Just as physician-patient confidentiality encourages frank discussions between the physician and the patient about the patient's condition without concern of involuntary disclosure of that information, documents generated within the parameters of a quality improvement committee (“QIC”) encourage medical practices to take a candid look at how they can improve patient care and compliance. As recognized by policymakers, QICs can lead to improvements in healthcare quality and processes but, in order to encourage effective evaluations leading to these advances, certain protections should be made available to physicians and entities engaging in these efforts.
Documents created in connection with the activities of a properly established QIC typically receive confidentiality protection from civil subpoenas and discovery in litigation. An understanding of the definitions of the various components of a QIC are important and vary state-by-state. In Tennessee for instance, a quality improvement committee (formerly known as a peer review committee), is defined as: “a committee formed or retained by a healthcare organization, an activity of a healthcare organization, or one (1) or more individuals employed by a healthcare organization performing the types of [specified] functions . . . the purpose of which . . . is to evaluate the safety, quality, processes, costs, appropriateness, or necessity of healthcare services.” In order to meet the definition of a QIC, the committee must engage in specified activities such as determining whether health services provided were performed in compliance with applicable standards of care, evaluating the qualifications and performance of healthcare providers, taking action upon matters relating to provider discipline, and undertaking activities to determine the healthcare organization’s compliance with state or federal regulations.
Many other states including Alabama, Arkansas and Kentucky have similar statutes providing for the protection of records relating to healthcare quality improvement efforts under certain specified circumstances. QICs may be referred to by other names such as a peer review committee or professional standards review committee.
In addition to understanding what qualifies as a QIC, it is also important to understand what documents and records are privileged and subject to confidentiality protection. In Tennessee, a “record” is defined as “records of interviews and all reports, incident reports, statements, minutes, memoranda, charts, statistics, evaluations, critiques, test results, corrective actions, disciplinary actions and any and all other documentation generated in connection with the activities of a QIC ”. There is a sometimes confusing but important distinction regarding which records reviewed by a QIC are protected and which ones are not. Information and records, which are not produced for use by a QIC or created by persons acting on behalf of a QIC and are otherwise available from an independent or original source, are not privileged from discovery. In other words, if a record or document came into existence independent of the QIC's activity, it is subject to discovery despite the fact that it may have been presented during the proceedings of a QIC.
In terms of best practices, QICs should be established and maintained pursuant to a written policy based upon the definitions and parameters set forth in state law. Some states, such as Arkansas, require that QICs be organized by, and operated pursuant to, a written plan or policy. Among other items, the policy should address the membership of the QIC, the activities of the QIC, how records are generated by or on behalf of the committee, and that the information and records of the committee’s activities shall remain confidential.
Finally, and perhaps most importantly, the information and records of a QIC need to be kept private within the confines of a QIC. While it may be tempting to tout successes from a QIC, doing so, even within the broader organization that established the QIC, may waive the confidentiality protection provided to the committee’s information. QICs can result in improvements to patient care and compliance but it’s best to keep the details of such efforts within the QIC. SVMIC recommends that practices consult their own healthcare attorney when establishing a QIC to ensure they have taken appropriate actions to ensure that the work of the QIC will not be discoverable.
Justin Joy is an attorney with Lewis, Thomason, King, Krieg & Waldrop, P.C. He has a variety of experience in the area of information privacy and cybersecurity including security incident investigation, breach response management, security awareness training, HIPAA policy drafting, and cyber risk consulting. He also provides counsel in healthcare liability defense, telemedicine, and healthcare compliance matters. As Lewis Thomason’s chief privacy officer, Justin promotes an awareness of privacy and security-related issues for the firm. Justin has earned the Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Technologist (CIPT) credentials through the International Association of Privacy Professionals (IAPP).
We're always just an email or phone call away.contact us