Oklahoma Legislature significantly expands peer review privilege
Oklahoma’s peer review statute provides that peer review information is private, confidential, and privileged. It encourages health care professionals to police themselves by evaluating their peers. It also promotes the continuous assessment and improvement of care provided so that patients and health care professionals can benefit.
The peer review privilege protects peer review information generated during the course of a peer review process. Until recently, a peer review process referred to a process, program, or proceeding, including a credentialing or recredentialing process, utilized by a health care facility or county medical society to assess, review, study, or evaluate the credentials, competence, professional conduct, or health care services of a health care professional. Health care facilities included licensed hospitals, ambulatory surgery centers, and the clinical practices of accredited allopathic and osteopathic state medical schools. The protections afforded by the Oklahoma peer review statute did not extend to peer review information generated during the course of a peer review process conducted by a medical clinic, physician group practice that was not part of an accredited state medical school, or any other entity or organization involved in the delivery of health care services.
Effective November 1, 2014, the statutory protection was extended to cover peer review information generated during the course of a peer review process conducted by a “health care entity.” A health care entity includes, in addition to licensed hospitals, ambulatory surgical centers, and clinical practices of accredited state medical schools, any entity directly involved in the delivery of health care services that engages in a credentialing or peer review process. Consequently, physician group practices, medical clinics, and others may take advantage of the peer review protection that was previously limited to hospitals, ambulatory surgery centers, and clinical practices of medical schools.
The change in the definition from “health care facility” to “health care entity” significantly expands the types of organizations that may take advantage of peer review protection afforded by the statute. The expanded provision includes any entity “directly involved in the delivery of health care services” that engages in a credentialing or peer review process. The definition does not specify that the entity must “provide” health care services or medical care to patients. It does not require the entity to employ or engage health care professionals to provide health care services.
Presumably, organizations that provide or arrange for health care services, assist with or carry out medical functions, are delegated responsibility for medical functions, operate networks of health care professionals, or support medical decision-making would be included to the extent they are directly involved in care delivery, as long as they engage in a credentialing or peer review process. Those organizations could include HMOs, PPOs, accountable care organizations, physician-hospital organizations, independent practice associations, clinically integrated health networks, health plans, nursing homes, home health agencies, hospices, and other entities.
Hospitals that employ physicians could avail themselves of the privilege before the 2014 amendment with respect to credentialing, recredentialing, and peer review activities involving employed physicians, even if those physicians were employed in a separate hospital-controlled entity, as long as the activities were conducted as part of a process, program, or proceeding utilized by the hospital to assess, review, study, or evaluate the credentials, competence, professional conduct, or health care services of the employed physicians. Now, physicians employed by a hospital can also take advantage of the new provision that protects entities directly involved in the delivery of health care services, even if the activities are not conducted as part of a process, program, or proceeding utilized by the hospital.
In order to be protected, peer review information must be generated during the course of a process, program or proceeding utilized by a health care entity. The statute does not mandate that the process, program, or proceeding must be conducted by a hospital, its medical staff, a hospital or medical staff committee, a specially designated or appointed peer review committee, or any other designated body. The statute does not mandate that the activities be conducted in Oklahoma or by an Oklahoma organization. The processes, programs or proceedings must be “utilized by” the health care entity.
Accordingly, a health care entity may utilize a process, program, or proceeding established, maintained, provided, or operated by another body or entity, including those located outside the state. Examples may include those maintained or operated by (a) an HMO, PPO, special needs plan, other type of health plan, or managed care organization (such as a credentialing, utilization management, grievance, case management, quality assessment, or other program); (b) a governmental agency or regulatory authority (such as a licensing board); (c) an accreditation body; (d) a trade association (for example, the Oklahoma Hospital Association, the Oklahoma State Medical Association, the Oklahoma Osteopathic Association, or a county medical society); (e) a university, medical school, or other professional school; (f) a medical group practice; (g) an accountable care organization, physician-hospital organization, independent practice association, or clinically integrated network; (h) a professional standards review organization; or (i) an institutional review board. These are merely examples of organizations that may conduct some form of peer review activities. Health care entities may utilize the processes, programs, or proceedings of these organizations, agencies, and bodies.
A credentialing or recredentialing process is limited to those processes, programs and proceedings utilized by a health care entity to assess, review, study, or evaluate the credentials of a health care professional. A peer review process encompasses not only activities involving the credentials of a health care professional, but also those involving competence, professional conduct, or health care services of a health care professional. The principal distinction between a credentialing or recredentialing process, on the one hand, and a peer review process, on the other, is that the credentialing or recredentialing process is performed or conducted to pass on credentials, while a peer review process involves credentials, competence, professional conduct, or health care services.
These processes are defined in terms of activities to “assess, review, study, or evaluate.” This would allow for the activities to be performed or conducted prospectively, concurrently, or retrospectively. There is no requirement that such activities occur after patient care is provided, nor as a retrospective review and evaluation of care previously provided by a health care professional to a patient.
The assessment, review, study, or evaluation must pertain to a health care professional. A health care professional means any person who is authorized to practice:
- allopathic medicine and surgery,
- osteopathic medicine,
- podiatric medicine,
- psychology, and
- dentistry or a dental specialty.
The definition of “health care professional” does not include nurses (including CRNAs and Advanced Nurse Practitioners), pharmacists, physicians’ assistants, medical technicians, social workers, or other allied health professionals.
The peer review statute does not limit individuals who are conducting peer review or participating in a peer review process as “reviewers” to health care professionals. Nurses, technicians, and others who are not medical professionals may serve as peer reviewers. However, the evaluation or review of activities of individuals who are not “health care professionals,” as defined by statute, will not constitute a peer review process.
Also, the peer review statute does not prescribe or define when a peer review process or a credentialing process begins or ends. Health care entities will need to identify the various types of peer review activities conducted and document their commencement. Some peer review proceedings will be specifically identifiable in terms of their commencement and completion. Others will be continuous and ongoing.
The definitions of “peer review information” and “credentialing or recredentialing data” are significant. They are clear in part, but leave room for future disputes and interpretation.
Peer review information means all records, documents and other information generated during the course of a peer review process. It includes reports, statements, memoranda, correspondence, record of proceedings, materials, opinions, findings, conclusions and recommendations, credentialing data, and recredentialing data. To the extent records, documents, and other information, whether written or oral, are “generated during the course of a peer review process,” they constitute peer review information unless they fall within one of the six exclusions from the definition. The exclusions are:
The medical records of a patient whose health care “in a health care entity” is being reviewed. Medical records are not to be considered peer review information, even if presented to a peer review body.
- Incident reports and other like documents regarding health care services being reviewed, regardless of how the reports or documents are titled or captioned. This will continue to be an area of dispute, especially since incident reports are frequently prepared indiscriminately and are captioned in a variety of ways. Typically, however, incident reports will not be generated during the course of a peer review process; they will most likely have been previously created.
- The identity of any individuals who have personal knowledge regarding the facts and circumstances surrounding the patient’s health care in the health care entity. This exclusion is limited to individuals with “personal knowledge.” That knowledge must pertain to facts and circumstances surrounding the patient’s health care. Primarily, this exclusion will cover individuals who are directly involved in the patient’s care. Their personal knowledge must relate to the facts and circumstances of the patient’s care “in the health care entity,” not elsewhere.
- Factual statements regarding the patient’s health care in the health care entity from any individuals described in 3 above. The factual statements must have been generated outside the peer review process. Factual statements made by such individuals that are generated during the course of a peer review process constitute peer review information.
- The identity of all documents and raw data previously created elsewhere and considered during a peer review process. The key words are “previously created elsewhere.” The fact that documents and raw data previously created elsewhere are presented, considered, or evaluated during a peer review process does not make them peer review information.
- Copies of documents and raw data previously created elsewhere and considered during the peer review process, whether available elsewhere or not. Again, the key words are “previously created elsewhere.” This provision does not obligate health care facilities to maintain separate copies of such documents and data in a designated peer review file, even if they were considered during a peer review process.
These six exclusions will continue to give rise to disagreements among parties to litigation. They essentially involve factual information and items generated outside of a peer review process. In most instances, they will have been created or prepared prior to the commencement of a peer review process. In contrast, the discussions, deliberations, opinions, findings, and conclusions of the participants in a peer review process should be considered “peer review information” and do not fall within any of these exclusions.
The definition of “credentialing or recredentialing data” is important because credentialing or recredentialing data is “peer review information.” Credentialing or recredentialing data includes four items:
- The application submitted by a health care professional requesting appointment or reappointment to the medical staff of a health care entity or requesting clinical privileges or other permission to provide patient care services at a health care entity. Applications for appointment and applications for reappointment are covered. The application must have been submitted to request medical staff membership, clinical privileges, or permission to provide patient care activities at a health care entity. Some categories of health care professionals, such as chiropractors and optometrists, may not be permitted to become members of the medical staff or obtain clinical privileges at many health care facilities. Their applications requesting permission to provide patient care activities will suffice.
- Any information submitted by the health care professional in support of such application. To the extent the health care professional submits information in support of the application, it is credentialing or recredentialing data.
- Any information, unless otherwise privileged, obtained by the health care entity during the credentialing or recredentialing process regarding such application. The key words here are “unless otherwise privileged.” During the credentialing process, health care entities typically obtain recommendations and comments from other practitioners about a medical staff applicant. Those recommendations should be considered “otherwise privileged”; they fall squarely within the definition of “peer review information.” Also, health care entities usually obtain information and recommendations concerning medical staff applicants from other health care facilities and institutions. This information likewise should be “otherwise privileged” for the same reason. In a reappointment process, a health care entity would typically obtain and take into account evaluations of the applicant’s past patient care activities and professional conduct. Again, the information obtained should be considered “otherwise privileged” to the extent it is pre-existing peer review information.
- The decision made by the health care entity regarding the application. The discussions, deliberations, opinions, findings, and conclusions of the participants in a credentialing or recredentialing process constitute peer review information. The decision made by the health care entity falls within the definition of credentialing or recredentialing data. The decision is the outcome of the deliberative process. The goal and fundamental purpose of the statute is to promote open and candid discussions and evaluations of peers. This goal is furthered by including in the protections afforded by the statute the decision made by the health care entity.
Peer review information is private, confidential and privileged. “Private” addresses the non-public nature of the process. “Confidential” addresses the duty to refrain from disclosing information to others. “Privileged” addresses a party’s right not to be compelled to testify or provide information in judicial proceedings.
The mandate that peer review information is private, confidential and privileged contains two principal exceptions.
First, a health care entity or county medical society may provide “relevant peer review information” to a state agency or board that licensed the health care professional who provided the health care services being reviewed in a peer review process or who is the subject of a credentialing or recredentialing process. Based upon this provision, information about a health care professional may be given to state licensing boards. The statute requires the health care entity to give notice to the health care professional, but does not require any specific form or content of the notice. Presumably, the health care entity must notify the health care professional that it has provided peer review information to a licensing board. It does not appear that the notice must set forth the details of the information furnished.
The second exception provides that credentialing and recredentialing data, as well as the recommendations made and action taken as a result of any peer review process, are subject to discovery in limited circumstances. They are discoverable in a civil action in which a patient (or patient’s representative) has alleged that the health care entity was independently negligent as a result of permitting the health care professional to provide health care services to the patient in the entity. The civil action would mostly likely be a malpractice action involving the health care professional or a corporate liability claim involving the health care entity. The alleged negligence must relate to the health care services provided to the patient in the entity from which the information is sought.
In this second exception, discovery is limited to credentialing data, recredentialing data, and the recommendations made and action taken as a result of any peer review process. Other peer review information remains protected. Opinions, findings, conclusions, reports, memoranda, correspondence, records of proceedings, other materials, and the deliberations of participants in the peer review process are not subject to discovery. Also, the recommendations made and actions taken are discoverable only if they were made or taken prior to the date of the alleged negligence.
Even though the recommendations and action may be discovered under these limited circumstances, their use and admissibility as evidence is restricted. They are not admissible until a judge or jury has found the health care professional to have been negligent in providing health care services to the patient in the health care entity. This provision, in effect, prohibits admission of the information in a malpractice action against a health care professional.
If, in a malpractice action, a judge or jury has found the health care professional to have been negligent in providing health care services, the health care professional’s credentialing and recredentialing data would be admissible. Also, the recommendations made and action taken as a result of a health care entity’s peer review process may be admissible in that malpractice action. The need for or relevance of the data and information raises questions. It may, for example, be relevant and material in the same or another action against a health care entity based on a corporate liability theory. They may provide evidence that the health care entity breached its duty to the patient if they support a conclusion that the health care entity was aware of the health care professional’s incompetence.
Admissibility is permitted only after a judge or jury has found that the health care professional was negligent in providing health care services to the patient in the health care entity. If a malpractice claim against the health care professional is settled, the discovered information would not be admissible. A finding of negligence by an arbitrator or an administrative body does not give rise to admissibility.
If the recommendations made or action taken are discovered under this second exception, the information discovered may not include the identity or means by which to ascertain the identity of any other patient or health care professional.
Participants in a peer review process may not be “permitted or required” to testify regarding the process in any civil proceeding or disclose by responses to written discovery requests any peer review information. Under this provision, a participant in the process who is willing to testify or disclose information may not do so.
The peer review statute does not address a number of issues. It does not identify the person or organization that holds the privilege, that may assert the privilege, or that may waive the privilege. Presumably, the privilege may be asserted by any health care entity or professional that authorizes, sponsors, conducts, or participates in the peer review process; any health care professional that is the subject of the peer review process; any health care entity or professional that is a party to an action in which peer review information is sought; and any health care entity or professional to whom a request for peer review information is directed. The statute does not authorize or permit a waiver of the privilege.
Where adverse action is taken with respect to the medical staff membership or clinical privileges of a health care professional (such as denials of applications for appointment or reappointment, suspensions, revocations, or other actions), the health care professional may wish to obtain peer review information in order to evaluate the basis for or reasonableness of the adverse action taken. The professional may also want to obtain peer review information to disprove its veracity or to provide evidence in subsequent proceedings and hearings. The statute does not provide an exception that would permit a health care professional to obtain peer review information in these instances.
Entities that are “directly involved in the delivery of health care services” should welcome this expansion of the peer review statute and the legal protection afforded to peer review information generated during the course of a peer review process. The 2014 amendments to the peer review statute will likely give rise to disputes regarding the types of entities and organizations covered by this new broad and expansive definition.
Health care entities should take steps to protect peer review information, including credentialing and recredentialing data. Among other procedures, health care entities should:
- Document the processes and programs they use for peer review proceedings, including methods of initiating proceedings, the types of matters that are subject to peer review, methods of appointing or establishing peer review bodies, and peer review procedures (including procedures relating to investigations, meetings, reports, discussions with individuals who may have or provide information, deliberations, recommendations, hearings, and appeals).
- Establish separate, secure files – either paper or electronic – that are locked (for paper files) or password protected or encrypted (for electronic files), and restrict access to those files.
- Carefully evaluate requests by physicians to review their own credentialing, recredentialing, or other peer review files.
- Be especially careful in preparing minutes, summaries of meetings, reports, recommendations, and other documentation of peer review proceedings.
- Inform and periodically remind those involved in peer review processes about confidentiality.
- Ensure that peer review processes are not used for retaliation against a health care professional, anti-competitive purposes, malicious motives, discriminatory practices, unwarranted threats, bad faith peer review, or other improper conduct.
- Clearly and conspicuously identify peer review documents and information as privileged.
- Generally, not furnish or distribute copies of peer review documents and information to those who are not involved in the specific peer review process.
- If peer review documents and information are furnished during meetings to those who are involved in a specific peer review process, collect the documents and information when the meeting is adjourned. If peer review documents and information are furnished electronically to those who are involved in a specific peer review process, utilize methods to restrict, limit, or arrange for discontinued access, as appropriate.
- Inform those who are granted access to peer review documents and information about the importance of confidentiality and the significance of the peer review privilege.
- Maintain logs of those who are granted access to peer review documents and information.
- Provide training to those who may have access to peer review documents and information regarding the privileged nature of the documents and information and the implications of disclosure.
- Establish procedures for dealing with requests for access to peer review files, including subpoenas in legal proceedings, requests or subpoenas from licensure boards and governmental agencies, or other requests.
- Notify legal counsel when they receive subpoenas and court orders for peer review information and involved legal counsel in the decision-making process regarding responses and disclosures.
- Notify legal counsel if they receive requests or demands from attorneys for peer review information or if they receive threats from attorneys that they intend to take legal action to gain access to peer review information.
- Not discuss peer review information or other matters with attorneys who represent parties who are adverse or potentially adverse, and immediately refer them to the health care entity’s legal counsel.