Using Your Guidelines
Your Risk Management Guidelines is a first-stop resource for your risk questions. This can help make it easier for you to meet day-to-day challenges and facilitate implementation of long- range loss prevention strategies.
While relevant for all physician offices, these Guidelines are not comprehensive. They are a starting point in researching risk solutions in conjunction with—not as a replacement for—personal assistance from your ProAssurance Risk Management Consultant.
Please contact a ProAssurance Risk Management consultant for assistance with risk questions and concerns at 844-223-9648 (toll free) or email RiskAdvisor@ProAssurance.com.
NOTE: These Guidelines are provided to ProAssurance clients in a number of states. Laws vary state-to-state in their language, interpretation, application, and enforcement. The material contained in these Guidelines is general in nature and, while useful for all clients, specific modifications may be necessary to conform to state and local requirements.
These Guidelines are NOT a substitute for specific legal advice from your corporate or litigation defense attorney. Information in these Guidelines is not intended to be applied directly in every situation; consult your attorney for specific legal advice for your individual circumstances.
Table of Contents
TABLE OF CONTENTS
Incident & Claim Reporting
An incident in healthcare is any unusual event or circumstance that is not consistent with the normal operation of the facility or outcome of a treatment or procedure. It may be an error, near miss, poor outcome, or accident that could have or did result in an injury or loss. Internal reporting of incidents is an essential part of quality improvement and risk management in a healthcare organization. Incidents that expose providers to potential professional liability should be timely reported to ProAssurance's Claims Intake.
Please call our Claims Intake Hotline toll-free at 877-778-2524 or email ReportClaim@ProAssurance.com.
Having the following information and documents at hand will help save you time.
- Patient or claimant name and date of birth
- Documents outlining the allegations, dates of alleged negligence, and/or request for appearance
- Date you received the documents, along with how they were received
- A copy of the patient’s medical records, if available
- A copy of the incident report completed by you, if available
- The name and address of the contact person at your practice
- The best time to reach that individual
Contact ProAssurance Claims Intake immediately if:
- You or your practice receive legal papers naming you, your practice, or any of your practice’s employees as a defendant.
- A patient or patient’s relative demands compensation for medical services you or your practice provided.
- A patient or patient’s relative delivers a verbal or written threat to pursue legal action as a result of treatment you or your practice provided.
- An attorney contacts you about the care and treatment given to a patient.
- You receive a request for a patient’s medical records for reasons other than transfer of care.
- An adverse event occurs that you think could become a claim.
- You receive a licensure or board complaint.
The sooner ProAssurance is aware of medical incidents that could potentially lead to legal proceedings or patient complaints, the better. Situations which may lead to a claim include:
- A patient experiences a significant, unexpected adverse outcome.
- You suspect an error or omission occurred in providing medical treatment.
- A patient expresses dissatisfaction with the treatment you provided.
- Another healthcare provider is involved in a legal action with one of your current or previous patients.
- A member of your staff informs you of a potential patient incident.
To help prevent incurring fines or breaching patient confidentiality, consider developing a process for responding to subpoenas in the timely and proper manner required by law. A subpoena can be for medical records or witness testimonies. A subpoena response policy should include the following elements:
- Designate someone (and a backup) to follow up on all subpoenas received.
- Develop and use a log to record the receipt of the subpoena with the date and time, the name of the server (if served in person), and the initials of the receiver.
- If you receive a subpoena contact the Claims Intake Line at 877-778-2524 or ReportClaim@ProAssurance.com. A ProAssurance Claims Specialist will help determine the validity of a subpoena, what process applies to the type of subpoena received, and what you can or cannot release in response to the subpoena.
- Designate who will locate relevant records and who will review them before release.
- With the help of the Proassurance Claims Specialist, describe the circumstances in which a physician will review the records before releasing them.
- Describe the process for copying the records and for calculating the copying and delivery fees you may charge. All applied fees should be in accordance with state law and HIPAA regulations.
For more information on responding to subpoenas, see the Two Minutes: What's the Risk? video, “Responding to Subpoenas.”
An internal incident report is meant to provide an objective, factual description of an adverse event. It can be maintained in a traditional paper format or electronically, kept outside the medical record, should remain confidential and should not be provided to patients.
Communication
Communication is an element of continuity of care. Communication breakdowns are at the heart of many medical professional liability claims. Patients report that physicians sometimes do not listen, do not talk openly, do not explain things, attempt to mislead them, or do not adequately warn them. Physicians also report that sometimes patients do not listen to or heed recommendations, which can lead to non-compliance and poor clinical outcomes. These situations can result in a breakdown in communication and the therapeutic relationship, patient harm, and a medical professional liability claim.
Be sensitive to each patient’s level of knowledge. Avoid complex terminology or oversimplifying to the point of being condescending.
- Facilitate communication techniques for patients with suspected or known literacy problems.
- Provide an interpreter when a language barrier exists. See “The Limited English Proficient Patient,” Two-Minute video.
- Offer reasonable accommodation for patients who are deaf or hard of hearing.
- Project a caring and concerned attitude toward patients. Greet patients by name, make and maintain eye contact, and sit at the patient’s level. Begin encounters with open-ended questions and actively listen to the patient.
- Consider using pre-visit planning tools.
- Provide educational materials as necessary. Always document in the medical record the date and type of educational materials you gave to the patient. Consider scanning a copy of the educational materials provided to the patient into the medical record.
- Do not interrupt when patients are talking.
- Explain your decision-making. As much as possible, involve patients in choosing treatment options and encourage them to take responsibility. Patients who see themselves as part of their treatment team are less likely to resort to litigation when the result is not what they expect.
- Consider using a communication skills checklist to enhance patient encounters. Download Communication Skills Checklist.
The patient portal may be used to increase efficiency and patient engagement. However, it is not a substitute for telephone discussions or face-to-face encounters with patients. If you are utilizing a patient portal, consider the following:
- Utilize a disclaimer on the portal that clearly states it is not to be used for emergencies/urgent problems and include instructions for patients to call 911 or go to the nearest emergency department.
- Educate patients on portal use and consider using a patient portal user agreement.
- Comply with HIPAA Privacy and Security Rules and relevant state laws.
- If the communication is complex or clinically significant, or if a patient requires repeated instruction, consider an appointment for a face-to-face encounter.
Take precautions before protected health information (PHI) is texted or emailed. Using a secure application associated with your electronic medical record (EMR) is likely the safest and easiest way to ensure your texts and email remain private and secure. If email and texting applications are not integrated with your EMR, make certain communications are documented in the patient’s medical record.
Given the rise in enforcement of compliance with HIPAA and HITECH, healthcare facilities should address texting as part of the HIPAA-required risk analysis and implement “reasonable and appropriate” security measures to control and minimize the risks. Consider establishing a HIPAA-Compliant Personal Device Policy.
For additional strategies, contact the Risk Management Department. Please also see the Two Minutes: What’s the Risk? video Text Messaging Risks.
Telephone triage is the practice of reviewing, developing, and documenting a plan to resolve the patient’s specific medical complaints and symptoms. Recommendations may be given to the patient to determine when/where to access treatment.
- Have triage guidelines approved and reviewed annually by a physician. See sample below.
- Outline specific frequently asked questions and recommended responses.
- Train staff to assist patients via telephone using physician-approved, established guidelines and protocols.
- Have all telephone encounters reviewed by the provider.
- Document triaged calls in the patient’s medical record.
- Document all after-hours calls in the medical record.
- Discuss with the on-call physician all patient concerns and treatment plans.
- Document all communications between on-call and attending physicians in the medical record.
- Each morning a list of patients who contacted the on-call physician should be received from the on-call service.
Federal law mandates that certain reasonable accommodations be provided for patients with communication disabilities and mandates that non-English-speaking patients receive equal access to healthcare. Failure to accommodate could have significant consequences and lead to potential liability.
Communication recommendations in these Guidelines are intended to help prevent medical professional liability lawsuits arising from miscommunications with patients who are deaf or hard of hearing, are blind or have low vision, and have limited English proficiency (LEP). Achieving full compliance with the ADA, Title VI of the Civil Rights Act, and related regulations—as well as any state or local laws—is a separate legal matter. Consult your attorney for regulatory compliance assistance with those matters.
The Americans with Disabilities Act (ADA) prohibits discrimination against individuals disabilities, including those who are deaf or hard of hearing, in places of public accommodation. Under Title III of the Act, a healthcare provider’s office is a place of public accommodation.
Reasonable accommodations for a patient who is deaf or hard of hearing will vary depending on the circumstances of each case. When treating such a patient, determine the best method of communication prior to the visit.
Ensure agreed upon communication methods are accurate, effectively convey medical terminology, and maintain confidentiality. There are numerous options for communicating with patients who are deaf or hard of hearing, including:
- Qualified interpreters
- Note takers
- Computer-aided transcription services
- Written materials or visual aides
- Assistive listening systems and devices
- Videotext displays
Document the applicable accommodation(s) in the medical record.
Reasonable accommodation must also be provided for patients who are blind or have low vision. Ensure agreed upon communication methods are accurate, effectively convey medical terminology, and maintain confidentiality. There are numerous options for communicating with such patients, including:
- Qualified readers
- Providing printed materials in large print, or Braille
- Computer screen-reading programs
Document the applicable accomodation(s) in the medical record.
Additional guidance on accommodating patients who are blind or have low vision is available through the American Foundation for the Blind.
Federal law prohibits discrimination based on race, color, or national origin. Consequently, healthcare providers must ensure that patients who do not speak English as their primary language and who have difficulty communicating effectively in English receive equal, meaningful access to medical care. Consult the U.S. Department of Health & Human Services (HHS) website for guidelines and answers to frequently asked questions.
There are numerous options for accommodating LEP patients, including:
- Bilingual staff
- Telephone or videoconference interpreting services
- Sharing costs of resources or services with other practices
- Qualified interpreters
- Community resources and volunteers
- Written transcription and translation services
It is the provider’s responsibility to afford competent interpreter services at no cost to the patient. Ensure that any method utilized:
- Is accurate and effectively conveys medical terminology*
- Maintains confidentiality
- Includes any necessary business associate agreements
- Is documented in the medical record as the method used for communication
*Special note: Use caution when patients insist on having family or friends translate for them. All other viable alternatives should be explored before considering translation services from family or friends. If it is necessary to have family or friends translate, providers should ensure the proffered translator can understand the English and medical terminology used. For detailed guidance on this issue, refer to the federal guidelines available at HHS.gov.
In today's digital age, online reviews and social media comments can influence patient perceptions and health care decisions. Negative reviews can be particularly impactful, potentially affecting a healthcare providers reputation and patient trust. Responding to negative reviews or comments in healthcare is a crucial practice that allows providers to address concerns, demonstrate professionalism, and show a commitment to patient care and improvement. Properly managed responses can not only mitigate the effects of negative feedback, but also turn a dissatisfied patient into a loyal advocate.
If you are part of a large group, contact your group administrator or medical director regarding policies related to online social media prior to posting or responding to negative or positive information.
- Do not respond immediately or impulsively. Not all negative comments are worthy of a response. Engaging someone may start a chain reaction of negative comments and insults and may potentially lead to litigation.
- If you feel the information is untrue, inappropriate, or simply meant to be provocative, try contacting the website administrator. Since rating sites have content guidelines, the administrator may remove information that violates the site’s terms. For example, Yelp will remove posts for various reasons.
- Ensure compliance with HIPAA regulations. Protect patient privacy by avoiding the disclosure of any personal health information in your responses.
- If responding with a post, without acknowledging that the reviewer was or was not a patient, request that they contact the office if they have specific questions. For example, if you are a patient in our practice, please contact our office directly to allow us to respond to and rectify any problem you may have had. Never include any protected health information (PHI) or argue a point in any response.
- Practices may want to designate an individual in their office who is responsible for taking inventory of reviews weekly or monthly. In addition to compiling information regarding how to improve patient satisfaction, this person may also reach out to dissatisfied reviewers to discuss their experience with them directly.
- If you can identify the individual as a patient:
- Review the medical record for potential issues.
- If appropriate, follow up with the patient in a non-confrontational and confidential manner to resolve the issues that led to the negative review or online comment.
- Discuss any concerns the patient may have and address them to the best of your ability. If appropriate, detail any practice changes the review may have initiated.
- If the matter is resolved, ask the patient to remove the negative review.
- Document all communication and follow-up with the patient in the medical record:
- Include dates and times you spoke with the patient, the patient’s exact concerns (use quotation marks as appropriate), your responses and recommendations, and the patient’s responses.
- If there are significant issues or a lawsuit is threatened or probable, contact the Claims Department at ReportClaim@ProAssurance.com
Additional Resources:
- ProAssurance Two Minutes: What’s the Risk? video “Patient Complaints”
- ProAssurance Two Minutes: What’s the Risk? video “Risks of Social Media”
- Gregory P. Murphy, et al. “Online Physician Reviews: Is There a Place for Them?” Risk Management and Healthcare Policy. 2019;12:85-89. DOI: 2147/RMHP.S170381
- Yelp Support Center. “Will Yelp Remove a False or Defamatory Review?”
- Tanya Albert Henry. “How to Respond to Bad Online Reviews.” American Medical Association. September 2, 2016.
For additional strategies, contact the Risk Management Department at RiskAdvisor@ProAssurance.com or 844-223-9648.
Disruptive behavior is broadly defined as patient behavior that could jeopardize the health and safety of others, or that impedes and disrupts the ability to provide healthcare. It can include threatening, profane, sexual, or offensive comments and gestures, violence, or aggression. Disruptive patients can undermine their own health by impacting the medical decision-making process and may be more likely to pursue malpractice lawsuits. By identifying common triggers of disruptive behavior, clinicians and staff can mitigate risks and foster collaborative treatment.
Recognizing Potentially Disruptive Behavior
One of the challenges of healthcare violence prevention is successfully anticipating it without unjustly profiling a patient who is not prone to violence; therefore, it is important to judge a situation by the totality of circumstances and not just on nonverbal cues.
Common Triggers
- Patient environment
- Communication issues
- Clinical factors
- Chronic underlying diseases
Communication Triggers
- What you say
- How you say it
- How you behave
Escalation Behaviors
- Pacing
- Clenching fists
- Tensing of the body
- Speaking loudly
- Glaring eye contact
- Invading personal space
Risk Reduction Strategies
Consider the following strategies for addressing disruptive patient behavior:
- Review and document all incidents:
- Objectively record the details of disruptive patient encounters in the patient’s record, including your response to the behavior.
- Review each incident of workplace violence.
- Debrief with involved individuals following an incident.
- Detailed encounter reports should be kept separate from the medical record.
- Develop a reporting structure:
- Report incidents to law enforcement and state authorities as necessary, pursuant to workplace violence regulations and guidelines.
- Develop patient behavior policies and procedures including when to call 911.
- Create a disruptive behavior flag in the EHR, or request that one be created.
- Prepare your staff and practice environment:
- Provide staff education.
- If possible, install security cameras and security alarms, simplify exit routes, install metal detectors and barrier protections, install panic buttons in strategic locations, improve lighting, and control access in and out of facilities.
- Conduct risk assessments regularly to evaluate preparedness for workplace violence.
- End the physician patient relationship if necessary.
ProAssurance Resources for Managing Disruptive Patient Behavior
Claims Rx
Article Library
- Disruptive Patient Behavior: Case Studies and Best Practices
- Case Study: Failure to Document Disruptive Patient Behavior
- Case Study: Failure to De-escalate Disruptive Patient Behavior
- Case Study: Strategies for Terminating Treatment of Disruptive Patients
- Best Practices: Addressing Service and Clinical Failures with Disruptive Patients
- Best Practices: Recognizing the Triggers of Disruptive Patient Behavior
Sample Forms, Checklists, and Letters
- Patient Behavior Agreement Form
- Event Occurrence Form
- Notice of Inappropriate Behavior Form
- Patient Termination Form
Risk Management Bundle
Fee disputes and collection actions can be prime triggering mechanisms for dissatisfied patients to file a medical professional liability claim.
Consider the following:
- Involve the physician in billing and collection decisions. Have the physician review patient records before they are sent to a collection agency.
- Do not place correspondence regarding billing and collection in the clinical section of the patient’s medical record.
Before considering refunds, fee reductions, or waivers for patients who are dissatisfied with medical care, it is important that you contact your ProAssurance Claims Specialist (877-778-2524 or ReportClaim@ProAssurance.com).
Disclosure of Adverse Events
Contact our Claims Intake Hotline if an adverse event occurs that you think could become a claim. Our Claims Specialists can then assist you in disclosure and communication with the patient and family. Call our Claims Intake Hotline toll-free at 877-778-2524 or email ReportClaim@ProAssurance.com.
If an adverse event or unanticipated outcome occurs in your practice, ensure open, sincere, and effective communication with the patient and their family. Doing so may mitigate the risk of a potential claim or lawsuit and may be necessary due to mandatory state disclosure laws.
- Plan what you intend to say and review your plan with a ProAssurance Claims Specialist, if possible.
- Consider having a fact witness present during the discussion, perhaps your nurse or one of your partners.
- Spend plenty of time with the patient and family members. Listen to their questions and answer them to the best of your ability.
- Focus on the patient, not on yourself.
- Sincerely acknowledge the patient’s and/or family’s suffering. Do not belittle a complication. Do not point fingers or blame other physicians or staff members.
- Apologizing for the fact that the incident occurred may be appropriate. Example: “I’m sorry this has happened to you, and I want to assure you I’ll continue to oversee your care.”
- Do not overwhelm the patient and family with information. In complicated cases, it is best to schedule multiple conversations so they can better digest your information.
- Discuss the patient’s current condition and continued treatment, as well as the event’s definitive medical consequences on the patient’s health (if known).
- Do not speculate. If you do not know what happened, admit this. Then tell the patient and family you are investigating the situation and will let them know as soon as you have answers.
- Assume all conversations with patients are being recorded and conduct conversations accordingly.
- Provide the patient and family with your contact information.
- The date, time, and location of the discussion.
- The parties and relationships of those present.
- Your commitment to share additional information as it becomes available and to assist the patient and family.
Do not make any admissions of liability or statements of blame. Do not make any references to the cause of the outcome or any future peer review proceedings.
For more information, see Two Minutes: What’s the Risk? Unexpected Outcomes.
Informed Consent Process and Patients’ Rights
“Informed consent to medical treatment is fundamental in both ethics and law. Patients have the right to receive information and ask questions about recommended treatments so that they can make well-considered decisions about care. Successful communication in the patient-physician relationship fosters trust and supports shared decision making.” (AMA Code of Medical Ethics Opinion 2.1.1)
Except in an emergency, a physician must obtain informed consent from the patient or a legal decision-maker before performing certain procedures. Depending on state law, procedures requiring informed consent may include surgical and invasive procedures, administering certain medications or contrast agents that could have severe or unknown outcomes to the patient, entering a patient in a research trial, procedures involving medical students, and certain other circumstances. Failure to obtain a patient’s informed consent when required can result in a physician’s liability—even if a procedure or treatment is indicated and is otherwise performed non-negligently.
Difference between simple consent and informed consent:
- Simple consent may be implied and applies to common treatments or procedures with minimal or no risks.
- Informed consent applies when a proposed treatment is invasive or carries more risk. Informed means the patient is given the information a reasonable person would need to know in order to make a decision.
It is important to understand your own state-specific requirements in this area. Some states, including California, have statutes, regulations, or common law that specifically address informed consent.
Since the landmark Cobbs v. Grant decision in 1972, California healthcare professionals in the state have had a legal obligation to ensure that their patients are fully informed about a proposed treatment.
According to the California Hospital Association, the physician who is performing the procedure is responsible for obtaining the patient’s consent. If a nonphysician will perform the procedure, the ordering physician is responsible for obtaining consent. In cases in which more than one doctor is involved, and the hospital policy does not specify, they can determine among themselves which provider will obtain the consent.
In obtaining a patient’s or surrogate’s informed consent, the physician should: 1) assess the patient’s capacity to understand the treatment and make an informed decision; 2) discuss the diagnosis and the risks, benefits, and alternatives of the proposed treatment, including the risks, benefits, and alternatives of refusing treatment; 3) Confirm patient’s understanding and obtain informed consent or refusal; and 4) Thoroughly document the informed consent conversation and have patient sign consent form, if using. The process is designed to give patients the information necessary to make a voluntary and informed decision about a proposed treatment or procedure—even if that patient’s ultimate decision is not what the physician believes to be in the patient’s best interest. (see also: AMA Code of Medical Ethics Opinion 2.1.1)
Physicians may incur liability for consent issues even when their medical care otherwise met the standard of care. Although consent issues are not usually the central focus of malpractice claims, they often become important associated issues or secondary allegations. A lack of informed consent or an insufficient disclosure may not necessarily have a causal connection to medical injuries in a malpractice case, but those issues can discredit physicians at trial or during settlement discussions.
The physician ordering or providing the care, is responsible for obtaining the patient’s informed consent prior to the provision of the care. Physicians may not delegate to others the duty of informing patients about the treatment options, associated risks, and material information needed by patients to make an informed decision. Physicians may delegate to a nurse or office staff member the task of getting a consent form signed, but the physician is ultimately responsible for the consent process and should be available to answer any questions the patient has prior to scheduling, ordering, or carrying out the procedure. Meeting this responsibility is considered best practice from a patient safety and risk management perspective.
There are generally two exceptions to informed consent standards. There may be other state-specific exceptions, so providers should review their state’s guidelines:
- Emergency situations: In an emergency situation, if the patient does not have the capacity to make decisions, there is no legally designated decision-maker or representative available, and all reasonable efforts have been made to contact the legal representative, then a patient will be presumed to have consented to necessary medical treatment. This exception does not apply if the patient has already refused similar treatments in the past in writing (e.g., through an advance directive, durable power of attorney, or by signing a Do Not Resuscitate order).
- Therapeutic privilege: A very rare exception arises when a physician can prove that disclosure of medical information would cause the patient such serious psychological distress that disclosure is contraindicated.
After being appropriately informed of risks, benefits, and alternatives of a contemplated treatment, procedure, or high-risk medication, a patient (or their designated decision-making authority) has the right to refuse. Physicians should emphasize the importance of the treatment or procedure and the consequences of no treatment, and the patient should be made aware of the ramifications of his or her decision. However, if the patient understands the risks of no treatment and still chooses to refuse, the informed refusal decision must be respected, regardless of how detrimental the physician or healthcare team members think the decision is. If, after receiving information about risks and benefits, a patient refuses a treatment or procedure, the patient’s refusal should be documented in the medical record and the patient should be asked to sign a refusal of treatment form. The physician should also document the process related to the informed refusal (the main points of the discussions about risks, benefits, and consequences of declining treatment).
Documentation of the informed consent discussion is important. Having a patient sign a form is supportive evidence that the informed consent process took place. However, a signed form cannot replace the elements documented in a patient’s record summarizing the discussion and education provided in the informed consent process that took place. Additional notation in the patient’s record about the details of the informed consent discussion (e.g., questions answered, risks pointed out that were specific to that person, or educational elements reviewed) can be crucial in defending a lawsuit for an alleged failure to obtain the patient’s informed consent. Informed consent litigation often pits the memory of the patient against the documentation of the physician. A doctor’s best defense in these types of cases is the information contained in the medical record, including not only a consent form signed by the patient but a description of the content of the informed consent discussion in the progress notes. This type of evidence significantly reinforces the physician’s testimony.
Physician practices should develop informed consent forms that meet state and federal requirements. The consent form should include the same elements as the consent discussion and should be written in language that the patient can understand. The elements on the form should include disclosure of information that a reasonable person would regard as significant in deciding to accept or reject a recommended procedure, including the following:
- An explanation of the patient’s problem and proposed procedure
- Complications (e.g., bleeding, possibility of additional procedures)
- Severity (e.g., death, paralysis and loss of function)
- Incidence of risks (e.g., 1 in 1000 experience this complication), which helps the patient put the risk, including loss of life or limb, in perspective
- Information about common side effects (e.g., swelling or pain)
- Names of other physicians/clinicians who will be performing parts of the procedure, e.g. PA harvesting a leg vein for a CABG procedure
- An explanation of the benefits of the procedure
- A discussion of alternative treatments
- A statement that there are no guarantees that the procedure will be 100% successful
- Information about potential outcomes if treatment is refused
- Encouragement of the patient to ask questions
- Acknowledgment that the patient can withdraw consent
- The offer of a second opinion, if applicable
If the person having the legal authority to consent for the patient is not available to discuss informed consent in person, the physician must obtain consent remotely by telephone, email, or facsimile. The responsible physician must, to the extent possible, provide the legal representative with the information needed to obtain consent just as if that person were present.
Excluding emergency situations, prior to obtaining consent by remote means (including telehealth), it is important to have an established relationship with the patient. When obtaining consent remotely:
- Verify the authenticity of the person legally authorized to consent for the patient by asking questions regarding DOB, address, phone numbers, etc.
- Have a second responsible person witness the call.
- Follow standard consenting process discussing the risks, benefits, and alternatives with the person authorized to consent as if the discussion were in-person.
- Document in the patient’s medical record that consent was obtained remotely, who consented, who obtained the consent, and who witnessed it.
After the consent discussion, you may request that the person provide documentation of consent by email or fax. Have the person giving consent send a declarative statement of the consent, such as:
“I, [their name and relationship to the patient], have been informed by Dr. X of the risks, benefits, and alternatives associated with the proposed treatment and grant permission for Dr. X to provide medical treatment [or a specific procedure or treatment] to [me or Patient’s Name].”
Attach or scan a copy of the email or fax to the medical record. Whenever possible, original, signed consents should be obtained and filed or scanned into the medical record.
Many factors, including a patient’s limited literacy skills, fear, sensory issues, level of intimidation, degree of modesty, or expectations regarding a specific outcome can diminish the patient’s ability to comprehend the consent process. Cultural and linguistic differences can also be barriers to a patient’s understanding. Since the informed consent process relies on discussion and education so that a patient can make an informed choice, it is a process that is heavily dependent on clear communication.
A study published in 2006 in the Journal of General Internal Medicine suggests various strategies for modifying the consent process for patients who may have problems understanding consent information. Specific modifications that were shown to reduce barriers and improve the consent process include:
- Using a more readable consent form (written with plain language, large font, short paragraphs, a lot of white space)
- Arranging for consent forms to be read to patients in their native languages
- Using an iterative “teach to goal” strategy (asking patients to answer questions to show their comprehension of material)
- Recognize that informed consent is a process, not a form. The consent form should never replace the discussion and education provided.
- Consider establishing a policy requiring consent within a certain period (e.g., 30 days) before the treatment.
- If no specific time policy is imposed by a facility, reassess the situation to ensure the underlying framework for the consent is still applicable by questioning the patient about changes to doctors, prescriptions, over-the-counter medication, hospital visits, or new treatments.
- Develop a policy and procedure for the informed consent process that ensures that patients’ rights are honored. Recognize that the office setting is the best place for the discussion to occur when providing the patient with information that allows the patient to make a meaningful medical care decision.
Education
- Use educational pamphlets, handouts, pictures, and pre-op and post-op instructions to help patients understand what they need to know in order to make an informed decision.
- Document in the patient’s record that the patient received these materials.
- Referencing educational materials could be used as reminders of the discussion or if the consent is challenged at a later date.
The following resources from ProAssurance Risk Management are available to assist in developing and using the informed consent process.
Medical Records
A well-documented medical record reflects all clinically relevant aspects of the patient’s health and serves as an effective communication tool. The medical record is also essential evidence in the successful defense of a medical professional liability claim. Processes must be in place to ensure documentation integrity and proper record retention and destruction.
Documentation problems or errors may arise necessitating clarification and changes to the medical record. In these situations, it is imperative that proper procedures be followed to maintain the integrity of the medical record.
There is a difference between correcting an error and altering a record. Altering a medical record destroys credibility, casts doubt on the trustworthiness of every record and note in the chart, and severely damages defensibility in the event of a medical professional liability lawsuit. Plaintiffs’ attorneys can access metadata to discover alterations in an electronic medical record and can utilize techniques such as ink dating to discover alterations in a paper chart. Recommended techniques for making corrections to a medical record are outlined below.
Do not delete mistakes or errors in a paper medical record. Draw a thin line through the incorrect entry, then make the correct entry next to or above it. Note the date and time and sign the correction. Never render an original entry unreadable.
Corrections in an electronic medical record should follow the same principles as a paper record, and track the author, date, and time of the correction. If it does not, consider describing and authenticating the correction in a separate note.
When adding information to the medical record, reference the entry as an “addendum”. Sign, date and time it. Note the original entry date so that it is traceable to what is being changed.
Never make a correction or addendum to a medical record after a claim or lawsuit has been filed or after receiving notice that a claim or lawsuit might be filed. Correcting the record at that point is viewed as self-serving and undermines defensibility.
Copying previous or outdated information such as vital signs or notes may perpetuate medical errors and create liability issues. Develop policies designed to address inappropriate use of copy and paste functions to minimize non-compliance. For more detailed guidance, visit the Joint Commission and CMS.
Documentation templates may improve the efficiency of data collection and ensure all relevant elements are collected in a structured format. However, templates have limitations and may not reflect the clinical accuracy of the encounter. Use free text to supplement the inherent limitations associated with templates.
A federal law that went into effect in April 2021 requires electronic health information, including certain categories of clinical notes created in an electronic health record (EHR), to be provided to patients without undue delay. Such information is commonly provided through a secure online portal. For more information, please see the Office of the National Coordinator for Health Information Technology’s website.
Develop a document retention policy, comply with all state and federal legal, regulatory, and accreditation requirements. Specify how long medical records should be retained, where they should be stored, and when and by whom they may be destroyed.
Assuming there are no conflicting laws or regulations, basic record-retention guidelines include:
- Adult patients—Retain medical records for a minimum of 10 years after the last date of service.
- Minor patients—Keep medical records until minors reach the age of majority as defined by the state, plus the time period specified by the state’s statute of limitations.
Store the medical record indefinitely if a claim or lawsuit is filed, notice is received that a claim might be filed in the future, or there is a significant or unexpected adverse outcome.
Keep all active paper medical records on site. Inactive patients’ paper records may be stored in an offsite facility if onsite storage space becomes an issue—or convert inactive patients’ records older than five years to electronic storage. You may also transfer active patients’ records to electronic storage if they are voluminous. There are vendors that provide electronic record storage, if needed.
Patient information must be protected from unauthorized access. Please consider potential issues with protected health information (PHI) being stored on electronic equipment (such as copiers and fax machines) that is used in the office prior to that equipment’s destruction or removal from use. If a paper record is stolen or damaged, contact a ProAssurance Risk Management Consultant for advice on how best to proceed (call 844-223-9648 or email RiskAdvisor@ProAssurance.com).
Other Considerations
- If electronic records have been compromised or subjected to a cyberattack, contact a ProAssurance Risk Management Consultant for advice on how best to proceed (call 844-223-9648 or email RiskAdvisor@ProAssurance.com).
- Take all necessary precautions to protect medical records from damage or loss due to fire, flood, or natural disaster.
For additional references, see the American Health Information Management Association website at AHIMA.org.
Protected Health Records
Protected health information (PHI) is any individually identifiable health information transmitted or maintained by a covered entity or its business associate. This includes demographic information, medical history, test results, insurance information and other information that is collected by a healthcare provider.
In general, the HIPAA Privacy Rule (“Rule”) prohibits physicians and all other healthcare providers from using or disclosing any PHI unless they have obtained permission from the patient or unless the Rule allows disclosure without the patient’s permission. It is recommended that practices consult their corporate attorney to help ensure HIPAA compliance.
Patient authorizations grant permission to release protected health information and patients can revoke authorizations at any time before they have been acted upon. If the authorization is signed by a personal representative, a description of the representative’s authority to act for the patient should be included. Keep authorizations for at least six years in the event a patient requests an accounting of any disclosure of their protected health information.
Please see our Patient Authorization to Release Medical Information Sample Form at ProAssurance.com/SampleForms.
With a few exceptions, HIPAA gives patients the right to inspect and make a copy of information maintained in their record. Practices must act on a patient’s request for access within 30 days of the request (60 days if the records are kept off-site). Practices with an EMR are also subject to the “information blocking” provisions of the 21st Century Cures Act and must generally make medical records available to patients “without unnecessary delay.”
A reasonable, cost-based fee is allowed for copy requests. This fee may only include the costs of copying and postage. Many states have rules limiting the amount a practice may charge for copying a medical record. Be sure to review your state’s rules regularly as some are adjusted annually.
When an attorney makes a request for records, have the physician review the request and the patient’s records, so they can take appropriate action, including notifying a ProAssurance Claims Specialist. Establish a screening process to help ensure the physician is notified of requests for records from attorneys.
To help prevent incurring fines or breaching patient confidentiality, consider developing a process for responding to subpoenas in the timely and proper manner required by law. A subpoena can be for medical records or witness testimonies. A subpoena response policy should include the following elements:
- Designate someone (and a backup) to follow up on all subpoenas received.
- Develop and use a log to record the receipt of the subpoena with the date and time, the name of the server (if served in person), and the initials of the receiver.
- If you receive a subpoena contact the Claims Intake Line at 877-778-2524 or ReportClaim@ProAssurance.com. A ProAssurance Claims Specialist will help determine the validity of a subpoena, what process applies to the type of subpoena received, and what you can or cannot release in response to the subpoena.
- Designate who will locate relevant records and who will review them before release.
- With the help of the Proassurance Claims Specialist, describe the circumstances in which a physician will review the records before releasing them.
- Describe the process for copying the records and for calculating the copying and delivery fees you may charge. All applied fees should be in accordance with state law and HIPAA regulations.
For more information on responding to subpoenas, see the Two Minutes: What's the Risk? video, “Responding to Subpoenas.”
Patients can request amendments to their protected health information (PHI) if they believe it is incorrect or incomplete. This right is a critical aspect of HIPAA, aiming to give individuals more control over their health records. Covered entities must provide a process for making such requests and respond within a specified timeframe. As a provider, you have the right to deny a patient’s request to amend the record if any of the following conditions exist:
- You or your practice did not create the note in question. You cannot change another practice’s note.
- It is not part of the designated record set. This is why it is best to have a policy to state what records are included in the designated record set.
- The information documented is accurate and complete.
For detailed guidelines and procedures refer to Code of Federal Regulations Title 45 and consult with healthcare legal experts.
Refer to the ProAssurance sample Patient Request to Amend the Medical Record Form on the ProAssurance Sample Forms, Checklists, and Letters resource page.
Under the HIPAA Privacy Rule, a deceased patient’s protected health information is protected for fifty (50) years following the date of death of the individual. During this period, the personal representative of the deceased patient can request and access the individual’s medical records. In certain circumstances, applicable law may allow for the release of a deceased patient’s records to the deceased next of kin, or other legally authorized individuals.
If a member of the practice has any doubt about whether a person has the legal authority to request the release of a deceased patient’s records, consult with legal counsel or contact ProAssurance’s Risk Management department.
HIPAA preempts state laws that are less stringent than HIPAA, but states may enact laws that are more stringent than HIPAA. Federal and state laws may impose additional requirements to protect the confidentiality of certain classes of information or medical conditions (e.g., information pertaining to treatment of behavioral health, diagnosis and/or treatment of alcohol or substance abuse, and HIV test results). Those laws require, among other things, a separate patient authorization for each disclosure of that type of health information or medical records containing such health information. Physicians should seek legal counsel’s advice about laws and regulations relative to the release of these categories of information.
The United States Department of Health and Human Services Office for Civil Rights (OCR) enforces HIPAA. The OCR website provides helpful HIPAA compliance information and a “frequently asked questions” on HIPAA Privacy regulations. Access the website at HHS.gov/HIPAA/index.html.
Tracking and Follow Up
Tracking diagnostic tests results, referrals, cancellations, and no-shows can increase patient safety and reduce liability risks. Diagnostic test tracking systems verify the tests are performed and the results are reported to the office or ordering physician, reviewed, acted upon, entered in the medical record, and communicated to the patient. If the patient refuses recommended testing, document educational efforts and the patient’s response.
Tracking systems do not have to be complex or expensive. In the absence of an electronic tracking system, use logbooks and card files. Ensure that quality control measures are in place to manage and monitor tracking systems.
Establish a tracking system to document and follow up on patients referred for diagnostic, imaging, or laboratory studies. An effective system will verify all of the following steps are complete:
- The test is performed.
- The results are reported to the office.
- The physician reviews the results.
- The physician communicates the results to the patient.
- The results are acted upon.
- The results are recorded in the medical record.
Establish and implement a tracking system including the following to document and follow-up on patient referrals for specialty care.
- Documentation of the Patient’s understanding of the rational and medical necessity for the referral
- A record of the referral request in the patient’s medical record
- Documentation in the patient’s medical record of discussions with the referring or consulting physician
- Copies of letters or other forms of communication
- Timely review of and follow-up on all open referrals
- Documentation in the medical record of contacts with patients who fail to follow up with recommended referrals
- Delivery of the consultant’s recommendations to the referring physician, which may include calling the specialist for further discussion if needed
- Documentation in the medical record when a physician refers a patient for treatment or consultation as well as the results of the referral or consultation
- Communication of the results to the patient and documentation of them in the medical record
For additional information, see the U.S. Centers for Medicare & Medicaid Services Transforming Clinical Practice Initiative (TCPI) module Managing Referrals – Providing a Patient-Centered Referral Experience.
It is prudent for the physician or allied healthcare professional (e.g., nurse practitioner or physician assistant) to review all missed or cancelled appointments. To help ensure tracking and follow-up of cancellations and no-shows, consider the following.
- Document in the medical record when patients miss, cancel, or attempt to reschedule appointments.
- The results of the physician’s review should dictate any indicated follow-up measures.
- Patients with more urgent conditions may require more aggressive efforts.
- You may wish to send a certified letter to the patient and keep a copy of the letter and the return receipt.
- Document all follow-up efforts in the medical record.
- Use a tracking process to close the loop on ordered labs, specialist referrals, and diagnostic test results. Review current workflows and processes for gaps in tracking.
- Follow up with patients when they miss or cancel appointments.
- Document each attempted or completed patient communication concerning outstanding appointments, referrals, or orders.
- Educate staff on the process of referrals, ordered labs, and diagnostic test results to avoid process failures which may result in omission or delay in treatment.
- Develop a process when a provider or physician leaves the practice or is not available to ensure their outstanding ordered tests, referrals, and diagnostic tests are reviewed.
Sample Forms, Checklists and Letters library: “Tracking and Follow Up Sample Log”
Two Minutes: What’s the Risk? video: “Tracking and Follow Up”
Related articles:
- “Inadequate Follow Up Alleged Delayed Cancer Diagnosis and Treatment Led to Metastasis”
- “Failure to Follow Up, Manage Stone Claimed in Loss of Right Kidney Function”
- “Failure to Timely Refer for Follow-Up Alleged for Preemie’s Permanent Blindness”
- “Poor Test Result Communication Process Leads to Patient Injury”
Policy & Procedure Manual
When there are numerous procedures performed in a practice that may vary from physician to physician or between staff members, a comprehensive policy and procedure manual helps to alleviate confusion and possible errors from occurring. Physicians and staff should review and initial the policies and procedures annually.
Natural Disasters
The four phases of emergency management—mitigation, preparedness, response, and recovery—can be used as a framework to decrease vulnerabilities, improve response, and speed return to normal operations after a natural disaster.
Refer to the ProAssurance Natural Disaster webpage for strategies and resources.
Medical Emergency Plan
Effective medical emergency response requires a well-developed plan. It is important to have basic life support (BLS) capability to respond to emergencies such as cardiac or respiratory arrest or anaphylactic shock. A well-developed emergency response plan includes the following:
- Routine staff education on responsibilities when an emergency occurs, which may include mock drills
- Triage and response strategies, which may include calling 911 and providing appropriate care until an ambulance arrives
- Regular maintenance of emergency supplies and equipment, including checking equipment to monitor accessibility and functionality
- Maintain a log of these checks and ensure staff have been trained to use all available equipment.
- A list of emergency telephone numbers displayed in a prominent location
If providing moderate sedation by non-anesthesia personnel, your emergency plan should also include advanced cardiovascular life support (ACLS) equipment, medications and ACLS trained staff.
For more information, consult the CDC’s Medical Office Preparedness Planner.
Ending the Physician-Patient Relationship
Physicians may end the physician-patient relationship for any number of non-discriminatory reasons. Valid reasons may include (but are not limited to):
- Persistent noncompliance with medical advice
- Repeated failure to keep appointments
- Combative and threatening behavior
When terminating a patient from your practice, take care to avoid patient abandonment. An abandonment claim is a legal action in which a patient claims the physician discharged them without proper advance notice and, while trying to find another physician, the patient’s condition worsened, resulting in injury or death.
State laws on patient abandonment vary, and some states’ laws are more specific than others. Contact a ProAssurance Risk Management Consultant (844-223-9648 or RiskAdvisor@ProAssurance.com) for guidance on properly ending a physician-patient relationship.
Strategies to avoid claims of patient abandonment include:
- Evaluate the patient’s condition and render stabilizing care. Avoid discharging a patient who is undergoing a course of treatment for an acute condition until the treatment is finished or the condition is resolved.
- When possible, discuss the termination and your reasons for termination with the patient. Document the discussion in the patient’s medical record.
- Send a written confirmation of the termination to the patient via regular mail and certified mail (with return receipt requested) and place a copy of the letter and return receipt in the patient’s medical record.
- If the patient terminates the relationship, consider writing a termination letter to the patient to acknowledge the decision made by the patient.
Download Sample Withdrawal of Care or Termination Letter.
(Consult your third-party payor and managed care contracts to determine if there are additional requirements for discharging covered patients.)
Contingency Planning
There are several risk issues that arise when you sell a practice, change practice locations, or retire. From a risk mitigation standpoint, your most important responsibilities are to:
- Notify your patients in advance to help ensure continuity of care and avoid potential abandonment claims.
- Safeguard the integrity of your medical records and the confidentiality of your patients’ health information by making appropriate arrangements for custodianship of their medical records.
- Ensure you have professional liability insurance coverage for incidents reported after you retire.
Please see the ProAssurance Closing a Practice Toolkit, which includes the following resources:
- Closing a practice checklist, which includes:
- Information on notification procedures
- Patient record retention guidance
- Business considerations
- Sample patient notification letters
- Educational videos
Before making any of the above arrangements, obtain legal and risk reduction advice for your specific situation. In addition, consult your state licensing board or medical association for specific requirements.
The American Health Information Management Association’s website, AHIMA.org, also provides excellent resources.
Office Staff
Your staff is a critical component in reducing your risk for malpractice claims. Properly trained and educated staff members are strong protection against a medical professional liability claim and contribute to the success of a practice.
- Ensure tasks are delegated to staff with the appropriate education, training, and experience to perform the task. Prepare written job descriptions for all staff. Ensure each staff member reviews their job description and works within the boundaries of state laws regarding appropriate job functions.
- Provide staff clear instructions on the amount and type of advice they may relay to patients and limitations on such advice.
- Establish a formal orientation period for new employees. Include a review of administrative practices, emergency medical procedures, and clinical skills and responsibilities.
- Develop procedures to ensure licensed staff are credentialed and re-credentialed.
- Educate employees on patient confidentiality and security for protected health information (PHI), including the need to protect electronic PHI from cyberattacks. Employees should sign a confidentiality agreement upon hire and annually.
- Document employee training to include clinical competency, credentialing, and annual performance evaluations in employees’ personnel files.
- Hold regular staff meetings with designated agendas. Consider utilizing ProAssurance’s “Two Minutes, What’s the Risk?” video series to initiate these meetings. Sign in sheets may help document attendance where necessary.
Please see our Employee Skills Checklists and Employee Confidentiality Agreement at ProAssurance.com/SampleForms.
Unlicensed personnel (ULP) such as certified medical assistants (CMAs), medical assistants (MAs), and patient care technicians (PCTs) can increase medical practice efficiency, patient satisfaction, and quality of care. However, physicians may be held vicariously liable for the actions of these employees while they are performing work-related tasks. Therefore, the roles and responsibilities should be carefully considered within the practice. The laws and regulations for unlicensed personnel vary by state.
Key Considerations for Practices that Employ Unlicensed Personnel
Consider the following strategies to help mitigate risk when utilizing ULPs in your practice and help ensure a positive impact.
- Develop and maintain written job descriptions for MAs and other ULPs that are consistent with applicable state laws and regulations.
- Review responsibilities and duties to ensure they do not exceed the legal scope of practice. Have all employees read and sign a written statement acknowledging their review of the job description.
- Upon hire and annually, instruct ULPs on the functions and tasks that are within their scope of practice. For example, ensure that the office system for prescription refills reflects proper physician supervision and does not allow MAs to function outside their role.
- Assess ULP competency and retrain when necessary. Maintain a competency file for ongoing education and skills checklist. See our Employee (Unlicensed) Skills Checklist on the ProAssurance Sample Forms, Checklists, and Letters resource page.
- Verify current certifications if applicable.
- Comply with state laws and regulations that address name tag specifications.
- The physician or a licensed supervisor should be present to oversee MAs and ULPs.
- ULPs must know their scope, work within it, and have the confidence to refuse tasks that are outside of their scope or beyond their level of competence.
Additional Resources
Claims Rx, June 2022: Medical Assistants: Strategies for Increasing Patient Safety and Reducing Liability Risk
2 Minutes: What’s the Risk? Staff Competencies
Telemedicine
The standard of care during a telemedicine visit versus an in-person office visit should be equivalent. A preliminary issue to consider is the patient’s medical condition. Quality of treatment will depend significantly on patient selection for telemedicine.
- Consult state laws and regulations regarding licensure.
- Review the telehealth resource page provided by the U.S. Department of Health and Human Services.
- Assess your system to determine if improvements are needed.
- Plan the telehealth workflow.
- Verify patients are tech-ready (e.g., reliable internet access, smartphone, tablet, etc.). Technological fluency and internet-access limitations of a patient population may limit the efficacy of telemedicine.
- Identify conditions for which telemedicine allows an appropriate assessment.
- Ensure the patient has the technology and connectivity necessary to be adequately examined, the capability to utilize the technology needed, and a condition that does not require an in-person visit. Have a back-up plan, such as switching to a telephone conference or rescheduling an in-person examination.
There are multiple factors a physician should consider when obtaining consent. Some states specifically regulate the process for informed consent in telemedicine.
The informed consent process includes that the patient agrees to and understands the limits of confidentiality when communicating via an electronic medium and that it may be determined that telehealth is not appropriate for the diagnosis and treatment of his or her condition.
For more information view Two Minutes: What's the Risk? Telemedicine and Informed Consent above and consider ProAssurance sample Telehealth Informed Consent form.
- Follow standard documentation practices with all telemedicine encounters, including all communications with or about the patient; tests and results; follow-up recommendations.
- Develop a system to identify and monitor patients requiring subsequent in-person evaluation and treatment (i.e., recall, tracking, follow-up).
- Document any technical issues that interfered with, delayed, or complicated the telehealth encounter. For example, poor internet connectivity or signal quality, camera or device malfunction, patient inability to manage technical aspects of the exam, or peripheral device unavailability.
- In states without independent practice regulations, physicians supervising allied healthcare professionals should document training of all supervised clinicians in the use of the chosen telemedicine platform.
For further information see The National Telehealth Policy Resource Center maintained by the Center for Connected Health Policy (CCHP).