Protecting Patients and Providers During a Pandemic: What Can Data Tell Us?

August 23, 2021

By Arvind Kumar; Dennis Antishin; and Abraham Morse MD, MBA.

Lessons Learned for the Next Crisis

While the coronavirus continues to evolve, there is light at the end of the tunnel, although we still have a ways to go regarding vaccination and the recovery of regional economies. Now is the time for health care organizations to capture lessons learned from the pandemic and identify improvement opportunities. Organizations have an opportunity to embed learnings and responses to the pandemic that proved effective and examine the risks that need more attention. Diving deep into data from the past year can reveal the operational, strategic and tactical changes needed to bolster resiliency for the next crisis. 

Helping health care organizations to harness data to fuse leading indicators of risk across disparate systems, identify optimal controls to embed in their workflows and Electronic Health Record (EHR), and better manage risk and improve operational efficiency is vital work. Here are six key areas to evaluate and help prepare for the future.

1. Assuring Patient Safety in a Crisis

As part of The Joint Commission accreditation process, every hospital must have an Emergency Management (“EM”) plan that lays out guidelines to remain operational in the event of crisis: environmental disaster, terrorist attack or mass-casualty event. Typically concerned with staffing, supplies, communication, technology, utilities and clinical activities, part of a robust emergency management plan should specifically address gathering patient safety data to be used post-crisis. As we begin to plan for post-pandemic life, now is the time to review how effective your emergency management plan was and where there were gaps. Retrospective analysis should include:

  • Identify the vulnerabilities and lack of resilience of the plan that impact patient safety.
  • Identify data and metrics that can be electronically captured during the next crisis, with minimal required human resources, to be analyzed post-crisis so that you can optimize performance and intervene in potential patient safety threats that might have been generated by the crisis. Also, as you identify items that did not work well, determine which patients may be at risk and in need of follow-up.
  • Look for triggers in your patient safety reporting system and any patient complaint reports from the dates of the crisis that offer insight into problems created that you didn’t have time to recognize.
  • Look outside your organization and partner with other institutions to share lessons learned.
  • Pre-position communication technologies that can be used to inform and manage staff who are working remotely, and assure risk management of remote workers with access to clinical or legally important data.

State regulations may require every acute care hospital to have some sort of patient safety reporting system, but the extent to which it is used or captures data varies. Staff needs technical training to enter incidents in an effective manner to improve patient safety data capture. A cultural shift is also critical for staff to have confidence that if they enter incidents into the patient safety reporting system, it will be used for continuous learning.

The role of data is very important in times of crisis, as is being able to mine it post-crisis for learning insights around your EM plan. Don’t squander the opportunity to update your playbook accordingly and strengthen your organization. ^TOP

2. Rapid Risk Evaluation and Risk Remediation Guidelines

Now that the worst of COVID-19 is hopefully behind us, it’s time to debrief, assess whether your efforts and preparedness measures were effective, and codify changes into your playbook so it can evolve for the next crisis. Given what we have seen over the past year, these are the areas we recommend focusing on:

  • Protocols and guidelines. During the crisis, clinical and operational teams had to make protocol and guideline changes rapidly to keep up with the quickly evolving environment and health care needs. Normally, the patient safety and quality teams have adequate lead time to evaluate protocol changes, write guidelines, monitor the process and measure outcomes. The pandemic accelerated that process, and some organizations may have partially suspended their quality and safety programs to a certain extent to focus on emergent care delivery. Post-crisis, assess if new controls to prevent patient harm and malpractice risk from unintended consequences of rapid change were built into your policies, monitoring and EHR. Also, assess whether your playbook identified all cross-disciplinary team members who were engaged in the crisis response.
  • EHR deployment. Assess whether your EHR sociotechnical system was able to rapidly adapt, test and deploy new protocols in your EHR system or operational guidelines to mitigate risk. It’s important to note which of the controls are episodic and which are permanent to operations and workflows. Health care organizations often find it helpful to use an external view to assist leadership to take the time to reflect, identify issues, and ensure risk signals are being captured and mitigated.
  • Data extraction and reporting. New policies and procedures require organizations to extract data and generate reports that provide insights and are easy to consume. Use the analytics and surveillance capability built into your EHR, along with med-mal claims, patient complaint and patient safety systems data that occurred during crisis to identify risk remediation efforts for the future. Since many organizations have limited capacity, such as data scientists and other internal resources to accomplish these tasks, consider engaging external experts who can help you mine the data, identify actionable risk and safety hot spots, and identify/recommend automated, operations-based and policy-based countermeasures.
  • Digital tools. This is a good time to conduct virtual health triage. Many organizations had to rush investment in video conferencing and virtual encounter-capturing software and hardware when it became clear that was the only way to see patients. It’s worth rationalizing and determining if you have the right solution going forward and whether there was a way to make an urgent decision in a way that would have been more effective and led to a better choice. Examine what worked and what other digital tools may be required going forward. Review how you maintained enterprise operations with a distributed workforce and if the secure communications tools you put in place were robust enough. Finally, virtual health tops the list of technologies to be universally adopted; assess what future investments in virtual health will be required.
  • Clinical Decision Support (“CDS”) tools. Assess whether any new content in your CDS tools is helping to automate quality and safety into your EHR. Also, determine if there is a need to create a temporary version of your EHR Clinical Decision Support System that recognizes the different needs and threats in a crisis. For example, significant reduction in “best practice advisories” when you don’t have the time or staff to follow them. Using clinical decision tools in a way that they help clinicians follow protocols and document them (but don’t get in way of individualized patient care) is always the goal, but it takes time and attention to achieve. Working with frontline staff and clinical and IT leaders and consultants can help shoulder some of the load for this important task.  ^TOP

3. Agile Workflows and Staffing

Health care organizations and leaders were tested during the pandemic. The most successful were able to assemble high-functioning teams to care for the surge of COVID-19 patients and retain employees during furloughs and quick-moving staff changes. They also demonstrated the resilience required during the crisis to deal with constantly evolving challenges.

As patient volumes return, it is important for leaders to understand the impact of changed workflows and staffing such as in the emergency department, infection control, transport center, respiratory care services, as well as facility reconfiguration and materials management. Assess whether workflow changes should be made permanent, revert to pre-pandemic, or evolve into a better design for the future. Identify strengths and learnings that can be applied for care system redesign and staffing models (e.g., cross-training) at a service or department unit and enterprise level.  ^TOP

4. The Role of Virtual Health and Digital Ecosystem.

Virtual health technology played a pivotal vital role in maintaining the continuity of care for patients during the pandemic's early days. Over the past year, it has become widely recognized as a reliable mechanism to promote patient access and will fundamentally change how outpatient care will be provided in the future. The ability to provide remote patient assessments and remote supervision and management of local resources is also set to transform high acuity care by allowing for “hospital at home,” even “ICUs at home,” and relocation of time-consuming procedures such as peritoneal dialysis and fetal monitoring.

The new virtual care delivery model carries unintended consequences that can lead to risk. Before settling in for the future, organizations must assess if the ecosystem they ended up with during a rushed pandemic implementation will serve them going forward. Now is the time to identify gaps and potential risks, and develop measures to mitigate those risks. Here are seven topics to guide discussions regarding deploying virtual health technology:

  • Effective collaboration. During the crisis, organizations needed to rely on a multidisciplinary team of internal IT personnel, clinical teams and multiple external virtual health vendors to collaborate and scale services to meet increased patient demand. As these vendor relationships will continue to be necessary in the future, assess whether the collaboration was effective or if it needs to evolve. Learn from what worked and what didn't, and identify what you need to do to embed a culture and infrastructure of efficient collaboration, both internally and with external technology teams.
  • Appropriate technology, tools and training for quality encounters. Beyond HIPPA-compliance and required functions, assess your technology choice through a clinical lens. Get feedback from clinicians to ensure the chosen technology is working for them. They will have powerful insights on whether the tools are minimally obstructive to conducting effective encounters. Virtual health care delivery can lead to increased risk in communication during a patient interaction. For example, did the patient have adequate bandwidth to ensure consistently reliable videoconferencing, and did they hear everything said by the clinician? Building safeguards to close the loop on digital encounters can reduce that risk. Also, look at training and competency. Did all providers have the training they needed to use these new tools? Make sure to document the training process, participation by providers, and demonstration of competencies that will help in defensibility in case of compliance questions or potential legal action. Lastly, organizations may need to implement a new set of measures for patient satisfaction surveys, as the technology deployed can shape the patient experience.
  • Patient support. Patients also needed to learn about this new care delivery method quickly. Assess whether your communications were effective or if there were gaps. Many organizations posted how-to guides on their websites and offered IT support to patients. Interacting with health care consumers is a very different role than providing internal support to clinicians. If you haven't already built easy-to-use tools and deployed them in an easy-to-access platform, now is a good time to consider the approach.
  • HIPAA and IT security issues. Every health care organization had to quickly think about and address privacy and security issues that arose during the pandemic. Take the time to assess if the implementation of digital health policies impeded the overall ability to conduct virtual health encounters and if the people who needed unfettered access were able to have it. Providing system access while many people are working remotely is a different, more challenging IT security concern than ensuring that computers in a building behind a physical firewall are secure.
  • Documentation, coding and billing integration. Assess how well your organization collected information via new technologies and how they were integrated with your EHR. Pre-pandemic, clinicians could gather patient data in-person, such as blood pressure, glucose testing results, fetal heart data and more. With virtual care, clinicians had to rely on patient self-reports or collect it with new technology. When compliance and payor reimbursement are contingent on documenting these measurable parameters and incorporating them into a care plan, it is essential to completely and correctly capture this data.
  • Provider to provider communication. Pre-pandemic, the clinician workforce was already being deployed more broadly and relying more on synchronous and asynchronous communication technology for teaming and consultation. This trend will likely continue. Fewer face-to-face dialogues and team meetings and more electronic communication introduces multiple risks, including unreliable patient workflows and failures of loop closure that can cause significant patient harm and increase the risks of regulatory, legal and brand impacts. Assess your processes to ensure communication is secure and there are no gaps in care or in clinical-facing staff levels to provide virtual health availability.  ^TOP

5. Dynamic Risk Management

Health care organizations normally have the ability to periodically assess patient safety and quality of care issues, analyze what went wrong and determine what needs to be improved. A Dynamic Risk Management system truly becomes dynamic when it helps health care organizations identify controls that will mitigate risk and accelerate solutions toward favorable outcomes. That includes the clinical: reducing patient safety events and med mal claims; as well as the financial: pinpointing fraud, waste and abuse. By controls, we mean targeted, automated, operations- and policy-based countermeasures that can be integrated into an organization’s systems.

There is no question that the pandemic eliminated that luxury, creating multiple new risk exposures and related liability and compliance issues for health systems and hospitals around the globe. Some of these risks were related to the rapid implementation of telemedicine, lack of PPE, new ways of communicating and the use of retired clinicians, medical students and volunteers as well as expanding the responsibilities of non-licensed personnel. All of these new risks could result in individuals making judgement calls that proved to be wrong and mistakes such as patients being misdiagnosed or provided the wrong treatment.

In health care, risks have a web of potential causes and far-reaching consequences. Now is the time for risk managers to recognize the potential new liabilities and exposures related to COVID-19 and ensure that temporary operating procedures and controls that were hurriedly put into place are made permanent or are reassessed and improved. If your health care organization has risk management systems in place, assess how they performed and how adaptive your processes and controls were in addressing risk. If you do not, implement a system to aggregate and analyze all of your risk signals and look for new trends and new concentrations of risk.

During the crisis, regulatory bodies loosened or eliminated many requirements. Post-crisis, health care organizations must review those requirements, determine what will be permanently allowed (such as telehealth) and what rules will return to pre-crisis status.

What Is Dynamic Risk Assessment?

For health care organizations, dynamic risk assessment is a continuous process of identifying hazards, assessing risk, taking action to reduce risk and then monitoring—all in a rapidly changing circumstance. It is active surveillance of the risk management spectrum for an institution and taking a proactive approach rather than being reactive to an individual high-value patient safety incident or medical malpractice claim. Health care delivery organizations need a holistic view of risk data: medical malpractice claims, safety events, patient complaints, social media monitoring, Workers’ Compensation incidents and other risk signals to help organizations identify trends and repetitive events or occurrences that identify where to focus their energies and reveal emerging risks.

Begin gathering structured and unstructured data from disparate systems and integrate it using a proprietary set of tools. Then analyze the full spectrum of risk signals to apply risk mitigation strategies including automated controls in the EHR configuration. Hospitals of all sizes can take advantage of this advanced approach by embedding more robust controls from advanced learnings into their EHR, beyond the built-in standard configuration.

A Controls Framework

The goal of any controls framework is to achieve zero transgressions through implementing various levels of controls. When considering patient safety and professional liability issues, implementing controls ensure you prevent the problem from repeating. The target is to continually strive to achieve zero harm, and the controls framework helps to decrease the volume of cost, claims and avoidable mistakes.

When it comes to controls, there is a hierarchy of effectiveness applying detective and monitoring controls leveraging extant automation capabilities:

  • The most effective are the automated controls discussed above. However, in the absence of automation capability process controls can be implemented.
  • The next most effective are monitoring controls, in which the process owner is reviewing all of the clinical care, perhaps in a specific area or relative to a specific output and identifying potential problems before they reach the patient, typically reported by exception.
  • The third most effective kind of control is a training control, strengthening staff education on adoption and use.
  • The least effective control is a policy control, where clinical by laws and protocols are adopted in conjunction with monitoring and automated calls under a certain protocol.

Within that hierarchy, the difficulty and resources required to implement them are reversed. It’s easy to write a new policy control, but by itself it does not serve as an effective countermeasure. Hospitals’ and health systems’ staff need to know how to interface with the information systems infrastructure of a health care organization to identify and implement automated controls for maximum effect. Not only are they the most effective, but they are also actually the least expensive once they are implemented because they don’t require increased staffing levels. For example, a robust library of EHR controls can be easily implemented and configured in health care systems to reduce avoidable patient harm.

Return on Investment (“ROI”)

Organizations can realize a significant reduction in indemnity losses, reduction in claims management costs, improved value-based reimbursement performance, and optimized reserve capital allocation over a period of two to five years—millions of dollars in projected financial benefit. Dynamic Risk Management delivers ROI by managing risk volatility and decreasing the overall cost of professional liability and serious patient harm.

There are several components to professional liability, foremost of which is reducing the number and severity of medical malpractice claims. This reduces overall indemnity costs. In addition, through proper configuration of the EHR and proper monitoring of the way documentation is produced, organizations can create a better documentation, which translates into more effective defense of cases—which can reduce claims defense cost—all a substantial part of a health care organization’s overall costs.  ^TOP

6. Benchmark Risk Mitigation Learning and Performance

The pandemic has driven home the need to compare and contrast learning and performance across health care organizations, which has two valuable aspects.

The first is monitoring the trends within your own organization, looking for high-level patterns. Organizations should track risk management indicators over time, such as:

  • Are your number of claims per provider going down or up?
  • Is the cost of defending the average claim going down or up?
  • Is the average indemnity (amount paid out to a patient or family) going down or up?

Following trends such as these in your organization can help set a baseline and determine if your risk mitigation efforts are successful.

Secondly, in order to fully make use of data being gathered, organizations must benchmark themselves against like external organizations. Benchmarks are generally available through trade organizations, publicly available research and vendors to provide external benchmarks for internal trends to help drive performance. Regular interaction with professionals around the country who are involved in research and assessments can also provide additional trends data. 

The pandemic tested health care organizations. Moving forward, hospitals and health systems must build a risk infrastructure that is shaped for the future, one that is agile and responds to learnings in the moment. There is little doubt that there will be another crisis, and we must be prepared for it.  ^TOP

About Arvind P. Kumar

Arvind Kumar is Managing Director in the Health Care Services Group and Head of Digital Health Services within the firm.