Newsletter Sign-up

While the Patient Protection and Affordable Care Act (the Affordable Care Act) was enacted in 2010, many provisions--including requirements that healthcare providers collect and report more quality-of-care data--won't be fully implemented for several years.

Those mandates, however, could create professional liability problems for those that fail to begin preparing immediately.

Meanwhile, providers' eventual reliance on electronic health records to manage their growing data collection and reporting responsibilities means they will have to develop protocols that ensure patient data are recoverable as part of the discovery process in lawsuits.

The new law's requirement for greater transparency of data on provider performance builds on a movement sparked by the Institute of Medicine in 1999, when it published a report on medical errors, said Emily Rhinehart, vice president and division manager of global loss prevention in the healthcare division at Lexington Insurance Co. The report, To Err is Human, estimated that up to 98,000 hospital patients die annually because of medical errors.

Since then, the Centers for Medicare and Medicaid Services, the largest purchaser of healthcare services in the United States, has been a key force behind a growing number of reports on the delivery of healthcare, Rhinehart said.

For example, the CMS in 2005 launched its Hospital Compare website--an online tool to compare hospitals' quality of care and survey ratings from patients--and has since increased the site's data and performance reporting requirements.

Many states now require that hospitals report adverse events, which the National Quality Forum calls serious reportable events. Pennsylvania and Minnesota publish serious reportable event summaries for each hospital within their respective borders, and more states can be expected to follow suit.

Thirty-seven states also require hospitals to report information on healthcare-associated infections, and several states publish the aggregate data. Pennsylvania publishes infection rates by hospital.

More data on the quality of care physicians provide also is becoming readily available. For example, the CMS recently launched its Physician Compare site as a "find-a-doctor" resource. The site is expected to add data related to, among other things, outcomes for specific diagnoses--such as diabetes and hypertension--within the next few years.

Additionally, the CMS is developing Physician Quality Reporting measures. Current drafts include 240 measures of both process and outcomes of care.

From the medical liability perspective, healthcare providers are concerned that plaintiffs' attorneys might try to distort information about outcomes or infection rates, or cite information out of context to create malpractice claims.

As a result of this greater transparency, even the most skilled professional providers who routinely treat more high-risk patients than their peers with less severe patient-acuity rates could become key targets for the plaintiffs' bar, said Brad Cox, senior vice president and healthcare division executive at Lexington. Plaintiffs' attorneys will be able to mine all of this data for inconsistencies among peers, Cox said. Once inconsistencies are found, attorneys could search for plaintiffs to sue a medical provider.

If transparency is the goal, then reported data needs to be protected from this type of misuse, said malpractice defense attorney Chad Brouillard of Cambridge, Mass.-based Foster & Eldridge LLP.

Meanwhile, to manage this growing volume and complexity of reporting, healthcare providers will have to turn to electronic health records, which the Affordable Care Act encourages.

Implementing electronic health records eventually will improve providers' ability to capture and store information on individual patients as well as aggregate data for quality reporting. It also will assure that the health record is available any time to any provider with access to the electronic health records system. Such access could reduce errors, since past history and diagnostic results will be available to current providers, Rhinehart said.

But while electronic health records have many advantages, they also pose liability concerns that keep evolving as technology does.

For example, inaccurate or incomplete data entry as well as copying and pasting records inconsistently can lead to liability. User error related to computer order entry systems already has been identified, Cox said.

In addition, until these software products are standardized, which should improve efficiency in a clinical setting, poorly designed or implemented electronic health records can create liability exposures, Brouillard said.

To mitigate their malpractice exposures as data collection and reporting expands, physicians and especially boards of directors for health care facilities must become more engaged in the process. They should develop policies to help ensure that:

-- Their electronic health records systems accurately capture and report data, including adverse events.

-- Negative trends are identified and addressed and all follow-up is documented.

-- Peer review is strengthened to identify and improve poor performers.

-- There is appropriate training on and adherence to electronic health records policies.

-- Performance improvement, risk management, patient safety, the medical staff and the board's quality functions are coordinated.

Much of this new volume of electronic data could be pertinent in a malpractice case, so providers also must develop protocols to ensure they retain appropriate data. That includes email communications between providers and data related to various systems, such as laboratory, pharmacy and imaging systems.

Developing discovery protocols and implementing data retention systems could be expensive. But failing to, and thereby running afoul of a court order to produce the data, could be even more costly.

To help ensure they meet their discovery obligations, providers should develop and follow a written policy that meets both state and federal discovery rules. At a minimum, the policy should:

-- Address all types of data the provider creates, receives and stores.

-- Contain a procedure for executing a court's legal hold on data, which bars data destruction, even under an auto-deletion process, and forbids any further modification of the data.

-- Detail how legacy data will be safeguarded after an information technology system has been retired.

-- Name a custodian responsible for executing the plan.

Courts will not look favorably on defendants that allow employees to decide what data to retain absent written guidance or organizational policy.

More information on Affordable Care Act's effect on the medical professional liability insurance market is available at www.lexovations.com/healthcare.

(The above piece is part of our continuing Perspectives series designed to highlight key products and services to our readers. This paid-for Perspective was written and edited by Risk & Insurance® on behalf of our marketing partner. Additional Perspectives can be found on our Web site at www.riskandinsurance.com/.)

September 15, 2011

Copyright 2011© LRP Publications