Risk Management
Contingency Planning
Psychiatrists can take simple steps to ensure that their patients and their practice are protected in the event of a sudden unavailability. Click here to access the downloadable PRMS contingency planning tool to quickly gather necessary information to aid those assisting the doctor in the event of his/her absence.
Maryland ERPO Law and Domestic Violence
Maryland’s Extreme Risk Protective Order (ERPO) statute allows a court to order law enforcement to temporarily seize firearms from an individual determined to present a risk. A new resource compares the ERPO to a Domestic Violence Protective Order in Maryland, including what they are and how they differ. The Bloomberg American Health Initiative website has more details about ERPOs nationally. Another resource is a detailed discussion by Erik Roskes, M.D. of the various methods that psychiatrists can consider when deciding how to reduce risk in their practices, including an emergency petition, civil commitment, the gun restriction law and ERPO. Finally, MDH offers this ERPO toolkit.
Cybersecurity Resources
The Department of Health and Human Services (HHS) has issued cybersecurity resources to help manage threats and protect patients:
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients– Reviews five current threats (phishing attacks, ransomware attacks, loss/theft of equipment/data, insider, accidental or intentional data loss, and attacks against medical devices) and presents practices to mitigate those threats.
- Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations
- Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations
Treating Students Away at College
When summer begins to recede, many psychiatrists have patients who will be heading off to college for the first time. What should you do about the patient who is leaving the area and asks that you continue treating her while she is away at school? On the one hand, it may seem like a very logical thing to do. You know this patient and she trusts you. You have been making excellent progress since you began treating her so why would you want to end the treatment relationship now? Because 1) it may not be legal to continue to treat, and 2) it may not really be in your patient’s best interest. [Continue reading from the PRMS LinkedIn post on August 22, 2014.]
For other helpful perspectives on the decision to continue treating patients who relocate for college, click here.
Practice Management
From LinkedIn posts by the PRMS Risk Management Team
- Consider developing a contingency plan to assist others in closing your practice and finding care for patients in the event of your sudden death or incapacity. For our article discussing contingency planning, click here.
- Consider implementing formal office policies on such topics as fees for missed appointments, prescription refills, and after hours coverage to better manage patient expectations and make your office run more smoothly. You can find sample office policies in this article.
- For those patients who have seemingly dropped out of treatment, consider following up with them, and if they are no longer interested in treatment, formally terminate the treatment relationship by sending a letter. For more information on this, and model termination letters, click here.
Data Protection
From LinkedIn posts by the PRMS Risk Management Team
- Educate office staff on the importance of protecting patient information and discuss any obligations your practice may have under HIPAA. The government’s online training resources, specifically a patient privacy course and privacy and security training games, may be helpful tools when training staff on a yearly basis. Also, consider having office staff sign a confidentiality agreement which acknowledges their obligation to maintain the privacy of patient information. Such an agreement can be reviewed with employees during annual training.
- Avoid having patient information on portable devices. If patient information must be on a portable device, the information should be appropriately encrypted – consistent with the National Institute of Standards and Technology (NIST) guidance, using the Advanced Encryption Standard (AES). With appropriate encryption, in the event of a breach, the “safe harbor” would apply, meaning patients would not have to be notified.
- Regularly assess your practice for new threats to protected health information and address vulnerabilities. Have you determined what type of PHI you store and the way you store it? Do you know who has access to your PHI? These are two questions that would likely need to be addressed in a thorough risk assessment. The U.S. Department of Health and Human Services has provided guidance on risk analysis and offers a security risk assessment tool.
Technology
From LinkedIn posts by the PRMS Risk Management Team
Before posting anything on social media, even if privately or anonymously, look it over to see if you would be happy with all of the following seeing it:
- Your patients
- Your employer
- Your employees
- Your licensing board
- Plaintiff’s attorney in a malpractice case against you.
If you have any misgivings, don’t post it. For more risk management advice, click here for our primer on social media in psychiatric practice.
When using an EHR to document a patient visit, try to use free form text as much as possible, especially to document your reasoning behind clinical decisions. Relying solely on checkboxes and pull-down menus tends to make all your entries look the same. For more information on the safe use of EHRs, click here for our primer.
When treating patients remotely via telepsychiatry, ensure the technology used is HIPAA-compliant. Specifically, you will need a Business Associate Agreement, under which the vendor promises many things, including to maintain the confidentiality and security of your patients’ information. For more details, click here for our telepsychiatry primer.
Patient Safety
From LinkedIn posts by the PRMS Risk Management Team
When treating patients with suicidal behavior, ensure that an adequate risk assessment is done – and documented. We suggest that you utilize a tool to ensure that nothing is missed. One such tool is the SAFE-T protocol. For an article on treating suicidal patients, click here.
Even if not legally required to, consider checking the state Prescription Drug Monitoring Program (PDMP) before prescribing controlled substances. For an article on PMPs, click here.
Ensure any lab work you order, such as lithium levels, is done and reviewed by you. Tracking of lab work, or more accurately failing to track, is not an uncommon fact in the lawsuits we see.
For another post on Patient Safety in April 2018, click here.
Data Security
Personal information on healthcare-related computer networks must be secured. The FTC Requires companies (FTC and LabMD) to provide reasonable and appropriate security for stored information.
HHS cybersecurity resources help manage threats and protect patients:
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients– Reviews five current threats (phishing attacks, ransomware attacks, loss/theft of equipment/data, insider, accidental or intentional data loss, and attacks against medical devices) and practices to mitigate them.
- Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations
- Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations
Termination of the Treatment Relationship
From a professional liability perspective, it is well established in law that once a physician initiates a treatment relationship, you need to continue treating – and are liable as if you are treating – until the relationship has been properly terminated. Termination of Treatment gives important considerations.
Myths & Misconceptions: Treating College Students
Risk Management Courses
The APA/DBs partnered with our endorsed medical liability carrier American Professional Agency (APA, Inc) to create 9 risk management courses. These APA PRA Category I Credit™ courses are free for members and also count towards the three hours required to receive a 5% discount off your professional liability policy. Visit the APA website for details.
Risk Management Reminders for Online Marketing
Includes online reviews, websites and online referral services
Medical Record Storage Company Contracts
Written by Professional Risk Management Services, Inc. (PRMS)
If you are a psychiatrist who maintains paper records, at some point you will likely find that you no longer have sufficient space within your office to store all of your inactive patient files. Fortunately, in many locations, there are secure facilities dedicated to business record storage. As you consider your various options, carefully review the companies’ proposed agreements and watch for the following:
Access: How easily can you access your records? Is the facility open 24/7? If you cannot go to your assigned space and retrieve records directly, what is the time frame in which records can be retrieved? Remember, if you are provided with a valid record request, you will only have so much time in which to respond so you must ensure that records can be obtained in a timely manner.
Business Associate/Confidentiality Agreement: If you are a covered entity under HIPAA, and the storage facility will have access to patient information, you must ensure that the facility is willing to enter into a Business Associate Agreement. Under this agreement, the storage facility agrees to maintain the confidentiality, security, and integrity of your patients’ records. Also included are provisions requiring notification to you in the event of a breach involving your patients’ information. If you are not a covered entity, you should still require that the facility agree to maintain the confidentiality of your information if such an obligation is not already laid out in your contract.
Non-Payment Provisions: Pay close attention to provisions in the agreement that outline the facility’s remedies in the event of your non-payment of storage fees. Some contracts provide that the facility retains the right to destroy the contents or even to sell the contents. Although it may seem unlikely that this would ever occur, consider the consequences in the event that something happened to you or a change in your office staffing caused payment to be overlooked.
Practical Pointers for Managing Risk When Treating Patients with Suicidal Behaviors
Written by Professional Risk Management Services, Inc. (PRMS)
- Include specific exploration of suicidal potential in examinations at the outset of treatment and at other points of decision during treatment. Suicidal potential should be re-assessed at least: 1) whenever there is an incidence of suicidal or self-destructive ideation or behavior; 2) when significant clinical changes occur; 3) when any modification in supervision or observation level is ordered; and 4) at the time of discharge or transfer from one level of care to another. Based on these reassessments, make adjustments to the treatment plan as needed.
- Explore past treatment. Obtain treatment records where possible for new or returning patients. Record attempts to obtain records if they cannot be obtained.
- Review patient records prior to lifting precautions or otherwise reducing the nature or intensity of treatment. Review the entries of other professionals as well as your own.
- Conduct follow-up discussions with staff members whose record entries may be inconsistent with treatment options under consideration. Include the basis for resolution of the inconsistency in a record entry of the decision.
- Instruct staff to notify you immediately if they are concerned about a patient’s potential for suicide.
- Communicate with other treaters, especially when the patient is being treated in a split or collaborative treatment arrangement.
- At the outset of treatment, or after breaks in treatment, consult family members or others close to the patient, as appropriate, for information about the patient’s history, presenting condition, and life circumstances.
- Address the need for a safe environment for patients with suicidal behaviors. The accessibility of firearms or other weapons should be assessed and an appropriate plan for safety should be instituted, including getting information from and instructing family/significant others about this issue.
- Record all potentially relevant information provided by family and close friends.
- Know the criteria and procedures for involuntary hospitalization in your state.
- Do not rely solely on “no-harm” contracts as a guarantee of patient safety. These “contracts” have no legal force and cannot take the place of an adequate suicide risk assessment. It may be appropriate for a “no-harm” contract to be one part of a comprehensive treatment plan but it is the clinician’s responsibility to evaluate the patient’s overall suicide risk and ability to participate in the overall treatment plan.
- Be alert for – and respond to – developments in a patient’s life that may increase the risk of suicide.
- Address financial constraints directly. If recommended treatment is not financially possible, then attempt to find equivalent alternatives. Document the adequacy of the alternative that is ultimately chosen.
- Document all relevant information about a patient’s condition, treatment options considered, risk/benefit analysis performed, and the rationales for choosing or rejecting each option.
- Never alter or destroy a patient record after an adverse incident.
- Develop a follow-up treatment plan for discharge or for transfer from one level of care to another that is consistent with a patient’s situation and abilities. You may need to take steps to monitor patient compliance if another psychiatrist or professional has not yet assumed care.
- Familiarize yourself with the policies of all hospitals or other institutions/organizations where you provide treatment. Practice accordingly.
- The decision about type and amount of medication given to a suicidal patient – and the resulting record entry – should reflect the extent of your experience with the patient, your knowledge of the patient, the severity of the patient’s suicidality, and the extent to which physician prescribed medications may be of significance to the patient.
- Refill prescriptions for other psychiatrists’ patients with care. Review such refills with the psychiatrist if possible. Where such review is not possible, consider prescribing only enough medication to cover the patient until the psychiatrist returns or can be consulted.
- Terminate treatment with potentially suicidal patients with extreme care. Avoid terminating during periods of crisis. Consider termination during inpatient treatment, if termination is necessary.
- Prepare patients for scheduled absences and make provisions for coverage.
- Consider alerting family members to the risk of outpatient suicide when:
- the risk is significant,
- the family members do not seem to be aware of the risk, and
- the family might contribute to the patient’s safety.
- Consistently use an authoritative guideline to assess the level of suicide risk and facilitate the development of a reasonable intervention and treatment plan based on the assessed risk level.
PRMS
Manager of The Psychiatrists’ Program
Medical Professional Liability Insurance for Psychiatrists
1-800-245-3333
Email: TheProgram@prms.com
Visit: www.psychprogram.com
Twitter: @PsychProgram