Patient Safety Workshop 2 · 2017. 7. 18. · Laparoscopic or “minimally invasive” surgery is a...
Transcript of Patient Safety Workshop 2 · 2017. 7. 18. · Laparoscopic or “minimally invasive” surgery is a...
Patient Safety Workshop 2:
Healthcare risk management (solid foundations to manage uncertainties that matter)
Workshop resource and reference manual
Dr. Luke Feeney
Page 2 of 23 LF, July 2017
Table of Contents
About this manual and our workshop ................................................................................... 3
Workshop outline ................................................................................................................. 3
Activity 1: Setting workshop objectives ................................................................................ 4
A risk management framework ............................................................................................ 5
A risk management process ................................................................................................ 6
Activity 2: Learn by watching - the basics of risk management ............................................ 7
Activity 3: TEAM-based risk identification 1 ......................................................................... 8
Activity 4: TEAM-based risk identification 2 ....................................................................... 10
Activity 5: TEAM-based risk identification 1 - revisited ....................................................... 11
Activity 6: TEAM-based risk estimation .............................................................................. 11
Activity 7: TEAM-based risk evaluation (Facilitator-led) ..................................................... 15
Activity 8: TEAM-based risk control ................................................................................... 16
Activity 9: Workshop reflection and commitments .............................................................. 18
Final thoughts .................................................................................................................... 19
References ........................................................................................................................ 20
Appendix A: Risk metalanguage guidance ........................................................................ 21
Appendix B: The PRACT guide to critical control option assessment ................................ 22
Page 3 of 23 LF, July 2017
About this manual and our workshop
This workshop resource manual accompanies the HMC Patient Safety Awareness Week practical,
facilitator-led “Healthcare risk management” workshop.
In our workshop today you will work in Teams to practically apply an evidence-based, international risk
management framework (adapted from ISO/IEC, 2011) within a healthcare case study context using a
selection of evidence-based methodologies (adapted from Hillson, 2010; ISO, 2009; ISO/IEC, 2011; National
Patient Safety Agency, 2006) to promote/evolve your critical understanding of how risk management can
truly be the foundation for effective patient safety.
I hope you will also gain "insider" tips and techniques for potentially improving your existing risk management
approaches, irrespective of their current frameworks and methodologies.
Enjoy!
Workshop outline
1300 - 1715
(with a break!)
1. Workshop introduction, context, definitions and why managing risk is one of the most
effective, proactive patient safety activities you can carry out…
2. An evidence-based risk management process (step-by-step) appropriate to meet the
requirements of a healthcare organisation facilitated through team-based practical hands-on
activities, exercises and debate.
3. Workshop review, reflection and close.
Please note: Not all of the activities presented in our manual may be completed in our workshop today as
it has been designed to be highly practical, participant-centred with critical questioning and debate hugely
encouraged!
Page 4 of 23 LF, July 2017
Activity 1: Setting workshop objectives
This activity is designed to identify what are the workshop objectives of you and your fellow participants
(INDIVIDUAL and TEAM-agreed).
We are “beginning with the end in mind”, the 2nd
habit of the “7 Habits of Highly Effective People”
according to (Covey, 1989).
INDIVIDUALLY reflect and identify what are your objectives for attending our risk management workshop.
Share INDIVIDUAL expectations and work together to produce a single, TEAM-agreed objective:
[Please note: Each of TEAM-agreed objective shall be recorded by your facilitator to act as guiding “performance scoreboard” for our workshop].
[5 minutes to complete]
Page 5 of 23 LF, July 2017
A risk management framework
The evidence-base suggest that organisational risk management activities MUST be an integral part of the
way that your healthcare organisation delivers its services to the extent that it is embedded in the very values
and culture of your organisation - "just the way we do things around here!" (Health Services Executive, 2011;
ISO, 2009; National Patient Safety Agency, 2006).
The careful implementation of an evidence-based organisational (enterprise-wide) risk management
framework can embed the key values and principles of risk management throughout your healthcare
organisation - from senior management to the “sharp end” - as well as provide the solid foundations for its
continuous effectiveness (ISO, 2009).
Such a framework is presented in Figure 1.
Figure 1: A best practice risk management framework
(Adapted from ISO, 2009)
Page 6 of 23 LF, July 2017
A risk management process
Implementing risk management, often described as the "risk management process" itself, is a key
component of your organisational risk management framework and activities. The risk management process
fits into the integrated and inter-dependent risk management framework presented in “Figure 1” as
component "3. Implementation of risk management based on a best practice methodology".
Figure 2 details an evidence-based risk management process component which commences with
establishing context, then executing risk assessment (incorporating risk identification, estimation and
evaluation), identifying and applying risk controls and culminating in ensuring appropriate risk acceptance,
with key decision points indicated in the process. The entire process is wrapped in continual monitoring and
review to ensure rigor and consistency, with communication and consultation a crucial requirement
throughout to ensure the engagement and involvement of/with the key, relevant stakeholders.
Figure 2: A best practice risk management process
(Adapted from ISO/IEC, 2011)
Ris
k m
on
ito
rin
g &
revie
w2. Risk assessment
1. Establish context
2.1 Risk identification
2.2 Risk estimation
2.3 Risk evaluation
3. Risk control
Ris
k c
om
mu
nic
ati
on
& c
on
su
ltati
on
4. Risk acceptance
Decision point #1:
Assessment satisfactory?
Decision point #2:
Control satisfactory?
YES
NO
NO
YES
Page 7 of 23 LF, July 2017
Activity 2: Learn by watching - the basics of risk management
Hillson D. (2012), “Risk management basics: What exactly is it?”
http://www.youtube.com/watch?v=BLAEuVSAlVM&feature=youtube_gdata_player, accessed 24.02.2017.
“The Risk Doctor” explains how to structure risk processes by asking (and answering) six simple
questions.…
YOUR thoughts, top of mind, as you watch the video:
TEAM-agreed key learning:
[5 minutes to complete]
Page 8 of 23 LF, July 2017
Activity 3: TEAM-based risk identification 1
3.1 Context: Laparoscopic surgery:
Laparoscopic or “minimally invasive” surgery is a specialized technique for performing surgery which uses
several 0.5cm - 1cm incisions called “ports”. At each port a tubular instrument known as a “trocar” is
inserted (a trocar is a pen-shaped instrument with a sharp triangular point at one end, typically used inside
a hollow tube, known as a cannula or sleeve, to create an opening into the body through which the sleeve
may be introduced to provide an access port during surgery). A camera (laparoscope) and specialized
surgical instruments are then passed through the trocars to facilitate completion of the procedure.
The “closed-entry” (classic) laparoscopic technique involves creating a “pneumoperitoneum” by inflating the
patient’s abdomen with carbon dioxide to create separation between organs as well as increase the internal
space available for manipulation of surgical instruments. This “insufflation” process is often performed
using a Veress needle prior to placement of the primary trocar. The Veress needle is inserted in the
umbilical area, in the midsagittal plane, with or without stabilizing or lifting the anterior abdominal wall.
Once insufflation is complete and the primary trocar inserted, a laparoscope is introduced and thereafter
secondary trocars can be placed under direct laparoscopic observation to minimise risk of injury.
3.2 Identify 3 x risks:
Critically consider and debate the risks associated with the “closed-entry” laparoscopic technique described
in “3.1 Context” and, as a TEAM, agree and record what you believe to be the TOP THREE (3) highest
priority patient safety risks which will need to be addressed to ensure reliable, consistent and safe
laparoscopic surgery will take place.
Please record your risks in row 3.1A, 3.2A and 3.3A respectively on the next page (P.9).
Page 9 of 23 LF, July 2017
TOP THREE (3), TEAM-agreed, highest priority patient safety risks associated with the “closed-entry”
laparoscopic technique (please ensure you record in rows 3.1A, 3.2A and 3.3A only!)
3.1.
A
B
3.2.
A
B
3.3.
A
B
[7 minutes to complete]
Page 10 of 23 LF, July 2017
Activity 4: TEAM-based risk identification 2
Critically review the risks recorded in the risks presented register below and indicate whether your TEAM
believes the risk statement is actually describing a risk or not ("Yes/No" column). Please also indicate the
reason for your TEAM choice ("Rationale" column).
Objective: To transport blood products using a contracted 3rd party driver and car (external
supplier) from YOUR HOSPITAL to Hospital B. at 1400 today.
Recorded risk Yes/No? Rationale
4.1. The blood products will not get from your
Hospital to Hospital B.
4.2. The driver could be late and miss the pick-up
from your Hospital.
4.3.
The driver may skip lunch due to the timing of
pick-up and delivery, and therefore may get
hungry during the delivery journey.
4.4.
As your Blood Bank is short-staffed, the
blood products may not be prepared/ready in
time for the pick-up and hence the transfer to
Hospital B. will miss the delivery deadline of
1400 today.
4.5.
Very busy road traffic will significantly delay
the driver in reaching Hospital B. by the
appointed time of 1400 today.
[5 minutes to complete]
Page 11 of 23 LF, July 2017
Activity 5: TEAM-based risk identification 1 - revisited
Based on your evolving knowledge of an evidence-based method for risk identification, please review the
construction of your TEAM’s risk statements/descriptions recorded in rows 3.1A, 3.2A and 3.3A of “Activity
3” and re-write using "risk meta-language" (for guidance please refer to Appendix A) to ensure high quality
risk statements. Please record your re-constructed risk statements/descriptions in rows 3.1B, 3.2B and 3.3B
respectively on P.9.
[10 minutes to complete]
Activity 6: TEAM-based risk estimation
Following the risk estimation guidance provided below, critically apply the adapted National Patient Safety
Agency (2006) risk assessment and management program to carry out a risk estimation exercise for the
THREE (3) highest priority risks identified in Activity 5 using the template provided in “Table 6.1.
6.1. Assign a unique “Risk ID” in the 1st column (this allows tracking through a risk management system).
6.2. Assign a “Risk owner” in the 2nd
column (the context of your healthcare organisation is important).
6.3. Record your risks in the “Description of Risk” column (as re-written in “Activity 5”).
6.4. Using “Table 6.2: Risk impact estimation (grading, rating)”, collaboratively determine your impact
score (I) for the risks identified and record in the “Impact (I)” column.
6.5. Using “Table 6.3: Risk likelihood of occurrence estimation (grading, rating)”, collaboratively
determine your likelihood score (L) for the risks identified and record in the “Likelihood (L)” column.
6.6. Calculate (“estimate”) your risk ratings by risk multiplying your impact (I) score by the likelihood (L)
score in the “Table 6.1” and detail in the “Risk estimation (I x L)” column.
[15 minutes to complete]
Page 12 of 23 LF, July 2017
Table 6.1: Risk identification and assessment template
(Health Services Executive, 2011; ISO, 2009; Adapted from National Patient Safety Agency, 2006)
Risk
ID Risk owner Description of risk (risk statement)
Risk assessment Risk
estimation
(I x L)
Risk
evaluation
(L, M, H, EH) Impact
(I)
Likelihood
(L)
Page 13 of 23 LF, July 2017
Table 6.2: Risk impact estimation (grading, rating):
(Adapted from National Patient Safety Agency, 2006)
Work along the columns to assess the severity of your risk on the scale from 1 to 5 to determine the impact score (number indicated at the top of the column).
IMPACT DOMAIN Negligible (1) Minor (2) Moderate (3) Major (4) Extreme (5)
Impact on the safety
of our patients, our
staff or the public
(includes physical
and/or psychological
harm)
Event (adverse or
otherwise) resulting in a
minor injury which:
Requires minimal
intervention or
treatment.
Does not require any
time off work for the
injured person.
Does not impair
psychosocial
functioning - that is
aspects of the injured
person’s social and
psychological
behaviour.
Minor injury or illness
requiring first aid
treatment and potentially
resulting in:
Less than three (3)
days off work or
debilitation.
One (1) to three (3)
days stay in hospital.
Impaired
psychosocial
functioning greater
than three (3) days
and less than one (1)
month.
An event which impacts a
small number of patients,
staff or the public and/or
may also result in
moderate injury requiring:
Professional medical
intervention or
treatment e.g. a
fracture, counselling,
etc.
Report to an external
agency.
Four (4) to 14 days
off work or
debilitation.
Three (3) to eight (8)
days hospital stay.
Impaired
psychosocial
functioning greater
than one (1) month
less but than six (6)
months.
Mismanagement of
patient, staff and/or public
care with long-term
effects and/or major
injuries leading to long
term incapacity or
disability (physical or
emotional) requiring:
Medical treatment
and/or counselling.
Fifteen (15) or more
days off work or
debilitation.
Nine (9) or more
day’s hospital stay.
Impaired
psychosocial
functioning greater
than
six (6) months.
Incident leading to
DEATH or major
permanent incapacity.
Event which impacts a
large number of patients,
staff or the public.
Permanent psychosocial
functioning incapacity.
Page 14 of 23 LF, July 2017
Table 6.3: Risk likelihood of occurrence estimation (grading, rating):
(Adapted from National Patient Safety Agency, 2006)
What is the likelihood of the impact occurring? TIME-FRAMED-based and GENERAL frequency-based likelihood calculators are presented below which are
appropriate in most circumstances.
Likelihood “TIME-FRAME-BASED” scores with descriptors and example definitions
Score: 1 2 3 4 5
Descriptor: Rare Unlikely Possible Likely Almost certain
Frequency: Not expected to
occur for years
Expected to occur
at least annually
Expected to occur
at least monthly
Expected to occur
at least weekly
Expected to occur
at least daily
Likelihood “GENERAL FREQUENCY-BASED” scores with descriptors and example definitions
Score: 1 2 3 4 5
Descriptor: Rare Unlikely Possible Likely Almost certain
Frequency:
How often might
or could the risk
occur?
This will probably
never happen or
recur
We do not expect
it to happen or
recur but it is
possible it may do
so
It might happen or
recur occasionally
It will probably
happen or recur
but it is not a
persisting issue
It will undoubtedly
happen or recur,
possibly
frequently
Page 15 of 23 LF, July 2017
Activity 7: TEAM-based risk evaluation (Facilitator-led)
1. Following the risk evaluation guidance provided below, continue to apply the adapted National Patient
Safety Agency (2006) risk assessment and management program to carry out a risk evaluation exercise
for the risks identified and estimated in "Table 6.1” of “Activity 6”.
2. Refer to “Table 7.1: Risk estimation (rating, grading)” and "Table 7.2: Risk Evaluation (guidance)"
for guidance to collaboratively evaluate your risks and record risk evaluations outcome for each risk in
the “Risk evaluation (L, M, H, EH)” column of “Table 6.1” in “Activity 6”.
[5 minutes to complete]
Table 7.1: Risk estimation (rating, grading):
(Adapted from National Patient Safety Agency, 2006)
Likelihood
1 2 3 4 5
Impact score Rare Unlikely Possible Likely Almost certain
5 Catastrophic 5 10 15 20 25
4 Major 4 8 12 16 20
3 Moderate 3 6 9 12 15
2 Minor 2 4 6 8 10
1 Negligible 1 2 3 4 5
Page 16 of 23 LF, July 2017
Table 7.2: Risk evaluation (guidance)
(Adapted from National Patient Safety Agency, 2006)
Risk rating Risk evaluation descriptor Action (suggested)
1 - 3 Low risk Maintain your existing controls (review max. 12 mths.)
4 - 6 Moderate risk Ensure regular monitoring and review of existing controls (review max. 6 mths.)
8 - 12 High risk Improve existing controls and/or add further risk controls (review max 3 mths.)
15 - 25 Extreme risk Strengthen existing risk controls and/or add further risk controls immediately.
Activity 8: TEAM-based risk control
1. Brainstorm, critically identify and prioritise THREE (3) potential risk controls for the highest rated risk
your TEAM identified, estimated and evaluated in "Table 6.1” of “Activity 6” (for guidance please refer to
Appendix B).
2. Use “Table 8.1” to record and plan the implementation of the most effective/efficient control.
3. You can use “Table 8.2” to calculate the risk reduction potential of your controls and hence underpin
your prioritisation.
[15 minutes to complete]
Page 17 of 23 LF, July 2017
Table 8.1: Risk control implementation planner
(Adapted from National Patient Safety Agency, 2006)
Risk ID
Assigned priority
Control action required Assigned to Date for
completion Date for
evaluation
Table 8.2: Risk control analyser
(Adapted from National Patient Safety Agency, 2006)
Risk ID
Before risk
rating Control action
After risk assessment
After risk rating (I x L)
Risk reduction potential
(Before - After)
Assigned priority
Imp. (I) Like. (L)
Page 18 of 23 LF, July 2017
Activity 9: Workshop reflection and commitments
As a TEAM, critically reflect on our workshop and all activities completed identifying:
1. A TEAM-agreed KEY learning.
2. A commitment that the TEAM will “sign-up to”.
3. How the TEAM shall hold each other accountable for this commitment?
TEAM-agreed key workshop learning:
TEAM-agreed commitment:
As a result of this workshop all TEAM members shall commit to:
within three (3) working weeks of returning to there are of practice/work place
[10 minutes to complete]
Page 19 of 23 LF, July 2017
Final thoughts
I wish you the very best of luck in all of your risk management activities and leave you with a final
few words of risk management wisdom…
Be more risk-aware! Risk-awareness isn’t a technique; it’s a state of mind, be alert
to risk all the time.
Get integrated! Make risk management “built-in, not bolt-on” in your organization, “just
the way we do things around here!”.
Do take sensible "controlled" risks! Do not be paralyzed by risk, rather take
risk with our “eyes wide open”.
Get started & don’t ever give up! Risks do not disappear after you have
attended this workshop & your initial enthusiasm is gone - risk exposure is dynamic,
changing frequently & hence the risk process is iterative and organic.
Page 20 of 23 LF, July 2017
References
Covey, S. R. (1989). The seven habits of highly effective people: powerful lessons in personal change. UK:
Simon & Schuster.
Health Services Executive. (2011). Risk Assessment Tool and Guidance (Including guidance on application).
Quality and Patient Safety Directorate, HSE. Retrieved from
http://www.hse.ie/eng/about/Who/qualityandpatientsafety/MeasuringandLearning/SCDQIDQIProgramme/Ris
k_Assessment_Tool_and_Guidance.pdf.
Hillson, D. (2010). Exploiting Future Uncertainty: Creating Value from Risk. UK and USA: Routledge.
ISO. (2009). ISO 31000 Risk Management - Principles and guidelines. Geneva: ISO Publications.
ISO/IEC. (2011). ISO 27005 Information technology - Security techniques - Information security risk
management (2nd ed.). Switzerland: ISO Publications.
National Patient Safety Agency. (2006). Risk assessment programme overview. London: National Reporting
and Learning Service.
Office of Government Commerce. (2009). Managing Successful Projects with PRINCE2 (2009 edition).
London: The Stationery Office.
Page 21 of 23 LF, July 2017
Appendix A: Risk metalanguage guidance
(Adapted from Hillson, 2010)
In order to better identify risk, risk metalanguage can be used to construct risk statements composed of
three (3) components - “cause” - “risk” - “effect” (Figure A.1).
Figure A.1: The three (3) components required for better risk statements
This methodology results in risk statements in the following (or similar) format:
“As a result of/due to <definite cause>, an <uncertain event or risk> may occur,
which would lead to <effect on objective(s)>.”
The use of risk metalanguage can ensure that risk identification actually identifies risks as opposed to
causes or effects. Without its use, risk identification can produce a list of organization risks with a mix of
risks and non-risks (symptoms), leading to confusion, error and/or distraction later in a risk process.
It is additionally of good value to consider the following key guidance with regard to identifying risk:
Always state risks and not impacts (symptoms) arising from the risks.
Avoid stating risks which do not impact on objectives.
Avoid defining risks with statements the converse of the objectives.
Page 22 of 23 LF, July 2017
Appendix B: The PRACT guide to critical control option assessment
(Adapted from Office of Government Commerce, 2009)
Control approach Guidance
Prevent the risk
This should always be the first option considered as risk prevention is the single most
effective control available. Unfortunately the only way you can prevent a risk is to stop the
activity that generates the risk in the first place - not often possible.
For example when attempting to control the risk of staff shortages in an organization, risk
prevention would require the organization to stop providing its services completely!
Thus whilst prevention should always be the first risk control consideration, and worthy of
initial critical discussion, it will often not be a feasible control for an organization
Reduce the risk
Also referred to as "risk mitigation", this is a risk control which can reduce the impact of a
risk should it occur, reduce the likelihood occurrence of the risk or both. Returning to the
example of controlling the risk of staff shortages in a specific Dept., broad risk reduction
controls could include careful workforce planning and management and/or the use of
"agency" or "contract" staff.
If these control option examples are considered closely, it can be seen that neither control
will reduce the impact to an organisation should the risk occur, however they both can
certainly reduce the likelihood of the risk occurring in the first place.
Investigating possible example risk reduction controls further, an organisation could consider
the introduction of a new policy and procedure which will temporarily stop new customer
activities when capacity is reached. The implementation of this control could reduce both the
impact of the risk as well as the likelihood of occurrence.
Accept the risk
Also referred to as "risk retention", risk acceptance is the critically informed decision "to
do nothing but monitor closely" even when he severity if a risk is beyond what an
organization believes is acceptable. Risk acceptance is a control choice when an
organization is informed through significant, compelling evidence that the "organizational
cost" to implement a control is more "costly" than any actual "loss costs" should the risk
occur. It is the balance of the "cost of loss" (or "lost opportunity") versus the effort to control
the risk versus the benefits derived from the activity generating the risk in the first place.
For example if an organization decides that the only way to control certain physical
environment risks resulting from an aging building is to build a new environment, yet it does
not have the fiscal resources to do so, and has no choice but to provide its services from the
existing environment, it may take the informed decision to accept such risks. In reality it is
highly recommended that an organization investigates other risk controls, irrespective of
how minor they may be, to attempt some control an unacceptable risk. In the physical
environment risks example presented, at a minimum the control of staff awareness of the
risks in their environment should be applied.
Page 23 of 23 LF, July 2017
Control approach Guidance
Contingency planning
Controlling a risk through the application of a contingency or "back-up plan" is identifying a
"Plan B" if the primary "Plan A" fails and a risk occurs as an incident.
An example of contingency planning as a control is to have a fully functioning "standby"
piece of equipment which can be switched into operation should the first piece of equipment
fail. One of the challenges with contingency planning control is the cost of the
implementation of the control - in the case of the fully functioning "standby" piece of
equipment, both the cost of an identical piece of equipment (possibly complex and
expensive) as well as the cost of having such an expensive piece of equipment standing idle.
Transfer the risk
Also referred to ask "risk sharing", risk transference "shifts" the "cost" of a risk onto another
party. Classic risk transference include the use of insurance policies which insures an
organization against loss "impact" should a risk occur or the use of contracts, service level
agreements or outsourcing with associated penalty clauses.
Caution is always advised when implementing risk transfer as organizations can often make
the mistake of believing that they have fully transferred a risk to a 3rd party through
insurance policy or 3rd party outsourcing contract when in practice they are actually
"sharing" the risk; if the insurance company or 3rd party contractor goes out of business, the
risk will revert back to the organization as the first party.
For example, liability or indemnity insurance helps protect professionals and their
organizations from bearing the full cost of defending against a negligence claim, but does
not transfer the risk of negligence occurring in the first place - this risk still lies with the
organization. The insurance policy or 3rd party contract simply provides that if an adverse
event occurs involving the policy or contract holder, then compensation may be payable to
the policy or contract holder that is commensurate to the suffering/damage.