Protecting Your Practice Against Risk Exposure

From delayed diagnoses to data breaches, the opportunities for medical practices to land themselves in hot water are endless. Such oversights can compromise patient safety as well as open the door to legal liability and regulatory fines. Practices that hope to minimize adverse outcomes or losses should start with an internal audit of risk exposures throughout their departments, functions, and operations.

Avoid Diagnostic Errors

Sue Boisvert, a senior risk specialist for medical liability insurance provider Coverys in Boston, MA, says diagnostic errors are among the leading causes of malpractice claims. “It could be related to laboratory tests ordered, but never completed, or a positive result that was never reviewed because the results were filed before the provider saw them,” she explains.

Clinicians can protect themselves and their patients by tracking every test, procedure, and consultation ordered from start to finish, says Boisvert.

Follow Up With Patients

Practices should develop a procedure for following up with patients who miss or cancel appointments, including assigning a risk level to those patients’ medical records, she says.

For high-risk patients, practices should escalate their attempts to reach out and make sure to document all communication. Start with a phone call, move on to a letter, and then send a registered letter.

CNA Healthpro, an insurance provider, recommends developing a “tickler” system to trigger follow-up contact when patients do not call to schedule a return visit within the agreed-upon timeframe.

Protect Patient Confidentiality

Patient confidentiality is another potential area of risk. Start by having your staff sign a confidentiality agreement every year. Also consider whether patient flow within your office exposes any protected information to unauthorized parties.

For example, can conversations about patient care between staff members be overheard in the waiting room, or are computer screens visible to patients paying their co-pays at the front desk?

Implement Training

Policies must be clearly communicated regarding the importance of keeping passwords private (even from coworkers), never discussing patient cases on social media (even when patients are not directly named), and keeping protected patient data private.

Those who lead the practice must also familiarize themselves with federal and state rules for securing patient data on laptops, phones, and office computers; rules that limit access to medical records to those who need it; and proper procedures for reporting a breach.

Identifying potential risks is the first step to developing an effective risk-management program. By quantifying the potential loss, practices are better positioned to intervene before it's too late.