Summary
finding in part that, where a record was "created post-care for the specific purpose of submission to a [patient safety organization,]" the "subject matter" of the report was the event summarized in the report, "not the patient identified in the report" and, accordingly, the report did not constitute an original patient record
Summary of this case from Daley v. TeruelOpinion
NO. 2017–CA–000543–OA
10-20-2017
ATTORNEYS FOR PETITIONER: Wesley R. Butler, Holly R. Iaccarino, Lexington, Kentucky, William E. Thro, Margaret Pisacano, Lexington, Kentucky. ATTORNEYS FOR REAL PARTY IN INTEREST: J. Dale Golden, Mary Lauren Melton, Kellie M. Collins, Lexington, Kentucky.
ATTORNEYS FOR PETITIONER: Wesley R. Butler, Holly R. Iaccarino, Lexington, Kentucky, William E. Thro, Margaret Pisacano, Lexington, Kentucky.
ATTORNEYS FOR REAL PARTY IN INTEREST: J. Dale Golden, Mary Lauren Melton, Kellie M. Collins, Lexington, Kentucky.
BEFORE: ACREE, DIXON, AND J. LAMBERT, JUDGES.
OPINION AND ORDER
ACREE, JUDGE:
Petitioner, University of Kentucky acting on behalf of the health care provider, UK HealthCare ("hospital"), filed a petition with this Court for a writ to prohibit the Respondent, Fayette Circuit Court Judge Kimberly Bunnell, from enforcing an order compelling the Petitioner, as a witness, to produce a document the hospital identifies as an "event report" and which the Real Party in Interest, Phyllis Flowers as Administratrix of the Estate of Anthony Haggard (Flowers), seeks to discover in a medical negligence and wrongful death action. The information was sought by means of a subpoena duces tecum. In addition to the event report, the subpoena compelled production of "any other investigative notes and/or data regarding the treatment of [sic] care/death of Anthony Haggard[.]" The Petitioner asserts the targeted information is not subject to production based on the privilege afforded by the Patient Safety and Quality Improvement Act of 2005 (the Patient Safety Act, or the Act), 42 U.S.C. § 299b–21 et seq. We agree with Petitioner and, for the reasons stated below, the petition is GRANTED.
United States Code.
I. Standard for granting a writ
As applicable to this case, "[a] writ of prohibition may be granted upon a showing ... that the lower court is acting or is about to act erroneously, although within its jurisdiction, and there exists no adequate remedy by appeal or otherwise and great injustice and irreparable injury will result if the petition is not granted." Hoskins v. Maricle , 150 S.W.3d 1, 10 (Ky. 2004). When a circuit court allows discovery in error, a party will not have an adequate remedy by appeal because "once the information is furnished it cannot be recalled." Bender v. Eaton, 343 S.W.2d 799, 801 (Ky. 1961). Petitioner alleges discovery was allowed in error and contrary to Petitioner's right to a claim of privilege regarding the targeted documents; therefore, Petitioner made the required showing of an absence of an adequate remedy by appeal or otherwise and that great injustice and irreparable injury will result if the petition is not granted. O'Connell v. Cowan , 332 S.W.3d 34, 38–39 (Ky. 2010).
II. Background and analytical approach
In three separate opinions over the past three years, our Supreme Court has grappled with the "thorny questions raised" by the interaction between the federal Patient Safety Act and Kentucky laws applicable to medical providers. Frankfort Regional Medical Center v. Shepherd , 2015–SC–000438–MR, 2016 WL 3376030, at *9 (Ky. June 16, 2016) (referring to "thorny questions raised by the application of Tibbs and this regulation"); Baptist Health Richmond, Inc. v. Clouse , 497 S.W.3d 759, 767 (Ky. 2016) (Hughes, J., concurring (noting U.S. Department of Health and Human Services (HHS) commentary regarding "the thorny question[s]")); see also Tibbs v. Bunnell , 448 S.W.3d 796 (Ky. 2014) (plurality opinion; first opinion rendered in this series of three). At the heart of each of these cases, and the many issues they raise, is the following question: does 902 KAR 20:016 § 3(3)(a) require hospitals to make or submit to the Kentucky Cabinet for Health and Family Services reports of adverse medical events, thereby excepting such information from the protection of the privilege created by the Patient Safety Act?
Tibbs is not precedent because it only represents the opinion of a plurality of the Court. Frankfort Regional is not precedent by rule. Kentucky Rule of Civil Procedure (CR) 76.28(4)(c). We cite both cases as part of the jurisprudential history of interpreting 902 Kentucky Administrative Regulations (KAR) 20:016 § 3(3)(a). An argument can be made, however, that Frankfort Regional is more persuasive than Tibbs . First, it is more recent; second it expresses a view of a majority of the Supreme Court; and third, "[w]hile unpublished opinions may, by rule or tradition, lack the precedential authority accorded published decisions, unless the issuing courts have simply ruled incorrectly, these opinions should be considered correct in their expressions of law or application of law to facts." J. Thomas Sullivan, Unpublished Opinions and No Citation Rules in the Trial Courts , 47 Ariz. L. Rev. 419, 445 (2005).
Kentucky Administrative Regulations.
Reading these Supreme Court cases together and in sequence, we conclude that the answer has not yet been provided. Consequently, and particularly in light of this regulation, circuit courts remain uncertain how to proceed when a medical provider seeks application of the privilege under the Patient Safety Act. This is a problem for all involved. As Respondent said when struggling to apply this jurisprudence:
I expect a writ. I mean, I'm not encouraging it ... But yeah. And while they have it, if they could go ahead and address the rest of the issues, that would be nice. But yeah, I'm looking for guidance. I've got a feeling Judge Clouse would like to see a little guidance. Judge Shepherd over in Frankfort would like to see a little guidance.... [T]here's a list of, I guess, I don't know, four or five things. Just tell us. Hospitals would like to know. Plaintiffs would like to know. And that's the only way I figure we can get some guidance.
Transcript of Hearing at 60–61 (Fayette Cir. Ct. No. 15–CI–04544). As the Supreme Court of the United States put it, "[a]n uncertain privilege, or one which purports to be certain but results in widely varying applications by the courts, is little better than no privilege at all." Upjohn Co. v. United States , 449 U.S. 383, 393, 101 S.Ct. 677, 684, 66 L.Ed. 2d 584 (1981).
This quote introduced a student note critical of Tibbs . Zara Airapetian, Federal Privilege Under Patient Safety and Quality Improvement Act: The Impact of Tibbs v. Bunnell , 11 J. Health & Biomedical L. 345, 345 (2016). As the note's author said, "The decision [in Tibbs ] caused much concern among patient safety advocates and healthcare providers, who contended that the decision ran contrary to the Patient Safety Act and would have a chilling effect on patient safety efforts."Id. at 347–48. On the other hand, in an article published in the American Association for Justice magazine, Trial, Tibbs was lauded. That author said, "If your state has reporting requirements for adverse medical incidents, citing Tibbs along with those statutes will further support your arguments against privilege. The Tibbs defendants' petition for certiorari to the U.S. Supreme Court was denied. In an amicus brief on the government's behalf, the U.S. solicitor general argued that the petition should be denied because the Kentucky Supreme Court correctly decided the issue. Cite the solicitor general's amicus brief as persuasive guidance in your motions." Nicholas C. Johnson, Compelling Production of Adverse Incident Reports Hospitals Fight Tooth and Nail to Avoid Producing Adverse Incident Reports. Learn How to Craft A Motion That Will Survive Their Opposition , Trial, May 2017, at 26, 28 (2017). But see footnote 63, infra, explaining that the Solicitor General's opposition was based on the Kentucky Supreme Court's short-lived belief expressed in Tibbs that state law, specifically 902 KAR 20:016 § 3(3)(a), required the hospital to create the subject report.
In addition to the meaning and import of 902 KAR 20:016 § 3(3)(a), this case presents several, if not all, of the issues for which Respondent seeks guidance. This Opinion and Order may be more comprehensive than typical of our past efforts in this area. However, the necessary depth of its analysis reflects this panel's heeding of Respondent's call for guidance, as well as our attempt to harmonize what, in appearance only, are dissonant elements of our jurisprudence.
Normally, to answer the questions before us, we would begin with the available jurisprudence. However, of the three Supreme Court decisions touching upon the questions, only Baptist Health , the third case, has precedential value. The first case, Tibbs , was only a plurality opinion and the second, Frankfort Regional Medical Center v. Shepherd , 2015–SC–000438–MR, 2016 WL 3376030 (Ky. June 16, 2016), was deemed by the Supreme Court as not being worthy of publication.
That third case, Baptist Health , does not resolve the meaning of 902 KAR 20:016 § 3(3)(a). This is apparent from a review of the case's procedural history. The circuit court had ruled that the regulation did mandate that hospitals report adverse medical events to the Cabinet. However, the Supreme Court vacated that ruling and remanded the case with instructions to reassess the information claimed to be privileged, in accordance with the opinion, to determine whether there was any unmet, state-mandated reporting requirement of the hospital. Baptist Health , 497 S.W.3d at 766. Remand would have been unnecessary if the circuit court had applied the correct rationale. The opinion could have addressed the regulation's role directly and clearly, but it did not. Our more thorough analysis of Baptist Health , later in this opinion, confirms our conclusion that whether the regulation, for certain, mandates recordkeeping or reporting by a hospital has not been determined until now.
Because the jurisprudence does not answer the question, our approach is to begin with the Act and the federal administrators' official guidance regarding the Act, with special focus on the concept of a hospital's "external obligations"; that is, we address the three kinds of medical provider recordkeeping and reporting obligations which the Secretary of the U.S. Department of Health and Human Services (HHS) identifies as being outside the privilege created by the Act. Within that context, we next analyze Kentucky medical provider laws (with special emphasis on 902 KAR 20:016 § 3(3)(a)) to determine if compliance with those laws fits within those kinds of excepted recordkeeping, thereby defeating a medical provider's claim to the privilege under the Act. Lastly, we discuss how our conclusions are consistent with Kentucky jurisprudence as articulated in Tibbs , Frankfort Regional , and Baptist Health .
As fully discussed below, those three kinds of external obligations are: (1) patient records; (2) reporting or recordkeeping mandated by the exercise of a local, state or federal government's police powers or that are mandatory conditions of a hospital's participation in a government-sanctioned, voluntary program other than the Patient Safety Act; and (3) business records voluntarily created because the hospital's governing authority deems the establishment, maintenance and utilization of such records outside its PSES to be necessary to hospital operations.
III. The Patient Safety Act and its privilege
The Patient Safety Act is the cornerstone of a congressional scheme, overseen by HHS, of conglomerating and analyzing data identified as patient safety work product (PSWP) to improve patient healthcare generally and nationwide. Because we learn best from our mistakes, the scheme seeks "to encourage the reporting and analysis of medical errors," a process known generally as root cause analysis. Tibbs , 448 S.W.3d at 801. But Congress appreciated the reluctance of medical providers to volunteer such information, even for a good cause such as this. Therefore, the Act created a comprehensive privilege to protect PSWP from discovery. Using the language of federal preemption, the privilege states in full:
"Root cause analysis" should not be mistaken as a term of art of, or exclusively used by, medical providers. It simply refers to any undertaking to identify the source of shortcomings or other unintended consequences of any program, enterprise or effort. It is applied to reveal better ways of accomplishing the programs of, for example, the Department of Defense and the Department of Energy. See, e.g. , 10 U.S.C. § 2438(d) (root cause analysis "with respect to a major defense acquisition program is an assessment of the underlying cause or causes of shortcomings in cost, schedule, or performance of the program"); 50 U.S.C. § 2753(c)(3) ("(c) Notification of ... root cause analyses ... [T]he Administrator [of Nuclear Security] or the Secretary [of the Department of Energy], as applicable, shall ... submit to the congressional defense committees an assessment of the root cause or causes of the growth in the total cost of the project, including the contribution of any shortcomings in cost, schedule, or performance of the program."). The phrase was first used in federal jurisprudence relating to an adverse event at a nuclear chemical processing facility when one analysis "determined that operator error was the root cause of the incident" while another "determined the root cause to be the inoperable valve...." Bradley v. Sequoyah Fuels Corp. , 847 F.Supp. 863, 866 (E.D. Okla. 1994). That same year, for the first time in any state's jurisprudence, Texas referenced the costs of a "root cause analysis" relative to the "imprudence in the construction and management of" a nuclear power plant. Texas Utilities Elec. Co. v. Public Utility Com'n , 881 S.W.2d 387, 405–06 fn 32 (Tex. App. 1994), aff'd in part, rev'd in part sub nom. Public Utility Com'n of Texas v. Texas Utilities Elec. Co. , 935 S.W.2d 109 (Tex. 1997). The techniques applied in root cause analysis "ensure successful application in almost any situation." Paul F. Wilson, Larry D. Dell & Gaylord F. Anderson, Root Cause Analysis: A Tool for Total Quality Management , vii (ASQ Quality Press 1993).
Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c) of this section [setting out exceptions to the availability of the
privilege ], patient safety work product [PSWP] shall be privileged and shall not be—
(1) subject to a Federal, State, or local civil, criminal, or administrative subpoena or order, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(2) subject to discovery in connection with a Federal, State, or local civil, criminal, or administrative proceeding, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(3) subject to disclosure pursuant to section 552 of Title 5 (commonly known as the Freedom of Information Act) or any other similar Federal, State, or local law;
(4) admitted as evidence in any Federal, State, or local governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider; or
(5) admitted in a professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under State law.
We categorically discuss exceptions to patient safety work product (PSWP) and, therefore, exceptions to a claim of the privilege, in Sections V through VIII , below.
42 U.S.C. § 299b–22(a). To be entitled to the privilege under the federal Act, medical providers must "voluntarily associate and communicate privileged patient safety work product (PSWP) among themselves through in-house patient safety evaluation systems (PSES)[ ] and with and through affiliated patient safety organizations (PSO)[ ]...." Tibbs , 448 S.W.3d at 800. Tibbs suggests "the first analysis to undertake when a party asserts the Act's privilege is to determine whether the information satisfies the statutory definition for patient safety work product as established by the Act [.]" Id. at 803. We follow that suggestion. IV. Patient Safety Work Product (PSWP)
"The term 'patient safety evaluation system' means the collection, management, or analysis of information for reporting to or by a patient safety organization [PSO]." 42 U.S.C. § 299b–21(6) ; "Patient safety evaluation system means the collection, management, or analysis of information for reporting to or by a PSO." 42 Code of Federal Regulations (C.F.R.) § 3.20.
A patient safety organization, or PSO, is "a private or public entity or component thereof that is listed by the Secretary [of Health and Human Services] pursuant to section 299b–24(d)...." 42 U.S.C. § 299b–21. The criteria for PSOs is set out in 42 U.S.C. § 299b–24(b). Those criteria assure the independence and integrity of the PSO equally as much as the security and confidentiality of the records. 42 U.S.C. § 299b–24(b) (setting out criteria to qualify as a PSO). The data compiled by the various PSOs is eventually reported to the Secretary for Health and Human Services who has "facilitate[d] the creation of, and maintain[ed], a network of patient safety databases that provides an interactive evidence-based management resource for providers, patient safety organizations, and other entities." 42 U.S.C. § 299b–23(a).
Only the plurality in Tibbs (Scott, Cunningham, and Venters, JJ.) agreed that this is where a circuit court should start when deciding this kind of discovery question. Tibbs , 448 S.W.3d at 803. In Baptist Health , three different justices (Minton, C.J., Hughes and Wright, JJ.) suggested a different starting point. They said: "First, the trial court should determine whether any of the documents and reports requested (and, obviously, relevant to the case before it) qualify as 'original provider records' under ... Federal, state, or local public health or health oversight requirements." Baptist Health , 497 S.W.3d at 767 (Hughes, J., concurring). Neither of these suggested starting points was supported by a majority of the Supreme Court justices. Therefore, even the question where to start remains open. Following Tibbs in this opinion allows a sequential analysis of the Act which defines PSWP before discussing original provider records as exceptions to PSWP.
Relevant to our analysis, the Patient Safety Act defines PSWP as:
[1] any data, reports, records, memoranda, analyses ..., or written or oral statements ... [2] assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization ... and [3] which could result in improved patient safety, health care quality, or health care outcomes....
42 U.S.C. § 299b–21(7)(A)(i)(I), (II) (numbers added for purpose of analysis). Whether something generated by a provider qualifies as PSWP depends then on the answers to three question: [1] what is it?; [2] why was it generated?; and [3] might it improve overall patient care?
Not relevant to our analysis is PSWP comprised of "data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements ... developed by a patient safety organization [.]" 42 U.S.C. § 299b–21(7)(A)(i)(II) (emphasis added).
First, as stated in [1], the statute defines the attributes of patient safety work product—what is it? It must be data, reports and the like, including even oral reports or statements; for ease of understanding, we refer in this opinion to the various potential patient safety work products simply as reports or information. What does the Petitioner here claim is privileged PSWP? It is a ten-page event report chronicling a "wrong-site procedure" performed at Petitioner's hospital. Certainly, the report fits this first part of the definition of PSWP.
In this case, Anthony Haggard presented for a medical procedure to be conducted on one side of his chest; unfortunately, the procedure was performed on the wrong side of his chest. Shortly thereafter, Haggard died. The Agency for Healthcare Research and Quality (AHRQ), a sub-agency of the U.S. Department of Health and Human Services (HHS), has said this about "wrong-site procedures":
"Few medical errors are as vivid and terrifying as those that involve patients who have undergone surgery on the wrong body part.... These 'wrong site ... errors' (WSPEs) are rightly termed never events—errors that should never occur and indicate serious underlying safety problems." U.S. Department of Health & Human Services, AHRQ Patient Safety Network, Wrong Site, Wrong Procedure, Wrong Patient Surgery https://psnet.ahrq.gov/primers/primer/18 (last updated, June 2017). "The term 'Never Event' was first introduced in 2001 by Ken Kizer, MD, former CEO of the National Quality Forum (NQF), in reference to particularly shocking medical errors (such as wrong-site surgery) that should never occur." U.S. Department of Health & Human Services, AHRQ Patient Safety Network, Never Events https://psnet.ahrq.gov/primers/primer/3 (last updated, July 2016).
U.S. Department of Health and Human Services, Agency for Health Care Research and Quality, Wrong–Site, Wrong–Procedure, and Wrong–Patient Surgery. https://psnet.ahrq.gov/primers/primer/18/wrong-site-wrong-procedure-and-wrong-patient-surgery (last visited Aug. 14, 2017).
The Act also identifies PSWP as "written or oral statements ... which identify or constitute the deliberations or analysis of, or identify the fact of reporting [to a PSO] pursuant to, a patient safety evaluation system." 42 U.S.C. § 299b–21(7)(A)(ii). Therefore, to the extent the description in Flowers's subpoena duces tecum of "other investigative notes" is found to target these kinds of written or oral statements that form the basis of the event report submitted to the PSO, the privilege may also apply. Second, under [2], the provider must have created the report with the intention that it be part of the provider's voluntary participation in the congressional scheme under the Act. When a provider participates in this voluntary program, the data it generates for that program must be superfluous to the documentation necessary for patient care or regulatory compliance. It must be created in the context of the hospital's PSES with the intention that the report be sent to a PSO for analysis. Additionally, the report eventually must be submitted, in fact, to a PSO, whereupon it will be permanently unavailable for the separate purpose of complying with government regulation of the provider's activities.
In this original action, the parties say nothing about these tangential discovery targets, focusing on the event report itself.
"[T]he Patient Safety Act encourages providers to prepare, analyze, and share information beyond what they are mandated to do...." Patient Safety and Quality Improvement Act of 2005—HHS Guidance Regarding Patient Safety Work Product and Providers' External Obligations, 81 Fed. Reg. 32655–01, 32659 (Guidance).
"... except in accordance with the disclosure permissions described in the Patient Safety Act and Patient Safety Rule." Guidance at 32659 (citing 42 U.S.C. § 299b–22(c) ; 42 C.F.R. § 3.204(b), 3.206(b) ).
The Petitioner's event report satisfies the preceding criterion. No evidence in the record contradicts the affidavit of the Petitioner's Director of Risk Management, Margaret M. Pisacano. She stated that the report in question was:
generated within and maintained within UK HealthCare's patient safety evaluation system [PSES] ... on March 8, 2015 in accordance with [its] Policy on Patient Safety Evaluation System and was submitted to [its] patient safety organization [PSO] on June 21, 2015.... [and] do[es] not exist separately from UK HealthCare's patient safety evaluation system.
(Petition, Exhibit D, Director's affidavit, p. 2, ¶ 13, 13a, 16). This satisfies the second part of the definition of PSWP.
Under [3], there must be the possibility that the report will "improve [ ] patient safety, health care quality, or health care outcomes[.]" The report, therefore, must relate to events impacting patient medical care and not, for example, ethical breaches of a physician-patient relationship. In this case, the report identifies the patient by a unique alpha-numeric code and includes "patient demographics, basic event details including the reporter's assessment of the circumstances prompting the report, basic analyses, and manager reviews" of a wrong-site procedure. (Director's Affidavit, p. 2, ¶ 13a). Without question, within the purpose and control of the program overseen by the Secretary, HHS, this report could result in improved patient safety, health care quality, or health care outcomes. The third part of the definition of PSWP is satisfied.
Applying these criteria, we see nothing in this record, and neither Flowers nor Respondent has cited evidence, that would contradict the Petitioner's proof that the event report is PSWP.
Additionally, our analysis is consistent with HHS's most recent elucidation of the Act, expressed in its Patient Safety and Quality Improvement Act of 2005—HHS Guidance Regarding Patient Safety Work Product and Providers' External Obligations, 81 FR 32655–01 (May 24, 2016) (Guidance). This direction from HHS was intended as "guidance for patient safety organizations (PSOs) and providers" and not directly to assist courts in their interpretation of the Act. Id. at 32655. But, one way or the other, the understandings of the legal and medical communities must be in accord.
Federal Register.
This guidance was issued by the Agency for Healthcare Research and Quality (AHRQ), Office for Civil Rights (OCR), Department of Health and Human Services (HHS).
As applicable to the PSWP in the case now before us, HHS says:
The definition of PSWP sets forth three basic ways that certain information can become PSWP[. Only the first is relevant here, and that is when t]he information is prepared by a provider for reporting to a PSO and it is reported to the PSO.... Th[is] first way—sometimes referred to as the "reporting pathway"—is how providers generally create most of their PSWP. According to the Patient Safety Act, in order for information to become PSWP through the reporting pathway, it must be information that could improve patient safety, health care quality, or health care outcomes and be assembled or developed by a provider for reporting to a PSO and be reported to a PSO. Another way of saying that the information is assembled or developed for reporting to a PSO is that the information is prepared for the purpose of reporting it to the PSO.
Guidance at 32656. If a provider's report of medical error, knowledge of which could improve health care, is submitted to a PSO, then that report is PSWP and it is privileged under the Act. Those are the facts of this case.
In fact, the event report here was privileged under the Act even before it was submitted to the PSO, provided it was not subject to any applicable exception to PSWP discussed below. According to the Guidance:
Under the Patient Safety Rule,[ ] the reporting pathway allows for information documented as collected within the provider's PSES to be PSWP and thus privileged and confidential before it is reported to a PSO.
42 C.F.R. Part 3.
Id. (emphasis added). It is clear that what affords the protection of the Act's privilege is the provider's intent to submit the information to a PSO. Id. at 32656 fn 12 (quoting Patient Safety and Quality Improvement, 73 Fed. Reg. 70732–01 at 70741–42 ("a provider should not place information into its patient safety evaluation system unless it intends for that information to be reported to the PSO.")). As the Guidance says, "uncovering the purpose for which information is prepared can be a critical factor in determining whether the information is PSWP." Id. at 32656. Clearly, HHS intends this focus on the intended purpose for the report to remain at the fore of any analysis under the Act.
If the purpose was to satisfy an obligation that already exists, apart from the congressional program designed by the Act, the privilege will not apply and the report and its information will be discoverable. We discuss these pre-existing obligations below in Section VII.A.
Under 42 U.S.C. § 299b–21(7)(A) alone, the report under review has been PSWP and privileged since its collection within the Petitioner's PSES. However, we must determine whether any statutory exception to PSWP applies. Tibbs , 448 S.W.3d at 803. If it does, the privilege still will protect the report itself because it has been sent to the PSO, but the information it contains will be discoverable to the extent necessary to satisfy the exception to PSWP. We conclude that no exception applies.
V. Exceptions to PSWP
"Nothing in this part[, i.e. , the entirety of 42 U.S.C. § 299b–21,] shall be construed to limit ... the discovery of or admissibility of information described in this subparagraph [ 42 U.S.C. § 299b–21(7)(B) identifying exceptions to PSWP] in a criminal, civil, or administrative proceeding." 42 U.S.C. § 299b–21(7)(B)(iii)(I). Therefore, the exceptions to PSWP are the kinds of "information described in" 42 U.S.C. § 299b–21(7)(B). This subparagraph of the Act, as well as the Guidance addressing these exceptions, could have been clearer.
The concepts of subparagraph (B) are better understood if both that subparagraph and the Guidance are broken down into their component parts to account for overlapping and implied cross-referencing. We begin by reading the subparagraph in its entirety. It states:
(B) Clarification
(i) Information described in subparagraph (A) [defining PSWP] does not include a patient's medical record, billing and discharge information, or any other original patient or provider record.
(ii) Information described in subparagraph (A) does not include information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system. Such separate information or a copy thereof reported to a patient safety organization shall not by reason of its reporting be considered patient safety work product.
(iii) Nothing in this part shall be construed to limit—
(I) the discovery of or admissibility of information described in this subparagraph in a criminal, civil, or administrative proceeding;
(II) the reporting of information described in this subparagraph to a Federal, State, or local governmental agency for public health surveillance, investigation, or other public health purposes or health oversight purposes; or
(III) a provider's recordkeeping obligation with respect to information described in this subparagraph under Federal, State, or local law.
The statute's denomination of this subparagraph as "clarification" might be considered a misnomer. HHS twice found it necessary to explain the statute for providers and PSOs in what, no doubt, HHS believed to be clearer terms. See Patient Safety and Quality Improvement, 73 Fed. Reg. 70732–01, 70742–43 ; Guidance at 32656. The case under review shows us that some confusion still exists.
The Guidance seeks to simplify the concepts contained in the language of the subparagraph's subsections (i) through (iii) by discussing how some information described in the statute is "[s]pecifically excluded" while the remainder of the exceptions falls in the more general category of "information prepared for purposes other than reporting to a PSO[.]" Guidance at 32656. The Guidance then notes there is a subcategory "[w]ithin the category of information prepared for a purpose other than reporting to a PSO" identifying information prepared to satisfy "external obligations[.]" Id. That leaves a subcategory of information prepared other than for submission to a PSO, but also not created to satisfy an external obligation. That is to say, it is a record created for no other reason than that hospital management deemed it necessary or helpful to the operation of the hospital as a business.
The phrase, "external obligations," does not appear in the United States Code or the Code of Federal Regulations but was coined and defined by HHS only in its Guidance.
We have attempted to follow the roadmap HHS prepared. Frankly, however, we find it has its own flaws, particularly in its overlapping descriptions of categories of information excepted from PSWP. After carefully examining the statute and the Guidance, we reach the conclusion that all the exceptions are subsumed by the single overarching category—"information prepared for a purpose other than reporting to a PSO." Under that umbrella are three kinds of information that will not qualify as PSWP, each of which possesses characteristics that distinguish it from the others:
Exceptions of the first kind:
"patient's medical record, billing and discharge information, or any other original patient ... record." [ 42 U.S.C. § 299 b–21(7)(B)(i) ]; and
Exceptions of the second kind:
hospital records created because they satisfy an "external obligation," i.e. , information kept internally or reported externally that is either mandated by law or is a mandatory condition of participation in a government-sanctioned, voluntary program [ 42 U.S.C. § 299b–21(7)(B)(iii)(II) ("report[s] of information ... to a Federal, State, or local governmental agency...."); or (7)(B)(iii)(III) ("recordkeeping obligation ... under Federal, State, or local law.") ]; and
Exceptions of the third kind:
business records existing outside a PSES that are neither required by law nor as a mandatory condition of voluntary participation in a government-sanctioned program, but which the hospital's governing authority nevertheless deems necessary to be kept in the ordinary course of its business. [ 42 U.S.C. § 299b–21(7)(B)(i) ("other ... provider records"); (7)(B)(ii) ( "exist[ing] separately, from a patient safety evaluation system") ].
" 'Governing authority' means the individual, agency, partnership, or corporation, in which the ultimate responsibility and authority for the conduct of the institution is vested." 902 KAR 20:016 § 1(3). The "governing authority ... has overall responsibility for the management and operation of the hospital and for compliance with federal, state, and local law pertaining to its operation...." 902 KAR 20:016 § 3(1)(a).
The governing authority thus obligates the hospital to make reports in the ordinary course of business; it is irrelevant whether they are better called internal, rather than external, obligations. We undertake analysis of the Act within the framework and nomenclature offered by HHS.
We next examine each of these categories, relating our analysis back to the statute and the Guidance, to determine if any of these exceptions to PSWP apply.
VI. Exceptions of the first kind to PSWP—patient records
The event report in question will be excepted from PSWP and not privileged if it is "a patient's medical record, billing and discharge information, or any other original patient ... record[.]" 42 U.S.C. § 299b–21(7)(B)(i). There is no reason to conclude that the report constitutes Anthony Haggard's medical record, or billing and discharge information. That leaves, under subparagraph (B)(i), documents constituting "other original patient ... record[s]."
In Kentucky, "[a] medical record shall be maintained, in accordance with accepted professional principles, for every patient admitted to the hospital or receiving outpatient services." 902 KAR 20:016 § 3(11)(a). Although HHS calls patient medical records a "specific exclusion" under the Act, it quite obviously also fits HHS's definition of an "external obligation" because it is mandated by state law. This is an example how HHS's categorization of exceptions overlaps.
In addition to the already broad scope of original patient records expressly identified in subparagraph (B)(i) to include a patient's medical record, and billing and discharge information, there is a catch-all provision for "other original patient ... record[s]." Id. (emphasis added). We are given no definition that would tell us, exclusive of the specific listing in the statute, what this means. Still, it seems to be self-evident enough. For example, "hospital[s] shall maintain a patient admission and discharge register [and, i]f applicable, a birth register and a surgical register shall also be maintained." 902 KAR 20:016 § 3(3)(b). A hospital may elect to create other records not required by law, but which its governing authority deems necessary or useful to patient care (perhaps, for example, a log documenting patient visitors). Both the original of these other patient records and the information they contain will be excepted from PSWP.
Again, this overlapping of the Guidance's categorizations is reflected in the first example of "other patient records" that we suggest might exist; it is mandated by regulation and so it is equally appropriate, under the Guidance, to place it in the "[s]pecifically excluded" category or the more general category of "information prepared for purposes other than reporting to a PSO," Guidance at 32656, i.e. , compliance with a state regulation, an exception of the second kind to PSWP. As for the second example, one could easily argue that a patient visitor log (or other such non-mandated patient records the hospital decides to create), rather than being construed as a specific exception of the first kind, is just as properly categorized with other exceptions of the third kind—i.e. , hospital records created voluntarily, deemed necessary by the hospital's governing authority for business purposes but maintained separately from the hospital's PSES. Our categorization of these records seeks to reconcile the overlaps in the statute and the Guidance while also honoring the definitions and nomenclature of both. In the final analysis, it is irrelevant which kind of exception from PSWP such records might fall under; each of these examples fits either or both.
The record Flowers seeks in this case, a record created post-care for the specific purpose of submission to a PSO, is not a record that was or could have been necessary or useful to Anthony Haggard's medical care. Its subject matter is the event, not the patient identified in the report only by an alpha-numeric code to distinguish this event from others. The event report does not constitute the patient's records or any "other original patient record."
VII. Exceptions of the second kind to PSWP—"external obligations"
The statute does not include the term "external obligations." HHS coined the term. Attempting to distinguish information "specifically excluded" by the Act from other information, the Guidance discusses the part of subparagraph (B)(i) identifying "other original ... provider records." It says:
HHS interprets 'original provider records' [which HHS previously included among "specific exclusions" from PSWP ] to include: ... Original records
Again there is category overlap as the Guidance first discusses these "other original ... provider records" as being "[s]pecifically excluded[.]" Guidance at 32656 ("Specifically excluded from the definition of PSWP is, '... any other original ... provider information.' "). Later, the Guidance refers to the same "other original provider records" not as "specifically excluded," but as "external obligations" and calling them a subcategory of the general category of information prepared for a purpose other than reporting to a PSO. Id. ("Within the category of information prepared for a purpose other than reporting to a PSO, information that is prepared for external obligations has generated many questions. External obligations include, but are not limited to, mandatory requirements placed upon providers by Federal and state health regulatory agencies."). This should not confound or distress those attempting to find an exception to the privilege; it does not matter what kind of exception—the first kind because it is described as specific or the second kind because it satisfies an external obligation). Whichever kind of exception we call it—an exception applies and the subject information is not PSWP.
(e.g. , reports or documents) that are required of a provider to meet any Federal, state, or local public health or health oversight requirement regardless of whether such records are maintained inside or outside of the provider's PSES[.][ ]
This concept that "[o]riginal records ... required to meet any ... oversight requirement[,]" i.e. , an external obligation, will be excepted from PSWP "regardless of whether such records are maintained inside or outside of the provider's PSES [,]" Guidance at 32658 (emphasis added), read together with the statement that "external obligations must be met with information that is not patient safety work product[,]" id. at 32656, highlights the importance of focusing on the provider's original intention for gathering information or creating the report. If information was gathered, or a report was created, with a purpose, to satisfy an existing external obligation, it can never become PSWP no matter where it exists. However, if a report was intended from its inception to be developed within a PSES for submission to a PSO, it qualifies as PSWP. As discussed in Section VII.A.5. , if the report has not yet been submitted to the PSO, the provider may choose to "drop out" the report from its PSES to satisfy an external that has arisen after the report's creation, whereupon the privilege will be lost. Once the information or report is submitted to the PSO, however, its characterization as PSWP will be immutable.
Guidance at 32658. It is in this context that the Guidance introduces the term "external obligations." Id. at 32655; see also Patient Safety and Quality Improvement, 73 Fed. Reg. 70732 at 70740 (where the term was first used). Conceptualizing and explaining other "original provider records" and "external obligations" for application by Kentucky's circuit courts has presented some challenges. See generally Tibbs ; see also Baptist Health , 497 S.W.3d at 761–62.
The Guidance tells us that external obligations broadly include "information collection activities mandated by laws, regulations, and accrediting and licensing requirements as well as voluntary reporting activities that occur for the purpose of maintaining accountability in the health care system." Guidance at 32657 (emphasis added) (footnote omitted). Examples include: "state incident reporting, adverse drug event reporting to the Food and Drug Administration (FDA), certification or licensing recordkeeping,[ ] reporting to the National Practitioner Data Bank, and disclosing information to comply with CMS' CoPs[ ] or conditions for coverage." Guidance at 32656 fn 16.
The inclusion of "recordkeeping" among these examples comports with the requirement of subparagraph (7)(B)(iii)(III) and indicates that external obligations are not limited exclusively to reporting or disclosure obligations.
"CMS' CoPs" means the Center for Medicare & Medicaid Services, HHS, Conditions of Participation.
To fully appreciate the Guidance's explanation of the concept of an external obligation, we must recognize that it lumps together, both in its description and its examples, mandatory external obligations and external obligations undertaken voluntarily , calling both simply "external obligations." To better understand these particular exceptions to PSWP, in the context of the Guidance, we will discuss these mandatory external obligations and voluntary external obligations separately.
A. Mandatory external obligations—compelled by police powers
Obviously, if a law requires a hospital's recordkeeping or reporting of information, for any reason, that requirement is an external obligation. This type of external obligation is compelled by a government's exercise of its police powers in licensing and regulating hospitals. "For example, a provider may have an external obligation to maintain certain records about serious adverse events that result in patient harm. The document the provider prepares to meet its requirement about such adverse events is not PSWP." Guidance at 32655.
There is a "constitutional right of one to engage in a lawful avocation or profession which involves the doing of any and all things, not immoral...." Reynolds v. Walz , 278 Ky. 309, 128 S.W.2d 734, 736 (1939). That includes the operation of a hospital. However, "[t]he right to conduct a business [including a hospital] is subordinate to police powers when th [ose powers] are exercised in a reasonable manner in the public interest." Boyle County Stockyards Co. v. Commonwealth, Dept. of Agriculture , 570 S.W.2d 650, 653 (Ky. App. 1978). Our legislature has exercised restraint when passing laws requiring hospitals to release to the public or submit to the government data it has generated in conducting its business. As explained in Section VII.A.1. , that includes refraining entirely from requiring, by statute or rule, disclosure of what have been variously referred to as "incident reports," "event reports," "sentinel reports" and the like.
Whether any sort of external obligation exists depends on each state's medical provider licensure laws. We begin consideration of mandatory external obligations in this Section VII.A. by addressing a specific sort to which we just referred—adverse medical event reporting. We conclude that Kentucky does not mandate the reporting by providers of adverse medical events.
1. Mandatory external obligations generally; absence of adverse event reporting requirement in Kentucky
State mandated "external obligations" vary significantly from state to state, especially when it comes to requiring adverse incident reporting. The Guidance notes that "more than half of the states operat[e] adverse event reporting systems." Guidance at 32655. Kentucky is not among them. However, because Flowers insists that reporting of adverse medical events is required under the Supreme Court's interpretation of 902 KAR 20:016 § 3(3)(a), a more detailed explanation of the absence of any external obligation of Kentucky hospitals to report adverse medical events is necessary.
In 2004, the Kentucky legislature considered enacting legislation to create a state adverse medical event reporting system. That year, Senators Mongiardo and Scorsone filed Senate Bill 90, "AN ACT relating to medical errors." SB 90, 2004 Reg. Sess. (Ky. 2004) (not enacted). Much like the Patient Safety Act enacted a year later, SB 90's inspiration was the National Academy of Medicine's 1999 report, "To Err is Human ," calling for a national effort to make healthcare safer. Compare SB 90 § 1(1) (citing L.T. Kohn, et al. (Institute of Medicine), To Err is Human: Building a Safer Health System (Washington, DC: National Academy Press, 2000)), with Guidance at 32655 fn1 (citing To Err is Human ). Just as with the federal Patient Safety Act, a hospital's participation in the program SB 90 would have created was to be "[o]n a voluntary basis[.]" SB 90, § 4(1). The data would have been submitted to a new entity created by the bill, called the Kentucky Academy for Health Care Improvement and Cost Reduction, which would have performed the functions on a state level that are now performed under the federal Patient Safety Act by the various PSOs and the Secretary, HHS. As the Patient Safety Act now does, SB 90 would have created a privilege for a hospital's "report of a medical error, adverse medical event, sentinel event[ ] and other patient safety data[.]" SB 90, § 4(6), (7). The bill was referred to the Senate Committee on State and Local Government where it died.
The report was authored by the Institute of Medicine (IoM) which, in 2015, reconstituted and changed its name to the National Academy of Medicine (NAM), and is part of the National Academy of Sciences, Engineering and Medicine.
The Academy would have been "jointly establish[ed] and operate [d] by the University of Kentucky and the University of Louisville." SB 90, § 3(1).
A "sentinel event" was defined in the bill as "an unexpected occurrence involving death or serious physical or psychological injury or the risk thereof...." SB 90 § 2(6).
There have been no subsequent serious legislative efforts to create a state adverse medical event reporting system and, today, there remains no external obligation on the part of hospitals to report adverse medical events to the Cabinet. This has been borne out by national surveys of state adverse medical reporting requirements. Two such studies are noteworthy.
In 2008, the Office of the Inspector General, HHS, undertook a study "[t]o identify and describe State adverse event reporting systems and how States use the reported information." Department of Health and Human Services, Office of the Inspector General, Adverse Events in Hospitals: State Reporting Systems at 1 (December 2008). The report surveyed "[s]tate adverse event reporting systems as of January 2008 in all 50 States and the District of Columbia...."; Kentucky is not identified as a state that has an adverse event reporting requirement. See generally id.
In 2015, the National Academy for State Health Policy (NASHP) published its own study. Carrie Hanlon, Kaitlin Sheedy, Taylor Kniffin, Jill Rosenthal, 2014 Guide to State Adverse Event Reporting Systems (National Academy for State Health Policy, January 2015). NASHP "surveyed all 50 states and the District of Columbia to develop insight into the nation's monitoring, regulation and promotion of patient safety, with a focus on adverse event reporting systems." Id. at 2. "An official from each known state adverse event reporting system completed NASHP's survey, for a total of 27 responses." Id. Kentucky was not among those 27 states. NASHP additionally conducted "a separate one-question electronic survey of health care licensing and certification officials in the remaining 23 states [including Kentucky] to verify that they currently do not have an adverse event reporting system. Each of these 23 states confirmed that it does not have an adverse event reporting system." Id. ; see also id. at 5 (map of states with adverse event reporting systems indicating Kentucky is not among them).
Contrary to Flowers's assertions, neither the Kentucky legislature nor the Cabinet has utilized police powers to require adverse medical event reporting by Kentucky medical providers.
2. Other mandatory external obligations under Kentucky law
This is not to say that Kentucky medical providers have no mandatory external obligations (i.e. , those compelled by police powers through statute or regulation) to keep records or report certain data. They do. As recently as 2006, after recognizing that "the medical profession is one of the most pervasively regulated industries in the Commonwealth[,]" our Supreme Court offered a list of mandatory external obligations imposed upon medical providers. Williams v. Commonwealth , 213 S.W.3d 671, 675 fn3 (Ky. 2006). The list included the following event-prompted reporting requirements:
Obviously, to operate a business in the health care field, the regulations unequivocally state that every "health facility shall complete and submit to the Office of the Inspector General the appropriate application" which for a hospital is the "Application for License to Operate a Hospital...." 902 KAR 20:008 § 2(3)(c) (emphasis added). On an even more basic level, all businesses, including hospitals, have an external obligation to file an annual report with the Secretary of State. KRS 14A.6–010(1) ("Each entity ... authorized to transact business in this Commonwealth shall deliver to the Secretary of State for filing an annual report...."). According to Secretary of State's records, Petitioner's most recent compliance was May 4, 2017. https://app.sos.ky.gov/ftshow/(S(43awmrnoo3bwlq0z3nkhapfy))/default.aspx?path=ftsearchI&id=0809505&ct=09&cs=99998 (last visited Aug. 29, 2017).
KRS[ ]§ 215.590 (cases of active tuberculosis must be reported to state authorities); KRS § 620.030 (duty to report suspected child abuse or neglect); KRS § 258.065 (duty to report animal bites to state authorities); 902 KAR 2:020 (duty to report an array of ailments, including HIV, syphilis, plague, and gonorrhea ).
Kentucky Revised Statutes.
Id. Adverse medical event reporting would be of this event-prompted type if it were required. And, if it were required, it likely would have appeared on the Supreme Court's list, but it does not. Notably, 902 KAR 20:016 is not cited either.
However, not all mandatory reporting is event-based. An entire Part of KRS Chapter 216 addresses "Health Data Collection." KRS 216.2920, et seq. , and it requires that providers report certain data on every patient.
Enacted as part of HB 250 (Ky. 1994), KRS 216.2920, et seq. , require that the "Cabinet for Health and Family Services shall establish ... those data elements required to be submitted to the cabinet by all licensed hospitals.... regarding the charge for and quality of the procedures and health-care services performed...." KRS 216.2925(1). Normally, the raw data is "kept in a secure location and under lock and key[,]" KRS 216.2927(5), and it "shall not be published or otherwise released by the cabinet or its staff and shall not be subject to inspection under KRS 61.870 to 61.884 [.]" KRS 216.2927(1). However, a party to a legal action, Flowers for example, could obtain the raw data from the Cabinet "by court order[.]" Id.
The Cabinet's duty under the legislation is to "analyze, and disseminate information in a timely manner on the cost, quality, and outcomes of health services provided by health facilities and health-care providers in the Commonwealth." KRS 216.2921(1). To carry out the legislative mandate imposed upon it, the Cabinet promulgated a regulation, 900 KAR 7:030. The regulation incorporates the 164–page Kentucky Inpatient and Outpatient Data Coordinator's Manual for Hospitals (referred to as "IPOP" and prepared by the Cabinet) to which the data coordinators of all Kentucky hospitals adhere and, by doing so, report a wealth of information to the Cabinet. The information is provided electronically to the Cabinet by means of an "online system that securely allows for the submission, collection, and editing of all inpatient and all outpatient case level data from facilities, as required by statute and administrative regulation, to the Commonwealth of Kentucky." IPOP at 3.
The regulation and the incorporated IPOP "establish[ ] the required data elements, forms, and timetables for submission of data to the cabinet and fines for noncompliance." 900 KAR 7:030 (Historical notes). In a section with the heading "State Mandates and Data Uses," the IPOP says:
This manual was developed according to mandated data reporting requirements set forth in the following statues [sic] and regulations:
• KRS 216.2920 –2929 which authorizes the Kentucky Cabinet for Health and Family Services to collect and analyze health care data ... to develop the Cabinet's mandated legislative reports and public information focusing on the cost, quality, and outcomes of health services provided in the Commonwealth....
• KRS 211.651 –670 authoriz[ing] the Department for Public health to establish and maintain the Kentucky Birth Surveillance Registry (KBSR) for tracking birth defects in children under 5....
• Administrative Regulation 902 KAR 19:010 establish[ing] uniform procedures for the KBSR to collect data....
IPOP at 4. There is no reference to 902 KAR 20:016 or any other law as expressing "mandated data reporting requirements."
Apart from mandatory data collection and reporting pursuant to KRS 216.2920, et seq. , each hospital must comply with another reporting statute. Under KRS 216B.155, each hospital is required to inform the public of the efforts it undertakes to assure and improve the quality of its care. Every hospital must create an "internal quality assurance or improvement program [.]" KRS 216B.155(1)(a) (emphasis added). Parts of the program must be in writing and available to the public upon request. The written program must include a description of its structure and its guidelines for quality care studies and monitoring (i.e. , how the program works), how the hospital gathers and assesses data, and a summary of process outcomes and follow-up actions related to the overall program. KRS 216B.155(1)(a)-(g).
The entirety of the section of KRS 216B.155 requiring the quality improvement program is as follows:
(1) All health care facilities and services licensed under this chapter, with the exception of personal care homes, family care homes, and boarding homes, shall develop comprehensive quality assurance or improvement standards adequate to identify, evaluate, and remedy problems related to the quality of health care facilities and services. These standards shall be made available upon request to the public during regular business hours and shall include:
(a) An ongoing written internal quality assurance or improvement program;
(b) Specific, written guidelines for quality care studies and monitoring;
(c) Performance and clinical outcomes-based criteria;
(d) Procedures for remedial action to correct quality problems, including written procedures for taking appropriate corrective action;
(e) A plan for data gathering and assessment;
(f) A peer review process; and
(g) A summary of process outcomes and follow-up actions related to the overall quality improvement program for the health care facility or service. Current federal or state regulations which address quality assurance and quality improvement requirements for nursing facilities, intermediate care facilities, and skilled care facilities shall suffice for compliance with the standards in this section.
KRS 216B.155(1).
Nothing in KRS 216B.155 or the regulations promulgated thereunder requires the creation or separate record-keeping of patient-specific or event-specific reports of adverse medical events. It may be that the data upon which a hospital bases its program and summary of process outcomes are simply the cumulation of patient records. Under 42 U.S.C. § 299b–21(7)(B)(i), these patient records would not be privileged, although they could be confidential under other law not relevant to our analysis.
As more fully discussed below in Section VIII , a hospital's governing authority may elect to do more than amass patient records as the source data for compliance with KRS 216B.155(1). This is their option under 902 KAR 20:016 § 3(3)(a). As contemplated by the Cabinet's regulation, "[i]nspection reports; ... [i]ncident investigation reports; and ... [o]ther pertinent reports" could be "established, maintained and utilized as necessary to guide the operation, measure productivity, and reflect the programs of the facility...." 902 KAR 20:016 § 3(3)(a)(4)–(6). If the hospital does create such reports to comply with KRS 216B.155(1), that information would have a purpose distinctly independent from the congressional scheme established by the Patient Safety Act; it would be separate and apart from any PSES information created or collected for submission to a PSO. In other words, the information would not be privileged if collected for the purpose of describing a hospital's summary of process outcomes and follow-up actions related to the overall program undertaken pursuant to KRS 216B.155 ; however, the same information created or collected solely within the PSES for submission to the PSO would be PSWP and privileged.
However, a hospital can comply with KRS 216B.155 in another way. The legislature determined that a hospital's compliance with other "federal or state regulations which address quality assurance and quality improvement requirements ... shall suffice for compliance with the standards in this section." KRS 216B.155(1). In this way, the legislature sanctioned and deferred to the quality assurance and quality improvement standards of other programs. As examples, we note the Medicare program, the accreditation program of The Joint Commission, and even the program established by the Patient Safety Act.
The Joint Commission was formerly the Joint Commission on Accreditation of Healthcare Organizations, or JCAHO.
Participation in these programs, while an acceptable substitute for compliance with KRS 216B.155, does not mean that adverse event reporting has been added to the external obligations of a Kentucky hospital. As we discuss below, neither of the first two programs requires reports of adverse medical events.
On the other hand, reporting adverse medical events is part and parcel of the program established by the Patient Safety Act. Still, this does not make the report created pursuant to the Act an original provider record needed to satisfy an external obligation that would disqualify it as PSWP and except it from the protection of the Act's privilege. That circular argument is easily dispatched because the moment a report is created within a hospital's PSES with the intent to submit it to a PSO for purposes of the Patient Safety Act, any adverse event reporting requirement one might interpret KRS 216B.155 as creating will have been met. Participation in the Act's program satisfies the requirements of KRS 216B.155, so there would never be an unmet external obligation to the state.
Furthermore, by definition, the event report Petitioner created within the PSES will not exist separately and apart from the PSES, nor does KRS 216B.155 require the report to exist separately from or outside the PSES. Finally, it would be absurd to say that the same state-sanctioned participation in the Patient Safety Act that entitles a hospital to claim the privilege, simultaneously defeats the privilege. Our Supreme Court has struggled mightily to avoid that absurdity, and certainly has succeeded in doing so, in Tibbs and Frankfort Regional and Baptist Health , as discussed below in Section IX.
Based on the record in this case, we conclude no law mandates that the hospital report adverse medical events. Nor, as discussed in Section VII.B. , is there any proof that the hospital's participation in any government-sanctioned program is conditioned upon submission of such reports, other than to the hospital's PSO in conformity with the Patient Safety Act.
Notwithstanding our analysis and conclusion that there is no adverse medical event reporting requirement under state law, Flowers insists that 902 KAR 20:016 § 3(3)(a) specifically does require such reporting, or at least such recordkeeping. She points to the Tibbs plurality's indication that the regulation created a reporting requirement and to Baptist Health's holding that, "to the extent information collected in the provider's internal patient safety evaluation system is needed to comply with [any] state requirements, it is not privileged." Baptist Health , 497 S.W.3d at 766. Relying on this authority, she argues the regulation required the Petitioner to submit to the Cabinet the event report it created of the wrong-site procedure performed on Anthony Haggard, irrespective of the hospital's compliance with KRS 216B.155 by its participation in the legislative scheme embodied in the Patient Safety Act. Because we disagree, and because this is the most pointed of those "thorny questions," we will take an especially close look at that regulation.
3. 902 KAR 20:016 § 3(3)(a) does not constitute a mandatory external obligation
Flowers draws special attention to 902 KAR 20:016, captioned "Hospitals; operations and services." The regulation relates to numerous statutes, including KRS 216B.155. Flowers points us especially to section 3 which states:
The historical notes to this regulation do not reflect that it relates to the reporting requirements of KRS 216.2920, et seq. Rather, the regulation relates to: KRS 214.175 (anonymous surveys of substance abuse during pregnancy), KRS 216.2970 (auditory screening of infants), KRS 216B.010 (legislative findings and purposes), KRS 216B.015 (definition), KRS 216B.040 (functions of cabinet), KRS 216B.042 (licenses; authority to enter upon premises; authority for administrative regulations), KRS 216B.045 (actions of cabinet to be in writing and of record), KRS 216B.050 (enforcement powers of cabinet), KRS 216B.055 (notices of decisions and orders of cabinet), KRS 216B.075 (administrative regulations governing application and review procedures to be promulgated), KRS 216B.085 (administrative hearing procedures), KRS 216B.105 –216B.125 (licensing procedures; appeals of licensing decisions; judicial enforcement), KRS 216B.140 –216B.250 (addressing various topics, including development of quality assurance standards for health care facilities under KRS 216B.155 ), KRS 216B.990 (penalties), KRS 311.241 –311.247 (repealed), KRS 311.560 (practicing medicine or osteopathy without license), KRS 311.992 (penalty for violation of KRS 311.715 ), KRS 314.011(8) (advanced practice registered nursing), KRS 314.042(8) (advanced practice registered nursing pre-requisites), KRS 320.210(2) (definitions for optometrists legislation), KRS 333.030 (licensing for medical laboratories), 29 C.F.R. 1910.1030(d)(2)(vii) (handling contaminated needles), 42 C.F.R. 405, 412.23(e) (Medicare requirements for long-term care hospitals).
Section 3. Administration and Operation.
....
(3) Administrative records and reports.
(a) Administrative reports shall be established, maintained and utilized as necessary to guide the operation, measure productivity, and reflect the programs of the facility. Administrative reports shall include:
1. Minutes of the governing authority and staff meetings;
2. Financial records and reports;
3. Personnel records;
4. Inspection reports;
5. Incident investigation reports; and
6. Other pertinent reports made in the regular course of business.
902 KAR 20:016 § 3(3)(a).
This section 3(3) of 902 KAR 20:016 outlines what the Cabinet expects regarding "Administration and Operation" of a hospital's business. Subsection (3) of section 3 identifies the business records the hospital administrator will maintain. The section presupposes that a hospital, like any business, will keep all these records "in the regular course of business" just as the qualifier says at the end of subsection (3)(a).
However, Flowers claims this regulation demands even more than simply keeping business records. She argues that 902 KAR 20:016 § 3(3)(a)5 requires that incidents of patient harm attributable to the hospital or its agents be reported to the Cabinet, or at least that such reports be maintained internally and separately from the program created by the Act. We cannot agree with this argument. In fact, such an argument reads quite a lot into the regulation, and reads important qualifying language—"as necessary"—out of it.
At times, Flowers argues these incident investigation reports must be reported to the Cabinet, not simply maintained internally. Unless she takes the position that all the other business records described in 902 KAR 20:016 §§ 3(3)(a)1–4 and 3(3)(a)6 (minutes of its various staff meetings, or financial records or personnel records, etc.) must also be submitted to the Cabinet, the argument lacks logical integrity. If we were to hold that 902 KAR 20:016 § 3(3)(a)5 constitutes a reporting requirement, which we do not, we would have to hold identically as to all business records identified in 902 KAR 20:016 § 3(3)(a).
Flowers's argument presumes § 3(3)(a)5 must refer to adverse medical incidents involving patients. But it does not explicitly say that. If it did, or if we interpreted it as saying so, this subsection would be the only one of the six focusing specifically on patients, whereas each of the other five subsections could refer generally to the records of virtually any business. It is a bit parochial to presume that, because the regulated business is a hospital, § 3(3)(a)5 must refer to adverse medical events rather than workplace incidents such as an employee injury or sexual harassment, etc. Furthermore, the Cabinet, in promulgating this regulation chose to include incident investigation reports in the section that addresses the hospital's "Administration and operation" and, specifically, " Administrative records and reports." Flowers's argument would be more persuasive if we found reference to incident investigation reports in the section addressing "Medical and other patient records" found at 902 KAR 20:016 § 3(11) alongside or within subsections on: "final diagnosis[,]" § 3(11)(d)13; "Discharge summary[,]" § 3(11)(d)14; or "In case of death[,]" § 3(11)(d)15.
However, even if we indulge in Flowers's presumption, there is more than enough reason to conclude that this regulation is not an adverse medical event reporting requirement as Flowers claims. The subsection of the regulation does not possess the characteristically unequivocal mandate we know the Cabinet is capable of expressing when regulating a business. The most obvious example comes from the same regulation where the Cabinet said: "[a] medical record shall be maintained , in accordance with accepted professional principles, for every patient admitted to the hospital or receiving outpatient services." 902 KAR 20:016 § 3(11)(a) (emphasis added).
Another clear example of the Cabinet's ability to use unequivocal language of compulsion is in its requirement for licensure and licensure renewal: "An applicant for ... annual renewal of licensure as a health facility shall complete and submit to the Office of the Inspector General the ... Application for License to Operate a Hospital...." 902 KAR 20:008 § 2(3)(c) (emphasis added).
Another basic example is the obligation that a "hospital participating in the Medicaid Program shall submit to the department [for Medicaid services of the Cabinet] a copy of each Medicare cost report it submits to CMS [and which] cost report shall be submitted ... [w]ithin five (5) months after the close of the hospital's fiscal year." 907 KAR 10:815 § 10(1)(a)2 (emphasis added). See also, 900 KAR 6:125 § 2(5) ( "The following entities shall submit annual surveys: ... Licensed hospitals...."; emphasis added). The Cabinet does not equivocate, leaving out qualifiers such as "as necessary" when it identifies mandatory external obligations for hospitals to submit or make reports.
When the Cabinet regulated child care centers, it devoted a separate regulatory section to "Reports," promulgating a disclosure requirement that: "The following shall be reported to the cabinet ... within twenty-four (24) hours ...: [a]n accident or injury to a child that requires medical care...." 922 KAR 2:110 § 6(1)(b) (emphasis added); see also 922 KAR 2:100 § 19(10)(a)(2) (regulating family child-care homes) ("provider shall ... [r ]eport t ... [t]he following to the cabinet within twenty-four (24) hours ...: [a]n accident or injury to a child that requires medical care"; emphasis added).
There is no ambiguity in these regulations. Although the Cabinet's promulgations repeatedly demonstrate its ability to eliminate all ambiguity when expressing a mandate, the Cabinet elected far more flexible, far less mandatory language in 902 KAR 20:016 § 3(3)(a).
Other Kentucky agencies that regulate businesses affecting the health or safety of Kentuckians are just as clear when requiring adverse incident reporting. The Board of Dentistry requires that "[a] dentist shall report to the board, in writing, any death caused by ... anesthesia within seven (7) days [and] any incident that resulted in hospital in-patient admission caused by ... anesthesia within thirty (30) days"; the regulation even sets out the specific contents of the incident report. 201 KAR 8:550 § 23(1)–(4) (emphasis added). Even the Commissioner of Agriculture, who regulates amusement attraction businesses, unambiguously requires that: "[a] written report shall be filed ... if any of the following occurs as a result of an accident or incident involving an amusement ride or amusement attraction or equipment: (1) The events listed in KRS 247.233(2) ["(a) Death; (b) Injury requiring ... transport to a hospital...."]. 302 KAR 16:070 § 2 (emphasis added).
Given all that we have seen in the legislative and regulatory enactments affecting the health and safety of Kentuckians, we cannot read into the language of 902 KAR 20:016 § 3(3)(a) the mandatory external obligation Flowers claims is there. Furthermore, we cannot read out of the regulation certain language the Cabinet expressly included that clearly allows the hospital discretion in the establishment, maintenance and utilization of these business records. That language is the phrase "as necessary" and it has given pause to our appellate courts in their discussion of the regulation. Tibbs , 448 S.W.3d at 804, 808, 809 (quoting the phrase "as necessary" from the regulation but omitting any explanation of its import); Frankfort Regional , 2016 WL 3376030, at *8 fn6 (asking "who is to determine what is necessary in this context? .... [I]t is the hospital that dictates whether the report is generated, not a government regulation."); see also Lindon v. Kakavand , CIV.A. 5:13-026-DCR, 2014 WL 4063821, at *2 (E.D. Ky. Aug. 15, 2014) (finding no mandate because the regulation says "administrative reports shall be made and maintained 'as necessary ' "; emphasis in original). We address the challenges the phrase presented in our analysis of the trio of Supreme Court cases in Section IX , below.
In regulating other health care providers, the Cabinet used the identical language, including the "as necessary" qualifier, contained in 902 KAR 20:016 § 3(3)(a) to regulate hospitals. See 902 KAR 20:150 § 3(3)(a) regulating alternative birth centers and 902 KAR 20:240 § 2(3)(a) regulating comprehensive physical rehabilitation hospital services. However, the Cabinet's regulation of rehabilitation agency services leaves out the qualifier "as necessary." 902 KAR 20:190 § 3(3)(a) ( "Administrative reports shall be established, maintained and utilized to guide the operation[,] measure productivity and reflect the programs of the facility. The reports shall include: ... incident investigation reports....").
In accordance with Federal Rule of Appellate Procedure (FRAP) 32.1, "A court may not prohibit or restrict the citation of federal judicial opinions, orders, judgments, or other written dispositions that have been: (i) designated as 'unpublished' ... and (ii) issued ... after January 1, 1997." While Kentucky courts are not bound by FRAP 32.1 or federal cases interpreting Kentucky law, the federal judiciary has determined that all its opinions rendered after January 1, 1997, have equally persuasive import without regard to their designation as unpublished. We should take no less a view of post–1996 unpublished federal opinions than we do of published federal opinions.
We reached our conclusion that the report in question was not mandated by state or federal laws or regulations by applying the Patient Safety Act's concept of "external obligations" to Kentucky's statutory and regulatory obligations. Our confidence that we have reached the correct result is bolstered by the Cabinet's explanation of the Petitioner's external obligations.
4. Cabinet's guidance regarding Petitioner's external obligations
We begin by stating a rule, reiterated recently in the context of the Supreme Court's analysis of the Patient Safety Act. The Court said:
As a rule, courts give deference to agency interpretations of the statutes which they administer. Chevron, U.S.A., Inc. v. Natural Res. Def. Council, Inc. , 467 U.S. 837, 844, 104 S.Ct. 2778, 81 L.Ed.2d 694 (1984) ("We have long recognized that considerable weight should be accorded to an executive department's construction of a statutory scheme it is entrusted to administer, and the principle of deference to administrative interpretations." (footnote omitted)). Moreover, an agency's interpretation of its own regulations is controlling unless it is "plainly erroneous or inconsistent with the regulation." Auer v. Robbins, 519 U.S. 452, 461, 117 S.Ct. 905, 137 L.Ed.2d 79 (1997) (citations omitted).
Tibbs , 448 S.W.3d at 804–05.
An agency has occasion to interpret its rules when asked to do so by an affected entity. In the Guidance document, HHS suggested it is a good idea for providers to make such inquiries, given the lack of clarity in some regulations. As the Guidance tells us:
For a discussion of a Kentucky agency's authority to issue an advisory opinion or declaratory ruling, in the context of the nondelegation doctrine, see Baker v. Commonwealth , 2005–CA–001588–MR, 2007 WL 3037718, at *31–*35 (Ky. App. Oct. 19, 2007) (citing Board of Trustees of Judicial Form Retirement System v. Attorney General of the Commonwealth of Kentucky , 132 S.W.3d 770, 781–82, 784 (Ky. 2003) ).
It is the provider's ultimate responsibility to understand what information is
required to meet all of its external obligations. If a provider is uncertain what information is required of it to fulfill an external obligation, the provider should reach out to the external entity to clarify the requirement .... [S]ome requirements are more ambiguous or broad, thus creating uncertainty about the information required to satisfy them. Particularly where laws or regulations may be vague, it is imperative that the regulators work with providers so that the regulators obtain the information they need, and that providers sufficiently understand what is required of them so that they can satisfy their obligations and voluntarily report additional information to a PSO.
Guidance at 32559 (emphasis added). In this case, the Petitioner did precisely what HHS recommended. It reached out to the entity that could answer the question: does 902 KAR 20:016 § 3(3)(a)5 create an external obligation?
In response to the Petitioner's request "concerning the application of 902 KAR 20:016 Section 3(3)(a) to a licensed hospital[,]" the Cabinet's Office of Inspector General said:
The plain meaning of 902 KAR 20:016 Section 3(3)(a) is that a licensed hospital is not required to affirmatively or regularly submit, transmit, or otherwise provide to the OIG [Office of the Inspector General] an incident investigation report. A licensed hospital is expected to demonstrate it follows an effective and meaningful process for "establish[ing], maintain[ing] and utiliz[ing]" incident investigation reports under the regulation, but the regulation does not require each licensed hospital to adhere to the same process or that a hospital automatically submit such reports to OIG.
(Petition, Exhibit I, Letter, Maryellen B. Mynear, Inspector General, CHFS, to Margaret M. Pisacano, December 1, 2015 (OIG letter); emphasis added; double emphasis in original). Therefore, our conclusion is consistent with the Cabinet's interpretation of its regulation—there is no external obligation requiring creation or disclosure of the report which is the subject of this writ petition.
5. When external obligation arises after report exists in a PSES
We would be remiss if we did not add that both the Guidance and the OIG recognize that circumstances can change and what was not originally an external obligation could become one. The Guidance says:
HHS is aware that situations could arise where a provider has collected information for reporting to the PSO and where the records at issue were not required by any external obligation at the time they were created, but where a regulator later seeks the same information as part of its oversight or investigatory responsibilities. The information at issue would be PSWP and would be privileged and confidential, but the provider may still have several options to satisfy its obligation [i.e. , to satisfy requirements of the state regulator].
Guidance at 32659–32660. Reflecting this very concept, the Cabinet's inspector general, in her letter to the Petitioner, said:
The OIG may request pertinent documents, including documents that might be characterized as incident investigation reports, from a licensed hospital on a case-by-case basis as a consequence of any survey by this agency. However, the regulation does not require a licensed hospital to disclose any record deemed
confidential by 42 U.S.C. § 299b–22(a).[ ]
Although the inspector general refers to a "record deemed confidential[,]" she cites subsection (a) establishing the privilege rather than subsection (b) declaring the record confidential. Compare 42 U.S.C. § 299b–22(a) with 42 U.S.C. § 299b–22(b).
(OIG letter; citing 902 KAR 20:008 § 2(4)3a (2015), now 902 KAR 20:008 § 2(12)(b)3a (describing OIG's access to health facility)).
The Guidance suggests a process to address the circumstance of an external obligation arising after the report already exists in the PSES, but before it is submitted to the PSO, saying:
This process, sometimes referred to as the "drop out" provision, provides that PSWP "assembled or developed by a provider for reporting to a PSO may be removed from" a PSES and no longer be considered PSWP if: "[t]he information has not yet been reported to a PSO" and "[t]he provider documents the act and date of removal of such information from the" PSES. Once removed from the PSES following this procedure, the information could be used for other purposes, such as to meet state law obligations.... [I]f the provider ... determines the information within its PSES that had originally been assembled or developed for reporting to a PSO will be instead used for an external obligation, it is removed from the PSES and is no longer PSWP. This means it is no longer privileged or confidential under the Patient Safety Act and Patient Safety Rule.
Guidance at 32659 (quoting 42 C.F.R. 3.20(2)(ii) ). The record indicates that the Cabinet has not demanded a report regarding Haggard; i.e. , no external obligation has arisen since the report sought by Flowers was created within the PSES.
If the Cabinet had caused an external obligation to arise in this case, the "drop out" provision would not have been available because the report already has been submitted to the PSO. However, there is a solution even after the data is submitted to a PSO. In such circumstances, "the Patient Safety Act indicates that a provider could conduct a new analysis with non-PSWP to satisfy the requirement, regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to or assessed by a PSO or PSES." Guidance at 32660 (citation and internal quotation marks omitted). Similarly, HHS said in its earlier guidance document, "The Patient Safety Act does not relieve a provider of its responsibility to respond to [local, state and federal regulatory authority] requests for information or to undertake or provide to external authorities evaluations of the effectiveness of corrective action, but the provider must respond with information that is not patient safety work product." Patient Safety and Quality Improvement, 73 Fed. Reg. 70732–01 at 70740.
While both the Guidance and the OIG recognize the possibility of changed circumstances, there is nothing to indicate such a change has occurred in this case, or that the Petitioner has had a need to resort to suggestions offered in the Guidance for addressing such a change.
In summarizing our analysis of this section, we hold that there exists no mandatory external obligation, i.e. , no required reporting obligation imposed by any local, state or federal government's exercise of police powers upon the Petitioner relative to the report Petitioner provided to its PSO. This does not end our analysis under the Patient Safety Act.
External obligations compelled by the exercise of police powers are not the only external obligations that will except information from PSWP and prevent the claim of privilege. We refer to information that must be recorded or reported as a condition of participation in government-sanctioned programs.
B. Voluntary external obligations—conditions of program participation
When a provider voluntarily participates in a certification program or accreditation process, there will be obligations imposed as a condition of that voluntary participation. These requirements constitute external obligations for purposes of the Act. Expressed slightly differently, if the hospital's governing authority deems it necessary to the hospital's business model to voluntarily participate in a program, the recordkeeping or reporting conditions of that voluntary participation are external obligations.
For example, hospitals are not required to participate in Medicare and Medicaid Services programs; they do so on a voluntary basis. However, under federal law, there are mandatory conditions hospitals must meet if they choose to participate. One condition of participation in these federal programs is expressed in language similar to Kentucky's requirements under KRS 216B.155. It is the requirement to:
develop, implement, and maintain an effective, ongoing, hospital-wide, data-driven quality assessment and performance improvement program.... Performance improvement activities must track medical errors and adverse patient events, analyze their causes, and implement preventive actions and mechanisms that include feedback and learning throughout the hospital ... and [assure] that all improvement actions are evaluated.
42 C.F.R. § 482.21(c)(2), (e)(2). Under a section of the rule entitled "Program data[,]" it is the hospital, not the government, that specifies "[t]he frequency and detail of data collection...." 42 C.F.R. § 482.21(b)(3). HHS expressly states:
"[T]he hospital must ... document what improvement projects are being conducted"; however, there is significant flexibility regarding how this requirement is satisfied. 42 C.F.R. § 482.21(d) ("A hospital is not required to participate in a Q[uality] I[mprovement] O[rganization] cooperative project, [provided] its own projects are ... of comparable effort.").
CMS [the Center for Medicare and Medicaid Services] does not require submission of a PSWP, and hospitals have choices with regard to what to place in a patient safety evaluation system as a PSWP, to what extent the hospital will use any of the exceptions provided in the PSQIA [the Act] as noted above, and to what extent the hospital will seek to demonstrate compliance with the CoPs [Conditions of Participation] through the provision of other information.
Medicare Program, 79 FR 49854–01 at 50340. In short, the Medicare regulations sanction and defer to the Patient Safety Act on this point of compliance with 42 C.F.R. § 482.21. There is no direct mandatory reporting, disclosure or recordkeeping obligation as a condition of participation in the Medicare and Medicaid Services programs. In this way, the Medicare participation program is very much the model for Kentucky's law that implicitly sanctions participation in the Patient Safety Act program and allows that such participation "shall suffice for compliance with the standards in this section." KRS 216B.160.
The full title is: Medicare Program; Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and the Long–Term Care Hospital Prospective Payment System and Fiscal Year 2015 Rates; Quality Reporting Requirements for Specific Providers; Reasonable Compensation Equivalents for Physician Services in Excluded Hospitals and Certain Teaching Hospitals; Provider Administrative Appeals and Judicial Review; Enforcement Provisions for Organ Transplant Centers; and Electronic Health Record (EHR) Incentive Program."
Compare these requirements with the federal requirement to "submit a report to us [Food and Drug Administration, HHS] as soon as practicable but no more than 10 work days after the day that you become aware of information, from any source, that reasonably suggests that a device has or may have caused or contributed to the death of a patient of your facility." 21 C.F.R. § 803.30(a) (1).
The federal mandate under the Medicare Act, like the state mandate under KRS 216B.155, is for hospitals to establish a process for self-examination and improvement. This federal external obligation is satisfied when the hospital assures the Centers for Medicare & Medicaid Services, HHS, that its "quality assessment and performance improvement program" is established and in operation. From the time the Medicare program was created in 1965, hospitals have provided this assurance by participating in another voluntary program, the accreditation program for medical providers operated by The Joint Commission. Those hospitals and other providers accredited by The Joint Commission are automatically deemed to comply with Medicare certification standards. See 42 U.S.C. § 1395bb(a) ; see also 42 C.F.R. § 488.5.
Not only does participation in The Joint Commission's accreditation program satisfy the conditions of voluntary participation in the Medicare and Medicaid programs, such participation also is an acceptable substitute for hospital licensure compliance in Kentucky. KRS 216B.185(1). The record indicates that the Petitioner does participate in The Joint Commission's accreditation program. Therefore, that participation satisfies two external obligations: (1) the licensure requirements under Kentucky law, and (2) Medicare compliance under federal law.
However, Flowers argues participation in The Joint Commission's program is itself a reason the report is not privileged. Her argument is as follows.
Flowers claims making adverse incident reports, or what The Joint Commission calls "sentinel events," is a condition of voluntary participation in its program; i.e. , she claims adverse incident reporting to The Joint Commission is an external obligation. If we take this premise as true, the next step in her argument is that we should infer that a report to The Joint Commission about Haggard must have been "developed ... or exists separately, from a patient safety evaluation system[.]" 42 U.S.C. § 299b–21(7)(B)(ii). If it does not so exist, she claims, it should have been and, therefore, the report Petitioner submitted to the PSO must be withdrawn from the PSES and provided to her.
We reject her argument for several reasons. First, the evidence contradicts Flowers's assertion that the report exists separate from the PSES. Furthermore, Flowers's solution—using PSWP that has been sent to a PSO to satisfy an external obligation—is not permitted under the Patient Safety Act. Finally, sentinel event reporting to The Joint Commission is not a condition of participation; that underlying premise is false.
To elaborate, the urged inference contradicts the only evidence on this point in the record—that the report "do[es] not exist separately from UK HealthCares' patient safety evaluation system ... and was submitted to [its] patient safety organiza tion...." (Director's affidavit, p. 3 ¶ 17; p. 2 ¶ 13a). Flowers offers no evidence to the contrary.
Second, as we noted in Section IV , the privilege took effect when information was collected in the Petitioner's PSES. If the Petitioner deliberated the question whether that information was needed to satisfy an external obligation or for any purpose other than submission to a PSO, those deliberations were also privileged. See Notice of Proposed Rulemaking (NPRM), 73 FR 8112–01 at 8122–8123 (cited in Guidance at 32656). When the report, in fact, was submitted to the PSO, thereby eliminating the factual question of the hospital's intended purpose, the report became perpetually PSWP. Id. at 8122. And, "[a]s the Patient Safety Act states more than once, these external obligations [if any exist] must be met with information that is not patient safety work product.... HHS repeatedly stated that PSWP cannot be used to fulfill external obligations." Guidance at 32656 (citations and internal quotation marks omitted).
Although the Guidance says "a provider should only place information in its PSES if it intends to report that information to the PSO [,]" Guidance at 32656, the administrators are pragmatists and recognize the possibility that "the provider is unsure at the time the information is prepared for reporting to the PSO whether that information may be required in the future to fulfill a state law obligation. Id. at 32659. The Guidance refers to the Notice of Proposed Rulemaking (NPRM) on this point which says:
[T]he statutory protections for deliberations and analysis in a patient safety evaluation system apply without regard to the status of the underlying information being considered (i.e., it does not matter whether the underlying information being considered is patient safety work product or not). A provider can fully protect internal deliberations in its patient safety evaluation system over whether to report information to a PSO. The deliberations and analysis are protected, whether the provider chooses to report the underlying information to a PSO or not. However, the underlying information, separate and apart from the analysis or deliberation, becomes protected only when reported to a PSO. See section 921(7)(A)(i)(1) of the Public Health Service Act, 42 U.S.C. 299b–21(7)(A)(i)(1).
Notice of Proposed Rulemaking (NPRM), 73 FR 8112–01 at 8122.
As HHS sees it, there are three different ways of saying that Flowers cannot obtain the report once it was submitted to the PSO: (1) the "drop out" provision for satisfying any supposed external obligation became unavailable, see Section VII.A.5., supra ; (2) the report permanently became PSWP, 42 U.S.C. 299b–21(7)(A)(i)(1) ; and (3) the report became unavailable for the satisfaction of any external obligation. Guidance at 32656. Assuming arguendo the validity of Flowers's premise of an unmet external obligation (such as a condition of participation in The Joint Commission's accreditation program), the Petitioner would have to "conduct a new analysis with non-PSWP to satisfy the requirement, regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to ... a PSO...." Guidance at 32660 (citation and internal quotation marks omitted).
But the reality is that no such external obligation exists. Flowers's premise that it does is a false premise. Just as Kentucky's hospital licensure laws do not require reports of adverse medical events or "sentinel events," neither does The Joint Commission. Frankfort Regional Medical Center v. Shepherd , 2015–SC–000438–MR, 2016 WL 3376030, at *8 fn6 (Ky. June 16, 2016) ("[R]eporting to The Joint Commission is voluntary[.]"). The Joint Commission's accreditation manual, a copy of which Flowers herself submitted to the Court, says: "Each hospital is strongly encouraged, but not required , to report to The Joint Commission any patient safety event that meets The Joint Commission definition of sentinel event." (Response, Appendix 7, p. SE–7) (emphasis added). As with the state's licensure laws and the Medicare Act, it is more important that the hospital have and utilize a process to identify the cause of sentinel or other adverse medical events and to take corrective action to avoid repeated occurrences. As The Joint Commission says, "The fact that a hospital has experienced a sentinel event will not impact its accreditation decision. However, willful failure to respond appropriately ... could have such an impact." (Id. (emphasis added)).
The Joint Commission's website also says adverse medical event reporting "is strongly encouraged, but not required...." The Joint Commission, Sentinel Event Policy and Procedures, https://www.jointcommission.org/sentinel_event_policy_and_procedures/ (last visited Aug. 11, 2017).
Summarizing our analysis to this point, a hospital must establish, maintain and utilize reporting or recordkeeping of patient records necessary to satisfy the external obligation of complying with 902 KAR 20:016 § 3(11). Such records are not PSWP and not entitled to the claim of privilege under the Patient Safety Act. See discussion in Section VI, supra. Reporting or recordkeeping also must be established, maintained and utilized as necessary: (1) to comply with all other mandates by government or (2) to fulfill a condition of voluntary participation in a government, or government-sanctioned, program other than that created under the Patient Safety Act. Such records are not PSWP and not entitled to the claim of privilege under the Act. See discussion in Section VII.A. and this Section VII.B. , respectively, supra.
In Section VIII to follow, we explain that reporting and recordkeeping, other than for these purposes, may still fall outside the privilege of the Act; provided, however, that such reporting or recordkeeping is a business record "established, maintained and utilized as necessary to guide the operation, measure productivity, and reflect the programs of the facility[,]" 902 KAR 20:016 § 3(3)(a), and further provided that it "is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system." 42 U.S.C. § 299b–21(7)(B)(ii). As with the other kinds of exceptions to PSWP, such records as these are not PSWP and not privileged under the Patient Safety Act.
VIII. Exceptions of the third kind to PSWP—business records
In Section VII.A. , supra , we took for granted that "regulation of public health and the cost of medical care are virtual paradigms of matters traditionally within the police powers of the state." Medical Soc. of State of N.Y. v. Cuomo , 976 F.2d 812, 816 (2d Cir. 1992) (citing Hillsborough County v. Automated Medical Lab. Inc., 471 U.S. 707, 719, 105 S.Ct. 2371, 2375, 85 L.Ed.2d 714 (1985) ). Exercise of those police powers over healthcare practitioners is pervasive, so much so we must remind ourselves that, unlike other commonwealths, our government has yet to subsume the healthcare industry. We must guard against the subconscious notion that the Commonwealth of Kentucky engages in "regulatory oversight of its healthcare facilities." Tibbs , 448 S.W.3d at 809 (emphasis added). In a capitalist economy, the operation of a hospital is still free enterprise.
"[T]he state-run National Health Service (NHS) is the ... primary healthcare provider in Great Britain and Northern Ireland." Dr. Richard Goldberg, Medical Malpractice and Compensation in the UK , 87 Chi.–Kent L. Rev. 131, 131–32 (2012).
We acknowledge that, "notwithstanding the fact that [the University of Kentucky Medical Center] competes with private hospitals, its essential role in the teaching mission of the University of Kentucky College of Medicine rendered its activities governmental." Breathitt County Board of Education v. Prater , 292 S.W.3d 883, 887 (Ky. 2009). Therefore, from the perspective of the Commonwealth of Kentucky's cloak of immunity, perhaps it could be said that this hospital is one of its healthcare facilities. However, the issue before us is not immunity. The issue before us affects every Kentucky healthcare facility as a business and the broader applicability of our analysis to this hospital and all Kentucky hospitals as businesses is intentional. Our opinion in no way runs afoul of our jurisprudence identifying the University of Kentucky Medical Center as part of a state agency entitled to the protection of immunity. Withers v. University of Kentucky , 939 S.W.2d 340, 342, 343 (Ky. 1997) (As to "whether the University of Kentucky is entitled to immunity from claims of medical negligence at its medical center ..., [the Supreme Court said] we have no reluctance to answer in the affirmative.").
That point has been well made and often. For example, the Supreme Court recently remarked that, like any business, a hospital will develop "general business policies, such as those aimed at reducing waste or hiring qualified employees...." Collins v. Braden , 384 S.W.3d 154, 160 (Ky. 2012). In University Medical Center, Inc. v. Beglin , the Supreme Court noted that the University of Louisville Hospital utilized "standardized forms [including an] 'occurrence report.' ... used by employees in the ordinary course of business when significant events occur to document their experience and observations for subsequent review by the hospital's risk management staff in assessing legal liability issues." 375 S.W.3d 783, 786–87 (Ky. 2012).
To help avoid the confusion of information that may have dual uses, the Guidance suggests "a provider should maintain at least two systems or spaces: A PSES for PSWP and a separate place where it maintains records for external obligations." Guidance at 32659. We would add that the practice is a good idea even where there is no external obligation, but where, as discussed in this Section VIII , the provider's governing authority decides it is appropriate to its operations to create such reports for a purpose other than participation in the Patient Safety Act program.
In a similar vein, although submitting a sentinel report to The Joint Commission, as discussed in Section VII.B. , is not a condition of participation in its accreditation program, a hospital could make the business decision that it should. An example of a hospital making such a business decision is found in Frankfort Regional where information was gathered immediately after a problem childbirth "as part of the hospital's standard business procedures in generating a document titled Root Cause Analysis, which is submitted to The Joint Commission[.]" 2016 WL 3376030, at *1. The information was established, maintained and utilized as the hospital deemed necessary to guide its operations, and the information was developed and existed separately from any PSES, apparently never intended for submission to a PSO. The circuit court declared the information discoverable and ordered its production. That ruling was sound. Although the privilege claimed was not the privilege created by the Act, that privilege would not have been available under our analysis had it been claimed. Guidance at 32656 ("Not PSWP if prepared ... [f]or internal risk management (claims and liability purposes")).
In the case before us, there is no evidence that Petitioner made this kind of business decision. There is no evidence that Petitioner submitted the subject report to The Joint Commission and no evidence that the report exists separately from its development and analysis within Petitioner's PSES, until its submission to the PSO. The report, as demonstrated by the record before us, was created for the sole purpose of submission to its PSO in accordance with the Act and for no other use whatsoever. Petitioner is entitled to claim the Act's privilege.
IX. Kentucky jurisprudence is consistent with this analysis
As noted, and as recognized by the Respondent, our Supreme Court has struggled three times with the concepts which are, again, squarely before us. Only one of the high court's cases is precedent, but we can learn from all three.
However, before considering those cases, we note that prior to any of them, one of Kentucky's federal courts applied Kentucky law to analyze 902 KAR 20:016 § 3(3)(a) in the context of the Act. It was a medical malpractice action in which the plaintiff relied on the regulation "to compel the University of Kentucky Medical Center ('UKMC'), a non-party, to produce documents generated after the [adverse medical] event...." Lindon v. Kakavand , 5:13–CV–26–DCR–REW, 2014 WL 12648464, at *1 (E.D. Ky. Apr. 29, 2014). After the federal magistrate entered the non-dispositive order denying the motion, the plaintiff objected before the district court. The objection was overruled. The district court said:
[P]laintiff's reliance on the cited Kentucky Administrative Regulations is overstated. She again fails to identify any regulation that either: (i) sets forth criteria for the preparation of an incident investigation report ...; or (ii) affirmatively requires UKMC to prepare such incident reports for cases like [real party in interest] MLJ's. (See 902 KAR 20:016 § 3(3)(a)) (stating that administrative reports shall be made and maintained "as necessary ").... Thus, the plaintiff's argument that UKMC was required by state law to record the incident and to report the events is not supported by § 3(3)(a).
Lindon v. Kakavand , CIV.A. 5:13-026-DCR, 2014 WL 4063821, at *2 (E.D. Ky. Aug. 15, 2014) (emphasis in original). This federal case is noteworthy because it reaches the same conclusion we reach. It reached that same conclusion prior to Tibbs . And it reached that same conclusion far more directly and concisely.
About a week after the federal court rendered Lindon , the Kentucky Supreme Court published Tibbs v. Bunnell , 448 S.W.3d 796 (Ky. 2014), a plurality opinion. The Court first noted the breadth of the privilege stating, "The Patient Safety Act announces a more general approval of the medical peer review process and more sweeping evidentiary protections for materials used therein." Id. at 800 (quoting Dep't of Fin. & Prof'l Regulation v. Walgreen Co., 361 Ill.Dec. 186, 970 N.E.2d 552, 557 (Ill. App. Ct. 2012) (internal quotation marks and citations omitted)). Then, the three justices in the plurality apparently disagreed with the federal court's interpretation of the regulation in Lindon , holding instead that, under 902 KAR 20:016 § 3(3)(a), hospitals were required to make reports of adverse incidents. The Court said:
"Justice Scott wrote the plurality opinion, in which Justices Venters and, [sic] Cunningham fully concurred. Justice Noble concurred in result only without separate opinion and Justice Hughes wrote a dissenting opinion which Chief Justice Minton joined. Justice Keller did not sit because she had presided over the Court of Appeals panel that granted the requested writ." Baptist Health , 497 S.W.3d at 762 fn 1.
Kentucky Administrative Regulations relating to Kentucky hospitals provide that: "administrative reports shall be
established, maintained and utilized as necessary to guide the operation, measure of productivity and reflect the programs of the facility." 902 KAR 20:016 § 3(3)(a) (emphasis added). These reports "shall include: ... (5) [i]ncident investigation reports; and (6) [o]ther pertinent reports made in the regular course of business." Id. Such required documents also include peer review and credentialing records. See 902 KAR 20:016 § 8(b)(1)–(2).[ ] Under Kentucky law, these types of reports are required in the regular course of the hospital's business, are hospital records, and, thus, are generally discoverable.
902 KAR 20:016 has only five sections. Specifically, there is no regulation 902 KAR 20:016 § 8(b)(1)–(2). We are at a loss as to which authority the Court intended to cite.
Id. at 804. The opinion received mixed reviews and has been grossly misinterpreted by at least one other court.
In footnote 6 at the end of this passage, the Supreme Court discussed the accreditation process of The Joint Commission. The Court would revisit that concept in, coincidentally, footnote 6 in its opinion in Frankfort Regional , and for good reason. The Tibbs footnote cites authority that said: "Through its accreditation activities, The Joint Commission promotes patient safety by requiring member organizations to report serious adverse patient health events ...." Tibbs , 448 S.W.3d at 800 fn6 (quoting Frederick Levy, et al., The Patient Safety and Quality Improvement Act of 2005: Preventing Error and Promoting Patient Safety, 31 J. Legal Med. 397, 406 (2010) ). Our examination of the requirements of accreditation by The Joint Commission, as brought to our attention by Flowers, convinces us that the author of that article, an article relied upon by our Supreme Court, is not correct. As discussed in Section VII.B. , supra , reporting adverse medical events "is ... not required...." See footnote 49, supra.
See footnote 4, supra.
The New Mexico federal district court in Quimbey by Faure v. Community Health Systems Professional Services Corporation went even further, citing Tibbs as "reasoning that incident information was not entitled to protection under the PSQIA [the Act] because it was collected and maintained by the State as part of its regulatory oversight [.]" 222 F.Supp.3d 1038, 1043 (D.N.M. 2016) (emphasis added). That is unquestionably incorrect. The state does not collect and maintain such reports.
We cannot ignore that Tibbs interpreted 902 KAR 20:016 § 3(3)(a) as being what HHS terms an external obligation. However, this Court is not bound to follow Tibbs because, although published, it was a mere plurality opinion and not precedent. In any event, that interpretation was quickly called into question by the Supreme Court itself.
Less than a year after Tibbs , the Supreme Court had an opportunity to clarify the meaning of 902 KAR 20:016 § 3(3)(a). In Frankfort Regional Medical Center v. Shepherd , the privilege the hospital claimed did not arise under the Patient Safety Act. 2015–SC–000438–MR, 2016 WL 3376030 (Ky. June 16, 2016). In fact, the Act is not mentioned at all. The regulation arose, instead, in the context of the attorney-client privilege. Nevertheless, the interpretation of 902 KAR 20:016 § 3(3)(a) was central to the decision.
Frankfort Regional was a medical negligence action in which physicians and the hospital were co-defendants. When the defendant physicians sought to discover from the defendant hospital certain notes compiled by the hospital's risk-management director following and regarding an adverse medical event, the defendant hospital claimed the notes were created in anticipation of litigation and, therefore, were subject to the attorney-client privilege and/or the work-product doctrine. Id. at *1–2. The physicians challenged the hospital's claim, and the circuit court agreed with their argument that the privilege did not apply because the hospital "was legally required to create these documents ... in the regular course of business, as required by 902 KAR 20:016, §§ 3(3)(A)(5)–(6)...." Id. at *3. The hospital sought a writ of prohibition in this Court which we denied; we "agreed with the circuit court ... that Kentucky's administrative regulations required hospitals to generate incident reports...." Id. at *4.
The Supreme Court affirmed our order denying the writ. However, the high court cast significant doubt on the reasoning upon which the circuit court denied the privilege, and on which we denied the writ. According to the Court:
The physicians make much of the trial court's conclusion that [the risk-management director]'s investigation was undertaken, at least in part, to facilitate the production of a report purportedly required by law. The law in question is 902 KAR 20:016 § 3(3) , which regulates hospital operations and states that "administrative reports shall be established, maintained and utilized as necessary to guide the operation, measure of productivity and reflect the programs of the facility." Id. § 3(3)(a). Those reports "shall include ... [i]ncident investigation reports; and ... [o]ther pertinent reports made in the regular course of business." Id. §§ 3(3)(A)(5)–3(3)(A)(6). A plurality of this Court recently suggested that this regulation extends to reports sent to accreditation entities, like the Joint Commission. See Tibbs v. Bunnell, 448 S.W.3d 796, 804 (Ky. 2014).... It does not necessarily follow that the regulation required the interviews and other investigative steps undertaken ....
Id. at *8 (emphasis added). The Court further said "it is questionable whether the Root Cause Analysis[ ] is legally compelled by the administrative regulations [ 902 KAR 20:016 § 3(3)(a)(5)–(6) ] cited by the trial court." Id. at *13.
See footnote 6, supra.
More illumination can be found in the footnote that ends the passage block quoted above. That footnote places in doubt Tibbs's conclusion that 902 KAR 20:016 § 3(3)(a) requires incident reporting. Reference in that footnote is to The Joint Commission's accreditation program. The Court said:
Tibbs's suggestion that accreditation reports are required by the regulation is also questionable. As the hospital notes, the regulation qualifies the required reports with "as necessary." 902 KAR 20:016 § 3(3)(a). But who is to determine what is necessary in this context? If it is the hospital, then it is the hospital's decision that led to the creation of the report, not the regulation. Moreover, [the risk-management director's work] was not an "incident report" as that phrase is commonly used in hospital administration. It could then fit, at best, under the catch-all provision for documents generated in the ordinary course of business. But reporting to the Joint Commission is voluntary. That a hospital undertakes such reporting as part of its business again suggests that it is the hospital that dictates whether the report is generated, not a government regulation.
Id. at *8 fn6. This footnote touches on the point made in Section VIII that voluntary submission of a report as part of voluntary participation in a program will not be privileged. Such voluntary submission outside the Act's program will be viewed as having been a business decision by the hospital's governing authority to guide its operations, produced in the hospital's ordinary course of business and, unless entitled to a privilege other than pursuant to the Act, would be discoverable.
The Court in Frankfort Regional very clearly posed the question whether the regulation required creation or submission to the Cabinet of an event report; it did not, however, answer that question. But, no answer was necessary. Whether the event report was mandated was irrelevant to whether it was work product subject to the attorney-client privilege. Frankfort Regional , 2016 WL 3376030, at *9–10 ("We need not delve into the thorny questions ... of Tibbs and this regulation, however.... [I]ncident investigations ... can also have a business purpose.... Where the disclosures are made with dual purposes,[ ] and the business purpose is equal or predominant, they cannot be covered by the [attorney-client] privilege, at least where they would have been made for the business purpose anyway."). We have carefully considered Frankfort Regional in context and we find our opinion here is consistent with its holding.
See footnote 52, supra.
Frankfort Regional is an unpublished opinion. Like the published plurality opinion of Tibbs , it is not precedent. However, unlike Tibbs , Frankfort Regional not only indicates a majority view of the Court, it demonstrates the justices are unanimous in their doubts whether the regulation in question is an external obligation mandated by force of law. Id. at *14 (Keller, J., concurring and in which Hughes and Wright, JJ., join; "I agree with the majority that it is not clear that 'the interviews and other investigative steps undertaken [by the hospital's risk-management director] were required by [ 902 KAR 20:016 § 3(3) ] simply because they were ultimately used to prepare the Root Cause Analysis."; insertion of regulation citation in original).
Flowers asserts that Frankfort Regional supports her argument, quoting footnote 6 as indicating that the report became discoverable upon the Petitioner's own determination that it was necessary under 902 KAR 20:016 § 3(3)(a)5 and that "any of the [Petitioner's] record maintenance in compliance with The Joint Commission requirements would be discoverable." (Flowers's Response To Petition For Writ of Prohibition, p. [7] ). But this argument fails to account for the distinguishing factor between Frankfort Regional and this case—the purpose for which the report was created, the key to determining whether the report is PSWP. It is clear in Frankfort Regional that the subject report was generated for voluntary submission to the Joint Commission; the record now before us is just as clear that the subject report was not created to comply with, or even voluntarily supplement, compliance with The Joint Commission's accreditation program but, rather, was created within a PSES for submission to the Petitioner's PSO.
Primarily, however, Flowers relies on the Supreme Court's most recent interpretation of the regulation in Baptist Health Richmond, Inc. v. Clouse , 497 S.W.3d 759 (Ky. 2016). She argues that Baptist Health returned to the plurality analysis of the regulation found in Tibbs .
Once again, we disagree with Flowers because Baptist Health , like Frankfort Regional , never said whether 902 KAR 20:016 § 3(3)(a) required the hospital to report incidents to the Cabinet, or even create a report. That determination was left to the circuit court when the Supreme Court "remand[ed] with instructions for the court to undertake the review as set forth" in the opinion. Baptist Health , 497 S.W.3d at 766. That remand does more to tell us that 902 KAR 20:016 § 3(3)(a) is not an external obligation than to tell us that it is. Of these three cases, we must examine Baptist Health most closely.
First, we note that the Supreme Court rendered Baptist Health in September 2016. Therefore, it was available for consideration by the Respondent when ruling on the discovery motion at issue. Based on the Respondent's plea for guidance and our own analysis, we conclude that the case was not fully helpful and, in fact, did not answer the critical question whether the regulation constitutes an external obligation under the Act.
Baptist Health was another appeal from the denial by this Court of a writ petition. In the lawsuit underlying Baptist Health , the hospital claimed that records sought by the real party in interest were in its PSES bound for a PSO and therefore privileged under the Act. The real party in interest believed some of that information was necessary to satisfy external obligations. Obviously and correctly taking its cue from the Guidance's focus on the purpose for which the report was created, the circuit court ruled that "only those documents that had been 'collected, maintained, or developed for the sole purpose of disclosure to a Patient Safety Organization pursuant to the [Act]' are protected." Id. at 761 (quoting circuit court order). Noticeably missing from the Supreme Court opinion is how the circuit court treated 902 KAR 20:016 § 3(3)(a). One must examine the unpublished Court of Appeals order denying the writ to learn that.
The real party in interest was "Tim Agee, Individually and as Administrator of the Estate of Eva Louise Nall (Agee), Deceased[.]" The information sought was "any and all incident reports, investigation reports, sentinel event reports, root cause analysis reports, Joint Commission reports, Medicare reports, Medicaid reports, peer review reports and reports of any nature relating to Eva Louise Nall (Agee)." Baptist Health , 497 S.W.3d at 761.
The Court of Appeals order denying the writ quoted the circuit court's order stating that "[s]pecific documents collected, maintained, or developed for any additional purpose beyond PSO disclosure such as compliance with the requirements of 902 KAR 20:016 , are not privileged under the PSQIA [the Act] and must be disclosed."Baptist Healthcare Richmond, Inc. v. Clouse , No. 2015–CA–001175–OA, at 2 (Ky. App. Oct. 8, 2015) (order denying writ; quoting circuit court order denying protective order; emphasis added). Clearly, to the extent the circuit court's order denied the claim of privilege, that decision was based on Tibbs's holding that the regulation did create an external obligation to submit adverse incident reports to the Cabinet. The circuit court concluded, therefore, that of the various reports assembled within Baptist Health's PSES, reports necessary to satisfy external obligations had to be culled from the privileged information.
When Baptist Health petitioned this Court for a writ to prohibit the circuit court from compelling production of the report, it argued that the Tibbs plurality was wrong in its interpretation of 902 KAR 20:016 § 3(3)(a) and that its holding that the regulation created an external obligation should be ignored. At that time, the only Kentucky decision that had been rendered, published or not, was Tibbs . It would be eight months before Frankfort Regional was rendered, casting doubt on Tibbs . Consequently, despite Tibbs's non-precedential nature, this Court chose to follow that case. We parroted Tibbs's holding that "an 'incident report' required by 902 KAR 20:016 § 3(3)(a) was not privileged under the [Patient Safety Act]." Id. at 3–4 (citing Tibbs , 448 S.W.3d at 809 ). We held "[t]he trial court properly applied the principles set forth in the Tibbs decision because ... the order excluded from protection documents that were required under the Kentucky regulations [i.e. , 902 KAR 20:016 § 3(3)(a) ] or otherwise prepared for another purpose." Id. at 4. Our decision to deny the writ was based on a conclusion that the regulation, 902 KAR 20:016 § 3(3)(a), required adverse incident reporting to the Cabinet. Baptist Health appealed our denial of the writ to the Supreme Court.
It is critical to note that if the Supreme Court had considered Tibbs's reasoning sound, it easily could have affirmed this Court's denial of the writ and left intact the circuit court's order. It did not do so. Instead, the Supreme Court vacated the circuit court's order compelling production and remanded "with instructions for the court to undertake the review as set forth herein." Baptist Health , 497 S.W.3d at 766. One cannot escape the conclusion that Baptist Health continues to signal the Supreme Court's doubt whether 902 KAR 20:016 § 3(3)(a)5, in fact, requires a hospital to create or submit an adverse incident report to the Cabinet. The doubt was certainly justified, as the Supreme Court's opinion struggled to harmonize the plurality and dissenting opinions of Tibbs .
The Supreme Court began by examining Tibbs , initially noting there is "much with which we can agree in both the plurality and the dissenting opinions" and concluding that "the correct result in this case lies in middle ground between the plurality and the dissenting opinions in Tibbs. " Id. at 762, 766. Although Baptist Health describes some of the reasoning in both the plurality and the dissent of Tibbs , including recognizing without affirming the plurality's interpretation of 902 KAR 20:016 § 3(3)(a), the Court expressly agrees with only one part of Tibbs —"We agree with the dissent that mandating invasion of 'the hospital's patient safety evaluation system' by trial courts every time there is a discovery dispute would 'discourage participation in the patient safety system by Kentucky's healthcare providers.' " Baptist Health Richmond, Inc. v. Clouse , 497 S.W.3d 759, 766 (Ky. 2016) (quoting Tibbs , 448 S.W.3d at 816 (Hughes, J., dissenting)). This seems to be the primary concern of the Court. How does a court peer into a hospital's privileged files to make the assessment?
The Court first noted what must by now be obvious: "reports that are required by the Commonwealth do not become privileged [by the act of] the provider put[ing] them in its patient safety evaluation system." Id. at 765. The Court did not identify such reports. Instead, it described a general procedure for "invasion of 'the hospital's patient safety evaluation system' " when the circuit court has reason to believe a hospital is attempting to hide incriminating information that is supposed to be reported outside the PSES:
[T]he court can conduct an in camera review of the documents in the provider's patient safety evaluation system. In conducting that review, the court should separate the information that is usually contained in state-mandated reports from information that is not usually contained in those reports. The information that is usually contained in state-mandated reports is not protected by the patient safety work product privilege provided in the Act and will be discoverable.
Baptist Health , 497 S.W.3d at 766. Perhaps the Supreme Court placed the cart before the horse, for it is only after this discussion that it established procedural and burden-shifting rules that, logically, should precede any in camera review.
In discussing the procedure for reviewing claims of privilege, Baptist Health presumes and then builds upon the rule that "the burden is on the party claiming the privilege to prove that it exists as to the communications so claimed." Collins , 384 S.W.3d at 161 (quoting St. Luke Hosps., Inc. v. Kopowski , 160 S.W.3d 771, 775 (Ky. 2005) ). Under the Act, it is sufficient proof that the information or report was collected within the PSES for the purpose of submitting it to a PSO, making it PSWP and privileged. That the report, in fact, has been sent to a PSO, as in this case, eliminates any issue regarding the intended purpose for the report. Petitioner here carried the basic burden of proving entitlement to the privilege.
See Section IV, supra , discussing the "reporting pathway."
However, adding to that basic burden, the Supreme Court said the privilege claimant also "bears the burden of proving that it complied with the statutory and regulatory reporting requirements." Baptist Health , 497 S.W.3d at 766. That is, the provider must prove it has satisfied its external obligations. We are not told what quantum of proof will suffice. In the case under review, Petitioner presented proof from the Cabinet that no external obligation existed under 902 KAR 20:016 § 3(3)(a), and from its director of risk management that indicated there were no unmet external obligations. Whatever the quantum of proof the Supreme Court may have had in mind must be slight, however, because even "[i]f the provider fails to meet that burden," the responsibility of going forward with proof shifts to "the party seeking the information [who] then bears the burden of establishing what information is generally contained in state-mandated reports." Id.
The information seeker's burden of establishing what recordkeeping or reporting is state-mandated is more a legal question than it is a factual one, and we believe this opinion provides much of the answer. It would make sense that a circuit court's in camera review of information in the provider's PSES would only be justified if the party seeking the information carries her burden to demonstrate: (1) what information should be in a state-mandated report that the provider has failed to create; and (2) that such information does not exist outside the provider's PSES. If that burden is met, the circuit court's in camera review would be appropriate to determine if information necessary to satisfy an external obligation exists within the PSES. If it does, and if the report has not yet been submitted to a PSO (thereby making it forever PSWP and privileged), the provider would have to decide whether to utilize the "drop out" provision discussed in Section VII.A.5. Otherwise, the provider would have to create a report to satisfy the unmet external obligation using non-PSWP. In the case before us, we concluded that Flowers could not carry the burden of establishing that Petitioner failed to comply with any state mandate. Therefore, no in camera review was necessary.
Baptist Health tells lower courts they may and must separate the chaff from the wheat. The circuit court in Baptist Health and this Court in the related writ petition action attempted to do so by using as the thresher Tibbs and its holding that 902 KAR 20:016 § 3(3)(a) creates a state mandate. When the Supreme Court vacated that circuit court order, the message was clear to us that we were wrong to do so.
Before leaving this discussion of Baptist Health , we note, as Justice Hughes found "[n]otabl[e]" in her concurrence in that case, that HHS expressly cited 902 KAR 20:016 § 3(3)(a) in the Guidance. See Baptist Health , 497 S.W.3d at 767 (Hughes, J., concurring). No one should be led astray by the federal agency's characterization of our state regulation. Therefore, we discuss it in context.
The reference to the Kentucky regulation is made in a footnote supplementing the Guidance's discussion of "[s]tate health care regulatory agencies ['] ... requirements" and the fact that "more than half of the states operat[e] adverse event reporting systems." Guidance at 32655. The footnote addresses the 26 states requiring adverse event reporting which, as we discuss in Section VII.A.1. , does not include Kentucky. Id. at 32655 fn3. The Guidance then states that among the remaining jurisdictions, "some states require providers to maintain [rather than report] certain information." Id. The first example given is Delaware which has an administrative regulation quite to the point regarding maintaining and reporting. The Delaware regulation says:
4.3 Report of adverse events:
4.3.1 The facility [i.e., hospital] must report all adverse events to the Department within forty-eight (48) business hours of the occurrence.
4.3.2 The facility must conduct an investigation of all adverse events.
4.3.3 The facility must forward a complete investigative report to the Department within 30 calendar days of the event.
4.4 The facility must keep reports of adverse events , accidents and medical emergencies on file at the facility for a minimum of five years.
Code of Delaware Regulations 4408–4.0 (emphasis added). It escapes us why Delaware is not included among the 26 states with adverse event reporting requirements since the directive is unequivocal and its urgency obvious. Regardless, to make the point about maintaining rather than reporting adverse event reports, the footnote emphasizes that a Delaware hospital must "keep the adverse event reports 'on file at the facility for a minimum of five years.' " Guidance at 32655 fn3. Then the footnote moves on to Kentucky.
"In Kentucky," says HHS, "hospitals are required to 'establish[ ], maintain [ ], and utilize[ ]' administrative reports, including incident investigation reports, 'to guide the operation, measure productivity, and reflect the programs of the facility.' " Id. (quoting, in part, 902 KAR 20:016 Section 3(3)(a); emphasis added). We note two significant points about this reference.
First, the footnote was written after Tibbs interpreted the regulation as a reporting requirement and before Frankfort Regional cast doubt on that interpretation. To the extent HHS researched Kentucky law on the regulation, the agency would have had only the Tibbs plurality interpretation of 902 KAR 20:016 § 3(3)(a) to guide it. HHS did nothing more than feed back to Kentucky courts what Tibbs said, and what Frankfort Regional and Baptist Health cast doubt upon.
Tibbs was rendered in 2014. The Guidance was promulgated on May 24, 2016. Frankfort Regional was rendered on June 16, 2016.
The same could be said of the Solicitor General's opposition to the petition for certiorari before the Supreme Court of the United States. For the Solicitor General, the case hinged on whether there was an external obligation; the Kentucky Supreme Court said there was. Consequently, the Solicitor General said:
Under Kentucky law, hospitals must 'maintain[ ]' certain reports about their operations, including '[i]ncident investigation reports.' 902 Ky. Admin. Regs. 20:016, at 3(3)(a) (2015).... Kentucky law—as authoritatively construed by the State's highest court [prior to its casting doubt on that plurality opinion in subsequent cases]—requires hospitals to maintain incident reports like the one at issue here.... [T]he Supreme Court of Kentucky correctly held that the records a provider must create to satisfy its external obligations—including incident reports required by state recordkeeping laws—do not qualify as patient safety work product in the first place because they are 'original * * * provider record [s].' 42 U.S.C. 299b–21(7)(B)(i) [.]
Brief for the United States as Amicus Curiae, Tibbs v. Estate of Luvetta Goff , 2016 WL 3014493, 6, 15, 16–17 (U.S. 2016).
Second, the Guidance quotes selectively from the regulation, omitting the qualifier "as necessary." Our Supreme Court found that phrase—"as necessary"—to be significant when interpreting the regulation in Frankfort Regional because it "suggests that it is the hospital that dictates whether the report is generated, not a government regulation." Frankfort Regional , 2016 WL 3376030, at *8 fn 6. Therefore, we are not persuaded, nor do we believe the Supreme Court is inclined to be persuaded, by federal administrators who interpret a Kentucky regulation, unaware of post- Tibbs caselaw, and with its purpose to "guid[e] patient safety organizations (PSOs) and providers" and not Kentucky courts interpreting their own state's laws. Guidance at 32655.
X. Applying analysis to Respondent's ruling
The record in this case reflects that the Respondent, aware of Baptist Health and its predecessor cases, did not find sufficient clarity in the jurisprudence upon which to base a confident ruling. A circuit court's resources are limited; therefore, notwithstanding that we are granting the petition, we commend the Respondent's effort and time expenditure pursuing a confident ruling, nevertheless.
Respondent expressly held the Petitioner "did not prepare the patient safety event report as a state-mandated incident investigation report." (Order Overruling Motion to Quash Subpoena, March 3, 2017 (Fayette Cir. Ct. No. 15–CI–04544)). Clearly then, it is not an exception of the second kind to PSWP. But Respondent also held "as a matter of law that once the hospital voluntarily decided to prepare the event report the [Petitioner] deemed the event report to be necessary under 902 KAR 20:016 § 3(3)(a) and, therefore, the court finds the report is discoverable." (Id. ). In effect, the Respondent declared the voluntary creation of the report in the PSES and submission of the report to the PSO to be an exception of the third kind to PSWP, as discussed in Section VIII, supra. This latter determination is incorrect as a matter of law because voluntary recordkeeping or reporting (whether supplementary participation in a voluntary program or as a business record deemed necessary by the governing authority) is only excepted from PSWP if it exists separately, outside, and apart from the PSES. This report did not. Only if this requirement of independent existence is met will we avoid the absurdity that the same reporting that entitles one to the privilege simultaneously defeats it.
There was no proof that submission of the report was state-mandated, and none that submission of the report was required by any voluntary program in which Petitioner participated.
As noted in Frankfort Regional , "[w]hether a particular communication is privileged depends ... on the facts and circumstances under which the communication was made." Frankfort Regional , 2016 WL 3376030, at *8 (quoting Lexington Public Library v. Clark , 90 S.W.3d 53, 59 (Ky. 2002) (internal quotation marks omitted)). The Guidance repeatedly says that the key to determining the availability of the privilege is first determining the purpose for which a report is created. Like the Guidance, we repeatedly touched upon this point. As the Guidance says:
See, e.g. , Section IV, supra.
uncovering the purpose for which information is prepared can be a critical factor in determining whether the information is PSWP. Since some types of information can be PSWP or not depending upon why the information was assembled or developed, it is important for providers [and for courts] to be aware of whether information is prepared for reporting to a PSO.
Guidance at 32656.
Data incapable of qualifying as privileged is limited to: (1) information comprising patient records ; and (2) information compiled for the purpose of satisfying a mandatory external obligation or a mandatory condition of a voluntary program other than the program established by the Act ; and (3) information assembled outside the provider's PSES because a hospital's governing authority deems it necessary to the provider's operation. If the information gathered does not fall within any of these three kinds of exceptions to PSWP, it can qualify for the privilege, provided it was assembled within the PSES with the intention that it be submitted to a PSO. That was precisely the nature of the report for which discovery has been sought in this case. It is PSWP and no exception to PSWP applies; it qualifies under the Patient Safety Act as privileged.
See Section VI , supra.
See Sections VII.A. and VII.B. , supra.
See Section VIII, supra.
XI. Conclusion
The petition in this case demonstrates that the report Flowers seeks is privileged. It was created within the PSES for submission to a PSO, and it was submitted to a PSO. It was not a patient record; it was not prepared for, nor needed to satisfy, any external obligation or condition of participation in any government-sanctioned program; and it was not created for a business purpose such as internal risk management or voluntary submission to a voluntary program. The petition for a writ prohibiting the Respondent from enforcing its March 3, 2017 order compelling production of the report is GRANTED.
ALL CONCUR.