Skip Navigation U.S. Department of Health and Human Services
Agency for Healthcare Research Quality
Archive print banner

Patient Safety and Quality

This information is for reference purposes only. It was current when produced and may now be outdated. Archive material is no longer maintained, and some links may not work. Persons with disabilities having difficulty accessing this information should contact us at: Let us know the nature of the problem, the Web address of what you want, and your contact information.

Please go to for current information.

Study discusses the legal aspects of providers sharing information on medical errors

Several health care institutions in the United States have formed patient safety consortia to share information and analyze data on medical errors. Lessons learned regarding effective safety practices are disseminated to the consortia members to improve patient safety in their facilities. However, this exchange of information about medical errors may make health care institutions vulnerable in legal proceedings. In a recent paper, supported in part by the Agency for Healthcare Research and Quality (HS11905 and HS11521), researchers discuss legislation that could help address these concerns and the liability issues of the Health Insurance Portability and Accountability Act (HIPAA).

The authors suggest that Federal and State legislation could be extended to include protection for data and discussions related to safety and quality improvement used internally by health care organizations. At present, only Federal research protection under the Agency for Healthcare Research and Quality (AHRQ) appears sufficient, and then only if the information exchange is confined to the intended safety efforts. Without AHRQ protection, discovery rules and privilege laws could likely allow such information to be used in lawsuits.

HIPAA privacy rules, which ensure patient confidentiality, also create issues of liability. To avoid the need to obtain authorization from all patients whose clinical information is used or disclosed in the safety consortia, both consortia members and the information repository must ensure that all appropriate identity markers and indicators are removed from patient records so that patients cannot be identified. It is equally important to remove identifiers of providers and institutions in data submitted to the repository or shared among consortium members.

See "Learning from others: Legal aspects of sharing patient safety data using provider consortia," by Bryan A. Liang, M.D., Ph.D., J.D., Matthew B. Weinger, M.D., and Steven Suydam, M.D., J.D., in the June 2005 Journal of Patient Safety 1(2), pp. 83-89.

Return to Contents
Proceed to Next Article

The information on this page is archived and provided for reference purposes only.


AHRQ Advancing Excellence in Health Care