25 comments
Please advise how to manage RCA for patients in acute care inpatient psychiatric units who experience an exacerbation of a chronic medical condition not related to behavioral health diagnosis that are out of the provider’s control resulting in transfer to a medical inpatient units for treatment. Determination of root causes for these patients is multivariate, due to physiologic status of the patient, and out of the scope of practice for provider’s staff.
The requirement to report these events as a Level II "Unplanned medical hospital admission" is likely to result in the provider exceeding the threshold for of 5 incidents in 30 days in a large multi-unit inpatient psychiatric facility when the hospitalization is beyond the control of the provider.
What are the qualifications of DBHDS staff making the determination that an incident is an individual or provider care concern?
The complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organizations' ability to meet without hiring additional staff, such as a “Compliance Officer” or “Risk Manager”. Presently, administrative expectations for DD Waiver providers are already extensive and exorbitant, and exacerbated by the historically low DD Waiver provider rates. Additionally, the increased administrative burden prevents providers from supply “living wages” to DSPs and other supports which enhance value to the lives of the individuals we serve.
OVERALL COMMENT:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”. Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”. For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized. These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person-centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
Current Language: The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F
Current Language:
The provider shall document serious injuries to employees, contractors, students, volunteers, and
visitors that occur during the provision of a service “or on the provider's property”. Documentation
shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT - Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
We agree with previous comments.
In addition, please allow for qualifications of the Risk Manager to include relevant or equivalent experience and not be based solely on DBHDS training; and we would suggest broadening allowable sources of training. We would like to know how each Risk Manager's qualifications and training will be reviewed/approved.
This position and its increasing responsibilities are good practice overall, but is another significant unfunded requirement, that is not covered by reimbursement rates or state funding.
OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
OVERALL COMMENT:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”. Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”. For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized. These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F
The provider shall document serious injuries to employees, contractors, students, volunteers, and
visitors that occur during the provision of a service “or on the provider's property”. Documentation
shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
12VAC35-105-520. Risk Management A:
We are seeking clarity in the wording of section A in three areas:
12VAC35-105-520. Risk Management c:
Regarding Section C(2): Clinical Assessment or Reassessment, the review of individual health risks should be conducted by the treatment team rather than a risk manager. While the risk manager should look to see if assessments are completed and plans changed, they would not be reviewing individual health risks. Please clarify the responsibilities of the risk manager when it comes to the review of the individual’s health risks. We feel that the Risk Manager of an agency should be an overall consultative role. The program/team should review individual health risks and document them clearly.
Regarding Section C(4): Use of High Risk Procedures, we are seeking clarity as to what besides seclusion and restraint is perceived as a high risk procedure. We ask that DBHDS provide in the guidance some examples of the ‘other high risk procedures’ they would consider applicable to this section.
Regarding Section C(6): Uniform Risks and Triggers, we are seeing more information. We are unable to comment about whether this is an appropriate task to be completed and included for the overall risk manager unless DBHDS identifies what is considered uniform risk triggers and thresholds and what the expectations will be regarding these.
On this Guidance Document (Guidance for Risk Management)
OVERALL COMMENT:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”. Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”. For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized. These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A. Suggested Language: A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT: The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B Suggested Language: The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT: The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT: Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F
The provider shall document serious injuries to employees, contractors, students, volunteers, and
visitors that occur during the provision of a service “or on the provider's property”. Documentation
shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT - Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
12VAC35-105-520 A and C 2:
Is it the expectation of DBHDS that the person designated as risk manager completes clinical assessments and/or reassessments?
12VAC35-105-520 C:
I think it’s important to highlight the irony of this guidance document including “business risks,” and “workforce risks” as “other risks that providers should consider.”
The financial toll on providers, resulting from this overly complex and unfunded risk management requirement is directly related to the diminished ability to provide living wages for qualified direct support professionals.
Also, the guidance language does not offer any examples of “high risk procedures” outside of seclusion and restraint. If the department is only concerned with these then remove "high risk procedures" all together. And while this guidance was developed solely in response to the Settlement Agreement, it will ultimately apply to all populations supported by providers licensed by DBHDS, not just Virginians living with developmental disabilities. Therefore should the department be concerned with more than seclusion and restraint, further examples in this guidance should be inclusive of all populations supported by DBHDS-licensed providers.
12VAC35-105-520 D:
“DBHDS will disseminate information about uniform risk triggers and thresholds in separate guidance when they are developed.”
The terms “risk triggers” and “thresholds” have been used in various DBHDS communications for a number of years (including a recent inclusion in the Risk Awareness Tool training) yet now that they are seemingly a requirement; there is still no guidance as to what DBHDS means by them or what additional unfunded mandates they will imply. It is concerning that providers will be held to a standard that has not been defined simply to impress upon the Department of Justice that DBHDS is serious about risk management.
As a result, the only comment that can be made regarding these terms is that they should not be in guidance or regulation until the department makes it a priority to define them and train providers in their utilization. Whenever that happens, it would be helpful if the guidance was not limited to their application in the support of people living with developmental disabilities, but other populations as well. There are many other people (and providers supporting them) to whom those terms should have meaning.
12VAC35-105-520. Risk Management A:
Loudoun County MHSADS is seeking clarity in the wording of section A in three areas:
12VAC35-105-520. Risk Management C:
Regarding Section C(1): Environment of Care, we ask that the guidance is tailored to the type of service being provided and reflect that the provider is only responsible for the environment of care for which they have control. For example, as a provider, we do not have the ability to manipulate the environment in an individual’s home or require refrigerator temperature checks in the community.
Regarding Section C(2): Clinical Assessment or Reassessment, the review of individual health risks should be conducted by the treatment team rather than a risk manager. While the risk manager should look to see if assessments are completed and plans changed, they would not be reviewing individual health risks. Please clarify the responsibilities of the risk manager when it comes to the review of the individual’s health risks.
Regarding Section C(4): Use of High Risk Procedures, we are seeking clarity as to what besides seclusion and restraint is perceived as a high risk procedure. We ask that DBHDS provide in the guidance some examples of the ‘other high risk procedures’ they would consider applicable to this section.
Regarding Section C(6): Uniform Risks and Triggers, we are seeing more information. We are unable to comment about whether this is an appropriate task to be completed and included for the overall risk manager unless DBHDS identifies what is considered uniform risk triggers and thresholds and what the expectations will be regarding these.
OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
12VAC35-105-520. C
Suggested Language:
C. The provider shall conduct systemic risk assessment reviews at least annually to identify and
respond to practices, situations, and policies that could result in the risk of harm to individuals
receiving services. The risk assessment review shall address at least the following:…
4. Use of high risk procedures, including seclusion and restraint; and…
Examples of high risk procedure considerations include the following…
Comment: In addition to seclusion and restraint, what other procedures are considered to be ‘high risk?” We ask that DBHDS clarify and provide examples of “high risk procedures” to reduce potential inconsistencies from individual interpretation.
Supporting vaACCSES Comment
12VAC35-105-520. C
C. The provider shall conduct systemic risk assessment reviews at least annually to identify and
respond to practices, situations, and policies that could result in the risk of harm to individuals
receiving services. The risk assessment review shall address at least the following:…
Comment: Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
OVERALL COMMENT:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”. Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”. For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized. These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person-centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
Current Language: The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F
Current Language:
The provider shall document serious injuries to employees, contractors, students, volunteers, and
visitors that occur during the provision of a service “or on the provider's property”. Documentation
shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT - Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
Response to Guidance Document re: 12VAC35-105-520
A. Regarding the statement “A person responsible for risk management function who has completed department approved training”:
Is the intention that there is an individual who is directly responsible for completing each of the items listed in A or is it also appropriate that there be a risk manager who oversees a group of people who are completing those activities? For larger organizations this would be the only way possible to manage the risk management activities required.
B. No comment
C (1) It is recommended that the guidance document should include the same language as the code which states that an assessment of environment of care means “a safety inspection has been performed at least annually of each service location owned, rented, or leased by the provider”. Clarification should be made in the guidance document that organizations, even County run CSBs, are unable to do safety inspections at every location where service is provided as they can include jails, schools, the community and or private homes.
C (2) Regarding the clinical assessment or reassessment -- the review of an individual’s health risk should be conducted by the case manager/treatment team as part of the treatment provided by the organization and not a specific risk manager who most likely has nothing to do with the direct provision of clinical services. While the organization should look to see if assessments are completed and plans changed as appropriate through either risk management activities and/or quality improvement activities, neither department would be expected to directly review individual health risks. Please clarify the responsibilities of the risk manager when it comes to the review of the individual’s health risks.
C (3) No comment
C (4) Overall no concern regarding the expectation but it would be helpful to have examples of what is considered a high-risk procedure.
C (5) No comment
D. We are unable to comment on something that is yet undefined. Please clarify what is meant by thresholds and triggers.
E. This seems to be a duplication of C1. Please clarify what the difference is between a safety inspection and a risk assessment of the environment of care. As we stated in our comments for C1 the department should be specific that are unable to do safety inspections at every location where service is provided as they can include jails, schools, the community and or private homes.
F. The department has been clear about what constitutes a serious injury to persons served. It is suggested that the department be equally clear about what defines a serious injury to a staff member/visitor.
DBHDS Proposed Risk Management Guidance Document
Overall Comment: This guidance document, instead of offering clarity in the regulations, actually increases the restrictions of the regulations by intensifying the requirements, increasing administrative burden, and financial burden on agencies that are already stretched thin.
Crosswalk or Guidance documents have been requested by different state/provider work groups, but when the guidance adds additional requirements and additional guidelines they no longer serve the purpose of support and rather hinder the ability of provider agencies to actually provide the direct care to the people in services.
With regards to the risk manager training and the additional fire safety training noted below, what will be DBHDS's guidance related to tracking of completion? How is competence being defined? Will DBHDS provide tests at the end of required training that will require a certain passing score? Will there be required timelines for these new trainings? Would this be required of those already in these roles and how long would agencies have to satisfy this requirement?
12VAC35-105-520. Risk Management
(A) The guidance identifies department approved training, which will require, DBHDS to develop, maintain, and update training online as well as offer the ability to review trainings developed by provider agencies prior to implementation. Increasing the burden on DBHDS as well as provider agencies. By adding the noted guidance to the already stated proposed regulation the way this is written, leaves the requirement open to allow DBHDS to add additional training requirements to provider agencies and the person identified to manage the risk management function. This should be deleted as the proposed regulation already states department approved training.
(C) 3 Staff Competence and adequacy of staffing;
In this guidance document, there has been a required training added that is not anywhere else and something that has not been widely distributed to the provider community
-All employees have completed initial and annual fire safety training.
Is this a training DBHDS will distribute? Will current staff have to satisfy this requirement as well?
(C) 5 A Review of Serious Incidents
Clarification is needed as to whether the following is another added requirement in addition to the regulation?
The provider has an updated policy that defines who has the authority and responsibility to
act when a serious incident or a pattern of serious incidents indicates that an individual is
at risk; and
In the following statement within the guidance, generally, an agency or team determine if appropriate follow-up occurs, but the wording of this guidance appears to indicate that DBHDS may be the entity that will determine this?
Serious incidents and patterns of serious incidents are reviewed and appropriate follow-up
is conducted or implemented to address individual or system-level risks.
Arlington CSB concurs with comments submitted by the other Virginia CSBs and our community partners.
Additionally, the guidance document attempts to propose a “one size fits all” solution for all providers regardless of organization size, census, or budget.
Monitoring and addressing risk in an integral function but processes and personnel roles and responsibilities should be variable according to the resources of the provider.
A. “Individual risk screening”: the guidance is unclear/vague as to the components of the screening; as a risk manager, completion of ‘screenings’ seems beyond the scope of the role, as a the risk manager should be an evaluator of assessments/screenings such as these that are completed by the direct service provider in an attempt to provide feedback regarding adequacy and the provider’s compliance with the tool, areas for improvement, etc.
D. “Uniform Risks and Triggers”: requirement to adhere to an undefined parameter is unrealistic and should be removed or delayed in implementation until the parameter is outlined and disseminated