Jump to Navigation

The Patient Safety and Quality Improvement Act

Bryan A. Liang, MD, PhD, JD
About the Author: 
<p>Dr. Liang is executive director and professor of law at the Institute of Health Law Studies, California Western School of Law; co-director and adjunct associate professor of anesthesiology at the San Diego Center for Patient Safety, UCSD School of Medicine. Dr. Liang supported and assisted in crafting the legislation with congressional staff.</p>
Published date: 
September 1, 2005
visible to all

Introduction

Patient safety activities have often been thwarted by the vagaries of the legal system. Information and analysis of medical errors, system weaknesses, and proactive effort to promote safety can and are subject to legal discovery by attorneys to support their lawsuits. This situation chills any efforts to work in this area, particularly by non-hospital physicians who have virtually no protections for participating in this work.

All of that has now changed. The federal Patient Safety and Quality Improvement Act of 2005 was signed into law on July 29, 2005. Under this law, individual and organizational providers can share, discuss, and formulate information on medical errors and patient safety. The information is confidential and privileged, and cannot be used to support non-intended uses of the information, including lawsuits.

An Overview of the Act

The Act protects a provider’s “patient safety work product.” This is data, reports, records, and other materials (e.g., root cause analyses) and analyses in oral or written form assembled in a provider’s “patient safety evaluation system” — a provider’s system created to promote quality and safety in delivery of the provider’s healthcare. To obtain the law’s legal protections, the provider must use information from its patient safety evaluation system and work with a “Patient Safety Organization”(PSO), an entity that can provide analysis and feedback as to best practices, improvements in care, and other activities that promote quality and safety in healthcare. The secretary of the Department of Health and Human Services will certify and register PSOs at a future date once regulatory explanations are issued.

The statutory protection prohibits patient safety work product from being disclosed or used in any administrative, civil, and criminal proceedings as well as in provider disciplinary proceedings. It also exempts the work product from all state or federal Freedom of Information Act requests. Hence, the law’s reach is very broad and provides very extensive protection for safety and quality data, yielding significant opportunities to participate in patient safety improvement and promotion.

There are some limitations to the Act’s protections. Standard discoverable materials such as the patient’s chart, billing records, and discharge information, or any other original patient or provider record is not considered patient safety work product and hence not protected by the law. In addition, separately collected or maintained information cannot be made into patient safety work product merely by submitting it to a PSO.

Exceptions

There are some limited exceptions to privilege and confidentiality. For example, disclosure of patient safety work product for use in a criminal proceeding is permitted; however, a court must make an in camera (i.e., judge-assessed, private) determination that the work product contains evidence of a criminal act; that it is material; and it is not reasonably available from any other source. Privilege and confidentiality of patient safety work product is also disclosable if authorized for disclosure by all providers identified in the work product materials. De-identified work product disclosure is allowed, as is work product disclosed for FDA-governed products and activities.

It is interesting to note that the statute also allows voluntary disclosure to a provider’s accrediting body. However, due to the punitive nature of some accreditors who may use patient safety work product to sanction providers, the Act specifically indicates that providers cannot be forced by an accreditor to reveal their communications with any PSO, and accrediting bodies cannot take accreditation action against a provider on the basis of provider collection, development, reporting, or maintenance of patient safety work product.

Importantly, the law’s protections of the materials travels with the materials themselves, rather than being based upon discussion or presence within a specific committee, such as a peer review committee. Hence, protections still apply when patient safety work product is transferred to another party. This is a critical provision of the Act because traditionally, disclosure of privileged information, such as peer review information, to third parties often vitiated any privilege that protected materials might have had before disclosure. This prevented information from being disseminated or discussed by a broad array of providers within an institution, and precluded any disclosure outside the institution, forcing each entity to discover safety issues independently.

Finally, the Act does not affect state laws requiring provider reports on non-patient safety work product. This would include, for example, state-mandated nosocomial infection reports, or mandated FDA reports.

Penalties

For reckless or knowing disclosure of patient safety work product, penalties include civil monetary penalties of $10,000 per violation. The statute also protects good-faith reporters for wrongful adverse employment actions. If an employer retaliates against persons who report safety information either to the provider or PSO, these persons can bring an equitable civil suit against the provider, which includes orders to stop providers from acting wrongfully against reporters, employment reinstatement, back pay, and benefit restoration.

HIPAA and PSOs

HIPAA is addressed by the law. PSOs are to be treated as provider business associates, and PSO patient safety activities are to be considered “health care operations” of the provider. Hence, HIPAA authorization from individual patients is not required for patient safety activities.

Conclusion

The Patient Safety and Quality Improvement Act of 2005 has created the legal infrastructure to collect data, study systems, share information, and continuously improve quality and safety in healthcare through elimination of traditional legal barriers. It represents a significant opportunity for providers in all systems and locations to fully participate in the safety enterprise. We should take full advantage of this historic occasion so that patient safety is improved today and in every future generation to come.

Find a Doctor

Search by specialty, location, health plans accepted, and more.