Adverse Events and Medical Errors: Risk Management Best Practices

Humans, by nature, are risk-adverse. That is to say, most people are cautious in their approach to situations which could place themselves, or someone else, at risk of harm or injury. Unfortunately, the nature of medical care requires providers to make split-second decisions and to follow established treatment protocols, both of which carry the risk of adverse events and/or medical errors.

Medical errors—and to some extent adverse events—bring with them a mantle of liability for you and for your organization. On an individual level, knowing what steps healthcare providers can take to protect themselves in case an adverse event or medical error occurs can go a long way towards minimizing liability and helping to build a solid defense should a lawsuit or other legal action occur.

What is “Risk Management”?

Risk Management is defined as “the identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks.”

 Organizations and businesses constantly create and employ strategies to properly manage future events. Sometimes these strategies come about in reaction to a past event, while other times the strategy is proactive. Regardless of what prompted the action, employing risk management strategies to minimize risk exposure are sound practices, both on a business and personal level.

Best Practices

Should an adverse event or medical error occur, consider taking these steps:

• Notify the proper authorities: Remember that while you are not legally responsible for reporting external adverse events to any federal or state agency, you are required to report internal adverse events to the Food and Drug Administration (FDA) via MedWatch (if it meets the criteria set forth by the FDA for reporting), and possibly to state and/or local agencies.
• Resist the impulse to modify or make corrections to the patient care record: Should an adverse event or medical error occur, resist the temptation to modify the Patient Care Record to clarify vague, confusing or unclear remarks or notations, or to remove seemingly detrimental, harmful or injurious information. These efforts never succeed and can compromise your defense. Even if negligence was not involved, these actions can provide grounds for possible licensure sanctions. If something in the record needs to be clarified or corrected, the provider should write a separate addendum note, including both the the date and time of the addendum was made and by whom, and sign or initial it.
• Collect documents that support your case: Make copies of any protocols, policies, procedures, guidelines, etc. that are currently in use and relevant to the situation. It may be months, or even years, before the medical error or adverse event in question rears its head in the form of legal case. By that time, protocols will have been revised, old copies thrown out or overwritten or destroyed. Still, you will need to be able to produce a copy of the policy/procedure/protocol as it existed at the time of the event.. Being able to do so will be especially important if everything was done properly, yet something still went wrong.
• Write a letter to legal counsel: Write a narrative of the case – in the form of a letter addressed to a named attorney – as soon as possible, while the events are still fresh in the healthcare provider’s mind. Just writing notes in a journal or on a notepad is not good enough; the document must be addressed to an attorney and take on some general formalities, such as one would expect to find in a good, old-fashioned letter. It is a good idea to address the letter to your organization’s current attorney at the time of the incident. Although the attorney may or may not eventually serve as defense counsel in subsequent legal action relating back to the adverse event or medical error, by addressing the letter to an attorney, the letter and its contents become protected under the Attorney Work Product doctrine, shielding it against any effort by the plaintiff or other party to subpoena it and to force its disclosure. Unlike journal entries or notes which must be produced if requested, as a special and distinct document prepared only for use by the defense attorney, such as a letter, is legally protected because it is written for personal reasons, not part of the clinical record. As a personal depiction and recollection of the facts, observations, impressions and feelings associated with the event, the letter is essentially a timely and complete account, from the provider’s perspective, of what occurred. You do not need to send the letter to the attorney, but should keep it in a safe place separate from the patient care record, and other documents associated with the incident, until it is requested by the defense attorney.
• Remember that the government is not your friend: If an investigator wants to talk to a member of your healthcare organization, or you receive a request to appear before a state or local licensing authority for a Medical Control or Compliance Conference, do not talk to them without an attorney present. All too often, people think they can “just explain what happened” and that “this is how we do things in our town or county” and everything will be fine. Sadly, it does not work that way. In most states, by the time a healthcare provider is requested to appear before a department, board or commission, it is too late. The matter has already been investigated, a violation has been found and the agency is merely providing an opportunity to present a defense in accordance with due process requirements. What they do not tell you is that in most instances, the request to appear is the administrative agency equivalent of a grand jury indictment – they already have grounds to press charges.
• Set the tone at the top: If you are a member of management, be proactive. There can be many obstacles to successfully adopting a comprehensive risk management program within an organization, including the complexity of the risk management process itself. It will require visible commitment from senior management and a clear message to all employees about the benefits of risk management to the business and to themselves personally. Recommendations include: Defining and fostering a culture that promotes self-reporting and risk management best practices; Developing an enterprise-level risk management program, and consider creating a new executive role within the company called a Chief Risk Officer (CRO), whose role is to coordinate risk management across the entire organization. This establishes and champions the concept of risk management, and leads the Emergency Response Team (ERT) which will react to critical failures and disasters. The ERT should also include the organization’s legal counsel, and should be included during all phases of risk management, especially contingency planning; and Perform an annual risk assessment, including actively reviewing the organization’s operations policies and treatment protocols. Protocol violations are fast eclipsing all other forms of liability for healthcare providers and if the protocols are antiquated, not being followed or are unworkable for some reason, they will only add to your organization’s risk exposure.

Keep in mind that not every adverse event or medical error will result in any further action—disciplinary or otherwise. But, when something untoward or unanticipated does happen, if you take proactive steps to preserve information and protect what you can at the outset, it will go a long way towards minimizing liability and helping to build a solid defense should a lawsuit or other legal action occur.

This article scratches only the surface of risk management best practices in the limited context of adverse events and medical errors and is not intended as legal advice or legal counsel in the confines of an attorney-client relationship. Be sure to consult with an attorney to review your organization's specific needs and obtain appropriate advice on these issues, as well as local, state and federal reporting requirements.