Medical Law
Medical malpractice, negligence, informed consent law, HIPAA, reportable conditions, EMTALA, end-of-life law, scope of practice, licensing, and every legal principle and statutory framework that governs the practice of medicine.
01 Overview & Significance
Medical law is the body of statutes, regulations, common-law doctrines, and constitutional principles that govern the practice of medicine, the physician–patient relationship, and the operation of health care institutions. Unlike medical ethics — which asks what a physician ought to do — medical law defines what a physician must do to avoid civil liability, criminal prosecution, administrative sanctions, or loss of licensure. Every clinical encounter, from the simplest office visit to the most complex ICU decision, takes place inside a legal framework that physicians are expected to understand and respect.
Approximately one in three physicians will be named in a malpractice suit during their career, and nearly every physician will at some point confront issues of informed consent, HIPAA, EMTALA, mandatory reporting, or end-of-life decision-making. A working knowledge of medical law is not optional — it is essential to safe, competent practice and to protecting both patients and clinicians.
Domains of Medical Law
| Domain | Scope |
|---|---|
| Malpractice & tort law | Civil liability for negligent medical care |
| Consent & autonomy law | Informed consent, refusal of care, surrogate decision-making |
| Privacy law | HIPAA, state confidentiality statutes, heightened protections |
| Regulatory law | CMS, FDA, DEA, OSHA, state medical board rules |
| Public health law | Mandatory reporting, quarantine, vaccination, reportable conditions |
| Fraud & abuse law | Stark, Anti-Kickback Statute, False Claims Act, qui tam |
| End-of-life law | Advance directives, brain death, POLST, aid in dying |
| Employment & institutional law | Credentialing, peer review, HCQIA, ADA, workers compensation |
Ethics vs Law
Medical ethics and medical law overlap substantially but are not identical. Ethical obligations (beneficence, nonmaleficence, autonomy, justice) can exceed what the law requires, and legal obligations can occasionally require conduct that feels ethically uncomfortable (e.g., mandatory reporting of a patient who trusts the physician). When the two diverge, physicians must comply with the law while using ethics consultation, risk management, and advocacy to work toward the best outcome.
Historical Development
Modern medical law grew out of an older common-law tradition that treated the physician like any other skilled craftsman — liable when the work fell below the standard of the trade. The 20th century transformed that simple framework with a series of revolutions: the informed consent revolution (Schloendorff 1914, Salgo 1957, Canterbury 1972) reoriented the law around patient autonomy; the rights revolution (Griswold 1965, Roe 1973, Cruzan 1990) imported constitutional analysis; the regulatory revolution (HIPAA 1996, EMTALA 1986, Stark 1989, HITECH 2009) layered federal rules over state common law; and the quality and safety revolution drove increasingly detailed expectations of documentation, disclosure, and error reporting. Today's physicians practice at the intersection of all four.
02 Sources of Law & Jurisdiction
American law governing medicine is layered. It derives from multiple sources and operates at both federal and state levels. Understanding where a given rule comes from explains how it can be changed, challenged, or enforced.
The Four Sources of Law
| Source | Authority | Medical Examples |
|---|---|---|
| Constitutional law | U.S. and state constitutions; interpreted by courts | Right to privacy (Griswold, Roe, Casey), right to refuse treatment (Cruzan) |
| Statutory law | Enacted by Congress or state legislatures | HIPAA, EMTALA, Controlled Substances Act, state malpractice caps |
| Regulatory / administrative law | Issued by agencies under statutory authority | CMS Conditions of Participation, FDA drug approval, DEA scheduling, state medical board rules |
| Common law | Judge-made law from case decisions and precedent | Standard of care, informed consent doctrine, battery, negligence |
The Hierarchy of Legal Authority
When multiple sources of law speak to a medical issue, they are ordered: (1) the U.S. Constitution, (2) federal statutes and treaties, (3) federal regulations, (4) state constitutions, (5) state statutes, (6) state regulations, and (7) common-law precedent. Higher authority controls lower authority, and more specific authority generally controls more general authority within the same level. Institutional policies and medical society guidelines are not law, but they are often used as evidence of the standard of care and become practically binding through credentialing and employment.
Federal vs State Jurisdiction
Most medical practice law is state law. States license physicians, define scope of practice, set malpractice standards, regulate insurance, and operate public health systems. Federal law takes over where interstate commerce, federal funding, or constitutional rights are at stake: HIPAA (federal privacy floor), EMTALA (hospitals accepting Medicare), Controlled Substances Act (DEA), ADA, OSHA, Stark/Anti-Kickback/FCA, and ERISA (employer health plans). When federal and state law conflict, the Supremacy Clause makes federal law controlling, but states remain free to impose stricter standards than the federal floor.
HIPAA is the classic example. It sets a federal minimum for patient privacy, but states may (and often do) impose tighter rules — for example, requiring specific written authorization for release of HIV, mental health, or substance-use records. Physicians must follow whichever law is more protective of the patient.
Court Systems
| Court | Hears | Medical Relevance |
|---|---|---|
| State trial court | Malpractice, consent, guardianship, licensure appeals | Most malpractice cases tried here |
| State appellate & supreme court | Appeals from trial court; interprets state law | State standard of care, state privacy law |
| Federal district court | Federal question and diversity cases | EMTALA, HIPAA, ADA, civil rights, qui tam |
| U.S. Court of Appeals | Appeals from federal district courts | Circuit splits on medical issues |
| U.S. Supreme Court | Final word on federal law & Constitution | Roe, Casey, Cruzan, Glucksberg, Dobbs |
03 Civil vs Criminal Law & Standards of Proof
Most legal exposure in medicine is civil — a private lawsuit brought by a patient seeking money damages. Criminal liability is rare but serious, reserved for conduct such as sexual assault, drug diversion, Medicare fraud, manslaughter, or homicide. Administrative proceedings (medical board complaints, CMS sanctions) are a third, distinct track that can strip a physician of the right to practice independent of any civil or criminal case.
Civil, Criminal & Administrative Compared
| Feature | Civil | Criminal | Administrative |
|---|---|---|---|
| Plaintiff | Private party (patient) | State or federal government | Licensing board / agency |
| Standard of proof | Preponderance (>50%) | Beyond reasonable doubt | Clear & convincing or preponderance |
| Penalty | Money damages | Fine, probation, prison | Fines, license suspension/revocation |
| Right to jury | Yes | Yes | No (hearing before board) |
| Examples | Malpractice, battery, breach of confidentiality | Drug diversion, fraud, assault | Board discipline, CMS exclusion |
Standards of Proof
| Standard | Approximate Certainty | Used For |
|---|---|---|
| Preponderance of the evidence | >50% (more likely than not) | Most civil cases, including malpractice |
| Clear and convincing evidence | ~75% | Involuntary commitment, termination of parental rights, fraud |
| Beyond a reasonable doubt | ~95%+ | Criminal convictions |
Statutes of Limitations
Each state sets a statute of limitations (SOL) for malpractice claims, typically 1–3 years from the date of the alleged negligence or from the date the injury was (or reasonably should have been) discovered (the "discovery rule"). Special rules apply to minors (the clock often does not start until the age of majority), to foreign-object retention (discovery rule), and to cases of fraudulent concealment (tolling). A statute of repose sets an outer limit regardless of discovery (often 5–10 years).
Discovery Rule Variations
| Scenario | Clock Start |
|---|---|
| Obvious injury at time of care | Date of negligent act |
| Latent injury (missed diagnosis) | Date patient knew or reasonably should have known |
| Foreign object retained | Date of discovery (most states) |
| Fraudulent concealment | Tolled until concealment ends |
| Minor plaintiff | Typically tolled until age of majority |
| Incompetent plaintiff | Tolled during incompetence in many states |
Anatomy of a Malpractice Case
Understanding the life cycle of a malpractice case helps physicians recognize what to expect if they are sued. The typical sequence is: (1) adverse outcome and patient inquiry; (2) notice of intent or pre-suit screening; (3) filing of complaint and service of process; (4) answer and discovery (interrogatories, depositions, record production); (5) expert disclosures; (6) motion practice (summary judgment); (7) mediation or settlement discussions; (8) trial; (9) verdict and post-trial motions; (10) appeal. Most cases settle before trial; a minority go to verdict. Total duration typically ranges from 2 to 5 years.
04 Tort Law & the Physician–Patient Relationship
A tort is a civil wrong for which the law provides a remedy in damages. Medical practice generates three broad categories of tort exposure: negligence (the overwhelming majority of malpractice cases), intentional torts (battery, false imprisonment, intentional infliction of emotional distress), and strict liability (rare in medicine; arises mostly with defective medical devices and products).
Categories of Tort
| Category | Key Feature | Medical Example |
|---|---|---|
| Negligence | Failure to exercise reasonable care | Missed diagnosis, medication error, retained sponge |
| Intentional tort — battery | Unconsented touching | Surgery without consent; wrong-site surgery |
| Intentional tort — false imprisonment | Unlawful confinement | Improper psychiatric hold; refusing to discharge a competent patient |
| Intentional tort — IIED | Extreme & outrageous conduct causing emotional harm | Mockery or abuse of a patient |
| Defamation | False statement harming reputation | Inaccurate record entry; harmful gossip |
| Breach of confidentiality | Improper disclosure | Unauthorized release of records |
| Strict liability | Liability without fault | Defective implant (usually against the manufacturer) |
Formation of the Physician–Patient Relationship
The physician–patient relationship is a contractual and fiduciary relationship. It is typically formed when the physician agrees to treat the patient, and it creates a legal duty of care. The relationship can be formed by:
- Express agreement — scheduling an appointment, accepting a patient.
- Implied conduct — giving medical advice, writing a prescription, reviewing imaging.
- On-call duty — accepting call for the ED or a service establishes duty to covered patients.
- EMTALA obligation — hospitals with EDs owe a duty to anyone who presents.
Outside of EMTALA and limited "duty to rescue" statutes (Vermont, Minnesota, Rhode Island), there is generally no legal duty to treat a stranger. A physician who walks past a collapsed person on the street has no common-law duty to intervene — but if they do begin to help, they must do so non-negligently, and Good Samaritan statutes typically protect them.
Termination of the Relationship
Once formed, the physician–patient relationship may only be terminated in a way that does not constitute abandonment. Proper termination requires: written notice, a reasonable period of continued care (commonly 30 days) for emergencies, assistance identifying alternative providers, and transfer of records upon request. Abrupt unilateral termination during active treatment — especially during an acute illness — is a common source of liability.
Fiduciary Duties
The physician–patient relationship is fiduciary in character, meaning the physician owes the patient duties of good faith, loyalty, candor, and the placement of patient interests above the physician's own. Fiduciary duties give rise to several specific obligations: non-abandonment, confidentiality, disclosure of conflicts of interest, disclosure of adverse events, and avoidance of sexual or financial exploitation. Breach of fiduciary duty can be pled as a separate tort independent of negligence, and may allow recovery even when the traditional negligence framework is difficult to apply.
Duty to Disclose Adverse Events
A growing body of law (driven by The Joint Commission, CMS Conditions of Participation, state statutes, and fiduciary principles) requires physicians and institutions to disclose medical errors and adverse events to affected patients. Effective disclosure is prompt, honest, empathic, and followed by an explanation of what is being done to understand and prevent recurrence. Most states protect expressions of sympathy during disclosure from use as admissions of liability.
05 The Four Elements of Negligence
Medical malpractice is a specialized form of the tort of negligence. To prevail, a plaintiff must prove all four elements by a preponderance of the evidence. Failure on any single element defeats the claim.
The Four Elements — "Duty, Breach, Causation, Damages"
| Element | What the Plaintiff Must Prove | How It Is Established |
|---|---|---|
| Duty | A physician–patient relationship existed, giving rise to a duty of care | Documentation of treatment, on-call status, EMTALA obligation |
| Breach | The physician failed to meet the applicable standard of care | Expert testimony comparing care to that of a reasonably prudent physician |
| Causation | The breach caused the injury (both factual & proximate cause) | Expert testimony on "but-for" and foreseeability |
| Damages | The plaintiff suffered compensable harm | Medical records, economic records, testimony |
Duty → Dereliction (breach) → Direct cause → Damages. All four must be present for a malpractice case to succeed. This is one of the most frequently tested frameworks in medical ethics and law.
Duty
Duty arises from the physician–patient relationship. In the hospital setting, duty extends to the attending of record, the on-call physician, consultants who render opinions, residents under supervision (with vicarious liability flowing up to the attending and institution), and sometimes to covering physicians. A physician who merely happens to be on the hospital grounds but has not accepted the patient generally owes no duty.
Breach
Breach is the failure to meet the standard of care (see §06). The question is not whether the outcome was bad, but whether the conduct fell below what a reasonably prudent physician would have done under similar circumstances. A bad outcome does not prove breach — medicine is inherently uncertain, and known complications of properly performed procedures are not breaches.
Causation
Causation is the hardest element to prove in many cases. It has two components: cause in fact ("but-for" causation — but for the breach, the injury would not have occurred) and proximate cause (the harm was a reasonably foreseeable consequence of the breach). In loss-of-chance cases, plaintiffs argue that a delayed diagnosis reduced the probability of survival; courts are split on whether loss of chance is compensable.
Damages
Without damages, there is no malpractice case — even a clear breach that caused no harm is not actionable. Damages must be compensable injury (physical, economic, or non-economic). Pure emotional distress without physical injury is rarely actionable; purely theoretical risk is not enough.
Vicarious Liability
Under respondeat superior, employers are liable for the torts of employees acting within the scope of employment. Hospitals are typically liable for the negligence of employed nurses, residents, and staff physicians; they may also be liable for independent contractor physicians under the doctrine of apparent (ostensible) agency when the hospital holds the physician out as its agent and the patient reasonably relies on that representation. In academic medical centers, attendings supervise residents and may bear liability for failures of supervision even when the resident performed the act.
Corporate Negligence
Some states recognize a doctrine of corporate negligence under which a hospital may be directly liable for its own failures — negligent credentialing, negligent retention of known-dangerous staff, inadequate policies or equipment, or failure to enforce quality standards — independent of any individual physician's negligence. Corporate negligence claims survive even when individual defendants are dismissed.
06 Standard of Care & Expert Testimony
The standard of care is the legal yardstick against which physician conduct is measured. It is defined as the care that a reasonably prudent physician of similar training and experience would provide under similar circumstances. It is not perfection, nor is it "best practice" — it is reasonable, competent practice.
Historical Evolution
| Era | Standard | Implication |
|---|---|---|
| Early 20th century | "Locality rule" | Physicians judged against peers in the same town |
| Mid 20th century | "Similar locality rule" | Peers in comparable communities |
| Modern (most states) | "National standard" | Judged against peers nationally, especially for specialists |
The shift to a national standard reflects the universality of medical education, board certification, evidence-based guidelines, and continuing medical education. Specialists are universally held to a national specialty standard.
How the Standard Is Proved
The standard of care is almost always established by expert witness testimony. The expert must: (1) be qualified by training and experience in the same specialty; (2) be familiar with the applicable standard; (3) offer opinions to a reasonable degree of medical certainty; and (4) tie the breach to the injury. Courts use the Daubert standard (federal and most states) or the older Frye standard to assess whether expert testimony is scientifically reliable enough to be admitted.
Expert testimony is the primary vehicle, but experts rely on authoritative sources: published clinical guidelines (AHA, USPSTF, specialty society recommendations), peer-reviewed literature, textbooks, institutional policies and procedures, and the learned intermediary doctrine. Guidelines are strong but not absolute evidence of the standard — deviation requires clinical justification.
Specialty & "Same Specialty" Rules
Most states require the expert to practice in the same specialty as the defendant. A family physician cannot usually testify about the standard of care for a neurosurgeon, and vice versa. A general surgeon performing a routine procedure is typically held to the standard of a surgeon in that subspecialty if they hold themselves out as competent to do it.
Guidelines & Protocols
Published guidelines are increasingly influential but remain only evidence of the standard — they are not the standard itself. A physician who deviates from a guideline with documented clinical reasoning is generally defensible; a physician who deviates without reason is vulnerable.
Learned Intermediary Doctrine
Under the learned intermediary doctrine, drug and device manufacturers satisfy their duty to warn by warning the prescribing physician, who is expected to relay relevant information to the patient. This doctrine generally shields manufacturers from direct-to-patient warning claims (with narrow exceptions for contraceptives, direct-to-consumer advertised drugs, and vaccines covered by separate federal schemes). The doctrine places the physician at the center of informed consent for pharmaceuticals.
07 Causation, Damages & Res Ipsa Loquitur
But-For and Proximate Cause
Plaintiffs must show both that the breach was a but-for cause of the injury (the injury would not have happened absent the breach) and that the injury was a foreseeable consequence (proximate cause). In complex cases with multiple contributing causes, courts may apply a "substantial factor" test rather than strict but-for causation.
Loss of Chance Doctrine
In delayed-diagnosis cases (classically missed cancer), the patient may already have had a less-than-50% chance of survival. Under strict but-for causation, such patients could never recover. The loss-of-chance doctrine, adopted in many but not all states, permits recovery proportional to the lost probability of a better outcome.
Categories of Damages
| Type | Definition | Examples |
|---|---|---|
| Economic (special) | Quantifiable financial losses | Medical bills, lost wages, future care, rehabilitation |
| Non-economic (general) | Subjective harms | Pain and suffering, loss of consortium, disfigurement, loss of enjoyment of life |
| Punitive | Punish and deter egregious conduct | Reckless disregard, fraud; not available for ordinary negligence in most states |
Many states cap non-economic and/or punitive damages as part of tort reform (see §08). Economic damages are generally not capped.
Res Ipsa Loquitur
Res ipsa loquitur ("the thing speaks for itself") is a doctrine that allows an inference of negligence without direct expert testimony when: (1) the injury is of a kind that ordinarily does not occur without negligence; (2) the injury was caused by something within the defendant's exclusive control; and (3) the patient did not contribute to the injury. Classic examples include retained surgical instruments or sponges, wrong-site surgery, and injuries to body parts outside the surgical field.
(1) Injury would not ordinarily happen without negligence. (2) The instrumentality was in the defendant's exclusive control. (3) The patient did not contribute. When met, the burden effectively shifts to the defendant to explain what happened. This is a powerful plaintiff's tool in "never events."
Collateral Source Rule
Under the traditional collateral source rule, a defendant cannot reduce damages by pointing to payments the plaintiff received from other sources (health insurance, disability). Many tort-reform states have modified or abolished this rule, allowing juries to hear about collateral payments.
Foreseeability & Intervening Causes
Proximate cause limits liability to foreseeable harms and cuts off liability when a superseding intervening cause breaks the chain of causation. A bizarre, unforeseeable second event — for example, a patient discharged with appropriate instructions who is injured in an unrelated car crash on the way home — generally severs proximate cause. A foreseeable complication of the original negligence (infection, reoperation, drug reaction) does not.
08 Defenses & Tort Reform
Common Defenses to Malpractice
| Defense | Elements | Effect |
|---|---|---|
| No breach | Care met the standard | Complete defense |
| No causation | Injury would have occurred anyway | Complete defense |
| Contributory negligence | Any fault by the patient bars recovery (minority rule) | Complete defense in a few states |
| Comparative negligence | Patient's fault reduces recovery proportionally (majority rule) | Partial or total reduction depending on percentage |
| Assumption of risk | Patient knowingly accepted the risk of the complication | Strong defense when documented in consent |
| Statute of limitations | Suit filed too late | Complete defense |
| Good Samaritan | Emergency care rendered without expectation of compensation | Immunity from ordinary negligence (not gross negligence) |
| Charitable & governmental immunity | Sovereign entities protected (with exceptions) | Varies widely; FTCA for federal employees |
Contributory vs Comparative Negligence
In a shrinking minority of jurisdictions, pure contributory negligence bars recovery if the plaintiff bears any fault. Most states apply comparative negligence: pure comparative (recovery reduced by plaintiff's percentage of fault) or modified comparative (barred if plaintiff is more than 50% at fault).
Good Samaritan Laws
Every state has a Good Samaritan statute protecting health care providers who render emergency care outside of their usual practice. Protections vary but generally require: (1) emergency situation; (2) no pre-existing duty to treat; (3) no expectation of compensation; and (4) no gross negligence, willful misconduct, or reckless behavior. Good Samaritan protection generally does not extend to in-hospital emergencies where the physician already has a duty of care.
Volunteer Protection Act
The federal Volunteer Protection Act of 1997 shields volunteers of nonprofit organizations and governmental entities from liability for ordinary negligence committed within the scope of their volunteer duties. The VPA complements state Good Samaritan laws and is particularly relevant for physicians volunteering at free clinics, disaster response, medical missions, and community events. Gross negligence, willful misconduct, and conduct outside the scope of volunteer duties are not protected.
Tort Reform
Beginning in the 1970s, many states enacted tort reform measures aimed at reducing malpractice costs. Common elements:
- Caps on non-economic damages (typically $250,000–$750,000).
- Caps on punitive damages.
- Pre-suit screening panels requiring expert certification of merit before filing.
- Shortened statutes of limitation and statutes of repose.
- Periodic payment of future damages rather than lump sum.
- Modification of the collateral source rule.
- "I'm sorry" laws protecting physician apologies from being used as admissions.
A majority of states now protect physician expressions of sympathy or apology from being introduced as evidence of liability. The scope varies — some protect only expressions of sympathy ("I'm so sorry this happened"), while others also protect admissions of fault. These laws encourage open disclosure of adverse events without fear of creating evidence.
09 Legal Elements of Informed Consent
Informed consent is both an ethical cornerstone and a legal requirement. It is rooted in the doctrine of autonomy and enforced through two legal theories: battery (when no consent was obtained for a touching) and negligence (when consent was obtained but inadequately informed). The negligence theory dominates modern informed-consent litigation.
The Five Legal Elements
| Element | Requirement |
|---|---|
| Capacity | Patient is able to understand, appreciate, reason, and communicate a choice |
| Disclosure | Physician discloses diagnosis, proposed treatment, risks, benefits, alternatives, and risks of no treatment |
| Understanding | Patient actually comprehends the disclosure |
| Voluntariness | Decision is free from coercion or undue influence |
| Consent (or refusal) | Patient makes and communicates a decision |
Battery vs Negligence Framing
A procedure performed without any consent is legally a battery — an intentional tort. Classic battery examples: operating on the wrong patient or wrong side, performing a substantially different procedure than consented to, or treating a competent patient who has refused. A procedure performed with consent but inadequate disclosure is litigated as negligent informed consent, which requires proof that the undisclosed risk materialized and that a reasonable patient (or this patient) would have refused had it been disclosed.
Battery: no consent at all — the touching itself is unlawful, damages presumed. Negligent informed consent: consent obtained but disclosure was deficient — plaintiff must also prove causation and harm. The distinction is heavily tested.
Capacity Assessment in Consent
Capacity for consent is decision-specific: the threshold rises with the stakes of the decision. Consenting to a routine vaccination requires less understanding than consenting to a Whipple procedure. Capacity may be impaired by delirium, dementia, severe psychiatric illness, intoxication, metabolic derangement, and severe pain. Capacity is not impaired by disagreement with the physician, by unconventional values, or by a refusal the physician considers unwise. Clinicians assess capacity with a structured bedside interview covering the four elements (understanding, appreciation, reasoning, choice).
What Must Be Disclosed
- The diagnosis and its significance.
- The nature and purpose of the proposed treatment or procedure.
- Material risks and potential complications (those a reasonable patient would want to know).
- Expected benefits and likelihood of success.
- Reasonable alternatives, including their risks and benefits.
- Risks of no treatment.
- The identity of the treating physician, including trainee involvement where material.
Written vs Oral Consent
For most routine care, consent may be verbal. Written consent is required for surgery, invasive procedures, blood transfusions, anesthesia, HIV testing (in some states), research participation, and sterilization. A signed consent form is evidence of consent but not conclusive proof — courts scrutinize whether the process was adequate.
10 Disclosure Standards & Exceptions
The Two Disclosure Standards
| Standard | Measured By | Used In |
|---|---|---|
| Reasonable physician standard | What a reasonably prudent physician would disclose | Roughly half of states; older rule |
| Reasonable patient (materiality) standard | What a reasonable patient would want to know to make an informed decision | Majority of states; modern rule (Canterbury v. Spence) |
| Subjective patient standard | What this particular patient would want to know | Minority; rare and difficult to apply |
The reasonable patient (materiality) standard was articulated in the landmark federal case Canterbury v. Spence (1972) and adopted by a majority of states. Under this standard, physicians must disclose any risk that a reasonable patient would consider material to the decision, regardless of whether physicians customarily disclose it. A risk is generally material if it is either frequent (even if minor) or severe (even if rare).
Exceptions to the Disclosure Requirement
| Exception | Description |
|---|---|
| Emergency | Immediate treatment needed to save life or prevent serious harm in an incapacitated patient; consent is presumed |
| Incompetence / incapacity | Decision-maker surrogate consents on patient's behalf |
| Waiver | Patient explicitly and voluntarily declines information; must be documented |
| Therapeutic privilege | Physician withholds information that would cause serious psychological harm; narrow and disfavored |
| Court order | Treatment compelled by court (e.g., involuntary psychiatric care) |
| Public health | Mandatory vaccination, quarantine, involuntary TB treatment |
Therapeutic privilege permits withholding information only when disclosure would cause serious psychological harm — not merely discomfort, anxiety, or reluctance to consent. The exception is narrow, disfavored, and must be documented with clinical reasoning. Routine withholding of prognosis or diagnosis under this banner is not legally supportable.
Emergency Exception in Practice
In a true emergency, consent is presumed when: (1) the patient is unable to consent; (2) no authorized surrogate is immediately available; (3) the delay to obtain consent would endanger life or health; and (4) a reasonable person in the patient's position would likely consent. Once the emergency resolves, consent must be obtained for further care.
Consent for Procedures vs General Care
General consent forms signed at registration cover routine care (history, physical exam, basic labs) but do not substitute for specific informed consent for procedures with meaningful risk. Each invasive procedure, surgery, anesthesia, blood transfusion, and participation in research requires a separate informed consent process tailored to that intervention. Reliance on a blanket admission consent for a high-risk procedure is a common source of litigation.
Right to Refuse Treatment
A competent adult has a constitutional and common-law right to refuse any medical treatment, even life-sustaining treatment. This right was affirmed by the U.S. Supreme Court in Cruzan v. Director, Missouri Department of Health (1990). The physician's duty is to ensure that the refusal is informed, voluntary, and made by a competent patient; a refusal meeting these criteria must be honored even when the physician disagrees with the decision.
11 Minors, Capacity & Surrogate Consent
Capacity vs Competency
Competency is a legal determination made by a court. Capacity is a clinical determination made by a physician at the bedside. An adult is presumed to have capacity unless clinical assessment demonstrates otherwise. Capacity is decision-specific and time-specific — a patient may have capacity to refuse a flu shot but not to consent to a complex surgery, and capacity may fluctuate with delirium, sedation, or pain.
The Four Elements of Decisional Capacity
| Element | What the Patient Must Do |
|---|---|
| Understanding | Comprehend the relevant information |
| Appreciation | Apply the information to their own situation |
| Reasoning | Manipulate information logically to weigh options |
| Expression of choice | Communicate a stable preference |
Minors & Consent
Minors (usually under 18) generally cannot consent to their own medical care; parents or legal guardians must consent on their behalf. Several important exceptions exist:
| Category | Definition | Consent Rule |
|---|---|---|
| Emancipated minor | Legally independent (married, in military, court-declared, financially independent, parent) | May consent to all care |
| Mature minor | Adolescent judged mature enough for a specific decision | Recognized in some states for specific (usually minor) decisions |
| Minor treatment statutes | State-authorized categories | Minors may consent to STI testing/treatment, contraception, prenatal care, substance-abuse treatment, outpatient mental health (varies by state) |
| Emergency | Life or limb at risk | Treat; do not delay care for parental consent |
Surrogate Decision-Making Hierarchy
When an adult patient lacks capacity, decisions are made by a surrogate. Most states have default surrogate hierarchies (the order varies):
- Court-appointed guardian (if one exists).
- Agent under a durable power of attorney for health care.
- Spouse (or domestic partner in some states).
- Adult children (acting by majority).
- Parents.
- Adult siblings.
- Other relatives or close friend.
Standards for Surrogate Decisions
| Standard | Description | When Used |
|---|---|---|
| Expressed wishes | Follow the patient's known, specific prior statements | First preference when available |
| Substituted judgment | Choose what the patient would have chosen based on their values | When specific wishes unknown |
| Best interests | Choose what most people would consider best | Never-capacitated patients, unknown values |
Guardianship & Conservatorship
When a patient lacks capacity and has no advance directive, no authorized surrogate, and decisions must be made over time, a court may appoint a guardian (for personal and medical decisions) or conservator (for financial decisions). Guardianship proceedings require due process: notice, right to counsel, an evidentiary hearing, and a finding by clear and convincing evidence of incapacity. Courts favor limited guardianship tailored to specific decisions rather than plenary guardianship, to preserve as much of the patient's autonomy as possible.
Disagreement Between Surrogates
When equally ranked surrogates disagree (for example, adult children split on withdrawal of life support), state law usually requires majority agreement or, failing that, resort to an ethics committee or court. Hospitals typically have internal ethics consultation processes to mediate family disputes; unresolved disputes end in judicial proceedings.
12 HIPAA Privacy Rule
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), together with its implementing regulations, is the federal framework for protecting patient health information. HIPAA does not preempt stricter state laws — it sets a national floor. The HITECH Act (2009) strengthened HIPAA by expanding breach notification, increasing penalties, and applying many rules directly to business associates.
Key HIPAA Rules
| Rule | Scope |
|---|---|
| Privacy Rule | How PHI may be used and disclosed; patient rights |
| Security Rule | Administrative, physical, and technical safeguards for ePHI |
| Breach Notification Rule | Notification requirements after a breach of unsecured PHI |
| Enforcement Rule | Investigation, penalties, and hearings |
| Omnibus Rule (2013) | HITECH implementation; extends to business associates |
Who Is Covered?
HIPAA applies to covered entities: (1) health plans, (2) health care clearinghouses, and (3) health care providers who transmit health information electronically in connection with a standard transaction (essentially all modern providers). It also applies indirectly to business associates (billing companies, EHR vendors, cloud providers, attorneys handling PHI) through business associate agreements (BAAs) and, since HITECH, directly by statute.
What Is Protected Health Information (PHI)?
PHI is any individually identifiable health information created or received by a covered entity that relates to past, present, or future physical or mental health, provision of care, or payment for care. The 18 HIPAA identifiers include name, address, dates, phone, email, SSN, medical record number, health plan beneficiary number, device identifiers, IP address, biometrics, full-face photos, and any unique code that could re-identify.
Permitted Uses & Disclosures without Authorization
| Category | Examples |
|---|---|
| Treatment | Sharing with consultants, transitions of care, pharmacies |
| Payment | Billing insurers, prior authorization, collections |
| Health care operations | Quality improvement, credentialing, audits, training |
| Required by law | Court orders, subpoenas (with process), mandatory reporting |
| Public health activities | Communicable disease reporting, FDA adverse events |
| Law enforcement | Limited: identification, victim info, crimes on premises, deaths |
| Research | With IRB waiver or patient authorization |
| Avert serious threat | To prevent imminent harm to identified persons |
| Facility directory | Name, general condition, location (unless patient opts out) |
Minimum Necessary Rule
Except for treatment disclosures, covered entities must make reasonable efforts to use or disclose only the minimum necessary PHI to accomplish the purpose. The minimum-necessary rule does not apply to disclosures for treatment, to the patient, to HHS for compliance investigation, or when authorized by the patient.
HIPAA permits disclosure without patient authorization for Treatment, Payment, and health care Operations. Almost every routine clinical disclosure falls into one of these three buckets. If a disclosure does not fit TPO or another specific exception, you generally need patient authorization.
13 Security Rule & Breach Notification
Security Rule
The HIPAA Security Rule governs electronic PHI (ePHI) and requires covered entities and business associates to implement administrative, physical, and technical safeguards:
| Safeguard Category | Examples |
|---|---|
| Administrative | Risk analysis, workforce training, access management, contingency plans, BAAs |
| Physical | Facility access controls, workstation security, device and media controls |
| Technical | Access controls, audit logs, integrity controls, transmission encryption |
Breach Notification Rule
A breach is the acquisition, access, use, or disclosure of unsecured PHI in a manner not permitted by the Privacy Rule that compromises its security or privacy. "Unsecured" PHI means PHI that is not encrypted or destroyed to the standards set by HHS — properly encrypted data that is lost is generally not considered a reportable breach.
Notification Timelines
| Recipient | Trigger | Deadline |
|---|---|---|
| Affected individuals | Any breach of unsecured PHI | Without unreasonable delay; no later than 60 days |
| HHS (OCR) | Breach affecting fewer than 500 | Annual log, within 60 days of year-end |
| HHS (OCR) | Breach affecting 500+ | Without unreasonable delay; no later than 60 days |
| Media | Breach affecting 500+ in a state or jurisdiction | Without unreasonable delay; no later than 60 days |
Civil & Criminal Penalties
| Tier | Culpability | Penalty per Violation |
|---|---|---|
| Tier 1 | Unknowing — no reasonable knowledge | ~$100–$50,000 |
| Tier 2 | Reasonable cause, not willful neglect | ~$1,000–$50,000 |
| Tier 3 | Willful neglect, corrected within 30 days | ~$10,000–$50,000 |
| Tier 4 | Willful neglect, not corrected | ~$50,000+ |
| Criminal | Knowing disclosure for personal gain or malice | Up to $250,000 and 10 years prison |
Annual caps and inflation adjustments apply. Individual employees can also face criminal prosecution under HIPAA.
Encryption as a Safe Harbor
PHI that has been encrypted and the encryption key has not been compromised is generally not considered "unsecured" under the Breach Notification Rule. Lost or stolen encrypted laptops, for example, are typically not reportable breaches, provided proper encryption standards (meeting NIST specifications) were used. Encryption is the single most important technical safeguard against breach liability.
Risk Assessment & the Four-Factor Test
After any impermissible use or disclosure of PHI, covered entities must assess whether a breach has occurred using a four-factor test: (1) the nature and extent of the PHI involved, including identifiers and likelihood of re-identification; (2) the unauthorized person who used or received the PHI; (3) whether the PHI was actually acquired or viewed; and (4) the extent to which the risk has been mitigated. Unless the entity can demonstrate a low probability of compromise, breach notification is required.
14 Patient Rights & Disclosures
Individual Rights Under HIPAA
| Right | Description |
|---|---|
| Access | Right to inspect and obtain a copy of PHI in the designated record set |
| Amendment | Right to request correction of inaccurate or incomplete PHI |
| Accounting of disclosures | Right to a list of non-routine disclosures made in the prior 6 years |
| Restriction | Right to request restrictions on uses and disclosures (must be honored if patient pays out of pocket and requests restriction from insurer) |
| Confidential communications | Right to request communication by specific means or at specific locations |
| Notice of Privacy Practices | Right to receive the organization's privacy notice |
| Complaint | Right to file a complaint with HHS-OCR |
Personal Representatives
HIPAA treats a patient's legal personal representative as the patient for purposes of access and authorization. A parent is generally the personal representative of a minor child (with exceptions where state law allows the minor to consent); a spouse or next of kin may be the personal representative of a deceased patient; a health care agent under a DPOA is typically a personal representative for decisions within the agent's authority. Recognizing the correct personal representative is a common compliance issue.
Authorization vs Consent
HIPAA distinguishes consent (a general agreement to the use of PHI for TPO, not required by federal law) from authorization (a specific, signed document permitting use or disclosure for purposes outside TPO). Authorization is required for: marketing, most research, sale of PHI, psychotherapy notes (with narrow exceptions), and most disclosures to third parties other than those specifically permitted.
Psychotherapy Notes
Psychotherapy notes receive heightened protection under HIPAA. These are notes recorded by a mental health professional documenting the content of a counseling session, kept separate from the rest of the medical record. They generally require specific written authorization for disclosure, even for most TPO purposes, with narrow exceptions (the originator's use, supervision, legal defense of the provider, HHS oversight, or to avert serious threat).
Subpoenas & Court Orders
| Legal Process | HIPAA Response |
|---|---|
| Court order (signed by judge) | Comply with what the order specifies |
| Subpoena (not court-ordered) | Disclose only with either patient authorization, satisfactory assurance of notice, or protective order |
| Grand jury subpoena | Comply as required by law |
| Administrative subpoena | Comply if authorized by law and relevant |
A subpoena signed only by an attorney is not a court order. Before releasing PHI in response to an attorney's subpoena, covered entities must confirm either patient authorization, evidence of reasonable notice to the patient, or a protective order. Blind compliance is a common HIPAA violation.
15 State Privacy Laws & Heightened Protections
HIPAA sets a federal minimum, but many categories of information receive heightened protection under state or federal law and require specific authorization even for routine disclosures.
Categories with Heightened Protection
| Category | Source | Key Rule |
|---|---|---|
| Substance use treatment records | 42 CFR Part 2 (federal) | Specific written consent even for TPO; stricter than HIPAA |
| Mental health & psychotherapy notes | HIPAA + state law | Separate authorization required |
| HIV/AIDS status | State statutes | Specific written consent; may limit even internal sharing |
| Genetic information | GINA (federal) | Employers and insurers prohibited from discriminating based on genetic info |
| STI records | State statutes | Often requires specific consent; minors may consent themselves |
| Reproductive health | Evolving state law | Increasingly protected or restricted depending on jurisdiction |
42 CFR Part 2
Federal regulations at 42 CFR Part 2 govern records of federally assisted substance use disorder treatment programs. These rules are stricter than HIPAA: they require specific written consent for almost any disclosure, including disclosures for treatment outside the Part 2 program. Recent amendments have moved Part 2 closer to HIPAA alignment, but significant differences remain.
GINA — Genetic Information Nondiscrimination Act
GINA (2008) prohibits health insurers and employers from using genetic information to make decisions about coverage, hiring, firing, promotion, or compensation. It does not cover life insurance, disability insurance, or long-term care insurance, which remain regulated by state law.
16 EMTALA: Screening, Stabilization, Transfer
The Emergency Medical Treatment and Active Labor Act (EMTALA), enacted in 1986 as part of COBRA, was Congress's response to "patient dumping" — hospitals transferring or refusing care to uninsured patients. EMTALA applies to hospitals with emergency departments that participate in Medicare (essentially all U.S. hospitals) and imposes three core obligations.
The Three EMTALA Obligations
| Obligation | Requirement |
|---|---|
| 1. Medical screening examination (MSE) | Provide an appropriate MSE to any individual who comes to the ED seeking examination or treatment, to determine whether an emergency medical condition (EMC) exists |
| 2. Stabilizing treatment | If an EMC exists, provide treatment within the hospital's capability to stabilize the patient |
| 3. Appropriate transfer | If stabilization requires capabilities beyond the hospital, perform an "appropriate transfer" to a facility that can provide care |
Key Definitions
- Comes to the ED: On hospital property or within 250 yards of the main hospital building, or in a hospital-owned ambulance.
- Emergency medical condition (EMC): Condition manifesting acute symptoms such that absence of immediate medical attention could reasonably result in serious jeopardy to health, serious impairment of bodily function, or serious dysfunction of any organ. Active labor counts.
- Stabilized: No material deterioration is likely during transfer.
- Appropriate transfer: Sending hospital has done what it can, receiving hospital accepts, records are sent, qualified personnel and equipment accompany the patient, and the patient (or surrogate) consents.
What EMTALA Requires and Forbids
(1) Screen every patient who comes to the ED — no insurance check first. (2) Provide stabilizing treatment within hospital capabilities. (3) Do not transfer an unstable patient unless benefits outweigh risks and the patient (or surrogate) requests or accepts the transfer. (4) Do not delay screening or stabilization to inquire about insurance or ability to pay.
On-Call Obligations
Hospitals must maintain an on-call list of physicians in specialties relevant to their services. On-call physicians have an EMTALA duty to come to the hospital when called to assist with an EMC. Failure of on-call specialists to respond is a common source of EMTALA citations, for both the physician and the hospital.
Penalties
| Entity | Penalty |
|---|---|
| Hospital | Civil monetary penalties per violation; termination from Medicare for serious/repeated violations |
| Physician | Civil monetary penalties per violation; potential exclusion from Medicare |
| Patient | Private right of action for personal harm caused by EMTALA violation |
Transfers — Certification Requirement
Before transferring an unstable patient under EMTALA, the physician must certify in writing that the benefits of transfer outweigh the risks. The certification must identify the specific medical risks of transfer and the reasons the transfer is nonetheless in the patient's best interest. Receiving hospitals with specialized capabilities cannot refuse an appropriate transfer if they have the capacity to accept it; refusal can itself be an EMTALA violation (the "reverse dumping" rule).
Psychiatric Emergencies Under EMTALA
Psychiatric emergencies are EMCs under EMTALA. Hospitals must screen, stabilize to the point that the patient is no longer a danger to self or others, and appropriately transfer to a psychiatric facility if inpatient care is needed. Holding a suicidal patient in a medical ED without psychiatric evaluation, or discharging without appropriate disposition, creates EMTALA exposure as well as malpractice risk.
Labor & EMTALA
A woman in labor is considered to have an EMC until delivery of the baby and placenta. Transferring a woman in active labor before delivery is presumptively inappropriate unless the benefits of transfer (higher level of care for mother or infant) outweigh the risks, and unless the receiving hospital is willing and able to accept her. Failing to provide delivery services or transferring inappropriately is a classic EMTALA violation.
17 Fraud & Abuse: Stark, Anti-Kickback, FCA
Federal fraud and abuse laws police the financial relationships between physicians, hospitals, and payers. They are strictly enforced, carry severe penalties, and can apply even in the absence of patient harm.
Stark Law (Physician Self-Referral)
The Stark Law prohibits physicians from referring Medicare/Medicaid patients for "designated health services" (imaging, lab, DME, PT/OT, home health, inpatient/outpatient hospital services, and others) to entities with which the physician or an immediate family member has a financial relationship, unless an exception applies. Stark is a strict liability statute — intent is irrelevant. Violations trigger denial of payment, refund obligations, and civil monetary penalties.
Anti-Kickback Statute (AKS)
The Anti-Kickback Statute is a criminal law prohibiting knowing and willful offering, paying, soliciting, or receiving of remuneration to induce or reward referrals of items or services reimbursable by a federal health care program. Unlike Stark, AKS requires intent, but intent can be inferred. Statutory "safe harbors" protect certain arrangements (bona fide employment, personal services contracts, space rentals meeting specific requirements). Penalties include criminal fines, imprisonment up to 10 years, civil penalties, and exclusion from federal programs.
False Claims Act (FCA) & Qui Tam
The False Claims Act imposes civil liability on anyone who knowingly submits a false claim for payment to the federal government. Penalties include treble damages and per-claim fines. A key feature is the qui tam provision, which allows private citizens (relators, typically employees or competitors) to sue on behalf of the government and receive 15–30% of any recovery. Whistleblower protections shield relators from retaliation.
Qui Tam in Practice
Qui tam suits are a primary mechanism for enforcement of the False Claims Act in health care. A relator (often an employee) files the complaint under seal, and the government investigates and decides whether to intervene. If the government intervenes, the case typically settles for substantial sums; if it declines, the relator may pursue it privately. Whistleblower protections include reinstatement, double back pay, and attorney's fees for retaliation.
Comparison
| Law | Scope | Intent | Penalties |
|---|---|---|---|
| Stark | Physician self-referral for DHS | Strict liability | Denial of payment, refunds, CMP |
| Anti-Kickback | Kickbacks for federal health program referrals | Knowing & willful | Criminal fines, prison, CMP, exclusion |
| False Claims Act | False claims to federal government | Knowing (incl. reckless disregard) | Treble damages + per-claim fines; qui tam |
| Civil Monetary Penalties Law | Various improper billing, inducements to beneficiaries | Varies | Administrative fines, exclusion |
18 Communicable & Occupational Diseases
Mandatory reporting laws require physicians to report certain conditions and events to public health authorities, licensing boards, or law enforcement. The categories and specifics vary by state, but the general framework is consistent. Reporting obligations are an exception to confidentiality and cannot be waived by the patient.
Reportable Communicable Diseases (Representative)
| Category | Examples |
|---|---|
| Vaccine-preventable | Measles, mumps, rubella, pertussis, polio, diphtheria, tetanus |
| STIs | Syphilis, gonorrhea, chlamydia, chancroid; HIV reporting varies by state |
| Foodborne/waterborne | Salmonella, Shigella, Cholera, E. coli O157:H7, Listeria, Hepatitis A |
| Vector-borne | Lyme, West Nile, Zika, Dengue, Rocky Mountain spotted fever, malaria |
| Respiratory | TB, Legionellosis, novel influenza, SARS, MERS, COVID-19 |
| Hepatitis | Hepatitis B, Hepatitis C (acute, sometimes chronic) |
| Bioterrorism-related | Anthrax, smallpox, plague, tularemia, botulism, viral hemorrhagic fevers |
| Other | Meningococcal disease, rabies exposure, Creutzfeldt-Jakob disease |
Reporting Timelines
Urgent conditions (suspected bioterrorism agents, measles, meningococcal disease, novel respiratory pathogens) typically must be reported immediately by phone. Routine reportable conditions may be reported in writing within 24–72 hours or weekly, depending on the state. Each state publishes a list of reportable conditions and timelines through its department of health.
Federal Public Health Authorities
| Agency | Role |
|---|---|
| CDC | Aggregates nationally notifiable disease data via state health departments; coordinates outbreak response |
| FDA / MedWatch | Voluntary adverse event reporting for drugs and devices; mandatory for manufacturers |
| VAERS | Vaccine Adverse Event Reporting System; joint CDC/FDA; reporting of serious events required for providers |
| NIOSH | Occupational illness surveillance and research |
| HHS Secretary | Declares public health emergencies, authorizes PREP Act immunity, coordinates quarantine and isolation |
Cancer & Registry Reporting
All 50 states mandate reporting of new cancer cases to a state cancer registry, which feeds into the national SEER program. Hospitals typically report via tumor registrars, but physicians in outpatient settings may have direct reporting obligations. Birth defects registries and trauma registries operate similarly.
Occupational Disease & Injury
Many states require reporting of occupational diseases (silicosis, asbestosis, occupational asthma, lead poisoning) and serious occupational injuries. Federal OSHA has separate recordkeeping and reporting rules for employers.
Vital Statistics
| Event | Who Reports | Timing |
|---|---|---|
| Birth | Attending clinician / hospital | Within days |
| Death | Attending or certifying clinician | Usually within 24–72 hours |
| Fetal death / stillbirth | Attending clinician / hospital | Per state rule |
| Suspicious or unnatural death | Reported to coroner / ME for investigation | Immediately |
19 Abuse, Violence & Public Safety Reporting
Child Abuse & Neglect
All 50 states mandate that physicians and other health care providers report suspected child abuse or neglect to child protective services or law enforcement. The standard is reasonable suspicion, not proof. Reporters acting in good faith are immune from civil and criminal liability; failure to report can result in criminal charges, licensure action, and civil liability. Reports must generally be made immediately by phone with written follow-up.
Elder & Vulnerable Adult Abuse
Most states mandate reporting of suspected abuse, neglect, or financial exploitation of elders or vulnerable adults. Reports typically go to Adult Protective Services (APS). Competent adults may sometimes refuse intervention, but reporting obligations still apply; the patient's wishes govern what APS can do after the report.
Domestic & Intimate Partner Violence
State rules vary widely. Only a minority of states require reporting of adult domestic violence to law enforcement; most require documentation and universal screening but defer to the competent adult's wishes regarding police involvement. States that do mandate reporting typically require it for injuries from weapons or serious harm.
Injury Reporting
| Category | Rule |
|---|---|
| Gunshot wounds | Reportable to law enforcement in nearly all states, regardless of patient preference |
| Stab wounds from assault | Reportable in most states |
| Burns from criminal conduct | Reportable in many states |
| Animal bites | Reportable for rabies surveillance |
| Deaths by unnatural causes | Reportable to coroner / ME |
Impaired Drivers
Rules vary. A few states (e.g., California) mandate reporting of drivers with conditions affecting consciousness (seizures, certain dementias); others (e.g., New York, Pennsylvania) permit but do not require reporting. Physicians should know their state's specific rules and document the discussion of driving restrictions with any at-risk patient.
Impaired Colleagues
Most state medical practice acts require physicians to report impaired colleagues (substance use, mental illness affecting practice, cognitive decline) to the state medical board or a designated physician health program (PHP). These laws often confer immunity for good-faith reports and sometimes impose sanctions for failure to report.
Duty to Warn Third Parties
The Tarasoff doctrine (from Tarasoff v. Regents of the University of California, 1976) imposes a duty on mental health providers (and sometimes other physicians) to take reasonable steps to protect identifiable third parties from serious threats made by a patient. Depending on jurisdiction, the duty may be satisfied by warning the victim, notifying police, initiating civil commitment, or intensifying treatment.
Every mandatory reporting statute comes with immunity for good-faith reports. Physicians who report suspected abuse, impaired colleagues, or reportable conditions in good faith are protected from civil and criminal liability even if the suspicion turns out to be wrong. The risk is in failing to report, not in reporting.
Sentinel Events & Adverse Event Reporting
In addition to public-safety reporting, many states and The Joint Commission require institutions to report sentinel events — serious, unexpected patient safety events involving death or serious harm. The federal Patient Safety and Quality Improvement Act (PSQIA, 2005) creates Patient Safety Organizations (PSOs) and confers privilege and confidentiality on information reported to them, encouraging disclosure for learning purposes without litigation exposure.
20 Advance Directives & Surrogate Decision-Making
Advance directives are legal instruments that allow competent adults to document their wishes for future medical care in the event they lose capacity. They are governed primarily by state law, with a federal framework provided by the Patient Self-Determination Act (PSDA, 1990), which requires hospitals and other Medicare/Medicaid providers to inform patients of their rights to formulate advance directives and to document whether they have done so.
Types of Advance Directives
| Instrument | Function | When It Operates |
|---|---|---|
| Living will | Written statement of treatment preferences | When patient lacks capacity and (usually) has terminal or irreversible condition |
| Durable power of attorney for health care (DPOA-HC) | Appoints a health care agent/proxy | Whenever patient lacks capacity |
| Health care proxy | Similar to DPOA-HC (terminology varies by state) | Whenever patient lacks capacity |
| POLST / MOLST | Physician-signed actionable medical orders for current treatment | Immediately, across care settings (like any medical order) |
| DNR / DNAR / AND | Order not to attempt CPR | Current hospitalization (some states honor out-of-hospital DNR) |
| Five Wishes | User-friendly directive valid in most states | When patient lacks capacity |
POLST / MOLST
Physician (or Provider) Orders for Life-Sustaining Treatment (POLST, MOLST, or POST depending on state) is a physician-signed, portable medical order set for seriously ill patients. Unlike a living will — which is a statement of wishes that must be interpreted — POLST is an active medical order immediately followable by EMS, nursing homes, and hospitals. It typically specifies CPR status, level of intervention (comfort, limited, full), and preferences regarding artificial nutrition and hydration.
Default Surrogate Statutes
When a patient has no advance directive and lacks capacity, almost every state has a default surrogate statute identifying the order of priority for surrogate decision-makers (see §11). These typically start with a court-appointed guardian and proceed through spouse, adult children, parents, adult siblings, and other close relatives or friends.
Patient Self-Determination Act (PSDA)
The PSDA, enacted in 1990, requires hospitals, nursing homes, hospices, home health agencies, and HMOs participating in Medicare and Medicaid to: (1) provide written information to each adult patient about the right to make advance directives; (2) document in the medical record whether the patient has an advance directive; (3) not discriminate based on whether a patient has executed one; (4) comply with state law regarding directives; and (5) provide education for staff and community on advance directives. The PSDA does not create substantive rights but ensures that existing state-law rights are communicated and honored.
Hierarchy of Decision-Making Authority
- Competent patient's current expressed wishes.
- Known prior expressed wishes (living will, written statements, verbal statements).
- Health care agent exercising substituted judgment.
- Default surrogate under state statute.
- Best interests standard if wishes and values unknown.
21 Brain Death, Futility & Aid in Dying
Determination of Death
Under the Uniform Determination of Death Act (UDDA), adopted by every state, an individual is dead if either: (1) irreversible cessation of circulatory and respiratory functions, or (2) irreversible cessation of all functions of the entire brain, including the brainstem. Both forms of death are legally equivalent. Clinical determination of brain death follows specific criteria (coma, absence of brainstem reflexes, apnea test), with required confirmatory findings and waiting periods varying by institutional and state protocols.
Brain Death Controversy
Brain death is legally equivalent to death in every U.S. jurisdiction, but a small number of families have resisted that determination on religious or personal grounds. New Jersey's brain death statute provides a narrow religious exemption; New York requires "reasonable accommodation" of religious objection in clinical practice. Most states provide no exemption. Physicians should follow their institution's protocol for brain death determination scrupulously, document carefully, and engage risk management and ethics consultation in contested cases.
Brain Death vs Persistent Vegetative State
| Feature | Brain Death | Persistent Vegetative State |
|---|---|---|
| Brainstem function | Absent | Present |
| Respiration (off vent) | Absent (apnea) | Present |
| Sleep-wake cycles | Absent | Present |
| Legal status | Dead | Alive |
| Withdrawal of support | Not withdrawal — patient is dead | Withdrawal decision governed by advance directive or surrogate |
Futility
Medical futility is a contested legal and ethical concept. A minority of states (notably Texas under the Texas Advance Directives Act) have statutory futility procedures allowing hospitals to withdraw life-sustaining treatment over family objection after a formal process. Most states resolve futility disputes through ethics consultation, second opinions, transfer offers, and, if necessary, court petition.
Withdrawing vs Withholding Treatment
Legally and ethically, withdrawing life-sustaining treatment is equivalent to withholding it. The U.S. Supreme Court has recognized a competent adult's right to refuse any treatment, including ventilators, dialysis, nutrition, and hydration (Cruzan, 1990). A patient on a ventilator who later decides to discontinue it has the same right as a patient who refuses it in the first place.
Physician Aid in Dying
A growing number of states permit medical aid in dying (MAID) — a physician prescribing a lethal dose of medication that a terminally ill, competent adult may self-administer. Requirements (modeled on the Oregon Death with Dignity Act) typically include:
- Adult resident of the state.
- Terminal illness with prognosis of 6 months or less.
- Decisional capacity confirmed by the attending and a consulting physician.
- Two oral requests separated by a waiting period plus a written request.
- Self-administration of the medication.
- Voluntary opt-in for physicians and pharmacists.
Physician aid in dying is legally distinct from euthanasia (physician administration of a lethal agent), which is not permitted in any U.S. jurisdiction. The U.S. Supreme Court in Washington v. Glucksberg and Vacco v. Quill (both 1997) held that there is no federal constitutional right to physician-assisted death but that states remain free to permit it.
Withdrawal of unwanted treatment is legal everywhere and rests on the patient's right to refuse care. Double effect (giving adequate analgesia even at risk of hastening death) is legal everywhere when the primary intent is symptom relief. Physician aid in dying is legal only in specific jurisdictions and only under statutory safeguards. Euthanasia (physician-administered lethal agent) is not legal anywhere in the U.S.
Doctrine of Double Effect
The doctrine of double effect, long accepted in both ethics and law, holds that an action producing a foreseeable but unintended harmful side effect is permissible if: (1) the act itself is morally neutral or good; (2) the intent is the good effect, not the harmful one; (3) the harmful effect is not the means to the good effect; and (4) the good outweighs the harm. In palliative care this justifies the use of opioids and sedatives at doses needed to control symptoms even if they may hasten death. Double effect is distinct from aid in dying because intent and causal structure differ.
Conscientious Objection
Federal and state laws provide varying degrees of protection for physicians and institutions that decline to participate in procedures they find morally objectionable (abortion, sterilization, aid in dying). These protections are not absolute: physicians still owe duties of emergency care, nondiscrimination, referral to willing providers, and honest disclosure of options. The scope of conscience protections varies significantly by jurisdiction.
22 Organ Donation & Medical Examiner Cases
Uniform Anatomical Gift Act (UAGA)
Organ donation in the United States is governed by the Uniform Anatomical Gift Act (UAGA), adopted in some form by every state. Under the UAGA, a competent adult may donate any or all organs and tissues upon death through a driver's license designation, donor registry, advance directive, or will. A first-person authorization is generally binding and cannot be overridden by family objection.
Required Request & Routine Referral
Federal law (through CMS Conditions of Participation) requires hospitals to notify their local Organ Procurement Organization (OPO) of all imminent deaths and cardiac deaths. The OPO, not the treating team, approaches the family about donation — this separation reduces conflict of interest and improves donation rates.
Dead Donor Rule
The dead donor rule is a foundational principle requiring that donors must be dead (by either circulatory or neurologic criteria) before vital organs are removed, and that the act of procurement must not cause death. It distinguishes ethical organ donation from killing.
Donation After Circulatory Death (DCD)
DCD permits organ recovery after withdrawal of life-sustaining treatment in patients who do not meet brain death criteria, following circulatory arrest and a waiting period (typically 2–5 minutes). DCD protocols are legally controlled and carefully designed to ensure the dead donor rule is respected.
First-Person Consent & Family Override
Under the UAGA, a competent adult's documented decision to donate is legally binding and cannot be overridden by family after death. In practice, OPOs and hospitals may nonetheless decline to proceed over strong family objection, both because of compassionate concerns and because of public trust in the donation system. Physicians should document the patient's known wishes carefully and involve the OPO early.
Medical Examiner & Coroner Cases
State law defines which deaths must be reported to a coroner or medical examiner. Common categories:
- Deaths from apparent trauma, violence, suicide, or homicide.
- Unexpected or unexplained deaths.
- Deaths within 24 hours of hospital admission.
- Deaths during or shortly after surgical or diagnostic procedures.
- Deaths in custody.
- Deaths of unidentified persons.
- Suspected drug overdose or poisoning.
- Workplace and motor vehicle deaths.
- Public health hazards.
In ME cases, the body and evidence become the property of the ME, and the attending physician does not sign the death certificate. The ME may order an autopsy without family consent.
Autopsy
Non-ME autopsies require consent of the legal next of kin (hierarchy similar to surrogate hierarchy). Autopsy findings generally belong to the institution performing them, with a copy provided to the family and referring physician.
23 Licensing, Scope of Practice & Credentialing
Medical Licensure
Medical licensure is a state function. Each state medical board sets requirements for initial licensure and ongoing practice: graduation from an accredited medical school, completion of USMLE (or COMLEX for DOs), postgraduate training (varies), background check, and payment of fees. Licensure is required to practice in a state regardless of where the physician trained.
Reciprocity & the Interstate Medical Licensure Compact
Historically, physicians had to apply separately in each state. The Interstate Medical Licensure Compact (IMLC), adopted by a majority of states, streamlines licensure for eligible physicians by allowing them to apply through a single process and receive expedited licensure in participating states. Each license is still a state license subject to state law.
Telemedicine Licensure
The prevailing rule is that telemedicine is practiced in the patient's state, so the physician must be licensed where the patient is located at the time of the encounter. Temporary waivers expanded telemedicine flexibility during the COVID-19 public health emergency, but most have expired and the baseline rule has reasserted itself.
Scope of Practice
| Provider | Scope | Supervision |
|---|---|---|
| Physician (MD/DO) | Full scope within license | None (subject to credentialing) |
| Nurse Practitioner (NP) | Varies: full-practice, reduced, or restricted by state | None to collaborative agreement to supervision |
| Physician Assistant (PA) | Practice agreement with supervising physician | Supervision (varies by state) |
| Certified Nurse Midwife | Obstetric and gynecologic care | Varies by state |
| CRNA | Anesthesia services | Physician oversight varies by state and facility |
| Psychologist / LCSW | Psychotherapy, testing; prescribing restricted | State-dependent |
Credentialing & Privileging
Each hospital independently determines which physicians may practice at its facility (credentialing) and what procedures they may perform (privileging). Credentialing reviews training, licensure, malpractice history, NPDB reports, peer references, and board certification. Privileges are granted by specialty and procedure and must be supported by training and experience.
Peer Review & HCQIA
The Health Care Quality Improvement Act of 1986 (HCQIA) grants immunity from private damages suits to participants in good-faith peer review conducted in accordance with due-process standards. HCQIA also created the National Practitioner Data Bank (NPDB), to which hospitals, malpractice insurers, and state boards must report adverse actions.
Maintenance of Licensure & Certification
Most state boards require ongoing Continuing Medical Education (CME) as a condition of licensure renewal. The American Board of Medical Specialties (ABMS) and its member boards administer Maintenance of Certification (MOC), typically comprising professional standing, lifelong learning, assessment, and improvement in practice. MOC is not a legal licensure requirement, but hospitals, insurers, and groups often require current board certification for credentialing or reimbursement. A growing number of states have passed laws prohibiting MOC as a licensing condition while leaving it as a private credentialing criterion.
Reportable Events to NPDB
| Event | Reporter |
|---|---|
| Malpractice payment on behalf of a physician | Insurer or self-insured entity |
| Adverse licensure action | State medical board |
| Adverse clinical privilege action >30 days | Hospital |
| Adverse professional society membership action | Society |
| DEA action | DEA |
| Medicare/Medicaid exclusion | HHS-OIG |
24 Controlled Substances, PDMPs & DEA
Prescribing controlled substances is among the most heavily regulated activities in medicine. Enforcement is aggressive, and errors can result in criminal prosecution, loss of DEA registration, and loss of medical licensure.
Controlled Substances Act Schedules
| Schedule | Abuse Potential | Medical Use | Examples |
|---|---|---|---|
| Schedule I | High | None accepted in U.S. | Heroin, LSD, cannabis (federally), MDMA |
| Schedule II | High | Accepted with restrictions | Oxycodone, morphine, fentanyl, methadone, methylphenidate, amphetamines |
| Schedule III | Moderate | Accepted | Buprenorphine, ketamine, anabolic steroids, low-dose codeine combinations |
| Schedule IV | Lower | Accepted | Benzodiazepines, tramadol, zolpidem, modafinil |
| Schedule V | Lowest (among controlled) | Accepted | Pregabalin, low-dose codeine cough syrups, lacosamide |
DEA Registration & Prescription Rules
Physicians prescribing controlled substances must hold a DEA registration linked to a practice location. Prescriptions for Schedule II drugs generally may not be refilled and, under most state laws, must be issued electronically (EPCS). Telephone prescriptions for Schedule II are allowed only in emergencies with a written follow-up. Schedule III–V drugs may be refilled up to five times within six months.
Prescription Drug Monitoring Programs (PDMPs)
Every state operates a PDMP, an electronic database of controlled substance prescriptions dispensed in the state. Most states now require prescribers to check the PDMP before writing opioids, benzodiazepines, or other controlled substances. PDMPs are critical tools for detecting doctor shopping, duplicative therapy, and dangerous drug combinations.
Electronic Prescribing of Controlled Substances (EPCS)
Federal law (under the SUPPORT Act) and most state laws now require electronic prescribing for controlled substances under Medicare Part D, with state mandates extending to other payers. EPCS requires two-factor authentication, a certified EHR or e-prescribing application, and audit logs. Paper prescriptions for controlled substances are increasingly limited to narrow exceptions (EHR downtime, certain patient circumstances, items not covered).
Red Flags of Suspicious Prescriptions
- Patient traveling long distances to a prescriber or pharmacy.
- Cash payment when insurance is available.
- Requests for specific drugs, doses, or brand names.
- Early refills, lost prescriptions, or escalating doses.
- Multiple prescribers for controlled substances (doctor shopping).
- Combinations like opioid + benzodiazepine + muscle relaxant ("holy trinity").
- Patient reluctance to undergo examination or drug testing.
Opioid Prescribing Limits
Many states have enacted statutory limits on initial opioid prescriptions for acute pain (commonly 3–7 days) and requirements for informed consent, treatment agreements, PDMP checks, naloxone co-prescribing, and risk assessment. The CDC has issued (and revised) guidelines for opioid prescribing that inform but do not bind state law.
Buprenorphine & MAT
Under the MAT Act, the X-waiver for buprenorphine prescribing for opioid use disorder was eliminated in 2023; any physician with a DEA registration may now prescribe buprenorphine for OUD, subject to training and state requirements. Methadone for OUD remains restricted to licensed opioid treatment programs.
Corresponding Responsibility Doctrine
Under the DEA's corresponding responsibility doctrine, pharmacists share responsibility with prescribers for ensuring that a controlled substance prescription is issued for a legitimate medical purpose. Pharmacists may and must refuse to fill prescriptions that show red flags of diversion. Prescribers should expect to be contacted by pharmacists and should be prepared to justify prescriptions.
Diversion & Loss Reporting
DEA registrants must report theft or significant loss of controlled substances to the DEA within one business day on DEA Form 106 and take steps to investigate and correct. Accurate recordkeeping, biennial inventory, and secure storage are ongoing DEA requirements independent of prescribing activity.
25 Medical Records, OSHA & ADA
Medical Record Ownership & Retention
The physical or electronic medical record is generally owned by the provider or institution that created it, while the information belongs to the patient, who has rights of access, amendment, and copying. Retention periods are set by state law and typically range from 5 to 10 years from the last encounter for adults, with longer periods for minors (often until age of majority plus the statute of limitations).
Sample Retention Periods
| Record Type | Typical Retention |
|---|---|
| Adult medical records | 7–10 years from last encounter (varies by state) |
| Pediatric records | Age of majority + 2–10 years |
| Radiology images | 5–10 years |
| Mammograms | 10 years (longer if abnormal) |
| HIPAA compliance documentation | 6 years |
| Medicare cost reports / claims | 5–10 years |
OSHA in Clinical Practice
The Occupational Safety and Health Administration (OSHA) enforces workplace safety regulations that apply to medical practices and hospitals. Core clinical OSHA standards include:
- Bloodborne Pathogens Standard — exposure control plan, PPE, safer needle devices, hepatitis B vaccination for at-risk workers, post-exposure protocols.
- Hazard Communication Standard — safety data sheets, labeling, worker training.
- Respiratory Protection Standard — fit testing for N95 respirators.
- Ionizing Radiation Standard — for radiology and nuclear medicine.
- Recordkeeping and injury logs (OSHA 300).
ADA in Clinical Practice
The Americans with Disabilities Act (ADA) applies to medical offices and hospitals both as employers and as places of public accommodation. Obligations include:
- Physical accessibility of offices, exam tables, and equipment.
- Effective communication, including sign language interpreters for deaf patients at the practice's expense when needed for effective communication.
- Reasonable modification of policies and procedures for patients with disabilities.
- Non-discrimination in employment and reasonable accommodation of qualified employees with disabilities.
Workers Compensation
Workers compensation is a state-based no-fault system providing medical care and wage replacement for job-related injuries. Treating physicians have obligations to report work-relatedness, complete forms on time, and (in some states) limit treatment to authorized providers. The physician–patient relationship in workers comp often includes a reporting duty to the employer or carrier that does not exist in ordinary care.
Release of Records
| Requester | Rule |
|---|---|
| Patient | Right of access under HIPAA; reasonable cost-based fee; 30 days (plus 30-day extension) |
| Another treating provider | Permitted as treatment disclosure; no authorization required |
| Insurance company (payment) | Permitted for payment purposes under TPO |
| Attorney (patient's own) | Requires patient authorization |
| Attorney (third party) | Requires authorization, court order, or valid process with assurances |
| Law enforcement | Limited exceptions; generally requires process unless an enumerated exception applies |
| Public health authority | Permitted without authorization for authorized purposes |
| Employer | Generally requires specific authorization; workers comp has its own rules |
Retention After Death & Practice Closure
Records must be maintained for the period required by state law even after a patient's death or after a physician ceases practice. Retiring or relocating physicians must notify patients, provide continuity of care information, transfer records as authorized, and arrange for custodianship of records that remain unclaimed. State licensing boards typically issue guidance on practice closure requirements.
Language Access & Title VI
Title VI of the Civil Rights Act of 1964 prohibits discrimination on the basis of national origin by any entity receiving federal financial assistance, which includes virtually all hospitals and most practices. HHS guidance interprets this to require meaningful language access for patients with limited English proficiency (LEP): qualified medical interpreters (not ad hoc use of family members or untrained staff), translated written materials, and signage. Language access is a civil rights obligation, not a courtesy, and failures can trigger federal enforcement.
EMR, E-Prescribing, and the 21st Century Cures Act
The 21st Century Cures Act and its implementing "information blocking" rule require that patients have timely, electronic access to their own health information and prohibit providers and health IT developers from engaging in practices that interfere with the access, exchange, or use of electronic health information, subject to specified exceptions. Practices must now release lab results, notes, and imaging to patients promptly through patient portals.
26 Key Supreme Court Cases
A handful of U.S. Supreme Court decisions have shaped the constitutional framework within which medical law operates. Understanding these cases is essential background for every physician and is routinely tested on professionalism and ethics examinations.
Landmark Cases in Medical Law
| Case (Year) | Holding / Significance |
|---|---|
| Griswold v. Connecticut (1965) | Recognized a constitutional right to privacy in marital contraception decisions; foundation for later cases |
| Roe v. Wade (1973) | Recognized a constitutional right to abortion prior to viability; overruled in 2022 |
| Canterbury v. Spence (D.C. Cir. 1972) | Federal appellate case establishing the reasonable-patient (materiality) standard for informed consent |
| Tarasoff v. Regents (Cal. 1976) | Mental health providers have a duty to protect identifiable third parties from patient threats |
| Planned Parenthood v. Casey (1992) | Reaffirmed Roe's core holding; replaced trimester framework with undue burden standard (later overruled) |
| Cruzan v. Director, MDH (1990) | Competent adults have a constitutionally protected liberty interest in refusing medical treatment; states may require clear and convincing evidence of incompetent patient's wishes |
| Washington v. Glucksberg (1997) | No federal constitutional right to physician-assisted suicide; states may prohibit or permit |
| Vacco v. Quill (1997) | Companion case; distinction between refusal of treatment and assisted suicide is constitutionally rational |
| Burwell v. Hobby Lobby (2014) | Closely held corporations may assert religious objection to contraceptive coverage mandate under RFRA |
| Gonzales v. Raich (2005) | Federal Controlled Substances Act applies to intrastate medical marijuana under the Commerce Clause |
| Gonzales v. Oregon (2006) | U.S. Attorney General cannot use the CSA to prohibit physicians from prescribing lethal doses under Oregon's Death with Dignity Act |
| Dobbs v. Jackson Women's Health Organization (2022) | Overruled Roe and Casey; returned abortion regulation to the states |
Cruzan (1990): competent adults may refuse treatment, including life-sustaining treatment. Glucksberg (1997): no federal right to assisted suicide. Quill (1997): legal distinction between refusing treatment and hastening death is constitutionally permissible. Together they define the constitutional boundaries of end-of-life decision-making in the U.S.
Additional Influential Cases
| Case | Topic |
|---|---|
| Schloendorff v. Society of New York Hospital (1914) | Cardozo's famous opinion: "Every human being of adult years and sound mind has a right to determine what shall be done with his own body." Foundation of informed consent. |
| Salgo v. Leland Stanford (1957) | Coined "informed consent"; duty to disclose facts necessary to intelligent decision. |
| In re Quinlan (N.J. 1976) | State supreme court allowed withdrawal of ventilator from persistent vegetative patient; early right-to-die case. |
| Bouvia v. Superior Court (Cal. 1986) | Competent adult's right to refuse nutrition even if not terminally ill. |
| Jaffee v. Redmond (1996) | Recognized a federal psychotherapist–patient privilege. |
| Estelle v. Gamble (1976) | Deliberate indifference to a prisoner's serious medical needs violates the Eighth Amendment. |
Interpreting Case Law in Practice
Supreme Court decisions and state high-court rulings set binding precedent in their jurisdictions, but the clinical applications are often mediated by statute, regulation, and institutional policy. Physicians do not need to read the opinions themselves; they need to know the core holdings, understand how their state has implemented them, and recognize the clinical situations those holdings govern.
27 Risk Management & Documentation
Risk management is the art of practicing medicine in a way that minimizes legal exposure without compromising care. Effective risk management rarely requires dramatic changes to clinical practice; it requires consistent attention to communication, documentation, and follow-up.
The Communication–Litigation Link
Patient dissatisfaction with communication is the single largest predictor of malpractice litigation. Studies consistently show that physicians who are perceived as caring, who spend adequate time, who explain clearly, and who acknowledge uncertainty are sued far less often than equally competent colleagues with poorer bedside manner. Communication, not competence, is often the deciding factor in whether a bad outcome becomes a lawsuit.
Documentation as a Legal Tool
The medical record is the single most important document in a malpractice case. Plaintiffs' attorneys and defense experts alike will read every note, every result, every order. Effective documentation:
- Records the thought process, not just the findings — differential diagnosis, reasoning for decisions, risks considered.
- Documents informed consent discussions in the physician's own note, not just a signed form.
- Notes patient nonadherence and the physician's response (re-education, follow-up plan).
- Records refusal of recommended care with the specific risks discussed.
- Avoids editorializing, criticism of colleagues, or emotional language.
- Uses accurate timestamps and avoids backdating or modifying entries (use addenda if needed).
- Closes the loop on results — who acknowledged them, who informed the patient, and when.
High-Risk Clinical Scenarios
| Scenario | Risk Management Priority |
|---|---|
| Missed/delayed diagnosis | Broad differential, clear follow-up plan, test result tracking |
| Medication error | Reconciliation, allergy checks, readback, CPOE use |
| Informed consent dispute | Detailed process note; document materiality of risks discussed |
| Transitions of care | Structured handoff, closed-loop communication, verified receiver |
| Patient leaving AMA | Capacity assessment, documented discussion, offer for return, follow-up |
| Difficult patient termination | Written notice, 30-day bridge care, records transfer |
| Adverse event disclosure | Prompt, honest, empathic disclosure within risk-management framework |
Never Events
"Never events" are serious, largely preventable patient safety incidents that should not occur if proper systems are in place — wrong-site surgery, retained foreign objects, serious medication errors, patient abduction, and certain device failures. CMS does not reimburse for care associated with many never events, and The Joint Commission requires a root cause analysis and corrective action plan. Never events frequently generate res ipsa malpractice claims.
Peer Review Privilege
Most states protect peer review deliberations and records from discovery in malpractice litigation. The purpose is to encourage candid quality review without fear that the proceedings will be used against physicians in court. The federal PSQIA extends similar privilege to information reported to a Patient Safety Organization. The scope and limits of peer review privilege vary significantly by state, and some courts narrow it to protect only the deliberations themselves, not the underlying factual records.
Apology & Disclosure
Most states have "I'm sorry" laws protecting expressions of sympathy after adverse events. Coupled with CANDOR (Communication and Optimal Resolution) programs adopted by many institutions, open disclosure of errors is associated with lower litigation rates and better patient satisfaction — not higher liability as historically feared.
Alternative Dispute Resolution
Mediation and arbitration are increasingly common alternatives to jury trial in malpractice disputes. Many states require court-ordered mediation before trial; some health care contracts include binding arbitration clauses (enforceable against patients in some jurisdictions, not in others). ADR is typically faster and less expensive than trial, preserves confidentiality, and can preserve physician–patient or institutional relationships that litigation destroys.
Settlement vs Trial
Most malpractice cases settle. Settlement avoids the uncertainty, expense, and public nature of trial; it is also the only way to cap exposure below potential jury verdicts. But any settlement paid on a physician's behalf must be reported to the NPDB, which can have career consequences comparable to a small adverse verdict. Physicians should be consulted on settlement decisions (many policies require physician consent), understand the tradeoffs, and involve personal counsel for significant cases independent of the insurer's counsel.
Working with Risk Management & Counsel
Call risk management early — at the time of an adverse event, not after litigation. Early involvement preserves evidence, coordinates disclosure, and ensures discussions are properly protected under peer review and attorney–client privilege. Do not document incident reports in the medical record; incident reports are separate quality documents.
If you find yourself writing a defensive paragraph explaining why someone else is at fault, stop and call risk management. If you are tempted to change a prior note, stop and use an addendum. If the patient is angry, schedule a sit-down before they leave. Small, timely actions prevent most lawsuits.
28 High-Yield Review
The Core Legal Frameworks in One Table
| Topic | Key Rule |
|---|---|
| Malpractice | Duty, Breach, Causation, Damages — all four required |
| Standard of care | Reasonably prudent physician; now typically national; proved by expert testimony |
| Res ipsa loquitur | Retained sponge, wrong-site surgery — inference of negligence |
| Informed consent | Capacity, disclosure, understanding, voluntariness, choice |
| Disclosure standard | Majority: reasonable patient / materiality (Canterbury) |
| Battery vs negligent consent | No consent at all → battery; inadequate disclosure → negligence |
| Minors | Parental consent required except emancipation, mature minor, minor-treatment statutes, emergency |
| Surrogate hierarchy | Guardian → DPOA-HC → spouse → adult children → parents → siblings |
| HIPAA TPO | Treatment, Payment, Operations — no authorization needed |
| Breach notification | Individuals within 60 days; 500+ triggers HHS & media |
| EMTALA | Screen, Stabilize, Appropriately Transfer — do not ask about insurance first |
| Stark vs AKS vs FCA | Stark (strict liability self-referral); AKS (knowing kickbacks, criminal); FCA (false claims, qui tam) |
| Tarasoff | Duty to protect identifiable third parties from mental health patient threats |
| Cruzan | Competent adult's right to refuse life-sustaining treatment |
| Glucksberg/Quill | No federal right to assisted suicide; states may permit |
| UDDA | Death = irreversible cessation of circulation/respiration OR whole brain function |
| NPDB | Reports malpractice payments, adverse licensure & privilege actions, follows for life |
Rapid-Fire Clinical Pearls
Final Cross-Topic Pearls
(1) Identify the legal framework: malpractice, consent, HIPAA, EMTALA, reporting, end-of-life, or licensure. (2) For malpractice questions, walk through the four elements and check whether each is satisfied. (3) For consent questions, distinguish battery from negligent disclosure and check for exceptions. (4) For HIPAA questions, ask whether the disclosure fits TPO or a specific exception. (5) For end-of-life questions, start with the patient's current capacity and work outward to advance directives and surrogates. These five habits will resolve the vast majority of medical law questions on USMLE and specialty board exams.