The trusted source for
healthcare information and
Patient Safety Organizations: Protecting peer review materials and improving patient safety?
by Robert A. Bitterman, MD, JD, FACEP, Contributing Editor
Imagine a black box. Into the box you could put all hospital ED related peer-review data, quality assurance materials, incident or occurrence reports, and medical error reviews.
Out of the box would flow expert evaluations and feedback on the issues presented by each case, and recommendations on methods, policies, and procedures to improve patient safety and the quality of care provided in your ED. As a bonus, the box would also compare your "errors" with those of other EDs across the country and provide you with information on practical solutions others have already successfully implemented to redress the issues.
Moreover, the box also would function as an iron-clad "lock box;" plaintiffs' attorneys would never be able to access or use any of the material in the box or the analysis that comes out of the box. State medical boards, state or federal health departments, and any other governmental or private agencies also couldn't get the data for disciplinary, administrative, or civil proceedings. The data in the box would not be subject to state or federal Freedom of Information Acts.
Creation of such a black box, labeled a "Patient Safety Organization" (PSO) was the intent of Congress and President Bush in enacting the Patient Safety and Quality Improvement Act in 2005.1
What is the Patient Safety and Quality Improvement Act (PSQIA)?
The PSQIA was born from the 1999 Institute of Medicine (IOM) report "To Err is Human," which basically stressed that improving patient safety required a learning atmosphere rather than a punitive one.2 Congress realized that physicians and hospitals would never voluntarily report errors to a quality improvement program out of fear that the information could be used against them in a lawsuit or disciplinary proceeding. A number of states responded to the IOM report, long before the U.S. Congress, by passing voluntary medical error reporting laws with varying degrees of legal protection for providers3 (though a few states, such as Minnesota,4 passed mandatory medical error reporting laws). Most state schemes were similar to the limited voluntary reporting system The Joint Commission instituted in 1996.5 However, as discussed in recent ED Legal Letter articles, state peer-review protections or error reporting statutes often don't hold up in the crucible of litigation,6,7 so legal counsel for providers were loathe to recommend that providers participate in the state "voluntary" error reporting schemes.8
The PSQIA is essentially Congress' attempt to create a legally protected environment in which healthcare providers would be willing to report errors to organizations (PSOs) that would analyze the data and provide recommendations to improve patient care. The PSQIA also provides confidentiality of the patient safety materials as well as the privileges from litigation, and imposes penalties for breach of confidentiality or privilege.1,9
How does the PSQIA work?
The law directs the Department of Health and Human Services (HHS) to certify Patient Safety Organizations (PSOs).10 The PSOs will contract with providers in a HIPAA-like "business associate" relationship with the typical confidentiality agreement.11 The providers will create "patient safety evaluation systems" (PSES) to collect the medical error/patient safety data and implement a process to report the data to the PSO.12 The PSO, in turn, would analyze these materials, termed "patient safety work product" (PSWP) by the PSQIA, and provide direct feedback and recommendations to the contracted providers.13 The PSOs also would provide patient safety education, recommendations, and policies and procedures to the general public in a sanitized fashion (no patient or individual provider identification) based on its findings and learning from its interactions with its contracted providers.14 Furthermore, the PSOs would submit its data and recommendations, also in non-identifiable format, to national databases established by HHS to disseminate the information throughout the country and for use in research to improve patient safety.15
What are the criteria to establish a PSO?
Any organization, public or private, can become a PSO. The organization must submit an application to HHS demonstrating that it has policies and procedures in place to perform the requisite "patient safety activities" and that it satisfies certain criteria established by the PSQIA.16 The primary criteria include the following:17
All PSOs must initially and periodically thereafter certify compliance with these criteria to the government.18
In essence, a PSO serves two functions: first, as repository for patient safety work product materials and second, as an engine that actively analyzes the submitted work product and recommends improvements in patient care to the contracted providers and the health care community at large.
What are the benefits of a PSO?
Obvious benefits of utilizing a PSO include:
1. Centralized quality improvement (CQI) systems. Instead of a myriad of independent provider based quality programs such as quality assurance, CQI incident reports, and root-cause analyses, everything could be under one roof — the provider's "patient safety evaluation systems" (PSES), which would collate all the data and interact with the PSO.
2. Real patient safety improvement process. Freed from the fear of discovery for use in litigation or administrative proceedings, providers could candidly share near-misses, personal or personnel errors, system errors, or any other information they viewed as valuable to improving patient safety or the health care delivery system as a whole. The PSQIA could promote a more promising culture of safety across all health care settings, and be as Dennis O'Leary, President of The Joint Commission said, "a breakthrough in the blame and punishment culture that has literally held a death grip on health care."19
3. Data sharing. The PSQIA's creation of a network of PSOs and HHS computer databases may provide meaningful opportunities for providers to report and share data on the true quality of healthcare. It may allow research into the deeper and perhaps systematic reasons about why medical errors occur and/or reoccur in predictable patterns.
4. Federal peer-review privilege. The key component of the PSQIA is its federal peer-review protections. First, it solves the uneven and often suspect protection of peer-review materials provided by the various states.7
Second, the law preempts the federal rules of evidence,20 which do not recognize state peer review protections in cases based on federal law. For emergency medicine this particularly means EMTALA claims. For example, in the case of Smith v. Botsford General Hospital the federal court allowed a very damaging EMS incident report into evidence against the hospital on an EMTALA claim for failure to stabilize the patient prior to transfer. It held that state peer-review protections are not applicable under the federal rules of evidence. 21 One of the reasons the plaintiffs in Smith filed their claim under EMTALA in federal court was specifically to seek discovery and admissibility of the EMS peer-review materials, which would certainly have been deemed privileged under Michigan law in an ordinary state malpractice claim.6
The material protected, called "patient safety work product" (PSWP), is intentionally broadly defined to ensure "that providers will feel safe and secure in participating in a patient safety system."22 The act defines PSWP as:
Any information in written or oral form (data, reports, analysis such as root cause analysis or failure mode analysis, etc.) that may result in improved patient safety, health care quality, or health care outcomes and is either 1) collected by a provider to be reported to a PSO and is actually reported, or 2) developed by a PSO for patient safety activities.23
PSWP does not include original source materials such as individual patient medical records, billing and discharge information, other original patient or provider records (even if reported to a PSO), or any information that is collected or maintained separately from a patient safety evaluation process (even if reported to a PSO).24
Essentially this definition means that all quality improvement materials and analysis can be protected under the PSQIA, but with two very important caveats:
1. To be PSWP protected under the PSQIA, the quality improvement materials must be included in the patient safety evaluation system (PSES) and must not be maintained in any fashion outside the PSES. Providers will need to be absolutely certain that all patient safety materials are handled only within their PSES, because if any copies of the data are kept separate from that system those copies are not considered PSWP and lose their protection. PSWP simply does not include data that is collected, developed, or maintained separately from the PSES.24 Furthermore, the definition of PSWP excludes data held outside the PSES, even if it is reported to a PSO.24 This means that a hospital and its ED physicians would need to work together closely to ensure that all quality measures are centralized solely within a single system.
2. The PSWP must actually be reported to the PSO. Collating or developing data for the purpose of reducing medical errors or improving quality is not in and of itself sufficient to qualify for the statutory privilege under the PSQIA; the information must actually be reported to the PSO for the privilege to attach.25
The PSQIA creates a strong incentive for providers to voluntarily report patient safety information to a PSO. With rare exceptions, PSWP cannot be subpoenaed or discovered for use in civil, criminal, or administrative proceedings, and may not be introduced as evidence in any civil, criminal, or administrative proceeding or in any "professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under state law."26 The confidentiality of PSWP also remains in situations outside of legal proceedings.27
If stronger state confidentiality or privilege protections exist, they are not preempted by the PSQIA. The provisions of the PSQIA do not replace or preempt any state mandatory reporting requirements regarding serious health care errors.28
What are the risks related to a PSO?
The main risk related to establishing a PSO is lack of experience with the law. HHS has yet to issue the implementing regulations to guide providers on how to structure the PSO and how to format or utilize the patient safety work product, particularly in electronic fashion. No court opinions upholding the federal peer-review protections exist yet, which may be necessary to reassure providers that this federal attempt to create unbreakable peer review protection will fare better than the patchy history of peer-review in state courts. Few providers are willing to be first into the frying pan as the test case for legal interpretation of the PSQIA.
A relatively undiscussed risk in the legal literature is whether health care providers will actually be willing to voluntarily report medical errors, even with the promise of stronger federal confidentiality and peer-review protections. Decades of largely justified disgust, fear, and distrust of the legal system will be difficult to overcome. Despite the incentives discussed above, nothing in the PSQIA requires reporting or participation by any provider.1
The PSQIA was enacted to encourage physicians, hospitals, and other health care providers to voluntarily participate in medical error reporting systems designed to improve patient safety and the quality of medical care. It establishes broad confidentiality and privilege protections of information pertaining to medical errors and other quality information that is developed within a "patient safety evaluation system" and reported to a "patient safety organization." However, to date, both hospitals and physicians have been very reticent to establish PSOs because the government has not yet written regulations implementing the law. Only time will tell if providers voluntarily participate in patient safety oriented reporting systems and whether the statutory protections are rock-solid.
1. The Patient Safety and Quality Improvement Act of 2005 (PSQIA); Public Law 109-41, 119 Stat. 424-434, which amended the Public Health Service Act.
2. Institute of Medicine (IOM). Kohn LT, Corrigan JM, Donaldson MS, eds. To Err Is Human: Building a Safer Health System. Washington, DC: National Academy Press, 2000. www.iom.edu.
3. E.g. Tenn. Code Ann. §68-11-211 (2004); N. J. Stat. §26:2H-12.25 (2005); N.Y. Pub. Health Law § 2998 (2005); Mass. Gen. L.ch.6A, §16E (2005); Md. Health Gen. Code §19-139 (2004).
4. Minn. Stat. §§ 144.706-144.7069 (2004).
5. See the National Academy for State Health Policy, "State patient safety centers; How states report medical errors," at http://www.nashp.org/; and The Joint Commission Sentinel Events Policy and Procedure (2005), http://www.jcaho.com/.
6. Bitterman RA. Incident reports: how to avoid plaintiff attorneys using them against you. ED Legal Letter 2007;17:61-65; Bitterman RA. Michigan's non-economic damages cap ruled constitutional: the cap applies to EMTALA claims. ED Legal Letter 2006;17:109-113.
7. Liang BK, Storti K. Creating Problems as Part of the Solution: The JCAHO Sentinel Event Policy, Legal Issues, and Patient Safety, 33 J. Health Law 263, 264-67 (2000) (highlights the difficulty providers encounter asserting state peer review privileges, and argues for federal legislation for medical error reporting).
8. Daniel Mulholland, "Unanticipated Consequences of Unanticipated Outcomes Disclosures," 35 J. Health Law 211, 214-219 (2002).
9. See generally Key CM. A Review of the Patient Safety and Quality Improvement Act of 2005. The Health Lawyer 2005;18(1):20-22; and American Medical Association, Summary of S. 544: Patient Safety and Quality Improvement Act of 2005. www.ama-assn.org.
10. PSQIA Part C, §924(a)&(c).
11. PSQIA Part C, §922(i).
12. PSQIA Part C, §921(6).
13. PSQIA Part C, §921(7).
14. PSQIA Part C, §924(b).
15. PSQIA Part C, §923.
16. PSQIA Part C, §924(a). 'Patient safety activities' are defined by §921(5).
17. PSQIA Part C, §922(b).
18. PSQIA Part C, §924(a)(1)(A)&(B).
19. Datte DA, Chancler K, and Sanders P. National Peer Review Protection? The New Patient Safety and Quality Improvement Act of 2005. American Health Lawyers Association Health Lawyers News, pages 28-37, November 2005.
20. Fed. R. Evid. 501; and see for example Burrows v. Red Bud Community Hospital District, 187 F.R.D. 606 (N.D. Cal.1998); Atteberry v. Longmont United Hosp., 221 F.R.D. 644 (D. Col. 2004); and Sonnino v. University of Kansas Hosp. Authority, 220 F.R.D. 633, 644 (D. Kan. 2004).
21. Smith v. Botsford General Hospital, 419 F.3d 513 (6th Cir. 2005); Smith v. Botsford Case No. 00-71459, Memorandum and Orders of U.S. District Court Judge Avern Cohn, Sept. 28, 2000; Mich. Comp. Laws, Section 333.20175(6).
22. House Committee on Energy and Commerce, Report on the Patient Safety and Quality Improvement Act of 2005, Remarks of Sen. Enzi, Chairman of the Senate Health, Education, Labor and Pensions Committee.
23. PSQIA Part C, §921(7).
24. PSQIA Part C, §921(7)(B).
25. PSQIA Part C, §921(7)(A)(i).
26. PSQIA Part C, §922(a).
27. PSQIA Part C, §922(b).
28. PSQIA Part C, §922(g).