Managing and Mitigating Risk: An Administrator’s View

Case One
One of the hardest situations for a long-term care employee to deal with is a missing resident. The person who made the discovery must make immediate decisions having implications for the suspected missing resident, the resident’s family, the organization and, potentially, the outside community’s emergency-response systems.

One such occurrence at my own facility began with a phone call notifying me that one of our more “independently minded” residents, who had a history of taking walks without following checkout procedures, was missing. Employees conducted an extensive search of the building and grounds, contacted family members, and then telephoned authorities. As I drove up to our facility, I experienced a wide range of emotions. I was awestruck as I negotiated a full contingency of emergency-response vehicles crowding our parking lot. I identified myself to the largest congregation of uniformed personnel, who were busy planning search patterns. I was informed of the search status, including the fact that a state police search helicopter was in flight.

As it turned out, the resident had gone to an evening service at his church. While this was a documented “near miss,” the incident unleashed a chain of events with far-reaching ramifications for our facility. It would have been easy to treat the employee who made the decision to contact authorities as if she had overreacted, but that would have diminished employees’ willingness to make critical decisions in the future. Her response was correct for the situation she faced. We recognized her conduct as such, reemphasized to the resident the responsibilities of residency, and extended formal appreciation to our local, county, and state emergency responders. Meanwhile, we sent risk-management bulletins to residents, family members, and employees, reiterating our sign-out procedures and that we are developing a system of missing-resident drills for staff.

Case Two
Even if blessed with the most knowledgeable employees, the finest policies and procedures, the most realistic expectations, and the highest levels of trust, we are not capable of overcoming one of the most basic truths of our human condition: We are imperfect beings, and we make mistakes. Best practices don’t promise an absence of risk; they promise an ongoing commitment to responsively minimize risks associated with the aging process.

One morning, I arrived at work to find one of our residents in cardiac arrest. Asked to continue CPR in the ambulance during transport to our community hospital, I waited near the nurses’ station at the ER for a report. Eventually I learned that the resident had passed away, and as my thoughts returned to work I became aware of a conversation behind me.
I heard a nurse on the phone ask in disbelief, “You did what?” She told a nearby ER physician about the information she just received, and his face flushed with anger. Having heard her mention my facility, I quickly walked over and interrupted the discussion by introducing myself. Thrusting the phone toward me, she said, “Here, you talk to her.”

The caller was one of our charge nurses, who began by reminding me that we had many residents with the same first and last names, distinguishable only by their middle initials. She recounted that the employee who had contacted the resident’s family had accidentally grabbed the chart of another resident-and the wrong family was en route to the hospital, thinking that their mother had passed away. It also meant that the relevant family remained wholly unaware of the morning’s events. I instructed our charge nurse to immediately contact the family whose mother had died and explain the course of events.

Confident that amends would be made with the grieving first family, I told the physician I would meet the arriving family in the lobby to explain our facility’s mistake. Following this difficult but ultimately positive encounter, I returned to our facility. As I entered, I saw the employee who had made the mistake waiting in the hallway. Stricken with grief, she ran to me and asked me to write her up. But instead of a disciplinary action, I suggested that both families deserved a personal apology for her mistake. Having to face both families would be more difficult for her than any discipline I could dole out.

In investigating the event, I had no doubt that such an incident would have opened us up to extensive liability, probably enticing the families to take legal action. After all, such events beg questions of negligence and inadequate care, especially when an initial response is defensive or full of denial. Thankfully, we had trusting relationships with both families prior to the event, and they forgave us. Furthermore, we identified potential risk issues related to duplicate names-ranging from residents receiving other residents’ mail to the increased risk for medication errors-and made necessary adjustments in our operations. In doing so, we demonstrated accountability and showed respect by listening to suggestions, auditing our operating procedures, and keeping vested parties informed of our progress.

Several such events are associated with long-term care, one of the latest additions to the list being HIPAA violations. Additional issues include:

• resident abuse (alleged, suspected, or substantiated)
• elopement
• medication or treatment errors
• falls, both recurring and those resulting in serious injuries such as fracture
• injuries during the provision of services
• pressure ulcers and sores
• suicide, homicide, or unanticipated death of a resident

Educating stakeholders to be aware of these high-risk drivers and how to effectively deal with them is a crucial piece of managing risk.

Furthermore, ignorance of culpability is not a permissible defense, especially when a governing board is involved. Fiduciary responsibility begins with the premise that culpability exists based on what the governing body knows or should know regarding the operations of the organization. Therefore, the board’s appointing a representative body of organizational stakeholders focused on safety, quality improvements, risk management, and prevention becomes a powerful tool for mitigating risk and showing the exercise of due diligence.

Effective risk-management programs begin with a risk-management and safety committee that has been sanctioned to prevent, investigate, and reduce risk throughout the operation. The committee should be composed of a large cross section from all domains of the organization, including supervisory/management personnel and an equal representation of frontline employees. Committee members receive direct feedback from many sources in the organization, such as resident councils, quality assurance committees, medical service committees, and other groups of stakeholders. The best programs also include feedback processes for safety audits and organizational self-evaluation.

Planning, implementation, training, and communication of facility practices addressing emergency situations also fall to the committee. These include emergency management plans, fire-drill programs, missing-resident drills, and in-services on topics such as infection control, accident prevention and reporting, hazardous materials, and fire safety.

Finally, the committee must be known to the organization so that the maximum number of stakeholders will know whom to contact when they witness an unsafe situation or are involved in a risk-associated event.

An effective risk management program includes:

• an integrated working relationship with the organization’s corporate compliance program
• a well-defined risk management committee that enjoys complete support from the leadership and governance of the organization;
• an organizational culture that obligates stakeholders to identify and report near misses, risk events, and noncompliance issues;
• a well-designed and well-communicated system for internal reporting, data collection to identify trends, investigating, decision making, and execution;
• organizational stakeholders who are highly educated in potential areas of risk within their industry and knowledgeable about the most effective responses to those situations when they occur; and
• a process for building realistic expectations regarding risk at the beginning of each relationship with every resident and family members.

• fully participative, involving every stakeholder;
• fully integrated, involving every aspect of the organization;
• continuous, improving operations expeditiously every day through corrective measures; and
• a source of constant feedback, with creative responses to that feedback and education on upgraded practices.

An important element of an effective risk-management program is the process for internal reporting of “near misses,” sometimes defined as “almost” events. Continuous quality improvement is impossible without processes in place to communicate all risk-associated events or situations, and acceptance that reporting of those events is everyone’s responsibility.

Many organizations experience difficulties in reporting actual events and near misses. Once the significance of reporting all risk-associated events is established, the process should be simple and consistent, and include:

• an understanding that the reporting process is neither part of the organization’s disciplinary process nor used to establish blame;
• a well-designed reporting form that is easy to understand, collects vital facts about the event (time, date, location, equipment involved, injury, action taken, etc.), and is easily accessible at all times;
• a process for contacting a designated family member about all events in a timely manner;
• specific guidelines as to who receives completed event forms, the facility’s policy about copying them (which should be strongly discouraged), and the time frame in which the completed event form needs to be passed along to the appropriate people;
• a well-defined process for investigating events;
• a process to meet external reporting requirements (e.g., state department of health, workers’ compensation, OSHA, etc.), depending on the nature of the event; and
• a compilation method to identify trends regarding specific incidents, common locations, areas needed for improvements, etc.

The ultimate purpose of these processes is to untangle the elements that lead to risk so that root causes can be identified. Root-cause investigation of catastrophic events typically identifies specific mistakes that increased likelihood and risk and attempts to pinpoint how different decisions might have prevented the events. This is followed by development of best practices and linking continuous improvement with staff development. Only after this sequence of events will actual changes in day-to-day operations become reliably executed.

Conclusion
Sound risk-management practices require total commitment. Decisions responding to risk take courage to execute because the implications of risk sometimes necessitate unpopular change and require personal accountability. While neither total commitment nor courage will overcome the reality that life is inherently risky and that mistakes will be made, they do provide organizations with their best opportunity for fulfilling their duty of care-their basic purpose for existence.

Victor Lane Rose, MBA, NHA, is Director of Operations at Souderton Mennonite Homes, a CCRC in Souderton, Pennsylvania. For further information, phone (215) 723-2182, ext. 219. To send comments to the author and editors, e-mail rose0406@nursinghomesmagazine.com.

Suggested Reading
Continuing Care Risk Management. Quality assurance and risk management: Event reporting. Plymouth Meeting, Pa.: ECRI, July 2003.