Print PDF



Patient Safety Work Product Privilege: Does It Still Exist?
Health Law Perspectives
August 1, 2016

In urging fellow members of the United States Senate to pass the Patient Safety and Quality Improvement Act of 2005 (PSQIA), the late Senator Edward Kennedy stated that “medical errors cause 98,000 deaths every year” and that the PSQIA stemmed from an effort to “encourage the development of a safer health care system.”[1]  Senator Kennedy explained that the PSQIA “implements this sensible recommendation by establishing patient safety organizations to analyze medical errors and recommend ways to avoid them in the future. The legislation also creates a legal privilege for information reported to the safety organizations, but still guaranteeing that original records, such as patients’ charts will remain accessible to patients.”  The language of the PSQIA itself reflects the goal to “provide for the improvement of patient safety and to reduce the incidence of events that adversely [a]ffect patient safety.”  (PL 109–41, July 29, 2005, 119 Stat 424, codified at 42 U.S.C. § 299b-21 et seq.

The PSQIA attempts to achieve this goal by establishing a voluntary reporting system for medical errors.  Under the law, health care providers who choose to participate may voluntarily report medical errors through an in-house Patient Safety Evaluation System (PSES).  Data collected through a provider’s PSES is then submitted to a Patient Safety Organization (PSO), which de-identifies the data and provides it to “a network of patient safety databases” for analysis. 42 U.S.C. § 299b-23.  Significantly for hospitals, the Affordable Care Act mandates that by January 1, 2017, qualified health plans in health insurance exchanges may not contract with a hospital of 50 beds or more unless that hospital has a PSES and reports to a PSO or “implements an evidence-based initiative to improve health care quality through the collection, management and analysis of patient safety events.”[2]  Thus, although reporting to a PSO started out as a voluntary procedure, either reporting to a PSO or implementing an evidence-based quality improvement initiative will soon be mandatory for most hospitals.

To encourage health care providers to voluntarily report medical errors through a PSES, the PSQIA provides—as Senator Kennedy described—a federal legal privilege and confidentiality protections for patient safety information that is considered Patient Safety Work Product (PSWP).  42 U.S.C. § 299b-22.  PSWP “shall be confidential and shall not be disclosed” except as authorized by PSQIA.  42 U.S.C. § 299b-22(b); see also 42 C.F.R. § 3.206(b).  Importantly data may only be classified as PSWP if they are “assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization” or “are developed by a patient safety organization for the conduct of patient safety activities.”  42 U.S.C. § 299b-21(7)A)(i) (emphasis added).  That is, information that exists for reasons other than reporting to a PSO, even if it relates to medical errors, is not PSWP.[3] 

Although this may, at first glance, appear straightforward, there has been significant confusion in the courts over what to do when data relating to medical errors are “assembled or developed” both for the purpose of reporting to a PSO and for some other purpose, particularly state law requiring the development of such data.  Does the federal statute preempt state law, or does the federal law not relate to information that is developed for such “dual purposes”?  Although federal circuit courts have been split on this issue, providers should be aware of the impact of recent guidance by the United States Department of Health and Human Services (HHS) and of the United States Supreme Court’s denial of a request to resolve the issue.

I.     PSQIA’s Privilege and Confidentiality Protections of PSWP

PSQIA defines PSWP as “any data, reports, records, memoranda, analyses (such as root causes analyses), or written or oral statements—

(i) which—

(I) are assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization; or

(II) are developed by a patient safety organization for the conduct of patient safety activities;

and which could result in improved patient safety, health care quality, or health care outcomes; or

(ii) which identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system.

42 U.S.C. § 299b-21(7)(A).  However, a “clarification” explains that PSWP does not include “information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system. Such separate information or a copy thereof reported to a patient safety organization shall not by reason of its reporting be considered patient safety work product.”  42 U.S.C. § 299b-21(7)(B)(ii) (emphasis added).

Despite this statutory definition of PSWP, confusion concerning what information is considered PSWP often arises in medical malpractice disputes where a party requests that a provider produce information relating to an adverse event that the provider was required by state law to collect, but this same information has been collected through the provider’s PSES system and reported to a PSO for quality improvement and analysis.  Providers and the organizations representing them have taken the position that the PSWP privilege protects this type of information from disclosure, arguing that the federal privilege under PSQIA protects such documents from discovery and to find otherwise undermines the entire purpose of the PSQIA.  

II.     Case Law Reflects Differing Analysis in Various Jurisdictions

Courts have split on this issue, with some finding that “dual purpose” documents are privileged under the PSQIA and others finding that such documents are not.  For example, the Kentucky Supreme Court held in Tibbs v. Bunnell, 448 S.W.3d 796, 801 (2014) (“Tibbs”)—a medical malpractice case—that because Kentucky regulations require health care facilities to maintain administrative reports, including “incident investigation reports,” such information could not be privileged from discovery under the clarification to the definition of PSWP set forth above, even if such incident reports were stored in the hospital’s PSES.  The hospital filed a petition with the United States Supreme Court for a writ of certiorari in this case, but the petition was denied on June 27, 2016, as discussed below.

On the other hand, a Florida appeals court held in Charles v. Southern Baptist Hospital, Case No. 1D15-0109 (Oct. 28, 2015)—also a medical malpractice case—that, even though Florida law purported to give patients the right to “any records made or received in the course of business by a health care facility or provider relating to any adverse incident,” this law was preempted by the PSQIA to the extent that it included documents that “met the definition of PSWP.”  Id. at 16.  The Florida appeals court held that the patient’s interpretation of the PSQIA—that is, that state law requiring the creation of the same information created for reporting to a PSO takes away PSWP protections from such reporting—“would render [the PSQIA] a ‘dead letter’ and is contrary to Congress’s intent to cultivate a culture of safety to improve and better the healthcare community as a whole.”  Id. at 17.  This case is currently on appeal to the Florida Supreme Court, with oral arguments scheduled for October of this year.

The question of whether incident information is, in fact, PSWP that is protected from discovery also has been heard by courts in Rhode Island, Illinois, and California, with each court using a slightly different analysis to reach a slightly different conclusion.  In Carron v. Newport Hospital, R.I., No. 15-C.A. No. NC 2013-0479, the plaintiffs alleged that the negligence of a physician employed by the hospital during labor an emergency delivery caused the death of a newborn infant.  Plaintiffs sought the production of two Medical Event Reporting System (MERS) reports relating to the event, which were prepared and submitted to a PSO, relying on Tibbs to argue that the reports were not privileged because they were required to be developed, collected and maintained by Rhode Island state law.  The hospital distinguished Tibbs by noting that the MERS reports were not required by state law (Rhode Island state law did not require the preparation and/or maintenance of patient incident records) and that the hospital collected state-law mandated report in a different form.  Following a motion to compel production of the MERS reports, the trial court, without written analyses, but appearing to rely on Tibbs, ruled in plaintiffs’ favor.  The hospital filed a petition for issuance of a writ of certiorari on June 29, 2015 that was granted by the Rhode Island Supreme Court on January 21, 2016.  The parties are submitting briefs to the court.

In Johnson v. Cook County, No. 15 C 741, 2015 WL 5144365 at *1 (N.D. Ill. Aug. 31, 2015), plaintiff, the estate administrator of Rex Johnson, brought a Section 1983 action against Cook County for alleged constitutional violations relating to Johnson’s death while he was a jailed inmate.  Id.  Plaintiff brought a motion to compel production of the Mortality and Morbidity Report (Report) prepared following Johnson’s death.  Cook County asserted that the Report was privileged under state law and PSQIA.  Id.  The trial court concluded that Cook County “ha[d] not met its burden of establishing that either statutory privilege applies.”  Id. at *2.  First, the trial court concluded that Cook County had failed to demonstrate the Report was actually reported to a PSO.  Id. at * 6.  The trial court continued that, even if Cook County had adequately demonstrated the Report was functionally reported to a PSO, the Report would still not be privileged because “that information is privileged only if it is specifically generated or assembled for the purpose of reporting to a PSO or patient safety evaluation system,” and Cook County had failed to show that “the Report was generated with a PSO or patient safety evaluation system in mind.”  Id. at *7.

In Schlegel v. Kaiser Health Plan, No. CIV 07-0520 MCE KJM, 2008 WL 4570619 at *1 (E.D. Cal. Oct. 14, 2008), the plaintiff brought suit against Kaiser Health Plan and other defendants “alleging claims for breach of the duty of good faith and fair dealing, breach of contract, negligence, fraud, negligent misrepresentation, and intentional and negligent infliction of emotional distress” with respect to Kaiser’s kidney transplant program.  The plaintiff sought to compel Kaiser to produce documents related to the “overall operation of Kaiser's transplant program, including documents relating to any investigation and audits of the transplant center by Kaiser, [California's Department of Managed Health Care (“DMHC”), the Federal Department of Health and Human Services Centers for Medicare and Medicaid Services (“CMS”), and the United Network for Organ Sharing (UNOS)].”  Id. at *2.  Defendants argued that these documents were protected from discovery under state law (California Evidence Code § 1157) and PSQIA.  The United States District Court for the Eastern District of California held in Schlegel that ERISA preempted state law because the claims related to an employee benefit plan and thus the state law peer review protection did not apply.  Id.  With respect to PSIQIA, the court held that “the unique and narrow privilege created by the [PSQIA] was not intended to apply to the materials requested . . . . There is no indication that the investigations conducted by Kaiser, UNOS, CMS and DMHC were prepared for and reported to a patient safety organization. . . . Additionally, there is no indication that the ‘mission and primary activity’ of any of the relevant entities concerns the goal of patient safety as defined by the statute.” 

Given the varying state court decisions and interpretations of the PSWP privilege, HHS’s recent guidance and the United States Supreme Court’s denial of a request to weigh in on this issue, the confusion concerning the extent and application of the PSWP privilege continues. 

III.     HHS Sub-Regulatory Guidance

In May of this year, HHS issued guidance (the Guidance) for PSOs and providers that was intended to clarify what information qualifies as PSWP.  81 Fed. Reg. 32655 (May 24, 2016).   This Guidance purports to “clarify” that records kept by providers for more than one purpose—i.e., records kept by a hospital both in its ordinary course of business or under a state law requirement and for purposes of reporting to a PSO—do not count as PSWP, and thus are not protected from discovery.  The Guidance explained that “[t]he intent of the system established by the Patient Safety Act is to protect the additional information created through voluntary patient safety activities, not to protect records created through providers’ mandatory information collection activities.”  81 Fed. Reg. 32655, 32655 (emphasis added).  Thus, according to HHS, the PSWP privilege applies only to records created solely for reporting to a PSO.  Records collected or created for any other purpose are not PSWP.

On the same day that HHS released the Guidance, the United States Solicitor General filed an amicus curiae brief in the Tibbs case.  Solicitor General recommended that the Supreme Court deny the petition for certiorari because HHS had clarified how PSQIA’s privilege and confidentiality protections should be interpreted, and there was no issue to be decided by the Supreme Court.  However, HHS’s interpretation of what documents qualify as PSWP was at odds with amicus curiae briefs filed in support of the petition for writ of certiorari by the Joint Commission, the American Hospital Association, the Alliance for Quality Improvement and Safety, and various PSOs. 

IV.     U.S. Supreme Court Denies Review of Issue

Many providers and others in the health care industry waited in anticipation for the United States Supreme Court’s decision as to whether it would weigh in on this issue by reviewing the Kentucky Supreme Court’s decision in Tibbs. 

Following the Kentucky Supreme Court’s decision, the hospital petitioned the Supreme Court of the United States for a writ of certiorari to review the judgement of the Kentucky Supreme Court.  The sole question presented was: Whether state law may nullify the federal “patient safety work product” privilege, or whether, instead the Kentucky Supreme Court erred by interpreting it not to protect information “normally contained in” documents subject to state reporting or recordkeeping requirements.” 

On June 27, 2016, Supreme Court denied the petition for a writ of certiorari.  Tibbs v. Bunnell, 2016 WL 3461621 (U.S. June 27, 2016).  The Supreme Court also declined to vacate and remand the case back to the Kentucky Supreme Court to take into consideration HHS’s recent Guidance.

V.     Issues Going Forward

As it stands, current and future discovery disputes and the conflict over the PSQIA’s privilege and confidentiality protections will continue throughout the states on a state-by-state basis as there is no national binding authority or precedent. 

Arguably, HHS’s Guidance does not have the force and effect of law as it was not issued through the notice and public comment rulemaking process and thus can be considered only as an interpretive instrument.  Further, pending state supreme court cases in Kentucky, Florida and Rhode Island could present a future opportunity for appeal to the United States Supreme Court.  However, it is unclear given the Court’s denial of certiorari in Tibbs,whether the high court ever will take up this issue.

Providers are now faced with the following choices:

  • Maintain the status quo and wait for additional judicial developments or further regulatory guidance, which could mean that the existing PSES policies would generate data that arguably does not qualify as PSWP; or
  • Comply with HHS’s Guidance and determine whether any records, reports and/or other documents they have been collecting through their PSES system for reporting to a PSO still qualify as PSWP.

In light of this, there is some question as to whether the PSQIA can have any impact on the goal of reducing patient deaths due to error, given that the scope of privileged PSWP has been so narrowly defined such that the privilege only exists in very limited circumstances.  Unless and until further guidance is issued by the United States Supreme Court, providers should be wary of relying on the PSQIA’s protection for maintaining the confidentiality of their PSWP, at least to the extent that it consists of data assembled or developed for purpose other than reporting to a PSES. 

For further guidance and information, please contact Sansan Lin or Katherine Dru in Los Angeles at 310.551.8111, Jennifer Hansen in San Diego at 619.744.7310, and Harry Shulman or Ross Campbell in San Francisco at 415.875.8500.

[1] .”  Floor speech of Senator Edward Kennedy, July 21, 2005, Congressional Record—Senate at S8713, available online at

[2] See Patient Protection and Affordable Care Act of 2010, P.L. 111-48 Sec. 1311(h)(1)(A), 1311(h)(2) (note that the January 1, 2015 deadline was thereafter extended to January 1, 2017) and 45 C.F.R. Sec. 156.1110(a)(2) (as amended March 8, 2016).

[3] This means that if a hospital chooses to comply with the Affordable Care Act’s requirements by “implement[ing] an evidence-based initiative to improve health care quality through the collection, management and analysis of patient safety events” rather than by reporting to a PSO, “the information involved in such initiatives would not be subject to the PSQIA’s privilege and confidentiality protections.” See Department of Health and Human Services Final Rule on Patient Protection and Affordable Care Act; HHS Notice of Benefit and Payment Parameters, March 8, 2016, 81 F.R. 12203, 12315 at available online at  However, systems can and should be designed to take advantage of state law protections for quality assurance and peer review processes.

For media assistance, please contact Maura Fisher at 202-580-7714.