There's an element of risk management in almost every function and process that occurs in an ambulatory surgery center, says Carol Hiatt, RN, LHRM, CASC, a licensed risk manager in Florida and Accreditation Association for Ambulatory Health Care surveyor who recently joined the consulting team of Healthcare Consultants International, a subsidiary of AAAHC.
Ms. Hiatt discusses five tangible benefits of an effective risk management program and why risk management must be a significant issue of focus for ASCs.
1. Compliance. One of the most important benefits of an effective risk management program is it helps ensure an ASC is in compliance with several key aspects of accreditation, Medicare Conditions for Coverage, and in some states, licensure requirements, says Ms. Hiatt.
Sign up for our FREE E-Weekly for more coverage like this sent to your inbox!
"And what all agencies and organizations are looking for — first and foremost — is that the risk management program receives oversight by the governing body," she says. "That oversight has to be documented in the governing body minutes as well as the quality assessment performance improvement committee meeting minutes as well."
Some states require an effective risk management program to obtain a facility license. Some states, like Florida, even require facilities have a licensed healthcare risk manager.
"It's imperative that the governing body be aware of the state requirements," says Ms. Hiatt. "A lot of times the state requirements are even more stringent than accreditation or Medicare."
As for accreditation organizations, they typically require ASCs to develop and maintain a risk management program that is "appropriate to the organization," she says. This means the program is comprehensive and designed to protect the organization against degrees of loss. While specific requirements will vary based on the accreditation agency, at a minimum the program must aim to protect lives and the welfare of the organization's patients and employees.
Medicare's Conditions for Coverage are even more stringent than the accreditation agencies. Medicare "requires some specific documentation about how the organization uses the information [it] gathers through the risk management program to improve patient outcomes and reduce medical errors," says Ms. Hiatt.
2. Identify system and provider weaknesses before an adverse event occurs. "An effective risk management program is an organization's first line of defense in identifying a weakness or system failure before it occurs and in mitigating or reducing any loss after it occurs," says Ms. Hiatt.
One example she cites is informed consent. While the requirements of informed consent vary some by state, she says, it's important for all ASCs to understand that informed consent is more than just a piece of paper. "It's a process," she says. "That piece of paper demonstrates that the patient has completed that process [and met] certain elements that are required with informed consent."
However, errors with the informed consent document are not uncommon, she says. For example, a procedure might be scheduled for the right eye but the documentation may reference the left eye. Usually, such an error is identified in the preoperative area, but occasionally it's missed.
"I've seen situations of adverse patient outcomes accompanied by incorrect or insufficient informed consent," Ms. Hiatt says. "When a provider is sued, and this documentation is missing or incorrect, the implications for defending the case are significant."
When staff members catch these errors, they should report them as "variances" to the ASC's risk manager (or risk management committee) so the problem can be identified and addressed, staff can be educated, and the ASC can move into a monitoring period where the process leading to the error can be improved and fixed before an adverse outcome happens.
"You'd be surprised how widespread and prevalent this system failure is because organizations fail to identify and address problems," says Ms. Hiatt.
3. Mitigation or reduction of potential loss after an event has occurred. Sooner or later, all providers, if they practice long enough, will likely face a significant adverse patient outcome, says Ms. Hiatt. "An effective risk management program is the provider's first line of defense," she says. "If you follow the principles of risk management, you can mitigate collateral losses following an adverse event."
If an adverse event occurs, Ms. Hiatt says the patient's medical record is a critical component if any litigation were to follow. She advises clients to keep all staff members connected to the event in the facility until the risk manager reviews the chart to make sure it's complete and no forms or documentation is missing.
"I encourage risk managers to number the pages of the medical record and initial each page so they know the medical record is complete when they view it in the future," she says. "If it's an electronic medical record, the complete medical record should be printed and secured so all access to the record is restricted."
She also advises providers notify their malpractice insurer as soon as an adverse event occurs. "The timing of that step is imperative because most malpractice policies have a timely notice provision," Ms. Hiatt says. "That defines the timeframe within which the event has to be reported in order to trigger the insurer's responsibility to defend and cover the provider."
Many providers take a wait-and-see approach to learn if any litigation comes out of the event rather than contact their malpractice carrier immediately, which is why they must be reminded that if they fail to report within that window of time, neither their defense nor the subsequent damages are covered, she says.
4. Provides a framework to gather data that can be used to improve patient outcomes. "When people think of risk management, they usually think of incidence reports, but risk management is more than that," Ms. Hiatt says. "It's patient satisfaction surveys, patient grievance complaints, and infection investigation tools, just to name a few, and all of these tools are only effective if the organization provides the required education to employees when they are hired and annually thereafter." Educating the organization's employees regarding risk management is also an accreditation requirement.
An effective risk management program can provide ample opportunities for meaningful quality improvement studies which positively impact patient outcomes and captures another aspect of accreditation and Medicare requirements.
"If there's an open culture that encourages employees [to] record any type of event that varies from the organization's policies and procedures or expected outcomes, then tracking these recorded events can help you identify topics for future studies," she says. "If the organization is telling employees to report anything that isn't right or deviates from what it wants to happen, then it can gather and track event information to be used to formulate future studies."
For example, if a survey reveals patients are unhappy with the quality of a surgeon's explanation prior to surgery, then this is an area to consider for a quality improvement study. "Doing this is a way to reduce risk because if a patient is not satisfied with the explanation they receive before or after surgery, then they're more likely to be unhappy with other aspects of their care or surgical outcome," Ms. Hiatt says.
She says most organizations are not using patient satisfaction surveys to their best advantage. "Most organizations are pleased if they have really high scores. If they have really high scores, either they're not asking the right questions or they're not asking enough in-depth questions. I always encourage organizations to keep asking questions until they discover a problem because it helps them reduce their risk," she says.
If a surgery center is Medicare-certified, CMS will require the organization to track adverse patient events and examine their causes. Ms. Hiatt suggests ASCs perform this task using a surgeon outcomes reporting tool each month by asking its surgeons to fill out a form which identifies patients who experienced complications and what the complications were. Completing this form satisfies Medicare's risk management requirement, she says.
5. Reduce number, type and severity of adverse events. While no program will prevent every adverse event, the number of events can be reduced if the organization is fully engaged, recognizes the protection afforded to it through risk management, and actively encourages its employees participate in risk management.
"Risk management should not be something that is done to the organization but rather something that's done by the organization," Ms. Hiatt says. "The attitude and approach to risk management by leadership makes all the difference in how effective the program is and to what degree employees provide input."
Any organization that knows its strengths and exposes and corrects its weaknesses will be better prepared to handle the challenges of providing quality care. "Not to mention the demonstrable value by improving the organization's outcomes as we move toward a payment system that rewards organizations which produce the highest quality patient outcomes," she says.
Learn more about Healthcare Consultants International.
More Articles Featuring HCI and AAAHC:
Peer Review: 10 Things to Know
How to Peer Review an RN Performing Moderate Sedation: Q&A With Nancy Jo Vinson of NJM Consulting