The peer review process can be a legal mine field, with missteps exposing the hospital and health system to allegations that result in significant liability. Reduce that risk by knowing the common mistakes and using best practices to keep the review above reproach.

Liability risks can come in the form of patients suing the hospital for failing to properly credential and monitor caregivers, or from caregivers who allege the peer review process is unfair or inaccurate.

Hospital privilege decisions can entangle healthcare entities in malpractice litigation. Even though hospitals do not practice medicine, they do provide staff and facilities, notes Richard A. Lovich, JD, managing partner with Stephenson, Acquisto & Colman, in Burbank, CA.

Although the granting of privileges and ongoing reviews of performance are conducted technically not by hospitals but by clinical staff, hospital boards have the legal responsibility to ensure the reviews and privileging are adequate. They can be hospitals can be held liable for shortcomings in the peer review process if they result in delivering professional services below the standard of care, he says.

Twenty-eight states currently recognize the tort of “negligent credentialing,” Lovich says. The basis for liability under this theory is the failure of the hospital to adequately vet, supervise, oversee, and evaluate healthcare practitioners in granting privileges. States that do not specifically recognize this tort under that name still provide a basis for holding the hospital liable within this context, he says.

For example, California, in a 1982 appellate court decision, (Elam v. College Park Hospital, 132 Cal.App.3d 332 [Court of Appeal of California, Fourth District, Division One, May 27, 1982]) reinforced and clarified the ability of a wronged patient to hold not only the caregiver but the hospital responsible for substandard care. The peer review process can play a large role in the hospital’s potential liability in this regard, Lovich explains. When hospitals do not employ physicians directly, the traditional bases for vicarious liability, agency liability, or respondeat superior (the employer is held liable for employee actions committed in the course and scope of the employment) are unavailable, Lovich says.

“However, as illustrated in the Elam case, if a hospital fails to adequately investigate and evaluate physicians for privileges or fails to monitor their competence, it can be held liable in negligence if such failure is the proximate cause of injury to the patient,” Lovich explains. “The hospital's responsibility is potentially very broad. Many states, through statute and regulation, define the scope of the responsibility well beyond the duty to vet, monitor, and reach the level of requiring the hospital to ensure the competence of the medical care provided, whether by employees or independent contractor physicians.”

Liability rests on the hospital’s independent duty to ensure such care, he adds.

Federal Laws Apply

This duty also is recognized federally. 42 C.F.R. Section 482.12 provides that hospitals participating in Medicare and Medicaid must have “an effective governing body legally responsible for the conduct of the hospitals and institution” and that this body must “be responsible for services furnished in the hospital whether or not they are furnished under contracts ... [and] must ensure that the services are provided in a safe and effective manner.” The lack of effective peer-to-peer evaluation can be the basis for liability in this context, Lovich explains.

“Hospitals may also face legal action where a denial of privileges is challenged by the physician involved. The standard of review for the sufficiency of a vetting and evaluative process when a physician is challenging the denial of privileges depends on the type of facility involved,” he says.

“If the facility is a governmental facility, the concepts of due process are applied, as the dictates of due process are guaranteed whenever a governmental entity acts,” Lovich explains. “Nongovernmental entities, however, do not have a due process obligation ... they do have to meet a lower standard in their reviews.”

In the nongovernmental context, this standard is whether a fair procedure was conducted, Lovich says. A fair procedure would be assessed as providing notice of the issues and a fair opportunity to be heard. The fairness of the process usually comes up when a physician challenges a denial of privileges, he notes.

However, the quality of the inquiry would be an issue in the context of a patient suit for damages; thus, it could be relevant beyond a physician action, Lovich says.

“A common scenario where peer-to-peer credentialing decisions could be placed under scrutiny would be within the context of a malpractice action against a physician. The hospital could be brought in as a defendant, not as vicariously liable for the actions of the physician, but under its own alleged negligence for allowing the physician to practice at the facility despite actual or constructive knowledge, through historical acts of incompetence, or the lack of competence,” Lovich explains. “If the patient can show that the hospital knew, or through the exercise of reasonable care should have known, of the incompetence of the physician, liability can attach.”

Punitive Damages Possible

If the negative information was known, but ignored (e.g., a physician brings in significant revenue to the hospital, and the reviewing body ignores negative information to perpetuate the stream of business), then punitive damages may be imposed, Lovich says. He points out that punitive damages are not insurable.

Allegations of negligent credentialing could lead to other problems, too. All of a hospital’s contracts and financial dealings with the target physician could be compelled to be produced to allow the complaining patient to evaluate the possibility of an ulterior motive on the part of the hospital in “looking the other way” in making credentialing decisions, Lovich explains.

Further, a suit based on negligent credentialing would render hospital policies related to the process of credentialing subject to discovery. If a hospital fails to follow its own procedures, Lovich says that may add to the evidence of inadequate oversight and can affect a jury’s evaluation of the steps taken in a particular case as well as the hospital’s credibility and competence.

“Complicating a hospital’s ability to adequately meet this responsibility is the qualified privilege attached to peer-to-peer review information exchanges,” Lovich says. “For example, if a physician was denied privileges at hospital A after a peer-to-peer review, and applies for privileges at Hospital B, Hospital B may not have the benefit of reviewing the information that was used in the Hospital A’s decision.”

Some States Protect Disclosure

To promote candor in the peer-to-peer review process, many states render such information privileged and not subject to discovery, Lovich says. While not absolute, the privilege can hamper investigations and at the least slow down the process, he says.

The privilege protection covers information used by medical staff governance committees in making recommendations and covers only information related to quality of care. Other information, as well as information developed or used by hospital administrative governance committees, is not subject to the privilege, he explains.

Also, the restriction in many states renders the information nondiscoverable but not inadmissible at trial. That means if the information is obtained from other sources, it could be used, Lovich adds.

Know State Laws

Most states provide protection from liability in connection with peer review activities. It is important to know how one’s own state laws apply, says Stephanie Winer Schreiber, JD, shareholder with Buchanan Ingersoll & Rooney in Pittsburgh.

For example, Pennsylvania provides that “no person providing information to any review organizations shall be held, by reason of providing such information, to have violated any criminal law, or to be civilly liable under any law unless an exception applies.” (63 P.S. §425.3. Immunity from liability) Exceptions where liability could attach are where the information provided is unrelated to the duties and functions of the review organization or where such information is false and the person providing such information knew or had reason to believe that the information was false.

“This immunity extends to individuals who are members or employees of review organizations, or who furnish professional counsel or services to such review organizations, unless the action taken was motivated by malice toward any person affected by such action,” Schreiber says.

In Pennsylvania, she notes the records of a review committee are confidential and are not subject to discovery. Further, those records cannot be introduced into evidence in any civil suit against a healthcare provider that arise from matters that are within the scope of such a committee.

Still, this confidentiality obligation does not apply to documents or records from other original sources, Schreiber explains. This is the case even if such material was presented to a review committee.

Failure to maintain the confidentiality of the documents could constitute a waiver of the peer review privilege. Thus, this could subject the hospital and reviewers to liability, she says. Other states provide protection from liability, but the degree of protection can vary.

HCQIA Provides Protection

The federal Health Care Quality Improvement Act of 1986 (HCQIA) also provides limited qualified immunity for persons participating in peer review activities. However, it does not extend to discrimination claims nor federal- or state-initiated antitrust claims, Schreiber says. Nonetheless, it is necessary for a hospital to follow medical staff bylaws that provide for a fair process. This allows an organization to maintain the immunity provided for in HCQIA.

“Professional review activities are generally deemed to be reasonable if the action was taken in the belief that it was in the furtherance of quality healthcare, and that the determination was made following a reasonable effort to obtain the facts,” Schreiber says.

Additionally, a hospital could lose immunity protections under HCQIA if a hospital fails to substantially meet the data bank reporting requirements, and such noncompliance is not corrected, Schreiber cautions.

“This is not just a theoretical risk. Claims come from physicians, who are either not granted privileges, have privileges revoked, or who face disciplinary action,” she says. “Claims also come from third parties who allege that the hospital engaged in negligent credentialing by allowing a physician to have clinical privileges at the hospital and/or to retain such clinical privileges at the hospital. I believe we will see an increase in both types of cases brought against hospitals.”

Claims often arise when a healthcare practitioner believes the peer review process was unfair, Schreiber says. This tends to occur in cases in which one caregiver is held accountable for actions, but others who engage in the same conduct are not, she says. Additionally, claims often arise when members of a review committee report a conflict of interest and could benefit financially if action is taken against a competitor, she says. In third-party claims, an injured person alleges the hospital failed to engage in a comprehensive peer process, waived requirements (i.e., the number of required procedures), and/or failed to oversee the caregiver’s practice in the hospital, Schreiber explains.

Facilities should create comprehensive, well-written medical staff bylaws and follow the procedures closely, Schreiber advises. Unfortunately, hospitals and medical staffs often fail to review and update their medical staff bylaws regularly. Still, even facilities with proper policies may fail to follow them.

“Hospitals should make sure that the number of cases that are included in a review are sufficient for peer review activities, and that the persons doing the review are qualified to make appropriate determinations,” Schreiber says. “Additionally, hospitals often fail to apply the requirements consistently for all applicable [caregivers].”

Suing to Prevent NPDB Report

Those facing disciplinary action may sue to prevent a report to the federal National Practitioner Data Bank (NPDB) and/or state licensing authorities because the ramifications can be so serious, says Kathy H. Butler, JD, an officer with Greensfelder, Hemker & Gale in St. Louis.

The NPDB was created by the HCQIA to protect good faith peer review activities. To receive the HCQIA protections, hospitals that credential caregivers must query when those caregivers apply or reapply to the medical staff.

When a hospital conducts peer review that results in disciplinary action against a healthcare provider, the most common complaints are the actions were not in good faith or were prompted by an improper motive, Butler says. One may claim someone involved in the process is acting for anticompetitive reasons or in a discriminatory manner. Another common challenge is the process used to evaluate the issues prompting the peer review, or the subsequent hearing process, were inadequate or unfair.

Other risks that may arise out of peer review processes come from the identification of problems that may suggest the hospital’s noncompliance with Medicare Conditions of Participation, accreditation standards, hospital licensure requirements, and potentially state and federal reimbursement requirements. Medical necessity failures and false claims can implicate both the provider and the hospital, Butler notes.

Must Follow Standards for Protection

State and federal laws enacted to protect peer review processes and participants from liability often include standards that must be followed to obtain immunity from liability, Butler explains. The HCQIA provides peer review participants with qualified immunity from antitrust and business tort claims — if participants follow the procedural protections outlined in the law.

“The defined process is presumed to be fair. The law also allows other procedures, which are fair under the circumstances, but the fairness of a different process would have to be defended,” Butler notes. “The HCQIA, however, does not provide immunity for federal civil rights claims. States often have their own peer review laws that may also provide certain protections from claims.”

The most common oversight or error leading to litigation in peer review is not following the HCQIA process or other fair process that is set forth in the medical staff bylaws, Butler says.

That leaves the healthcare entity and the peer review participants in a position to have to defend claims that otherwise might have been dismissed, she says. “Having economic competitors of the physician being evaluated in decision-making positions within the process also creates risks. Although, in smaller hospitals, avoiding this is often a challenge,” she acknowledges.

Butler notes that since the HCQIA’s enactment, there has been a fair amount of case law involving claims challenging peer review actions. Most hospitals have enacted processes to ensure fairness; the trend in claims favors the hospital or healthcare entity because they can prove the process was fair.

“Unfortunately, the HCQIA does not prevent a physician from filing a claim. In many cases, some discovery is required before a claim can be dismissed,” Butler adds.

Challenge May Be Aggressive

Hospitals may face legal challenges from caregivers with competence or conduct problems but cannot acknowledge their deficiencies or correct their behavior so they can continue practicing safely, Butler observes. Some will take an aggressive litigation position, hoping a litigation-wary professional review committee (and, ultimately, the hospital) will agree to a sanction that will not require a report. Others may really believe the process was not warranted or was otherwise unfair.

“My experience has been that many hospitals and medical staffs are diligent in their professional review activities, and provide the physician in question with every opportunity to address the issues raised. In the end, they will take the steps they believe are appropriate to address the issue at hand and to protect patients, even if that results in a report against the physician,” Butler reports.

There have been cases in which someone files state and federal court claims to enjoin a hospital from making a legally required report to the NPDB or state licensing board. Others have sued to remove reports that have been filed, Butler says. Generally, these claims are unsuccessful. In addition to the HCQIA, state laws also may address these liability issues. Certain states have instituted a “rule of nonreview” in these types of actions.

For example, in Missouri, if a hospital follows the process outlined in its medical staff bylaws, a state court will not second-guess the ultimate action taken by the hospital’s board, Butler explains. The state court will evaluate only whether the hospital followed its own process.

“These types of laws have the effect of discouraging disgruntled physicians from pursuing expensive litigation to challenge in cases where a fair process as outlined in the medical staff bylaws was followed,” Butler says.


  • Kathy H. Butler, JD, Officer, Greensfelder, Hemker & Gale, St. Louis. Phone: (314) 516-2662. Email:
  • Richard A. Lovich, JD, Managing Partner, Stephenson, Acquisto & Colman, Burbank, CA. Phone: (818) 559-4477. Email:
  • Stephanie Winer Schreiber, JD, Shareholder, Buchanan Ingersoll & Rooney, Pittsburgh. Phone: (412) 392-2148. Email: