Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

We invite you to try out our new beta eCFR site at https://ecfr.federalregister.gov. We have made big changes to make the eCFR easier to use. Be sure to leave feedback using the Feedback button on the bottom right of each page!

e-CFR data is current as of March 4, 2021

Title 38Chapter IPart 17 → Subject Group


Title 38: Pensions, Bonuses, and Veterans' Relief
PART 17—MEDICAL


Confidentiality of Healthcare Quality Assurance Review Records

Authority: 38 U.S.C. 5705.

Source: 59 FR 53355, Oct. 24, 1994, unless otherwise noted.

§17.500   General.

(a) Section 5705, title 38, United States Code was enacted to protect the integrity of the VA's medical quality assurance program by making confidential and privileged certain records and documents generated by this program and information contained therein. Disclosure of quality assurance records and documents made confidential and privileged by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511 may only be made in accordance with the provisions of 38 U.S.C. 5705 and those regulations.

(b) The purpose of the regulations in §§17.500 through 17.511 is to specify and provide for the limited disclosure of those quality assurance documents which are confidential under the provisions of 38 U.S.C. 5705.

(c) For purposes of the regulations in §§17.500 through 17.511, the VA's medical quality assurance program consists of systematic healthcare reviews carried out by or for VA for the purpose of improving the quality of medical care or improving the utilization of healthcare resources in VA medical facilities. These review activities may involve continuous or periodic data collection and may relate to either the structure, process, or outcome of health care provided in the VA.

(d) Nothing in the regulations in §§17.500 through 17.511 shall be construed as authority to withhold any record or document from a committee or subcommittee of either House of Congress or any joint committee or subcommittee of Congress, if such record or document pertains to any matter within the jurisdiction of such committee or joint committee.

(e) The regulations in §§17.500 through 17.511 do not waive the sovereign immunity of the United States, and do not waive the confidentiality provisions and disclosure restrictions of 38 U.S.C. 5705.

(Authority: 38 U.S.C. 5705)

§17.501   Confidential and privileged documents.

(a) Documents and parts of documents are considered confidential and privileged if they were produced by or for the VA in the process of conducting systematic healthcare reviews for the purpose of improving the quality of health care or improving the utilization of healthcare resources in VA healthcare facilities and meet the criteria in paragraphs (b) and (c) of this section. The four classes of healthcare quality assurance reviews with examples are:

(1) Monitoring and evaluation reviews conducted by a facility:

(i) Medical records reviews,

(ii) Drug usage evaluations,

(iii) Blood usage reviews,

(iv) Surgical case/invasive procedure reviews,

(v) Service and program monitoring including monitoring performed by individual services or programs, several services or programs working together, or individuals from several services or programs working together as a team,

(vi) Mortality and morbidity reviews,

(vii) Infection control review and surveillance,

(viii) Occurrence screening,

(ix) Tort claims peer reviews (except reviews performed to satisfy the requirements of a governmental body or a professional health care organization which is licensing practitioners or monitoring their professional performance),

(x) Admission and continued stay reviews,

(xi) Diagnostic studies utilization reviews,

(xii) Reports of special incidents (VA Form 10-2633 or similar forms) and follow-up documents unless developed during or as a result of a Board of Investigation;

(2) Focused reviews which address specific issues or incidents and which are designated by the reviewing office at the outset of the review as protected by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511; focused reviews may be either:

(i) Facility focused reviews;

(ii) VA Central Office or Regional focused reviews;

(3) VA Central Office or Regional general oversight reviews to assess facility compliance with VA program requirements if the reviews are designated by the reviewing office at the outset of the review as protected by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511; and

(4) Contracted external reviews of care, specifically designated in the contract or agreement as reviews protected by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511.

(b) The Under Secretary for Health, Regional Director or facility Director will describe in advance in writing those quality assurance activities included under the classes of healthcare quality assurance reviews listed in paragraph (a) of this section. Only documents and parts of documents resulting from those activities which have been so described are protected by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511. If an activity is not described in a VA Central Office or Regional policy document, this requirement may be satisfied at the facility level by description in advance of the activity and its designation as protected in the facility quality assurance plan or other policy document.

(c) Documents and parts of documents generated by activities which meet the criteria in paragraphs (a) and (b) of this section shall be confidential and privileged only if they:

(1) Identify, either implicitly or explicitly, individual practitioners, patients, or reviewers except as provided in paragraph (g)(6) of this section; or

(2) Contain discussions relating to the quality of VA medical care or utilization of VA medical resources by healthcare evaluators during the course of a review of quality assurance information or data, even if they do not identify practitioners, patients, or reviewers; or

(3) Are individual committee, service, or study team minutes, notes, reports, memoranda, or other documents either produced by healthcare evaluators in deliberating on the findings of healthcare reviews, or prepared for purposes of discussion or consideration by healthcare evaluators during a quality assurance review; or

(4) Are memoranda, letters, or other documents from the medical facility to the Regional Director or VA Central Office which contain information generated by a quality assurance activity meeting the criteria in §17.501 (a) and (b); or

(5) Are memoranda, letters, or other documents produced by the Regional Director or VA Central Office which either respond to or contain information generated by a quality assurance activity meeting the criteria in §17.501 (a) and (b).

(d) Documents which meet the criteria in this section are confidential and privileged whether they are produced at the medical facility, Regional or VA Central Office levels, or by external contractors performing healthcare quality assurance reviews.

(e) Documents which are confidential and privileged may be in written, computer, electronic, photographic or any other form.

(f) Documents which contain confidential and privileged material in one part, but not in others, such as Clinical Executive Board minutes, should be filed and maintained as if the entire document was protected by 38 U.S.C. 5705. This is not required if the confidential and privileged material is deleted.

(g) The following records and documents and parts of records and documents are not confidential even if they meet the criteria in paragraphs (a) through (c) of this section:

(1) Statistical information regarding VA healthcare programs or activities that does not implicitly or explicitly identify individual VA patients or VA employees or individuals involved in the quality assurance process;

(2) Summary documents or records which only identify study topics, the period of time covered by the study, criteria, norms, and/or major overall findings, but which do not identify individual healthcare practitioners, even by implication;

(3) The contents of Credentialing and Privileging folders as described in VACO policy documents (38 U.S.C. 5705-protected records shall not be filed in Credentialing and Privileging folders);

(4) Records and documents developed during or as a result of Boards of Investigations;

(5) Completed patient satisfaction survey questionnaires and findings from patient satisfaction surveys;

(6) Records and documents which only indicate the number of patients treated by a practitioner, either by diagnosis or in aggregate, or number of procedures performed by a practitioner, either by procedure or in aggregate;

(7) Records and documents developed during or as a result of reviews performed to satisfy the requirements of a governmental body or a professional healthcare organization which is licensing practitioners or monitoring their professional performance, e.g., National Practitioner Data Bank, Federation of State Medical Boards, and National Council of State Boards of Nursing;

(8) Documents and reports developed during or as a result of site visits by the Office of the Medical Inspector except to the extent that the documents and reports contain information that meets the criteria described in this section and are produced by or for VA by other than the Office of Medical Inspector;

(9) External reviews conducted by VA Central Office or a Region other than those designated by the reviewing office under paragraph (a)(2) or (a)(3) of this section as protected by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511;

(10) Documents and reports of Professional Standards Boards, Credentialing Committees, Executive Committees of Medical Staff, and similar bodies, insofar as the documents relate to the credentialing and privileging of practitioners;

(11) Documents and reports developed during or as a result of data validation activities;

(12) Documents and reports developed during or as a result of occupational health monitoring;

(13) Documents and reports developed during or as a result of safety monitoring not directly related to the care of specified individual patients;

(14) Documents and reports developed during or as a result of resource management activities not directly related to the care of specified individual patients; and

(15) Information and records derived from patient medical records or facility administrative records, which are not protected by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511, may be sent or communicated to a third party payor who has asked for this information in response to a VA request for reimbursement based on Public Law 99-272 and Public Law 101-508. Reviews conducted at the request of the third party payor do not generate records protected by 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511 since the reviews are not undertaken as part of the VA's quality assurance program.

(Authority: 38 U.S.C. 5705)

§17.502   Applicability of other statutes.

(a) Disclosure of quality assurance records and documents which are not confidential and privileged under 38 U.S.C. 5705 and the confidentiality regulations in §§17.500 through 17.511 will be governed by the provisions of the Freedom of Information Act, and, if applicable, the Privacy Act and any other VA or federal confidentiality statutes.

(b) When included in a quality assurance review, confidential records protected by other confidentiality statutes such as 5 U.S.C. 552a (the Privacy Act), 38 U.S.C. 7332 (drug and alcohol abuse, sickle cell anemia, HIV infection), and 38 U.S.C. 5701 (veterans' names and addresses) retain whatever confidentiality protection they have under these laws and applicable regulations and will be handled accordingly. To the extent that information protected by 38 U.S.C. 5701 or 7332 or the Privacy Act is incorporated into quality assurance records, the information in the quality assurance records is still protected by these statutes.

(Authority: 38 U.S.C. 5705)

§17.503   Improper disclosure.

(a) Improper disclosure is the disclosure of confidential and privileged healthcare quality assurance review records or documents (or information contained therein), as defined in §17.501, to any person who is not authorized access to the records or documents under the statute and the regulations in §§17.500 through 17.511.

(b) “Disclosure” means the communication, transmission, or conveyance in any way of any confidential and privileged quality assurance records or documents or information contained in them to any individual or organization in any form by any means.

(Authority: 38 U.S.C. 5705)

§17.504   Disclosure methods.

(a) Disclosure of confidential and privileged quality assurance records and documents or the information contained therein outside VA, where permitted by the statute and the regulations in §§17.500 through 17.511, will always be by copies, abstracts, summaries, or similar records or documents prepared by the Department of Veterans Affairs and released to the requestor. The original confidential and privileged quality assurance records and documents will not be removed from the VA facility by any person, VA employee or otherwise, except in accordance with §17.508(c) or where otherwise legally required.

(b) Disclosure of confidential and privileged quality assurance records and documents to authorized individuals under either §17.508 or §17.509 shall bear the following statement: “These documents or records (or information contained herein) are confidential and privileged under the provisions of 38 U.S.C. 5705, which provide for fines up to $20,000 for unauthorized disclosures thereof, and the implementing regulations. This material shall not be disclosed to anyone without authorization as provided for by that law or the regulations in §§17.500 through 17.511.”

(Authority: 38 U.S.C. 5705)

§17.505   Disclosure authorities.

The VA medical facility Director, Regional Director, Under Secretary for Health, or their designees are authorized to disclose any confidential and privileged quality assurance records or documents under their control to other agencies, organizations, or individuals where 38 U.S.C. 5705 or the regulations in §§17.500 through 17.511 expressly provide for disclosure.

(Authority: 38 U.S.C. 5705)

§17.506   Appeal of decision by Veterans Health Administration to deny disclosure.

When a request for records or documents subject to the regulations in §§17.500 through 17.511 is denied in whole or in part by the VA medical facility Director, Regional Director or Under Secretary for Health, the VA official denying the request in whole or in part will notify the requestor in writing of the right to appeal this decision to the General Counsel of the Department of Veterans Affairs within 60 days of the date of the denial letter. The final Department decision will be made by the General Counsel or the Deputy General Counsel.

(Authority: 38 U.S.C. 5705)

§17.507   Employee responsibilities.

(a) All VA employees and other individuals who have access to records designated as confidential and privileged under 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511 will treat the findings, views, and actions relating to quality assurance in a confidential manner.

(b) All individuals who have had access to records designated as confidential and privileged under 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511 will not disclose such records or information therein to any person or organization after voluntary or involuntary termination of their relationship to the VA.

(Authority: 38 U.S.C. 5705)

§17.508   Access to quality assurance records and documents within the agency.

(a) Access to confidential and privileged quality assurance records and documents within the Department pursuant to this section is restricted to VA employees (including consultants and contractors of VA) who have a need for such information to perform their government duties or contractual responsibilities and who are authorized access by the VA medical facility Director, Regional Director, the Under Secretary for Health, or their designees or by the regulations in §§17.500 through 17.511.

(b) To foster continuous quality improvement, practitioners on VA rolls, whether paid or not, will have access to confidential and privileged quality assurance records and documents relating to evaluation of the care they provided.

(c) Any quality assurance record or document, whether confidential and privileged or not, may be provided to the General Counsel or any attorney within the Office of General Counsel, wherever located. These documents may also be provided to a Department of Justice (DOJ) attorney who is investigating a claim or potential claim against the VA or who is preparing for litigation involving the VA. If necessary, such a record or document may be removed from the VA medical facility to the site where the General Counsel or any attorney within the Office of General Counsel or the DOJ attorney is conducting an investigation or preparing for litigation.

(d) Any quality assurance record or document or the information contained therein, whether confidential and privileged or not, will be provided to the Department of Veterans Affairs Office of Inspector General upon request. A written request is not required.

(e) To the extent practicable, documents accessed under paragraph (b) of this section will not include the identity of peer reviewers. Reasonable efforts will be made to edit documents so as to protect the identities of reviewers, but the inability to completely do so will not bar access under paragraph (b).

(f) No individual shall be permitted access to confidential and privileged quality assurance records and documents identified in §17.501 unless such individual has been informed of the penalties for unauthorized disclosure. Any misuse of confidential and privileged quality assurance records or documents shall be reported to the appropriate VHA official, e.g., Service Chief, Medical Center Director.

(g) In general, confidential and privileged quality assurance records and documents will be maintained for a minimum of 3 years and may be held longer if needed for research studies or quality assurance or legal purposes.

(Authority: 38 U.S.C. 5705)

§17.509   Authorized disclosure: Non-Department of Veterans Affairs requests.

(a) Requests for confidential and privileged quality assurance records and documents from organizations or individuals outside VA must be made to the Department and must specify the nature and content of the information requested, to whom the information should be transmitted or disclosed, and the purpose listed in paragraphs (b) through (j) of this section for which the information requested will be used. In addition, the requestor will specify to the extent possible the beginning and final dates of the period for which disclosure or access is requested. The request must be in writing and signed by the requestor. Except as specified in paragraphs (b) and (c) of this section, these requests should be forwarded to the Director of the facility in possession of the records or documents for response. The procedures outlined in 38 U.S.C. 5701, 5 U.S.C. 552 and 552a, and 38 CFR 1.500 through 1.582 will be followed where applicable.

(b) Disclosure shall be made to Federal agencies upon their written request to permit VA's participation in healthcare programs including healthcare delivery, research, planning, and related activities with the requesting agencies. Any Federal agency may apply to the Under Secretary for Health for approval. If the VA decides to participate in the healthcare program with the requestor, the requesting agency will enter into an agreement with VA to ensure that the agency and its staff will ensure the confidentiality of any quality assurance records or documents shared with the agency.

(c) Qualified persons or organizations, including academic institutions, engaged in healthcare program activities shall, upon request to and approval by the Under Secretary for Health, Regional Director, medical facility Director, or their designees, have access to confidential and privileged medical quality assurance records and documents to permit VA participation in a healthcare activity with the requestor, provided that no records or documents are removed from the VA facility in possession of the records.

(d) When a request under paragraphs (b) or (c) of this section concerns access for research purposes, the request, together with the research plan or protocol, shall first be submitted to and approved by an appropriate VA medical facility Research and Development Committee and then approved by the Director of the VA medical facility. The VA medical facility staff together with the qualified person(s) conducting the research shall be responsible for the preservation of the anonymity of the patients, clients, and providers and shall not disseminate any records or documents which identify such individuals directly or indirectly without the individual's consent. This applies to the handling of data or information as well as reporting or publication of findings. These requirements are in addition to other applicable protections for the research.

(e) Individually identified patient medical record information which is protected by another statute as provided in §17.502 may not be disclosed to a non-VA person or organization, including disclosures for research purposes under paragraph (d), except as provided in that statute.

(f) Under paragraph (b), the Under Secretary for Health or designee or under paragraph (c), the Under Secretary for Health, Regional Director, medical facility Director, or their designees may approve a written request if it meets the following criteria:

(1) Participation by VA will benefit VA patient care; or

(2) Participation by VA will enhance VA medical research; or

(3) Participation by VA will enhance VA health services research; or

(4) Participation by VA will enhance VA healthcare planning or program development activities; or

(5) Participation by VA will enhance related VA healthcare program activities; and

(6) Access to the record by the requester is required for VA to participate in a healthcare program with the requester.

(g) Protected quality assurance records or documents, including records pertaining to a specific individual, will for purposes authorized under law be disclosed to a civil or criminal law enforcement governmental agency or instrumentality charged under applicable law with the protection of public health or safety, including state licensing and disciplinary agencies, if a written request for such records or documents is received from an official of such an organization. The request must state the purpose authorized by law for which the records will be used. The Under Secretary for Health, Regional Director, medical facility Director, or their designees will determine the extent to which the information is disclosable.

(h) Federal agencies charged with protecting the public health and welfare, federal and private agencies which engage in various monitoring and quality control activities, agencies responsible for licensure of individual health care facilities or programs, and similar organizations will be provided confidential and privileged quality assurance records and documents if a written request for such records or documents is received from an official of such an organization. The request must state the purpose for which the records will be used. The Under Secretary for Health, Regional Director, medical facility Director, or their designees will determine the extent to which the information is disclosable.

(i) JCAHO (Joint Commission on Accreditation of Healthcare Organizations) survey teams and similar national accreditation agencies or boards and other organizations requested by VA to assess the effectiveness of quality assurance program activities or to consult regarding these programs are entitled to disclosure of confidential and privileged quality assurance documents with the following qualifications:

(1) Accreditation agencies which are charged with assessing all aspects of medical facility patient care, e.g., JCAHO, may have access to all confidential and privileged quality assurance records and documents.

(2) Accreditation agencies charged with more narrowly focused review (e.g., College of American Pathologists, American Association of Blood Banks, Nuclear Regulatory Commission, etc.) may have access only to such confidential and privileged records and documents as are relevant to their respective focus.

(j) Confidential and privileged quality assurance records and documents shall be released to the General Accounting Office if such records or documents pertain to any matter within its jurisdiction.

(k) Confidential and privileged quality assurance records and documents shall be released to both VA and non-VA healthcare personnel upon request to the extent necessary to meet a medical emergency affecting the health or safety of any individual.

(l) For any disclosure made under paragraphs (a) through (i) of this section, the name of and other identifying information regarding any individual VA patient, employee, or other individual associated with VA shall be deleted from any confidential and privileged quality assurance record or document before any disclosure under these quality assurance regulations in §§17.500 through 17.511 is made, if disclosure of such name and identifying information would constitute a clearly unwarranted invasion of personal privacy.

(m) Disclosure of the confidential and privileged quality assurance records and documents identified in §17.501 will not be made to any individual or agency until that individual or agency has been informed of the penalties for unauthorized disclosure or redisclosure.

(Authority: 38 U.S.C. 5705)

[59 FR 53355, Oct. 24, 1994, as amended at 79 FR 54616, Sept. 12, 2014]

§17.510   Redisclosure.

No person or entity to whom a quality assurance record or document has been disclosed under §17.508 or §17.509 shall make further disclosure of such record or document except as provided for in 38 U.S.C. 5705 and the regulations in §§17.500 through 17.511.

(Authority: 38 U.S.C. 5705)

§17.511   Penalties for violations.

Any person who knows that a document or record is a confidential and privileged quality assurance document or record described in §§17.500 through 17.511 and willfully discloses such confidential and privileged quality assurance record or document or information contained therein, except as authorized by 38 U.S.C. 5705 or the regulations in §§17.500 through 17.511, shall be fined not more than $5,000 in the case of a first offense and not more than $20,000 in the case of each subsequent offense.

(Authority: 38 U.S.C. 5705)

Need assistance?