American Health Lawyers - PowerPoint Presentation

American Health Lawyers Association March 20, 2018 |2:00-3:30 Eastern This webinar is sponsored by Michael R. CallahanPartnerKatten Muchin Rosenman LLP+1.312.902.5634michael.callahan@kattenlaw.com Diane M. Meldi Executive Director-Medical Services Mercy Quality & Safety Center 2018 President-National Association Medical Staff Services 132365202 What Every Medical Services Professional and Attorney Needs to Know About Patient Safety Organizations

Title © 2018 is published by the American Health Lawyers Association. All rights reserved. No part of this publication may be reproduced in any form except by prior written permission from the publisher. Printed in the United States of America. Any views or advice offered in this publication are those of its authors and should not be construed as the position of the American Health Lawyers Association. “This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought”—from a declaration of the American Bar Association.

What Every Medical Services Professional and Attorney Needs to Know about Patient Safety OrganizationsThe purpose of this program is to provide an overview of the Patient Safety Act, the fundamental principles and requirements under the Act, and the privilege protections afforded to licensed providers who contract with a federally certified patient safety organization. In addition, the presentation will apply these standards to a hypothetical peer review scenario. Topics to be discussed including the following:Overview of Patient Safety ActWhat is a Patient Safety Evaluation System (PSES) and how is it formed?What information can be considered privileged and confidential patient Safety Work Product (PSWP), and therefore not subject to discovery or admissibility into evidence?

What Every Medical Services Professional and Attorney Needs to Know about Patient Safety Organizations (cont’d)Do the privilege protections apply to all state and federal proceedings?What are the different pathways for creating PSWP?Legal developmentsLitigation Lessons Learned and Questions Raised

Health Care Reform and PSOsMedicare/Medicaid and private payers are now reimbursing providers based on documented compliance with established quality metrics and outcome measures.Examples of this shift from volume to value as a condition of payment include:Medicare Shared Savings ACOsValue-based purchasing outcome standardsPay for performance standardsReadmission rate penaltiesMACRA/MIPSHospital acquired condition/infection penaltiesHHS has set a goal of tying 85% of all of its traditional Medicare payments to quality or value metrics

Health Care Reform and PSOs (cont’d)In order to meet these ever evolving standards, clinically integrated networks, hospitals and other providers will need to implement these quality standards into their appointment, reappointment, ongoing monitoring and similar processes in order to track performance and implement remedial measures, including disciplinary action for non-compliance not only because of the potential adverse impact on patients but also because it will result in reduced reimbursement.The result of these efforts will be the creation of very sensitive quality, risk and peer review analyses, reports, studies, and other information, most of which may not be protected under existing state laws.

Health Care Reform and PSOs (cont’d)As will be discussed during this presentation, participation in PSOs therefore play a very important role in being able to conduct these patient safety, quality and risk activities in a protected space in order to continue to improve patient care services and limit liability risks.

The Patient Safety and Quality Improvement Act of 2005The goal of the Act was to improve patient safety by encouraging voluntary and confidential reporting of health care events that adversely affect patients. To implement the Patient Safety Act, the Department of Health and Human Services issued the Patient Safety and Quality Improvement Rule (Final Rule).The Patient Safety Act and the Final Rule authorize the creation of PSOs to improve quality and safety through the collection and analysis of aggregated, confidential data on patient safety events. This process enables PSOs to more quickly identify patterns of failures and develop strategies to eliminate patient safety risks and hazards.

The Patient Safety and Quality Improvement Act of 2005 (cont’d)Provides privilege & confidentiality protections for information when providers work with Federally listed PSOs to improve quality, safety and healthcare outcomes Authorizes establishment of “Common Formats” for reporting patient safety events Establishes “Network of Patient Safety Databases” (NPSD) Requires reporting of findings annually in AHRQ’s National Health Quality / Disparities Reports

Key Components of Patient Safety ActPSOs – Almost any entity can be or have a PSO as long as the certification requirements are met. PSOs serve as independent, external experts who can collect, analyze, and aggregate PSWP to develop insights into the underlying causes of quality and patient safety events. Providers – An individual or entity licensed or otherwise authorized under State law to provide health care services and/or a parent organization of one or more entities licensed or otherwise authorized to provide health care services.Patient Safety Events – Incidents or near misses or unsafe conditions. Any type of event that adversely effects healthcare quality, patient safety or healthcare outcomes Common Formats – Provide a uniform way to measure patient safety events clinically & electronically and to permit aggregation & analysis locally, regionally, & nationally. Patient Safety Work – Term used for the confidential and privileged information under the Patient Safety Act (see attachment).

Patient Safety ActivitiesEfforts to improve patient safety and the quality of health care delivery;The collection and analysis of patient safety work product;The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices;The utilization of patient safety work product for the purposes of encouraging a culture of safety and of providing feedback and assistance to effectively minimize patient risk;

Patient Safety Activities (cont’d)The maintenance of procedures to preserve confidentiality with respect to patient safety work product;The provision of appropriate security measures with respect to patient safety work product;The utilization of qualified staff; andActivities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system.

What is Patient Safety Work Product (PSWP)? Requirements Must be created in PSES Key dates must be documented

What is Not PSWP? Requirements

The collection, management, or analysis of information for reporting to or by a PSO. A provider's PSES is an important determinant of what can, and cannot, become patient safety work product. Patient Safety Evaluation System (PSES)

PSES OperationsEstablish and Implement Your PSES to:Collect data to improve patient safety, healthcare quality and healthcare outcomesReview data and takes action when needed to mitigate harm or improve careAnalyze data and makes recommendations to continuously improve patient safety, healthcare quality and healthcare outcomes Conduct RCAs, Proactive Risk Assessments, in-depth reviews, and aggregate RCAsDetermine which data will/will not be reported to the PSO Report to PSO Conduct a uditing procedures

PSES Operations (cont’d)Examples in PSES for collecting and reporting to a PSO which therefore qualify as PSWP:Medical Error investigations, FMEA or Proactive Risk Assessments, Root Cause Analysis Risk Management - incident reports, investigation notes, interview notes, RCA notes, notes from risk recommendations via phone calls or conversations, notes from PS rounds which relate to identified patient safety activitiesClaims management is not PSWPOutcome/Quality - may be practitioner specific, sedation, complications, blood utilization etc.Peer Review Committee minutes – Those portions of Safety, Quality, Quality and Safety Committee of the Board, Medication, Blood, Physician Peer Review relating to identified patient safety activities

Steps to documenting a provider PSES PSES means the collection, management, or analysis of information for reporting to or by a PSO

Functional reportingWhat is it?Reporting of information to a PSO for the purposes of creating patient safety work product must include authorizing PSO access, pursuant to a contract or equivalent agreement between a provider and a PSO, to specific information in a patient safety evaluation system and authority to process and analyze that information, e.g., comparable to the authority a PSO would have if the information were physically transmitted to the PSO.Considerations:How is it maintained by Provider within PSES – cabinet drawers, separate server? How can the PSO retain the same responsibilities for privacy and security

Functional reporting (cont’d)A Functional Reporting agreement with PSO is necessary that describes how PSO will access to the data and utilize the data to identify quality, patient safety and healthcare outcome improvementsMust decide how and when functional reporting has taken place and must document same If PSWP Is Functionally Reported, PSO Must Have Access

Deliberations or AnalysisWhat is It?Deliberations or analysis is a separate method of creating PSWP. It is not defined in the Patient Safety Act but would include the oral discussions and communications, analysis, reports, reviews and other forms of work product relating to patient safety activities performed and collected within a provider's or PSO's PSES.Information that is being treated as D or A should be specifically identified in the PSESD or A does not need to be reported to a PSO – it immediately becomes PSWP However, D or A cannot be dropped out of the PSES and used for external purposes

The Final Rule provides a limited opportunity for a provider to remove PSWP protections from information that the provider entered into its PSES for reporting to a PSO. The drop-out provision can be used for any reason, provided the information that the provider had placed in its PSES has not been reported to a PSO or is not being treated as D or A and the provider documents the action to drop out and its date. Upon removal, the information is no longer PSWP but could be privileged under state law. The drop-out provision cannot be used if the information has been reported to a PSO. Drop-Out Provision

PSWP is Privileged :Not Subject to:subpoenas or court orderdiscoveryFOIA or other similar law requests from accrediting bodies or CMSNot Admissible in: any state, federal or other legal proceedingstate licensure proceedingshospital peer review disciplinary proceedings

Patient Safety Act Privilege and Confidentiality Prevail Over State Law ProtectionsState Peer Review Patient Safety Act Working with a PSO must be implemented in a way that facilitates a Just Learning Environment while taking advantage of privilege and confidentiality protections.The privileged and confidentiality protections and restriction of disciplinary activity supports development of a Just Learning Culture Limited in scope of covered activities and in scope of covered entitiesState law protections do not apply in federal claims State laws usually do not protect information when shared outside the institution – considered waived Consistent national standard Applies in all state and federal proceedingsScope of covered activities and providers is broaderProtections can never be waived PSWP can be more freely shared throughout a health care system PSES can include non-provider corporate parent

Criminal activity PSWP is confidential and not subject to disclosure with limited exceptions In camera inspection Valid written authorization Need protective order for work product Patient Safety Activities Direct identifiers removed Patient Safety Activities No further disclosure Patient Safety Activities Sanctioned by Secretary HHS HIPAA Privacy Rule Compliant Further disclosure limited to patient safety activities No further disclosure and limits on use Business operations No further disclosure Confidential Please see Patient Safety F inal Rule Another PSO or provider Equitable Relief of Reporter Affiliated Providers FDA Contractor of a Provider Provider to PSO Non –identifiable PSWP Business Associates Accrediting Bodies Research Approved disclosure

Peer Review Case StudyA loyal, highly respected senior orthopedic surgeon, who is one of the hospital’s biggest admitters, had the following adverse patient events within a two month period of time:Wrong site pre-operative procedure;Used the wrong orthopedic medical device in two patients, one of which was chosen by a medical device rep who was in the operating room;Two other patients who were morbidly obese with cardiac conditions, died shortly after their respective orthopedic procedures. The operations went forward despite objections from the surgeon’s partners.After the second patient’s death, a meeting was requested by the Chief Medical Officer at which the Department Chair, the Risk Manager, the Quality Manager, the PSO Liaison the MSP and in-house counsel were present. The following comments, questions and concerns were expressed.

Peer Review Case Study: QuestionsRisk ManagerNeeds to contact insurance carrier and defense counsel regarding possible litigation in one or more of the adverse events.Questions/ConcernsCan she share PSWP with carrier?Can she share PSWP with defense counsel?

Peer Review Case Study: AnalysisUnder the Final Rule, there are a limited number of PSWP disclosure exceptions. Section 3.206(b)(9) allows disclosure for business operations to “professionals” including attorneys and accountants, in part, because they also owe a fiduciary obligation to their clients. Therefore, PSWP can be shared with defense counsel. However, the question you should ask is whether counsel needs PSWP in order to defend any suit. This depends on the nature of the claims and what information is needed. Also, has the information been reported as PSWP to a PSO (actually or functionally) or treated as D or A or is it being held within the PSES?

Peer Review Case Study: AnalysisWith respect to the insurance carrier, the business operations exception specifically was not extended to this category “at this time”. However, if the carrier is conducting, in part, patient safety activities such as benchmarking, risk analysis, studies, etc., and in order to do so needs access to some PSWP, Section 3.206(b)(4) allows disclosure of PSWP to contractors involved in patient safety activities. If not, the only other way is through a written authorization under Section 3.206(b)(3) “by the parties from whom the authorization is sought.”

Peer Review Case Study: Analysis (cont’d)REMEMBER – Once it has been reported to the PSO it CANNOT be disclosed to an outside independent party, such as a court. Because the attorney is an agent/fiduciary, PSWP can be disclosed to him/her even if it already has been reported. If not reported it can be removed, but it is no longer PSWP. However, the state confidentiality protections might apply.

Peer Review Case Study: QuestionsQuality Manager Needs to send three never events reports to CMS. She is concerned that a CMS/state surveyor will show up to investigate and will demand to see any root cause analyses that are generated as well as some or all of the peer review materials that are developed as a result of the plan. What, if anything, does she have to give to CMS, The Joint Commission or any other third party? Can the proposed morbidity/mortality study and RCA be done within the PSES and results shared? What entity should conduct the study?What documents and records can or should be protected?

Peer Review Case Study: AnalysisFinal Rule requires that reports that must be filed with the state or federal government and agencies, i.e., never events, adverse events, must still be reported. These reports should not be reported to a PSO, but a copy may be sent. Everything else can be collected in the PSES for reporting to a PSO.CMS is on record as saying it will not require providers to turn over PSWP BUT you otherwise have to demonstrate compliance with QAPI requirements.Be prepared to turn over the resulting action plan which is generated as part of the RCA.

Peer Review Case Study: AnalysisTJC has taken the same position and will not require the hospital to turn over PSWP BUT Section 3.206(b)(8) allows for a voluntary disclosure to an accrediting body as long as certain identifiers are removed and the non-disclosing provider agrees to the disclosure, e.g., the physician.Keep in mind, if information collected in the PSES has not been functionally or actually reported or treated as D or A it can be dropped out and turned over to a third party.With respect to the M&M study and RCA, both are a patient safety activity and thus can be included in the hospital’s PSES. PSO can collect this PSWP from participating hospitals, create a study/report and send back to all. The report also is considered PSWP. It must be decided whether hospitals included in the study will or will not be identified.If hospitals/providers are identified, you must obtain written authorization in accordance with requirements in the final rule.

Peer Review Case Study: Analysis CMO and Department ChairBoth have agreed to authorize a fitness for duty assessment. Depending on outcome, a 360 degree FPPE assessment will be conducted which will include peer interviews, direct proctoring of 10 cases and a requirement that he meet with the Department Chair when wanting to operate on morbidly obese patients. They want to know what documents can and cannot be protected.List of DocumentsMedical records – not protected under Patient Safety Act. Patients have legal right to obtain their records under state laws.Internal incident reports – if collected within PSES for reporting to a PSO, they are PSWP. Can be used for internal purposes and can be shared with in-house and outside counsel.

Peer Review Case Study: AnalysisFitness for duty report – if physician is an employee, is the evaluation being conducted for HR purposes or for improving patient care and reducing risk? If being collected outside of PSES and/or for a purpose different from a patient safety activity, it will not qualify as PSWP. Physician in this Scenario is independent and not employed or under contract.You have to make this call on the front end when designing your PSES. Because there may be a corporate negligence claim, patient complaint, CMS/state surveyor, investigation, etc., you will want to take steps to maximize your confidentiality/privilege protections under state and/or federal law.Never event or mandated state reports – not protectedFPPE assessment – can be included in PSES

Can peer review activities and documents such as committee reports, peer review analyses, outside reviews, be collected in a PSES for reporting to a PSO and therefore be considered PSWP?  YesCan the protections be waived if not properly disclosed?  NoCan a corporate parent be covered even though it is not a licensed provider?  Yes in corporate parent owns, controls or manages hospitals and licensed hospitals which have contracted with a PSOWhat about an ACO  Not as a licensed provider but maybe as on independent contractor Will federal courts in your jurisdiction allow a state court confidentiality statute to pre-empt a federal claim, i.e., antitrust, discrimination?  No Can the protected information be shared through your CIN?  DependsPeer Review Case Study: Questions

Role of MSPMSPs are, at a minimum, the keeper of peer review records which are being collected and utilized to improve patient safety.MSPs need to know what information is being treated as PSWP under the Patient Safety Act and/or state peer review privilege laws. MSPs should be included as identified workforce members within the PSES and get appropriate training because of their access to and use of PSWP in order to carryout their responsibilities.MSPs must keep the PSWP secure, consistent with hospital policies, and not disclose the information for unrelated activities. MSPs should seek to get more involved in peer review and quality activities at the gatekeeper of patient safety.

Litigation Lessons Learned and Questions Raised Most plaintiffs/agencies will make the following types of challenges in seeking access to claimed PSWP:Has the provider contracted with a PSO? When?Is the PSO certified? Was it recertified?Did the provider and PSO establish a PSES? When?Was the information sought identified by the provider/PSO as being collected within a PSES? Was it actually collected and either actually or functionally reported to the PSO? What evidence/documentation?Plaintiff will seek to discover your PSES and documentation policies.

Litigation Lessons Learned and Questions Raised If not yet reported, what is the justification for not doing so? How long has information been held? Does your PSES policy reflect a practice or standard for retention?Has information been dropped out? Did you document this action?Is it eligible for protection?Has it been used for another internal purpose? What was the purpose? Was it subject to mandatory reporting? Will use for “any” other purposes result in loss of protection?May be protected under state law.

Litigation Lessons Learned and Questions Raised Is provider/PSO asserting multiple protections?If collected for another purpose, even if for attorney-client, or in anticipation of litigation or protected under state statute, plaintiff can argue information was collected for another purpose and therefore the PSQIA protections do not apply.Is provider/PSO attempting to use information that was reported or which cannot be dropped out, i.e., an analysis, for another purpose, such as to defend itself in a lawsuit or government investigation?Once it becomes PSWP, a provider may not disclose to a third party or introduce as evidence to establish a defense.Is the provider required to collect and maintain the disputed documents pursuant to a state or federal statute, regulation or other law or pursuant to an accreditation standard? Did provider voluntarily create documents for business purposes outside of its PSES with no intent to report to a PSO?

Litigation Lessons Learned and Questions Raised Document, document, documentPSO member agreementPSES policiesFormsDocumentation of how and when PSWP is collected, reported or dropped outDetailed affidavits Separate Attorney-client privilege protectionsIndependent contractor agreementsUtilization of disclosure exceptions

Litigation Lessons Learned and Questions Raised Advise PSO when served with discovery request.Educate defense counsel in advance – work with outside counsel if needed.Get a handle on how adverse discovery rulings can be challenged on appeal.