Bennett & Brachman's Hospital Infections, 5th Edition

17

Legal Aspects of Healthcare-Associated Infections

Tammy Lundstrom

Overview

This chapter briefly reviews the basics of medical malpractice as it relates to healthcare-associated infections (HAIs). Then it discusses some of the current legislation that impacts the practice of infection prevention and control and hospital epidemiology. Regulatory agencies and pay-for-performance are discussed elsewhere in this text, so they will not be covered extensively here.

Introduction

HAIs have received increasing attention since the release of the landmark Institute of Medicine (IOM) report To Err Is Human, which highlighted the morbidity and mortality associated with medical errors [1]. HAIs account for an estimated 2 million infections, 90,000 deaths, and $4.5 billion dollars in excess healthcare costs annually [2]. This information has not gone unnoticed by the consumer; a proliferation of consumer Web sites call on regulators, legislators, professional societies, and healthcare organizations themselves to intervene to reduce the incidence of HAIs [3,4,5]. As of this writing, 15 states through state legislative action have mandated reporting HAIs, 14 of which have mandated public reporting, and most other states have introduced or are considering such legislation [6]. The Centers for Disease Control and Prevention's (CDC) Healthcare Infection Control Practices Advisory Committee (HICPAC) has issued a guidance document for states considering legislation while concluding that, at the time the document was written, there was not enough evidence to make strong recommendations for or against mandatory public reporting of HAIs [7]. Subsequently, the Association for Professionals in Infection Control and Epidemiology (APIC) and the Society for Healthcare Epidemiology of America (SHEA) issued joint guidance on model legislation [8]. Most legislation introduced after the development of these two documents has incorporated their recommendations.

In 2006, the United States House of Representatives Committee on Energy and Commerce's Subcommittee on Oversight and Investigations held a hearing on HAIs entitled Public Reporting of Hospital-acquired Infection Rates: Empowering Consumers, Saving Lives [9]. After hearing testimony from consumer groups, healthcare organizations, and state collaboratives, the conclusion was that federal legislation is premature and that results from ongoing state efforts may help shape any future federal action.

Although federal action on public reporting of HAIs did not materialize in 2006, many other recent legislative initiatives touch on the practice of infection prevention

P.248

and control and healthcare epidemiology including privacy laws, the move toward tort (malpractice) reform, public health response to emerging and reemerging pathogens, patient safety legislation, disclosure of adverse events to patients, and changes to Medicare and Medicaid rules, among others. The brief description of each that follows serve as an introduction for those in the infection prevention and control fields.

Medical Malpractice and Healthcare-Associated Infection

Despite physician fears of litigation, the landmark Harvard Medical Practice study determined that 3.7% of hospitalizations in New York in 1984 resulted in adverse events, and approximately one-third of these resulted from negligence [10]. Only about 2% of patients suffering negligent injury actually filed malpractice claims [10]. Conversely, less than one-fifth of all claims filed involved negligent injury [10,11]. Nonetheless, there is a strong likelihood that every surgeon will be named in a lawsuit at some time in his or her career [12].

Medical malpractice cases are tried under negligence theory. In a typical medical malpractice case, the plaintiff must prove that the defendant had a duty to the plaintiff, the defendant breached that duty, the breach of duty caused the plaintiff's injury, and the plaintiff actually suffered damages as a result of the breach of duty [13]. Duty usually is established by showing that there is a standard of care that was not followed; this is most frequently shown through the testimony of an expert witness. A national standard of care is frequently sufficient in this era of easy access to information via the Internet, meaning that the expert witness need not come from the same state or area of the country as the defendant but generally is someone with similar background, training, experience, and specialty board certification. Local variation in practice based on facility, service, or equipment differences may still be relevant in some locals [14].

Standards of care also may be established by using evidence-based guidelines, accreditation requirements, federal and state law, and the hospital's own policies and procedures or a combination of them. Thus, when the Joint Commission on Accreditation of Healthcare Facilities [15]. (JCAHO) required hospitals to follow Centers for Disease Control and Prevention (CDC) guidelines for hand hygiene [16], the CDC recommendations look legally more like a national standard of care than the word guidelines would lead one to believe. Often an expert witness still is required to authenticate the guideline. In addition, with the proliferation of guidelines from professional societies, experts may interpret evidence differently, leading to inconsistencies between guidelines for the same condition [17]. The defendant could use this to show that there is no professionally agreed upon single standard of care.

As the JCAHO noted, a recent study of obstetric patients found “a six-fold increase in risk of litigation for cases in which there was a deviation from relevant clinical guidelines. Further, one-third of all obstetrical claims analyzed in the study were linked to non-compliant care” [18].

Another legal theory that has been suggested as applicable to medical malpractice is the doctrine of res ipsa loquiter, or “the thing speaks for itself.” To prevail with this theory, the plaintiff has to prove that (1) the event must be of the kind that ordinarily does not occur in the absence of someone's negligence, (2) it must be caused by an agency or instrumentality within the exclusive control of the defendant, and (3) it must not have been due to any voluntary action or contribution on the part of the plaintiff [19]. This theory is used in circumstances such as surgery on the wrong body part and when the plaintiff underwent surgery and awoke with an injury remote from the surgical site, as in Ybarra v. Spangard [19]. It also has been successfully utilized in instances of a retained foreign body after surgery [20].

In a recent case, a plaintiff attempted to use the res ipsa doctrine when he developed a Staphylococcus aureus surgical site infection following micro lumbar laminectomy [21]. However, the court found that the doctrine did not apply because the infection could have occurred in the absence of anyone's negligence [21]. The plaintiff's expert testified that the infection could have occurred through “(1) foreign object left during surgery; (2) use of non-sterile instruments; (3) non-sterile hands of surgical personnel; (4) other breaks in sterile procedure; (5) post-operative infections of intravenous sites; or (6) presence of the bacteria on the patient's skin” [21]. The expert noted that “intra-operative infections in laminectomy patients occur in 1%–3% of the operations” [21] but had not reviewed the plaintiff's medical records and therefore could not testify that any infection control breaches had actually occurred [21]. In a more recent case, a plaintiff pleading res ipsa in a case of staphylococcal infection following cervical surgery lost because she did not present any evidence to show that the infection could not have occurred but for defendant's negligence [22].

Some consumer advocates are promoting the res ipsa doctrine for medical malpractice cases involving infection [23]. How courts will respond remains to be seen, but as of this date, the theory has not been very successful.

Recent collaboratives have shown marked reductions in HAIs, particularly catheter-associated bloodstream infection (CA-BSI) or ventilator-associated pneumonia (VAP) when all evidence-based “bundled” practices are followed [24,25]. In fact, some studies have even shown elimination of CA-BSI and/or VAP for many months at a time [25]. However, this example is not equivalent to showing that all such HAIs can be prevented in all patients in all settings, a finding that would make the res ipsa doctrine much more likely to yield a successful plaintiff's verdict.

P.249

Under theories of respondeat superior (“let the master answer”) or corporate negligence, the hospital may be held accountable for the actions of its staff and/or physician staff. With respondeat superior, the negligent act must be committed in the course of the employee's/physician's duties while acting within the scope of her or his employment. Under corporate negligence, a hospital may be found liable for negligently hiring or retaining its medical or other staff, such as the failure of a hospital to perform background checks on new staff.

It is estimated that medical malpractice costs the U.S. economy $28 billion dollars per year in combined litigation and defensive medicine costs [26]. The JCAHO notes that “there is in fact a fundamental dissonance between the medical liability system and the patient safety movement. The latter depends on the transparency of information on which to base improvement; the former drives such information underground. In sharp contrast to the systems-based orientation of the patient safety movement, tort law targets individual physicians” [27]. The JCAHO offers several suggestions for navigating this patient safety/medical malpractice impasse, including alternative dispute resolution and specialized health courts [27].

Infection Control Committees and Quality Protection Statutes

Most states have quality protection statutes that shield infection control committee minutes from discovery in the event of a malpractice suit. The theory behind these protective statutes is that investigation and frank discussion for the purpose of quality improvement will be stifled if committee members fear disclosure to plaintiff's attorneys. Infection control committee minutes are protected by the umbrella of quality improvement statues because confidentiality is essential to the functioning of the committee and discussions are aimed at improving the quality of care for subsequent patients.

Hospitals can voluntarily waive quality protection and reveal the results of an investigation if they so desire.

Public Health Emergencies and Quarantine

Federal statute delegates to the federal government (Department of Health and Human Services [DHHS]) the authority to prevent the introduction of communicable diseases into the Untied States from foreign countries [28]. Infectious diseases covered by federal isolation and quarantine statutes include “cholera, diphtheria, infectious tuberculosis, plague, smallpox, yellow fever, and viral hemorrhagic fevers. Severe acute respiratory syndrome (SARS) was added to this list in April 2003” [28]. In April 2005, executive order added “influenza caused by novel or reemergent influenza viruses that are causing, or have the potential to cause, a pandemic” to the list [29].

The CDC maintains federal quarantine stations at 18 sites where international travelers arrive [30]. These quarantine stations routinely monitor passengers entering into the United States who are suspected of having a communicable disease; the stations have the authority to temporarily hold planes in order to investigate suspected illness among foreign travelers arriving in the United States. Flight crews are required to notify the quarantine station of ill travelers arriving in the United States aboard inbound flights as soon as illness is detected [30].

In contrast to the federal government, states derive their power to isolate and quarantine under inherent “police power” required to maintain the health, safety, and welfare of its citizens. State laws regarding isolation and quarantine vary considerably.

HIPAA Privacy Laws and Infection Control

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 creates privacy protections for protected health information or information that includes name, date of birth, address, Social Security number, or other information that could be traced back to a single individual [31].

Disclosure of patient health information (PHI) without the authorization of the individual is permitted for purposes including but not limited to: (1) disclosures required by law and (2) “public health activities and purposes” [32]. This includes disclosure to “a public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to, the reporting of disease, injury, vital events …, and the conduct of public health surveillance, investigations, and interventions” [32].

“The Privacy Rule permits covered entities to disclose PHI without authorization, to public health authorities or other entities who are legally authorized to receive such reports for the purpose of preventing or controlling disease, injury, or disability. This includes the reporting of disease or injury; reporting vital events (e.g., births or deaths); conducting public health surveillance, investigations, or interventions; reporting child abuse and neglect; and monitoring adverse outcomes related to food (including dietary supplements), drugs, biological products, or medical devices” [33]. The ability to release PHI to public health authorities does not excuse the covered entity from providing an accounting of disclosures to the patient upon request; however, the disclosure accounting may as simple as follows:

Typically, the covered entity must provide the individual with an accounting of each disclosure by date, the PHI disclosed, the identity of the recipient of the PHI, and

P.250

the purpose of the disclosure. However, where the covered entity has, during the accounting period, made multiple disclosures to the same recipient for the same purpose, the Privacy Rule provides for a simplified means of accounting. In such cases, the covered entity need only identify the recipient of such repetitive disclosures, the purpose of the disclosure, and describe the PHI routinely disclosed. The date of each disclosure need not be tracked. Rather, the accounting may include the date of the first and last such disclosure during the accounting period, and a description of the frequency or periodicity of such disclosures. For example, the vast amount of data exchanged between covered entities and public health authorities is made through ongoing, regular reporting or inspection requirements. A covered healthcare provider routinely may report all episodes of measles it diagnoses to the local public health authority. An accounting of such disclosures to a requesting individual would need to identify the local public health authority receiving the PHI, the PHI disclosed, the purpose of the disclosure (required for communicable disease surveillance), the periodicity (weekly), and the first and last dates of such disclosures during the accounting period (e.g., May 1–June 1, 2003). Thus, the covered entity would not need to annotate each patient's medical record whenever a routine public health disclosure was made [33].

Disclosure of HAI

The JCAHO, American Medical Association, American Society for Healthcare Risk Management, and many others endorse disclosure of medical errors to patients. The number one contributory factor to sentinel events in the JCAHO database is communication [34]. Consumer groups favor open and honest dialogue when errors occur.

In 2003, the American Hospital Association performed a telephone survey of 500 hospitals with >200 beds to determine hospital attitudes toward disclosure of errors to patients. Of 51% submitting a complete response to the survey, 80% either had a policy on disclosure or was developing one. Of respondents, 65% said they always disclose events that led to serious harm or death, but only 37% said they always disclosure events that lead to short-term harm [35]. In addition, self-admitted disclosure rates were much lower than would have been predicted from rates of adverse events in the published literature. Hospitals were more likely to disclosure nonpreventable than preventable harm [35].

A study using patient and physician focus groups found that physicians thought they should disclose only deviations from the standard of care that caused more than trivial harm, but patients wanted disclosure of more events (deviations from the standard of care, nonpreventable events, poor communication skills, etc.) and wanted all events that caused any harm disclosed [36]. A more recent study consisted of a survey of both U.S. and Canadian physicians' attitudes about disclosure. The response rate to the survey was 62%. Responses for U.S. and Canadian physicians were similar, leading to the conclusion that medical malpractice concerns did not figure into physician attitudes [37]. Ninety-eight percent endorsed disclosure of serious events, and 78% endorsed disclosure of minor harm. Overall, 66% agreed that disclosure reduces malpractice risk [37].

The Veterans Administration (VA) Hospital in Lexington, Kentucky, has practiced active disclosure of adverse events since 1986, including informing the patient about the right to file a malpractice claim. In examining cases filed from 1990–1996 and comparing the Lexington VA with 35 similar VA hospitals that did not practice active disclosure, the authors found no differences in claims filed between disclosing and nondisclosing facilities [38]. However, there is still doubt about how this will translate into the private sector because physicians at the VA cannot be independently sued for malpractice, and veterans can recover without a finding of negligence.

Some states have passed laws that prohibit apologies being used against a physician in a civil action [39,40]. Three states have gone farther—requiring hospitals to disclose adverse events to patients and families in writing [41].

Approximately 21 states have mandatory medical error–reporting systems. Some require reporting of all events including near misses; others require reporting of only serious events. Seven states release incident-specific data42]. A survey was sent to 203 hospitals; the response rate for chief executive officers (CEOs)/chief organization officers (COOs) was 63%. Most respondents believed that mandatory nonconfidential reporting systems would discourage event reporting within the facility, encourage lawsuits, and have no effect on patient safety. For moderate injuries, respondents from states with confidential reporting systems noted they would be more likely to report than those with nonconfidential systems [42].

The Patient Safety and Quality Improvement Act of 2005 [43] was developed to encourage reporting and analysis of medical errors as recommended by the IOM. Organizations that collect data for the purposes of improving patient safety can apply for designation as a “patient safety organization” (PSO). Data and/or statements prepared by a provider for reporting to a PSO are protected from discovery in a subsequent lawsuit; however, the original source of the information (e.g., medical records) is not [43]. In this way, data prepared for the purpose of submitting to a PSO and then submitted to and analyzed by the PSO would receive similar legal protections as do infection control committees and quality committee proceedings under quality protection statutes. The act directs the DHHS to develop and issue regulations detailing how to implement it [43]. These regulations are still forthcoming.

The American Society for Healthcare Risk Management (ASHRM) Web site contains resources on disclosure of adverse events including a monograph on policy development [44].

P.251

Hospital Reimbursement: The Budget Deficit and Reconciliation Act

Pay-for-performance programs are becoming increasingly common. However, an online recent poll conducted in May 2005 of 2,129 adults age ≥18 revealed that 38% of adults favored having health insurance plans pay more to doctors for providing higher quality care. However, 67% said they would be interested in such a program if it helps to lower their costs [45].

In one of the earlier studies of public reporting, those with the lowest scores were most critical of the data validity, and lower scoring facilities had higher levels of performance improvement activities surrounding low-scoring measures upon resurvey [46].

Under the current reimbursement system, in the absence of pay-for-performance programs, hospitals and physicians providing the best evidence-based quality care are paid the same as those whose process and outcomes measures are poor. Although controversy still exists about exact figures and how to best measure them for comparisons, experts agree that HAIs lead to increased morbidity, length of stay, cost, and mortality.

Pay-for-performance programs seek to drive quality improvements. The evidence that prophylactic antibiotics given at the appropriate preoperative time for selective surgical procedures reduce HAIs was known as early as 1992 [47]. However, as of 2005, correct timing of the preoperative antimicrobial dose was only being performed 55.7% of the time [48]. By compensating those who perform at higher levels of quality, payors hope to raise the level of quality in all facilities. On average, patients receive recommended care only 55% of the time, and although per capita spending varies twofold across geographic regions in the United States, this increased cost is not associated with better outcomes [49].

Although public reporting is discussed in another chapter of this text, pay for performance and public reporting go hand in hand because payors want value (high quality and improved outcomes) for dollars spent, consumers want to receive care where quality and safety are better, and healthcare providers want the distinction of being first in quality and patient safety.

The National Quality Forum (NQF) is a public-private partnership of 170 organizations established by the president's commission on quality in 1999. Its goals are twofold: (1) to develop a national strategy for measuring and reporting healthcare quality data and (2) to standardize healthcare performance measures so that comparative data are available across the United States [50]. The NQF has released hospital performance measures from which the Centers for Medicare and Medicaid Services (CMS) has chosen their publicly reported quality data set. The NQF also has released a list of healthcare “never events” and a list of patient safety measures [50]. Most recently, the NQF charged a steering committee to develop HAI measures suitable for public reporting with the assistance of six technical advisory panels as follows: ventilator-associated pneumonia, bloodstream infection, surgical site infection, urinary tract infection, pediatric HAI measures, and a data integrity and implementation team [50]. The steering team was due to report out its findings for vote by February 2007.

This activity is occurring in the face of the Deficit Reduction Act of 2005 [51]. In fiscal year (FY) 2007, this act requires that CMS expand the starter set of measures from 10 to 22 and impose a 2% reduction in reimbursement for a failure to report data to CMS. It also requires CMS to add measures in 2008 that reflect consensus (e.g., NQF measures). By October 2008 for FY 2009, the DHHS is to consult with CDC to chose two-high volume, high-cost diagnosis-related groups (DRGs) for which the hospital will be reimbursed the simple rather than the complicated DRG rate (reduced reimbursement) if the patient develops an HAI. The two conditions chosen need not be entirely preventable, just reasonably preventable if current evidence-based guidelines are followed [51]. In other words, the excess cost of HAI will be borne by the healthcare facility, not the government. The issue for healthcare facilities, of course, is that HAIs may not be preventable even if all evidence-based guidelines are followed all of the time for every patient.

The Federal False Claims Act (FCA) [52], or Whistle-Blower Act, as it is often called, rewards those who uncover fraudulent claims for Medicare reimbursement, for example, by allowing the whistle-blower to sue on behalf of the government and then to collect a percentage of monies recovered in a successful suit from the overcharging party. The whistleblower is to be protected from retaliation [52]. The Deficit Reduction Act will give the states a 10% increase in their share of Medicaid fraud recoveries if they pass state false claims act legislation that is at least as protective as the federal FCA [51]. Finally, all healthcare entities that receive >$5 million in Medicaid funds must educate employees, agents, and contractors about both federal and state whistle-blower acts and provide employees written information on false claims acts and non retaliation policies as well as polices of the institution designed to detect fraud and abuse [51]. These requirements are expected to increase the number of whistle-blower suits filed.

In fact, Erin Brockovich has recently filed one whistle-blower suit on behalf of the federal government (Medicare). In the suit, she alleges that the hospital overcharged Medicare for the excess costs associated with the hospital's medical errors that resulted in additional treatments resulting from the events and increased length of stay [53]. The expenses related to adverse events cited as being charged to Medicare unlawfully include “in-house ulcers, malnutrition, dehydration, fecal impactions, falls, injuries associated with falls, and preventable infections” [54]. If the plaintiff is successful, the results of this lawsuit will have major economic consequences for hospitals and other healthcare facilities.

P.252

Conclusion

The next few years promise to be active in terms of healthcare law and infection control. The face of infection prevention and control and hospital epidemiology is changing—from attempts to invoke the doctrine of res ipsa in HAI suits, to the potential for nonvoluntary quarantine in the event of an influenza or other pandemic, to invoking the FCA whistle-blower statutes against healthcare systems whose patients suffer adverse events, to the continued evolution of pay-for-performance strategies and mandatory HAI reporting legislation. The task of practitioners will be to help shape these changes in a meaningful way that keeps patient safety at the forefront of everything we do.

References

1. Institute of Medicine (IOM Report). To Err Is Human(www.iom.edu/CMS/8089/5575.aspx) accessed May 2006.
2. Weinstein RA. Nosocomial infection update. Emerging Infect Dis.1998;4:416–20.
3. Committee to Reduce Infection Deaths (www.hospitalinfection.org/) accessed September 2006.
4. Consumers Union (www.consumersunion.org/campaigns/stophospitalinfections/) accessed September 2006.
5. Americans Mad and Angry (The Other AMA) (www.americansmadandangry.org/about-why.php) accessed September 2006.
6. Association for Professionals in Infection Control and Epidemiology State Legislation. (www.apic.org/Content/NavigationMenu/GovernmentAdvocacy/MandatoryReporting /state_legislation/state_legislation.htm) accessed September 2006.
7. Centers for Disease Control and Prevention. Guidance on public reporting of healthcare-associated infections: Recommendations of the Healthcare Infection Control Practices Advisory Committee (www.cdc.gov/ncidod/hip/PublicReportingGuide.pdf) accessed September 2006.
8. Association for Professionals in Infection Control and Epidemiology and Society for Healthcare Epidemiology of America. Model legislation on public reporting of healthcare-associated infections (www.apic.org) accessed June 2006.
9. U.S. Subcommittee on Oversight and Investigations. Public reporting of hospital-acquired infection rates: Empowering consumers, saving lives (energycommerce.house.gov/108/Hearings/03292006hearing1821/hearing.htm#Webcast) accessed September 2006.
10. Brennan TA, Leape LL, Laird N, et al. Incidence of adverse events and negligence to hospitalized patients: Results of the Harvard medical practice study 1. N Engl J Med1991;324:370–76.
11. Studdert DM, Mello MM, Brennan TA. Medical malpractice. N Engl J Med2004;350(3):283–92.
12. Gawande, A. Complications: A surgeon's notes on an imperfect science. New York: Metropolitan Books of Henry Holt, 2002. In Health Care at the Crossroads: Strategies for Improving the Medical Liability System and Preventing Patient Injurywww.jointcommission.org/ accessed September 2006
13. Christie GC, Meeks JE, Pryor ES, Sanders J. Negligence. In: Cases and Materials on the Law of Torts. 3rd ed. St. Paul, MN: West, 1997:103.
14. Primus v. Galgano, 329 F.3d 236 (1st Cir. 2003).
15. Joint Commission for the Accreditation of Healthcare Organizations. Surveillance prevention and control of infection. In: 2006 Comprehensive accreditation manual for hospital: The official handbook (CAMH). Oakbrook Terrace, IL: Joint Commission Resources, 2006.
16. Guideline for hand hygiene in healthcare settings. MMWR2002;51(RR-16):1–44.
17. Strausbaugh LJ, Siegel JD, Weinstein RA. Preventing transmission of multidrug-resistant bacteria in healthcare settings: A tale of two guidelines. Clin Infect Dis2006; 42:828–35.
18. Ransom SR, Studdert DM, et al. Reduced medico-legal risk by compliance with obstetrical clinical pathways: A case-control study. OB/GYN 2003;101:4. In: Health care at the crossroads: Strategies for improving the medical liability system and preventing patient injury(www.jointcommission.org/) accessed September 2006.
19. Ybarra v. Sangard, 154 P.2d 687 (1944).
20. Kambat v. St. Francis, 89 N.Y.2d 489 (1997).
21. Neary v. Charleston Area Medical Center, Inc. Supreme Court of Appeals, West Virginia Civil Action No. 92-C-3717 (1995).
22. Hoffman v. Pelletier, 6 A.D.3d 889 (2004).
23. McCughey B. Perspective: The next asbestos. N.Y. Law JournalJune 6, 2006.
24. Reduction in central-line associated bloodstream infections among patients in intensive care units—Pennsylvania, April 2001–March 2005. MMWR2005;54:1013.
25. Two-year project improves patient safety in hospital ICUs: More than 120 ICUs, 70 hospitals in four states participate. PR Newswire: (www.sev.prnewswire.com/health-care-hospitals/20051013/DETH00513102005-1.html) accessed September 2006.
26. Inglehart J. The malpractice morass: Symbol of societal conflict. Health AffairsJuly/August 2004.
27. Joint Commission on Accreditation of Health Facilities. Health care at the crossroads: Strategies for improving the medical liability system and preventing patient injury(www.jointcommission.org/) accessed September 2006.
28. Title 42 United States Code Section 264 (Section 361 of the Public Health Service [PHS] Act (www.cdc.gov/ncidod/dq/lawsand.htm).
29. Department of Health and Human Services. Executive Order April 1, 2005 (www.whitehouse.gov/news/releases/2005/04/20050401-6.html Accessed September 2002).
30. Centers for Disease Control and Prevention. http://www.cdc.gov/ncidod/dq/quarantine_stations.htm. Accessed May 26, 2007.
31. Health Insurance Portability and Accountability Act of 1996 (PL-104-91).
32. 45 CFR §164.512(a), (b)(i).
33. HIPAA privacy rule and public health: Guidance from CDC and the Department of Health and Human Services. MMWR2003;52(S-1):1–12.
34. Joint Commission on Accreditation of Health Facilities.(www.jointcommission.org/) accessed September 2006.
35. American Health and Hospital Association Survey. Health Affairs2003; 22(2):73.
36. Gallagher T, Waterman AD, Ebers AG, et al. Patients' and physicians' attitudes regarding the disclosure of medical errors. JAMA2003;789:1001–07.
37. Gallegher T, Waterman AD, Garbutt JM, et al. US and Canadian physicians' attitudes and experiences regarding disclosing errors to patients. Arch Intern Med2006;166:1605–11.
38. Kraman SS, Hamm G. Risk Management: Extreme honesty may be the best policy. Ann Intern Med1999;131:963–67.
39. Zimmerman R. Doctor's new tool to fight lawsuits: Saying I'm sorry. Wall Street JournalMay 18, 2004.
40. Zimmerman R. Medical contrition. Wall Street JournalMay 18, 2004.
41. Liebman CB, Hyman CS. A mediation skills model to manage disclosure of errors and adverse events to patients. Health AffairsJuly/August 2004.
42. Weissman JS, Annas CL, Epstein AM, et al. Erros Reporting and Disclosure Systems: Views From Hospital Leaders. JAMA2005;293:1359–1366.
43. Patient Safety and Quality Improvement Act of 2005. S.544.
44. Disclosure policy: American Society for Healthcare Risk Management (ASHRM) (www.ashrm.org/ashrm/resources/files/DisclosurePart2.Policy.pdf) accessed September 2006.
45. Harris Poll. Public interest in the use of quality metrics in healthcare is mixed—unless it allows them to reduce their health insurance costs. Wall Street Journal(http://www.wsj.com/health) accessed June 2006.

P.253

46. Hibbard J. Can publicizing hospital quality data improve performance? Health Affairs2003;22:84.
47. Classen DC, Evans RS, Pestotnik SL, et al. The timing of prophylactic antibiotics and the risk of surgical-wound infection. N Engl J Med1992:326:281–86.
48. Bratzler DW, Houck PM, Richards C, et al. Use of antimicrobial prophylaxis for major surgery: Baseline results from the National Surgical Infection Prevention Project. Arch Surg2005;140:174–82.
49. National Quality Forum. CEO Guide: Pay for Performance 2006. http://38.100.3.36/Search?of=CEO+Guide%3A+Pay+for+Performance2006&client=default_frontend&proxysheer=default_frontend&output=xml_no_dth&btnG=Go (or http://www.qualityforum.org/about/) accessed May 25, 2007.
50. National Quality Forum. (www.qualityforum.org) accessed September 2006. (http://www/qualityforum.org/projects/ongoing/hai/index.asp) accessed May 25, 2007.
51. Deficit Reduction Act of 2005. S.1932 (February 8, 2006). www.acf.hhs.gov/olab/budget/2007/cj2007/Sec3f_cse2007cj.pdf-2006–02.21 accessed May 25, 2007.
52. 32 U.S.C. §3729 et seq.
53. Yi D. Erin Brockovich takes role as plaintiff in Medicare suits. Los Angeles TimesJune 22, 2006.
54. Brockovich v. Adventist Health, Superior Court of the State of California for the County of Los Angeles-Central District; Case No: D-57.