Capella University Health & Medical Paper

Write a 3-4 page risk management policy and procedure for a health care organization. Analyze a specific issue that occurred in a health care organization and apply risk management best practices to it for the purpose of early risk identification and risk reduction or elimination in the future.

Health care organizations have always searched for ways to identify and reduce risks. An organization’s ability to identify and analyze its risk exposure is a determining factor in the effectiveness of its risk management program (Hoarle, 2015). Early identification and analysis are essential. 

Current health care risk management practices developed in the mid-1970s as a result of a surge in malpractice suits. These suits caused rapid increases in claims costs for the industry and later in insurance premiums. Today, health care delivery systems and organizations realize the value of risk management and have developed formalized programs (Hoarle, 2015). In addition, organizations have established mechanisms to review potential incidents of risk and safety concerns (Pelletier & Beaudin, 2018). While risk management programs are responsible for daily management and risk operations, all health care stakeholders are responsible to participate in activities that will reduce unnecessary risks and improve safety and quality (Hoarle, 2015). 

This second course assessment consists of two parts. You are to assume the role of a new risk manager within your organization’s risk management department. According to your director, employees lack awareness of the organization’s risk management program. Likewise, departments inconsistently apply risk management principles. As a result of these deficiencies, your director has given you your first assignment. 

Part One: Risk Management Policy and Procedure

Your director has asked you to write a formal risk management policy and procedure for the organization. 

Part Two: Application of Risk Management Principles to a Specific Incident

In addition to the policy and procedure, your director has asked you to apply your knowledge of risk management principles to a specific organizational risk that has occurred. You will select one of the three incidents from the Vila Health: Patient Safety media piece from Assessment 1. These incidents included a patient identification error, a medication error, and a HIPAA/privacy violation. Select the risk that holds the most interest for you.    

Your director believes that the organization’s newly written risk management policy and procedure, coupled with your analysis from a risk management standpoint of a recent, specific incident that occurred, will help employees (and the organization) recognize how the hospital’s risk management program contributes to the overall organization’s safety and quality improvement efforts. 

References

Hoarle, K. (2015). Risk management poised to grow as healthcare evolves. Biomedical Instrumentation & Technology, 49(6), 433–435.

Pelletier, L. R., & Beaudin, C. L. (2018). HQ solutions: Resource for the healthcare quality professional (4th ed.). Philadelphia, PA: Wolters Kluwer.

Demonstration of Proficiency

By successfully completing this assessment, you will demonstrate your proficiency in the course competencies through the following assessment scoring guide criteria: 

• Competency 1: Analyze the quality and performance improvement activities within the health care organization.
  • Propose evidence-based risk management strategies and techniques to identify and eliminate or reduce a particular risk. 
• Competency 2: Explain the risk management function in the health care organization.
  • Explain the importance of a risk management program to health care organizations. 
  • Define key risk management terms.
  • Describe the major risk categories in a health care organization, along with their corresponding risk identification techniques.  
• Competency 4: Apply leadership strategies to quality improvement in a health care organization.
  • Analyze the risk manager’s role in effective management of the organization’s risk management program.
• Competency 5: Communicate in a manner that is scholarly, professional, and respectful of the diversity, dignity, and integrity of others and is consistent with health care professionals.
  • Write a clear, organized risk management policy and procedure that is generally free of errors and is reflective of professional communication in the health care field.
  • Provide citations and title and reference pages that conform to APA style and format.

Preparation

To help prepare for successfully completing this assessment:

• Conduct independent research on policy templates. You will find multiple policy templates from which to choose as you write your risk policy and procedure. 
• Select one of the organizational risks from the Vila Health: Patient Safety simulation from Assessment 1. These included a patient identification error, a medication error, and a HIPAA/privacy violation. For Part Two of your assessment you will conduct an in-depth analysis of the organizational risk you selected. 

Instructions

Part One: Risk Management Policy and Procedure (3–4 pages)

As the new risk manager in your health care organization, your director has assigned you responsibility for drafting the organization’s risk management policy and procedure. This assignment stemmed from your director’s perception that employees lacked knowledge and awareness of risk management’s contribution to furthering the organization’s safety and quality improvement efforts. Likewise, your director also saw evidence that departments within the organization were inconsistently applying risk management principles to their daily work practices.

The guidance you have received from your director about writing this policy and procedure is that it needs to include all of the following headings. It also needs to answer all of the questions underneath each heading:  

• Purpose Statement:
  • How can a risk management program help this organization advance its strategic safety and quality goals?  
• Key Risk Management Terms:
  • What is the definition for each of these risk management terms? 
    • Risk prevention.
    • Risk reduction.
    • Regulatory compliance.
    • Patient safety.
    • Adverse event.
    • Near miss.
• Risk Categories and Risk Identification Techniques:
  • What are the major risk categories in health care? In your answer, be sure to explain each risk category and to provide relevant examples from the literature to illustrate your points.
  • What risk management strategies will the organization use to identify potential organizational risks? Be sure your narrative identifies and describes such risk identification techniques as concurrent, retrospective, incident reporting, and previous trends. ?Note: These are only a few of the risk identification techniques to address in your policy and procedure. Be sure to include other examples you are aware of from your professional experience or from reviewing your suggested resources. 
  • What are examples of risk categories and their appropriate corresponding risk identification techniques? For example, coding errors are a type of financial risk. Retrospective auditing is the risk identification technique used to identify this risk type. 
• Risk Manager’s Role in Program Implementation and Compliance:
  • What is the risk manager’s role in risk management program implementation and compliance? 
  • How can a risk manager impact effective management of the organization’s risk management program?
  • What is one example from the literature that shows how the risk manager role can positively impact a health care organization’s management of its risk management program?

Part Two: Application of Risk Management Principles to a Specific Incident (3–4 pages)

To further help employees and the organization at large see risk management’s contribution to helping the organization achieve its safety and quality goals, your director has asked you to analyze and apply risk management principles to a recent incident that occurred in the organization. Your director has asked you to include all of the following headings in your analysis and to address all of the questions underneath each heading.

• Risk Description:
  • Which potential risk to your organization from the Vila Health: Patient Safety simulation are you analyzing? These included patient identification error, medication error, and a HIPAA/privacy violation.
• Risk Implications:
  • What are the risks to patients, employees, and to the organization if this particular risk is not addressed? In other words, what could happen if the organization chooses to do nothing? 
• Risk Identification:
  • What risk management strategies and techniques will the organization employ to identify this type of risk in the future? For example, will the organization identify this type of risk by analyzing incident report data? What other strategies might the organization employ to identify the risk? Be sure to include your rationale for choosing the particular strategy(ies).  
• Risk Reduction/Elimination:
  • What risk management best practices could the organization employ to eliminate or reduce the risk in the future? For example, if you plan to identify the risk by analyzing incident report data, would you conduct a drill down to determine what is causing the risk? What other best practices might you employ? Consult your suggested resources for guidance on best practices for eliminating and reducing  risk.  
  • What steps would you take to implement your plan to eliminate or reduce your selected risk?   
  • Introduction
  • Scene 1
  • Patient Identification
  • Scene 2
  • Medication Error
  • Scene 3
  • HIPAA
  • Conclusion
  • Introduction
    Independence Medical Center is a rural referral hospital with 115 beds in Independence, Iowa. Like all hospitals, administrators and providers try to avoid errors, and it’s the patient safety officer’s role to monitor the hospital’s safety posture and recommend better practices. But what happens when a mistake leads to a medication error?Patient Identification
    At Independence Medical Center, the patient safety officer conducts daily safety rounds. Today, she’s rounding at the pediatric unit on the eighth floor.Kyra Dilley and Virginia Anderson
    Kyra Dilley: Hi, where’s the charge nurse?Virginia Anderson: That’s me. What’s up?Kyra Dilley: Well, I’m doing my safety rounds and I noticed that there are two patients on this floor in rooms directly across from each other: B. Moore and B.R. Moore.Virginia Anderson: That’s not all — they have really similar birthdates! B. Moore was born on 8/11/05 and B. R. on 11/8/05.Kyra Dilley: Okay, that’s even more concerning. How are you making sure not to confuse those patients?Virginia Anderson: It’s not a problem. We’re making sure that the two patients always have different nurses.Kyra Dilley: Well, that’s good, but I have to warn you that this is a troubling situation. Are all shifts aware of the need to schedule nurses around this?Virginia Anderson: There are notes in both charts. We had to do that; we’ve been short staffed this week and there’s been a lot of shifting around.Now that you’ve spoken with some clinical stakeholders, answer the following questions:
    Question 1: If the PSO determines this is a trending issue on this unit, which step should she include in the corrective action?Your response:Incorrect.
    Correct Answer: In-service education for the entire unit on which the errors continue to trend.Education for the entire facility is not warranted at this time, given that the error is trending only on one specific unit.Incorrect.
    Correct Answer: In-service education for the entire unit on which the errors continue to trend.Using only one identifier does not meet regulatory standards.Correct Answer: In-service education for the entire unit on which the errors continue to trend.Given that the errors are trending on the unit, all staff on the unit should attend in-service education on this issue.Correct!
    Providing in-service education to the entire staff on the unit on which the error is trending is important. While only two nurses were involved in this error, the next error could occur with different staff. In addition, re-educating the entire unit is beneficial, as fellow staff members often catch errors that others do not see.Question 2: Which operational consideration is NOT a priority in terms of reducing patient identification errors?Your response:Incorrect.
    Correct Answer: Reason for admission to the unit.The room assignment process is an important item to consider, as no process may be in place to strategically put patients on the unit when an error may occur due to identification or other similar factor. The PSO may want to revise the current process or create one if one doesn’t exist. This is a potential re-education topic if a room assignment process does exist but staff members do not adhere to it, or if the process is revised and staff members require education about the revised process.Incorrect.
    Correct Answer: Reason for admission to the unit.Reviewing the process for alerting staff members of potential safety errors due to patient identification is important to consider. The patient safety officer may want to revise the current process or create one if one doesn’t exist. This is a potential re-education topic within the organization if a process for alerting staff members of potential safety errors due to patient identification exists but staff members do not adhere to it, or if the process is revised and staff members require education about it.Incorrect.
    Correct Answer: Reason for admission to the unit.Reviewing the floor census is an important consideration in this case. The patient safety officer will want to determine working conditions at the time the error occurred. For example, was the unit short-staffed at the time of the error? Was there an emergency in the unit at the time the error occurred, distracting staff members?Correct!
    At this time, knowing the reason for admission to the unit is not a priority, because the issue involves patient identification. Diagnosis is not an element used in patient identification.Question 3: What potential next steps might a patient safety officer take?Your response:Expert Response: Health care experts in patient safety and quality improvement identified the following as important next steps when a patient identification issue arises:
  • Review any existing room assignment policies and procedures.
  • Interview staff members assigned to each patient to determine their process for proper patient identification to ensure mix-ups are avoided.
  • Notify the risk manager of the potential patient safety error.
  • Educate the family about the importance of active involvement in their child’s care and about the organization’s patient identification process.
  • Question 4:
    True or false: Regulatory agencies require the use of three patient identifiers (such as name, DOB, or address) to identify patients.Your response:Incorrect.
    Correct Answer: False.The Joint Commission requires health care organizations to use two patient identifiers.Correct!
    The Joint Commission requires health care organizations to use two patient identifiers, not three.Question 5: What are the potential implications for a health care organization if a mistake or an adverse event occurs as the result of a patient identification error?Your response:Expert Response: Health care experts in patient safety and quality improvement cited the following as potential implications for the organization if a mistake or adverse event occurs as the result of a patient identification error:
  • Continued medication, blood transfusion, and procedural errors.
  • Increased costs to the organization.
  • Adverse effects on patient health.
  • Increased regulatory oversight, which could lead to fines, penalties, or loss of accreditation.
  • Question 6: What are the potential implications for the patient if a mistake or an adverse event occurs as the result of a patient identification error?Your response:Expert Response: Health care experts in patient safety and quality improvement cited the following as potential implications for the patient if a mistake or an adverse event occurs as the result of a patient identification error:
  • Prolonged admission, resulting in increased costs and diminished patient satisfaction.
  • Disability or death.
  • Loss of trust in the health care organization.
  • Medication Error
    Later that week, the PSO gets a call from the hospital’s risk manager.Kyra Dilley and Arthur Chester
    Kyra Dilley: This is Kyra Dilley.Arthur Chester: Hi, Kyra, this is Arthur Chester. I’m calling to let you know about a medication error on the eighth floor.Kyra Dilley: Oh, no. Was it B. Moore or B.R. Moore?Arthur Chester: How did you know? It was B. Moore, birthdate 8/11/05. My investigation isn’t complete but there were two patients with similar names and birthdates in rooms in close proximity.Kyra Dilley: Okay. Have you interviewed the nurses involved yet? There should have been different nurses for each patient.Now that you’ve spoken with some non-clinical stakeholders, answer the following questions:
    Question 1: Given the information about the medication error, which is the most appropriate first step for the patient safety officer to take?Your response:Incorrect.
    Correct Answer: Check on the patient’s clinical status.Determining whether the medication error is an isolated event or a trending issue is an important step, but it can be performed later — during the investigation.Incorrect.
    Correct Answer: Check on the patient’s clinical status.Notifying the risk manager is an important step, but it is not the first step.Correct!
    Patient safety always comes first. It is the patient safety officer’s first responsibility to check on and document the patient’s clinical status.Incorrect.
    Correct Answer: Check on the patient’s clinical status.Health care organizations are not required to report all errors to the regulatory agency. Additional fact finding and possibly a complete investigation need to be performed before notifying the regulatory agency.Question 2: Which of the following has the least impact on the medication error?Your response:Incorrect.
    Correct Answer: Scheduling of the unit secretary.The original medication order is important to consider when investigating the error. The original order may have been transcribed incorrectly, or it may contain important information related to why the error may have occurred. For example, the original order may have been illegible, it may have requested an incorrect dose, or it may contain a look-alike or sound-alike medication.Incorrect.
    Correct Answer: Scheduling of the unit secretary.Knowing which medication was administered is important to consider, because this may have a significant impact on the patient’s prognosis.Incorrect.
    Correct Answer: Scheduling of the unit secretary.Staff workload and working conditions at the time of the error are important considerations in this situation. The staff may have been overwhelmed, distracted, or focused on other items, resulting in a lack of focus on this particular patient.Correct!
    Whether this unit had a secretary scheduled to work at the time of the error is unlikely to have had an impact on the medication error.Question 3: The Joint Commission states all of the following about medication errors or issues EXCEPT:Your response:Correct!
    The Joint Commission states that medication errors often result in adverse events.Incorrect.
    Correct Answer: Although common, medication errors do not often result in adverse events.The Joint Commission requires health care organizations to conduct a root cause analysis to determine the cause of the medication error.Incorrect.
    Correct Answer: Although common, medication errors do not often result in adverse events.The Joint Commission requires health care organizations to develop a corrective action plan and monitor it closely to ensure its effectiveness.Incorrect.
    Correct Answer: Although common, medication errors do not often result in adverse events.The Joint Commission encourages patients and caregivers to actively participate in their health care.Question 4: From a regulatory perspective, the best resource to consult on medication errors is:Your response:Incorrect.
    Correct Answer: The appropriate regulatory agency’s accreditation manual.The previous patient safety officer is not the best choice, as this individual may no longer be with the organization. Likewise, regulatory agency standards change frequently, and the previous patient safety officer’s knowledge of regulatory agency standards may be outdated.Incorrect.
    Correct Answer: The appropriate regulatory agency’s accreditation manual.Previous actions the organization took in similar cases is not the best resource to consult in the case of medication errors. Each case needs to be considered as a separate event, for the conditions and specifics of each event differ, and previous actions may not apply. In addition, the organization may not have taken the best or most appropriate action on previous similar cases.Incorrect.
    Correct Answer: The appropriate regulatory agency’s accreditation manual.The health care organization’s legal team is not the best resource to consult in the event of a medication error. The health care organization’s legal team represents the health care organization, not the regulatory agency.Correct!
    From a regulatory perspective, the appropriate agency’s accreditation manual is the best resource to consult in the event of medication errors. This manual will provide the most current, applicable, and accurate information.Question 5: What is a medication error called when it is corrected before it occurs?Your response:Correct Response: These are called near misses.Question 6: What is a medication error called when it is corrected before it occurs but could have resulted in a patient’s death?Your response:Correct Response: These are called adverse events.Question 7: What is a medication error called when it results in the patient’s death?Your response:Correct Response: These are called never or sentinelevents.Question 8: Which of the following would be a potential consequence for the health care organization if a medication error resulted in the patient having a prolonged hospital stay?Your response:Incorrect.
    Correct Answer: Increased cost to the health care organization.Patient disability would be a consequence for the patient rather than for the health care organization. However, a patient disability could be a consequence for the organization if the patient chose to pursue legal action against the organization.Correct!
    An increased length of stay will result in increased costs to the organization, because it will have to care for the patient for a longer period of time than would have been necessary absent the medication error.Incorrect.
    Correct Answer: Increased cost to the health care organization.An increased length of stay does not necessarily mean that a sentinel or adverse event will occur.Incorrect.
    Correct Answer: Increased cost to the health care organization.An increased length of stay for a patient due to a medication error would not necessarily result in a loss of accreditation.Question 9: The two most common methods health care organizations use to encourage event reporting include: ___________ and ____________.Your response:Correct Responses: Health care experts in patient safety and quality improvement cited the following as potential implications for the organization if a mistake or adverse event occurs as the result of a patient identification error:
  • Hotline
  • Incident reporting
  • For additional information about health care organizations handling of medication errors, consult these internet resources:
    Agency for Healthcare Research and Quality. (2005). Getting to the root of the matter.
    Agency for Healthcare Research and Quality. (2017). Medication errors.HIPAA
    The day after the medication error, B. Moore’s mother signs in at the front desk to get her visitation pass. As she is standing at the front desk, she overhears an inappropriate conversation between Ida Feeney, the unit secretary, and a nurse from a different unit of the hospital.Ida Feeney and Brenda Turner
    Ida Feeney: Did you hear about the Moore kid? It’s a good thing they caught that right away. She’s small for her age, and that insulin could have really done a number on her.Brenda Turner: Jeez, how much did they give her?Ida Feeney: Well, she wasn’t supposed to have any. But I forget the actual dose. I’ll look in the EHR later, but I think it was pretty high.Brenda Turner: Wait, is it Belinda Moore?Ida Feeney: Yes, why?Brenda Turner: I think she’s in a gymnastics class with my daughters!Now that you have observed this inappropriate conversation, answer the following questions about HIPAA regulations.
    Question 1: Which regulatory agency is responsible for overseeing the HIPAA privacy and security rule?Your response:Incorrect.
    Correct Answer: U.S Department of Health and Human Services.The Joint Commission is an independent regulatory agency. It is not part of the U.S. government, and it does not have the authority or responsibility to enforce privacy and security rules.Incorrect.
    Correct Answer: U.S Department of Health and Human Services.While the DEA is a U.S. government regulatory agency, its purpose is not to oversee the HIPAA privacy and security rules. Its primary responsibility is to enforce controlled substances laws.Correct!
    The U.S Department of Health and Human Services Office of Civil Rights is responsible for enforcing the HIPAA privacy and security rules.Incorrect.
    Correct Answer: U.S Department of Health and Human Services.While CLIA is a U.S. government regulatory body, its purpose is not to enforce the HIPAA privacy and security rules. CLIA’s purpose is to ensure laboratory testing quality.Question 2: How would the health care organization’s privacy officer determine whether others who were not involved in the patient’s care had viewed her medical record?Your response:Expert Response: Health care experts on the HIPAA privacy and security rules indicate the best way to determine whether a patient’s medical record was accessed inappropriately is to conduct file audits. These audits may include, but are not limited to:
  • Random file reviews to determine who has recently accessed a patient’s medical record and if this access was warranted.
  • Reviews of business associate contracts.
  • Audits of disclosures in accordance with the privacy notice, along with the organization’s adherence to confidential communications protocols.
  • Question 3: Health care experts on the HIPAA privacy and security rules indicate the following as the most appropriate sequence to follow in addressing the potential HIPAA violation.
  1. Meet with B. Moore’s mother to document the details of her complaint.
  2. Inform risk manager of the potential violation.
  3. Audit B. Moore’s medical record to determine who has accessed it during her stay.
  4. Interview involved employees.
  5. Determine whether any discipline is warranted.
  6. Educate staff about the HIPAA rule.
  7. Your response:Correct!
     Investigations collect as much information as possible. Information and data collected in the investigation will help the privacy officer to determine whether an actual breach occurred, ensure that all aspects of the complaint have been examined, and minimize risks to the organization and the patient.Incorrect.
     Correct Answer: TrueInvestigations collect as much information as possible. Information and data collected in the investigation will help the privacy officer to determine whether an actual breach occurred, ensure that all aspects of the complaint have been examined, and minimize risks to the organization and the patient.Question 4: Identify the most common penalties employees may face if they are found in violation of HIPAA.Your response:Expert Response: Health care experts on the HIPAA privacy and security rules indicate that failure to comply with HIPAA may result in civil and criminal penalties. Violations of the law include those that are unknowing, reasonable cause, or willful neglect — both corrected and uncorrected. The most common penalties employees face when they are found to have violated HIPAA rules include:
  • Monetary penalties ranging from $100 to $1.5 million.
  • Prison sentences up to 10 years.
  • Disciplinary action, up to and including termination.
  • Question 5: How would a privacy officer determine whether this is an isolated event or a trending issue? Why is this an important part of the investigation?Your response:Expert Response: Health care experts on the HIPAA privacy and security rules recommended these best practices to deter