free amp template

Laying the Groundwork for Error Reporting and Learning Systems in the U.S.


Congress sought to strike a delicate balance between promoting error-prevention culture by protecting the confidentiality of certain information gathered by healthcare providers following adverse events and ensuring the transparency and accountability of healthcare providers to the public. 

While the U.S. does not have a central error reporting and learning system, in 2005, Congress laid the legislative groundwork for the creation of local, regional, and national error reporting and learning systems organized and run primarily by the private sphere. Responding to the call from the Institute of Medicine to promote error avoidance culture, Congress passed the Patient Safety and Quality Improvement Act (“the Act”) in an effort to improve patient safety and the quality of healthcare. The Act offers confidentiality that makes the development and success of voluntary error reporting and learning systems possible.[1]

A Balancing Act

Through the Act, Congress sought to strike a delicate balance between promoting error-prevention culture by protecting the confidentiality of certain information gathered by healthcare providers following adverse events and ensuring the transparency and accountability of healthcare providers to the public. To further this goal, the Act provides a sphere of legal protection for three categories of data defined as Patient Safety Work Product (“PSWP”). The category most relied upon by healthcare providers asserting a legal privilege under the Act includes data and records “assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization.”[2]

Specifically excluded from the definition of PSWP are:

> Medical and billing records;

> Patient discharge information;

> Other original patient or provider information; and

> Information collected, maintained, or developed separately from the patient safety evaluation system, most notably, information used to satisfy a provider’s mandatory external reporting obligations.[3]

While a healthcare provider may maintain non-PSWP in its Patient Safety Information System (PSES) and report non-PSWP to a Patient Safety Organization (“PSO”) for analysis, such information is not privileged PSWP under the Act.

Legal Challenges to the Act’s Confidentiality Protection

In 2014, the Kentucky Supreme Court in Tibbs v. Bunnell considered whether an incident report collected for reporting to a PSO and maintained solely in a provider’s PSES, but containing information required to satisfy the provider’s mandatory state reporting obligations was protected by the Act from discovery in litigation. The Court held that because the incident report was generated pursuant to mandatory state reporting obligations, it was not PSWP protected from disclosure. The Court reasoned that the Act did not excuse providers from complying with external reporting obligations that provided an independent source discovery prior to the Act and which should remain available following the Act. The dissenting opinion argued that the remedy for failing to comply with a mandatory reporting obligation should be addressed by the regulatory body that requires the report and not by rummaging through a provider’s PSES.[4]

In 2015, the Florida Court of Appeals in S. Baptist Hosp. of Florida, Inc. v. Charles recognized that the Act preempted the State constitutional right to access records relating to adverse medical incidents. In addressing the discoverability of documents maintained in the provider’s PSES, the Court found that documents maintained in a PSES could simultaneously be PSWP and satisfy the State’s reporting requirements. While the Court relied upon the dissenting opinion in Tibbs to opine that the remedy for failing to satisfy external obligations is the same as it would have been under State law prior to the passage of the Act, it also takes note that the plaintiff never alleged that the defendant failed to satisfy its State reporting obligations.[6] However, the next year, the Florida Supreme Court overturned the Court of Appeals’ decision and found that all adverse incident reports, since they were required under the state’s laws, were not entitled to protection by the PSQIA.[7]

In 2016, the Kentucky Supreme Court in Baptist Health Richmond, Inc. v. Clouse revisited the issue of whether data contained in a PSES could be discoverable when its collection is required to meet the State’s reporting requirements. The Court held that when a provider fulfills its external reporting obligations, there is no reason for a court to review information contained in the PSES; however, when a provider fails to fulfill external reporting obligations, an in camera review of the information contained in the PSES is necessary to identify discoverable information normally contained in State-mandated reports.[8]

AHRQ guidance

Following the Tibbs decision, the Department of Health and Human Services’ Agency for Healthcare Research and Quality (“AHRQ”), the agency responsible for interpretation, administration, and enforcement of the Act, issued guidance to address the confusion regarding PSWP and providers’ external reporting obligations. Motivated by the basic premise that, “[t]he intent of the system established by the Patient Safety Act is to protect the additional information created through voluntary patient safety activities, not to protect records created through providers’ mandatory information collection activities,” AHRQ clarified that data collected to meet a provider’s external reporting obligations is not PSWP under the “original provider information” exemption.[9]

How would AHRQ respond to newly enacted State regulations that require providers to collect information that is currently voluntarily collected by providers following an adverse event for reporting to a PSO? Under the current guidance, which exempts information collected pursuant to mandatory regulations from PSWP, States could hypothetically gut the Act by regulating all adverse event reporting out of the protected sphere of PSWP and into the unprotected “external obligation” sphere. If the U.S. is serious about promoting error reporting and learning systems to decrease adverse events, the federal law must foreclose the ability of States to override the Act’s protections or States must develop their own legislative framework supporting error reporting and learning systems and providing State confidentiality protections for information collected pursuant to those systems. Eighteen states, including Louisiana, have no error reporting system in place.

Administrative Burdens of Voluntary Reporting

AHRQ recommends that providers document the purpose for which information is collected in order to ensure that information voluntarily collected for reporting to a PSO enjoys PSWP privilege under the Act. This recommendation presupposes that reporting following an adverse event only has one collection purpose and prevents providers from collecting information needed for mandatory reporting alongside additional voluntary information that can improve patient safety. Since many providers already feel overburdened with paperwork, they may opt out of the additional voluntary reporting following a single event if it requires repeating the same event facts on a separate form. Perhaps, a technology solution can be developed to solve the multiple reporting burden on providers.

In an attempt to address concerns that the AHRQ’s guidance burdens providers with maintaining two reporting systems, AHRQ provides examples of how data initially maintained in a PSES could be removed from the PSES to meet state reporting requirements prior to transmission to a PSO or used to generate a new report to satisfy state reporting requirement after transmission to a PSO.

What Can We Learn From Germany?

Germany focuses its error reporting and learning system on near-misses, which are thought to occur at a significantly higher frequency than injury-causing errors. Considering the ongoing fear of liability exposure for voluntary reporting following injury-causing adverse events, a near-miss reporting system similar to the German model can compliment mandatory reporting requirements and may be a perfect pilot program for healthcare institutions seeking to improve patient safety by implementing an anonymous reporting system for evaluation and analysis by a Patient Safety Organization.

Finally, while the error reporting and learning systems in Germany are administered largely by private institutions, the government not only provides confidentiality protections, but also remuneration allowances for providers who participate in cross-facility error reporting systems.

[1] 42 U.S.C. 299b–21—b–26

[2] Data collected for the purpose of reporting to a PSO is protected upon collection even prior to transmission to the PSO. See 73 FR 70741–42, Nov. 21, 2008

[3] 42 U.S.C. 299b-21(7)(B)(ii); 42 CFR 3.20 (paragraph (2)(i) of the PSWP definition)

[4] Tibbs v. Bunnell, 448 S.W.3d 796 (Ky.2014)

[6] S. Baptist Hosp. of Florida, Inc. v. Charles, 178 So.3d 102 (Fla. Dist. Ct. App.2015), reh’g denied (Nov. 24, 2015)

[7] Charles v. S. Baptist Hosp. of Florida, Inc., SC15-2180, 2017 WL 411333 (Fla. Jan. 31, 2017)

[8] Baptist Health Richmond, Inc. v. Clouse, 497 S.W.3d 759 (Ky.2016)

[9] 81 FR 32655–60, May 24, 2016