lection, sharing, and analysis of such data (not considered in this chapter) would be to change the legal environment in which health care organizations and providers operate. Exclusive enterprise liability, shifting liability for medical injuries from individual practitioners to responsible organizations, has been suggested to possess several advantages over the current liability system.1, 2, 3, One of these is to remove the fear of personal liability from individual health care workers, eliminating this incentive to hide errors. Another proposed reform, no-fault compensation for medical injuries, might promote reporting by eliminating the adversarial inquiry into fault and blame that characterizes the current liability system.4 Workplace injuries to employees are handled within an example of such a no-fault, enterprise-liability system.5
Together, enterprise liability and no-fault compensation might produce a legal environment more conducive to reporting and analysis, without the elaborate legal and practical strategies needed to protect data under the current liability system. An analysis of enterprise liability and no-fault compensation systems is beyond the scope of the Quality of Health Care in America project, but the committee believes that the issue merits further analysis.
This chapter examines legal precedents and practical experiences bearing on how and to what extent information can be protected in error reporting systems when it leaves the health care organization that generated it. Legal protections like state peer review shields and laws created to protect a specific reporting system have much promise. Many current state peer review statutes, however, may not protect data about errors shared in collaborative networks, especially across state lines, or reported to voluntary reporting systems (e.g., independent data banks). A combination of practical and legal safeguards may be the best approach to protect the data in voluntary reporting systems from discoverability. The practical safeguards of anonymous reporting and de-identification (removal of identifying information after receipt of the report) can confer some, but not complete, protection. Statutory protection could add three benefits to some level of de-identification: (1) it could provide an added measure of security for the data; (2) it could protect from subpoena identifiable reporters and recipients of the reports; and (3) it could permit the reporting system to obtain and retain information that might identify the reports and reporters.
RECOMMENDATION 6.1 Congress should pass legislation to extend peer review protections to data related to patient safety and