Two recent malpractice cases indicate the distinction between ordinary risk management processes and peer review issues. In Johnson v. Detroit Medical Center, a Michigan state court held that a physician’s credentialing file was protected by the confidentiality provisions of Michigan’s Peer Review Confidentiality Statute, and also protected the physician’s operative logs because the doctor/patient privilege protects the identity of non-party patients. 

However, in Orgavanyi v. Henry County Health Center, an Iowa state court held that a nurse’s incident report or patient safety report was not confidential because it was prepared as part of the hospital’s risk management policies and was not part of the peer review or credentialing process.