Responding after a crisis:key steps to limit risk

02-08-2013

Responding after a crisis:key steps to limit risk

While good risk managers do all they can to avert crises, the best will also have a robust plan of action in place for when they do occur. Pamela Popp of Western Litigations explains what can be done in the immediate aftermath of a major problem.

The healthcare industry thrives on crisis. Emergencies abound in the acute care setting; post-emergency care exists in provider offices, surgery centers and other non-acute environments. Natural disasters such as hurricanes and tornadoes can shut down services, affect physical plant stability and create havoc for staff.

Good risk management practices allow for the management of those risks in a proactive way, with the securing of insurance coverage, emergency disaster plans and rehearsed preparedness. 

Even with the best plan, however, situations may arise that could literally shut down the services of the entity if not handled well. Such events include significant patient injuries, multiple harm exposures, media attention, political sensitivity and board member involvement. Each unique and complex, these situations require a formalized crisis response—a prepared response that addresses all aspects of the event from investigation to agency notification, evidence preservation and staff support. 

One approach is the crisis team response (CTR) which will provide mitigation/resolution recommendations to senior management, result in complete and protected investigation, and empower the site personnel to continue the ongoing operations of the entity while the crisis is addressed.

STEPS/TIMELINE FOR CRISIS INVESTIGATION:
1. Team individuals are identified and charged with roles at event site.

2. Roles are reviewed and assignments made

a. Investigator A handles all investigation related to the harm to the patient or individual(s) involved;

b. Investigator B handles all interactions with local agencies such as police, agencies or insurance personnel who are looking at physical site damage or coming onsite for investigations;

c. Investigator C serves as the main contact with the facility risk manager to gather information related to the event, such as policies or procedures that were involved in the event;

d. Investigator D works with facility personnel to create a ‘bypass plan’ to allow for the ongoing operations of the entity independent of the investigation and obligations ;

e. Investigator E works with the local (and national) media including coordinating entity/provider spokesperson(s) and statements.

3. Debrief conversation is held every 24 hours as to status and outstanding issues.

4. Final debrief focuses on risk mitigation efforts and strategy for next steps and/or resolution, including a review of what went well, what was not foreseen, whether a checklist could be developed and ultimately, how to prevent a recurrence.

DISCOVERABILITY
The more individuals are involved in an investigation and decision-making, the harder it is to control the extent of information dissemination. A key challenge for any post-event response is the need to keep the information in a controlled distribution flow until response and mitigation decisions are made. Especially where harm has been suffered, it is important to gather the investigation materials quickly and efficiently in order to make decisions as to how that harm will be addressed. This requires the use of protective privileges to the information as it is determined, for example, statutory protections such as quality review or peer review privileges. These protections allow for the information to be confidential to outside parties if the individuals having access to the information are limited, and involved in the scope of that privilege (ie, “in pursuit of the rendering of quality healthcare …”). These statutes are venue-specific, and may not apply in any situation that involves external investigations by agency or governmental personnel.

The strongest privilege available to protect the information and investigation is that of ‘attorney-client’, meaning that the attorney directs the investigation and receives the results of that investigation on behalf of the client. This is usually achieved by hiring outside defense counsel to manage the investigation and having a letter sent from the attorney to the participants in the investigation, outlining the method and flow of communication. 

IMMEDIATE QUESTIONS POST-EVENT
Once a situation is identified that meets the definition of a ‘crisis’, the following questions need to be asked:

1. Is there injury?
Is the injury actual harm or more theoretical, eg, fear of exposure to an illness or disease?

2. Who is injured? One person or more?
Has the harm been suffered by a single individual, or a group? Is the group identifiable?

3. Will the injury continue to happen without action?
What action?
Is the event singular (eg, a suicide) or ongoing (eg, exposure to unsterilized equipment)? Has action been taken to stop the harm (eg, removal of malfunctioning equipment)?

4. Is there a need for public disclosure?
Is education needed for the community as well as for the individual(s) affected? Are there obligations to report to public/private entities?

5. Is there a need for testing/treatment?
What will address the harm? The psychological effects—fear of future harm?

6. Is there funding for the response?
Is the funding available through designated insurance coverage? Will the expenses for the response come from operations or other sources? Does that funding require reporting to an external entity, such as insurance agent or carrier?

REPORTING OBLIGATIONS
In the midst of an investigation it may be easy to overlook reporting obligations that may arise from managed care entities, state or federal agencies or insurance requirements. However, these reporting triggers may have significant penalties for delayed or deficient reporting and should be reviewed annually to prepare for necessary reporting in a crisis situation. Some managed care contracts may even require reporting when a non-beneficiary is involved in a significant patient care event, and thus confidentiality provisions must be considered as well.

This spreadsheet can then be used during the investigation, since the reporting requirements may change based on what information is learned. Reporting should be considered an ongoing obligation, and considered at each debrief to determine timeliness of reporting.

INVESTIGATION DOCUMENTATION TO SECURE
Regardless of the type of event, the securing of key evidence will be crucial to a successful result, whether through proactive resolution or litigation. Electronic forms of documentation should be secured through a ‘litigation hold’ (the ceasing of communication and securing of any involved means of communication, such as specific computers), and physical documentation secured and controlled to prevent alteration or destruction. Access to the information during the investigation should be limited to those involved in the crisis response.
If a patient is harmed, documentation should be retrieved and secured as it relates to the specific individual involved. Start with the medical record, but include any information that you can find on the patient through social media.

CONVERT FINDINGS INTO A RISK PLAN
After the event is investigated and a resolution plan put into place, the findings should be converted into a risk management plan for the future. The plan should focus on preventing a repeat event, updating any operational measures (such as policies/procedures) and re-establishing trust between personnel involved. The action plan can be used to encourage the staff and providers to learn from the event and find closure in its resolution. It also provides feedback to the senior management of the organization to show that the lessons learned from the event are being incorporated into the operations of the entity.

The action plan should address systemic changes, measurement of the changes, reporting required, media message, etc.

CONCLUSION
Not every crisis can be anticipated, and therefore even the best risk management program may not be able to respond sufficiently when a significant event occurs. Implementing a team approach, such as the CTR model, allows for the effective and efficient delegation of investigation while stabilizing the ongoing operations of the entity. 

Crisis, Risk Manager, Emergency, Injury, Reporting