Most states offer legal protection to peer review records to encourage the free exchange of information necessary for assessing and improving clinician performance. However, that protection can be limited, and missteps can make that data available to plaintiff attorneys.

A solid understanding of the laws regarding peer review protection will help one gain the most benefit.

Peer review records are a good example of the interplay between the spirt of the law and the letter of the law, says Mark J. Silberman, JD, an attorney with Benesch in Chicago. With peer review protection laws, legislators acknowledge mistakes happen in healthcare, and clinicians need to be able to discuss them to improve performance and patient safety, he says.

“What makes this difficult is that, sometimes, lawyers are also focused on what happened. On one side, you have hospitals and doctors who want to improve. On the other side, there may be a malpractice suit,” Silberman says. “If the intent is to truly evaluate, critically and constructively, what could have been done better and how we can improve, you need some legal protection for that discussion to take place with the freedom necessary to discuss the situation honestly.” A big mistake Silberman sees at some hospitals is trying to cram things under the peer review protection umbrella that do not belong there. An example would be emails that are intended more to protect the hospital than to understand what went wrong with the patient’s care.

“People communicate without understanding where the boundaries and limitations are,” Silberman says. “People try to obtain protection for material that was never intended to be protected. These are communications that are not really about finding ways to improve and are more about covering yourself.”

Trying to include that kind of information with protected peer review documents runs the risk of voiding the legal protection for true peer review information, Silberman says.

“Dragging that documentation in brings more attention to the rest of your peer review-protected information. I have seen people lose protection because the documents truly were in the spirit of the peer review law affording protection, but they didn’t dot every I and cross every T, thus creating an opening for those records to lose protection,” he says. “An example is trying to include an email that is incredibly damning and happened three weeks before the peer review process, but you try to say it was written in anticipation of the peer review process.”

Know State Laws

State laws protecting the confidentiality of information in connection with medical staff peer review usually apply to physicians, but sometimes other practitioners, too, notes Karen Owens, JD, an attorney with Coppersmith Brockelman in Phoenix.

While state peer review statutes vary greatly, in general they require the hospital to withhold documents which medical staff committees consider and generate in peer review from discovery in lawsuits, she says.

Typically, the statutes also protect peer review participants from submitting to depositions or trial testimony.

“Of course, the theory of peer review confidentiality is that [clinicians] are best able to assess the quality of their peers’ medical care and the appropriateness of their conduct, but that [clinicians] will be unwilling to undertake such assessments if their work becomes evidence in medical malpractice lawsuits, or they themselves are subject to lawsuits by [colleagues] disgruntled over their peer review efforts,” Owens explains.

She cites a comment from an Arizona court that said, “Review by one’s peers within a hospital is not only time-consuming, unpaid work, it is also likely to generate bad feelings and result in unpopularity. If lawsuits by unhappy reviewees can easily follow any decision ... then the peer review demanded by [Arizona statute] will become an empty formality, if undertaken at all.” (Scappatura v. Baptist Hospital of Phoenix, 120 Ariz. 204, 210, 584 P. 2d 1195, 1201 [App. 1978]).

But Owens notes there are limits to this confidentiality, which again vary by state. For example, materials examined in committee that originate outside the peer review process, such as one’s continuing education records or academic articles or treatises, generally do not become confidential by virtue of a peer review committee viewing them, she says.

Even this exception sometimes is limited, Owens notes. In Arizona, a malpractice plaintiff cannot simply go on a “fishing expedition” to invade a peer review committee’s deliberative process. Owens explains that in Yuma Regional Medical Center v. Superior Court, the court disallowed discovery of treatises and articles reviewed in committee, even though such items certainly originated outside the process, because they “[revealed] that at least one participant in the proceeding considered this particular point of inquiry important.” (Yuma Regional Medical Center v. Superior Court, 175 Ariz. 72, 76, 852 P. 2d 1256, 1260 [App. 1993]).

Other limitations on peer review may include discoverability of the dates of review, the names of committee members, the effect of the review, and the like. It is critical to know state confidentiality parameters to avoid missteps that might destroy confidentiality.

“Perhaps the most common mistake peer review participants make is the most obvious: disclosing what happened in a peer review meeting. Whether in the doctor’s lounge, on the golf course, to one’s spouse, or in response to request from news media, improper disclosures can effectively remove the protections otherwise in place,” Owens says. “Some state legislatures or courts address this problem by declaring peer review confidentiality to be unwaivable, even if unauthorized disclosures take place.”

However, that is only a partial solution. Once the information has been disclosed, plaintiff counsel have fodder for further action, Owens says. For example, loose statements about peer review-protected proceedings regularly generate defamation lawsuits, she says.

Along the same lines, careless handling of peer review-privileged documents, whether in hard copy or online, can lead to unauthorized disclosures. Silberman also warns against inadvertent disclosure of protected information through casual conversation among participants.

“I compare it to a balloon. Once it’s popped, it’s popped,” he says. “Once that information is out there for others to know, you’re not going to make it protected again.”

Can Human Resources Know?

It also is important to consult state law regarding the scope of peer review confidentiality within the hospital’s administration.

Generally, hospital administrators will be permitted to know the details of peer review to meet their obligations to the hospital governing board. But is the human resources department permitted to review confidential documents? “This can become an issue when [subjects of peer reviews] are employees. In some states, disclosure of quality concerns addressed in peer review amount to an unauthorized disclosure,” Owens says. “If employment action is taken based on such a disclosure, it might provide ... grounds for legal action.” (Editor’s Note: See another story later in this issue for suggested steps for improving the integrity of the peer review process.)

Peer review programs can be incredibly effective in ensuring quality care is provided, systemic problems are addressed, problem healthcare professionals are dealt with properly, and improvements are made to ensure the best patient safety possible, says Bill Hopkins, JD, healthcare partner in the Austin, TX, office of Shackelford, Bowen, McKinley and Norton.

Those achievements are made possible largely by the legal protection afforded peer review documents, he adds.

“One of the greatest benefits of the peer review process is the protection provided by the peer review privileges that are established under either state law or federal law under the Health Care Quality Improvement Act [HCQIA],” he says. “These privileges allow for open, complete, and honest disclosure of all the facts of a situation with the comfort that this information can be discussed openly without fear of disclosure to third parties who might want that information to attack the facility or place liability on the professionals.”

However, despite how good these protections can be, they can be lost if a facility does not strictly follow the requirements of the program in the medical staff bylaws, as well as HCQIA, Hopkins cautions.

No Absolute Protection

Some may believe peer review privilege and protections are absolute, but that is no longer true, according to Hopkins. Therefore, one of the most important steps in protecting peer review records is knowing state-level policy regarding these records. Depending on the state, one may have to modify a program and how it is administered to maximize the protections available.

“Assuming that the expected peer review protections are intact in your state, then the key to maintaining maximum protections of your documents is to review the state and federal requirements for the administration of the programs and ensure that your facility follows those requirements,” Hopkins says. “Failure to do so will open up the facility to having the peer review process invalidated. That will end up resulting in the records being released.”

The details of how the program is administered include how documents are created for the process, how they are stored, and who can access those records.

“The peer review process cannot be confused to believe that it makes non-confidential records confidential just because they are provided to or used in the peer review process,” Hopkins says. “The peer review process typically only protects documents and communications that are created for or developed as part of the peer review process. Therefore, when a facility is investigating a situation, how the investigation is conducted and who has access to the information can either ensure protection of the documents or jeopardize the protections.”

State Protections Vary

The exact information protected in a peer review process will vary by state, but there also is federal protection of certain information under the federal Patient Safety and Quality Improvement Act (PSQIA), notes Kathy H. Butler, JD, an officer with Greensfelder, Hemker & Gale in St. Louis. Some states offer no protections.

“States that protect peer review information often protect the details obtained during the investigative process and the deliberations of the peer review bodies reviewing a particular matter in order to facilitate full and frank peer review,” she explains. “Some states limit the protections to certain types of cases like claims for personal injury. The federal law has similar protections for the investigation and deliberations of adverse events. Original medical records and information that exist outside the peer review process, such as policies, are not protected.”

States that instituted peer review laws may have included specific details about what steps must be taken to protect peer review information, Butler says. In some states, like Illinois, peer review must be initiated by a peer review committee for the investigation to be protected. “There have been times when an investigation began at the direction of someone outside of the formal peer review process. As a result, the peer review protection was found not to apply,” Butler says. “The applicability of a peer review privilege in litigation is often challenged. It is important that providers follow the rules, appropriately document information as peer review-protected, and take the steps necessary to maintain the confidentiality of the information.”

Courts Can Void Protection

Once peer review information is protected, it remains so unless a court finds that it is not. In some cases, a provider’s use of the information outside the peer review process may result in a successful argument that the provider has waived the privilege, Butler says. However, there is variation among states.

Hospital leaders and medical staff leaders need to clearly understand how the peer review process works and know the steps they need to take to protect their peer review information.

“This is not as easy as it may sound, given the different roles and responsibilities for each group. The addition of the federal PSQIA has added a layer of complexity, as that law has a different set of protections for patient safety activities,” Butler says. “Taking the time to create a good process with all interested constituencies will help everyone achieve their goals and avoid inadvertent issues with the peer review and patient safety activities.”

The biggest mistakes regarding peer review protection are not following the process for initiation of the peer review process, inadvertently sharing documents, or communicating about a peer review matter outside the formal peer review process, Butler says. Hospital quality leaders should review the policies, procedures, bylaws, and work streams that are used in the process to ensure the rules are followed at each step.

“Collaborating with others who participate in the peer review/patient safety activities is important to ensure the policies are implemented in a way that meets the needs of the facility while at the same time having a good process that gives the facility the best argument that the legal protection afforded by the law applies,” Butler says.


  • Kathy H. Butler, JD, Officer, Greensfelder, Hemker & Gale, St. Louis. Phone: (314) 516-2662. Email:
  • Bill Hopkins, JD, Healthcare Partner, Shackelford, Bowen, McKinley and Norton, Austin, TX. Phone: (512) 542-5101. Email:
  • Karen Owens, JD, Coppersmith Brockelman, Phoenix. Phone: (602) 381-5463. Email:
  • Mark J. Silberman, JD, Benesch, Chicago. Phone: (312) 212-4952. Email: