Important Reminders for Providers’ Professional Review Activities and Civil Liability

Professional review

The National Practitioner Data Bank (NPDB) requires that hospitals and other health care entities report physicians or dentists who have had a professional review action taken against them for more than 30 days. It’s important to be familiar with the rules regarding professional review actions and the impact of the civil liability protection. Here is a refresher on NPDB requirements as they relate to professional review activity and civil liability protections.

National Practitioner Data Bank Overview

The NPDB’s mission is to improve health care quality, protect the public, and reduce health care fraud and abuse in the United States. The NPDB is a health workforce tool to assist organizations in making well-informed credentialing, privileging, and licensing decisions. It contains information on medical malpractice payments and certain adverse actions related to health care practitioners, entities, providers, and suppliers.

Health care entities and their staff have protections if they take an action against a practitioner. The Social Security Act (the Act) includes provisions to protect individuals, entities, and their authorized agents from being held liable in civil actions for reports made to the NPDB unless they have actual knowledge of the falsity of the information contained in the report. These provisions do not protect staff and entities from being sued, but they do protect against monetary damages.

These protections are in place to promote effective peer review and appropriate reporting by entities in an effort to improve patient safety. The Act even provides additional protections to encourage and support professional review activity of physicians and dentists.

Providers’ Civil Protections on Professional Review Activity

A professional review activity as it is referred to in the Social Security Act is better known as the “peer review process,” which is a key element in all health care providers’ processes. Peer review is typically carried out through formally adopted written procedures that provide for adequate notice and an opportunity for a hearing. There are laws in place to provide protection for individuals providing information to improve the quality of health care through professional review activity.

Peer review is defined as “an action or recommendation of a health care entity taken in the course of professional review activity . . . based on the professional competence or professional conduct of an individual health care practitioner which affects or could affect the health or welfare of a patient . . . which adversely affects or may adversely affect the clinical privileges . . . of the health care practitioner.” The steps in a proper peer review include thorough research and use of the NPDB database, and close adherence to accurate presentation of the provider’s due diligence findings, adequate notice of the right of a hearing, opportunity to rebut the evidence and present a defense. Peer review panels must ensure that they include a significant number of persons at a similar level of training.

If a professional review action of a professional review body meets these standards and those specified in section the Act, they are not be liable in damages “under any law of the United States or of any State.” This is a broad liability protection. In addition, the Act provides that individuals who provide information in a peer review hearing are also covered from civil liability, unless of course the information is false and the person providing it knew that such information was false.


Providers are reminded to maintain and follow their peer review procedures, and understanding that professional review actions and NPDB reporting requirements are important for promoting health care quality and safety. It is also important for entities to know about and be generally familiar with or seek counsel regarding the regulations that provide civil liability protections to support professional review activity. Ultimately, health care entities must report adverse clinical privileges actions on providers if the actions meet NPDB reporting requirements, and should have these requirements in written policy that is reviewed periodically.