Purpose

The purpose of the Risk Management Plan is to support the mission and vision of Westside Family Healthcare (Westside) as it pertains to clinical risk and patient safety, as well as to the safety of visitors, third parties, and employees and to potential business, operational, and property risks.

Policy

Westside Family Healthcare’s Risk Management Plan is an overarching, conceptual framework that guides the development of a program for risk management and safety initiatives and activities. The plan is operationalized through formal, written risk management and patient safety programs.

The Risk Management Plan supports the Westside philosophy that patient safety and risk management is everyone’s responsibility. Teamwork and involvement of management, providers, and staff are essential for an efficient and effective patient safety and risk management plan. Westside will implement the program by coordinating multiple organizational functions and the activities of multiple departments.

Westside supports the establishment of a “just culture” that emphasizes implementing evidence-based best practices, learning from error analysis, and providing constructive feedback, rather than attributing blame or punishment. In a just culture, unsafe conditions and hazards are readily and proactively identified, medical or patient care errors are reported and analyzed, mistakes are openly discussed, and suggestions for systemic improvements are welcomed. Individuals will still be held accountable through disciplinary action for noncompliance with patient safety and risk management practices if evaluation and investigation of an error or event reveal reckless behavior or willful violation of policies or procedures.

The Westside Risk Management Plan stimulates the development, review, and revision of Westside’s practices and protocols in light of identified risks and selected loss prevention and reduction strategies. Principles of the Plan provide the foundation for developing key policies and procedures for day-to-day risk management activities, including:

• Claims management;
• Complaint resolution;
• Confidentiality and release of information;

Scope

• Event/incident investigation, root-cause analysis, and follow-up;
• Failure mode and effects analysis;
• Provider and staff education, competency validation, and credentialing requirements;
• Reporting and management of adverse events and near misses; and
• Trend analysis of events, near misses, and claims.

All Westside locations and all Westside staff members, contractors, patients, visitors, and others.

Definitions

Adverse Event or Incident: An undesired outcome or occurrence, not expected within the normal course of care or treatment, disease process, condition of the patient, or delivery of services.

Failure Mode and Effects Analysis: A proactive method for evaluating a process to identify where and how it might fail and for assessing the relative impact of different failures in order to identify the parts of the process that are most in need of improvement.

Loss Control/Loss Reduction: The minimization of the severity of losses through methods such as claims investigation and administration, early identification and management of events, and minimization of potential loss of reputation.

Loss Prevention: The minimization of the probability of a loss through proactive methods such as risk assessment and identification; staff education, credentialing, and development; policy and procedure implementation, review, and revision; preventive maintenance; quality/performance review and improvement; root-cause analysis; and others.

Near Miss: An event or situation that could have resulted in an accident, injury, or illness but did not, either by chance or through timely intervention (e.g., a procedure almost performed on the wrong patient due to lapse in verification of patient identification but caught at the last minute by chance). Near misses are opportunities for learning and afford the chance to develop preventive strategies and actions. Near misses receive the same level of scrutiny as adverse events that result in actual injury.

Patient Safety Goals: National Patient Safety Goals (NPSGs) for ambulatory care, established by The Joint Commission. The purpose of NPSGs is to improve patient safety by focusing on problems in healthcare safety and how to solve them.

Potentially Compensable Event (PCE): An unusual occurrence or serious injury, for which there is neither an active claim nor institution of formal legal action but that, in WFH’s judgment, may be reportable. Examples include a fall with injuries, delay or failure in diagnosing a patient’s condition, an adverse reaction to treatment, significant complaints from a patient or family regarding care or treatment, and an attorney request for medical records.

Risk Analysis: Determination of the causes, potential probability, and potential harm of an identified risk, and alternatives for dealing with the risk. Examples of risk analysis techniques include failure mode and effects analysis, systems analysis, root-cause analysis, and tracking and trending of adverse events and near misses, among others.

Risk Assessment: Activities undertaken in order to identify potential risks and unsafe conditions inherent in WFH or within targeted systems or processes.

Risk Avoidance: Avoidance of engaging in practices or of hazards that expose WFH to liability.

Risk Control: Treatment of risk using methods aimed at eliminating or lowering the probability of an adverse event (i.e., loss prevention) and eliminating, reducing, or minimizing harm to individuals and the financial severity of losses when they occur (i.e., loss reduction).

Risk Identification: The process used to identify situations, policies, or practices that could result in the risk of patient harm and/or financial loss. Sources of information include proactive quarterly (or more frequent) risk assessments, closed claims data, adverse event reports, past accreditation or licensing surveys, medical records, clinical and risk management research, walk-through inspections, safety and quality improvement committee reports, insurance company claim reports, risk analysis methods such as failure mode and effects analysis and systems analysis, and informal communication with healthcare providers.

Risk Management: Clinical and administrative activities undertaken to identify, evaluate, prevent, and control the risk of injury to patients, staff, visitors, volunteers, and others, and to reduce the risk of loss to WFH itself. Activities include the process of making and carrying out decisions that will prevent or minimize clinical, business, and operational risks.

Root Cause Analysis: A process for identifying the basic or causal factor(s) that underlie the occurrence or possible occurrence of an adverse event.

Sentinel Event: Defined by The Joint Commission as an unexpected occurrence involving death or serious physical or psychological injury, or the risk thereof. Serious injury specifically includes loss of limb or function. The phrase “or the risk thereof” includes any process variation for which a recurrence would carry a significant chance of a serious adverse event.

Procedures

1. ROLE OF THE BOARD OF DIRECTORS
   1. The success of the Westside Risk Management Plan requires top-level commitment and support. The Board of Directors authorizes the formal program and adoption of this Plan through a resolution documented in Board meeting minutes.
   2. The Board of Directors is committed to promoting the safety of all patients, visitors, employees, and other individuals involved in Westside operations.
   3. The Risk Management Plan is designed to reduce system-related errors and potentially unsafe conditions by implementing continuous improvement strategies to support an organizational culture of safety.
   4. The Board of Directors empowers Westside leadership and management teams with the responsibility for implementing performance improvement and risk management strategies.
   5. The role of the Board of Directors is to:
      1. Establish corporate/regulatory/grant compliance through policies;
      2. Oversee operations of organization through the CEO; and
      3. Provide an annual evaluation of board performance in meeting goals set in strategic plan, fulfilling requirements of oversight of organization.
2. ROLE OF ADMINISTRATION
   1. Administration serves as a key role in the ongoing success of the Risk Management Plan as evidenced by:
      1. Implementation of organization’s policies/procedures, and
      2. Ensuring compliance with policies/procedures through:
         1. Documentation;
         2. Meeting regulatory/grant requirements.
3. ROLE OF FINANCE
   1. The Finance Department (Finance) is part of risk management and will participate in meetings and present information as needed as part of the Risk Management Department.
   2. Additionally, Finance demonstrates active support of the Risk Management Plan through appropriate policies and procedures that determine the functions of the Risk Management Department.
4. ROLE OF HUMAN RESOURCES
   1. Human Resources must assure that:
      1. Policies and procedures comply with employment laws and regulations;
      2. Job descriptions reflect appropriate duties, supervision and compliance with the ADA;
      3. Contracts are current and meet all requirements;
      4. Credentialing and privileging of all licensed independent practitioners and other licensed and certified health care practitioners is maintained;
      5. Employee orientation is conducted; and
      6. Employee training requirements are met.
5. ROLE OF CLINICAL DEPARTMENTS
   1. Clinical departments are a main focus of risk management. They must assure that:
      1. Evidence-based clinical protocols are in place to as appropriate management of patients;
      2. A quality improvement/quality assurance program is in place for monitoring patient care;
      3. Patient tracking and services are provided for patients through outside providers;
      4. Patient communications/satisfaction are monitored;
      5. Access to pharmacy services is available; and
      6. Access to behavioral health is available.
6. ENVIRONMENT
   1. The Westside Environment of Care supports the Risk Management Plan through:
      1. Assuring that Environment of Care plans are in place to ensure that patient care is delivered in a safe environment;
      2. Reducing possibility of accidents;
      3. Maintaining cleanliness;
      4. Organizing patient care environments to reduce exposure to infections through properly maintained equipment and appropriate staff member infection control practices; and
      5. Providing an Emergency Management Plan that assures safety of patients and staff in event of a natural disaster or other emergency.
7. PROGRAM GOALS AND OBJECTIVES
   1. The Risk Management Plan goals and objectives are to:
      1. Continuously improve patient safety and minimize and/or prevent the occurrence of errors, events, and system breakdowns leading to harm to patients, staff, visitors, and others through proactive risk management and patient safety activities;
      2. Minimize adverse effects of errors, events, and system breakdowns when they do occur;
      3. Minimize overall losses to Westside by proactively identifying, analyzing, preventing, and controlling potential clinical, business, and operational risks;
      4. Facilitate compliance with regulatory, legal, and accrediting agency requirements (e.g., The Joint Commission, HRSA Health Center Program, HRSA FTCA medical malpractice program, etc.); and
      5. Protect human and intangible resources (e.g., reputation).
8. FUNCTIONS OF THE PLAN
   1. The Westside Risk Management Plan interfaces with many operational departments and services throughout Westside.
      1. Functional interfaces with the Risk Management Plan include, but are not necessarily limited to, the following:
      2. Buildings and grounds;
      3. Claims management;
      4. Corporate and regulatory compliance;
      5. Credentialing of providers;
      6. Disaster preparation and management;
      7. Employee health;
      8. Event, incident and accident reporting and investigation;
      9. Finance and billing;
      10. Human resources;
      11. Infection control;
      12. Information technology;
      13. Legal;
      14. Marketing, advertising and public relations;
      15. Patient satisfaction;
      16. Pharmaceuticals and therapeutics;
      17. Product and materials management;
      18. Quality and performance assessment and improvement;
      19. Safety and security; and
      20. Staff education.
9. Risk Management Functional Responsibilities include:
   1. Developing systems for and overseeing the reporting of adverse events, near misses, and potentially unsafe conditions. Reporting responsibilities may include internal reporting as well as external reporting to regulatory, governmental, or voluntary agencies.
   2. Conducting proactive quarterly (or more frequent) risk assessments/failure mode and effects analyses.
   3. Ensuring the collection and analysis of data to monitor the performance of processes that involve risk or that may result in serious adverse events (e.g., preventive screening, diagnostic testing, medication use processes, and perinatal care). Proactive risk assessment can include the use of failure mode and effects analysis, system analysis, and other tools.
   4. Overseeing data collection and processing, information analysis, and generation of statistical trend reports for the identification and monitoring of adverse events.
   5. This system may utilize and include, but is not limited to, the following:
      1. Attorney requests for medical records, x-rays, laboratory reports;
      2. Committee reports and minutes;
      3. Event, incident, or near miss reports;
      4. Medical record reviews;
      5. Notice letters and lawsuits;
      6. Patient complaints;
      7. Provider and other medical professionals’ input;
      8. Results of failure mode and effects analysis of high risk processes; and
      9. Root-cause analyses of sentinel events.
   6. Analyzing data collected on adverse events, near misses, and potentially unsafe conditions; providing feedback to providers and staff; and using this data to facilitate systems improvements to reduce the probability of occurrence of future related events. Root-cause analysis and systems analysis can be used to identify causes and contributing factors in the occurrence of such events.
   7. Ensuring compliance with data collection and reporting requirements of governmental, regulatory, and accrediting agencies.
   8. Facilitating and ensuring the implementation of patient safety initiatives.
   9. Facilitating and ensuring provider and staff participation in educational and training programs on patient safety and risk management. This includes: 1) the documentation of a Health Care Risk Management Training program, with clearly identified priorities through risk assessment and 2) the documentation of annual risk management training of the Risk Manager and other staff with risk management responsibilities.
   10. Facilitating a culture of safety in Westside that embodies an atmosphere of mutual trust in which all providers and staff members can talk freely about safety problems and potential solutions without fear of retribution.
   11. Proactively advising Westside on strategies to reduce unsafe situations and improve the overall environmental safety of patients, visitors, staff, and volunteers.
   12. Reducing the probability of events that may result in losses to the physical plant and equipment (e.g., biomedical equipment maintenance, fire prevention).
   13. Preventing and minimizing the risk of liability to Westside, and protecting the financial, human, and other tangible and intangible assets of Westside.
   14. Decreasing the likelihood of lawsuits through effective claims management, and investigating and assisting in claim resolution to minimize financial exposure in coordination with the liability insurer and its representatives.
   15. Reporting claims and PCEs to insurance providers and other insurers in accordance with insurance policy or Federal Tort Claims Act requirements (see related policy and procedure AD- 470 FTCA-Related Claims Management).
   16. Supporting quality assessment and improvement programs throughout Westside.
   17. Implementing programs that fulfill regulatory, legal, and accreditation requirements.
   18. Participating in ongoing Safety Committee and Compliance and Risk Management Committee that are composed of representatives from key clinical and administrative departments and services.
   19. Monitoring the effectiveness and performance of risk management and patient safety actions. Performance monitoring data may include:
       1. Claims and claim trends;
       2. Culture of safety surveys;
       3. Event trending data;
       4. Ongoing risk assessment information;
       5. Patient’s and/or family’s perceptions of how well Westside meets their needs and expectations; and
       6. Quality performance data.
   20. Completing insurance and deeming applications.
   21. Developing and monitoring effective handoff processes for continuity of patient care.
10. ADMINISTRATIVE AND COMMITTEE STRUCTURE AND MECHANISMS FOR COORDINATION
    1. The Risk Management Plan is administered through the Risk Manager (Chief Operating Officer), who reports to the President & CEO.
    2. The Risk Manager interfaces with team members who are responsible for legal, human resources, corporate compliance, safety, administration, staff, medical providers, and other professionals in order to meet the goals of the program.
    3. The Risk Manager co-chairs the activities of the Compliance and Risk Management Committee with the Corporate Compliance Officer and is a member of the Safety Committee.
       1. These committees meet regularly and include representatives from key clinical and services areas.
       2. The composition of these committees is designed to facilitate the sharing of knowledge and practices across multiple disciplines and to optimize the use of key findings from risk

management activities in making recommendations to reduce the overall likelihood of adverse events and improve patient safety.

• • 1. These committees’ activities are an integral part of a patient safety, risk management, compliance and quality improvement and evaluation system.
  1. The Risk Manager is responsible for overseeing day-to-day monitoring of risk management activities and for investigating any actual or potential clinical, operational, or business claims or lawsuits arising out of Westside, according to requirements specified in the insurance policy and/or contract.
  2. The Risk Manager serves as the primary contact between Westside and other external parties on all matters relative to risk identification, prevention, and control, as well as risk retention and risk transfer. The Risk Manager oversees the reporting of events to external organizations, per regulations and contracts, and communicates analysis and feedback of reported risk management and patient safety information to Westside for action.

1. MONITORING AND CONTINUOUS IMPROVEMENT
   1. The Culture of Safety Committee, chaired by the Safety Officer, and the Compliance and Risk Management Committee, co-chaired by the Corporate Compliance Officer and the Risk Manager, review risk management activities regularly.
   2. The Risk Manager reports activities and outcomes (e.g., claims activity, risk and safety assessment results, event report summaries and trends) regularly to the Quality Improvement Committee, a sub-committee of the board.
      1. Items of higher risk will be communicated individually rather than just in aggregate.
      2. Reports communicate the efforts made to identify and reduce risks and the success of these activities and outstanding issues that need input and/or support for action or resolution.
      3. Data reporting may include event trends, claims analysis, frequency and severity data, credentialing activity, relevant provider and staff education, and risk management and patient safety activities.
   3. Recommendations from the Culture of Safety Committee and the Compliance and Risk Management Committee are submitted as needed to the Quality Improvement Committee.
2. CONFIDENTIALITY
   1. Any and all documents and records that are part of the patient safety and risk management process shall be privileged and confidential to the extent provided by state and federal law. Confidentiality protections can include attorney client privilege, attorney work product, and peer review protections.
   2. Medical providers may be able to apply the federal privilege and confidentiality protections granted by the Patient Safety and Quality Improvement Act of 2005 to its patient safety events, data, and reports—referred to in the law as patient safety work product—by creating a patient safety evaluation system, through which Westside collects patient safety work product with the intent of providing it to one or more patient safety organizations for analysis and feedback.
      1. Care must be taken to ensure that the patient safety evaluation system is developed within the context of Delaware state laws for legal privilege and peer review as well as federal law.
3. RELATED POLICIES AND PROCEDURES
   1. There are numerous Westside policies and plans that are related to the Risk Management Plan and the sections identified above.
   2. These policies are summarized in Attachment A: Westside Risk Management-Related Policies and Plans.

References

1. ECRI Clinical Risk Management
   1. Risk Management Toolkit https://www.ecri.org/components/HRSA/Pages/RMToolkit.aspx
   2. Risk Management Manual for Health Centers https://www.ecri.org/components/HRSA/Documents/RiskManagementManual.pdf
2. HRSA Health Center Program Risk Management
   1. HRSA Federal Tort Claims Act (main page) https://bphc.hrsa.gov/ftca/index.html
   2. Chapter 21: Federal Tort Claims Act (FTCA) Deeming Requirements, Demonstrating Compliance (a). Health Services Resource Administration (HRSA). Health Center Program Compliance Manual, August 2018. https://bphc.hrsa.gov/programrequirements/compliancemanual/chapter-21.html#titletop
   3. FTCA Deeming Requirements. Health Services Resource Administration (HRSA). Health Center Program Site Visit Protocol (SVP), April 13, 2023. https://bphc.hrsa.gov/compliance/site-visits/site-visit-protocol/federal-tort-claims-act-ftca-deeming-requirements

ATTACHMENT A:

WESTSIDE RISK MANAGEMENT-RELATED POLICIES AND PLANS

The Westside Family Healthcare (Westside) policies and plans in the list below are (the majority of) those that have been identified as addressing high or medium risk areas through implementation of the organization’s Risk Management Plan and ongoing assessment and review by Westside leadership, the Compliance and Risk Management Committee, and the Culture of Safety Committee.

COMPLIANCE & RISK MANAGEMENT

• • • Risk Management Plan, AD-450
    • FTCA-Related Claims Management, AD-470
    • The Corporate Compliance Officer’s Authority and Obligations, AD-610
    • Functions of the Compliance and Risk Management Committee, AD-613
    • Responding to Detected Compliance Offenses and Developing Appropriate Corrective Action, AD-614
    • Confidentiality, AD-101
    • Conflicts of Interest, AD-102
    • Exclusion and Debarment Screening, AD-615
    • Annual Confidentiality, Conflicts of Interest, and Exclusions Statement (Board)
    • False Claims Recovery Education, AD-106
    • Whistleblower Protection (State), HR-102
    • Whistleblower Protection (Federal), HR-103
    • New Staff Orientation – Corporate Compliance, Regulatory Requirements, and Risk Management

CREDENTIALING & PRIVILEGING

• • • Credentialing and Privileging of LIPs, HR-106
    • Credentialing and Privileging of Other Licensed and Certified Professionals (OLCPs) and Other Clinical Staff (OCS), HR-105

PATIENT RIGHTS, CONSENT & COMMUNICATION

• • • Patient Rights and Responsibilities, PC-310
    • Communication with Patients with Limited English Proficiency or with Visual, Hearing, or other Communication Barriers, PC-180
    • Informed Consent for Treatment, PC-300
    • Consent for Treatment of Minors, PC-130
    • Advance Directives, PC-400
    • Domestic Violence, PC-700
    • Mandatory Reporting of Child Abuse and Neglect, PC-701
    • Vulnerable Adults in Need of Protective Services, PC-702
    • Human Trafficking, PC-703
    • Intimate Partner Violence, PC-704
    • Dismissal of Patients from Clinical Care, AD-720

PATIENT CONFIDENTIALITY, PRIVACY, & SECURITY OF PATIENT RECORDS

• • • IT-STF100 IT Sanction Policy
    • IT-STF101 IT Terms of Use Policy
    • IT-SEC101 Access Management
    • HIPAA Breach Notification, AD-500
    • New Staff Orientation – HIPAA
    • Record of Care, RC-100
    • Informal Disclosure of Protected Health Information to Patients' Family, Friends and Others, PC- 311
    • Audio and Video Recording of Patient Visits, AD-150
    • Informed Consent for Use of Patient Images for Non-Patient-Care Purposes, AD-200

TRACKING

• • • Referral Process, PC-170
    • Labeling Specimens, PC-100
    • Management of Abnormal Lab and Test Results, PC-110
    • Management of Critical Results, PC-120
    • Management and Tracking of Outgoing Laboratory Specimens, PC-200
    • Hospital and Emergency Department (ED) Transfer, Tracking, and Follow-Up, PC-160
    • Medical Records: Release of Protected Health Information (PHI), RC-110

OBSTETRICAL CARE

• • • Postpartum Testing for Diabetes for Women with History of GDM, PC-724
    • Screening for Pre-Eclampsia Risk and Aspirin Therapy in Pregnancy, PC-725
    • Emergency or Imminent Delivery - Code Pink, PC-600

INFECTION PREVENTION AND CONTROL POLICIES

• • • Infection Prevention and Control (IPC) Plan, IC-600
    • Hand Hygiene, IC-100
    • Cleaning and Low-Level Disinfection of Patient Exam Room and Medical Equipment, IC-200
    • Post-Occupational Exposure Evaluation and Follow-Up, IC-300 (w/ Instructions and Incident Form)
    • Sterilization and High-Level Disinfection of Medical Equipment, IC-620
    • Disinfection of Blood/Body Fluid Spills, IC-400
    • Personal Protective Equipment (PPE), IC-500

MEDICATION MANAGEMENT

• • • Medication Management Process and Ongoing Evaluation, MM-100
    • Look-Alike Sound-Alike (LASA) Medications, MM-110
    • High-Alert and Hazardous Medications, MM-120
    • Selection and Procurement of Medications, MM-130
    • Storage of Medication, MM-140
    • Emergency Medications and Supplies, MM-150
    • Medication Ordering, Preparation, Administration, Labeling, Dispensing and Monitoring of Effects, MM-160
    • Adverse Drug Events, including Medication Allergies, Medication Errors, and Vaccine Reactions, MM-170
    • Recalled, Discontinued, Expired, or Returned Medication, MM-180

TRIAGE & EMERGENCIES

• • • Patient Triage, PC-101
    • Telephone Triage, PC-102
    • On-site Triage, PC-103
    • Medical Emergency, PC-108

QUALITY IMPROVEMENT

• • • Continuous Quality Improvement (CQI) Plan, AD-CQI
    • New Staff Orientation – Quality Improvement
    • New Staff Orientation – Clinical Operations

CLINICAL GUIDELINES AND STANDARDS

• • • Provider Manual - Provider Orientation Information
    • Standing Orders , PC-752
    • Peer Review, AD-350
    • MA Manual - Patient-Centered Care: The Role of the Medical Assistant

INCIDENTS/EVENTS

• • • Westside Quality and Safety Learning Reports system
    • Reporting of Adverse Events and Near Misses (Incidents), AD-105
    • Sentinel Event, PC-520

PATIENT GRIEVANCES

• • • Patient Complaint Resolution Process, AD-620
    • Westside Family Healthcare Patient Complaint Form for AD-620
    • Patient Discrimination Complaints, AD-630

ENVIRONMENT OF CARE

• • • Safety and Security Management Plan, EC-100
    • Hazardous Materials and Wastes Management Plan, EC-200
    • Hazardous Materials and Wastes, EC-201
    • Fire Safety Management Plan, EC-300
    • Medical and Dental Equipment Management Plan, EC-400
    • Utility Systems Management Plan, EC-500
    • Safety Procedure Manual
    • New Staff Orientation – Safety

EMERGENCY MANAGEMENT

• • • Emergency Management Plan, EM-100
    • Emergency Management Plan: Infectious Disease Emergency Response (IDER) Annex, EM-201

HUMAN RESOURCES

• • • Employee Handbook
    • Drug-Free Workplace, HR-101
    • Annual HealthStream Training Requirements for all Westside staff
    • New Staff Orientation
    • Locations, Hours of Operation, and After-Hours Coverage, AD-600