The Patient Safety and Quality Improvement Act of 2005 affords substantial protections from discovery for information related to adverse events. Hospital leaders and clinicians often do not fully understand how to use these protections.

  • Information must be provided to a patient safety organization to be protected.
  • Protected work product is not discoverable by plaintiffs’ attorneys.
  • Potentially protected information should be segregated from other material from the start of the investigation.

Although the Patient Safety and Quality Improvement Act (PSQIA) has been around since 2005, many risk managers and other administrators are unclear on how it offers legal protections to hospitals investigating medical errors. The law protects much of the information gathered in an adverse event investigation from discovery by plaintiffs’ attorneys, but only if one understands how the PSQIA works and how to take full advantage of it.

The PSQIA was passed in response to the Institute of Medicine’s To Err is Human: Building a Safer Healthcare System report, which put a spotlight on medical errors. It facilitates the confidential review and reporting of adverse patient events, says Bruce D. Lamb, JD, shareholder with Gunster in Tampa, FL.

Data Protected During Analysis

To encourage patient safety by allowing hospitals to investigate events without fear of the information being used against them, the PSQIA created a federal peer review privilege and evidentiary protections for some materials. This protection is broader than that afforded by most state laws.

The PSQIA created a uniform national protection that allows healthcare organizations to fully investigate and share information regarding medical errors. The law protects a wide variety of data submitted to a Patient Safety Organization (PSO), making it a protected Patient Safety Work Product (PSWP).

“The collection of facts and management of reporting information to a PSO also is protected, so that pathway is the initial process before you’ve completed the documentation. That protects the information while you’re analyzing it but before you’ve reported it,” Lamb explains. “In most states, there is a parallel obligation to look at events and possibly report them as adverse events. That information is not protected. In Florida, the state also recently passed a law giving patients and potential patients the right to get adverse incident reports.”

That means that for risk managers to maximize the protection afforded by the PSQIA, it is necessary to designate information as PSWP and cull the facts that must be reported in accordance with adverse event reporting requirements, he says. That limited data set should be maintained in a separate file, and may be subject to discovery by potential litigants, Lamb explains.

Of course, parties do not always agree on what information should be included in those files. Plaintiffs’ attorneys often argue that data maintained only in the PSWP file should be discoverable and provided to the state.

“There is a lot of litigation over this issue because the determination of what is protected and what is not protected can be difficult. We recently had a case here in Florida where a judge ruled that informed maintained as patient safety work product was not discoverable by the plaintiff, so that was a victory,” Lamb says. “But we have had other cases where the hospital asserted that documents were protected when they had never been submitted to a PSO. Time had passed, and it wasn’t like they were in the analytical stage, so that information was judged to be discoverable. If you don’t follow the steps, you don’t have any chance of it being protected as work product.”

Hospital administrators often do not fully understand the PSQIA and how to obtain the protections of PSWP until it is too late, Lamb says. They may not follow the proper procedures to protect the information. By the time a judge rules against them, it is too late to protect the material in that case, he says.

“Then, they’ll start talking to their lawyers and figuring out how to improve their processes,” Lamb says. “There is a lot of inconsistency, which is clearly indicated by the number of cases in which work product claims are contested, and the variability in outcomes with hospitals getting confirmation that the information is protected, and others being ordered to turn over the material. It’s not very well understood, and it’s also an evolving area of the law.”

State laws can affect how the protections afforded by the PSQIA are interpreted, Lamb explains. State laws affording more aggressive and broader discovery may result in a weakening of the PSQIA protections, he says.

Risk managers and compliance officers may understand PSQIA protections and the process that must be followed, but it is common for others who handle the information to be clueless, Lamb says.

For instance, a quality committee may not understand this method of protecting information as PSWP, Lamb says. Committees, and especially new members, should be educated on how the PSQIA affords certain protections, and how committee members must handle sensitive material to preserve that protection. Lamb suggests creating an orientation briefing sheet for committee members.

Follow-through is another potential failure point, Lamb says. While the PSQIA affords protection during the information-gathering and analytical phase, that information must be sent to the PSO in a timely fashion to remain protected, he explains. Hospital administrators sometimes make the mistake of thinking that if they deem material to be PSWP intended for transmittal to a PSO, that information is protected from discovery indefinitely, he says.

Not so. A judge may rule that failing to send the information to the PSO suggests the hospital was not acting in good faith. Even if the hospital had every intention of sending the information, the failure to do so in a timely manner voided the protections of PSWP, Lamb says.

Lamb encourages risk managers to keep PSWP in mind from the beginning of any event investigation.

“You have to start protecting things immediately when you’re starting to gather information and believe an adverse event might have occurred. Sometimes, you don’t know at first if it will be an incident that requires reporting, but as soon as there is a bad outcome you have to start labelling things as protected,” Lamb says.

“You have to train the people who are handling it to know that it is protected, so that if they are deposed later they can respond appropriately,” he adds. “One of things that needs to be done in most facilities is to identify the key players, and help them understand why you are doing some things in a certain fashion.”


  • Bruce D. Lamb, JD, Shareholder, Gunster, Tampa, FL. Phone: (813) 222-6605. Email: blamb@gunster.com.