Legal Protection of Patient Safety Information | Peck Law Group

Locations Throughout

Legal Protection For Patient Safety Information

Legal Protection For Patient Safety Information

Is there existing legal protection for patient safety information exchanged across institutional boundaries?

Federal Protection 42 U.S.C. §299c-3(c)

Perhaps the most promising source of existing Federal protection for safety information exchanged across institutional boundaries lies in 42 U.S.C. §299c-3(c), which specifies that information collected in the course of activities sponsored or supported by the Agency for Healthcare Research and Quality (AHRQ) may not be used for any purpose other than the purpose for which it was supplied. Although the data collected by AHRQ-sponsored entities are clearly protected under 42 U.S.C. §299c-3(c), it is uncertain whether that protection extends to data collected in the course of AHRQ-sponsored activities, but which are later disseminated to other organizations, i.e., other members of a regional health care safety consortium for non-AHRQ-sponsored safety activities. ,

If individuals inside a health care institution are gathering identifiable medical error information as part of AHRQ-supported grant or contract research, and it is conveyed outside the institution, e.g., for analysis in an AHRQ-supported central databank, even if the reporters lost their protection against being subpoenaed to testify under State law, the Federal statute would cover and protect the identifiable information they acquired pursuant to AHRQ’s statutory research authority.

When a AHRQ-sponsored entity collects the data, and in turn disseminates such data to non-AHRQ-sponsored entities. AHRQ protection may be attenuated if non-AHRQ-sponsored entities collect patient safety data and the AHRQ-sponsored entity acts only as a repository or an intermediary that then disseminates such data to other non-AHRQ entities. Protection under this statute also requires that at least one member of a safety consortium, preferably the member collecting the data, be AHRQ-sponsored. Notably, Federal grantees often have some discretion to alter the nature and scope of funded projects beyond that outlined in their original funded proposal. It may be reasonable to postulate that such expansion to include additional safety initiatives and institutional participants would have similar protection.

42 U.S.C. §241(d)/DHHS certificates of confidentiality

Another possible source of legal protection for patient safety information exchanged among health care organizations lies in 42 U.S.C. §241(d), which states that the Secretary of Health and Human Services may authorize persons engaging in research to protect the identity of research subjects by withholding from all persons not connected with such research the names and other identifying characteristics of such individuals.3 Persons so authorized may not be compelled in any legal proceeding to disclose identifying information of such individuals. By its terms, however, the protections mentioned above only apply to the identity of research subjects, or to data that would allow possible identification of such individuals. It seems then, that patient safety data that are de-identified per (for example) the medical privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) would still be potentially ascertainable, although the utility of such data may be limited. The question also arises as to whether this provision of law applies to patients who have presumably not consented to becoming patient safety research subjects. Additionally, since the purpose of this law is to protect patients’ privacy, patients may be able to waive the protections of 42 U.S.C. §241(d) as to their own information, which they presumably would do if they were plaintiffs in a malpractice lawsuit. The protections of 42 U.S.C. §241(d) also necessitate an application to the National Institutes of Health (NIH), a division of the Department of Health and Human Services (DHHS), for a “Certificate of Confidentiality.” While readily obtainable, such a certificate may generate a false sense of security, as cases interpreting §241(d) are few in number and the validity of the statute has never actually faced challenge.4 Furthermore, none of the questions mentioned above has yet been answered by any binding authority.

Conflict of 42 U.S.C. §§241(d) and 299c-3(c) with FRCP 26(a)

No court has yet had occasion to interpret §§241(d) and 299c-3(c) in light of existing Federal law. In addition to the various legal challenges that either statute may face, both may conflict with existing Federal discovery requirements. Per the Federal Rules of Civil Procedure (FRCP), a defendant is required to disclose all information he or she may use to support his or her defense, as well as the locations and custodians of such information. An argument could be made that a defendant could be required to disclose protected information if that defendant reviewed protected information in support of his or her defense.

However, §241(d) states that persons “so authorized may not be compelled in any Federal, State, or local civil, criminal, administrative, legislative, or other proceedings to identify such individuals.” Section 299c-3(c) states that identifiable information may not “be used for any other purpose than for which it was supplied.” Thus, Federal law in this area appears contradictory, a conflict that no court has yet resolved. While FRCP Rule 26(d) states that privileged materials are not discoverable, FRCP Rule 26(b)(5) states that to assert a privilege in Federal court, one must describe the nature of the privileged material sufficiently to allow a fact finder to assess its applicability.4 However, in these circumstances, even materials not admissible in court may still be subject to discovery as long as they are “reasonably calculated” to lead to admissible materials. This could include any information relevant to a patient injury, including patient safety information and the location of that information, such as the specific consortium members who hold the data and have provided the reports. Hence, under general discovery rules, protection of safety information may be limited due to the low threshold required for access to consortium information.

State law protections: California peer review/quality assurance privilege:

Peer review is defined as “[t]he concurrent or retrospective review by practicing physicians or other health professionals of the quality and efficiency of patient care practices or services ordered or performed by other physicians or other health professionals.” says California Eler law Attorney Steven C. Peck. In all States, the peer review privilege protects the proceedings and records of peer review committees from civil discovery or subpoena in actions where staff privileges are not at issue. The issue of peer review privilege arises in the context of exchanging patient safety data among health care organizations in one of two ways. The first issue is whether exchanging patient safety data would constitute an implied waiver of any existing peer review protection to which the reporting health care provider might be entitled.The second is whether the peer review privilege is interinstitutional, i.e., whether it applies to consortia composed of health care institutions engaging in peer review-like activities, but on a multi-institutional basis. indicated California Nursing Home Abuse and neglect Attorney Steven C. Peck.

No waiver of peer review in California

In California, the law may allow implied waiver of evidentiary privileges by third party disclosure. However, a review of the medical peer review cases under Evidence Code §1157 appears to indicate that peer review is considered “an immunity,” rather than a “privilege,” and hence is not subject to waiver in specified circumstances. indicates California Elder Abuse Attorney Steven C. Peck.For example, beginning in 1974 with Matchett v. Superior Ct., it was held that “§1157 establishes an immunity from discovery rather than an evidentiary privilege.” While the court in Matchett made no mention of waiver, this distinction became important in subsequent cases.

In Newhall v. Superior Ct., the court specifically addressed the issue of “whether or not a hospital waives the immunity from discovery provided in Evidence Code §1157… by filing a transcript of its staff committee hearing in an unrelated administrative mandamus proceeding….” The plaintiff contended that by voluntarily filing a copy of the staff committee transcript in the administrative action, the hospital had waived any privilege provided by California Evidence Code §1157. The court found that there was no waiver of §1157 and stated that “to hold otherwise would render hollow immunity provided in section 1157 and subvert the underlying public policy of section 1157….” The court, however, held that the hospital must assert the protection in “timely and in proper form.” So while holding that §1157 was not waived in this case, the court also established at least some constraints on peer review protection, including timeliness and form.

The next California case to address the issue of waiver was West Covina v. Superior Ct. Here, the appellate court specifically referred to the principles of waiver in its analysis, stating that “[t]he idea that an individual may ‘waive the [peer review] privilege’ is incongruous to the provisions and purpose of the statute.” On appeal to the California Supreme Court, however, the majority reversed, holding instead that §1157 was inapplicable to voluntary testimony, thereby avoiding any further waiver analysis.The dissent in the California Supreme Court opinion reiterated the language of Matchett, stating that §1157 “creates for the protected material an absolute immunity from discovery….”

In the fourth case to address the issue of waiver, University of Southern California v. Superior Ct., the plaintiff, a surgical resident alleging wrongful termination, sought to compel production of records of her evaluation along with evaluations of other residents, terminated or otherwise. When the defendant only produced records pertaining to the plaintiff, the plaintiff contended that “by producing records relating to her personally, USC waived the discovery exemption in section 1157.” The court responded by again distinguishing between evidentiary privileges and immunities, stating while “some decisions use the word ‘privilege’ to describe the exemption from discovery set forth in section 1157.” The court responded by again distinguishing between evidentiary privileges and immunities, stating that while “some decisions use the word ‘privilege’ to describe the exemption from discovery set forth in section 1157… ‘[p]rivileges’ are covered by Division 8 of the Evidence Code, which contains familiar section 912 regarding waiver of privilege. Section 1157, by contrast, is contained in Division 9….” The court went on to state that any waiver analysis was inapplicable since “[s]ection 1157 clearly does not create a privilege,”12 thereby implying that immunities were not waivable. The court, however, did not go so far as to state that §1157 immunity could never be explicitly waived, instead stating that assuming a waiver doctrine of some kind did apply, waiver would necessarily have to involve all those protected by §1157, including the committee members, physician reviewers, and other resident surgical trainees who were reviewed.

More recently, the California Supreme Court again addressed this question in Fox v. Kramer. In Fox, the plaintiff attempted to subpoena the expert testimony of an investigator for the California Department of Health Services (DHS), where that investigator had relied substantially on hospital peer review committee records in forming his opinions. When the hospital objected, citing §1157, the plaintiff claimed that the protections of §1157 were waived once the hospital turned over its committee records to the DHS or, in the alternative, when a redacted form of the report was given to the plaintiff by the DHS. The court ruled in favor of the defendants, finding that “[t]he fact of DHS review did not constitute a general waiver by the hospital of discovery immunity under Evidence Code section 1157, subdivision (a): the hospital peer review committee records did not lose their immunity from discovery simply because they were reviewed in the course of an administrative investigation.”

Thus, according to Fox, Newhall, and University of Southern California, and supported by the dissent in West Covina, the protection provided by §1157 is an immunity, which is not waived by disclosure to outside parties. It is important to note, however, that in all the cases that specifically addressed this issue, the disclosure was made in furtherance of some sort of secondary litigation. In Newhall, the disclosure took place pursuant to an unrelated administrative mandamus proceeding. In University of Southern California, the disclosure took place during the defense of a wrongful termination action. And in Fox, the disclosure took place when the hospital was compelled to turn over its committee records to the Department of Health Services.

All of these disclosures, which were later held not to constitute waivers, were necessary to defend against another action–civil, quasi-criminal, or administrative. The question then arises as to whether a court would find voluntary disclosure by a peer review committee to a regional patient safety consortium with no other litigation pending to be similar to these cases. While the issue has never been specifically addressed by a court of competent jurisdiction, at a minimum for the immunity to possibly apply, the assertion of immunity must be timely and in proper form, there must be no Federal jurisdiction, and explicit waiver by all those protected by §1157–including committee members, physician reviewers, and physicians reviewed–must not have occurred.

In California, the peer review privilege does not apply across institutional boundaries

Although the IOM report optimistically characterized the peer review privilege in California as “the most promising existing source of legal protection”1 for protecting interinstitutional exchange of patient safety data, even the broad protection of California’s peer review statute does not protect the interinstitutional exchange of patient safety information. Section 1157 covers only the proceedings and records of peer review committees composed of the medical staff within an institution. Even in the broadest of §1157 interpretations in California, courts have never read the phrase “proceedings and records” expansively enough to include the proceedings and records of a committee existing outside the aegis of a single health care institution, such as a regional patient safety consortium. Similarly, “proceedings and records” and “medical staff” encompassed by §1157 have never been held to cross organizational lines. Rather, “medical staff” has consistently been associated with an individual health care organization, either as employees or physicians with staff privileges. Additionally, in a large State like California, the interpretation of these terms may actually be different between appellate courts. (For example, some California appellate courts have tended toward a narrowing of the meaning of the definition of “proceedings and records,” while others have maintained a broader interpretation.) In the case of a regional patient safety consortium, the majority of members would likely have no official association with more than one health care organization within the consortium. Hence, it is unlikely that even a deferential court would find that the legislature intended for the “proceedings and records” of a “medical staff,” both of which exist outside the aegis of a single health care organization, would be covered by §1157.

The peer review privilege may not apply in Federal court

Even if peer review privilege was found to apply to a regional patient safety consortium, a potential litigant may be able to “end run” any protection provided by such a statute by obtaining Federal jurisdiction, a system which does not necessarily recognize State law evidentiary privileges.14 Federal jurisdiction requires either a Federal question (i.e., a conflict arising under Federal law), differences (i.e., “diversity”) of State citizenship among litigants, the United States as a party to the action, an action between two or more States, or a case governed by admiralty or maritime law.15 The Federal Rules of Evidence provide that the question of whether a Federal court shall adopt an evidentiary privilege shall be governed by the principles of the common law as they may be interpreted by the courts of the United States in the light of reason and experience. However, in civil actions and proceedings, with respect to an element of a claim or defense as to which State law supplies the rule of decision, the privilege… shall be determined in accordance with State law.16

Hence, in Federal actions based on diversity of the litigants’ residence, State law applies, including any protection provided by State peer review statutes. But if the claim involves at least one Federal issue or if the litigant sued a Federal institution, the Federal law and its limited recognition of the peer review privilege could apply.

Federal courts are split as to whether the peer review privilege is recognizable under Federal law, depending on the underlying claims and laws at issue.17 The U.S. Supreme Court has not yet addressed whether any medical peer review privilege exists under Federal common law.18 This means that even if a malpractice claim was filed in a State that had found that state peer review privilege does apply to interinstitutional activities, the privilege might be defeated if the action was successfully removed to a Federal court in a jurisdiction that does not recognize the peer review privilege. Even if the particular Federal court did recognize peer review privilege as existing in Federal common law, there is no guarantee that it would interpret such privilege as applying to interinstitutional activities in the same manner as in the State where the action took place.19


Given the review above, even in the absence of some additional form of Federal legislative protection, there is some potential to allow a regional patient safety consortium to exchange information without fear of discovery, as long as certain precautions are undertaken.

AHRQ sponsorship or support is highly desirable

Since 42 U.S.C. §299c-3(c) is the strongest potential source of protection for exchanged information, it should be the foundation for any information exchange paradigm. Therefore, if no member of the consortium has AHRQ sponsorship, it should be sought. Thus, AHRQ should be encouraged to foster the formation of such patient safety consortia through flexible grant or contract mechanisms, even if they can be supported with only very limited levels of funding. Once AHRQ sponsorship is obtained, the AHRQ-sponsored entity should act as the central repository of the information for the consortium. Only fully de-identified data should be transmitted by members to the AHRQ-sponsored entity. The data should then be stripped of all indications of organizational affiliation before retransmittal to other members. This method of information management conforms to provisions of §299c-3(c), which clearly protects data collection on behalf of an AHRQ-sponsored entity.

Review specific State laws to determine if State peer review protections apply

Providers interested in creating safety consortia should assess their specific State laws to determine if, and to what extent, the peer review/quality assurance privilege applies, and under what conditions. Pay attention to what forms of information must be placed, the committees and other entities that will see the data, and the circumstances where such privilege appears to be lost. This review should also assess under what circumstances the peer review/quality assurance privilege may be weakened in conflicts brought in Federal court.

Other issues to consider

The creation of a regional consortium of unaffiliated health care institutions has the potential for advancing patient safety communitywide through the sharing of knowledge, joint learning, and collaborative initiatives. However, in the creation of such a consortium, the potential member organizations need to consider a number of other factors besides concerns about waiver of protection from discoverability, as discussed above. Other issues requiring evaluation include patient privacy issues (e.g., HIPAA), the legal and organizational structure of the consortium, membership issues, confidentiality and indemnification, and the need for human subjects review. In the interest of brevity and focus, we cannot address these issues here. However, sample questions with which the consortium members must struggle might include–

  • What kinds of data do we feel comfortable sharing–from the highest (actual patient adverse events) to the lowest (structure of quality assurance and safety initiatives) risk?
  • Can the consortium’s activities be more clearly and closely associated with individual member’s medical staff peer review processes?
  • What kind of legal structure can best protect members from inadvertent disclosure by the consortium or by other members?
  • In the event of a lawsuit, would there be joint liability, and if so, how might individual members be shielded from excessive or inappropriate liability?
  • Should the consortium be a separate corporation, a partnership, an unincorporated association, or some other formal or informal structure?
Nursing Home Abuse & Neglect Attorney Steven Peck

About the Author

Attorney Steven Peck has been practicing law since 1981. A former successful business owner, Mr. Peck initially focused his legal career on business law. Within the first three years, after some colleagues and friend’s parents endured nursing home neglect and elder abuse, he continued his education to begin practicing elder law and nursing home abuse law.

Free Case Evaluation

    *Please do not include any confidential or sensitive information in this form. This form sends information by non-encrypted e-mail which is not secure. Submitting this form does not create an attorney-client relationship. For more information, please read our Privacy Policy.

    Bar Memberships and Affiliations

    The Peck Law Group stays up to date and in touch with the legal community through various memberships and affiliations.