RSSRecent Articles

Ahh, a gray area in the risk assessment process

Let’s look at a less straightforward example of a risk assessment and its possible problems.

Say, for example, you have a wheeled medication control device that’s located in an area that is not completely secured and is near a ground-level exit. Suppose the device is plugged into a wall outlet that will send a signal to the pharmacy (staffed 24/7) if someone unplugs it from the outlet or the data link, and the device is further monitored by an operator at the switchboard during off-shifts when the area is not occupied. The arrangement sounds simple enough.

Now let’s imagine that when The Joint Commission arrives, a surveyor tells you he or she wants to see a demonstration of the alarm to the pharmacy, mostly due to the device’s proximity to that ground-level exit. So, the device is unplugged and then the waiting begins (talk about sweating bullets). Fully 10 minutes elapse before a response from the pharmacy, and now you’re looking at an RFI.

“But,” you tell the surveyor, “we did a risk assessment and we believe that this is an appropriate slate of interventions.” The surveyor, however, is not budging and is not going to be persuaded just because you invoke the risk assessment. It may be something you can overturn on appeal, but could you have done more?

In a perfect world, you’d be able to provide The Joint Commission with performance data that supports a finding of full compliance. So the question then becomes what kind of performance data could we have for this type of situation? I’m glad you asked.

As part of your schedule for periodic testing of your security systems (you know, testing panic alarms, intrusion alarms, door alarms-all that good stuff), you could also do some field validation of those items for which you’ve done risk assessments.

For the example noted above, I’d be inclined to use an off-shift fire drill (probably third shift, when I know the switchboard staff will be at its “thinnest”) to see if I can get in, unplug the medication control device, and get out-all without interference.

If I can’t get out, then I have the beginnings of a compelling data set to document a successful intervention. I don’t think I’d be inclined to rely on a single attempt to prove my point; I’d try for a few attempts at least.

Even if I couldn’t get out with the device, I might be able to take a bunch of medications, which also sends us back to the drawing board.

Ultimately, when it comes to doing risk assessments, there are a couple of truisms that ought to be observed as you move through the process:

  1. There are likely going to be multiple interventions that could be employed to handle risks-I know I’ve said this ad nauseam-so pick one and live with it for a while. Once you’re comfortable you’ve got a good sense of it, then look at other interventions. If you employ too many interventions at once, it is nigh impossible to figure out what actually worked. Incremental improvements will help give you the edge on solidifying improvements. You don’t want to go back a year later (or even less) and find that your improvement didn’t quite hold on.
  2. Go back periodically to validate that the expectations you established when you started this thing are still being met (sometimes one must make assumptions going into the risk assessment process, and we know what can happen when we assume). I think we can stipulate for everyday application that if an issue, condition, or practice rises to the point where you invoke the mighty risk assessment, then you want to collect some performance data (and report that data to your safety committee).

It is too easy to assume that everything will be accepted at face value during a survey (it’s nice if it goes that way, but let’s be real here). It’s not enough to say that something is performing acceptably. You need to back it up with supporting data (the scientific method lives on).

Use surveillance rounds, fire drills, whatever-gather as much data as you can and be prepared to present it to a surveyor, your boss, and your boss’ boss. Performance data greatly reduces the likelihood of dispute during survey, and also points you in the direction of further improvements.

Safety hotspots during surveys

What will be big-ticket survey focuses in the coming months?

Based on my experience:

  • Emergency power is going to continue to be big
  • Life safety is a perennial challenge
  • I think we’re going to see increasing attention paid to the management of security sensitive areas within healthcare

I fear that we are not going to see declines in violent episodes in the healthcare environment, so the responsibility is ours to appropriately manage that risk.

Security video concerns and Spam

As an aside, I saw a documentary not that long ago about security advances in facial and body recognition technology. John Cleese of Monty Python fame was prominently featured.

Regular video footage, though useful, can be defeated via disguise, which is my point with this Cleesian digression. Just remember this little cautionary tale if your security department uses video to monitor suspicious people.

Even though you can’t depend on pictures as an absolute identifier (more on identification technology in the future, with a special guest), it is worth checking the video images during your drills to make sure that you’re getting the quality (angles, clarity, etc.) that will keep you out of hot water when your boss wants to “go to the videotape.”

A loop or noose with risk assessments?

In past discussions relative to risk assessments, I feel like I’ve given short shrift to an important part of the process: closing the loop and making sure it stays closed.

In many cases, it’s not merely enough to have conducted a risk assessment (EC.1.10, EP #4); there is also an expectation that the interventions you identify to manage the risks “…achieve the lowest potential adverse impact on the safety and health…” (EC.1.10, EP #5).

And, at least as far as the scientific method is concerned, the only way you can be sure that you’ve achieved that goal is to collect and analyze performance data relative to the intervention.

For instance, there are a number of ways that you can provide your staff members with access to material safety data sheets. Sometimes it seems like new technologies emerge every day in this realm. Be that as it may, OSHA’s hazard communication standard, like many of the risk management concerns you’re likely to face, is primarily a performance-based undertaking. OSHA doesn’t necessarily tell you how to do it, beyond the goal of ensuring access (see these interpretations of the hazcom standard, 1910.1200).

So long as you can demonstrably meet the requirement of ensuring access, from a compliance standpoint you should be in good shape. That said, I’m sure you have processes in place that can also help you comply with the hazcom standard, such as:

  • Hazard surveillance rounds
  • Spot-checking during fire drills
  • Annual evaluations of the hazardous materials and waste management program

Thus, these activities become the source of data in support of, or in opposition to, your organization’s compliance.

But wait-we’re not done spinning this one . . .

Return of the son of the risk assessment process

In speaking with folks over the last few months, there is still a great deal of interest–though I stop short of characterizing it as confusionary (I love to make up words, much like The Colbert Report)–about risk assessments.

In particular, people want to know how to do a risk assessment, what it needs to look like, what are the surveyors looking for, etc.

Don’t be thinking about this so much as a show and tell endeavor, but rather an establishment of a process that helps you identify the risks for which your organization is most vulnerable. And the key point relative to survey is that you know best what the risks are and how to evaluate them.

As a word of caution, a process does not usually involve a single step, so please, please, please refrain from manifesting your hazard surveillance rounds as being analogous to a risk assessment. The rounds are an important part of the process to be sure (it’s tough to proactively identify those pesky risks unless you go out and look for them), but they’re not the whole process.

Stay safe,
Steve Mac.

A statement of the survey conditions

So, what’s up in the 2007 survey year?

The short (and not at all sweet) answer-environment of care RFIs! And with no end in sight as far as 2008 is concerned.

An interesting, related phenomenon to the rise of RFIs in the EC is how they’ve impacted the world of the survey coordinator. But let’s take look at the level of exposure.

Currently, there are 24 EC standards, which means there are 24 opportunities in the EC by which organizations can receive an RFI (and that number will rise to 31 in 2008 with the newly configured emergency management standards). When you’re dealing with an increasingly shrinking threshold for conditional and/or preliminary denial of accreditation (use this link to see the thresholds for your organization:, having this much potential for adding to the RFI “nut” creates concern on the part of survey coordinators everywhere.

And, of course, we have the presence of two standards that can result in conditional or preliminary denial without getting a whiff of a threshold:

  • EC.5.20, EP #5-Sufficient progress toward the completion of your PFIs
  • EC.5.50, all three EPs-Identifying and implementing interim life safety measures

I think that we can stipulate that many, if not most, survey coordinators have a fairly limited comfort zone when it comes to all things great and EC. But a common theme has been bubbling to the top this year, and that is the sweeping assurances from the EC folks in the hospital that everything is A-OK, only to find that the survey teams have a significantly differing assessment.

As we continue through the process, it is quite possible that you’ll see more input from resources external to your organization (perhaps, dare I say, in the guise of consultants-please don’t shudder at the thought). And so, it may become a big part of your job to “manage” these resources to the benefit of your practice and your organization.

My best advice, consultative though it may be, is to reach out to the folks charged with managing the survey process in your house. Your input in the decision-making process might be the difference between a torturous review of your program and an opportunity to use this external voice to advocate for your position.

Tired of waiting for a Joint Commission survey?

Well, up here in the Northeast, there’s a wee hint of fall in the air, and a not-so-young man’s fancy turns to thoughts of what’s in store in the closing months of the year and the opening of the 2008 unannounced survey season (which I suspect is the last year that we can depend on our survey “years” actually being a 12-month timeframe).

As I look around the healthcare safety world, I sense the stirrings of a couple of different “emotions”:

  1. Impatience by those organizations that have not yet been surveyed this year (those of you who have already received your visitors, I would have to count you as being luckier than those playing the waiting game)
  2. Concern by those organizations for whom the window opens on January 2, 2008, or thereabouts (though we’re not in panic mode, yet)

For both groups, this past Monday amounted to something of a line of demarcation. Even with some leeway on the calendar, summer is pretty much over, and so it’s time to ratchet things up-the British are coming, the British are coming!

Some folks are looking at three months to get things going in the right direction, while others know with a certainty that their survey window is closing little by little and every day the survey looms a little larger.

For the 2008 group, if you have not done so in the past six months or so, I would encourage you to conduct as comprehensive an assessment of your safety program as possible. If you have issues at the moment, you’re going to have a most difficult time establishing a reasonable track record, so best to jump on it now.

If you will, conduct a mini-periodic performance review of your organization’s compliance at the EP level – dot every “i” cross every “t.”

For the 2007 folks, my sympathies, for I’ve been working with a couple of clients who are expecting their Joint Commission visit any day now and have been since this past January. I’ve experienced the “ramp up” of intensity each week until the first day of the week passes (Mondays for the organizations with 5-day surveys; Tuesday for the 4-days, etc.), and then everyone breathes a collective sigh of relief when the surveyors don’t come that week.

This roller coaster may well be the most challenging survey “risk” to manage, at least for the first time out. Afterwards, it’s all constant readiness, right? Right! And, as I’ve said any number of times, the Joint looks much better in the rearview mirror as you drive away!

Looking at security’s rules of engagement

There’s been a fair amount of media coverage relative to workplace violence in general and healthcare in particular. As safety professionals, we clearly have an obligation to enact whatever prudent measures are necessary to appropriately manage the risks associated with potential for violence in our workplaces.

Since we’ve already talked a bit about risk assessments in general (and by the way, there’s a pretty good assessment form regarding violence and aggression available here), I want to talk a little bit about one of the interventions that seems to be gaining a bit of popularity-the use of armed security officers.

Somehow in the midst of all my work-related activities, I managed to miss the event in Houston in April in which a father was Tasered by a hospital security officer while holding a newborn (use this link to check out the latest on the story, including video footage of the discharge of the Taser).

Even before I saw the footage, I have to admit that I was rather horrified at the description of the event. From a risk management and general liability standpoint, I’m just not keen on aggressively pursuing someone holding an infant (though it appears there was some indication that the father in this case was attempting to leave with the infant in some sort of custody dispute).

I’m seeing the use of armed security officers in hospitals much more frequently, and I am always curious about how well-defined the rules of engagement might be, whether they include the use of lethal force, what education has been provided, how are competencies assessed, etc.

Now you might want to call me a yellow-bellied, Massachusetts liberal type, but I’m really curious about how folks feel about this particular event. Clearly, there are opinions to be had by a great many people, some of whom will probably be involved in the pending lawsuit, but purely as a function of process, what’s up here?

If you were to use this case as a training example, how would you characterize this officer’s actions as a learning experience? Are their improvement opportunities to be had and, if so, what are they? I can’t help but think that The Joint Commission might have similar questions to ask the folks at the Houston hospital in question. If you were in a surveyor’s shoes, what would you say?

A safety committee topic we can all toast to

How well does your safety committee manage “telling people what to do”?

In reviewing safety committee minutes in all different parts of the country, I’ve run into a certain reluctance to mandate compliance with sensible safety practices. The most common issue I’ve encountered is the management of heat-producing appliances in various departments. Yes, I am talking about toaster ovens, household-use toasters, household-use coffee makers and other appliances of that ilk.

I personally think that toaster ovens are among the most risky pieces of common-use equipment I can imagine. You can put something in it, set the temperature, and walk away from it – with the common refrain being, “What’s that smell? Oh, $@?&!!”

When I encounter these appliances during mock surveys, I ask what folks what they’ve done to manage the risks associated with these devices, and the response is frequently a shrug.

Now I don’t advocate an obstreperous approach to enforcement activities, but it is certainly a weapon to have in your arsenal (sort of along the lines of nuclear proliferation – we don’t want to have to go there, but if you insist, we will).

Sometimes corrective measures are perceived as being optional, even when there is a clear advantage to adopting those measures as a standard of practice. But – and I quote one of my former boss’ favorite sayings – you can’t mandate intelligence and in those instances, you sometimes have to mandate a practical application.

I know we didn’t get into this field to boss people around. But sometimes there’s very little standing between disaster and any number of folks working for us. Sometimes you have to risk being a wee bit prickly in order to keep your safety roses in bloom. And that’s enough mixing of metaphors for this session.

So, until next time, this Safety Mac Daddy is signing off…

By the authority granted to me…

An item that I’ve been encountering a more frequently of late revolves around the charge-or perhaps, more appropriately, the authority-of the safety officer or, indeed, the safety committee.

Now EC.1.10, EP #3, requires each organization to identify a “person(s) to intervene whenever conditions immediately threaten life or health or threaten damage to equipment or buildings.”

That’s pretty heady stuff, which leads me to a couple of questions for all you reading to think about:

  • How comfortable are you, as a safety professional, with the extremes of this interventionary authority? How “immediate” would the threat need to be before you felt comfortable with stopping work, sending someone home, etc.?
  • How much support would your boss give you if you played this card?
  • Have you ever had to invoke this authority?

Let’s talk more about this next time.

Steve Mac.