On May 24, 2016, the Department of Health and Human Services, through the Agency for Healthcare Research and Quality, issued Guidance Regarding Patient Safety Work Product and Providers’ External Obligation (the “Guidance”). Since the enactment of the Patient Safety Act1 and its implementing regulation, the Patient Safety Rule2, there has been some confusion among patient safety organizations (“PSOs”) and providers about the type of information that a provider creates or assembles that can become patient safety work product (“PSWP”). Questions on how providers can satisfy external obligations related to information collection in compliance with the Patient Safety Act and Patient Safety Rule have also been posed. The Guidance seeks to clarify these concerns.
The Patient Safety Act was enacted in 2005 with two primary goals: 1) to improve patient safety by sharing information related to patient safety events in order to reduce medical errors; and 2) to promote provider accountability and transparency through oversight. The Patient Safety Act established a system in which providers can voluntarily report information related to patient safety to PSOs. These organizations will aggregate and analyze the information and communicate the results of their analysis to providers with the objective of preventing future errors and increasing awareness. The Patient Safety Act provides broad privilege and confidentiality protections to the information reported to PSOs meeting the definition of PSWP. These safeguards prevent the information from being used against a provider for purposes of litigation.
Notwithstanding PSWP confidentiality provisions set forth in the Patient Safety Act, providers continue to have external reporting obligations related to patient safety records. The Guidance reiterates that the Patient Safety Act was not created to protect records developed for mandatory collection activities with which providers must comply. Providers may not claim privilege and confidentiality for duplicates of information prepared to meet federal, state or local health oversight standards that have been placed in patient safety evaluation system (“PSES”) and whose original copy has been destroyed. Instead, external obligations will be met with non-PSWP. Regulatory agencies will continue to have access to information needed for public surveillance, public health, oversight, licensing and accreditation purposes. The Guidance reiterates that the Patient Safety Act does not preempt federal or state law requiring a provider to report information that is not PSWP.
The Guidance also confirms how PSWP can be created. One way is by using the “reporting pathway.” This option is available for information that is prepared by a provider for the purpose of reporting to a PSO, and it is in fact reported to a PSO. The information must be of the type that could improve patient safety, health care quality or health care outcomes. It must also be developed by a provider for the purpose of reporting to a PSO. The reporting pathway allows for information that is collected within the provider’s PSES to become PSWP. As PSWP, this information is now privileged and confidential before it is reported to a PSO. However, a provider should only place information in the PSES if it intends to report that information to the PSO. Additionally, information can become PSWP if it is developed for the specific purpose of being submitted to a PSO for patient safety activities. Information derived as a result of deliberations and output from PSES is also considered PSWP.
The Guidance also clarified the types of information that are considered not to be PSWP. This includes information that exists separately from any PSES, in particular, information that was created for purposes other than reporting to a PSO, such as information prepared to meet any federal, state or local health oversight activities, or information created to meet a provider’s external obligations. In order to determine whether information is in fact PSWP, providers must identify whether the information was prepared for purposes of reporting it to a PSO or whether it was created for other purposes.
A distinction is made in the Guidance regarding original patient provider records. Original records are not PSWP. The types of original records that are not considered to be PSWP include those records that are required to meet federal, state or local health oversight (referred to as external obligations below). Because these documents were created for regulatory purposes and to meet external obligations, they are not considered PSWP, regardless of whether these documents are kept inside or outside of the PSES. Similarly, copies of records created to meet external obligations but maintained within a PSES are not PSWP. Original forms containing adverse event reports that are created and maintained outside of the PSES and used for purposes other than patient safety activities are not PSWP. In addition, duplicate records within the PSES that are copies of records that become original records and original forms that are generated for non-PSWP purposes are not PSWP, even if maintained only in the PSES.
Satisfying External Reporting Obligations with PSWP
Providers can convert PSWP into non-PSWP in order to satisfy external reporting obligations. The “drop-out” provision in the Patient Safety Rule permits providers to remove PSWP assembled or developed by a provider from a PSES and to convert the information into non-PSWP. This provision is only available in limited circumstances and will be reviewed on a case-by-case basis. In any case, the conversion from PSWP to non-PSWP must occur before such information is reported to a PSO, and providers must document the act and date of the removal of the information from the PSES. Once the information has been converted into non-PSWP, it can be used for external purposes because it is no longer confidential or privileged. Where information has already been reported to a PSO, providers must assess whether there is a disclosure exception that may be used to permissibly disclose PSWP or whether a method is available to recreate information from a non-PSWP source.
The Guidance clarifies methods by which PSWP can be created. In addition, the Guidance explains methods by which PSWP can be converted into non-PSWP to satisfy external reporting obligations and comply with federal, state and local laws.
- The Patient Safety Act does not relieve a provider from complying with its external obligations. Instead, the Patient Safety Act works in concert with external obligations in an effort to reduce medical errors through the creation of a culture of safety.
- Information is PSWP if it has the potential to increase patient safety, is not an original provider record, was created with the purpose of being reported to a PSO and was reported to a PSO.
- Original provider records cannot be considered to be PSWP, even if they are maintained inside a PSES.
- Because of the confidential and privileged nature of PSWP, regulators cannot demand PSWP from providers or PSOs. However, if information contained within PSWP is required to be disclosed by a provider for external obligations, the provider may satisfy its obligation by converting PSWP into non-PSWP following the limited “drop-out” provision, disclosure exceptions or other methods to recreate the information from non-PSWP sources.
- Remember that the confidentiality protections afforded by the Patient Safety Act are distinct from, and in addition to, other potential protections and privileges, including but not limited to peer review. The availability and application of peer review confidentiality and/or privilege is governed by state law and must be analyzed through that lens.