A reminder for risk managers at hospitals and other healthcare organizations in Virginia and elsewhere: Plaintiffs’ attorneys can win access to risk management information long considered protected and internal—including documents pertaining to investigations of incident reports and unanticipated outcomes.

In the latest example, Newport News Circuit Judge David F. Pugh instructed a hospital to turn over internal risk management materials to the patient’s lawyer. While the hospital argued the materials were protected, the judge ruled it was within the (now-deceased) patient’s right to seek them. Procedurally, the hospital did exactly as expected—it filed a motion to quash the subpoena and complained that the materials were protected. Judge Pugh, however, evaluated the materials and decided several pieces of information must be disclosed to the patient. (“The materials include a doctor’s candid report on how he missed a radiologist’s recommendation to check for possible cancer,” notes Virginia Lawyers Weekly.)

The troubling implication for risk managers: Fact-gathering as a result of an incident or other problem associated with potential patient harm may indeed be subject to disclosure—up to and including a risk manager’s handwritten notes taken in the course of discussions with those involved. Similarly, a May 2014 ruling from the Circuit Court of Hampton highlights the potential discoverability of EMR audit trails and metadata.

In the Hampton opinion, Judge Christopher W. Hutton wrote, “There is no dispute, and it is well settled, that medicine has long past evolved from that time when ‘a patient’s chart’ was a clipboard hung on the foot of [a] bed.” In addressing the plaintiff’s attorney’s request for the defendant hospital’s policies and procedures, Judge Hutton’s opinion came down on the side of “an inexorable march to more disclosure.”

Nor is this a Virginia-only concern: Indeed, case reports suggest these procedural tactics are becoming more commonplace in medical malpractice cases across the country—especially in the long-term health litigation arena. How, then, should risk management professionals respond to this “inexorable” march?

For starters, training, policies and procedures should be organized around the mantra “Stick to the facts.” While the likes of mental impressions, conclusions, opinions or legal theories can be redacted (as they were by Judge Pugh in the Newport News case), you cannot assume that they will be redacted. If the purpose of an investigation is to gather facts in the wake of an incident, then the training, policies and procedures should hew closely to that purpose, never straying into matters of conjecture or opinion. When making statements, doctors should be reminded of the need to stick to the investigative facts.

Next, review all policies and procedures to insure a clear demarcation between fact-gathering regarding claims or potential claims and review/analysis related to opportunities for improvement of quality care and patient safety. Healthcare organizations must preserve their ability to take factual information and place it in the hands of quality review organizations. This process necessarily involves evaluating, assessing and even opining about how changes in policies, procedures, processes, training, education and credentialing could improve patient safety and quality of care. Plaintiffs’ attorneys will continue to “go after” such privileged information. However, the industry must fight back. Fortunately, many judges recognize the importance of privilege to the quality assurance process.

Lastly, take care to avoid extreme reactions to this trend. It is impossible to evade the discoverability of factual information by never writing anything down at the start of an investigation. Indeed, under Virginia law “oral communications regarding a specific medical incident involving patient care, made to a quality assurance, quality of care, or peer review committee… shall be privileged only to the extent made more than 24 hours after the occurrence of the medical incident.” In other words, a fact-finding inquiry conducted in the immediate aftermath of an incident is not necessarily protected simply because entities related to quality-assurance were involved and because nobody wrote anything down. Likewise, formal or informal policies that encourage people to say as little as possible—to “clam up” if you will—are highly counterproductive. Indeed, some risk managers go so far as to refuse to talk to quality assurance entities out of a desire to avoid tainting the quality review process. But how can the integrity of that process be protected without access to information?

When reviewing policies and procedures, maintain a sharp focus on consistency, clarity and objectivity. And in light of the potential for discoverability, reconsider questions such as: Who will investigate or be part of the investigation? When should the investigation start? Do you need to confer with counsel? What documents will be generated? And how will you maintain that line of demarcation between the investigation and processes related to learning from mistakes with a view toward maximizing patient safety and quality of care?