A Framework for ACO Credentialing and Peer Oversight Robin Locke Nagele

fishglugSoftware and s/w Development

Dec 13, 2013 (4 years and 7 months ago)


A Framework for ACO Credentialing and Peer Oversight

Robin Locke Nagele


Introduction and Background on ACOs…………………………………..…



Developing the Infrastructure for Credentialing and Peer Review………….



Protecting Peer Review Privilege and Confide



HCQIA Immunity and Reporting for ACOs…………………………........... 14


Adoption and Enforcement of Evidence
Based Protocols………………….. 19


The Use of PSOs for Aggregating and Analyzing ACO Quality Data………






Introduction and Background on ACOs

Accountable Care Organizations (ACOs) are proliferating as providers seek to position
themselves to participate in the Accountable Care Act’s (ACA’s) Shared Savings Program

ACOs are groups of providers that align themselves through a clinically integrated
entity designed to improve efficiency and quality of care, and reduce cost. Although ACOs can
be formed and operated for reasons other than the Shared Savings Progr
am, it is safe to assume
that the majority of ACOs being formed at this time are motivated to comply with Medicare’s
SSP regulations, so that they can qualify for the financial incentives provided thereunder.

The SSP statute and regulations contain speci
fic requirements regarding the structure,
governance and management of ACOs, which will shape their formation and their functioning.
Key requirements are that:

The ACO must be a distinct legal entity formed pursuant to state law;

The ACO must have a gove
rning body that is responsible for oversight and strategic
direction and to which the ACO management is held accountable;


Patient Protection and Affordable Care Act,

Pub. L. No. 111

, §§ 3022 &
10307 (Mar. 23, 2010) (codified at 42 U.S.C. § 1395jjj, with regulations codified at 42 C.F.R. §§
et seq.


42 C.F.R. § 425.104.



§ 425.106.


At least 75% of the governing body members must be ACO participants (i.e.,
enrolled providers providing services (or supplie
s) pursuant to the
ACO) and at least one member must be a Medicare beneficiary representative;

The ACO must have a leadership structure in which the clinical and
administrative systems are aligned with the goals of the SSP

i.e., improved
quality and dec
reased cost;

The ACO must have a chief executive officer (CEO) whose leadership team has
demonstrated the ability to influence or direct clinical practice to improve
efficiency processes and outcomes;

The ACO must have a chief medical officer (CMO) who

is a licensed and board
certified physician who is one of the ACO participants, and physically present at
one or more of the ACO locations on a regular basis;

The ACO participants and provider/suppliers must demonstrate a “meaningful
commitment” to the A
CO’s mission through, for example, (i) a significant
financial or time commitment to the ongoing operation of the ACO, and/or (ii) a
written commitment to the achievement of the ACO’s quality and performance

At the heart of the SSP ACO regulati
ons are the quality performance standards, which include
the following:

The ACO must promote
evidence based medicine
, focusing on conditions with a
significant potential for achieving quality improvements for the beneficiary
population covered by the ACO;

The ACO must promote
beneficiary engagement
, through (i) including a
beneficiary representative on the governing body, (ii) conducting experience of
care survey requirements, (iii) evaluating and addressing the needs of the patient
population being serve
d, (iv) communicating with beneficiaries in clear terms
regarding the goals of evidence
based medicine, (v) implementing shared
making that takes into account the beneficiaries’ unique needs,
preferences, values, and priorities, and (vi) establish
ing written standards for



§§ 425.106(c); 425.20.


§ 425.108(a).



§ 425.108(b).



§ 425.108(c).


§ 425.108(d).



§§ 425.112(a); 425.112(b)(1).


beneficiary access and communication, and a process for beneficiaries to access
their medical record.

The ACO must develop an infrastructure for
internal reporting of

quality and
cost metrics
so as to facilitate evaluation, feedb
ack to participants and monitoring,
and thereby to improve care over time;

The ACO must
coordinate care

across and among primary care physicians,
specialists, and acute and post
acute providers and suppliers through defined
methods and processes, includi
ng the use of individualized care plans to promote
improved outcomes, at a minimum, for high
risk and multiple chronic condition

To successfully participate in the Medicare Shared Savings Program, an ACO must therefore be
a separate legal enti
ty with a defined governing body and clinical and administrative
management structure that is capable of clinically managing the inpatient and outpatient care for
an entire population of patients through coordinated care plans, intensive data measurement a
analysis, and the implementation and enforcement of evidence
based protocols. In order to even
achieve threshold eligibility to share in the financial rewards of the SSP,

an ACO must meet
CMS’s specific quality metrics in four different domains (patie
nt/caregiver experience, care
coordination/patient safety, preventive health and at
risk populations) by scoring above CMS’s
minimum attainment level on at least 70% of those metrics.

The ACO program raises a host of new operational and legal challenge
s for providers in
the areas of credentialing, quality oversight and peer review. In this article, we examine those
challenges and suggest ways in which they may be successfully resolved.



§§ 425.112(a); 425.112(b)(2); 425.106;



§§ 425.112(a); 425.112(b)(3).



§§ 425.112(a); 425.112(b)(4).



§§ 425.600



§ 425.502(d).



Developing the Infrastructure for Credentialing and Peer

Credentialing and peer review are the standard methods by which provider entities that
engage or employ licensed independent practitioners assure themselves of the quality and safety
of the services provided by those practitioners.

In the hospita
l context, the goal of
credentialing, privileging and peer review is typically to ensure that practitioners are practicing
within a broadly defined “standard of care” in the medical community. By contrast, ACOs must
develop and enforce much more tightly
controlled standards of practice. Specifically, ACOs are
charged with ensuring adherence to evidence
based protocols, individualized care plans, and
other methods of controlling care delivery to ensure high quality and decreased cost. Therefore,
ACOs can
not be content with simply replicating traditional methods of credentialing, privileging
and peer review. To be successful, they will need to exert much more targeted control over
clinical practices.

In developing the infrastructure for credentialing, p
rivileging and peer review, ACOs
must consider the following questions:

Who are the
credentialing and peer review decision
, i.e., those individuals or
committees responsible for developing standards, reviewing practitioners, and taking


what is the source of their authority?

What are the particular
procedures and

by which practitioners are reviewed
against the ACO’s clinical practice standards?

quality data and information

is used in the credentialing and peer oversight



In hospitals, ambulatory surgery centers, dialysis facilities and other clinical
settings, “privileging” is also a
n important component of the quality oversight process.
However, we believe “privileging” is less meaningful in the ACO context, which does not
involve a designated practice setting, but rather, is a means of coordinating care across many
different settin
gs. Therefore, we do not include a separate discussion of “privileging” in this
article. However, using the concepts discussed herein, a “privileging” process could readily be
developed and applied, if appropriate to a particular ACO setting.


What are the
enforcement tools and consequences

for failing to meet the ACO’s
quality standards?

In this section, we will suggest some possible approaches to these issues, recognizing that each
ACO will ultimately need to develop its own unique

approach that is tailored to meet its
particular provider and beneficiary population and culture.

ACOs will undoubtedly vest ultimate decision
making authority for credentialing and
peer review decisions with their governing bodies, which are ultimatel
y responsible and
accountable for the actions of the ACO. The governing bodies, in turn, can be expected to
delegate significant operational responsibility to the CMO and staff. The major question for
ACOs to resolve will likely be whether they create o
ne or more separate

review committees for
credentialing and peer review, and if so, who those committees report to

governing body.

The multi
layer review that is typical of hospital credentialing and peer review often
creates inefficiencie
s and redundancies with, arguably, little corresponding benefit in terms of
improved decision
making. ACOs may be better served by having a tight decision
structure, in which the ACO governing body either (i) acts as a super
credentialing and peer
review committee of the whole, or (ii) if that is not operationally feasible, creates a board
credentialing and peer review committee with delegated authority to act for the governing body.
The CMO and staff can thoroughly investigate and vet all cr
edentialing and peer review matters
coming before the governing body committee, so that there is essentially one layer of decision


Of co
urse, in order to obtain immunity under the Health Care Quality
Improvement Act, 42 U.S.C. § 11101
et seq.

it may be necessary to provide multiple layers of
hearing and appeal of certain adverse decisions.

Section IV below. However, in a well
zed ACO, the need for such action should be rare.


Establishing the source of authority of the credentialing and peer review decision
is also important. Pract
itioners often challenge adverse credentialing/peer review action by
asserting that the action is outside the authority of the decision
makers. ACOs must ensure that
all ACO participants bind themselves to the governance structure by which credentialing a
peer review standards will be developed and enforced, and agree to be bound by the
credentialing and peer review decisions, even (and
) when they are adverse to the

Common methods for securing such commitment are through (i)
contracts, (ii) bylaws,
and/or (iii) binding policies and procedures. All of these methods are acceptable, so long as the
ACO participants clearly signify their knowing and voluntary agreement to be bound by the
credentialing and peer review provisions

including the consequences for failing to meet the
required minimum standards

as a specific condition for becoming a participant in the ACO.
Anything less is likely to subject the ACO to controversy and/or litigation.

As is evident from the SSP regu
lations, ACO credentialing and peer review has a
different focus than typical hospital peer review. Those ACOs that will be successful under the
SSP are those in which the leadership is capable of “influenc[ing] or direct[ing] clinical practice
to improv
e efficiency processes and outcomes,”


i.e., changing practice patterns through
successful implementation of evidence
based protocols, individual care plans, and other methods
of care coordination and management.

The traditional vetting of credentia
ls, although an essential first
step, is only the
beginning of the inquiry as to whether a practitioner will succeed in the ACO setting. Of much
more import will be the “softer” criteria, i.e., whether the practitioner is capable of:


42 C.F.R. § 425.108(b).


adapting his/her pra
ctice in response to evidence
based protocols;

coordinating his/her care with that of other practitioners across a spectrum of
inpatient and outpatient providers; and

working cooperatively within a system of care.

In many respects, these characteristics

are much more difficult to evaluate. Nevertheless, they
may prove to be essential qualities in defining successful ACO participants. These types of
issues can be vetted initially through extremely detailed and specific peer references and through
a su
bstantive interview process. Alternatively, ACOs can opt not to do a thorough vetting of
these intangibles at this stage, but rather, rely on their ability to implement very clear standards
and consequences once a practitioner is accepted into the ACO.

Once practitioners are “credentialed” with the ACO, it is, in our view, paramount to the
success of the ACO that practitioners are regularly evaluated in accordance with external,
objective standards, and that there be a defined set of sanctions for failu
re to meet these objective
standards. The objective standards could consist, for instance, of a defined minimum level of
compliance with:

the ACO’s duly approved and adopted evidence based clinical protocols and
individual care plans;

minimum quality
standards as judged by clearly defined internal and external quality
metrics such as those that will render the ACO eligible to share in the financial
rewards of the Shared Savings Program;


basic conduct expectations as set forth in the ACO’s code of
conduct (which would
address such things as sexual harassment, disruptive conduct and legal compliance

These metrics could be reviewed by the ACO’s peer review committee regularly, for instance,
every three months, and an ACO participant t
hat failed to meet the required minimums, might be
subjected to the following (on a graduated basis, as necessary):




§ 425.500.


Level 1 Peer Review
: After review by the ACO peer review committee, the CMO
(or delegate) meets with the ACO practitioner to counsel him/h
er regarding his/her
deviations from the objective standards; discusses necessary changes in practice
patterns and “problem solves” any practical impediments thereto; secures the ACO
practitioner’s agreement to make the necessary changes; and records the
and outcome counseling session(s), including the specific agreed
upon practice
changes, in a written peer review record, signed by the CMO and the ACO

Level 2 Peer Review
: In the event that the ACO participant either (i) refuses t
cooperate in the Level 1 Peer Review, or (ii) is cooperative but subsequently fails to
implement the necessary changes in practice pattern and/or continues to practice
below the required minimum standard of practice, the matter moves to Level 2 Peer
ew. This consists of a formal warning, reprimand, and/or proctoring of the ACO
practitioner. Again, after review by the ACO peer review committee, the CMO (or
delegate), meets with the ACO participant and records the warning, reprimand and/or
in a written peer review record, signed by the CMO and the ACO
participant. If proctoring is involved, a proctor is engaged (internally or externally,
depending on the circumstances) to conduct an intensive period of evaluation and
intervention over a def
ined period of time. At the end of that period, the proctor
submits a written evaluation report as to the ACO participant’s response to the
proctoring, with specific reference to whether or not the ACO participant was
successful in changing his/her pract
ice patterns and/or improving his/her compliance
with the minimum standards of practice.

Level 3 Peer Review
. Level 3 is the final stage of peer review, which is reached only
if Level 2 Peer Review has been unsuccessful. The question under review at th
stage is whether the ACO Participant should (i) be terminated and excluded from the
ACO, or alternatively, (ii) be given “one last chance” to demonstrate his/her ability to
comply with the ACO’s minimum standards of practice. In anticipation of the
sibility of future litigation, the review at this level should be as thorough and
formal as deemed necessary under the circumstances (using external resources as
necessary) to provide a fair and defensible analysis.

A decision to terminate an ACO Partici
pant may necessitate a HCQIA
compliance “fair hearing”
process, as will be discussed in Section IV, below.

The goal of the peer review framework described above is a tightly controlled system in
which the standards are clearly defined, the intervention
is direct and immediate, and the
consequences for seriously underperforming providers is termination from participation. Such a
peer review process may turn out to be a key ingredient of the ACO’s ability to meet the
stringent quality mandates of the SSP
, thereby enabling the ACO to share in the financial


rewards of the federal program. It may also help position the ACO to “partner” effectively with
other health plans and provider entities also seeking to implement more coordinated and aligned
systems o
f care.


Protecting Peer Review Privilege and Confidentiality

Fearful that peer review data and information may be accessed and used by plaintiff
malpractice attorneys against ACO participants, ACOs will want to seek as much protection as
possible fr
om the zone of confidentiality and privilege that exists under state and federal law. In
this section, we will analyze the scope of protection afforded by the Pennsylvania Peer Review
Protection Act, 63 P.S. §§ 425.1
et seq.
, (PRPA), which provides the pr
imary state law peer
review privilege in Pennsylvania.

The threshold question for ACOs is whether the PRPA extends its protections to peer
review conducted by an ACO relative to the ACO participants. PRPA’s provisions appear broad
enough to encompass a “
peer review committee” made up of licensed healthcare providers acting
on behalf of an ACO. Nevertheless, because there is some degree of ambiguity in the statutory
text, it is hard to predict whether Pennsylvania courts would apply the PRPA protections
to the
“peer review committees” of an ACO, given the courts’ general hostility towards this privilege.
The key definitions are as follows:

"PEER REVIEW" means the procedure for evaluation
by professional health care
providers of the quality and efficiency

of services ordered or performed by other
professional health care providers
, including practice analysis, inpatient hospital and
extended care facility utilization review, medical audit, ambulatory care review, claims
review, and the compliance of a hosp
ital, nursing home or convalescent home or other
health care facility operated by a professional health care provider with the standards set
by an association of health care providers and with applicable laws, rules and regulations.


A somewhat different type of peer review protection is provided by the patient
safety provisions of the MCARE Act,
40 P.S. § 1303.311,

but the provi
sions of that Act are only
applicable to hospitals, ambulatory surgery centers, abortion facilities, and birth centers.

1303.302 (definition of “Medical facility”).


ARE PROVIDER” means: (1) individuals or
organizations who are approved, licensed or otherwise regulated to practice or operate in
the health care field under the laws of the Commonwealth, including, but not limited to,
the following individuals or organiza
tions: (i) a physician; (ii) a dentist; (iii) a podiatrist;
(iv) a chiropractor; (v) an optometrist; (vi) a psychologist; (vii) a pharmacist; (viii) a
registered or practical nurse; (ix) a physical therapist; (x) an administrator of a hospital,
nursing or
convalescent home or other health care facility; or (xi) a corporation or other
organization operating a hospital, nursing or convalescent home or other health care
facility; or (2) individuals licensed to practice veterinary medicine under the laws of thi

any committee engaging in peer review
including a hospital utilization review committee, a hospital tissue committee, a health
insurance review committee, a hospital plan corporation review committee, a profes
health service plan review committee, a dental review committee, a physicians' advisory
committee, a veterinary review committee, a nursing advisory committee, any committee
established pursuant to the medical assistance program, and any committee e
stablished by
one or more State or local professional societies, to gather and review information
relating to the care and treatment of patients for the purposes of (i) evaluating and
improving the quality of health care rendered; (ii) reducing morbidity o
r mortality; or (iii)
establishing and enforcing guidelines designed to keep within reasonable bounds the cost
of health care. It shall also mean any hospital board, committee or individual reviewing
the professional qualifications or activities of its med
ical staff or applicants for admission
thereto. It shall also mean a committee of an association of professional health care
providers reviewing the operation of hospitals, nursing homes, convalescent homes or
other health care facilities.

The PRPA’s con
fidentiality protections are as follows:

proceedings and records of a review committee

shall be held in confidence and
shall not be subject to discovery or introduction into evidence
in any civil action against
a professional health care provider

ing out of the matters which are the subject of
evaluation and review by such committee and no person who was in attendance at a
meeting of such committee shall be permitted or required to testify in any such civil
action as to any evidence or other matter
s produced or presented during the proceedings
of such committee or as to any findings, recommendations, evaluations, opinions or other
actions of such committee or any members thereof: Provided, however, That information,
documents or records otherwise av
ailable from original sources are not to be construed as
immune from discovery or use in any such civil action merely because they were
presented during proceedings of such committee, nor should any person who testifies
before such committee or who is a me
mber of such committee be prevented from
testifying as to matters within his knowledge, but the said witness cannot be asked about


63 P.S. § 425.2 (emphasis added).


his testimony before such a committee or opinions formed by him as a result of said
committee hearings.

As noted, although
this broad language would appear to encompass ACO credentialing and peer
review, Pennsylvania courts have historically found many ways of limiting the statute’s reach,
such that the PRPA may not provide the degree of protection as one might expect, given t
broad language of the Act.

McClellan v. HMO of Pennsylvania
686 A.2d 801

(Pa. 1996), the Pennsylvania
Supreme Court ruled that PRPA’s confidentiality provisions did not extend to an “IPA
HMO” because the HMO was not itself neither a licensed

healthcare provider nor a healthcare

The court found that the HMO’s major objective was to “contract” with healthcare
providers to deliver healthcare, and that “its physicians usually work in their own offices, use
their own equipment, and kee
p their own records.”

Thus, an HMO’s credentialing and peer
review records were held to be discoverable in an action against the HMO for alleged negligence
in selecting and retaining the physician in its HMO panel. Notably, as pointed out by Justice
igro in his dissenting opinion, the peer review information was held discoverable against the
HMO even though it could not be used against the allegedly negligent physician, who was a co
defendant in the lawsuit.

Justice Nigro suggested that the majorit
y decision would undermine
the PRPA’s goal of encouraging frank and candid review of physicians by their professional
peers, and thereby “hamper the quality of care.”

Although a later court pointed out that the



§ 425.4 (emphasis added).


n v. HMO of Pennsylvania
, 686 A.2d 801 (Pa. 1996).



at 806.



at 809 (Nigro, J., dissenting).




case was decided by an equally di
vided Supreme Court, and therefore, arguably, not

the case has nevertheless been consistently followed since decided in 1996.


decision created a large loophole in the PRPA’s confidentiality
protections, that could arguably j
eopardize the privileged nature of ACO peer review
proceedings. ACOs, like HMOs, are neither licensed healthcare providers nor medical facilities.
Like HMOs, ACOs have as one of their primary goals, the ability to contract with third parties
for the del
ivery of coordinated healthcare services by licensed healthcare providers. However,
ACOs are not mere insurers, and they are legally and definitionally required to have a much
more direct and “hands
on” clinical involvement than IPA
model HMOs. ACOs do
not merely
evaluate the competency of providers, they are directly involved in establishing and enforcing
clinical protocols and individualized patient care plans, and maintaining a coordinated system of
care. The level of direct clinical involvement req
uired of ACOs should help distinguish them
from an IPA
model HMO, should the need arise.

Even if clearly applicable to ACO credentialing and peer review, the PRPA can be seen
as offering only a patchwork of protections. Pennsylvania courts have chipped

away at the peer
review protections even in those healthcare settings that are squarely covered by the PRPA. The
only clear zone of protection is the minutes and records of formal meetings of peer review
committees. As defined by the Pennsylvania court
s, a

“review committee” is not just an
individual, or even an informal gathering of persons, but rather, is a committee that has been
established by some definitive action prior to the time of the review.

In order to be covered by


Fanelli v. Independence Blue Cross
, 75 Pa. D. & C.4th 10 (Phila. C.C.P. 2005)
(holding that the PRPA confidentiality provisions did not
extend to the Independence Blue Cross
Credentials Committee).


Steinbacher v. Mariano

19 Pa. D & C.4th 399, 405
06 (Lycoming C.C.P. 1992);
Mazzucca v. Methodist Hospital

47 Pa. D & C.3d 55, 60 (Phila. CCP 1986).


the Act, the record mu
st be the product of that peer review committee and relate to the matter
which is the subject of review.

A memorandum prepared by a Department Chair on his own
initiative, addressed to himself, is not peer review protected.

Likewise, documents created

during a meeting of hospital personnel to evaluate the causes of an adverse event are not
protected if the group was not formally constituted or identified as a “peer review committee”
and there was no formal record created of the meeting.

Moreover, e
ven records of peer
review committees that clearly fall within the scope of the PRPA’s protections may be
discoverable if copies are maintained in a facility’s “administrative files” as opposed to the
formal committee records.

The privilege can also pote
ntially be “waived” by providing to an
outside party such as, e.g., the Pennsylvania Department of Health.

When evaluating and
deciding on whether or not specific documents are peer review protected, courts closely examine
the entity’s bylaws, policies a
nd procedures to determine how the entity itself defines and
maintains peer review privileged documents.

Thus, ACOs cannot simply assume that their peer review materials will be protected
under the PRPA. Rather, they should work with counsel to carefull
y establish and document the
system of peer review oversight so as to maximize the available protections and position


Forrest v. St. Luke’s Hospital

3 Pa. D & C.4th 353, 355 n.1 (Lehigh C.C.P.
Treible v. Lehigh Valley Hospital Inc.

75 Pa. D & C.4th 22, 27
28 (Lehigh C.C.P. 2005).



47 Pa. D & C.3d at 60


Johnson v. Wiseman

46 Pa. D & C.4th 532, 535
36 (Bradford C.C.P. 2000);
, 73 Pa. D & C.4th at 355 n.1.


Short v. Pavlides
33 Pa. D. & C.4th 118, 126
(Phila. C.C.P. 1996);
Fowler v.

34 Pa. D. & C.3d 530, 533
37 (Washington C.C.P. 1981);
Resnick v. Hahnemann
University Hospital

28 Phila. 561, 566
69 (Phila. C
.C.P. 1995);
but see

Troescher v. Grody
, 869
A.2d 1014, 1021
23 (Pa. Super. Ct. 2005) (PRPA protects the confidentiality of a document
created for a peer review committee, even if the author of that document maintains a copy of it in
his/her confidential f


Rosser v. Feldman

38 Pa. D. & C.4th 353, 354
55 (Lackawanna C.C.P. 1998).




19 Pa. D & C.4th at 406;

47 Pa. D & C.3d at 58


themselves to argue successfully in court that, notwithstanding

and the lower court
decisions cited herein, that the ACO’s crede
ntialing and peer review activities are precisely the
types of activities that the Pennsylvania legislature designed the PRPA to promote and protect.


HCQIA Immunity and Reporting for ACOs

ACOs need to carefully evaluate their potential rights and ob
ligations under the federal
Healthcare Quality Improvement Act, 42 U.S.C. §§ 11101
et seq.

(HCQIA) with regard to
credentialing and peer review of ACO participants. HCQIA was enacted by Congress in 1998
as a means of furthering quality health care natio
nally by “restrict[ing] the ability of incompetent
physicians to move from State to State without disclosure or discovery of the physician’s
previous damaging or incompetent performance.” 42 U.S.C. § 11101.

Except in the small number of states that have

rejected HCQIA’s federal statutory
scheme in favor of their own, more stringent, peer review requirements,

HCQIA provides
federal immunity from damages actions to “health care entities” that take “professional review
action” (including adverse credential
ing and peer review decisions) in accordance with HCQIA’s
statutory provisions.

It also requires “health care entities” to report the adverse results of those
professional review actions to the National Practitioner Data Bank, 42 U.S.C. § 11133 (NPDB),
nd provides immunity for such reporting.

For an entity that is subject to HCQIA’s


Under HCQIA, states do have the option of rejecting the federal HCQIA
in favor of their own, more stringent, peer review protections. 42 U.S.C. §
11115(a). A small minority of states have opted to do so, including Maryland (






§ 5
637 immunizes peer reviewers from civil

provided they acted in good faith and within the scope of the jurisdiction of a medical
review committee), Georgia (


§ 31
132 provides criminal and civil immunity
to persons performing peer review activities, so long as they did not act wit
h malice), and Illinois
(225 ILCS 60/5 provides peer reviewers with immunity from civil damages, provided they did
not engage in willful or wanton misconduct).


42 U.S.C. §§ 11111



§ 11137(c).


provisions, the statutory consequence of either (i) failing to perform a professional review action
in the manner prescribed by HCQIA or (ii) failing to report to the NPDB
, is loss of HCQIA’s
immunity protections.

The threshold question for an ACO is whether it


qualify as a “health care
entity” for purposes of HCQIA immunity and reporting. As set forth below, at least some ACOs

qualify as HCQIA
“health care entities.” The question as to whether an ACO will

to qualify is more involved, and it is likely that ACOs will opt for different approaches
depending on their particular structures, cultures and circumstances.

A HCQIA “health care en
tity” is statutorily defined as an entity (including a health
maintenance organization or group medical practice) that (i) provides health care services and
(ii) follows a formal peer review process for the purpose of furthering quality health care.

der HCQIA, the term “provides health care services” means “the delivery of health care
services through any of a broad array of coverage arrangements or other relationships with
practitioners either by employing them directly, or through contractual or oth
er arrangements.

The term is broadly applied to include managed care entities such as an HMO or PPO, so long as
it implements and follows a formal peer review process.

Since ACOs bear many
commonalities with HMOs and PPOS, in the sense of bringing a

wide spectrum of providers
together to provide coordinated and “managed” care, based on HCQIA’s broad definitions, it
would appear that most ACOs will be able to qualify as “health care entities” so long as they are
structured to perform formal credential
ing and peer review.



§ 11133(c).



§ 11151(4)(A); 45 C
.F.R. § 60.3.








, at B
2 (Publication No. HRSA
255, Sept. 2001) (“





While hospitals are automatically subject to HCQIA’s immunity, reporting and querying
provisions, other types of health care entities have a certain latitude in determining whether or
not to follow HCQIA’s mandates. The statute requ
ires providers to make a self
determination as
to whether they meet the definition of “health care entity,” and if so, to register with HRSA,
providing a certification by an official of the organization that they qualify. If the registration is
by HRSA, then a Data Bank Identification Number (DBID) will be issued, thereby
qualifying the provider as a “health care entity” that would be eligible for HCQIA’s immunity
provisions, and enabling the entity to submit reports and queries to the NPDB.

The determining factor for ACO eligibility to participate in the HCQIA immunity,
reporting and querying provisions will be whether or not the ACO opts to establish a formal peer
review infrastructure, including the provision of hearings (and appeals) for p
roviders for whom
ACO membership may be denied or revoked. If an ACO opts not to conduct formal
credentialing and peer review, and

if it opts not to provide a formal hearing process
such as that outlined in HCQIA, then it may not want to cert
ify itself as a “health care entity”
under HCQIA.

The major upside of

participating in HCQIA is that it relieves the ACO of the
obligation of NPDB reporting, which creates its own liability exposures from adversely impacted
providers, most of whom asc
ribe to the common view of Databank reporting as professional
“poison.” Many hospitals and other healthcare entities regard the need to report adverse
credentialing and peer review decisions to the NPDB as having the unfortunate and unintended
ce of chilling, rather than promoting, adverse professional review action. Because of
the generally held perception (accurate or not) that a negative Databank report will have



at B


catastrophic professional consequences, physicians will often, at a minimum, i
nvoke the
cumbersome hearing and appeal process to challenge adverse action, and when they do not
succeed at that level, frequently resort to litigation for equitable relief and damages for injury to
reputation. Although HCQIA provides immunity from dama
ges both for good faith reporting
and for taking the underlying peer review action itself, its immunity provisions are incomplete,
and costly and disruptive litigation is generally anticipated to flow from adverse professional
review action.

A major down
side of not registering as a HCQIA health care entity is that the ACO will
(i) be unable to query the Databank, and (ii) be ineligible for HCQIA immunity in terminating
ACO Participants and revoking their privileges. The NPDB report does provide a valuabl
“snapshot” of the practitioner’s malpractice verdicts/settlements and any prior reported licensure
and hospital adverse actions, information which, unless it is self
disclosed by the practitioner, is
not readily available through other means. The NPDB q
uery is a commonly used tool for
“vetting” physicians because it is an available external source for a physician’s confidential

disciplinary history, and thus has valuable information that an ACO would be
unable to secure independently (unl
ess it has chosen to delegate the credentialing function to a
closely affiliated entity, such as a participating hospital). Indeed, many payers

participating providers to routinely query the NPDB, as a basic component of the credentialing
ocess. There is significant external pressure being brought to bear on all healthcare providers
to do effective credentialing as a way of protecting patient safety, and an ACO would be
particularly susceptible to such external pressure, given the central
ity of its focus on quality of


Likewise the HCQIA immunity may be particularly valuable to ACOs

immunity from claims for treble damages under the federal antitrust laws. ACOs are susceptible
to physician antitrust litigation (with

its high defense costs and treble damages exposures)
because ACOs are designed to be selective and nimble in evaluating and intervening with regard
to physicians who undermine the success of the ACO by, for instance, failing to adhere to
clinical protocol
s or coordination of care policies. Moreover, the antitrust exposure can be
expected to increase as the ACO achieves success and market dominance in a particular region.

Thus, there are significant ramifications that flow from an ACO’s choice to regis
ter, or
not register, as a HCQIA health care entity.

Once an ACO chooses to participate as a HCQIA entity, the ACO must be prepared to
both query and report to the Databank as required under the Act, and to perform its credentialing
and peer review funct
ions, in a manner that will meet the minimum requirements for HCQIA
immunity for “professional review actions,” which require that any adverse action have been


in the reasonable belief that the action was in furtherance of quality healthcare;


after a reasonable effort to obtain the facts of the matter,


after adequate notice and hearing procedures are afforded to the physician under
the circumstances, and


in the reasonable belief that the action was warranted by the facts known afte
such reasonable effort to obtain facts and after meeting the notice and hearing


42 U.S.C. § 11112.


Each of these elements has been litigated extensively and refined through court interpretation,
and the statute itself provides a safe harbor interpretation o
f “adequate notice and hearing

ACOs that choose to operate within the HCQIA framework will need to ensure
that they have implemented a process that, from the initiation of the investigation through
hearing and final decision
making will me
et these parameters.


Adoption and Enforcement of Evidence
Based Protocols

The key to an ACO’s success in achieving its quality objectives (and associated financial
rewards) will be its ability to adopt and enforce evidence
based protocols for the coor
dination of
care among the diverse participants in the ACO. This will require three structural elements:

front commitment to be bound by the ACO’s duly adopted evidence
protocols through the ACO governance documents

whether in the form of
racts, bylaws or binding policies;

procedures for generating evidence
based protocols that will maximize their
effectiveness and acceptance by the ACO participants; and


The “safe harbor” requirements for adequate notice and hearing, are as follows:
(1) Notice of proposed Action
. The physician has been given notice stating

(A)(i) that a
professional review action has been

proposed to be taken against the physician, (ii) the reasons
for the action, (B)(i) that the physician has the right to request a hearing on the proposed action,
(ii) any time limit (of not less than 30 days) within which to request such a hearing, and (C
) a
summary of the rights in the hearing.
(2) Notice of Hearing.
If a hearing is requested on a
timely basis under paragraph (1)(B)

(A) subject to paragraph (B), the hearing shall be held (as
determined by the health care entity)

(i) before an arbitr
ator mutually acceptable to the
physician and the health care entity, (ii) before a hearing officer who is appointed by the entity
and who is not in direct economic competition with the physician involved, or (iii) before a panel
of individuals who are app
ointed by the entity and are not in direct competition with the
physician involved; (B) the right to the hearing may be forfeited if the physician fails, without
good cause, to appear; (C) in the hearing the physician involved has the right

(i) to
entation by an attorney or other person of the physician’s choice, (ii) to have a record made
of the proceedings, copies of which may be obtained by the physician upon payment of
reasonable charges associated with the preparation thereof, (iii) to call, ex
amine and cross
examine witnesses, (iv) to present evidence determined to be relevant by the hearing officer,
regardless of its admissibility in a court of law, and (v) to submit a written statement at the close
of the hearing; and (D) upon the completion
of the hearing, the physician involved has the right

(i) to receive the written recommendation of the arbitrator, officer, or panel, including a
statement of the basis for the recommendations, and (ii) to receive a written decision of the
health care ent
ity, including a statement of the basis for the decision.

§ 11112(b).


rigorous enforcement, e.g., through the peer review process articulated above.

The bi
nding agreement to follow the ACO’s evidence
based protocols serves two
important functions. First, it builds in the commitment to evidence
based protocols as a
foundational element of the ACO. Specifically, providers acknowledge and agree that, by
ing the ACO, they are relinquishing a degree of medical autonomy and entering a

care in which their medical decision
making is pre
determined to some extent by the
needs for efficiency and coordination. Providers that are unwilling to
relinquish their medical
autonomy to that degree should opt not to participate in the ACO. Second, the binding
agreement to follow the ACO’s evidence
based protocols provides the ACO the authority it
needs to discipline or terminate a provider who has jo
ined but refuses to follow the ACO
protocols. ACO participants who willfully refuse to adhere to the ACO’s approved evidence
based protocols cannot be heard to complain that they are being unfairly singled out or
disciplined, if the foundational document
s that they agreed to when they joined the ACO make it
crystal clear that lack of adherence will lead to such disciplinary action.

The ACO’s evidence
based protocols must be designed through a process that generates
confidence in them by the ACO particip
ants. This likely requires a cross
section of providers
who have the necessary knowledge
base to design processes that will foster quality and
efficiency within a system of care. Moreover, evidence
based protocols cannot be seen as static
tools, but must

be continuously reviewed and refined in the actual practice setting in which they
are being utilized. Ideally, an ACO will be in a position to generate and review clinical practice
data that will enable it to evaluate the efficacy of its protocols in r
eal time, and make
improvements where necessary. Such data can be compiled electronically, through a system
wide Electronic Medical Record system if the ACO has one, or it can be compiled through more
traditional chart review or sentinel event “root cause

analysis.” Whatever the methods used, the


dynamic use of evidence
based protocols to promote a highly coordinated system of care should
be what drives the ACO’s quality program.

Finally, as discussed above, an ACO should be committed to rigorous enfo
rcement of its
based protocols as the means of achieving its quality objectives. We emphasize that
“rigorous” enforcement does not mean “blind” enforcement. When deviations from evidence
based protocols occur the initial step should always be
an inquiry into “why” the deviations
occurred and whether they are reflective of a weakness in the protocol or practical hurdle that
can be overcome through a redesign or retraining process. The vast majority of any peer review
effort should be focused on

improving the system of care through improved coordination
between and among the group of providers. In our view, an effective peer review process in this
setting is 88% percent refinement of the protocols and education of the provider team, 10%
targeted informal corrective action (including education and proctoring) and ideally,
only 1
2% any type of formal discipline (up to and including termination from the ACO).

An ACO’s success may depend on how effectively it manages the cultural cha
nge that is
required for practitioners to come to see themselves in isolation but as participants in a defined
and coordinated system of care. Those ACOs that are participants in the Medicare Shared
Savings Program or other payer incentive program will h
ave a financial incentive to make the
necessary cultural shift. However, whether or not those financial incentives exist, direct
involvement in the design and ongoing improvement of the system may be another important
means of securing the practitioners’
commitment to the new system.


The use of PSOs for Aggregating and Analyzing ACO Quality Data.

One of the methods that ACOs may want to consider in order to enhance their ability to
analyze quality data is a Patient Safety Organization (PSO), as def
ined by the federal Patient


Safety and Quality Improvement Act of 2005 (PSQIA)

and its implementing regulations.

PSO is an entity that collects and analyzes healthcare data for the purpose of improving patient
safety through clinical protocols and be
st practices.

The system for evaluating information
and developing clinical protocols and best practices is called a Patient Safety Evaluation System,
or PSES.

PSOs may be freestanding entities that provide no other services, or may be
components of o
ther healthcare organizations.

PSOs and their work product enjoy substantial
confidentiality and privilege protections under federal law, which were put in place to help
promote their use by healthcare providers.

However, as will be discussed in this
section, the
security, confidentiality and privilege requirements are restrictive, and consequently entities must
be cautious in how they utilize PSOs and the patient safety information that they generate, so as
not to inadvertently run afoul of the statut
ory requirements by attempting to define and use the
PSO and its PSES too broadly.

The security requirements mandate that the PSO have policies, procedures and processes
in place to ensure that PSWP is received, accessed, processed, developed, used, main
stored, removed, disclosed, transmitted and destroyed in a manner that maintains its
confidentiality and ensures that it is not accessed or used outside the confines of the PSO.

confidentiality provisions mandate that PSWP must be kept confid
ential and may not be


42 U.S.C. §§ 299b


42 C.F.R. §§ 3.10
et seq.
These became effective in January, 2009.



§ 3.20 (Definitions

Patient safety organization and Patient safe
ty activities).
In order to be recognized as a PSO for purposes of the PSQIA, an entity must meet the
requirements for public listing as such by the federal Agency for Healthcare Research and
Quality (AHRQ), and be listed on its public web



§ 3.20 (Definitions

Patient safety evaluation system).



§ 3.20 (Definitions

Component organization and Component PSO);





§§ 3.204



§ 3.106 (Security requirements).


disclosed except in very limited circumstances, such as for use in criminal proceedings or
equitable actions to vindicate rights established by the PSQIA (such as freedom from retaliation
from reporting into the PSO).

Likewise, the

extensive privilege protections preclude the use of
any PSWP in administrative or court proceedings, except in very limited circumstances, such as
criminal proceedings or the types of equitable actions referenced above.

The core functions of a PSO are th
e gathering and analysis of quality data, and the
generation of protocols and best practices to improve the quality of care. ACOs may want to
consider placing that component of their operations that consists of gathering and analyzing data
and generating

based protocols into either a component PSO or a separate, freestanding
PSO. However, a potential downside to using a PSO for this purpose is that it creates a more
length” process for analyzing and developing evidence
based protocols, wh
ereas what
may actually be more effective is a more direct, hands
on approach. For instance, in order to
maintain a component PSO, an entity must be able to certify the following:

The component PSO maintains its Patient Safety Work Product (PSWP) separate
from the rest of the organization, and has established security measures to maintain its

Members of the component PSO workforce may not make unauthorized disclosures
of PSWP to rest of the ACO;

The mission of the component PSO is not in

conflict with that of the ACO as a whole;

There is a written agreement between the component PSO and any individuals or
units of the ACO to which the component PSO discloses PSWP that clearly sets forth
the parameters within which the PSWP is disclosed an
d how all of the other
requirements will continue to be met;

The component PSO does not share staff with the rest of the ACO.



§ 3.206.



§ 3.204.



§ 3.102(c).


These restrictions could hamper the free flow of information between the ACO and its
component PSO (or an external PSO), which m
ight diminish from the ACO’s ability to act
nimbly in response to quality data generated “in the field.”

An ACO might consider, as other entities have done, defining its entire operations as a
PSO, thereby enabling it to freely share and act upon PSWP i
nternally without fear of breaching
the confidentiality and privilege obligations by doing so. This may be a workable approach,
since ACOs are generally defined and regarded as entities formed for the primary purpose of
improving quality of care. However
, making the entire entity into a PSO also creates operational
and administrative challenges, particularly with regard to the ACO’s compliance with the
security, confidentiality and privilege requirements, and should not be undertaken without a
very caref
ully defined plan for maintaining and managing the flow of PSWP within the

ACOs need to bear in mind that, whether they choose to use a freestanding PSO, a
component PSO or to define themselves as the PSO, the privilege provisions of the P
regulations could make it difficult for an ACO to take adverse action against an ACO participant
based on quality data that is part of the PSWP that enters into or is generated by the PSES.
Specifically, PSWP is privileged and not subject to discovery
or introduction into evidence in
any civil proceeding under federal or state law.

While this provision protects an ACO from
the use of PSWP in a malpractice case against it or one of its providers, it
precludes the
ACO from using it to defend itsel
f from an action brought by an ACO participant seeking to
challenge discipline or termination based on quality data that was generated by the PSO and
therefore constitutes PSWP. Thus, although an ACO could use the information internally to



§§ 3.204(a)(2); 3.204(a)(4).


discipline or
terminate the ACO participant, it would be unable to defend itself substantively in
any subsequent legal action, without incurring risk of a civil penalty or de
listing as a PSO.

This could create unacceptable legal exposure for any ACO seeking to enforc
e its evidence
based protocols through physician discipline or termination.

Although we have noted above
that physician discipline or termination should be considered only as a last resort and necessary
only in a tiny minority of cases, the mere knowled
ge that discipline and termination are genuine
potential outcomes, is often helpful in solidifying the ACO’s commitment to quality oversight
and enforcement.

In short, ACOs may find it helpful to develop a of PSO arrangement for the purpose of
ing quality data and generating best practices and evidence
based protocols. If this path is
pursued, considerable care should be taken in defining the PSO framework, and setting up a
PSES that will enable the ACO to obtain the benefits of the PSO while a
dhering to its many
requirements for security, confidentiality and privilege of the PSWP generated by the PSO.



ACOs offer the opportunity for physicians and other providers to develop coordinated,
based care that may help foster
quality and efficiency while reducing the overall cost of
care. The framework for credentialing and peer review discussed in this article will assist ACOs


The sanctions for disclosing identifiable PSWP in knowing or reckless violation
of the confidentiality provisions is a civil penalty of up to $11,000, in addition to any other
penalties prescribed

by law.

§§ 3.402(a); 3.404(b); 3.418. In addition, a PSO may be de
listed based on a finding that it is not fulfilling its certifications, including the certifications
pertaining to privilege and confidentiality.

§ 3.108.


PSQIA does permit

disclosure of PSWP if all providers identified in the PSWP
sign written authorizations to permit it.

§ 3.206(b)(3). However, it might be risky for an
ACO to count on obtaining such permission from all identified providers in the event of
with a disciplined or terminated ACO participant.


to position themselves to meet their own quality objectives as ACOs, and to participate in the
ncial rewards arising from the Medicare Shared Savings Program.