A Risk-Based Approach to Patient Safety and Incident Management

Steven Minsky | Nov. 13, 2015

The Food and Drug Administration recently investigated manufacturers of endoscopes, a device most doctors call “a key tool in detecting and treating medical problems,” according to The Washington Post.

Such instruments, while vital to modern medicine, are also responsible for infecting hundreds of patients with a vicious bacteria called enterobacteriaceae, more commonly known as CRE.  So far, infections from CRE-ridden endoscopes have caused at least two patient deaths.

Why device manufacturers are most at fault 

Ultimately, the blame for these deadly outbreaks lies with manufacturers, of which there are three in question: Fujifilm, Olympus, and Pentax.

These companies reportedly failed to adequately perform two tasks: notify the FDA of device-related issues within a month of identification, and provide sufficient instructions for device use and upkeep.

As a result, a patient died after being treated with an infected duodenoscope, and now the patient’s family is suing Olympus for wrongful death. Another family, whose 18-year-old son was also exposed, is charging the company with both fraud and negligence.

That being said, there are three types of enterprise – manufacturer, hospital, and regulatory agency – that can benefit from a few best practices in incident management and ERM. Taking such precautions can preserve patient safety and confidence, streamline operations, and protect companies from serious liabilities.

ERM software could have helped prevent infections

Some hospitals, like UCLA Medical Center, have implemented robust ERM programs, protecting themselves against the pursuit of legal action.  Most hospitals (and manufacturers), however, do not have adequate ERM programs. In the healthcare industry, effective incident management is a top concern; hospital patients and staff face unpredictable events every day, ranging from slip-and-falls to infections and injuries acquired on premises.

It is essential that every hospital be capable of linking incidents to their root causes. ERM provides a taxonomy – or library of risks and their causes – that can reveal these relationships. In this case, that means first retracing the medical process to identify which piece of equipment is infected, and consequently which vendor it came from and how risky it is to engage with that vendor.

Next, an ERM solution will help the organization identify procedures relying on the device. To account for human error or improper training, related personnel need to be evaluated and verified. Specifically, a risk-based incident management software enables all hospital employees to quickly and accurately document incidents, track developments, escalate concerns, and develop action plans for preventing such instances from re-occurring in the future.

Thirdly, ERM programs provide a risk-based vendor management program. Such a program provides a few things: due-diligence when investigating vendor risk management controls and performance; ongoing monitoring of FDA updates, research trials, news stories, and other professional releases; and automatic links from this information back to the specific users of those devices. This risk-based third party due diligence approach not only ensures FDA compliance, but more importantly, ensures successful patient outcomes with new technologies and protects hospitals from liabilities.

Any company making medical equipment has “an obligation to figure out how to clean it, and they have to prove that their cleaning method works,” says Peter L. Kaufman, who is representing one of the families suing Olympus. ERM policy and procedure software would have allowed Olympus to do just this by developing more comprehensive device usage and care policies. This would have been a double boon, saving lives and protecting the company from costly lawsuits.

Integrate Incident Management

Check out our case study on how LogicManager helped Winona Health integrate incident management into their enterprise risk management program here!


About the Author:

Steven is a recognized thought leader in ERM, CEO of LogicManager, and co-author of the RIMS Risk Maturity Model. Follow him on Twitter at @SteveMinsky