Audit who is and is not using your current reporting system. Identify barriers including platform accessibility, time investment, and psychological safety concerns. Review your current near-miss to adverse event reporting ratio as a baseline metric. If your ratio is below 5 to 1, that is your first priority.

Step 3

Formalize Learning Processes

If you do not have a structured serious safety event analysis process, build one. A dedicated team using the RCA2 framework (D3-B) and a consistent multidisciplinary review cadence with documented themes and actions will satisfy this domain for most organizations.

Step 4

Implement Structured Frontline Communication: Briefings, Huddles, and Clinical Debriefings

Deploy systematic structured communication practices that become part of everyday clinical rhythms: pre-shift briefings that surface anticipated risks; daily tiered safety huddles that escalate concerns to leadership the same day (a direct D3-D requirement); and post-event clinical debriefings that capture team-level insights within minutes of significant patient care events, before memory and context degrade.

Step 5

Implement Structured Communication for Leaders: Safety Rounding and Board Engagement

Monthly leader safety rounding on all units, with C-suite rounding at least quarterly (D3-D). A board agenda structure that ensures safety topics account for at least 20% of regular meeting time (D1-D). A rapid notification protocol for confirmed serious safety events within three business days (D1-E). PFAC representation at board meetings (D5-A). These require deliberate redesign, not incremental adjustment.

Step 6

Build Feedback Infrastructure

Close the loop. Create a mechanism, even a simple one, that communicates to frontline reporters what happened as a result of their report. D4-A specifically requires that the reporting system prompt a feedback loop to those who report. Closed loop communication is frequently the missing link between a hospital that has a reporting system and a hospital that has a learning system.

Step 7

Build Your PFAC for Safety Governance

If your Patient and Family Advisory Council is focused on amenities and patient experience rather than safety governance, redesign its charter. D5-A requires PFAC input on safety goal-setting, metrics, and improvement initiatives, as well as board representation. D5-B requires that PFAC membership reflects the demographics of the patient population. This takes time. Start now. See the AHA PFAC Blueprint (2022) for implementation guidance.

Step 8

Document Everything

PSSM compliance is partially a documentation challenge. Governance structures, meeting cadences, policy attestations, and program descriptions must be current, accessible, and organized. Build a compliance documentation repository now, before the April 1 to May 15 attestation window creates urgency.

Frequently Asked Questions: CMS Patient Safety Structural Measure

Free PSSM Calculator

Ready to assess your hospital's PSSM readiness across all five domains?

The AHDQ PSO PSSM Calculator and Readiness Checklist walks you through all 25 verbatim attestation statements, scores your readiness across all five domains, and identifies your highest-priority gaps before the April 1 to May 15 attestation window opens.

Take the Free PSSM Calculator and Readiness Checklist →

Additional Patient Safety Resources

• NHSN PSSM Protocol (January 2026)

• NHSN PSSM Attestation Form (CDC Form 57.133)

• PSSM Attestation Guide (Quality Reporting Center, June 2025)

• QualityNet Inpatient Reporting Portal

• AHRQ Patient Safety Organizations Program

• AHRQ PSNet: Incident Reporting Primer

• AHRQ PSNet: Clinical Debriefing Primer

• AHRQ Root Cause Analysis Toolkit (RCA2)

• AHRQ CANDOR Communication and Resolution Toolkit

• AHRQ Survey on Patient Safety Culture (SOPS)

• Donabedian A. The quality of care. JAMA. 1988;260(12):1743-1748.

• IHI Framework for Safe, Reliable, and Effective Care

• IHI Safer Together: National Action Plan to Advance Patient Safety

• AHDQ PSO PSSM Readiness Calculator and Checklist

• SAFER Assessment (Clinical Debriefing and Learning System)

• StatDebrief Blog: Patient Safety and Clinical Debriefing

How This Guide Was Developed

Content

This guide was developed using primary federal guidance and peer-reviewed patient safety literature.

Sources reviewed include:

• Centers for Medicare & Medicaid Services (CMS) rulemaking and quality reporting documentation

• CDC National Healthcare Safety Network (NHSN) reporting guidance for the Patient Safety Structural Measure

• The CMS Patient Safety Structural Measure Attestation Guide

• Research literature on learning health systems, safety culture, and clinical event debriefing

The goal of this guide is to synthesize the 25 attestation statements across the five domains of the CMS Patient Safety Structural Measure into a practical framework that hospital leaders can use to assess readiness and implement patient safety infrastructure.

About the Author

Dr. Paul Mullan, MD, MPH is an emergency medicine physician and patient safety leader with over 15 years of experience implementing clinical event debriefing programs in hospitals worldwide. He is the founder of StatDebrief and leads the AHDQ Patient Safety Organization, an AHRQ-listed PSO focused on improving learning after clinical events.