Most healthcare providers know that the Patient Safety and Quality Improvement Act (PSQIA or the Act) created a new kind of “work product” privilege to protect providers that choose to collect and analyze information for the purpose of improving patient safety. But many organizations have failed to consider exactly how a provider should go about collecting data to ensure that sensitive materials obtain and maintain that protection. The lack of critical thought on this issue creates uncertainty in litigation and presents an unacceptable risk for the provider. The quandary typically arises after a provider has evaluated Patient Safety Work Product (PSWP) within its own Patient Safety Evaluation System (PSES) and has decided that additional investigation or data is necessary to draw conclusions. The dilemma is whether to collect such information pursuant to the “Reporting Pathway” of PSWP, which must be reported to a Patient Safety Organization (PSO) in order to enjoy the privilege, or under the “Deliberations and Analysis Pathway,” which is privileged without reporting the information to a PSO. The statute reads in pertinent part:
[T]he term ‘patient safety work product’ means any data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements – (i) which “(I) are assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization; … and which could result in improved patient safety, health care quality, or health care outcomes; or (ii) which identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system.
In this case, the provider is forced to ask a difficult question: Can we collect additional primary data in conjunction with our internal deliberations and analysis, and can we expect that information to be protected if we do not intend to report it to a PSO?
The Patient Safety and Quality Improvement Act
In 2005, Congress passed the PSQIA in an attempt to facilitate collection and analysis of data and materials evidencing medical errors and near misses for the purpose of improving overall patient care. It did so by creating strong privilege and confidentiality protections for PSWP, a new kind of protected material that did not exist outside of the Act or its state-law corollaries. Prior to the Act, relentless litigation and heavy-handed regulation created a disincentive for physicians, clinicians, and provider representatives to speak openly and think critically about patient safety. The privilege now provides a safe space for this kind of activity, but a provider can only avail itself of the privilege if it aligns itself with a federally listed PSO. It is also a “best practice” to document an analysis and reporting framework called a PSES. Even then, only certain materials are protected.
The privilege exists at the crossroads of two diametric interests. The first interest is the ability of the privilege holder, (assuming the privilege applies) to deny its adversary access to protected material. The second, equally compelling interest is the ability of the privilege holder’s adversary to obtain relevant non-privileged information. These principles are in constant tension. Congress sought to strike a balance when enacting the PSQIA by stating that the privilege does not prohibit discovery of information and material falling outside the parameters of the statute or affect any other laws pertaining to non-privileged information. Strict adherence to statutory language insulates the provider against the pendulum swinging between these powerful and legitimate interests, and that means respecting the categories of protected materials delineated by Congress. The statute’s protections “do not extend backward to the underlying factual information contained within or referred to in the patient safety data reported to a PSO.” The medical error itself is not privileged; the Act protects analysis of the error by or for the provider in collaboration with the PSO.
The PSQIA created three distinct types of privileged PSWP, each with its own elements that must be satisfied in order for protection to attach. This article will focus on the two provider-generated categories, often described as “pathways.” The first pathway, the Reporting Pathway, permits a provider to collect, assemble, and develop certain delineated material and report that material to a PSO. Importantly, all materials collected in the Reporting Pathway must either be reported or identified as materials intended to be reported and ultimately reported to a PSO, or else the privilege will not attach. The second pathway, the “Deliberations and Analysis Pathway,” protects deliberations or analysis, and documents reflecting these processes, conducted within the PSES. This category also protects reports, records, memoranda, and the like “[w]hich … identify the fact of reporting, pursuant to, a patient safety evaluation system.” In other words, the Deliberations Pathway protects the analysis of materials and the process of reporting. Collecting data for analysis is conspicuously absent from Congress’s definition of the second pathway. The third category must be developed by a PSO conducting patient safety activities.
Establishing privilege in the Reporting Pathway
The Reporting Pathway allows a provider to obtain the privilege by “assembl[ing] or develop[ing]” data, analyses, statements, and the like to report to a PSO and actually reporting that material to a PSO.Assemble means to “bring together or gather in one place.” To collect is a synonym.Develop means “to bring into being or activity; generate; evolve, to create or produce particularly by deliberate effort over time.” Accordingly, the Reporting Pathway is where PSWP is collected. Deliberations do not occur in this category, although analysis may occur there. The Reporting Pathway permits providers to assemble or create information external to a PSES with the intention of submitting that information to a PSO.
As modified by the regulations, the Reporting Pathway recognizes two subcategories of privileged materials: (1) materials created or collected with the intention of being reported to a PSO which are then reported, and (2) materials “documented within a patient safety evaluation system for reporting to a PSO,” including the date such information entered the PSES (emphasis added). The first subcategory addresses material already reported and requires no documentation. The second subcategory, as described in the regulation, is material for which the provider has created written substantiation that the material is intended to be reported to a PSO in the future. If information is collected within a PSES for reporting to a PSO, but is not yet reported, documentation of its inclusion within the PSES is mandated. The Department of Health and Human Services (HHS) has characterized these documentation mandates as “important requirements” and has admonished providers not to place information into their PSES that they do not intend to report to a PSO. HHS regulations do not indicate how quickly Reporting Pathway materials should be reported, but the reporting period is finite.
Congress mandated actual reporting of all Reporting Pathway patient safety work product in order for the privilege to attach. HHS relaxed that strict reporting requirement, because a strict and immediate reporting deadline “left information collected but not yet reported to a PSO, unprotected.”
HHS recognized this “shortcoming” and “sought comment on whether a short period of protection for information assembled but not yet reported is necessary for flexibility or for providers to efficiently report information to a PSO. [HHS] also sought comment on an appropriate time period for such protection and whether a provider must demonstrate intent to report in order to obtain protection.” (emphasis added)
HHS relaxed the reporting requirement, but it could not eliminate the requirement entirely. This modification gives providers “flexibility … while they consider whether the information is needed to meet external reporting obligations.” (emphasis added) As used by HHS in the preamble, “while” indicates a process during which the provider deliberates whether the information is needed to satisfy external reporting requirements. If a provider is unsure whether PSWP is necessary to satisfy external reporting requirements, HHS expects providers to actively engage regulators and conduct an ongoing process of evaluation.
It is the provider’s ultimate responsibility to understand what information is required to meet all of its external obligations. If a provider is uncertain what information is required of it to fulfill an external obligation, the provider should reach out to the external entity to clarify the requirement.
Under this regime, HHS anticipated that delays in reporting information would be “rare because providers are likely to engage PSOs for their expertise which requires such reporting.” Regulations have also created a “drop out” provision, not found in the statute, which permits a provider to remove the information from the PSES before it has been reported to the PSO. A provider can remove PSWP from the PSES, so long as it had yet to be reported to the PSO, documenting its removal. The material would no longer be privileged but would be available for many uses, including employing it to satisfy external reporting requirements.
How long does unreported information retain its privileged status?
The question lingers: How long does unreported Reporting Pathway PSWP retain its privileged status? Although HHS sought comments on this question during the rulemaking process, they offered no clear guidance in this regard. Broader principles govern the analysis here.
First is the universal premise that privileges, because they withhold relevant information from the finder of fact, are narrowly construed. Second, the person or entity claiming privilege must prove that (s)he or it satisfied all of the privilege’s elements in order to secure that privilege. The provider is required “to substantiate that information is patient safety work product,” at least in dealing with the Office of Civil Rights. Third, Congress drafted the PSQIA and indicated that litigants would still have access to information necessary to prove their cases if they had it in the past. Fourth, while creating the “drop out” provision, HHS admonished providers not to place anything in their PSES unless there is an intention to report the same to the PSO. Fifth, HHS was not free to relieve providers of the burden of reporting PSWP to a PSO for an indeterminable amount of time, because Congress mandated reporting of such materials to a PSO. “There comes a point when what has been designated as a ‘temporary measure’ lasts for so long, that to continue to categorize it as ‘temporary’ is to ignore the realities of the situation.… The [federal agency] cannot, by its delay, substantially nullify rights which the Act confers, though it preserves them in form.”
Unreported PSWP deprives the provider of the PSO’s expertise regarding the matter, while at the same time denying regulators and litigants access to relevant and valuable information. The notion that information intended to be PSWP can remain unreported, yet privileged, is incompatible with the statute.
As indicated in the preamble, HHS sought to create a “short period” within which to protect unreported materials during the time required for a provider to determine whether the material is necessary to satisfy external reporting requirements. Providers should move quickly and document delays in order to ensure that the provider can demonstrate that the time it took to make its determination was objectively “reasonable” under the circumstances.
Information underlying PSES deliberations and analysis
The Reporting Pathway is the only avenue through which a provider may collect the information and materials that become PSWP. Although some suggest that a provider may collect information and materials intended to become PSWP in the Deliberations and Analysis Pathway, the language of the PSQIA does not support this position.
The word deliberations is defined as “the act of thinking about or discussing something and deciding carefully.” Similarly, an analysis is “a detailed examination of anything complex in order to understand its essential features.” The words assemble, develop, collect, create, and any of their synonyms are conspicuously absent from the definitions of the Deliberations and Analysis category. By omitting from this category terms akin to the “assembled or developed” phrase appearing in the statutory language creating the Reporting Pathway, Congress restricted the collection of intended PSWP by providers to the Reporting Pathway.
When a commenter, during the rule-making process, suggested that “data used to conduct an analysis should be protected at the same time as the analysis,” HHS responded directly.
Information underlying the analysis may have been either reported to a PSO and protected or collected within a patient safety evaluation system. Information documented as collected within a patient evaluation system is protected based on the modification to the definition of patient safety work product. Thus, information underlying an analysis may be protected (emphasis added).
The only modification to the definition of Patient Safety Work Product found in the regulations framing the statute occurred in the Reporting Pathway. Because PSWP created under the Deliberations and Analysis Pathway need not be reported to a PSO in order to be privileged, to allow providers to collect PSWP within that pathway and then to discuss and evaluate it within the PSES would effectively divorce a PSO from any involvement in a significant portion of patient safety initiatives. As evidenced by the statutory language, this cannot have been Congress’s intent.
Some advocates contend that any material indicating that it was reported to a PSES renders the material privileged. These advocates note that the Deliberations and Analysis Pathway also protects any memoranda, data, analysis, statements, and the like “[w]hich … identify the fact of reporting pursuant to, a patient safety evaluation system.” Reliance on this language to support the contention is misplaced.
Both the statute and regulation read “pursuant to” not “to” a PSES. Pursuant means “in accordance with (with a law or a legal document or resolution)”; pursuant to means “in carrying out; in conformity with.” By contrast, “to” is a function word indicating “intention, purpose, tendency, result or end.” By including the word “pursuant,” Congress (and HHS for that matter) protected the fact of reporting “in accordance with” a patient safety evaluation system and not simply when an event results in a report to a patient safety evaluation system. From a provider’s perspective, the only type of information referred to in the definition of PSES is “informationfor reporting to … a PSO” (emphasis added). The definition of “Patient Safety Evaluation System” is “the collection, management, or analysis of information for reporting to or by a PSO.” It follows, then, that the material protected by the “fact of reporting” prong is only that which is reported to a PSO.
Not only does the protection extend just to materials reported to a PSO, the protection covers only the type of materials set forth in the provision that indicate the fact of reporting. The examples offered by HHS of PSWP protected by the “identifying the fact of reporting” prong suggest such a narrow interpretation (e.g., a fax cover sheet, an email transmitting data, an oral transmission of information to a PSO). A broad interpretation of the “identify the fact of reporting” prong to reach any document reported to a PSES would essentially devour the Reporting Category. Any item reported to a PSES, assuming that it is tagged in some manner to show reporting, need no longer meet the strictures of 42 U.S.C. § 299b-21(7)(A)(i), or the accompanying regulations, because it would be protected by the fact of reporting. Congress would not design a statute so precisely only to have one provision make another completely superfluous.
Congress wanted to ensure the involvement of a PSO, at least minimally, in most aspects of the patient safety process. Although PSOs need not review and analyze each bit of data or every document reported to them, they are obligated to perform the eight listed patient safety activities, which include the collection and analysis of patient safety work product and the provision of feedback to providers. Reporting information to a PSO, even if the provider does not request that it be analyzed, creates the opportunity for the PSO to analyze the data and provide feedback independently; clearly in line with Congress’s intent.
To answer our initial question, a provider cannot collect or assemble information through the Deliberations and Analysis Pathway without reporting that primary data to the PSO and expect that the data will be privileged. It is only when collection activities are undertaken by a provider to report to a PSO—that is, where the information is reported to a PSO adhering to the requirements of the Reporting Pathway—that material collected outside the PSES becomes privileged. In order to establish the privilege, materials must be collected within the strict confines of the statute. Sharp practices to broaden methods of collection, such as the use of the Deliberations and Analysis Pathway, are likely to be met with disdain by courts and regulators.
Note reasons for any delay in reporting documents or data to a PSO in order to mitigate risks created by confusion regarding reporting deadlines under the PSQIA.
If your PSES evaluators need more information, make sure the new information is obtained in compliance with the Reporting Pathway to ensure it is privileged.
Don’t be afraid to use the PSO to enhance quality improvement.
Healthcare providers and practitioners should be informed about the work product protections set out in the Patient Safety and Quality Improvement Act of 2005.
How a provider collects and analyzes patient safety data can directly affect whether that information or documentation can be protected from discovery or disclosure.
Documents and information collected in the Reporting Pathway must be reported to a patient safety organization to ensure protection.
Deliberations, analysis, and documents evidencing the fact of reporting are protected as part of the Deliberations and Analysis Pathway and need not be reported.
Providers cannot collect primary data in the Deliberations and Analysis Pathway and expect that information to be protected.