Getting it right


Getting it right


Wrong-site, wrong-patient and wrong-procedure events remain a perennial problem in US healthcare. Fay Rozovsky, president of the Rozovsky Group, outlines an enterprise risk management response plan.

With the implementation in 2009 of the National Coverage Determination (NCD) [see the information at the end of the article] on wrong-site, wrong-patient and wrong-procedure events, the Centers for Medicare & Medicaid Services, (CMS) made a clear statement that it would not cover or pay claims for such situations. In adopting this policy, CMS differentiated what is often described as the “three wrongs” from the National Quality Forum’s list of Serious Adverse Events first published in 2002.

A number of patient safety-oriented initiatives have been implemented to prevent the “three wrongs”. Such changes include the surgical “time out” process, emphasis on team training through such programs as TeamSTEPPS® (Team Strategies and Tools to Enhance Performance and Patient Safety) and enhancements in team communication.

Notwithstanding these patient safety-oriented changes, the “three wrongs” remain a persistent concern in the healthcare field. There may well be a host of reasons for this issue, including lack of training, failure to communicate and short-cuts in the time out process. Complacency may be a problem: repetitively running down a check list without actually confirming the validity of information.

Facing the costs

The risk exposures from the “three wrongs” start with actual or potential harm to the patient. A wrong organ is removed; a needless operation is performed on the opposite side of the patient’s head; a patient who was to have a procedure to remove endometriosis ends up with a hysterectomy intended for a patient with the same surname. In each instance there are risks in terms of patient health and in some cases, removing the wrong organ—such as a healthy kidney instead of the one with cancer—leaving the patient destined to a life dependent on renal dialysis.

There are other costs, too. For members of the health professional team one can anticipate a round of focused reviews, peer review procedures, possible corrective action and potentially licensure action by a state licensing board. The healthcare organization can expect litigation by the patient as well as rigorous reviews by accrediting organizations, the state agency and possibly CMS.

In the NCD, CMS uses the patient’s consent document as evidence of what was to have been done compared to what occurred. It is interesting that CMS has taken this approach. The consent communication process and document are inexpensive, commonplace methodologies in the healthcare field. Although many may view the consent document as an administrative nuisance, in many ways, the consent form can be considered one of the most vital enterprise risk management (ERM) tools. When used effectively in the time out process, the consent document can help identify and prevent a would-be “three wrongs” situation.

But the “three wrongs” continue to take place. Under the terms of the NCD, CMS will not reimburse anyone involved in the “three wrongs”, including the healthcare facility. The result causes a definite revenue impact. Factor in the time, stress, and expenses incurred when responding to litigation, accreditation surveys, and regulatory reviews, and the financial costs add up quickly. Coupled with adverse publicity through traditional media outlets and via social media, and the healthcare organization may witness derivative consequences in terms of diminished market share.

Recognizing that the current array of patient safety-oriented initiatives has not stopped the problem, what other approaches should healthcare leadership consider to address the problem? An enterprise risk management response may forge a pathway to positive reform.

The ERM approach

ERM has been defined by a number of well-respected organizations. Although the definitions differ, there is common ground about the core elements of ERM. Indeed, the core features focus on a business decision-making model, premised on good data analytics, and informed choice-making by leadership. Eliminating needless and wasteful process variability can help an ERM based organization leverage its assets, drive patient safety, and, at the end of the day, demonstrate a return on investment (ROI). That there is a measurable ROI suggests that the organization can then use funds saved or revenues generated to improve healthcare systems and enhance patient safety.

An ERM-based healthcare organization looks to relevant risk domains to help identify exposures, synthesize information, and generate practical strategies and solutions. ERM principles can be applied to a process, a unit or department or across the organization.

ERM begins at the top of the healthcare entity. It reflects adoption of ERM as a way of doing business. It is not an add-on or a concept applied by those in risk management. Rather, it is “baked into” the philosophy, the ethos of the organization. A consistent, data-driven or evidence-based set of information is used as the context for making prudent decisions for the well-being of the organization, those that it serves, and personnel. Decisions are aligned with the organizations mission, vision, and commitment to a culture of safety.

Why an ERM approach can help manage the risks of the three wrongs

ERM principles are quite useful anytime a healthcare organization is trying to eliminate, reduce or control costly variations, including those that can lead to patient harm. It is particularly relevant to those healthcare settings in which surgical or interventional procedures may lead to wrong-patient, wrong-site, or wrong-procedure situations.

Imbued with a mandate from leadership to address the “three wrongs” an ERM team can follow a step-wise approach to fulfil its responsibilities. Such an approach will likely incorporate information drawn from several risk domains. Although there are numerous methodologies that can be used in the ERM process, the key is to select the right tools for the task.

A sample ERM menu to address the three wrongs

As a threshold consideration, the members of the ERM project should be acquainted with the tools, process, and scope of the enterprise risk management inquiry. To assist them in their work it is helpful to use a project map, checklist, or menu that can help identify who is responsible for certain tasks, deliverables, timelines, etc.

Using agreed upon ERM tools, the project would track the enterprise risk management process:

  1. Identify the risks. Looking across relevant risk domains, pinpoint the vulnerabilities. Risk inventories, self-assessment surveys, and interviews can be used for this purpose.
  2. Analyze the findings. Examine the data gathered carefully. Gap Analysis methodology, SWOT, FMEA, RCA and other tools can be used for this step. For example, a gap analysis may reveal that while policy and procedure require the team to be oriented to and demonstrate competency in the time out process, a small percentage never participated in such orientation training. Delving deeper, using FMEA or RCA it may be revealed that the failure modes occurred among those who had not received such orientation.
  3. Evaluate possible risk controls and solutions. Consideration should be given to what risks can be eliminated, prevented, transferred or controlled through practical, cost-effective interventions. Team orientation with demonstrated competencies reflects a good prevention strategy. Empowering anyone in the surgical or interventional suite to call a “halt” if the time out is incomplete can be an effective way to control a possible risk. That the person doing so in good faith would not face disciplinary action for taking such action helps to reinforce the importance of speaking up to avoid patient harm.
  4. Deliver an ERM plan to leadership. Provide a clear, data-drive plan to leadership. Make certain that the plan is feasible and that it includes metrics on the ROI for recommendations to address the “three wrongs”. Make certain that the plan acknowledges other options and the rationale for not recommending these alternatives.
  5. Implement the approved three wrongs ERM plan. Communicate why the changes or improvements outlined in the ERM plan is needed. Make clear to front line clinical and administrative personnel what the plan means to them in terms of their training, workload, and improvements in patient safety. Get their input, especially as the plan is first field-tested to make certain that what looks good on paper will work in reality.
  6. Monitor the three wrongs ERM plan. Carefully assess the plan. Ask key questions such as is it working? Are there still problems? If so, what steps should be modified to resolve potential risk exposures? Do the metrics reflect the anticipated benefits outlined in the plan?
  7. Be poised for ERM action. Do not assume that the process will remain the same. Variations may occur that could lead to one of the “three wrong” risks. Look at internal data sources to help pinpoint vulnerabilities, such as heavy reliance on traveling staff or locum tenens who may not have received the full measure of the organization’s time out orientation program, or modifications to EMR software that could alter patient identification. Address unwanted vulnerabilities promptly.


The “three wrongs” are called “never events” for a reason. In a sophisticated setting such as a surgical or interventional suite, procedures should not be performed on the wrong patient or the wrong body part or site. Similarly, the patient should not be the recipient of the wrong procedure.

For sophisticated healthcare organizations, taking an enterprise risk approach may provide a useful response to the persistent issue of the “three wrongs”. No-one wants to have a “never event.” The time is right for thought leaders in healthcare organizations to embrace an ERM approach to delivery of high quality, patient safe care that is free of the “three wrongs”.

Fay A. Rozovsky, JD, MPH is president of The Rozovsky Group, Inc, a company that provides educational and consultative enterprise risk management services to client across the continuum of care.

Where to find regulatory information on the three wrongs

Medicare National Coverage Determinations Manual
Chapter 1, Part 2 (Sections 90 – 160.26) Coverage Determinations (Rev. 193, 07-01-16)

140.6: Wrong Surgical or Other Invasive Procedure Performed on a Patient (Effective January 15, 2009)

140.7: Surgical or Other Invasive Procedure Performed on the Wrong Body Part (Effective January 15, 2009)

140.8: Surgical or Other Invasive Procedure Performed on the Wrong Patient (Effective January 15, 2009)

Rozovsky Group, US, Fay Rozovsky, Healthcare, Data analytics, Risk management, Crisis managment