Skip to Main Content

June 2022  Volume 3Issue 6
Health Law Connections

Harnessing the PSQIA to Re-Focus on Patient Safety Post-Pandemic

  • June 01, 2022
  • Elizabeth Hein , Post & Schell PC
Patient Safety

As health care providers emerge from the crisis mindset of the COVID-19 pandemic, building stronger patient safety systems should be a top priority. In “Health Care Safety during the Pandemic and Beyond—Building a System That Ensures Resilience,” recently published in the New England Journal of Medicine, authors from the Centers for Medicare & Medicaid Services (CMS) and the Centers for Disease Control and Prevention (CDC) share data showing “substantial deterioration” on multiple patient safety metrics since the beginning of the pandemic.1 Central-line-associated bloodstream infections increased by 28% in the second quarter of 2020 (a striking reversal from the five years of decreases preceding the pandemic).2 Data also showed increases in catheter-associated urinary tract infections, ventilator-associated events, and methicillin-resistant Staphylococcus aureus bacteremia. In skilled nursing facilities, rates of falls causing major injury increased by 17.4% and rates of pressure ulcers increased by 41.8%.3

Some of the extraordinary stressors that may have contributed to patient safety lapses during the COVID-pandemic, such as patient volume, will begin to diminish as surges recede, but others—staffing shortages, staff burnout, and supply-chain disruptions—may not. Providers face increased liability risks in this environment. As the article’s authors stress, a renewed focus on patient safety that will ensure the delivery of safe and equitable care during both normal and extraordinary times is paramount.

Providers seeking to revisit or revamp their patient safety programs can benefit from the Patient Safety and Quality Improvement Act of 20054 (PSQIA), a federal statute designed to help providers identify and remediate patient safety issues without fear that their efforts will be discovered and used against them in litigation. This article discusses the scope of the privilege and confidentiality provisions set forth in the PSQIA and implementing regulations and how providers can best take advantage of those provisions. It also provides guidance for providers in defending the privilege in court.


The PSQIA was passed in response to a seminal report of the Institute of Medicine (IOM) finding that preventable medical errors were responsible for tens of thousands of deaths each year, costing the country tens of billions of dollars annually, and proposing a “national agenda for reducing errors in health care.”5 One of the IOM’s most important findings was that most errors are systemic, meaning they are due to breakdowns in the systems that deliver care to a greater extent than to individual mistakes.6 In passing the PSQIA, Congress intended to improve the quality of patient care by creating a “culture of safety” through a non-punitive confidential, voluntary reporting system, and to ensure accountability by raising standards for continuous improvements in health care.7 The goal was to improve the safety and quality of the delivery of patient care on a national scale.

Accordingly, the PSQIA establishes a voluntary program through which health care providers can share sensitive information relating to patient safety events with Patient Safety Organizations (PSOs) with the aim of improving patient safety and quality of care nationwide.8 The statute provides privilege and confidentiality protections for “patient safety work product” (PSWP) to encourage providers to collect, create, and share this information without fear of liability.9 The national learning system envisioned by the PSQIA is based on a privilege for PSWP that is both broader than existing privileges that may be available for peer review information or incident reporting, and stronger than such privileges—once the privilege attaches, it cannot be waived, even following disclosure, except in limited circumstances.10

PSWP is “any data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements” that, in pertinent part, (1) are assembled for reporting to a PSO and are reported to a PSO, or are developed by a PSO for the conduct of patient safety activities, and that could result in improved patient safety, health care quality, or health care outcomes; or (2) identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system (PSES).11 This definition covers information and communications related to a broad range of activities, including but not limited to event reporting and investigations, systems safety reviews, clinically directed performance improvement, peer support programs, quality assurance, root cause analyses, gap analyses, departmental morbidity/mortality conferences, and evaluation or revision of clinical protocols. Information generated as part of these analyses can be reported to a PSO, but does not have to be, since the definition of PSWP encompasses “deliberations or analysis” occurring within a PSES, which do not necessarily result in a report to the PSO.12

PSWP is both privileged and confidential under the PSQIA.13 The privilege is established by clear, preemptive language (“Notwithstanding any other provision of Federal, State, or local law . . . . patient safety work product shall be privileged . . . .”). The confidentiality provision, which is also preemptive, includes a number of exceptions permitting disclosure of PSWP for a variety of quality and safety-related purposes, including, (1) disclosure of PSWP to carry out patient safety activities (including disclosure among affiliated providers and disclosure to other PSOs and other providers), (2) disclosure consistent with a provider’s authorization, (3) disclosure of nonidentifiable PSWP, (4) disclosure by a provider to the Food and Drug Administration (FDA) with respect to a product or activity regulated by the FDA, (5) voluntary disclosure of PSWP by a provider to an accrediting body that accredits the provider, (6) disclosure for business operations, and (7) disclosure for research.14 The PSQIA does not, however, contemplate or permit disclosure of PSWP to regulators, unless the disclosure is authorized by each provider identified in the PSWP.15 Critically, as noted previously, PSWP that is disclosed—whether permissibly or impermissibly—continues to be privileged and confidential, and such disclosure is not treated as a waiver of privilege or confidentiality.16

The privilege and confidentiality provisions attach as soon as PSWP is placed into the PSES, although providers who subsequently determine that the PSWP is required to meet external obligations can remove it from the PSES, in which case the privilege and confidentiality provisions no longer apply.17 Once information is reported to the PSO, it cannot be de-designated. And, once the privilege and confidentiality attach to PSWP, those protections continue to apply, no matter where the PSWP goes.

Despite the strong privilege and confidentiality protections afforded to PSWP under the PSQIA and implementing regulations, certain courts have failed to recognize the full extent of those protections. At least one court refused to recognize the preemptive force of the privilege for PSWP, holding that its privilege provisions did not displace state laws that required disclosure of documents that would otherwise be PSWP.18 Other courts have erroneously read a “sole purpose” requirement into the statutory and regulatory definition of PSWP, recognizing documents as PSWP only if they were developed for the “sole purpose” of reporting to a PSO.19 Other courts have declined to recognize the privileged status of PSWP unless it was clear that it was actually reported to a PSO,20 even though the privilege applies as soon as PSWP is placed in the PSES (prior to actual reporting) and the PSQIA does not have a reporting requirement for the “deliberations and analyses” pathway.

Designing the PSES

In spite of these flawed rulings, providers can maximize the likelihood that a court will recognize the PSWP privilege protections for documents and communications they maintain by carefully designing and defining the PSES. The PSES Policy is an important roadmap that can ultimately help a court understand which persons, committees, physical spaces, and digital spaces encompass the PSES and which processes and other activities occur within the PSES.

Providers should therefore think broadly about what activities can be conducted within the PSES. At a minimum, the PSES Policy should reflect the fact that the provider has a contract with a PSO, has the capacity to report PSWP to a PSO, and does report PSWP to a PSO. In designing the PSES, however, providers should keep in mind that the PSQIA encourages not just collection and reporting of safety events, but also rigorously analyzing them to develop learning that will improve safety practices. Through the PSES, providers who learn of patient safety events can thoroughly investigate and evaluate the failures in the system(s) that contributed to the event; create remedial action plans; develop new clinical protocols, checklists, or procedures; and take other steps to ensure that similar incidents do not occur in the future, all within a protected space.

The PSQIA also encourages and enables sharing patient safety learnings. For instance, PSWP that is developed by the PSO, or developed by the provider under the “deliberations and analysis” pathway, can be shared within an entity, given the Department of Health and Human Services’ (HHS’) preamble guidance that PSWP “may be used within an entity for any purpose.”21 Such PSWP can be shared on a system-wide basis using the PSQIA protections for sharing of PSWP between affiliated providers.22 Such PSWP can further be shared more broadly throughout the industry, either by the PSO disclosing it in de-identified form to another PSO or another provider, or by the provider disclosing it in de-identified form directly to another provider.23 The ultimate goal is to promote robust patient safety analysis leading to safer practices without fear that the process will generate documents to be exploited by plaintiffs’ attorneys. Providers should therefore think broadly about how the results of activities conducted within the PSES can be disseminated to improve patient safety and quality.

Providers should ensure the PSES Policy encompasses all of the reasonably foreseeable ways in which PSWP is collected, developed, and used by the provider. The PSES Policy should recognize and capture the interplay between PSWP that is collected and reported to a PSO, PSWP that is received from a PSO, and PSWP that constitutes or identifies the provider’s internal analysis and deliberations. The PSES Policy should specify how information enters the PSES, who determines whether PSWP needs to be removed from the PSES to meet mandatory external requirements, and how such removal is accomplished. The policy should also identify the procedures the provider uses to externally disclose PSWP and how PSWP may be used within the organization in order to ensure retention of the privilege. The provider should also carefully consider which activities may be conducted outside of the PSES and privileged through other means, such as state privileges for peer review, quality review, patient safety, and self-evaluation, and which activities must be conducted outside of the PSES because the information is required to be reported externally. The PSES Policy should be regularly reviewed and updated to ensure continuing accuracy as the PSES evolves.

Defending the Privilege and Confidentiality of PSWP

Finally, in the event that PSWP is requested during the course of litigation, providers will need to be prepared to meet their burden to establish the existence of the privilege and confidentiality protections for PSWP. In some cases, defense counsel may need to be educated to ensure that the PSWP privilege is appropriately asserted and defended, potentially up through multiple layers of appeal.

Defense counsel should prepare the factual record through affidavits that describe the PSES in a clear way, ideally through reference to the PSES Policy, and show how the documents sought by plaintiff were developed and maintained within the PSES. In defending the privilege, it is important to analyze how each document fits within the PSES, including determining which pathway(s) apply to each document—i.e., is it:

  • Information assembled, developed, and reported to the PSO?
  • Information assembled or developed, but not yet reported to the PSO?
  • Deliberations and analyses that were disclosed/shared with the PSO?
  • Deliberations and analyses that were not disclosed/shared with the PSO?
  • PSO-generated PSWP?
  • PSWP that has been “used” internally or “disclose” externally (if so, to whom and for what purpose? Was the disclosure permissible or impermissible?)

Defense counsel should be prepared to educate the court that the typical framework for analyzing privileges does not necessarily translate to the PSQIA and to combat common misconceptions. Under the PSQIA, for instance, even documents that are not ultimately reported to the PSO can still be privileged, as can PSWP that is used within the organization.24 Critically, even PSWP that was impermissibly disclosed externally still retains the privilege.25 In addition to arguments based on the statutory text and regulatory language, policy-based arguments can help persuade the court to recognize the privilege, given the importance of ensuring that health care providers have a protected space to “provide the brutally honest feedback hospitals need to keep their patients safe without fear of its use in litigation.”26 Litigants should point out that permitting discovery of PSWP will destroy this safe space, chill voluntary self-improvement, and weaken the health care delivery system.


The PSQIA provides a useful framework for providers seeking to re-focus on patient safety and build more resilient patient safety systems. It creates a protected space through which providers can do the hard work of collecting information about patient safety events and risks, analyzing that information, and strengthening systems, while also sharing lessons learned throughout the health care sector. Nevertheless, because of aggressive plaintiffs’ counsel and uneven court interpretations, providers should seek the advice of counsel to structure and defend their patient safety and quality improvement activities to ensure that the PSQIA’s protections will apply and to maximize those protections.

Elizabeth M. Hein is a Principal in Post & Schell’s Health Care Practice Group and counsels and defends health care providers in litigation, regulatory, and compliance matters. She can be reached at [email protected].

1 Lee A. Fleisher, M.D., et al., Health Care Safety during the Pandemic and Beyond—Building a System That Ensures Resilience, New Eng. J. Med. (Feb. 17, 2022),

2 Id.

3 Id.

4 42 U.S.C. §§ 299b-21-26.

5 IOM, To Err is Human: Building a Safer Health System (1999).

6 Id. at 51-53.

7 H.R. Rep. No. 109-197, at 9.

8 Agency for Healthcare Research and Quality, Patient Safety and Quality Improvement Final Rule, 73 Fed. Reg. 70732, 70732 (Nov. 21, 2008) (PSQIA Final Rule).

9 Id.

10 42 U.S.C. § 299b-22(d)(1); 42 C.F.R. § 3.208.

11 42 U.S.C. § 299b-21(7)(A). PSWP does not include (i) a patient’s medical record, billing and discharge information, or any other original patient or provider record, or (ii) information that is collected, maintained, or developed separately from a PSES. 42 U.S.C. 299b-21(7)(B). The statute also clarifies that its confidentiality and privilege protections do not limit a provider’s record-keeping obligation under federal, state, or local law. 42 U.S.C. § 299b-21(7)(B)(iii)(III).

12 42 U.S.C. § 299b-21(7)(A)(ii).

13 42 U.S.C. § 299b-22(a), (b).

14 42 U.S.C. § 299b-22(c)(2); 42 C.F.R. § 3.206(b).

15 42 C.F.R. § 3.206(b)(3)(i).

16 See supra note 10.

17 PSQIA Final Rule, 73 Fed. Reg. 70741.

18 See Charles v. Southern Baptist Hosp. of Fla., Inc., 209 So. 3d 1199 (Fla. 2017).

19 See, e.g., Univ. of Ky. v. Bunnell, 532 S.W. 3d 658 (Ky. App. 2017); Penman v. Correct Care Solutions, 2020 U.S. Dist. LEXIS 131326 (W.D. Ky. July 24, 2020).

20 See, e.g., McCue v. Integra, 2021 U.S. Dist. LEXIS 92573 (D. Mont. Mar. 15, 2021).

21 See PSQIA Final Rule, 73 Fed. Reg. at 70779 (“patient safety work product may be used within an entity for any purpose”).

22 42 C.F.R. § 3.206(b)(4)(iii).

23 42 C.F.R. § 3.206(b)(4)(iv).

24 42 U.S.C. § 299b-21(7)(A)(ii); see also supra note 21.

25 42 U.S.C. § 299b-22(d)(1); 42 C.F.R. § 3.208(a).

26 See, e.g., Rumsey v. Guthrie Med. Grp., P.C., 2019 U.S. Dist. LEXIS 164731, *9 (M.D. Pa. Sept. 26, 2019).