Risk Management Best Practices & Managing Critical Incidents · 2019. 10. 23. · Organizational Enablers . Introduction By the end of this session, attendees will have a ... processes,

Ontario Community Support Association Webinar, January 2013

Risk Management Best Practices & Managing Critical Incidents

Polly Stevens, MHSc

VP Healthcare Risk Management

Healthcare Insurance Reciprocal of Canada (HIROC)

[email protected]

Strategic Plan

Quality Plan

Quality Framework

Safety

Access Client Satisfaction

Effectiveness

Prevention (risk mgt)

Disclosure/ Incident Analysis

Trends (based on aggregates)

High level aims

Projects with process & outcome measures,

with targets (incorporate

evidence/best practice)

Action Plan

Risk Management

Governance . Executive Leadership . Capability Building . Meaningful Measurement . Information technology . Strategically aligned aims, measures and initiatives . Engagement of

Clients/Families . Engagement of clinicians and staff . System incentives and accountability .

Corporate Scorecard

Integration

Developed by Paula Blackstien-Hirsch

Organizational Enablers

Introduction

By the end of this session, attendees will have a high-level understanding of: – Risk management challenges, processes, and effective

mitigation strategies – Processes for effectively managing critical incidents

• Apologies up front: – A lot of content in the slides; will not go through all in

detail – provided as helpful resource/future reference if needed

– Presenter’s acute care back-ground may be (overly) evident!

RM and Critical Incidents 3

1. Risk Management Roadmap

What is Risk

What is ERM

Pitfalls

ID Risks Assess Risks

Manage Risks

Report Risks

Questions & Break

4 RM and Critical Incidents

2. Managing Critical Incidents Roadmap

ECFAA

“Critical” Immediate

Steps

Investigate “R’s”

Disclose Media

Questions


Why Risk Management?

• Organizational Goal – to ensure an organization that has a good reputation for delivering relevant, valued programs and services; has the support of members, donors, funding agencies, customers and other stakeholders

• Organizational Reality – is not easy; there is always a degree of risk that things will not turn out as expected – Minor day-to-day events to major crises

• Risk Management – reduce chance of surprises and losses; be better prepared when events occur


CICA, 20 Questions about Risk - Not-For-Profits, 2009

Risk (rĭsk) noun

1. The possibility of suffering harm or loss.

2. A factor, thing, or element involving uncertain danger; hazard. – Measured by likelihood & impact

What is Risk


Enterprise Risk Management (Long Definition)

“A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity

objectives, blah, blah, blah”.

8

Committee of Sponsoring Organizations of the Treadway Commission (COSO), 2004

RM and Critical Incidents

What is ERM

ERM – Simplified (Also called Integrated Risk Management)

A rank-ordered list of an organization’s top risks (and an indication if any action is required)


What is ERM

Exercise / Poll

Rank the following five risks from 1 to 5

A. Staff musculoskeletal injury

B. Fraud / misappropriation of funds by a staff member

C. Abuse of client

D. Property water damage

E. Large privacy breach


Pitfalls


Pitfalls

Biases (aka Intuition)…

“In today’s fast evolving business environment, where the past may not always be the best predictor of the future, exclusive reliance on senior management’s intuition and experience to identify and assess risks could result in a significant loss to an organization.”


AON, 2012

Pitfalls

Biases (cont) (humans suck at risk assessment)

http://bullishbrain.com 13 RM and Critical Incidents

Pitfalls

Biases (cont)

Hillson, 2004

“If risk probability assessment is faulty, the accuracy of risk prioritisation will be affected”


Pitfalls


ID Risks

Healthcare Risks Are…

Things that threaten organizational objectives: • To help (and not harm) clients • To provide a safe environment for staff; to

engage staff • To be fiscally responsible • To maintain or add services • To meet applicable standards and

regulations • To maintain a favorable public reputation • (Note – overlap between categories)

16

ID Risks


http://www.certifiednursingassistantemployment.com/wp-content/uploads/2011/10/nursinghomephoto21.jpg

• Client/visitor falls • Physical/sexual abuse • Mismanagement/fraud of client funds • Mismanagement of wounds, pressure

ulcers • Failure to follow up on concerns;

appreciate status changes – “Not seen, not found”

• Others? • Data sources: incident reporting, chart

audits, client satisfaction surveys (ECFAA), client complaints

Potential Client Risks


ID Risks

• Musculoskeletal injuries

• Falls

• Assault by clients/families/other staff

• Loss of key staff – Note: loss/performance of chief executive is #1 risk for

boards

• Others?

• Data sources: incident reports, staff satisfaction surveys (ECFAA), analysis of turnover, etc.

Potential Staff Risks


ID Risks

Potential Financial Risks

• Loss of a major source of funding

• Reductions in the market value of investments

• Unsuccessful fund-raising projects

• Excessive increases in costs

• Employee fraud

• Loss or theft of information

• Property damage (e.g. fire, water)

• Civil litigation (e.g. wrongful dismissal)

• Others?


ID Risks

http://i.bnet.com/blogs/stealingistock.jpg

Potential Service Risks

• Programs or services are no longer in demand or distinctive

– Changes in ministry priorities, restructuring, competition

• Inability to perform critical functions that depend on technology

• Others?


ID Risks

Potential Reputation Risks

• Failure of a major project or strategic initiative

• Significant privacy breach • Inadequate responses to emergencies • Often the result of other risks (major client

incident, employee fraud) • Others? • Data sources: media citations, formal and

informal surveys of partners, external stakeholders, etc


ID Risks

HIROC Top Risks Home Care

Risk (Allegation) Rank

Home Care – Mismanagement of surgical/vascular wounds and retained foreign objects 1

Medical – Failure to appreciate status changes/deteriorating client condition 2

Fiduciary – Mismanagement of the procurement process 3

Medication – Failure to perform therapeutic drug monitoring 4

Falls – Client falls 5

Medical – Healthcare acquired pressure ulcers 6

Medication – Medication adverse events 7

Medical – Inadequate response to client emergencies in the non-acute care sectors 8

Safety and Security – Assault 9

Property – Water Damage 10

Employment – Wrongful dismissal 11

Falls – Visitor falls 12

Home Care – Inadequate coordination and case management 13

Infection Control – Healthcare acquired infections 14

Home Care – Not seen, not found 15

Rights – Privacy breach 16

Diagnosis – Failure to communicate critical test results 17

Fiduciary – Employee Fraud 18


ID Risks


Assess Risks

Key Questions


NHS, 2007

Assess Risks

Impact & Likelihood Scales

25

Loss Domain Low (1) Med (2) High (3)

Client Minor injury Hospital treatment required

Death; severe disability

Staff Minor injury Hospital treatment required

Death; severe disability

Finance > $X ; <1% budget > $X ; 2-4% budget > $X ; > 5% budget

Program/ Service

Temporary loss of service

Downgrade of service Permanent loss of program or service

Standards Minor violation Downgraded accreditation status

Maximum fines levied; criminal code violation

Reputation Negative media report

Government queries; repeated negative media

Government supervisor appointed; sustained negative media

Low (1) Medium (2) High (3) Less than once a year Every few months to 1 year More than once a month

LIKELIHOOD

IMPACT (3 level example)


Assess Risks


Manage Risks

Risk Matrix


CICA, 2009

Manage Risks

Options

• Mitigate — Controls and procedures to detect and reduce the likelihood and/or severity of risks (e.g. internal accounting controls, key clinical protocols)

• Transfer — Share the risk (e.g. insurance policies for fire, theft and liability; outsourcing contracts ).

• Avoid — Just don’t do something that seems too risky (e.g. rock climbing wall at staff event).

• Accept — Do nothing, if risk is very unlikely or would not cause serious harm to the organization (e.g. rain during an outside event).


Manage Risks

CICA, 2009

Fraud Mitigation Checklist

Ethics policy/declaration of values(ECFAA); code of conduct related to honesty/integrity

Anonymous, confidential reporting for potential fraud

Background checks for employees and vendors

Segregation of duties between: cash management and statement/ledger reconciliation; cheque preparation and cheque signing; etc.

Monthly reconciliations of all bank accounts

Policies regarding approval thresholds

Written contracts or purchase orders are for all invoices

Supplier invoices include purchase order numbers and detailed description of work

Processes to confirm the authority of cheque signers; that payees are known; and that cheques are not altered, out-of-sequence, or missing

Supplier cheques are mailed; not picked up by employees


HIROC, 2012

Manage Risks

Crisis Response Generic Checklist

Leadership support

Written, accessible plan(s)

– Can be specific to different types of events (e.g. missing client, abusive client, fire, bomb threat)

– Generally entails command centre structure, designation of incident manager

Regular training of staff (practice drills)

Staff empowered to act on their own initiative in times of crisis

Prompt review of each event and identification of opportunities for improvement


Manage Risks

Board Reporting

• The status of major risks including effectiveness of risk management techniques; new risks (see risk register)

• Breaches of the Code of Conduct • Formal and potential complaints against the

organization, e.g. harassment allegations, human rights complaints, labour board investigations

• Litigation against the organization • Insurance coverage • New and potential crises • The status of any crises that are currently being

managed


CICA, 2009

Report Risks

Sample Risk Register

CICA, 2009


Report Risks

Appendix / Helpful Resources Risk Management


Risk Management


Risk Management (cont)

http://www.cica.ca/publications/list-of-publications/item66534.aspx


Crisis Management (IMS)


http://oha.com

HIROC Top Risks Community Care Coordination


Home Care – Mismanagement of surgical/vascular wounds and retained foreign objects 1


Medical – Client elopement 3

Mental Health – Suicide of a client 4

Medication – Failure to perform therapeutic drug monitoring 5

Administration – Management of client complaints 6


Home Care – Inadequate coordination and case management 8


Medical – Healthcare acquire burns 10

Medication – Medication adverse events 11

Medical – Inadequate response to client emergencies in the non-acute care sectors 12

Medical – Inadequate quality checks for contracted/agency nursing staff 13


Home Care – Not seen not heard 15



Infection Control – Healthcare acquired infections 18

Diagnosis – Failure to communicate critical test results 19


HIROC Top Risks Community Health Centres








HIROC Top Risks Mental Health (institutional)




Mental Health - Suicide of a client 2

Employment - Wrongful dismissal 3

Employment - Failure to pay benefits/overtime 4

Medical - Client elopement 5

Administration - Mismanagement of client complaints 6

Fiduciary - Employee fraud 7

Falls - Visitor falls 8

Falls - Clients falls 9

Medical - Failure to appreciate status changes/deteriorating client condition 10

Medical - Inadequate response to client emergencies in the non-acute care sectors 11

Infection Control - Healthcare acquired infections 12

Medical - Mismanagement of restraints 13

Property – Water Damage 14

Medication - Failure to perform therapeutic drug monitoring 15

Rights - Privacy breach 16

Medication - Medication adverse events 17

Client Abuse Mitigation Checklist

Background police checks for all new staff, and volunteers for incidents of abuse

Standard definition for client abuse – physical abuse, sexual assault, violence, threats, non-therapeutic

relationships, intimidations, financial abuse and harassment

Zero tolerance policy of client abuse including appropriate progressive discipline of staff for confirmed incidents

Random spot checks of restrained clients with room attendants; limit attendants of opposite gender for vulnerable clients

Staff and volunteers aware of boundary issues and potential signs of abusive situations including: – spending extra time with one client beyond his/her therapeutic needs with

little documentation – changing client assignments to provide preferential care to one client – changes in a client’s comfort levels with a particular staff member or another

client


HIROC, 2012

Wrongful Dismissal Mitigation Checklist

Reference checks (3 at least)

Verification of credentials, photo-verification

Signed employment agreements that include provisions for dismissal, a probationary period

Signed acknowledgment that new employees have read the organization’s policies and standards of conduct; that failure to adhere to the standards may lead to dismissal

Mandatory training conducted, attended and documented

Reminder, documentation of new employee performance during and at the conclusion of the probation; release/extend probation for employees that do not have a successful probation

Formal system of scheduled performance reviews for all employees

Policies and procedures governing work schedules, time off, and use of company equipment are applied equally to employees in the same or similar jobs


HIROC, 2012

Privacy Breach Mitigation Checklist

clientication processes for staff accessing systems on which PHI is maintained – approvals for system access, the use of strong passwords, non-sharing of passwords, scheduled

prompts to change passwords, etc.

Prohibit removal of identifiable PHI in any form (i.e. paper or electronic) from the organization, unless required for the provision of medical care.

Prohibit storage of records of PHI on mobile devices unless the records are de-identified or strongly encrypted

Protect physical records after hours with at least two levels of security – two locked doors or locked door and locked filing cabinet

Contracts with agent retained to store or dispose of paper PHI records, stipulating no unauthorized persons will have access to the records; destruction entails irreversible shredding or pulverization.

Staff & volunteers trained in their duties and obligations related to the collection, protection, use and disclosure of PHI – strict prohibition on sharing user IDs and passwords, the risks of using mobile devices, and the

consequences for those that willfully disregard their duties.

Regular and random audits of electronic client records to ensure access by appropriate staff only.

Regular audits of well-known or high-profile client records to ensure access by appropriate staff only

RM and Critical Incidents 42 HIROC, 2012

Questions and Break


2. Managing Critical Incidents Roadmap

ECFAA

“Critical” Immediate

Steps

Investigate “R’s”

Disclose Media

Questions


ECFAA Requirements

• Analyze critical incidents

• Disclose to patients

• Develop system-wide plans to avoid / reduce risk of recurrence

• Provide aggregated critical incident data to the board quality committee at least two times per year

http://health.gov.on.ca/en/common/legislation/ecfa/updates/criticalincident/


ECFAA

What are Critical Incidents

A “critical incident” is defined as any unintended event that occurs when a patient receives treatment in the hospital;

– That results in death, or serious disability, injury or harm to the patient, and

– Does not result primarily from the patient’s underlying medical condition or from a known risk inherent in providing treatment.


Ontario, Reg 965, PHA

“Critical”

“Critical” Threshold Level Explanation

Near miss An incident which did not reach the patient.

No harm incident

An incident in which an event reached a patient but no discernable harm resulted.

Harmful incident – Mild harm

Patient outcome is symptomatic, symptoms are mild, loss of function or harm is minimal or intermediate but short term, and no or minimal intervention is required.

Harmful incident – Moderate harm

Patient outcome is symptomatic, requiring intervention, an increased LOS, or causing permanent or long term harm or loss of function.

Harmful incident – Severe harm

Patient outcome is symptomatic, requiring life‐saving intervention or major surgical/medical intervention, shortening life expectancy or causing major permanent or long term harm or loss of function.

Harmful incident – Death

On balance of probabilities; death was caused or brought forward in the short term by the incident.


WHO, ICPS (actual, potential?)

“Critical”

48

First Things First

• Support client and family

– Initiate Disclosure

• Support staff involved in events

• Secure documents, other materials

• Notify managers (internal/external)

• Leadership agreement to launch

• Identify review team; launch review


Immediate Steps


Investigate

Who To Do Investigation

• Facilitator with skill and knowledge in analyzing incidents

• Operational leader(s) with ability to effect change

• Diad/triad (RM facilitator, operational lead,+/- clinical lead)


Investigate

51

Investigation

• What happened? – Chronological timeline – Interviews

• What was supposed to happen? – Relevant P&P’s, guidelines

• What typically happens? – Chart audit

• Why did it happen (contributing factors)? • What can be done to try to prevent it from

happening again? – Interviewee input

Stevens, 2010


Investigate

Pitfalls


Investigate

Critical Incident – 1 “Not Seen, Not Found”

A recently discharged client from an acute care setting was receiving home physiotherapy and personal support worker (PSW) services. The PSW arranged a second visit with the client occurring three days later. The client did not answer the door on the day of the scheduled visit. The PSW left a note on the client’s front door. Four days later the PSW attended the client’s home and found the note on the door he left previously. Instead of reporting the NSNF visit to his agency or coordinating community care funder, the PSW attempted to call the client over the next four days. The community care funder was never contacted by the PSW or by the agency. The community care funder first learned of this from a friend of the client concerned about the missing client. The police were called and client was found deceased. It was estimated that the client had been dead for over five days.

Link between AE, Incident Reports, Claims 53

HIROC, 2013

Investigate

Critical Incident – 2 Coordination/Case Management

A 75 year old client underwent triple cardiac by-pass and valve replacement surgery. Arrangements were made for home nursing care (wound management). Planning on staying at his son’s house over the holiday season, the client notified his nurses and coordinator of his temporary change in address. Despite numerous calls from the client to the nursing agency, the client did not receive nursing services for nine days. The client was experiencing severe chest pains, lethargy, and had developed a deep wound infection requiring a four-month hospital admission.


HIROC, 2013

Investigate

Critical Incident – 3 Wound Care

A 38 year old male client with pre-existing mobility issues was receiving home care for wound management. Nursing was to be provided every other day to change the dressing. Over the course of a year and a half, the client underwent multiple debridement and courses of antibiotics. The nurses difficulty packing the wound and inability to find the old packing was not communicated to the client’s physician. Review of the file indicated that the majority of the nurses involved failed to document the amount of packing that went in or came out despite the agency protocol. Ultimately the client went in for surgery, during which time over 15 old dressings were detected in the wound.


HIROC, 2013

Investigate

Timeline CI-1 “Not Seen, Not Found”


Investigate

Date/Time Item/Comment Source

13 Dec 2012 First visit with client by PSW

Agency record

16 Dec 2012 1400 hrs

Second visit attempt, note left on door

Staff interview

20 Dec 2012 0800 hrs

Visit attempt, same note on door

Staff interview

21 Dec 2012 1000 hrs

Called client, no answer

Staff interview

Etc…

Findings/Issues


CPSI, 2012

Investigate

Why Why Why…

Findings/Issues CI-1 “Not Seen, Not Found”

• Task – Complicated NSNF protocols

(e.g. embedded in more than one policy)

– Others?

• Equipment / Resources – Lack of key contact information

on file – Others?

• Work Environment – After hours visits – Others?

• Client – Previous incidents of non-

notification of absences – Others?

• Care Team – Primary service provider away – Others?

• Organization – NSNF reporting impact on

funding – Others?

• Other – Conflicting NSNF definitions /

expectations between agencies – Others?


“R’s”

SENSE vs SMART

• Specific (to review findings)

• Effective

• Not necessarily time limited

• Shift the focus from sharp end to blunt end

• Exploring systemic and organizational goal conflicts

• Specific

• Measurable

• Attainable

• Realistic

• Timely


Robson, SPHERE, 2012

“R’s”

CPSI, 2012

Effectiveness Hierarchy

RM and Critical Incidents 60 Stevens, 2010

“R’s”

R’s Rationalization (less is more?)

RM and Critical Incidents 61 Stevens, 2010

“R’s”

Potential Recommendations Poll CI-1 “Not Seen, Not Found”

A. Re-educate staff on NSNF policy

1. Strong

2. Intermediate

3. Weak

B. Encourage clients to place signage on door if away unexpectedly

1. Strong

2. Intermediate

3. Weak

C. Developed a simplified & standardized NSNF decision tree…

1. Strong

2. Intermediate

3. Weak

D. Implement an electronic contact management system

1. Strong

2. Intermediate

3. Weak


“R’s”

Why Disclose

• Ethical principles

– Fiduciary duty, truth telling, justice

• Legal duty

– Government legislation, professional regulations, case law

• Learning and improvement

• Impact on healthcare provider

• Empirical studies (potential impact on claims)


Disclose

Summary

RM and Critical Incidents 64 CPSI, 2011

Disclose

What Events to Disclose


CPSI, 2011

Disclose

What to Disclose

“The disclosure to the patient must include:

– The material facts of what occurred with respect to the critical incident;

– Consequences for the patient of the critical incident, as they become known; and,

– The actions taken and recommended to be taken to address the consequences to the patient of the critical incident including any health care or treatment that is advisable.

Hospitals are also required to disclose to the patient any systemic steps being taken or that have been taken to avoid the risk of similar critical incidents occurring in the future.

In the event where the critical incident is being reviewed under the Quality of Care Information Protection Act, the hospital is still required to disclose the above facts, consequences and actions and the systemic steps actually taken.”


OHA, 2010

Disclose

Crisis Communication Tips

• Care

• Compassion

• Consistency

• Coherence

• Clarity


Seymour & Moore, 2000

Media

Media

“A thing that most people don't realize, or at least aren't able to recognize… is that the press always "wins," wins because we have the last word, the final say, and the cruellest weapons. Another is that, unlike doctors, who are bound by their oath to "first, do no harm," the media almost always do harm. I've written more than my fair share of other people's tragedies, and know this to be true.” Blatchford, 2009


Media

Media Response Tips (Initial)

• Be responsive; don’t stonewall

• ID organizational spokesperson

• Have the basic facts on hand

• Briefly respond to questions; essential information only

• State the facts only (don’t speculate about causes, long-term effects)


Media

Dykeman & Dewhurst, RMCHC, 2011

Media Talking Points

• Our first priority is everyone’s safety.

• We responded quickly, and are working with others – e.g. police, MOL, (as appropriate).

• We believe at this time that the situation is under control (if it is).

• We have taken the following steps to manage the incident…

• The public can assist in the following ways…

• We take these cases very seriously.

• While for privacy reasons we cannot speak to the specifics of this case, we can tell you that: – We investigate all complaints

and respond to the individuals involved

– We view any incident as an opportunity to improve our services

• We are still investigating the crisis. We will continue to be in touch with [our clients, their families, our staff, you the public] and report back as we have more information.


Dykeman & Dewhurst, RMCHC, 2011

Media

Appendix / Helpful Resources Critical Incidents


Critical Incidents


patientsafetyinstitute.ca CPSI, 2012

Critical Incidents (cont)


CPSI, 2011



CPSI, 2010



oha.com/ecfaa ontario.ca/excellentcare

Questions


Documents

Risk Management Best Practices & Managing Critical Incidents · 2019. 10. 23. · Organizational Enablers . Introduction By the end of this session, attendees will have a ... processes,