NCBI Bookshelf. A service of the National Library of Medicine, National Institutes of Health.

Henriksen K, Battles JB, Marks ES, et al., editors. Advances in Patient Safety: From Research to Implementation (Volume 1: Research Findings). Rockville (MD): Agency for Healthcare Research and Quality (US); 2005 Feb.

Cover of Advances in Patient Safety: From Research to Implementation (Volume 1: Research Findings)

Advances in Patient Safety: From Research to Implementation (Volume 1: Research Findings).

Show details

Regulation of Health Policy: Patient Safety and the States

, , and .

Author Information


In its 1999 report on patient safety, the Institute of Medicine recommended a nationwide mandatory reporting system to collect standardized information about adverse events. Efforts at instituting a national system have stalled, and both State legislatures and private or quasi-regulatory organizations have highlighted systemic breakdowns as being chiefly responsible for the “safety” problem, and have recommended eliminating the traditional clinical boundaries that discourage adverse event reporting, replacing them with a “safety culture.” This research examines the role of State legislatures in regulating patient safety. The authors suggest that State patient safety regulation illustrates ongoing tensions in U.S. health policy, and conclude that State legislation serves an important function as an intermediate step to bring the patient's perspective to the table.


The Institute of Medicine (IOM) report, To Err Is Human: Building a Safer Health System, 1 called for radical changes in health care organization and culture, and urged that the problem be addressed at a national level. Two years later, in a follow-up report looking at quality of care, the IOM reiterated this point more forcefully. 2 However, despite the generally positive response to these reports, national reform efforts have stalled. 3, 4 The IOM reports and concurrent research concur that while the causes of adverse events (AEs) are multifaceted, the search for a solution is compounded by systemic breakdowns in health care planning, organization, and communication. 5 The IOM urged adoption of an internal “safety culture” within health care institutions; however, it was not instructive on how this could be accomplished. While there have been scattered Federal efforts at addressing the patient safety dilemma, 6 in the absence of a national model, State legislatures have been active in creating structures for reporting of adverse events. (The abbreviation AE will be used throughout the paper to denote “adverse event,” “medical error,” etc., for purposes of a standard terminology.) Credentialing organizations, peer review entities, and quasi-regulatory bodies such as the Joint Commission for Accreditation of Healthcare Organizations (JCAHO) have also offered responses to the IOM report. 7 What has emerged is a period of experimentation with internal and external regulatory models, spurred, in significant part, by constant media attention.

In this research, we examined State legislative responses to pressure from constituents and policymakers to address the patient safety problem. State regulation illustrates many of the ongoing tensions in United States health policy: tensions among stakeholders (providers, payers, patients, and institutions); tensions created by structural changes (e.g., the shift from nonprofit to for-profit management of institutions, the consolidation—and closing—of many institutions), and the shift from to outpatient services. 8

The media has focused attention on the public's perception of its vulnerability. In one national poll, 42 percent of respondents claimed to have been personally affected by an AE, and 32 percent indicated that the error had caused permanent damage. There is a perception that the health care system is rife with errors. 7 Legislative and regulatory efforts to improve patient safety illustrate the complexity of system change, a process that is democratic but difficult to implement. The first IOM report 1 focused on AE in acute care; research has also documented serious lapses in outpatient settings. 8, 9 Earlier research on patient safety focused on errors of commission (wrong surgery, wrong patient, wrong medication). 10 Errors of omission (failure to prescribe or diagnose) are also patient safety concerns; however, these are elusive and more difficult to document. Errors may also exhibit characteristics of both omission and commission. This is especially true of systemic errors. For example, disparities in the health care system are errors of omission because are frequently caused by a lack of services, especially for prevention and diagnosis. But they can also be considered errors of commission; for example, when brought about by the exclusion of groups from services, or by discriminatory policies. 9, 11


Several studies have looked at State patient safety regulation, and have classified States according to provisions relating to mandatory or voluntary reporting; peer review protections and confidentiality; and quantification of results. We do not repeat those efforts, although we do document some regulatory provisions implemented after the dates of those studies. The purpose of this examination was to catalogue the structural features of the State regulatory efforts, and to pinpoint some of the concerns raised by the structures.

We collated existing studies of State legislation, including the 2000, 2001, and 2003 studies by Rosenthal, 12, 13 Riley, 14, 15 Marchev, 16, 17 and Flowers 18 for the National Academy for State Health Policy. We also looked at studies by the National Patient Safety Foundation, 19 the Agency for Healthcare Research and Quality (AHRQ), 20 and the Institute of Medicine, 9 as well as studies looking at data collection mechanisms, 21, 22 disclosure, 23, 24 computerized physician order entry (CPOE), 25 and the relationship between AE and malpractice. 26, 27 Finally, we searched Internet databases—including Google,™ MEDLINE, Westlaw, and PubMed—for the current status of patient safety reporting legislation. We looked for the terms “patient safety” and “State legislation” (searching for both terms within one paragraph) for legislation passed between 2000 and 2004. Google revealed 1,660 matches, PubMed gave 179 (using the term “legislation” rather than “State legislation,” which revealed no matches), and Westlaw revealed 149 matches. We excluded reports of pending legislation, unless it appeared that the legislation had been enacted. Duplicate databases were searched for recently enacted legislation.

We included only legislation that contained terms relevant to reporting of AE (using all of the terms we identified above, including “sentinel events” and “near misses”). We did not include legislation that addressed other patient safety-related issues (e.g., legislation designed to regulate managed care abuses, which were passed during the 1990s), and also excluded legislation limiting nurse overtime, staffing, or resident work hours. While such legislation is clearly related to patient safety, the purpose of this research was to examine mandates relevant to reporting and documentation of errors, rather than prevention.


These findings include only issues related to State legislation, although in the Discussion section we explore how State legislation should view possibly conflicting reporting policies of quasi-regulatory bodies such as JCAHO. The National Academy for State Health Policy (NASHP) conducted the most extensive studies of State AE reporting legislation, in 2001-2004. 12, 13, 16–18 However, playing the numbers game with respect to State legislation may not reveal the full picture, since State databases may have a time lag, and reliance on news reports is not always accurate or complete. 28

The key issues addressed by State legislatures fell into several categories, which are enumerated in Table 1.

Table 1. Most common issues addressed by States.

Table 1

Most common issues addressed by States.

Terminology and definitions

The lack of clear, accepted terminology has complicated the development and comparison of reporting mechanisms. JCAHO, IOM, and NASHP use different and sometimes contradictory terminology in their own descriptions of AE, and the IOM Report does not distinguish between “medical error” and “adverse event.” The 2001 NASHP study 12 found no consistent terminology or definitions in State statutes. Two of the States in the 2000 NASHP study used “adverse event,” and six States used a similar terminology; however, the specific definitions varied considerably. Seven States did not provide a standardized AE definition, but specified the types of events that must be reported.

Many statutes recognize that not all AEs are caused by errors, and attempt to incorporate some non-injurious AEs into the reporting structure. The more complicated areas involved whether and how to include “near misses”—non-AEs that are caught before they could cause injury. The States that have detailed provisions generally attempt to cover at least some of these events, for example the term “has resulted in or is associated with … the immediate danger of serious injury, disability or death….” (used by Connecticut). 29 Some provisions are vague or not clearly defined (e.g., “Any agent or employee … who knows or has reasonable cause to believe that the quality of care …or safety is in jeopardy shall make an oral or written report…” 13 ).

With respect to specific State provisions, Connecticut defines AE as “any event that is identified on the National Quality Forum's List of Serious Reportable Events or on a list compiled by the Commissioner of Public Health and adopted as regulations.” 18 These lists include what are generally considered “near misses” as well as actual, injurious errors. 30 The Connecticut statute also classifies AEs as Class A (an AE that “resulted in or is associated with a patient's death or the immediate danger of death”); Class B (an adverse event that “resulted in or is associated with a …serious injury or disability or the immediate danger of serious injury or disability”); and Class C (an adverse event that “resulted in or is associated with the physical or sexual abuse of a patient”). 18 Nevada and a number of other States use the term “sentinel event” (the JCAHO terminology). Nevada defines a sentinel event as “an unexpected occurrence” involving death or serious injury or the risk thereof, including any “process variation” which, if repeated, could result in a “serious adverse outcome.” Arizona requires reporting of “an activity, policy, or practice that violates professional standards or the law and poses a substantial risk to a patient's health, safety, or welfare.” In Maine, a sentinel event includes “An unanticipated death; or a major permanent loss of function … not present when the patient …[was] admitted to the facility; [or] surgery on the wrong patient or wrong body part…” Minnesota was the first State to specifically incorporate the 27 “adverse health events” (“never” events) listed by the National Quality Forum. A Glossary of “reportable events” is contained in Table 2.

Table 2. Common statutory provisions, by State.

Table 2

Common statutory provisions, by State.

Mandatory versus voluntary reporting

In 2003, NASHP found that 22 States had some form of mandatory reporting. 17, 18 In 2004, Connecticut and New Jersey revised or expanded mandatory reporting provision, bringing the total to 24 States. While these statutes have extensive and detailed descriptions of the categories and processes of reporting, they do not contain a clear definition of “mandatory.” Whether reporting is mandatory is highly subjective; even if statutes do not use the word “mandatory,” intent may be discerned through the use of words like “must,” “should,” or “shall.” Some States have limited mandatory provisions; for example, California's mandatory reporting law applies only to medication errors, and only after the institutions meet the statutory requirement to develop CPOE.

AE reports may be mandatory at some stages but not at others. Where a statute sets up a reporting entity, reports from the individual are usually given to an institution's reporting body and then to the State-mandated entity, but whether the term “mandatory” applies to the initial witness to an AE, or to a report from the institution to a State agency may be unclear. Arizona requires that “each health care institution…shall adopt a procedure for reviewing reports.” Connecticut requires “a hospital or outpatient surgical facility … to report any adverse event to the Department of Public Health within seven [7] days of its occurrence,” and mandates specific timelines for investigation and action. Illinois requires institutions “to report serious preventable adverse incidents to the Department of Public Health,” but is silent on how institutions learn about the AE. In Florida, there is an “affirmative duty of all health care providers and all employees…to report adverse incidents to [the institution] risk manager.” Kentucky law states, “Any employee [who witnesses an AE] … shall make an oral or written report of the problem…” These provisions represent different reporting mechanisms and mandate reporting at different stages. The Maine statute “establishes a system for reporting sentinel events for the purpose of improving the quality of health care,” but does not indicate whether reporting is mandatory. Several other States use “must,” “should,” or “shall” terminology, again without specifying that reporting is mandatory. 12, 13

Investigation and analysis

In the 2001 NASHP study, 15 States specified agencies to handle and/or investigate reports, and 4 States specifies agencies to study whether and how incidents or events should be reported (but not to collect or analyze reports). In some instances these are new agencies that have been created within an existing health department or are freestanding agencies. Connecticut, Maine, and Nevada require reports to be made and investigated by the State Department of Health. Kentucky requires reports to be made to “any appropriate private, public, State, or Federal agency.” Maine health care facilities must report sentinel events to the State Department of Human Services, Division of Licensure and Certification. 31 Patient safety-specific data collection agencies were created in Minnesota [Minnesota Health Authority (MHA) Patient Safety Registry], Nevada (Repository for Health Care Assurance), and Louisiana (Medical Disclosure Panel). The California medication error reporting system requires the Office of Statewide Health Planning and Development to contract for development of a quality-oriented database and to assist institutions in developing a CPOE system (reporting is not mandatory until the CPOE program is implemented).

A number of States established advisory or investigatory bodies to study conditions and implementation within the State or elsewhere. Hawaii created a Patient Safety Task Force and Indiana created a Commission on Excellence in Health Care, to study the quality of health care and to develop a strategy for improving the health care delivery system. Missouri created a Commission on Patient Safety to develop error-reduction mechanisms, and Florida created a Commission on Excellence in Health Care. Florida subsequently passed a mandatory reporting statute that requires institutions to summarize and post “adverse incident reports” on the Internet. 11 Minnesota's statute mandates that the Department of Health monitor patient safety reporting systems in other States and at the national level, to ensure consistency and efficiency for Minnesota's system.

The National Association of State Legislatures has published a guide for State-level policymakers, 32 to assist in the statutory definition process. The system was developed to help policymakers develop, refine, and clarify mandatory reporting systems, and potentially to compare their data nationally. The guide includes a crosswalk matrix that compares the National Quality Forum's (NQF's) list of serious reportable events 30 to existing State reporting systems, and discusses further steps recommended by States to support the use and consistent implementation of the NQF list.

Confidentiality and peer protection

Because of concerns that patient safety reporting data could be used in malpractice litigation, many statutes provide for protection from disclosure through discovery or subpoena. 33 The level of protection varies from State to State, but the most common form of protection is to provide only limited access to individual (identified) reports. Other mechanisms include removing identifying information, making reports anonymous, and destroying reports once an investigation is complete. 12, 13 Of course, Federal, State, or regulatory bodies may also obtain access to data, and inconsistencies between a statutory data protection provision and a contradictory mandate elsewhere would have to re resolved, either by agreement or through the courts. A March 2000 roundtable discussion, sponsored by the Kaiser Permanente Institute for Health Policy on the recommendations of an IOM report, 34 advised that a default reporting strategy include “confidential reporting to a nonregulatory national entity” as the primary vehicle to collect information on adverse events and near misses, and to promote learning. The roundtable concluded that a voluntary reporting system with strong confidentiality protections would provide incentives for reporting and would create an effective basis for patient safety system improvement.

There is a broad range of State confidentiality and peer review protections. Nevada's statute provides that “no report, document, recommendation, or any other material compiled pursuant to the reporting of sentinel events is admissible as evidence in any administrative or legal proceeding.” New York protects incident reports from “public disclosure”; however “the [reporting] system is nonpunitive for reporters, and punitive for failure to report”; nonreporters may be fined (there is a chart review provision). Texas law considers all information and materials (the root cause analysis, annual hospital report, action plan, best practices report, department summary, and other related information and materials) as confidential and they are not admissible as evidence or otherwise disclosed in any court or administrative proceeding. Rhode Island's reporting system incorporates existing peer review protections by reference. But the continued validity of peer review is currently in question, following recent Federal and State court decisions limiting the privilege in certain instances. 16, 35

Sanctions and disclosure

Sanctions and disclosure are closely related to the mechanisms of investigation and analysis, and to peer review and confidentiality. Three issues are relevant here: whether the identity of reporters is disclosed and whether provisions exist to protect reporters from retaliation; whether there is a structure for notifying patients or relatives that an AE has occurred and of the outcome of the investigation; and whether the results of root cause analyses or other investigations should be made public. NASHP notes that the most frequent use of data from incident or error reports is aggregating data to identify trends; according to the 2003 NASHP study, this is done in 10 mandatory-reporting States, while 9 States administer sanctions and corrective action, and 8 States issue public reports.

Eight of the States in our analysis require health care institutions to adopt patient safety plans for reviewing incident/event reports (Maine, Minnesota, and Nevada have the most detailed provisions). Connecticut and New York provide for disciplinary action when incidents are not reported. Arizona, Illinois, Kentucky, and Maine have policies forbidding retaliation, and protecting reporters from retaliation. Kentucky, Minnesota, and Nevada also require that the confidentiality of patients and personnel be maintained, and that the integrity of data, information, and medical records be preserved; these States impose an affirmative duty to report errors and safety violations. In Pennsylvania, failure to report, or to develop and comply with a patient safety plan, may incur sanctions. Pennsylvania also requires physicians to report complaints, disciplinary actions, malpractice suits, and criminal offenses to the Professional Licensure Board. Illinois, New York, and Pennsylvania require that adverse events be disclosed to patients. (Pennsylvania's provision is the most stringent, requiring that notification to the patient, or to an adult family member, must be made within 7 days of the occurrence or discovery of the occurrence of the serious event.)


Efficacy of reporting systems

Despite the proliferation of State reporting legislation, the data is unclear, first, as to whether AE reporting is effective, and, second, as to whether States are suitable vehicles for implementing AE reporting. The JCAHO voluntary reporting system found that, in 5 years (January 1995-March 2000), approximately 550 sentinel events were reported, and an additional 250 were discovered through media reports. 36 After New York adopted a mandatory reporting law, reports of AEs increased from 16,939 in 1999 to 24,368 in 2000, and to 28,689 in 2001. However, numbers do not tell a complete story, and these data should be interpreted as an illustration of changes in the culture of adverse event reporting, and not as overall increases in the number of AEs. The existence of a reporting system, especially a mandated one, commonly increases the number of reports, particularly in the initial phase.

Table 3 illustrates some of the concerns and disparities inherent in reporting systems. It compares adverse event reports from the four major national voluntary reporting systems for medical errors and preventable adverse events, and 3 years of adverse event reports to the New York Patient Occurrence Reporting and Tracking System (NYPORTS). 37 The New York law is a mandatory reporting law. JCAHO and New York are the only agencies that address the full range of adverse events, and JCAHO's system is partially mandatory, because if a hospital fails to report an event that JCAHO subsequently learns of from a third party, the hospital is required to conduct an analysis of the root cause, or risk loss of accreditation. 38

Table 3. Adverse event reports submitted: comparison of five sources.

Table 3

Adverse event reports submitted: comparison of five sources.

The disparity between the JCAHO data and the New York State data suggests that mandatory reporting may yield a more accurate counting of AEs; however, the difference between voluntary reporting and mandatory reporting is unclear. First, the JCAHO figures listed here are older than the New York figures, and begin before the release of the IOM report. Vague terminology blurs the distinction between mandatory and voluntary, and many reporting provisions do not specify where in the process the mandate applies—whether everyone who witnesses an AE is required to report it to the institution, or whether the mandate requires the institution to report AEs to a State agency or entity. Moreover, unless a State or accrediting body uses chart review or a similar method to document disparities between what is reported and AEs that show up on a chart, as the NYPORTS program does, it will be difficult to document the success of mandatory reporting, without significant culture change within health care organizations. CPOE represents a potential success story. Studies show that CPOE may reduce medication errors by 86 percent; at the present time, however, only 3 percent of hospitals have such systems. 20 California currently is the only State to require CPOE; initial studies indicate that 150 hospitals, or 46 percent, have active plans to complete CPOE implementation by 2005. 39 As the data suggest, however, the system is still in the preliminary implementation phase.

Barriers to peer review protections

There is little evidence of a causal relationship between mandatory reporting and medical malpractice litigation; however, most States attempt to protect AE reports from compulsory disclosure through the legal process. The level of protection varies among State statutory provisions, and recent legal decisions may undercut State peer review protections. (See “Note” at the end of this manuscript). Currently, State provisions include protection of some data from legal discovery, and some States protect data in the event of a Freedom of Information Act request. The most common form of protection is limited access to individual-level (i.e., identified) reports, a promise of confidentiality, or anonymous reporting. Any report that has as an ultimate goal some form of sanction is difficult to maintain as confidential, and anonymity limits the utility of data for accountability and patient disclosure. 16, 24

The design of mandatory reporting systems can minimize concerns about public disclosure and legal discovery of data, but the advantages may be limited. Reporting systems can be designed so that deidentification of data and anonymous reporting make data less useful for legal discovery. Public reports can be aggregated and deidentified, as is required by a number of State statutes. Other mechanisms include removing identifying information, making reports anonymous, and destroying reports once the investigation is complete. 12, 13

The issue of confidentiality and data protection is closely tied to the underlying purpose of the statute. If the purpose of a reporting provision is for the purpose of information-gathering and system correction, confidentiality is a significant factor in encouraging reporting; however, if the purpose is for disclosure and remediation form the patient or injured party, confidentiality may undermine the stated purpose. This remains one of the underlying points of dispute in the reporting environment. 40

JCAHO and other quasi-regulatory organizations: the need for State reporting legislation

AE reporting has considerable support from the public, but still encounters resistance on the part of the medical profession. A recent poll found that 71 percent of the public but only 23 percent of doctors felt that reporting AEs to a State agency would be an effective solution to the problem. Sixty-two percent of the public, but only 14 percent of physicians, felt that AE reports should be publicly disclosed. 23, 24 The reasons for this are obvious: health professionals are more aware—and therefore more fearful—of the consequences of reporting (not only of malpractice litigation, but also of disciplinary actions by professional and regulatory bodies). Some statutes have tried to address these concerns by incorporating confidentiality or nondiscovery provisions, but the statutes are too new to see whether these provisions increase reporting, and have not yet been subject to legal challenge.

Professional associations and quasi-regulatory bodies may have outpaced the States in some respects. For example, JCAHO requires that all AEs (in particular, sentinel events) be investigated and a preventive action plan developed within 45 days of the event. The investigation must focus on systems and processes, not individual performance, and is intended to identify changes within the system of care that would reduce the risk of recurrence. JCAHO has adopted standardized definitions: a sentinel event is “an unexpected occurrence involving death or serious physical or psychological injury, or the risk thereof.” 7 Serious injury, under the JCAHO provisions, includes loss of limb or function. The phrase “or the risk thereof” includes any “process variation” for which a recurrence would carry a significant chance of a serious adverse outcome. According to JCAHO, the classification of an AE that was avoided or did not result in injury is drawn from the “near miss” reports common in the aviation industry. Although JCAHO's reporting and oversight systems are voluntary, a health care organization's accreditation may be placed in jeopardy if an event is discovered and has not been reported, analyzed, and managed by the organization in accordance with JCAHO guidelines.

However, JCAHO is a regulatory body created by and, to some degree, controlled by the industry it regulates—hospitals and health care professional associations—and its objectivity is not absolute. JCAHO has been criticized for a failure to adequately monitor quality in a meaningful way and for failing to make its detailed survey data public. In 1999, the Office of the Inspector General in the U.S. Department of Health and Human Services 41, 42 found that JCAHO gave low priority to unannounced hospital surveys, responses to complaints and major adverse events, and standardized performance measures. Reliance on JCAHO oversight may compound existing deficiencies in the oversight system.

While much of its work is closely identified with the public interest, it is not certain that JCAHO will side with the public if there is conflict between embedded interests of the profession and those of the public. For example, the JCAHO position statement on Reporting of Medical Errors 7 does not mention disclosure of reports to patients. The JCAHO dissemination provision talks about disclosure of information “to permit health care organizations, where appropriate, to redesign their systems and processes to reduce the risk of future errors,” and further talks about its goal of aggregating AE data. Only two of the JCAHO reporting mandates address the need for peer review and confidentiality protections. In contrast, State legislatures are political bodies, and while they are not always responsive to every citizen, many of the current statutes contain strong patient disclosure provisions. 7 JCAHO indicated that it would convert most of its assessments to a hospital survey protocol that emphasizes self-assessment, which has been criticized as more collegial and less regulatory in nature than the current procedure. A recent report to Congress by the Center for Medicare and Medicaid Services (CMS) documents validation studies that indicate that JCAHO was least reliable in assessing Medicare Conditions of Participation (CoPs) when self-assessment activities were a primary component of the monitoring process. 43

Given the extensive reach of the JCAHO process, it is not clear what State statutes can add to the process. As part of its accreditation process, the JCAHO requires “full and timely access” to data in a health care organization's reporting system, including data about the adverse events, their root cause analyses, and the actions taken to reduce future risk. 7 Forty-seven States deem JCAHO accreditation as indication of compliance with State rules. What is not clear, however, is what happens when there are disparities between the JCAHO patient safety provisions and specific State legislation. Some State legislation has been tailored to conform to JCAHO mandates. Despite the tailoring, there may be differences in the underlying purpose of a State law and JCAHO provisions. It should be noted that JCAHO provisions by themselves have no formal legal effect, although CMS and most State regulatory bodies “deem” hospitals to satisfy health and safety requirements if they have met JCAHO standards.

The complexity of mandated reporting

Even where reporting systems exist, either mandatory or voluntary, physicians are the health care professionals least likely to be reporters. 23 In part, this is due to the fear of malpractice litigation or other forms of reprisal, discussed above. But silence, or nondisclosure, is more deeply embedded within physician culture than it is in nursing or other areas. This suggests that, regardless of whether or not there are statutory mandates, and whether or not these are voluntary or mandatory, there will be continued resistance until the internal culture is significantly changed.

In practice, there is little difference between statutory provisions requiring voluntary reporting and those mandating reporting. As suggested above, AE reporting is a two-stage process: a report from the actor(s) to the institution and a report or summary of reports from the institution to a State or designated agency repository. Investigation may take place at both stages. It is difficult to monitor the first stage, unless there is a corresponding review of patient charts or of contemporaneous reports. The difference, then, has more to do with the general message rather than the precise statutory language.

The potential for conflict among the sources of regulation is compounded by lack of consensus about the appropriate terminology. Clinicians, administrators, regulators, and consumers do not agree on the broad terminology, or on the meaning of specific terms. The confusion is not only semantic. Individuals dissatisfied by their care have a range of options: they may undertake litigation, file a complaint, appeal a decision by a provider, or make an informal expression of dissatisfaction. Health administrators and courts often use terminology and procedures that patients and clinicians may not fully comprehend. Some terms have specific meaning in health care culture, but may be used interchangeably by the patient/consumer. The National Patient Safety Foundation (NPSF) has a Web site specifically designed as a search engine for terminology, allowing the reader to search through the NPSF database for specific terms. Statutes and regulations should have a clear meaning that can readily be understood. The legislative provisions and regulations examined in this paper are not always specific as to meaning, and legislatures may understand a term in a context different from how it is understood in clinical settings.


The emergence of patient safety as a “hot-button” issue coincided with a fundamental change in the culture of health care, as health care organization shifted from a clinician- (usually physician-) centered system to a multi-tiered system of negotiated care with many stakeholders. Most oversight mechanisms were set in place when fee-for-service care governed clinician-patient relationships, and at a time when limited external technologies (medical devices and pharmaceuticals) were available. In the current health care environment, that structure seems inadequate and diffuse, with multiple and overlapping Federal, State, and institutional regulatory structures, and a continued reliance on courts to address errors in care. The expansion of technological and pharmaceutical enhancements to patient care has raised the expectations of all stakeholders, with patients demanding more of clinicians; and with third-party payers raising concerns about excessive costs. In the 1990s, managed care was seen as a way to reign in runaway costs.

In recent years, State legislatures have deflected pressure to regulate health care away from the Federal government. State legislation has tested the boundaries between Federal and State legislation with respect to employee benefits (i.e., the Employee Retirement Income Security Act [ERISA]), 33 tort reform and the limits of malpractice recovery, 44 and controlling perceived managed care abuses. 45 State efforts to regulate patient safety is part of this pattern, to a large degree facilitating a public dialogue about what patient safety interventions should look like. The explosion in State reporting legislation may be most usefully viewed as part of this trial-and-error process of experimentation. The sea change in the health care system should have led to a reexamination of regulatory mechanisms by the Federal government; however, while the Federal sector has been extensively involved in research about patient safety and regulatory options, patient safety legislation at the Federal level has languished. 8

The 1999 IOM report 1 urged a systems-based approach to preventing error and promoting patient safety, and to stress the importance of creating a new culture in which the objective is disclosure rather than blame. Many of the internal or quasi-regulatory mechanisms for enhancing patient safety provide the framework for a much-needed re-evaluation of what constitutes error in medicine. 46 However, they provide a less-than-complete understanding of what this means from the perspective of patient or patient's family. To be complete, the concept of patient safety should address whether “safety” means more than the absence of an “adverse event,” and from whose perspective—the physician, health plan, or patient—is the event adverse. State legislation may be able to address this perspective more forcefully, though not necessarily more effectively, than other regulatory schemes, and thereby to preserve a place at the table for the consumer perspective about patient safety.


See e.g., Public Citizen, Inc. v. U.S. Dept. of Health and Human Services, 332 F.3d 654, 357 U.S. App. D.C. 1 (D.C.Cir. Jun 20, 2003), holding that the Health Care Financing Administration (HCFA, now CMS) regulations and the provision in the Medicare Peer Review Organization manual prohibiting disclosure of substantive disposition when beneficiary's physicians did not consent were invalid; Hassan v. Mercy American River Hosp., 31 Cal.4th 709, 74 P.3d 726, 3 Cal.Rptr.3d 623, 3 Cal. Daily Op. Serv. 7428, 2003 Daily Journal D.A.R. 9300, Cal., Aug 18, 2003), holding that medical peer review privilege is a qualified privilege. (Peer review organizations review complaints from Medicare beneficiaries regarding Medicare services and quality).


The authors wish to acknowledge the contributions of the other members of the Strategic Alliance for Error Reduction in California Healthcare (SAFER California Healthcare) team, including David Taylor (University of California System, Office of the President), Eugene Spiritus (University of California-Irvine), and Eileen Hogan (AHRQ Program Officer). SAFER's work was funded by Grant HS11512-02 from AHRQ.


Kohn LT, Corrigan JM, Donaldson MS, editors. To err is human: building a safer health system. A report of the Committee on Quality of Health Care in America, Institute of Medicine. Washington, DC: National Academy Press; 2000.
Institute of Medicine. Crossing the quality chasm: a new health system for the 21st century. Washington, DC: National Academy Press; 2004.
Congressional Budget Office. Patient Safety and Quality Improvement Act of 2003 (S. 720) cost estimate. 2003 Aug 15; H.R. 5478, Patient Safety and Quality Improvement Act, House Committee on Energy and Commerce. 2003 Sept 25.
Kaiser Daily Health Policy Report, Monday, April 05, 2004, Capitol Hill Watch: Legislation to Address Medical Errors Stalled in Congress.
Kizer,KW. Establishing health care performance standards in an era of consumerism. JAMA 2001;286:1,213–7. [PubMed: 11559267]
HHS moves forward to establish new system for collecting patient safety data. http://www​
Reporting of medical/health care errors: a position statement of the Joint Commission on Accreditation of Healthcare Organizations. Oakbrook, IL: Joint Commission on Accreditation of Healthcare Organizations; 2000 Dec.
Kaiser Family Foundation. Reducing medical errors. Background Brief,, Updated March 2004. http://www​.kaiseredu​.org/IssueModules/Reducing/index.cfm. (Last accessed 2004 Nov 15.)
Aspden P, Corrigan JM, Wolcott J, et al, Patient safety: achieving a new standard for care. Committee on Data Standards for Patient Safety, Board on Health Care Services, Institute of Medicine. Washington, DC: The National Academies Press; 2004.
Universal protocol for preventing wrong site, wrong procedure, wrong person surgery. Oakbrook, IL: Joint Commission on Accreditation of Healthcare Organizations; 2003.
McGlynn EA, Asch SM, Adams F, et al. The quality of health care delivered to adults in the United States. NEJM 2003;348:2,635–45.
Rosenthal J, Booth M, Flowers L, et al. Current State programs addressing medical errors: an analysis of mandatory reporting and other initiatives. Portland, ME: National Academy for State Health Policy; 2001.
Rosenthal F, Booth M. Defining reportable events: a guide for States tracking medical errors. Portland, ME: National Academy for State Health Policy; 2003.
Riley T. Improving patient safety: what States can do about medical errors. Portland, ME: National Academy for State Health Policy (NASHP); 2000.
Riley T, Rosenthal J. Patient safety and medical errors: a road map for State action. Portland, ME; National Academy for State Health Policy (NASHP); 2001.
Marchev M., Medical malpractice and medical error disclosure: balancing facts and fears. Portland, ME: National Academy for State Health Policy; 2003 Dec.
Marchev M, Rosenthal J, Booth M. How States report medical errors to the public: issues and barriers. Portland, ME: National Academy for State Health Policy; 2003.
Flowers L, Riley T. State-based mandatory reporting of medical errors: an analysis of the legal and policy issues. Portland, ME: National Academy for State Health Policy; 2001.
National Patient Safety Foundation. Patient safety resources, patient safety definition citations http://www​ accessed 2004 April 21.)
Shojania K, Wachter R. Making Health Care Safer: A Critical Analysis of Patient Safety Practices; 2001 July 20: AHRQ Publication 01-E058. [PMC free article: PMC4781305] [PubMed: 11510252]
Hayward R A, Hofer T P. Estimating hospital deaths due to medical errors: preventability is in the eye of the reviewer. JAMA. 2001;286:415–20. [PubMed: 11466119]
Sox H C, Woloshin S. How many deaths are due to medical error? Getting the number right. Eff Clin Pract. 2000;6:277–83. [PubMed: 11151524]
Gallagher TH, Waterman AD, Ebers AG, et al. Patients' and physicians' attitudes regarding the disclosure of medical errors. JAMA 2003;289(8):1,001–7. [PubMed: 12597752]
Lamb R M, Studdert D M, Bohmer R M. et al. Hospital disclosure practices: results of a national survey. Health Aff (Millwood) 2003 Mar–Apr;22(2):73–83. [PubMed: 12674409]
Bates DW, Leape LL, Cullen DF, et al. Effect of computerized physician order entry and a team intervention on prevention of serious medication errors. JAMA 1998;280:1,311–6. [PubMed: 9794308]
Mello M, Brennan TA. Deterrence of medical errors: theory and evidence for malpractice reform. Texas Law Rev 2002;80:1,595–637.
Brennan TA, Sox CM, Burstin HR, Relation between negligent adverse events and the outcomes of medical malpractice litigation. NEJM 1996;335(26):1,963–7. [PubMed: 8960477]
Clinton-Gore administration announces new actions to improve patient safety and assure health care quality, goal to reduce preventable medical errors by 50 percent within 5 years. Washington, DC: The White House, Office of the Press Secretary; 2000 Feb 22.
Connecticut's adverse event reporting system for hospitals: an overview for healthcare consumers. Wallingford, CT: Connecticut Hospital Association; 2003. (http://www​​/Advocacy/Quality_Patient_Safety.html)
National Quality Forum. Serious reportable events in patient safety: a National Quality Forum consensus report. Washington, DC: National Quality Forum; 2002.
An act to reduce medical errors and improve patient health: a case study from Maine. Portland, ME: National Academy for State Health Policy; 2002 Aug.
Rosenthal J, Booth M. Defining reportable adverse events: a guide for States tracking medical errors. Portland, ME: National Academy for State Health Policy; March 2003.
Rush Prudential HMO, Inc. v. Moran, 536 U. S. 355; see also Aetna Health Inc. v. Davila, 124 S.Ct. 2488, 159 L.Ed.2d 312, 72 USLW 4516. (Decided June 21, 2004)
Roundtable Discussion: Reporting as a means to improve patient safety, sponsored by Kaiser Permanente Institute for Health Policy, The National Quality Forum, and the Peter F. Drucker Archive and Institute; 2000 March. (http://www​​/patientsafetyroundtable.pdf)
Adams v. St. Francis Regional Medical Center, 955 P.2d 1169; 1998.
Program-specific national patient safety goals (effective Jan 1, 2004). Oakbrook, IL: Joint Commission on Accreditation of Healthcare Organizations; 2004.
New York State Department of Health. NYPORTS, the New York Patient Occurrence Reporting and Tracking System, Annual Report 2000-2001. Albany, NY: New York Department of Health; 2002.
Leape L. Health policy report. Patient safety: reporting of adverse events, NEJM 2002; 347(20):1,633–9.
California Healthcare Foundation, Legislating medication safety: the California experience. Oakland, CA: California Healthcare Foundation; 2003 Oct.
Morath J, Hart T. Partnering with families: disclosure and trust—demonstrated strategy and results to improve care delivery and patient satisfaction through enhanced patient-physician communication (unpublished monograph).
Hospital quality: a call for greater accountability, Department of Health and Human Services, Office of Inspector General, OEI-01-97-00050; 1999 July.
The failure of private hospital regulation: an analysis of the Joint Commission on Accreditation of Healthcare Organizations' inadequate oversight of hospitals. Washington, DC: Public Citizen; 1996.
Press Release, Congressman Pete Stark, referencing letter to Inspector General Janet Rehnquist. Stark urges HHS Inspector General to increase oversight of JCAHO, 2003 Jan 15.
National Association of Mutual Insurance Companies. 2004. reports/tortreform/(Last accessed 2004 April.)
Hall M A, Agrawal G B. The impact of State managed care liability statutes. Health Affairs. 2003 Sept/Oct;22(5):138–45. [PubMed: 14515889]
Leape L L, Berwick D M, Bates D W. What practices will most improve safety? Evidence-based medicine meets patient safety. JAMA. 2002;288(4):501–7. [PubMed: 12132984]


  • PubReader
  • Print View
  • Cite this Page
  • PDF version of this page (185K)

Other titles in this collection

Related information

  • PMC
    PubMed Central citations
  • PubMed
    Links to PubMed

Similar articles in PubMed

See reviews...See all...

Recent Activity

Your browsing activity is empty.

Activity recording is turned off.

Turn recording back on

See more...