Skip to content

Parsing the Privileges - Part 1: Attorney-Client Privilege/PSQIA

The attorney-client privilege is a powerful legal protection that serves a critical purpose when clients and attorneys communicate. It prohibits the forced disclosure of information provided by a client to their attorney for purposes of seeking legal advice. However, it has several limitations that distinguish it from other statutory and common-law protections.

In the earlier days of my career—before the Patient Safety and Quality Improvement Act[1] I worked for an organization that put “Confidential Attorney-Client Communication” on every document they didn’t want to share publicly. Some of the materials actually reached an attorney; others did not. I objected to the practice for two reasons. First, many of the documents were not attorney-client communications, which meant that any energetic plaintiff’s attorney or regulator could break through the claim of privilege. Even more disturbing was the possibility that by putting the language on everything, we would dilute its meaning so that a judge wouldn’t believe that any of it qualified for protection and staff would become careless handling the material.

Fast forward to 2023, and I sometimes see the Center for Patient Safety’s PSO clients fall into a similar trap when they rely on the attorney-client privilege to protect patient safety and quality work when other laws provide much more robust protection. So, let’s look at the attorney-client privilege in the context of patient safety and quality and examine a couple of other (better) options.

“But it’s worked so far…’

It’s easy to believe that legal protections are effective when they have never been robustly challenged. After all, you haven’t had to produce any secret stuff. One prospective client’s attorney, who had used the standard non-PSO boilerplate for years, had an epiphany as we drilled down into the true nature of attorney-client privilege. As she began to understand how unprotected their work was and the broader protection of the PSQIA, she said, “I guess just because we have relied on it doesn’t mean it protects us.” Courts comparing the privileges in the patient safety context have denied the applicability of attorney-client privilege.[2]

The Gaps in Attorney-Client Privilege

The attorney-client privilege serves a critical purpose when clients and attorneys communicate; attorneys can only serve their clients effectively if they have complete information. It prohibits (1) the forced disclosure (2) of information provided by a client to their attorney (3) for purposes of seeking legal advice. The privilege also protects the advice offered by the attorney and binds the attorney receiving the information from disclosing it without permission. Within that space, it is a powerful privilege. Because of the potential to abuse this strong protection, the attorney-client privilege has several limitations that distinguish it from other statutory and common-law protections.

  • The protected people. Only the attorney(s), individual client(s), and the appropriate agents of an organizational client can participate in or witness the protected communication. State law varies about which corporate representatives can be part of the protected group. Still, even the most liberal states say that, to benefit from the privilege, the organization can only share information with those able to implement the legal advice. (Note this assumes that the parties can identify the specific legal advice at issue.)
  • Waiver. If others outside this small group either participate in the original sharing of information or receive it later, the privilege is waived.
  • Seeking legal advice. The client must seek legal advice from the attorney, not business advice. If a non-attorney could provide the same counsel, attorney-client privilege likely won’t apply.

Let’s apply these considerations to some types of data commonly protected as Patient Safety Work Product under the PSQIA.

  1. Event reports

The first and most obvious question is whether your event reports are designed and collected to obtain legal advice. Some may reflect possible malpractice scenarios, but the reports generally serve a much broader purpose. Do they go to individuals outside the “legal advice channel?” Do they serve other patient safety and performance improvement goals that don’t rely on attorney advice? If so, then attorney-client privilege will leave significant gaps in the protection.

PSQIA: If the organization defines its event reports as part of its Patient Safety Evaluation System, it benefits from the full, broad protection of the PSQIA for those reports and related patient safety activities (see sidebar). The organization can share appropriate reports with the staff managing defense litigation (and defense counsel) without losing the PSQIA-protected status.

  1. Investigation and analysis of events and concerns

Once the organization learns of an event or a troublesome trend, it will investigate to discern the facts and analyze them with an improvement lens. The improvements generally consist of operational or clinical changes, not legal. Even if an attorney participates in the process, their legal expertise is seldom essential. The involvement of staff and other participants in the process may be inconsistent with the restrictions of attorney-client privilege

PSQIA: All work (information gathering, deliberations, and analysis) within the PSES can be protected, with a few exceptions. Organizations define their own “safe space.” Anyone with relevant information or background can participate.

pso final rule list

  1. Measuring the impact of past improvements

Not all changes work the first time, so patient safety and quality staff measure the impact of changes and, if necessary, return to the design and implementation stages to achieve meaningful improvement. Though an attorney could participate in this process, one might be hard-pressed to argue that the work requires legal expertise. Instead, safety and quality experts, as well as clinical staff, will manage this work. This work is very unlikely to relate to legal advice.

PSQIA: The refinement of improvements falls clearly within the defined Patient Safety Activities, so related work, deliberations, and analysis quality that take place inside the defined PSES qualify for full PSQIA protection.

  1. Sharing lessons and training staff using Patient Safety Work Product

The constraints of the attorney-client privilege would result in a waiver if protected information is shared beyond the small group required to develop and apply the attorney’s advice. Typically, the privilege would protect what is shared with the attorney and the actual advice that results. While the organization will use the advice to take appropriate action, it can’t share the advice itself or the “work” behind it.

PSQIA: Recognizing that the background data and rationale behind a change can improve its adoption, the PSQIA permits a provider to share PSWP within its workforce.

The Attorney-Client Privilege Role in Risk and Claims

Events that pose litigation risk require the involvement of lawyers and others who can advise the organization. PSO participants can share their PSWP with the agents (insurance contacts, attorneys, etc.) with whom they consult directly for advice in managing the legal side of those situations. However, those PSWP recipients are bound by the confidentiality rules; there is no waiver. At this point, the specific privileges for attorneys can attach.

While safety and quality material is a poor fit for the attorney-client privilege, work related to analyzing and preparing a case for possible litigation falls squarely within its boundaries. A separate line of protection for attorney work product can also apply to protect the information gathered or prepared by the attorney for litigation. The most important advantage to attorneys relying on their own privilege is that they can waive it if they want to use information they have found or developed.

The Center for Patient Safety advises its PSO participants to have two work pathways: one for safety and quality work and another for potential litigation defense. While some small overlap may exist, this approach gives each type of work the specially crafted protection it needs.

State Law Confidentiality

State Privileges vs PSQIA Protections_CPS2311Most states have statutory provisions that provide some privilege and/or confidentiality for patient safety and quality information. The related article (Parsing the Privileges Part 2) looks at the advantages and disadvantages of using those. Download a State Privileges and PSQIA Protections Comparison. If you have questions about setting up your PSES to best use the PSQIA and attorney-client privilege, you can contact us HERE.


[1] Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act, Pub. L 109-41), 42 U.S.C. 299b–21 through 299b–26; Final Rule: Final Rule (42 CFR Part 3). Both are accessible at Resources About the Patient Safety and Quality Improvement Act of 2005 | PSO (

[2] Fancher v. Shields, No. 10 CI-4219, Jefferson Circuit Court, Kentucky (August 16, 2011). “Clearly, the sentinel event and root cause analysis information was not prepared for the purpose of facilitating the rendition of legal services…It was not intended to be solely entrusted to the confidence of the Defendant’s attorney, but was for other business purposes. The privilege does not apply.”