Risk Management and Safety in Health Care Organizations

DAY 2 Fadi El-Jardali, MPH, PhD

November 2016

1

Risk Management Process

Systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risk

2

Risk Management Process

3

Risk Management Process:Phase 1. Establish the Context

� Establishing the context involves the following steps:

1. Establish the strategic context2. Establish the organizational context3. Establish risk management context4. Develop risk evaluation criteria5. Define the structure

4

Risk Management Process:Phase 2. Identify Risks)

� Comprehensive identification using a well-structured systematic process is critical because a potential risk is not identified at this stage is excluded from further analysis and treatment.

� All risks should be identified whether or not they are under the control of the organization.

5

6

Information Sources for Risk Identification

1. Incident reporting

2. Generic occurrence screening

3. Patient complaints and satisfaction survey results

4. Claims data of prior professional liability, property and casualty, and workers’ compensation

7

Information Sources for Risk Identification

5. Surveys by accrediting bodies, insurers, or risk management consultants

6. Licensure surveys

7. Information from facility’s infection control and quality improvement functions

8. Workplace inspections/audits

8

Information Sources for Risk Identification

1. Incident reporting2. Generic occurrence screens3. Patient complaints/satisfaction surveys4. Claims5. Accreditation/insurers surveys6. Licensure surveys7. Infection/QI reports8. Workplace inspections/audits9. Informal discussions

9

Risk Management Process:Phase 3. Analyze Risks� The objectives of risk analysis are:

� Separate minor acceptable risks from major risks� Provide data to assist in the evaluation and treatment

of risks� Risk analysis includes determining existing controls by

identifying existing management, technical systems and procedures to control risks, and assess their strength and weaknesses.

10

Risk analysisis the process of determining � the potential severity of the loss associated with an identified

risk, and

� the probability that such a loss will occur

11

Assessing the level of Risk � Two elements are determined when assessing the level of risk

posed by the risk that has been identified;

� (i) The likelihood that a risk may occur or reoccur.

� (ii) The impact of harm to service users, staff, services, environment or the organization.

12

Severity Assessment Code (SAC) Adapted

SAC Consequence Score1. Actual consequence2. Potential consequence (worst case scenario if incident

recurred)

18

Assessing the level of Risk � Two elements are determined when assessing the level of risk

posed by the risk that has been identified;

� (i) The likelihood that a risk may occur or reoccur.

� (ii) The impact of harm to service users, staff, services, environment or the organization.

19

Likelihood Scoring� Likelihood scoring is based on the expertise, knowledge and actual

experience of the group scoring the likelihood. In assessing likelihood, it is important to consider the nature of the risk. Risks are assessed on the probability of future occurrence; how likely is the risk to occur? How frequently has this occurred?

� It should be noted that in assessing risk, the likelihood of a particular risk materializing depends upon the effectiveness of existing controls. In assessing the likelihood, consideration should be given to the number and robustness of existing controls in place, with evidence available to support this assessment. Generally the higher the degree of controls in place, the lower the likelihood.

� The assessment of likelihood of a risk occurring is assigned a number from 1-5, with 1 indicating that there is a remote possibility of its occurring and 5 indicating that it is almost certain to occur.

20

Exercise

21

REPORTING� Care providers must be trained to identify and report

actual and potential hazards and risks in the hospital� To make reporting convenient, :�provide appropriate forms (e.g. Kuwait incident

reporting guideline and policy, forms ), � institute a system for consistent review of the forms;

and�assign responsibility for action and ensure timely

completion of and feedback

22

INCIDENT REPORT FORM

33

Examples of Common Patient Safety problems� Look-Alike, Sound-Alike Medication Names

� Patient identification

� Communication during patient hand-overs

� Wrong site procedures

� Poor control of high risk medications and concentrated electrolytes

� Medication use

� Infection control

� Hand hygiene

� Etc….

INCIDENT INVESTIGATION

� Every PHC should have clear policies and procedures, on incident reporting, the appropriate forms, and the steps needed to initiate an investigation and follow-up action

� Incident reporting and investigation should identify causes

� It is not possible to prevent incidents without knowledge of their causes

34

Thorough INCIDENT INVESTIGATION includes:

�Prevention, or minimizing of the potential for a future recurrence of the same or similar incident;� demonstration of management commitment for

risk management and safety ;�identification and assessment of risk factors

related to environment, equipment, systems, work organization, personnel, patients and procedures; and

� recommending corrective actions

35

The Incident Decision Tree: Guidelines for Action Following Patient Safety Incidents

�One of the primary reasons for low reporting levels has been the predominance of a “blame culture

36

The Incident Decision Tree: Information and Advice on UseThe Incident Decision Tree Flowchart

37

How the Incident Decision Tree can help � The Incident Decision Tree has been developed for managers

determining how staff should be dealt with after a patient safety incident. It is based on James Reason’s pioneering ‘Culpability Decision Tree’, which is used in the aviation industry. It has been created to ensure a fair approach to staff.

� Its development has been informed by other organizations including the NHS Confederation, the National Clinical Assessment Service (NCAS), the Royal Colleges and trade unions.

� It helps you to:� decide if staff should be suspended from duty;� explore alternatives to suspension, such as temporarily relocating staff

or changing their duties; and� consider other action as the investigation progresses.

38

It promotes � Individual accountability� Individual accountability is not diminished by this approach, rather it

helps focus on the ‘what’ and ‘why’ rather than the ‘who’ by posing a series of structured questions about the member of staff’s behavior, motivation and experience at the time of the incident.

� Further explorations� It does not provide firm answers or decisions. Instead it flags up a range

of possible solutions or further factors to explore. The outcome of a particular incident will still need to be determined by a detailed investigation.

� When to use the Incident Decision Tree� Ideally, it should be used as soon as possible after a patient safety

incident, whilst facts are fresh in people’s minds, however, it can be used at any point in an investigation. If new information comes to light later, it can be worked through afresh.

39

How the tool works � The user is guided through a series of structured questions about the individual’s actions,

motives, and behavior at the time of the incident. These may need to be answered on the balance of probability—i.e., determining the most likely explanation—taking into account the information available at the time, although the importance of pausing to gather data is emphasized. The questions move through four sequential “tests”:� Deliberate harm� Incapacity� Foresight� Substitution

� Possible reasons for the individual’s action are reviewed and the most likely explanation identified. A list of recommended options is then provided for the manager’s consideration. The further the route traveled through the Incident Decision Tree, the more likely the underlying cause is to be a systems failure.

� It emphasizes that the outcome of a particular incident needs to be based on the investigation of individual circumstances. Indeed, the importance of the manager applying judgment rather than slavishly following the tool is emphasized.

� The tool can be used for any employee involved in a patient safety incident, whatever his or her professional group. Ideally it should be applied as soon as possible after the incident, while the facts are still fresh in people’s minds.

40

The Four Tests � The deliberate harm test� In the overwhelming majority of patient safety incidents, the

individual had the patient’s well-being at heart. However, the deliberate harm test helps to identify at the earliest possible stage those rare cases where harm was intended.

� The test asks the manager to consider whether the individual’s actions were as intended and whether the outcome was as intended. In the majority of cases, the actions will be as intended, but the outcome will not.

� The Incident Decision Tree is not a “wrongdoer’s charter.” When it appears deliberate harm was intended, the importance of immediate suspension, together with referral to to the relevant disciplinary and regulatory bodies, is flagged.

41

The incapacity test� If intent to harm has been discounted, the incapacity test

helps to identify whether ill health or substance abuse caused or contributed to the patient safety incident. The tool can be used whether or not the individual is absent on sick leave.

� Advice is given on assessing the degree of impact illness might have had on the individual’s behavior. The whole spectrum of substance abuse is considered, including inappropriate self-medication.

� The manager is asked to consider whether the employee was aware of their condition at the time, whether they realized the implications of their condition, and whether they took proper safeguards to protect patients.

42

The foresight test� If intent to harm and incapacity have been discounted, the foresight test

examines whether protocols and safe working practices were adhered to. Our preliminary findings indicate the majority of patient safety incidents involve protocol violation. Users tend to find this section the most challenging to work through, and the need for careful judgment and assessment of the facts is emphasized.

� The test asks the manager to consider whether the incident arose because:� No protocol or safe procedure existed.� The protocol was poor.� There were conflicting protocols.� Good protocols were misapplied, routinely violated, or not in regular use.� The individual decided to ignore protocols.

� In particular, managers are alerted to the fact that what at first sight appears to be a workable protocol may be problematic in practice.

43

The foresight test (Cont’d) � Where the individual violated a sound protocol, the manager is

advised to look at a range of factors, such as motivation, information available at the time, the speed with which a decision had to be reached, and the degree of awareness the individual had of the risk being created. Generally, the more control the individual had over the situation, the more likely it is that the risk was unacceptable. Conversely, in emergency situations where the individual was under extreme pressure and had little time to think through the consequences, the more understandable their action is likely to be.

� Guidance is also provided regarding situations where the individual violated a sound protocol for no apparent reason. Such cases often involve a “perceptual slip,” such as picking up the wrong medication or ticking the wrong box on a form.

44

The substitution test� Finally, if protocols were not in place or proved ineffective, the substitution

test helps to assess how a peer would have been likely to deal with the situation. James Reason advises:

“Substitute the individual concerned, for someone else coming from the same domain of activity and possessing comparable qualifications and experience. Then ask the question ‘In the light of how events unfolded and were perceived by those involved in real time, is

it likely that this new individual would have behaved any differently?’”

� This test also highlights any deficiencies in training, experience, or supervision that may have been a factor in the patient safety incident and helps to assess whether the individual was properly equipped to deal with the situation.

� Managers are advised to avoid deducing behavioral norms from blanket judgments and prejudices, such as “All surgeons have temper tantrums,” or “Radiographers find talking to patients difficult,” and to consider what a “reasonable” peer acting sensibly, maturely, and sensitively would have done.

45

Unacceptable risk� The Incident Decision Tree has one purpose—to guide initial

management action following a patient safety incident. � It does not explore the standards of proof legally required to

support claims of “recklessness,” “reckless behavior,” or “negligence.”

� The term “unacceptable risk” has been used instead to describe the concept of an individual taking a risk that would normally be considered unreasonable.

� This has been found to help users focus on the employee’s motivation and circumstances rather than on the potential consequences of their action.

46

The Incident Decision Tree: Information and Advice on UseThe Incident Decision Tree Flowchart

47

Golden Rules� Work through the Incident Decision Tree separately for each

individual involved.� Pause to gather information where you need to, but do not

procrastinate about sending the individual off-site if patient safety is at real risk.

� Never make assumptions about:� the incident� the individual’s behavior or motivation� the individual’s ability to deal effectively with the situation� the protocols and safe procedures in place at the time

� Check the facts thoroughly for yourself� Always record the facts you have gathered and the reasons you have

arrived at your decision.� Work through the Incident Decision Tree afresh if new information

comes to light.

48

Risk Management: tools

�Common tools for identifying and addressing the root causes of critical incidences in organizations

�Failure mode and effects analysis (FMEA)�Root Cause Analysis Process (RCA)

49

Prospective Analysis

50

Prospective Analysis� Carry out one patient safety-related prospective analysis process

per year (eg., FMEA) and implement appropriate improvements/changes.

51

Prospective Analysis Key elements of prospective analysis:

� Proactive, prevention-oriented� Based on a high risk process or activity� Process failure would compromise client safety� Team-based, systematic approach� Process redesigned to be safer� Monitor results of change(s) over time

52

Prospective Analysis: Being Proactive

� Identifies and prevents problems before they happen�Reduces the possibility of future sentinel events,

adverse events, near misses� Is a form of risk management�Focuses on known problems, high risk processes and

systems, high-volume processes

53

Failure Modes and Effects Analysis (FMEA)

� Systematic, proactive method for evaluating a process to identify where and how it might fail and to assess the relative impact of different failures, in order to identify the parts of the process that are most in need of change.

54

FMEA Includes Review of the Following:

� Failure modes (What could go wrong?) � Failure causes (Why would the failure happen?) � Failure effects (What would be the consequences of each failure?)

NOTE: There is also an interactive FMEA Tool available on IHI.org.

55

FMEA StepsStep 1 Select process and assemble the team

Step 2 Diagram the process

Step 3 Brainstorm potential failure modes and determine their effects

Step 4 Identify the causes of failure modes

56

FMEA Steps (cont’d)

Step 5 Prioritize failure modes

Step 6 Redesign the processes

Step 7 Analyze and test the changes

Step 8 Implement and monitor the redesigned processes

57

Discussing FMEA Steps

Template

Step One: Select a process to evaluate with FMEA� Evaluation using FMEA works best on processes � Consider individual FMEA analyses of the medication

ordering, dispensing, and administration processes.

Step Two: Recruit a multidisciplinary team� Be sure to include everyone who is involved at any point in the

process.

Step Three: Have the team meet together to list all of the steps in the process� Number every step of the process, and be as specific as

possible. It may take several meetings for the team to complete this part of the FMEA, depending on the number of steps and the complexity of the process.

� Flowcharting can be a helpful tool for outlining the steps.

Step Four: Have the team list failure modes and causes� For each step in the process, list all possible “failure

modes”—that is, anything that could go wrong, including minor and rare problems.

� Then, for each failure mode listed, identify all possible causes.

Step Five: For each failure mode, have the team assign a numeric value (known as the Risk Priority Number, or RPN) for likelihood of occurrence, likelihood of detection, and severity

� Assigning RPNs helps the team prioritize areas to focus on and can also help in assessing opportunities for improvement. For every failure mode identified, the team should answer the following questions and assign the appropriate score (the team should do this as a group and have consensus on all values assigned):

� Likelihood of occurrence: How likely is it that this failure mode will occur?� Assign a score between 1 and 10, with 1 meaning “very unlikely to occur” and 10

meaning “very likely to occur.”� Likelihood of detection: If this failure mode occurs, how likely is it that the failure will

be detected?� Assign a score between 1 and 10, with 1 meaning “very likely to be detected” and

10 meaning “very unlikely to be detected.”� Severity: If this failure mode occurs, how likely is it that harm will occur?

� Assign a score between 1 and 10, with 1 meaning “very unlikely that harm will occur” and 10 meaning “very likely that severe harm will occur.” In patient care examples, a score of 10 for harm often denotes death

Step Six: Evaluate the results� To calculate the Risk Priority Number (RPN) for each failure

mode, multiply the three scores obtained (the 1to 10 score for each of likelihood of occurrence, detection, and severity). For example, the failure mode “Wrong medication selected” has a 3 for likelihood of occurrence, a 5 for likelihood of detection, and a 5 for severity, for an overall RPN of 75. The lowest possible score will be 1 and the highest 1,000. Identify the failure modes with the top 10 highest RPNs. These are the ones the team should consider first as improvement opportunities.

� To calculate the RPN for the entire process, simply add up all of the individual RPNs for each failure mode.

Step Seven: Use RPNs to plan improvement efforts� Failure modes with high RPNs are probably the most

important parts of the process on which to focus improvement efforts. Failure modes with very low RPNs are not likely to affect the overall process very much, even if eliminated completely, and they should therefore be at the bottom of the list of priorities.

Step Seven: Use RPNs to plan improvement efforts (continued)� Use FMEA to plan actions to reduce harm from

failure modes:� If the failure mode is likely to occur:

� Evaluate the causes and see if any or all of them can be eliminated.

� Consider adding a forcing function (that is, a physical constraint that makes

� committing an error impossible, such as medical gas outlets that are designed to accept only those gauges that match)

� Add a verification step, such as independent double-checks, bar coding on medications, or alert screens.

� Modify other processes that contribute to causes.

Step Seven: Use RPNs to plan improvement efforts (continued)� If the failure is unlikely to be detected:

� Identify other events that may occur prior to the failure mode and can serve as “flags” that the failure mode might happen.

� Add a step to the process that intervenes at the earlier event to prevent the failure mode. For example, add pharmacy rounds to remove discontinued medications from patient care units within 1 hour of discontinuation, to decrease the risk that the medications will still be available for use (the failure mode).

� Consider technological alerts such as devices with alarms to alert users when values are approaching unsafe limits.

Step Seven: Use RPNs to plan improvement efforts (continued)� If the failure is likely to cause severe harm:

� Identify early warning signs that a failure mode has occurred, and train staff to recognize them for early intervention. For example, use drills to train staff by simulating events that lead up to failure, to improve staff ability to recognize these early warnings.

� Provide information and resources, such as a reversal agents or antidotes, at points of care for events that may require immediate action.

� Provide information and resources, such as a reversal agents or antidotes, at points of care for events that may require immediate action.

Step Seven: Use RPNs to plan improvement efforts (continued)� Use FMEA to evaluate the potential impact of changes

under consideration.� Teams can use FMEA to discuss and analyze each change under

consideration and calculate the change in RPN if the change were implemented. This allows the team to “verbally simulate” the change and evaluate its impact in a safe environment, prior to testing it in a patient care area. Some ideas that seem like great improvements can turn out to be changes that would actually increase the estimated RPN.

� Use FMEA to monitor and track improvement over time.� Teams should consider calculating a total RPN for the process as

described above and then set a goal for improvement. For example, a team may set a goal of decreasing the total RPN for the medication ordering process by 50% from the baseline.

Template

72

EXAMPLE

Example of FMEA

Process Flow Diagram

Prostate-specific antigen

test order

Draw sample

Analyze sample

Report to physician

Result filed

1 2 3 4 5

Scope

Sub-processes:A. Order

writtenB. Entered in

CPRS.C. Received

in lab

Sub-processes:A. ID patientB. Select

proper tube/equip.

C. Draw bloodD. Label blood

Sub-processes:A. Review orderB. Centrifuge

SpecimenC. Verify

CalibrationD. Run quality

control (QC)E. Run sampleF. Report resultG. Enter in

CPRS

Sub-processes:A. Report received

Sub-processes:A. TelephoneB. Visit set upC. Result

given

Sub-process Flow diagram

Review order

Centrifuge specimen

Verify calibration

Run QC

Run sample

Reportresult

Enter in

CPRS

Review order

Centrifuge specimen

Verify calibration

Run

QC

Run

sample

Report

result

Enter in

CPRSSub-process Flow Diagram and Failure

Modes

1.Wrong test ordered2.Order not received

1.Equipment broken2.Wrong speed3.Specimen not clotted4.No power5.Wrong test tube

1.Instrument not calibrated2.Bad calibration stored

1.QC results unacceptable

1.Mechanical error2.Tech error

1.Computer crash2.Result entered for wrong patient3.Computer transcription error4.Result not entered5.Result mis-read by technician

Scope

Group work

76

77

A Surveyor Might Ask…� Is there a process in place to carry out a patient safety-related

prospective analysis?

� What methods or tools do you use to conduct the analysis?

� What improvements were made after the analysis to reduce risks to patient safety?

Developing and Implementing Action Plans after incident reporting

78

Developing action plans �Actions are developed to prevent or minimize

future adverse events or close calls. �How can we decrease the chance of the

event or close call form occurring?�How can we decrease the injury if the event

does occur?

79

Developing action plans

� Determine what actions will be taken� Be specific, concrete and clear� Specifically address the root cause/ contributing factor

� Designate who is responsible� Designate timeframe� Designate success measures

80

Developing action plans� Stronger actions

1. Architectural/physical plant changes

2. Engineering control or interlock (forcing function)3. Simplify the process and remove unnecessary steps

4. Standardize equipment or process5. New device with usability testing before purchasing

6. Tangible involvement & action by leadership in support of patient safety

81

Developing action plans

� Intermediate actions 1. Checklists/cognitive aids2. Increase in staffing/decrease in workload3. Read back4. Enhanced documentation/communication5. Software enhancements/modifications6. Eliminate look and sound-a-likes7. Eliminate/reduce distractions (sterile medical environment)

82

Developing action plans

� Weaker actions

1. Redundancy/double checks

2. Warnings and labels

3. New procedure/memorandum/policy

4. Training

5. Additional study/analysis

83

Developing action plans

� Actions should:1.target the elimination of the root causes2.offer a long term solution to the problem3.have a greater positive than negative impact on other

processes, resources and schedules4.be objective and measurable5.be achievable and reasonable

84

Implementing Action Plans

1. who will be affected by action(s)2. likelihood of success3. within the organization’s capabilities4. compatibility with the organization’s objectives5. likelihood of engendering other adverse events

85

Implementing Action Plans

6. receptivity by management, staff and physicians7. barriers to implementation8. implementation time, i.e., long term versus short term

solution9. cost10. measurability

86

Risk Treatment Action Plan� Risk:

� Risk potential SAC score:

� Objective:

No. Activity Deliverables Responsibility Resources Start Date

Finish Date

Performance Indicators

1

2

3

4

5

87

Risk Management Process:Phase 4. Risk Evaluation� This step should be completed with documentation, which meets

the need for records in relation to level of risk. It should include:� Rationale for initial screening of low risks� For all other risks

� Existing controls� Likelihood of occurrence (with or without the controls)� Severity of consequences (with or without the controls)� Resulting level of risk

88

Risk Management Process:Phase 4. Risk Evaluation (cont’d)� Risk evaluation involves comparing the level of risk

found during the analysis process with previously established risk criteria. The output of risk evaluation is a prioritized list of risks for further action.

� This step involves defining whether a risk is acceptable or unacceptable.

� The significance of the risk and the importance of the policy, program, process or activity need to be considered in deciding if a risk is acceptable.

89

Risk Management Process:Phase 4. Risk Evaluation (cont’d)� There are several reasons why a risk may be accepted:

� The cost of risk treatment is significantly excessive compared to the benefit

� The level of risk is so low that specific treatment is not appropriate within available resources.

� There is no treatment available for the risk.� The opportunities presented outweigh the threats to

such a degree that the risk is justified.

90

Risk Management Process:Phase 4. Risk Evaluation (cont’d)

�The risks that are evaluated as unacceptable are to be treated in some way and are prioritized at this step for subsequent management action.

91

Risk Management Process:Phase 4. Risk Evaluation (cont’d)� Key questions in risk evaluation�What is the acceptable level of risk?�What is the priority of the risks (e.g. high,

medium, low)?

92

Risk Management Process:Phase 5. Treat Risks� Risk treatment involves identifying the range of options

for treating risk, assessing those options, preparing risk treatment plans and implementing them.

� Risks that were previously assessed as not acceptable are treated during this step.

93

Wrap Up Day 2

95