On May 24, 2016, the Department of Health & Human Services (HHS) issued guidance (Guidance) to health care providers and patient safety organizations (PSOs) in an attempt to clarify the definition of patient safety work product (PSWP) under the Patient Safety and Quality Improvement Act of 2005 and its implementing regulations (collectively, the PSQIA).

The PSQIA provides privilege and confidentiality protections for all information collected or developed by a health care provider that qualifies as PSWP and is reported to a PSO recognized by HHS’s Agency for Healthcare Research and Quality. However, questions concerning the specific information eligible to qualify as PSWP, and the circumstances under which such information must be developed and retained in order to maintain PSWP protection, have led to significant uncertainty regarding the scope of the PSQIA. This uncertainty has been particularly acute at the intersection between mandatory federal and state data health care reporting requirements and providers’ interests in limiting disclosure of sensitive health information.

The Guidance addresses the lingering uncertainty by restating the definition of PSWP and providing additional detail on the types of information that can and cannot be protected PSWP. Specifically, the Guidance explains that:

  • The PSQIA is intended to “protect the additional information created through voluntary patient safety activities, not to protect records created through providers’ mandatory information collection activities”;
  • The PSQIA does not shield providers from external reporting obligations and thus cannot be used to prevent disclosure of records required by external recordkeeping or reporting requirements; and
  • PSWP does not include:
    • “a patient’s medical record, billing and discharge information, or any other original patient or provider information”;
    • information “collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system”;
    • records mandated by Federal or State law requirement or other external obligation; or
    • copies of records prepared to satisfy external reporting obligations, even if held inside a provider’s patient safety evaluation system.

Although compliance with the PSQIA is completely voluntary, providers seeking to avail themselves of the PSQIA’s broad confidentiality and privilege protections would be well-advised to closely review the Guidance to ensure continued compliance with the PSQIA as well as Federal and State health care reporting obligations.