Medical Risk Management Tips for Healthcare Providers & Facilities

The Risk

Patient confidentiality breaches pose a significant risk in the healthcare setting. The Health Insurance Portability and Accountability Act (HIPAA) and New York State laws govern your obligation to maintain the confidentiality of protected health information (PHI). Staff and providers must be aware that routine office practices, including telephone contact, verbal discussions, and computer use, inherently carry the risk of patient confidentiality breaches.

Recommendations

1. Staff should be educated, at a minimum annually, about the HIPAA and patient confidentiality. This should be documented and maintained in their personnel files.

2. Confidentiality agreements should be signed by all staff members.

3. Staff conversations regarding patient care should not be audible to patients and visitors in the waiting area.

4. Staff should be advised to never discuss patients outside the office, including the use of social media.

5. The flow of patients through the office should be assessed to determine how best to maintain the privacy of PHI.

6. Computer screens should not be visible to patients or visitors.

7. Computers in exam rooms should not be left on or active when staff or providers are not present.

8. Any electronic device that is used for the transmission of PHI must be encrypted and have regular software updates installed.

9. The practice can leave messages on patient answering machines (e.g., regarding appointments) only if contained in its Notice of Privacy Practices. Patients must be offered the option to opt out.

10. Business Associate Agreements must be obtained and maintained for all vendors that have access to PHI.

The Risk

The receipt and review of test results are important aspects of patient care and safety in physician practices. Tests may not be completed, or results may be lost, overlooked, or not received, leading to a potential delay in diagnosis and subsequent liability exposure. Follow-up procedures should be an integral part of your practice and can help ensure that patients obtain the necessary testing as ordered and that results are received, reviewed, and properly addressed.

Recommendations

1. Inform patients about the indications for the test(s), and document these conversations in their medical records.

2. Implement a follow-up system in your practice to ensure that patients have undergone the recommended test(s) and that the results are returned to the office.

3. The follow-up system should allow you to track the following information: patient name, test order date, and the date the results were received.

4. The medical record should indicate the date of the provider review.

5. It is the provider’s responsibility to notify patients of significant test results. This should be documented in their medical records.

6. Your process should include follow-up when patients have not undergone the recommended test(s). This may include telephone and/or electronic communication. All attempts to reach the patient should be documented in the medical record.

7. A follow-up mechanism that utilizes the same process should also be in place to track consultations.

The Risk

A missed or cancelled appointment and the failure to follow up with or contact the patient may result in a serious delay in diagnosis or treatment. A well-defined process that includes provider notification and follow-up procedures in this situation will help ensure continuity of care and enhance patient safety.

Recommendations

1. Develop a process for the follow-up of patients who have missed or cancelled appointments.

2. Physicians should be notified of all missed or cancelled appointments on a daily basis.

3. The physician should assess the clinical importance of the appointment, the severity of the patient’s medical condition, and the risk(s) associated with the missed or cancelled appointment to determine appropriate follow-up.

4. A reminder telephone call from the office staff may suffice for patients at minimal risk. The telephone call and the content of the message or conversation should be documented in the patient’s record.

5. A telephone call from the physician may be indicated for patients at higher risk. The physician should emphasize the importance of follow-up care and the risks inherent in failing to comply. This conversation should also be documented in the medical record.

6. If there is no response from the patient, or the patient develops a pattern of not keeping or missing appointments, a letter with a certificate of mailing should be sent to the patient to advise him/her of the risk of noncompliance. A copy of the letter should be maintained in the patient’s medical record.

7. All efforts to contact the patient, either by telephone or in writing, should be documented in the medical record. This provides evidence that the patient was made aware of the importance of continuous medical care.

8. Educate your staff regarding patient follow-up processes in your practice. Consider conducting periodic record reviews to evaluate the effectiveness of the established processes for patient follow-up.

9. Continued failure of a patient to keep appointments may be deemed noncompliance with treatment. Consideration should be given to discharging the patient from your practice. The attorneys of MLMIC’s Legal Department are available to assist you in determining how and when to properly discontinue a physician-patient relationship due to patient noncompliance.

The Risk

Providers must recognize that, at any time, a patient may make a complaint to the Office of Professional Medical Conduct alleging that they were the victim of a physician’s sexual misconduct. Having a chaperone present during intimate physical examinations may be beneficial to both the physician and the patient. First, it may provide reassurance to patients, demonstrating both respect for their concerns and an understanding of their vulnerability. Second, the use of chaperones can provide legal protection for the physician in the event of a misunderstanding or false accusation of sexual misconduct on the part of the patient.

Recommendations

1. A provider should always use a chaperone when performing breast or pelvic examinations.

2. Consideration should also be given to the use of a chaperone for:

   • Rectal and/or testicular examinations.

   • Unusual situations where the physician is concerned that the patient, spouse, or family member may seem uncomfortable or apprehensive.

   • When a parent or spouse demands to be present.

   • When a patient acts seductively or otherwise inappropriately.

3. The presence of a chaperone must always be documented in the patient’s medical record.

   • The provider can simply document “chaperone in room for the entire exam” and the chaperone’s initials.

   • Adding the name and title of the staff member who chaperoned the exam allows you to verify their presence at a later date should the need arise.

4. A chaperone should be present even if the provider is the same gender as the patient.

5. Chaperones should be educated about patient privacy and confidentiality issues.

6. Unless specifically requested by the patient, family members should not be used as chaperones.

7. Respect for the patient’s privacy can be further maintained by speaking to the patient privately before and/or after the examination.

The Risk

Patient satisfaction is an integral part of providing healthcare, regardless of the clinical setting. Dissatisfaction with medical care may be a harbinger of medical malpractice litigation. When you receive a complaint about care, how you handle the situation may directly impact the potential for any future litigation. All physician office practices should have a policy or protocol in place to address patient complaints.

Recommendations

1. One individual should be identified and consistently used as the primary person to address patient complaints. This is often the office manager.

2. All staff should know to whom complaints should be addressed, as well as what information constitutes a complaint that requires attention or intervention by that person. This should, at a minimum, include:

   • Written or verbal complaints regarding medical care.

   • Billing or payment issues that involve concerns about the clinical care.

   • Letters of complaint from third-party payors, IPRO, the New York State Department of Health, or other regulatory entities. We recommend that you retain personal counsel for assistance in formulating written responses to such agencies.

3. Effective communication skills are essential when addressing a patient complaint:

   • Express concern for the patient’s condition and well-being.

   • Never be adversarial or defensive.

   • Be an active listener, and ask questions when appropriate.

   • Avoid judgmental comments about patients and their families or negative remarks about staff, physicians, or other providers.

   • Investigate complaints and follow up as indicated.

4. Conversations with patients should be documented in the medical record. It is appropriate to quote the patient when documenting their concerns.

5. Keep letters of response to complaints concise and simple. A copy of the written response should be kept in the patient’s medical record.

6. When complaints involve clinical issues or are complex, physicians or other providers should be involved in addressing the situation.

7. Attorneys’ requests for records may be an indication of a patient’s unhappiness. The patient’s medical record should be reviewed in conjunction with these requests in an effort to assess the potential for medical malpractice litigation.

8. Consider seeking guidance when presented with unusual or difficult situations. MLMIC staff are available to assist insureds with handling complaints, formulating responses, and determining potential exposure to claims of malpractice.

9. Never document any contact with MLMIC or your attorneys in the patient’s medical record.

The Risk

As the use of EHRs has become widespread, documentation practices and workflow patterns have changed significantly and have added to a growing clinical and administrative workload. The use of this technology has increased the amount of time necessary to complete medical record documentation and order entry.

One way that physicians have chosen to address these issues is through the use of scribes. Scribes originated in the fast-paced clinical setting of the emergency department (ED) as a way to reduce the time physicians needed to spend documenting care in an electronic format. The use of scribes has expanded from these roots in the ED to numerous other clinical settings. Scribes perform EHR data entry under the direct supervision of a licensed professional, freeing the physician or other provider to spend more time directly interacting with the patient.

As unlicensed members of the healthcare team, the recruitment, training, and supervision of scribes is paramount in managing their use in all clinical settings. Whether you are currently using scribes in your practice or are considering employing them, the following recommendations may be useful in evaluating your program or determining strategies for implementation.

Recommendations

1. Use documentation policies for your organization that comply with regulatory requirements. In addition, practices should monitor federal, state, and regulatory changes to maintain compliance with these guidelines.

2. Develop a written job description for scribes that outlines required qualifications and competencies, including proficiency with your EHR system and medical terminology. Clearly delineate job responsibilities.

3. Provide orientation that includes, but is not limited to, HIPAA, privacy regulations, organizational policies, and patient rights.

4. Scribes should not perform any clinical functions or provide any direct patient care (unless they are otherwise a licensed healthcare provider, such as a licensed practical nurse or registered nurse). This includes:

   • Acting independently.

   • Touching patients.

   • Handling bodily fluids or specimens.

   • Translating for a patient.

   • Interpreting any information.

   • Conducting other duties while acting as a scribe.

5. Scribes should be assigned their own unique user ID/password credentials to access the EHR system. All entries to the record made by scribes must be while logged in with their own password and user ID. In the event that a licensed clinical staff member functions as a scribe, he/she must have two separate user IDs and passwords and use them accordingly.

6. Introduce the scribe to the patient, and give the patient the opportunity to decline having the scribe present during the examination.

7. The primary responsibility of the scribe should be to document the clinical encounter, including the history of present illness, a review of symptoms, the physical exam, and the assessment and plan, as presented by the provider. Scribes may also create pending orders as dictated by the provider. Providers must review and complete all medical orders.

8. All information entered into a medical record by a scribe must include:

   • The name of the patient and the provider providing care.

   • The date and time.

   • Authentication.

9. Providers must review the scribe’s documentation and verify the entry. An attestation statement should include:

   • Affirmation of the provider’s presence during the time the encounter was entered.

   • Confirmation that the provider reviewed the information and verified its accuracy.

   • Authentication, including date, time, name, and credentials.

10. Perform regular audits/assessments of the scribe’s documentation, and provide constructive feedback for performance improvement, as indicated.

The Risk

The failure to properly handle and document after-hours telephone calls can adversely affect patient care and lead to potential liability exposure for the physician. Should an undocumented telephone conversation become an issue in a lawsuit, the jury is less likely to believe the recollection of the physician, who receives a large number of calls on a daily basis.

Recommendations

1. Establish a system to help ensure that all after-hours calls are responded to in a reasonable time frame and documented in the patient’s medical record.

2. Medical record documentation of after-hours calls should include the following:

   • The patient’s name.

   • Name of the caller if he/she is not the patient, and the individual’s relationship to the patient.

   • Date and time of the call.

   • Reason or nature of the call, including a description of the patient’s symptoms or complaints.

   • Medical advice or information that was provided, including any medications that were prescribed.

3. If the patient’s condition warrants the prescription of medications, it is important to inquire about and document any medication allergies, as well as any other medications the patient is currently taking.

4. If you use an answering service, it should be periodically evaluated for courtesy, efficiency, accuracy, and proper recordkeeping.

5. The use of answering machines or voicemail systems for after-hours calls is not recommended for the following reasons:

   • There are no safeguards in the event of a malfunction.

   • Patients do not always understand that no one will call back, even if this is stated in the message.

   • If, as a last resort, an answering machine or voicemail must be used, the message should be brief and simple and include the following: “The office is now closed. If you believe you are experiencing a medical emergency, please disconnect and call 911.”

6. When after-hours coverage is provided by another physician’s practice, a process should be in place to ensure that documented telephone conversations are promptly forwarded to your office.

The Risk

Effective communication is the cornerstone of the physician-patient relationship. Patients’ perceptions of physician communication skills may impact the potential for allegations of malpractice. The following suggestions are designed to promote open communication and help you reach an accurate diagnosis and develop an appropriate plan of care.

Recommendations

1. Employ active listening techniques, and allow the patient sufficient time to voice their concerns.

2. Sit at the level of the patient and maintain eye contact.

3. Assess the patient’s literacy level. This may be as simple as asking what the highest grade level the patient attained is (https://www.ahrq.gov/professionals/quality-patient-safety/quality-resources/tools/literacy/index.html).

4. Use lay terminology when communicating with patients and their families.

5. Develop plans to communicate with patients who are hearing impaired or have limited English proficiency (https://www.ada.gov/effective-comm.htm).

6. Utilize the teach-back method when providing patients with instructions and information. This technique requires that patients repeat the information provided in their own words. The teach-back method is particularly useful in assessing patients’ understanding of:

   • Informed consent discussions.

   • Medication instructions, including side effects and adverse reactions.

   • Test preparation.

   • Follow-up instructions.

   If the patient is unable to convey the information, it should be restated in simpler terms, perhaps by utilizing pictures and/or drawings.

7. Evaluate your educational tools and consent forms to determine the grade level at which they are written. This will allow you to provide written materials that are understandable to the majority of your patient population. Techniques that determine the readability and comprehension levels of documents are available from numerous sources, including:

   • https://www.cms.gov/outreach-and-education/outreach/writtenmaterialstoolkit/downloads/toolkitpart11.pdf

   • http://www.readabilityformulas.com/

8. At the conclusion of your patient encounter, ask the patient/family if they have any questions or concerns that have not been addressed.

9. Medical record documentation should reflect all aspects of patient interactions and comprehension. This will demonstrate the effectiveness of your communication skills and promote patient satisfaction, which may reduce your potential exposure to claims of malpractice.

The Risk

Lack of communication between providers may result in poor coordination of care. This may include a delay in diagnosis or treatment, the failure to order diagnostic testing or act upon abnormal test results, or the failure to prescribe appropriate medications. Clearly defining the roles and responsibilities of the referring and consulting providers will promote safe and effective patient care.

Recommendations

1. A tracking system should be in place to determine if the patient obtained the recommended consultation.

2. Referring physicians should develop a process for determining whether a report has been received from the consulting provider.

3. All consultation reports must be reviewed by the referring physician prior to being placed in the patient’s medical record.

4. If a patient has been noncompliant in obtaining the recommended consultation, follow-up is necessary. Document all attempts to contact the patient and any discussions with the patient, including reinforcement of the necessity and reason for the consultation.

5. If a report is not received in a timely manner, contact the consultant to determine if the patient has been seen and whether a report has been generated.

6. Consultants should routinely send reports to referring physicians in a timely manner. These reports should include the:

   • Findings.

   • Recommendations, including interventions.

   • Delineation of provider responsibility for treatment and follow-up of test results.

7. The consultant should contact the referring physician when a patient fails to keep an appointment. The medical record should reflect the missed appointment and notification of the referring physician.

8. All telephone conversations between referring and consulting providers should be documented. Timely communication must occur when an urgent or emergent clinical finding is identified.

The Risk

The communication of test results is an important part of providing care and may involve various healthcare professionals. Test results may be overlooked, lost, scanned into the wrong record, etc. Abnormal test results requiring follow-up present an additional risk if they are not received, reviewed, or communicated to the patient. This may result in missed or delayed diagnoses, patient injuries, and subsequent claims of malpractice. If a physician orders a test, he/she is responsible for ensuring that the results have been received and reviewed. Physician practices should have policies and procedures in place for the management of test results.

Recommendations

1. All ordered tests must be documented in the patient’s medical record.

2. A process should be in place to confirm and document the receipt of test results. Many EHR systems allow practices to efficiently track pending laboratory/diagnostic studies.

3. All incoming laboratory reports and diagnostic tests must be reviewed and authenticated by the provider.

4. The provider must document communication of the test results to the patient. Any recommendations or interventions must also be documented.

5. Providers should have a system in place for the follow-up of pending laboratory/diagnostic test results for their patients who have been discharged from the hospital or ED. Receipt and review of these results should be documented in the patient’s medical record. Communication of the results to the patient should also be documented.

6. It is important for physicians to clearly establish who is responsible for follow-up when tests are ordered for a patient by another specialist or consultant.

7. Patients should be advised of all test results, normal or abnormal. This communication should be documented in the medical record.

The Risk

The lay public often has limited knowledge and understanding of medical terminology. A patient’s ability to understand medical information may be compounded by stress, age, illness, and language or cultural barriers. Effective communication with patients may improve compliance with treatment regimens, enhance the informed consent process, and increase safe medication use. Physician office practices can improve the patient experience and reduce potential liability exposure by employing the following recommendations.

Recommendations

1. Use lay terminology whenever possible. Define technical terms with simple language. Patient education materials should be written in plain language, avoiding the use of medical jargon.

2. Verbal instructions may be reinforced with visual aids and printed materials that are easy to read and include pictures, models, and illustrations. Consider using nonprinted materials, such as videos and audio recordings, as indicated.

3. Offer to assist your patients when completing new patient information or any other practice documents. Provide this help in a confidential way, preferably in an area that is private and conducive to this type of information exchange. Encourage your patients to contact you with any further questions.

4. The use of interpreters may be indicated for patients who are not fluent in the English language.

5. At the end of the encounter, use open-ended questions rather than yes/no questions to further assess patient understanding. Try asking “What questions do you have for me?” instead of “Do you have any questions?”

6. Providers and staff should be familiar with and utilize the principles of the teach-back method when reviewing new medications or treatment plans with patients. First, teach a concept, and then ask patients to repeat back the information they just heard in their own words.

7. Patients and family members may be embarrassed by or unaware of their healthcare literacy deficits. An empathetic approach to understanding patient health literacy will enhance your physician-patient relationship.

The Risk

Once the physician-patient relationship is established, physicians have a legal and ethical obligation to provide patients with care. However, there may be circumstances when it is no longer appropriate to continue the physician-patient relationship. A physician may choose to discharge a patient for a variety of reasons, such as noncompliance with treatment, failure to keep appointments, or inappropriate behavior. Properly discharging a patient from care can be a complex issue. In order to avoid allegations of abandonment, providers should consider establishing a formal process for discharge.

Recommendations

1. The discharge of each patient must be determined by the physician on an individual basis and based on medical record documentation of patient noncompliance or disruption. We recommend that you contact MLMIC’s Legal Department for specific advice.

2. A formal patient discharge should be made in writing. You must give the patient at least 30 days from the date of the letter to call you for an emergency in order to avoid charges of abandonment. This time period may be longer depending on the patient’s condition and the availability of alternative care.

3. The three most common reasons physicians discharge patients are:

   • Nonpayment.

   • Noncompliance with the physician’s recommendations.

   • Disruptions in the physician-patient relationship.

4. The discharge is to be effective as of the date of the letter.

5. Refer the patient to the local county medical society, his/her health insurer, or a hospital referral source to obtain the names of other physicians.

6. Provide the patient with prescriptions for an adequate supply of medication or other treatment during the 30-day emergency period.

7. Use the USPS certificate of mailing procedure, not certified mail, to send the discharge letter so that it cannot be refused/unclaimed by the patient and can be forwarded if the patient has moved.

8. When the patient to be discharged is in need of urgent or emergent care or continuous care, is more than 24 weeks pregnant, or has a disability protected by state and federal discrimination laws, the question of whether the patient can be discharged should first be discussed with counsel, since discharge may not always be possible.

9. Become knowledgeable about the requirements regarding any restrictions on discharge imposed by the third-party payors with whom you participate.

10. Promptly send the patient’s records to his/her new physician upon receipt of proper authorization.

11. Flag the office computer or other appointment system in use to avoid giving the patient a new appointment after discharge.

12. Document the problems that led to the discharge in the patient’s record.

Form letters and a memorandum on the discharge of patients are available from MLMIC’s Legal Department.

The Risk

Physicians are often asked by close friends, relatives, or colleagues for medical advice, treatment, or prescriptions both inside and outside of the office. At times, these individuals may be seen by you as a courtesy and/or at no charge. Although the American Medical Association advises physicians not to treat immediate family members except in cases of emergency or when no one else is available, this practice continues to occur.

Over the years, we have seen a number of lawsuits filed against physicians by close friends and colleagues and even their own family members because of care provided by our insureds. The defense of these suits is frequently hampered by the fact that there are often sparse or entirely nonexistent medical records for the patient. The failure to maintain a medical record for every patient is defined as professional medical misconduct by Education Law §6530(32). Providing care under these circumstances may pose unique risks. Here are some recommendations about how to handle these situations.

Recommendations

1. Always create a medical record for friends, relatives, and colleagues to whom you provide care of any kind.

2. All patient encounters must be documented in the medical record, including those that occur outside the medical office.

3. Take a complete medical history when seeing friends, relatives, or colleagues as patients. If indicated, this should include issues that may be uncomfortable to discuss, such as the use of psychotropic medications or sexual history.

4. A thorough medication history should be obtained from the patient to avoid potential drug interactions. Identify any contraindications when prescribing medication.

5. Perform a thorough physical examination. Sensitive portions of a physical examination should not be deferred when pertinent to the patient’s complaints. These may include breast, pelvic, or rectal examinations. A chaperone should be used for those portions of the examination.

6. Do not write prescriptions, especially for controlled substances, for individuals with whom you do not have an established professional relationship. Always document the reasons for prescribing medications along with the dose. If narcotics are prescribed, consult the New York State Prescription Monitoring Program (I-STOP) registry, and document that in the medical record.

7. When a surgical procedure is to be performed:

   • A signed informed consent form must be obtained and placed in the medical record.

   • The medical record must contain documentation that the informed consent conversation with the patient has occurred and that the patient consented to the procedure.

The Risk

Patient noncompliance is one of the most difficult challenges for healthcare providers. Noncompliance may include missed appointments and failure to follow a plan of care, take medications as prescribed, or obtain recommended tests or consultations. The reasons given by patients for noncompliance vary but may include denial that there is a health problem, the cost of treatment, fear of the procedure or diagnosis, and not understanding the need for care. Physicians and other healthcare providers need to identify the reasons for noncompliance and document their efforts to resolve the underlying issues. Documentation of noncompliance helps protect providers in the event of an untoward outcome and allegations of negligence in treating the patient.

Recommendations

1. Establish an office policy to notify providers promptly of all missed and cancelled appointments. We recommend that this be done on a daily basis.

2. Formalize a process for follow-up with patients who have missed or cancelled appointments, tests, or procedures. This process should include recognition of the nature and severity of the patient’s clinical condition to determine how vigorous follow-up should be.

   • Consider having the physician make a telephone call to the patient as a first step when the patient’s condition is serious.

   • If the patient’s clinical condition is stable or uncomplicated, staff should call the patient to ascertain the reason for the missed or cancelled appointment.

   • All attempts to contact the patient must be documented in the medical record.

   • If no response or compliance results, send a letter by certificate of mailing outlining the ramifications of continued noncompliance.

3. During patient visits, emphasize the importance of following the plan of care, taking medications as prescribed, and obtaining tests or consultations.

4. Seek the patient’s input when establishing a plan of care and medication regimen. Socioeconomic factors may contribute to the patient’s noncompliance.

5. To reinforce patient education, provide simple written instructions regarding the plan of care. Use the teach-back method to confirm that patients understand the information and instructions provided.

6. With the patient’s permission, include family members when discussing the plan of care and subsequent patient education in order to reinforce the importance of compliance.

7. When there is continued noncompliance, patient discharge from the practice may be necessary. The attorneys of MLMIC’s Legal Department are available to discuss patient noncompliance and the discharge of a patient.

The Risk

Many procedures are performed in the office setting using physician-owned or leased medical equipment. The failure or malfunction of this equipment may lead to patient, staff, or provider injury. The appropriate maintenance of this equipment is essential to patient safety.

Recommendations

1. A process should be in place for the maintenance of medical equipment. The manufacturers’ directions for use and recommended preventative maintenance schedules should be followed.

2. A record of all maintenance activities should be generated and retained.

3. All patient care equipment should be inspected on an annual basis at a minimum or more often if recommended by the manufacturer.

4. Equipment should be labeled with the inspection date, the initials of the inspector, and the date the next inspection is due.

5. A designated staff member should confirm that all required inspections and preventative maintenance of equipment are performed at appropriate intervals.

6. Relevant staff should be properly trained in the use of medical equipment. Documentation of training and education should be maintained in their personnel files.

7. The scope of practice of medical personnel/licensed staff must be considered when they perform or assist in a procedure and/or use medical equipment.

8. A process should be in place that requires the immediate removal of malfunctioning equipment from use in the practice. This process should include a provision to sequester any piece of equipment that may be directly involved in injury to a patient, staff member, or provider. Prompt notification to your medical professional liability insurance carrier is recommended when an equipment-related patient injury occurs.

The Risk

Obesity continues to be a serious health issue in the United States. Physicians’ offices may not be well equipped to accommodate patients of size. Injuries can occur if appropriate equipment is not available to accommodate them. Further, bias or ambivalence by healthcare professionals in treating obese patients can negatively affect patient care and lead to poor outcomes. Providing a safe environment while optimizing sensitivity to the needs of this patient population will enhance patient care and minimize your exposure to claims of negligence.

Recommendations

1. Examination rooms and waiting areas should include appropriate and safe furnishings, such as large sturdy chairs, high sofas, benches, or loveseats that can accommodate patients of size and visitors.

2. Diagnostic and interventional equipment that can accommodate morbidly obese patients should be available. This may include but is not limited to:

   • Appropriate scales for patients who weigh more than 350 lbs.

   • Extra-large adult-sized blood pressure cuffs.

   • Gowns to accommodate patients weighing more than 350 lbs.

   • Extra-long phlebotomy needles and tourniquets.

   • Large examination tables.

   • Floor-mounted toilets.

   • Sturdy grab bars in bathrooms.

   • Sturdy step stools in examination rooms.

3. The office staff should be knowledgeable about the weight limits of their office equipment. Color-coded labels can be used to discreetly identify weight limits.

4. The office staff should be educated and trained in techniques to safely assist and transfer patients of size.

5. Although patients of size may face many additional medical issues, they are less likely to obtain preventative care and more likely to postpone or cancel appointments because of embarrassment and/or a feeling of bias on the part of healthcare providers. Patient support and follow-up are important.

6. Healthcare providers should assess their own potential for weight bias, recognize any preconceived ideas and attitudes regarding weight, give appropriate feedback to patients to encourage healthful changes in behavior, and encourage patients to set goals and actively participate in their plan of care.

7. Staff should be educated about the needs of this patient population to enhance staff members’ ability to demonstrate understanding, respect, and sensitivity.

The Risk

Medication errors result in a significant portion of medical liability claims. Patient harm can result from known risks, adverse or allergic reactions, drug interactions, and errors in prescribing. Careful attention to detail in prescribing and monitoring the use of medications promotes patient health and safety.

Recommendations

1. Physicians must discuss the indications, risks, benefits, and alternatives of prescription medication with their patients and document these discussions in the medical record.

2. The patient’s allergy history should be reviewed prior to prescribing.

3. Allergies/sensitivities should be documented in a highly visible and pertinent part of the record.

4. Medication reconciliation should be performed on a routine basis, including the use of herbal supplements and over-the-counter drugs. Patients should be encouraged to bring a list of medications or actual prescription bottles to their visit(s) to facilitate this process.

5. Written consent should be obtained for high-risk medications such as allergy shots, joint injections, fertility medications, chemotherapy, etc.

6. The blood levels/side effects of certain medications should be monitored with laboratory and/or diagnostic tests as indicated. Test results should be reviewed and adjustments made as necessary.

7. Discontinuance of or a change in medication(s) should be documented in the medical record, including the rationale for the change.

8. Patient visit intervals should be established for the continuance of prescription medications.

The Risk

Medication samples are widely used in a physician’s office practice. A standard process should be in place for the proper handling, storage, dispensing, and disposal of medication samples. The safe management of medication samples can help prevent medication errors and subsequent patient injuries.

Recommendations

1. Develop policies and procedures for storing, handling, dispensing, and disposing of medication samples in your office practice.

2. Store medication samples in a safe and secure location in your office practice to reduce the risk of theft and unauthorized use. Limit access to medication samples to licensed staff members. These samples must not be kept in examination rooms or areas that are easily accessible to patients and visitors (e.g., in unlocked drawers or on countertops). Follow the manufacturer’s recommendations for the storage of each drug.

3. Maintain a log of your supply of medication samples. The log should include documentation of the monitoring of expiration dates.

4. Assign the responsibility for monitoring and tracking the inventory of medication samples to a licensed staff member.

5. Explain the proper use of the medication to patients. Include any special instructions or warnings in that discussion, and document the same in the patient’s medical record.

6. The sample medications should be labeled according to the provider’s order with the same labeling requirements as a pharmacy. According to New York State Education Law §6807(1)(b), the label should include:

   • The name of the patient.

   • The name of the drug.

   • The dosage.

   • The name of the practitioner prescribing the medication.

   • How often to take the medication.

   • How much medication was prescribed (number of pills).

   • Special instructions on how to take the medication (e.g., with meals).

7. Properly dispose of expired medication samples in accordance with state, federal, and local laws.

The Risk

Patient nonadherence to a prescribed medication regimen is a common problem that physicians in all specialties encounter. Some factors that may influence medication adherence include the complexity of the regimen, the age of the patient, and the cost of medications. Patients and/or caregivers should be advised of the importance of taking medications exactly as directed. Educating patients regarding the use of medications should include information about potential drug interactions, side effects, and other related problems that may warrant medical interventions.

Recommendations

1. Prescribing providers should educate patients about each medication, including its name, appearance, purpose, and effect. This education should include any potential side effects and/or interactions associated with the medication regimen. It should also stress the importance of contacting a healthcare provider should any reactions, questions, or concerns arise.

2. Query patients regarding any underlying issues with medication selection in order to resolve any concerns.

3. The importance of using only one pharmacy to obtain all medications should be emphasized to patients or their representatives.

4. Patients should be advised to:

   • Keep an accurate list of all medications they take — including generic and brand names, over-the-counter medications, and herbal supplements — which includes dosages, dosing frequency, and the reasons for taking the medication.

   • Maintain a complete list of medical providers and their contact information.

   • Post the name and telephone number of their local pharmacy in a prominent location, along with the name and phone number of their physician.

   • Establish a daily routine when taking their medications.

   • Bring a list of all medications they are taking to each and every appointment.

5. Make patients aware of the various medication adherence aids and devices available, such as dosing reminders, pill boxes, and refill reminder programs.

6. Provide useful written information in plain language that clearly explains how patients can correctly manage their medications.

7. Consider utilizing the teach-back method when explaining medications to patients. First, teach the information, and then ask patients to repeat it back in their own words.

8. Physicians should help patients manage their medications, caution them not to share medications, and advise them to follow storage recommendations and dispose of old medications properly.

The Risk

The management of chronic pain through the prescription of controlled medication poses challenges and risks to both the patient and the healthcare provider. Common allegations against providers in pain management claims include:

• Liability for failing to adequately treat pain.

• Liability for allegedly inappropriately prescribing controlled substances.

• Potential for civil charges being brought against a physician or other provider for the patient’s diversion of narcotics and/or drug abuse or overdose.

• Liability for failing to recognize a patient’s addiction and/or diversion and not referring the patient for treatment.

Recommendations

1. Perform and document a thorough initial evaluation of the patient. This should include a history and assessment of the impact of the pain on the patient; the nature, type, and cause of the pain; and a focused physical examination to determine if there are objective signs and symptoms of pain. The provider should also review pertinent diagnostic studies, previous interventions, and drug history and assess the extent of coexisting medical conditions that impact the patient’s pain. It is important to obtain the names of all other providers the patient is seeing or has seen and the pharmacies the patient uses.

2. Develop a specific treatment plan based on the evaluation.

3. Maintain accurate and complete medical records that clearly support the rationale for the proposed treatment plan.

4. Perform a thorough informed consent discussion regarding the plan of care, including the risks, benefits, and alternatives as well as the risks of the alternatives, such as no treatment with controlled substances.

5. Request the patient’s consent to obtain copies of the records of all prior treating physicians, and review these records before prescribing controlled substances to determine if there is a history of drug-seeking behavior or drug abuse.

6. Use a written pain management agreement when prescribing controlled substances forpatients with chronic pain. If the patient has a prior history of drug abuse, refer him/her to a pain management practice or clinic, if possible. A pain management agreement outlines the expectations of the provider and the responsibilities of the patient, including:

   • A baseline screening of urine/serum medication levels.

   • Periodic unannounced urine/serum toxicology screenings.

   • Medications to be used, including dosage(s) and frequency of refills.

   • A requirement that the patient receives medications from only one physician and uses only one pharmacy.

   • The frequency of office visits.

   • Any reasons for discontinuance of drug therapy (e.g., violation of agreement). A sample pain management agreement can be obtained by contacting MLMIC’s Legal Department at (844) 667-5291.

7. Document and monitor all prescriptions and prescription refills.

8. Consult the I-STOP registry prior to prescribing any controlled pain medications. Document either that you have consulted the registry or the circumstances surrounding why consultation was not performed.

9. Protect prescription blanks if still utilized in your practice. Limit and monitor staff access to computer-generated prescriptions.

10. Take positive action if you suspect patient addiction or diversion. Public Health Law §3372 requires a physician to report to the New York State Department of Health Bureau of Narcotic Enforcement any patient who is reasonably believed to be a habitual user or abuser of controlled substances by calling (518) 402-0707.

11. Refer the patient for treatment of addiction, if appropriate, and document this discussion with the patient in the medical record.

12. If a patient is believed to be selling/diverting narcotics, and the patient’s random urine test confirms no drug use or there has been a forgery or theft of prescriptions, contact MLMIC’s Legal Department to discuss how to discharge the patient and how to handle requests for medications from the patient before the discharge is final.

The Risk

Healthcare professionals share in the responsibility to minimize prescription drug abuse and drug diversion. Physicians are tasked with differentiating patients in need of effective pain management from those who may be seeking drugs for inappropriate reasons. The following recommendations are intended to provide guidance to healthcare providers when confronted with drug-seeking patients.

Recommendations

1. Perform a complete review of the patient’s pertinent history, and conduct a thorough medical evaluation. Address and document all objective signs and symptoms of pain.

2. Exercise concern when dealing with patients who are not interested in having a physical examination, are unwilling to authorize the release of prior medical records, or have no interest in a diagnosis or a referral, saying they want the prescription immediately.

3. Be cautious if a new patient has unusual knowledge of controlled substances or requests a specific controlled substance and is unwilling to try any other medication.

4. Document a trial of non-narcotic medication and/or physical therapy before choosing to place the patient on a controlled substance.

5. If you are able to identify the true source of the patient’s pain, document that and any positive test results in the medical record.

6. New York State physicians must consult the I-STOP registry prior to prescribing any Schedule II, III, or IV controlled substances. To establish a Health Commerce System account to enable you to do so, access the website at https://www.health.ny.gov/ professionals/narcotic/prescription_monitoring.

7. Document the patient’s informed consent for treatment of chronic pain with controlled substances. Have the patient sign a written pain management agreement (available from MLMIC’s Legal Department) when prescribing controlled substances for chronic pain.

8. Specifically document drug treatment outcomes and the rationale for medication changes.

9. Assess whether further treatment for addiction or pain management is appropriate, and document this discussion with the patient. If necessary, refer the patient for consultation to a pain management clinic or rehabilitation facility.

10. Carefully monitor and protect Official New York State Prescription pads if you use them. Unless an exemption is applicable, prescriptions for controlled substances are to be electronically dispensed.

11. When electronically issuing or writing a prescription for controlled substances, write the quantity and the strength of drugs in both letters and numbers to prevent alteration.

12. Report patients who are reasonably believed to be habitual users or abusers of controlled substances to the New York State Department of Health Bureau of Narcotic Enforcement. This is required by New York State Public Health Law §3372.

13. Contact MLMIC’s Legal Department to discuss how to address a patient you believe is selling/diverting narcotics or altering, forging, or stealing prescription pads.

The Risk

The “copy and paste” function of EHR systems allows users to easily duplicate information such as text, images, and other data within or between documents. While this function offers convenience and efficiency to healthcare providers, it also poses unique liability risks when the information copied and pasted is either inaccurate or outdated. Further, redundancy within the new entry may cause difficulty in identifying current information and create overly lengthy progress notes.

Recommendations

1. Develop a comprehensive policy and procedure for the appropriate use of the copy and paste function. The policy should include a process to monitor and audit both staff members’ and providers’ use of this function.

2. Educate all users about:

   • The importance of verifying that the copied and pasted information is correct and accurately describes the patient’s current condition.

   • The risks to patient safety in the inappropriate use of this function.

   • The importance of adhering to all regulatory, legal, and compliance guidelines.

3. Determine what portions of the record may be copied and pasted. At a minimum, the healthcare provider’s signature(s) should not be copied and pasted.

4. Confirm that the source of information that has been copied and pasted can be readily identified and is available for review in the future.

5. Confirm that the history of the present illness is based on the patient’s description during that visit.

6. Use the medical, social, or family history from a previous note only after it has been reviewed with the patient to confirm it is current.

7. Verify that the diagnoses in your assessment are only those addressed during that visit. Although some EHRs allow the copying of all diagnoses in the problem list, some may either have already been resolved or are not the reason for this particular encounter.

8. Contact your EHR vendor as necessary to help you and your staff comply with established policies. This may include the vendor making modifications that disable the copy and paste function in designated fields and assisting in performing audits of the use of the copy and paste function by staff and providers.

The Risk

The presence of laptops/tablets in examination rooms has become commonplace as more providers implement EHRs. This method of documentation may place a barrier between the provider and the patient. Providers may miss nonverbal cues, and patients may perceive an electronic device as a hindrance to communication. In several recent medical malpractice cases, plaintiffs testified that the provider spent too much time entering information into the computer and not enough time listening. Utilizing effective communication skills to engage the patient while using a computer will enhance the integration of this technology into healthcare and improve the patient experience.

Recommendations

1. Analyze the examination room for placement of the computer. Position the computer in a way that enhances provider-patient communication. Consider using a cart on wheels to position the computer so that the provider faces patient.

2. Establish eye contact with the patient, and listen to his/her concerns before using the computer. Look at the patient while you speak.

3. Reassure the patient that you are listening to him/her.

4. Utilize the POISED¹ model:

   • P = Prepare for the visit.

   • O = Orient the patient to what you are doing.

   • I = Information gathering — allow time for conversation.

   • S = Share what you are looking at on the screen with the patient.

   • E = Educate the patient, and reinforce the plan of action.

   • D = Debrief and assess the degree to which the patient understands the recommendations and plan. Utilize the teach-back method.

5. Print a copy of the visit for the patient, and retain a copy in the patient’s record (e.g., after-visit summary).

6. When computers remain in examination rooms, providers must log off at the completion of the encounter to protect patient privacy.

The Risk

Patient portals are an effective tool to actively engage patients in their care and improve health outcomes. However, healthcare professionals must be aware of the potential risks presented by this technology. Some of these risks include reliance on the patient portal as a sole method of patient communication, patient transmission of urgent/emergent messages via the portal, the posting of critical diagnostic results prior to provider discussions with patients, and possible security breaches resulting in HIPAA violations. Implementing appropriate policies and procedures in the use of portals will enhance patient communication and mitigate liability risks for the practice.

Recommendations

1. Develop comprehensive patient portal policies that include:

   • Patient username and password requirements (i.e., a minimum number of characters that include capitals and nonalphabetic characters).

   • A privacy/confidentiality statement on all outgoing messages.

   • Encryption updates.

   • Account lockout after a specified number of failed login attempts.

   • A mechanism to ensure termination of user access when indicated (e.g., the patient leaves the practice, death, and inappropriate use of the portal).

   • Time frames for responding to patient communication.

   • Designated responsibility for replying to patients when the primary provider is not available.

   • Utilizing a two-factor identifier system for the importation of diagnostic studies into the patient portal.

   • Monitoring patient access to posted diagnostic results.

   • A follow-up system for patients who do not access the portal.

   • A mechanism to notify patients if the portal is not functioning properly. A notification should be placed on the practice’s website and included in any prerecorded telephone message.

   Consider giving family members or patient representatives their own sign-in to the portal so that all can be on board with the recommended treatment plan.

2. Advise patients of the reporting mechanisms for:

   • Email address changes.

   • Questions regarding portal use.

   • Potential errors in their information.

   • Suspected breaches of privacy.

3. Providers should not use the portal as the means to communicate critical/significant diagnostic results. Diagnostic results should not be posted to the portal until this communication has occurred.

4. Instruct patients that the portal is not to be used to evaluate and treat new problems.

5. Utilize a disclaimer on the portal that clearly states it is not to be used for emergencies/urgent problems, and include instructions for patients to call 911 or go to the nearest ED.

6. Consider implementing a patient portal user agreement that:

   • Defines the information patients may access (e.g., appointments, medication refill and referral requests, form downloads, routine appointment reminders, and laboratory reports).

   • Prohibits requests for narcotic medication refills.

   • States that the patient portal is the only permissible method of electronic communication with the practice.

   • Includes the disclaimer statement regarding urgent/emergent/new problems.

7. Have staff educate patients regarding the use of the portal and the contents of the portal user agreement upon patient sign-up and as necessary.

For additional resources, please contact the attorneys of MLMIC’s Legal Department.

The Risk

With virtually all medical offices and healthcare facilities connected to the internet and using computer systems for the practice of medicine, maintaining the security of computers and other electronic devices as well as the privacy of patients’ PHI has become critical.

The following are tips for staff and providers to secure this technology and information.

Recommendations

1. Require that staff and providers have strong and unique passwords:

   • Passwords should have a minimum of 12 characters and include uppercase and lowercase letters as well as numbers and symbols.

   • Passwords should be changed at set intervals.¹

2. Do not share passwords. Do not allow others to document in an EHR under your password while you are logged on.

3. Grant staff access to an EHR only on a “need-to-know” basis:

   • Each individual should be granted access only to the information necessary to perform their job.

   • If an employee transfers to a different job function, have a process in place to reduce or increase their access based on the new job functions.

4. Educate staff not to:

   • Plug in their personal devices to USB ports on the system’s computers.

   • Install software on their work computers without prior approval.

   • Click on suspicious links in emails.

   • Allow USB devices to leave the facility unencrypted.

5. Position computers and printers away from patient and visitor traffic and consider the use of screen filters to prevent PHI being seen by others.

6. Encrypt all computer hard drives. At a minimum, all laptops and tablets should be encrypted, especially if they are to leave the facility.

7. Provide frequent and ongoing cybersecurity education and training.

8. Policies and procedures should clearly define the disciplinary actions to be taken for inappropriate use of the computer system.

9. Develop a cybersecurity incident response process to address a security breach or cyberattack, and test it at least annually to confirm that there is:

   • A defined procedure for reporting any suspected information security incident.

   • An obligation for employees to report any suspected incident immediately upon discovery.

   • One or more individuals with clearly assigned responsibilities for managing incidents.

10. Promptly disable an individual’s access to the computer system upon their leaving employment:

    • For involuntary dismissal, disable access prior to the notification of termination.

    • If access to the employee’s emails, voicemail, etc., is necessary, assign another qualified individual to address any information that requires review or action.

11. Maintain inventory control of all computerized devices, including laptops, thumb drives, and handheld devices.

12. Install appropriate antivirus software, and update devices frequently to protect the computer system from security vulnerabilities.

13. Perform system back-ups of files and data routinely. Test back-up restoration semi-annually at a minimum.

14. Perform audits to ensure compliance with health information technology policies and any applicable regulations.

The Risk

Healthcare providers recognize that, along with their practice websites, public websites such as Yelp, Healthgrades, and Rate MDs and social media sites such as Facebook and Twitter can be used as marketing tools to inform the public of their services. The online community, however, is then afforded an opportunity to respond, rate, and, at times, complain about those services. These statements and reviews are readily accessible to anyone with an internet-ready device to open and read.

While there is a basic instinct to immediately respond to negative online reviews, healthcare providers must remember that privacy rules make a complete response via social media inappropriate, and responding directly to an online post puts the healthcare provider at risk of disclosing PHI. Your response may not contain any identifying statements, but the mere recognition of a patient-provider relationship is a potential HIPAA violation.

The following tips will help you successfully and appropriately respond to negative online reviews.

Recommendations

1. Critically review all social media posts for accuracy and authenticity. While some negative statements regarding the performance of you or your staff may be difficult to read, evaluate these reviews to determine if there is an opportunity for learning or process change.

2. Do not become engaged in online arguments or retaliation — especially if the comments made are particularly negative and potentially detrimental to the reputation of the facility or physician.

3. According to federal and state confidentiality and privacy laws, providers are precluded from identifying patients on social media. In order to protect patient privacy, all patient concerns and complaints should be resolved by the practice by contacting the patient directly and not through social media.

4. If you do choose to respond via social media, use a standard response that also serves as a marketing opportunity for your practice. Some examples include:

   • “[Insert name] Medical Group is proud to have been providing comprehensive and compassionate care in the community since [insert year] and takes the treatment of our patients and their privacy seriously. Because federal privacy laws govern patients’ protected health information, it is not the policy of [insert name] Medical Group to substantively respond to negative reviews on ‘ratings’ websites, even if they provide misleading, unfair, or inaccurate information. We welcome all our patients and their families to address any concerns/requests or information about their care with us directly, as we strive to continue to provide individualized care in our community.”

   • “At our medical practice, we strive for patient satisfaction. However, we cannot discuss specific situations due to patient privacy regulations. We encourage those with questions or concerns to contact us directly at [insert phone number].”

5. If you feel the patient’s complaint has disrupted the physician–patient relationship, consider discharging the patient from your practice. This action may be viewed as retaliatory by the patient and set off a new series of negative posts. Attorneys of MLMIC’s Legal Department are available to assist you in making this decision.

6. Notify your local authorities if you feel at any time that your safety or the safety of your staff or family is threatened or at risk.

The Risk

Telehealth continues to rapidly expand, due in large part to the COVID-19 pandemic, and is viewed as an effective method of healthcare delivery. It may reduce costs, increase access, decrease wait times, enhance patient compliance, and increase patient and family engagement. Conversely, the use of telehealth comes with considerable costs associated with obtaining the necessary equipment, unclear or evolving reimbursement issues, and an increased risk of privacy breaches. Patients and providers alike must also be motivated to buy into the process. Additionally, many providers have concerns that significant clinical signs and symptoms may be missed by distanced examinations.

A properly selected telehealth system can provide an effective format for healthcare delivery in the absence of an in-person visit. Many factors must be considered when implementing telehealth technology in your practice. The following recommendations will help you determine if the use of telehealth technology will benefit you and your patients.

Recommendations

1. Assess the needs of your providers and patients to determine which telehealth platform is best suited to your practice. This may include one or more platforms. The four main categories are:

   • Live videoconferencing

   • Asynchronous video (store-and-forward)

   • Remote patient monitoring

   • Mobile health

2. Waivers were put in place during the COVID-19 pandemic that allow for the use of Facetime and other non-HIPAA-complaint platforms. This will require diligent monitoring by the practice regarding the potential removal of such waivers in the future.

3. As part of the vendor selection process, ensure that they offer a secure, HIPAA-compliant platform that also provides data encryption and allows you to protect patient data and comply with privacy regulations and disclosure protocols in case of privacy breaches. Vendors must provide a Business Associate Agreement.

4. Include key staff and providers in the selection process to determine the best system for your practice and patient population. Explore the ability of the vendor(s) to customize options that fit your needs.

5. Create an informed consent process and a document for the use of telehealth services as recommended by the U.S. Department of Health and Human Services Agency for Healthcare Research and Quality (AHRQ).¹ Contact MLMIC’s Legal Department at (844) 667-5291 to obtain a sample consent form.

6. Generate and retain formal documentation of all telehealth patient care visits. This documentation should be part of the patient’s record, and all aspects of the encounter should be thoroughly documented.

7. Establish a monitoring program/quality improvement process to evaluate patient care outcomes and technical performance issues. Include questions regarding the telehealth experience in patient satisfaction surveys.

8. Prepare a contingency plan for use in case of a technology failure. Communicate any disruption in service to the patient as soon as possible in advance of a scheduled telehealth encounter.

9. Engage in continuing education to ensure key competencies are maintained. Both providers and staff should receive ongoing education regarding updates to the practice’s telehealth system, along with refreshers on patient privacy and engaging patients via telehealth.

The Risk

Telehealth emerged as an essential component of healthcare during the COVID-19 pandemic. Changes in permissible formats, adjustments to reimbursement, and the need for social distancing have contributed to the widespread acceptance of this technology, leading to a significant increase in telehealth visits.

The proliferation of telehealth highlights the need to implement effective strategies for patient engagement. While the move to “virtual visits” with healthcare providers was seamless for many segments of the population, this may not be the case for all patient populations. There are numerous factors to consider when determining whether a telehealth encounter is the right choice for an individual patient.

Recommendations

1. Appropriateness: The presenting condition or health concern must be amenable to the visit type. Practices may consider identifying diagnoses and symptoms or conditions that require in-person visits to use as a guide for patients and staff when scheduling virtual visits.

2. Patient disabilities and impairments: Healthcare professionals have a legal obligation to provide care equally to all their patients, including when telehealth is being utilized as an alternative to in-person treatment. Communication with a disabled person via telehealth must be as effective as with any other patient, and healthcare providers should consider using platforms that provide closed captioning for hearing-impaired patients. When language barriers are presented, providers should have access to an interpreter and consider using telehealth platforms that allow for three-way communication. Lastly, the patient’s cognitive abilities and the availability of a support system, including family members or significant others, should be considered as part of the patient selection process.

3. Access and compatibility: The patient must have internet access and the appropriate equipment required to participate in the visit. An assessment of the location of the visit should be completed and patient consent obtained to ensure that HIPAA protections are in place.

4. Commitment: The patient must be personally invested and willing to actively participate in this mode of care delivery. In order to achieve a meaningful and successful healthcare encounter, both the provider and the patient must be fully engaged and committed to this format.

5. Use with seniors: When evaluating the appropriateness of telemedicine visits for senior patients, consider the patient’s hearing ability, as it is common for seniors to have some degree of hearing loss in conjunction with the aging process. He/she may also have some reduced vision from cataracts, macular degeneration, and/or other ocular issues. The following recommendations can help address these barriers and enhance the quality of the telemedicine visit:

   • Assess your location prior to initiating a telehealth visit:

     • Evaluate the lighting.

     • Avoid lights that cast shadows on your face so that facial expressions will be clearly seen and communicated.

   • Consider performing a “dry run” with your staff to identify any issues that might impact the experience for your patients.

   • When beginning the encounter, ask the senior patient if he/she can see and hear you clearly.

   • Minimize background noises and visual distractions when possible.

   • Remember to use nonverbal gestures to augment the spoken word.

   • Consider having the patient use headphones that allow for volume adjustment.

   • If indicated, use a platform that includes closed captioning.

Even though these visits are conducted remotely, be cognizant that the patient will also be able to visualize the encounter. When considering telehealth encounters, please see Risk Management Tip #21 on the effective use of computers in the examination room.

The Risk

The 21st Century Cures Act was enacted in part to increase communication among healthcare providers and remove some of the barriers patients face when trying to obtain their health information. To accomplish this, the Act affords both providers and patients greater access to more complete patient histories and empowers patients to become more engaged in their healthcare decisions. This improved patient engagement allows providers the opportunity to improve documentation accuracy, enhance patient safety, increase patient compliance, develop stronger patient relationships, improve the efficiency of care, and enhance the overall patient experience.

Considering the increased access patients have to their health information, the following strategies can help your patients better understand their records, become active participants in their healthcare, and create stronger physician-patient relationships.

Recommendations

1. Confirm with your EHR system vendor that all required information can be accessed by your patients, and review how that information will appear on their screen.

2. Understand and maximize the format and function of your EHR. For example, ensure applications such as portal access, spell check, and reminder notifications are functioning properly.

3. Consider the health literacy level of your patient.¹ Use plain language in your documentation whenever possible.

   • Avoid the use of jargon.

   • Define medical terms when possible. Consider providing a list of terms and abbreviations frequently used in your documentation.

4. Remember that how you document an encounter can have an effect on your patient. Consider the following in your documentation:

   • Be careful not to sound judgmental in your notes. Avoid terms that may be offensive or emotionally charged. For example, document “Patient reports s/he did not take the medications” vs. “noncompliant” or “unreliable.”

   • Use objective measures such as BMI instead of saying “obese” or “overweight.”

   • Be careful of using abbreviations, e.g., “[Patient] is ‘SOB’.”

   • Use a supportive tone when possible: “Lost five pounds and is motivated to continue” vs. “Still needs to lose another 15 pounds.”

   • Document as though you are writing instructions: “Weigh yourself every morning” vs. “Patient needs to monitor weight.”

   • Avoid using the copy and paste feature of your EHR. The information copied and pasted may be redundant, outdated, or inaccurate and create the wrong perception of your records.²

5. Engage your patients and solicit feedback from them:

   • Consider dictating or typing notes with the patient present; talk during the visit about what you are documenting.

   • Encourage your patients to refer to the notes, as this may help increase compliance with the treatment plan.

6. Ensure that your practice has the resources in place to support increased patient engagement. Have written policies and procedures to address:

   • How patients and their representative can access their health information.

   • The confidentiality of minors’ information.

   • How to address patient comments or questions about the documentation of their encounter.

7. Provide educational information to patients on open notes:

   • Implement practice policies that address questions on patient access.

   • Increase communication and access through media such as:

     • Email

     • The patient portal

     • Your website

     • Social media

     • Information sheets and/or flyers in the office

The Risk

Healthcare communication continues to become more electronic, and while social media accounts tend toward a more casual communication style, healthcare providers must remain vigilant about the security of their platforms as well as the message they convey to their patients and potential patients.

Social media hygiene is a set of practices and behaviors related to cleaning up and maintaining your digital presence, in terms of both security and the message your soci media applications deliver to patients and potential patients.¹ In much the same way as we wash our hands with soap and water regularly, it is also critical to follow thos practices to keep you and your virtual data well protected and convey an appropriate message about your organization.

Recommendations

Performing proper social media hygiene is a two-step process, the first of which is system hygiene:

1. Regularly update all electronic devices and applications as recommended.

2. Use passwords that follow appropriate security protocols:

   • Longer passwords are more secure — eight or more characters are recommended.

   • Passwords should include different characters: numbers, symbols, and at least one capital letter.

   • Avoid recycling passwords.

   • Do not use the same password for all devices/apps/accounts.

   • Do not allow staff to share passwords.

3. Review the organization of files stored on your devices:

   • Determine that you have the right information and applications on the right device(s).

   • Define those files that are mobile-, laptop-, and/or PC-appropriate.

4. Optimize factory settings:

   • Use default settings as appropriate.

   • Know how to disable, lock, or erase information in the event of device theft.

5. Use multifactor authentication to log into your social media accounts.

6. When possible, employ device encryption.

7. Lock down who can see your posts/information.

These steps are often cited as the best measures to employ for protection against cyberattacks. However, your cybersecurity must extend beyond your device to include the information that is attached to you and your practice.

Reviewing the information on your social media platforms is referred to as the profile hygiene portion and is the second step of this process:

1. Analyze your current social media profiles to determine if there is anything that:

   • Must be immediately addressed or can wait for revisions.

   • Is no longer current.

2. Clean up your digital past:

   • Delete old photos and posts that are no longer relevant.

   • Delete old and/or neglected social media accounts.

3. Ensure that the privacy settings on your platforms remain up to date.

4. Review your blog and website:

   • Ensure that all information remains relevant and accurate.

   • Consider whether the message presented about your practice is as you intend.

   • If links are embedded, test that they are still functional and appropriate to your message.

   • Delete any stale/nonfunctioning links, and, if appropriate, replace them with current information.

Routinely performing social media hygiene can help protect your practice from security breaches, keep your social media sites informative, and improve patient satisfaction.