Virginia Regulatory Town Hall
Agency
Department of Behavioral Health and Developmental Services
 
Board
State Board of Behavioral Health and Developmental Services
 
Guidance Document Change: This new document contains guidance to providers regarding the pending final requirements for risk management within the final stage action to address compliance with the Department of Justice's Settlement Agreement with Virginia within the Rules and Regulations for Licensing Providers by the Department of Behavioral Health and Developmental Services [12VAC35-105] (“Licensing Regulations”). The final requirements pending approval by the Governor's Office can be viewed at this link: https://www.townhall.virginia.gov/L/ViewStage.cfm?stageid=8928.

25 comments

All comments for this forum
Back to List of Comments
6/17/20  3:13 pm
Commenter: Berkeley Keck

RCA Process
 

Please advise how to manage RCA for patients in acute care inpatient psychiatric units who experience an exacerbation of a chronic medical condition not related to behavioral health diagnosis that are out of the provider’s control resulting in transfer to a medical inpatient units for treatment. Determination of root causes for these patients is multivariate, due to physiologic status of the patient, and out of the scope of practice for provider’s staff. 

The requirement to report these events as a Level II "Unplanned medical hospital admission" is likely to result in the provider exceeding the threshold for of 5 incidents in 30 days in a large multi-unit inpatient psychiatric facility when the hospitalization is beyond the control of the provider.

What are the qualifications of DBHDS staff making the determination that an incident is an individual or provider care concern?

CommentID: 80331
 

7/8/20  9:20 am
Commenter: Michelle Lotrecchiano, MVLE

Risk Management Guidance Comments
 

OVERALL COMMENT: Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”. Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve. Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”. For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized. These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns. 12VAC35-105-520. A. Suggested Language: A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends. COMMENT: The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection. 12VAC35-105-520.B Suggested Language: The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability. COMMENT: The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level. 12VAC35-105-520.C The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:……… COMMENT: Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization. 12VAC35-105-520.F The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually…… Suggested language: If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable. COMMENT - Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

CommentID: 83851
 

7/8/20  9:44 am
Commenter: Myca E. Gray, MVLE

DBHDS Risk Management Guidance Document
 

The complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organizations' ability to meet without hiring additional staff, such as a “Compliance Officer” or “Risk Manager”. Presently, administrative expectations  for DD Waiver providers are already extensive and exorbitant, and exacerbated by the historically low DD Waiver provider rates.  Additionally, the increased administrative burden prevents providers from supply “living wages” to DSPs and other supports which enhance value to the lives of the individuals we serve.

CommentID: 83852
 

7/8/20  10:05 am
Commenter: Karen Lee Tefelski - vaACCSES

COMMENTS - Proposed DBHDS Risk Management Guidance Doc
 

OVERALL COMMENT:

Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”.  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve. 

 

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”.  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized.  These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.

 

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person-centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
Current Language: The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F

Current Language:
The provider shall document serious injuries to employees, contractors, students, volunteers, and

visitors that occur during the provision of a service “or on the provider's property”. Documentation

shall be kept on file for three years. The provider shall evaluate serious injuries at least annually…

 

Suggested language

If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable

 

COMMENT -  Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

 

CommentID: 83853
 

7/8/20  10:17 am
Commenter: Shirley Lyons , private citizen

Concur with comments from VA ACCSES - Risk Management
 

OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager".  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum".  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context.  Level 1 incidents are most often part of a person's baseline and/or are very personalized.  These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.

COMMENT:

Major concern about the language included "or on the provider's property".  The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

CommentID: 83854
 

7/8/20  10:21 am
Commenter: Valerie Carney

Risk Management Comments
 

CommentID: 83855
 

7/8/20  10:27 am
Commenter: Valerie Carney

Risk Management Guidance Document
 

OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager". Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum". For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context. Level 1 incidents are most often part of a person's baseline and/or are very personalized. These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property". The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

CommentID: 83856
 

7/8/20  10:43 am
Commenter: Cheryl Moran, Vector Industries

Concur with comments from vaAccses
 

OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager".  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum".  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context.  Level 1 incidents are most often part of a person's baseline and/or are very personalized.  These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.

COMMENT:

Major concern about the language included "or on the provider's property".  The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

CommentID: 83857
 

7/8/20  11:13 am
Commenter: Kasia Grzelkowski, VersAbility Resources

DBHDS Risk Management
 

Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager".  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.

 

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum".  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context.  Level 1 incidents are most often part of a person's baseline and/or are very personalized.  These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.

COMMENT:

Major concern about the language included "or on the provider's property".  The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

CommentID: 83858
 

7/8/20  11:22 am
Commenter: Laura Davis, MRCS

comments re RM Guidance Doc
 

We agree with previous comments.

In addition, please allow for qualifications of the Risk Manager to include relevant or equivalent experience and not be based solely on DBHDS training; and we would suggest broadening allowable sources of training.  We would like to know how each Risk Manager's qualifications and training will be reviewed/approved.

This position and its increasing responsibilities are good practice overall, but is another significant unfunded requirement, that is not covered by reimbursement rates or state funding.

CommentID: 83859
 

7/8/20  11:57 am
Commenter: Diana Wilson, WorkSource Enterprises

Comments in agreement with vaACCSES
 

OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager".  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum".  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context.  Level 1 incidents are most often part of a person's baseline and/or are very personalized.  These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.

COMMENT:

Major concern about the language included "or on the provider's property".  The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

 

CommentID: 83860
 

7/8/20  12:40 pm
Commenter: Jennifer Campbell on behalf of VersAbility Resources

Comments in agreement with vaACCSES
 

OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager".  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum".  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context.  Level 1 incidents are most often part of a person's baseline and/or are very personalized.  These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.

COMMENT:

Major concern about the language included "or on the provider's property".  The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

CommentID: 83861
 

7/8/20  12:43 pm
Commenter: Support Services of Virginia, Inc

Supporting vaACCSES Comments - Review Team Member
 

OVERALL COMMENT:

 

Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”.  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve. 

 

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”.  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized.  These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.

 

12VAC35-105-520. A.
Suggested Language:


A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

 

COMMENT:


The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

 

12VAC35-105-520.B

Suggested Language:


The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:


The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

 

12VAC35-105-520.C


The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:


Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F

 

The provider shall document serious injuries to employees, contractors, students, volunteers, and

visitors that occur during the provision of a service “or on the provider's property”. Documentation

shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

 

Suggested language

 

If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable

 

COMMENT:

 

 Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

 

 

 

CommentID: 83862
 

7/8/20  1:31 pm
Commenter: Brady Smith

DBHDS Proposed Risk Management Guidance Document
 
OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager".  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.
 
 
Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum".  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context.  Level 1 incidents are most often part of a person's baseline and/or are very personalized.  These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.
 
 
12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.
COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.
12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.
COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.
12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………
COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.
12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……
Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.
COMMENT:
Major concern about the language included "or on the provider's property".  The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.
CommentID: 83863
 

7/8/20  3:16 pm
Commenter: Fairfax-Falls Church CSB

DBHDS Proposed Risk Management Guidance Document
 

12VAC35-105-520. Risk Management A:

We are seeking clarity in the wording of section A in three areas:

  1. While the regulation indicates “a person responsible for risk management function” should be delegated and meet training requirements, the guidance indicates that training is required for the person with “risk management responsibilities.” Our understanding is that the regulation calls for an individual to have managing/monitoring role over the functioning of risk management and that individual should have training in relevant areas.  By changing the language from risk management ‘functions’ to ‘responsibilities’ is it the intent of DBHDS to require each individual with involvement or responsibilities that encompass risk management activities to be trained in all aspects of risk management or that one individual be responsible for all risk management activities?  The idea that organizations can have one individual complete all responsibilities associated with risk management (especially large organizations with many programs and staff) is not practical.  We ask that DBHDS clarify the distinction being made between risk management ‘functions’ in the regulations and ‘responsibilities’ in the guidance. 
  2. We are seeking clarity as to the meaning of "individual risk screenings.”  The guidance appears to indicate the risk manager will have a clinical responsibility.  While a risk manager would be looking for issues, they would not necessarily have the clinical expertise needed to conduct individual risk screenings.
  3. We have concerns regarding the requirement to complete DBHDS provided risk management training.  Individuals have training within the organization and the addition of the DBHDS provided training would be redundant.  We would like information within the guidance regarding the timeline expectations.  Would training need to be completed within so many days of hire, prior to hire, will this be an orientation requirement?  We further ask that DBHDS provide at least a 30 day window for any staff in a risk management position to complete training when guidance goes into effect and clarify what the effective date is for this guidance. 

 

12VAC35-105-520. Risk Management c:

Regarding Section C(2): Clinical Assessment or Reassessment, the review of individual health risks should be conducted by the treatment team rather than a risk manager.  While the risk manager should look to see if assessments are completed and plans changed, they would not be reviewing individual health risks.  Please clarify the responsibilities of the risk manager when it comes to the review of the individual’s health risks. We feel that the Risk Manager of an agency should be an overall consultative role. The program/team should review individual health risks and document them clearly.

Regarding Section C(4): Use of High Risk Procedures, we are seeking clarity as to what besides seclusion and restraint is perceived as a high risk procedure.  We ask that DBHDS provide in the guidance some examples of the ‘other high risk procedures’ they would consider applicable to this section.

Regarding Section C(6): Uniform Risks and Triggers, we are seeing more information.  We are unable to comment about whether this is an appropriate task to be completed and included for the overall risk manager unless DBHDS identifies what is considered uniform risk triggers and thresholds and what the expectations will be regarding these.

CommentID: 83864
 

7/8/20  3:57 pm
Commenter: Jeanne Cullison

In support of vaACCSES position
 

On this Guidance Document (Guidance for Risk Management)

OVERALL COMMENT:

Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”. Administrative expectations and burden for DD Waiver providers is already extensive and expensive. Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve.

 

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”. For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized. These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.

 

12VAC35-105-520. A. Suggested Language: A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT: The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B Suggested Language: The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT: The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT: Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F

The provider shall document serious injuries to employees, contractors, students, volunteers, and

visitors that occur during the provision of a service “or on the provider's property”. Documentation

shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

 

Suggested language:

If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors. Documentation will be kept on file for three years. Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.

 

COMMENT - Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services. Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

 

CommentID: 83865
 

7/8/20  4:21 pm
Commenter: Dan Jenkins, Harrisonburg-Rockingham CSB

Risk Management Guidance
 

12VAC35-105-520 A and C 2:

Is it the expectation of DBHDS that the person designated as risk manager completes clinical assessments and/or reassessments?  

 

12VAC35-105-520 C:

I think it’s important to highlight the irony of this guidance document including “business risks,” and “workforce risks” as “other risks that providers should consider.”   

The financial toll on providers, resulting from this overly complex and unfunded risk management requirement is directly related to the diminished ability to provide living wages for qualified direct support professionals. 

Also, the guidance language does not offer any examples of “high risk procedures” outside of seclusion and restraint.  If the department is only concerned with these then remove "high risk procedures" all together.  And while this guidance was developed solely in response to the Settlement Agreement, it will ultimately apply to all populations supported by providers licensed by DBHDS, not just Virginians living with developmental disabilities.  Therefore should the department be concerned with more than seclusion and restraint, further examples in this guidance should be inclusive of all populations supported by DBHDS-licensed providers. 

 

12VAC35-105-520 D:

“DBHDS will disseminate information about uniform risk triggers and thresholds in separate guidance when they are developed.”

The terms “risk triggers” and “thresholds” have been used in various DBHDS communications for a number of years (including a recent inclusion in the Risk Awareness Tool training) yet now that they are seemingly a requirement; there is still no guidance as to what DBHDS means by them or what additional unfunded mandates they will imply.   It is concerning that providers will be held to a standard that has not been defined simply to impress upon the Department of Justice that DBHDS is serious about risk management. 

As a result, the only comment that can be made regarding these terms is that they should not be in guidance or regulation until the department makes it a priority to define them and train providers in their utilization.  Whenever that happens, it would be helpful if the guidance was not limited to their application in the support of people living with developmental disabilities, but other populations as well.  There are many other people (and providers supporting them) to whom those terms should have meaning.  

CommentID: 83866
 

7/8/20  4:42 pm
Commenter: Brooke Mitchell, Loudoun County MHSADS

Comments regarding Risk Management Guidance
 

12VAC35-105-520. Risk Management A:

Loudoun County MHSADS is seeking clarity in the wording of section A in three areas:

  1. While the regulation indicates “a person responsible for risk management function” should be delegated and meet training requirements, the guidance indicates that training is required for the person with “risk management responsibilities.” Our understanding is that the regulation calls for an individual to have managing/monitoring role over the functioning of risk management and that individual should have training in relevant areas.  By changing the language from risk management ‘functions’ to ‘responsibilities’ is it the intent of DBHDS to require each individual with involvement or responsibilities that encompass risk management activities to be trained in all aspects of risk management or that one individual be responsible for all risk management activities?  The idea that organizations can have one individual complete all responsibilities associated with risk management (especially large organizations with many programs and staff) is not practical.  We ask that DBHDS clarify the distinction being made between risk management ‘functions’ in the regulations and ‘responsibilities’ in the guidance. 
  2. We are seeking clarity as to the meaning of "individual risk screenings.”  The guidance appears to indicate the risk manager will have a clinical responsibility.  While a risk manager would be looking for issues, they would not necessarily have the clinical expertise needed to conduct individual risk screenings.
  3. We have concerns regarding the requirement to complete DBHDS provided risk management training.  Individuals have training within the organization and the addition of the DBHDS provided training would be redundant.  We would like information within the guidance regarding the timeline expectations.  Would training need to be completed within so many days of hire, prior to hire, will this be an orientation requirement?  We further ask that DBHDS provide at least a 30 day window for any staff in a risk management position to complete training when guidance goes into effect and clarify what the effective date is for this guidance. 

 

12VAC35-105-520. Risk Management C:

Regarding Section C(1): Environment of Care, we ask that the guidance is tailored to the type of service being provided and reflect that the provider is only responsible for the environment of care for which they have control.  For example, as a provider, we do not have the ability to manipulate the environment in an individual’s home or require refrigerator temperature checks in the community.

Regarding Section C(2): Clinical Assessment or Reassessment, the review of individual health risks should be conducted by the treatment team rather than a risk manager.  While the risk manager should look to see if assessments are completed and plans changed, they would not be reviewing individual health risks.  Please clarify the responsibilities of the risk manager when it comes to the review of the individual’s health risks.

Regarding Section C(4): Use of High Risk Procedures, we are seeking clarity as to what besides seclusion and restraint is perceived as a high risk procedure.  We ask that DBHDS provide in the guidance some examples of the ‘other high risk procedures’ they would consider applicable to this section.

Regarding Section C(6): Uniform Risks and Triggers, we are seeing more information.  We are unable to comment about whether this is an appropriate task to be completed and included for the overall risk manager unless DBHDS identifies what is considered uniform risk triggers and thresholds and what the expectations will be regarding these.

CommentID: 83867
 

7/8/20  7:05 pm
Commenter: Terry Hurley, CRi

Concur with vaACCSES Comments
 

 

OVERALL COMMENTS:
Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization's ability to meet without the hiring of a separate "Compliance Officer" or "Risk Manager".  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden presents providers from providing "living wages" to DSPs as well as other supports that provide value to the individuals we serve.

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan "in a vacuum".  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual's record where there is person-centered context.  Level 1 incidents are most often part of a person's baseline and/or are very personalized.  These would not be addressed in an "organizational" Risk Management Plan with the except that the treatment team would follow-up when there are increased frequencies and/or patterns.

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F.
Current Language:The provider shall document serious injuries to employees, contractors, students, volunteers, and visitors that occur during the provision of a service “or on the provider's property”. Documentation shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

Suggested Language:
If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties', serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable.

COMMENT:

Major concern about the language included "or on the provider's property".  The purpose of our suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

CommentID: 83869
 

7/8/20  8:24 pm
Commenter: Kimberly J. Shepherd, Blue Ridge Residential Services

Comments for the Proposed DBHDS Risk Management Guidance Document
 

12VAC35-105-520. C

Suggested Language:

C. The provider shall conduct systemic risk assessment reviews at least annually to identify and

respond to practices, situations, and policies that could result in the risk of harm to individuals

receiving services. The risk assessment review shall address at least the following:…

4. Use of high risk procedures, including seclusion and restraint; and…

Examples of high risk procedure considerations include the following…

Comment: In addition to seclusion and restraint, what other procedures are considered to be ‘high risk?” We ask that DBHDS clarify and provide examples of “high risk procedures” to reduce potential inconsistencies from individual interpretation.

 

Supporting vaACCSES Comment

12VAC35-105-520. C

C. The provider shall conduct systemic risk assessment reviews at least annually to identify and

respond to practices, situations, and policies that could result in the risk of harm to individuals

receiving services. The risk assessment review shall address at least the following:…

Comment: Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

 

 

CommentID: 83870
 

7/8/20  9:37 pm
Commenter: Brenda Fry / Every Citizen Has Opportunities

Agreement with vaACCSES regarding risk management guidance
 

OVERALL COMMENT:

Overall concern that the complexity and intensity of the proposed Risk Management Plan expectations are such that they may be beyond many small organization’s ability to meet without the hiring of a separate “Compliance Officer” or “Risk Manager”.  Administrative expectations and burden for DD Waiver providers is already extensive and expensive.  Because of the historically low DD Waiver provider rates, the continued addition of administrative burden prevents providers from providing “living wages” to DSPs as well as other supports that provide value to the individuals we serve. 

 

Based on recent OL audits of providers, there seems to be confusion that arises when the OL staff looks at some of the proposed items in the Risk Management Plan “in a vacuum”.  For example, OL staff has asked to see quarterly Level 1 reviews - but, without looking at the individual’s record where there is person-centered context. Level 1 incidents are most often part of a person’s baseline and/or are very personalized.  These would not be addressed in an “organizational” Risk Assessment Plan with the exception that the treatment team would follow-up when there are increased frequencies and/or patterns.

 

12VAC35-105-520. A.
Suggested Language:
A. The provider shall designate a person(s) responsible for the risk management function who has completed department approved training or equivalent experience, which shall include training related to risk management, understanding of individual risk screening, conducting investigations, root cause analysis, and the use of data to identify risk patterns and trends.

COMMENT:
The purpose for the addition of (s) in 12VAC35-105-520.A is to allow for multiple individuals to possess risk management functions within their position description as necessary depending on where they are the subject matter expert. Additionally, this allows for contract positions to provide a risk management analysis from data collection.

12VAC35-105-520.B
Suggested Language:
The provider shall identify individual person-centered risks with the person-centered planning team for the individual receiving services through quarterly and annual reviews and as needed when multiple serious incidents occur to ensure best therapeutic support is able to be provided. The provider shall implement a written plan to identify, monitor, reduce, and minimize harms and risk of harm that are deemed systemic organizationally impacting two or more persons from a root cause analysis , including personal injury, infectious disease, property damage or loss, and other sources of potential liability.

COMMENT:
The purpose for this addition in 12VAC35-105-520.B is to allow for person-centered planning to address person-centered risk, and organizational risk management to address service provision areas as a whole should they be systemic from an organizational level.

12VAC35-105-520.C
Current Language: The provider shall conduct systemic risk assessment reviews at least annually to identify and respond to practices, situations, and policies that could result in the risk of harm to individuals receiving services. The risk assessment review shall address at least the following:………

COMMENT:
Section C would support suggested language change to Section B as it outlines “harm to individuals” (plural) meaning two or more to be systemic. This will allow for a separation between one individual receiving services that needs a risk management review in their person-centered plan vs. systemic risk on the part of the organization.

12VAC35-105-520.F

Current Language:
The provider shall document serious injuries to employees, contractors, students, volunteers, and

visitors that occur during the provision of a service “or on the provider's property”. Documentation

shall be kept on file for three years. The provider shall evaluate serious injuries at least annually……

 

Suggested language

If a serious injury occurs during the provision of licensed services, the provider shall document and report to appropriate parties’, serious injuries to employees, contractors, students, volunteers and visitors.  Documentation will be kept on file for three years.  Providers shall evaluate all serious injuries within the provision of licensed services annually and will document and determine areas for improvement as applicable

 

COMMENT -  Major concern about the language included “or on the provider’s property”. The purpose of this suggested language would help to ensure the provider is only reporting to DBHDS on licensed services.  Serious injuries outside the provision of licensed services do not fall under the jurisdiction of the department, and information as such should not be provided to ensure protection of HIPAA and PHI.

 

CommentID: 83871
 

7/8/20  9:38 pm
Commenter: Elizabeth Dugan, Prince William CSB

Response to Guidance Document re: 12VAC35-105-520
 

Response to Guidance Document re: 12VAC35-105-520

A. Regarding the statement “A person responsible for risk management function who has completed department approved training”: 

  1. Is the intention that there is an individual who is directly responsible for completing each of the items listed in A or is it also appropriate that there be a risk manager who oversees a group of people who are completing those activities?  For larger organizations this would be the only way possible to manage the risk management activities required. 

    1. Wording suggestion “… designate a person responsible for the risk management activities of the organization.  The risk manager shall have completed department approved training which includes….  The risk manager shall ensure that all individuals supporting organizational risk management activities have completed risk management training relevant to their specific risk management job responsibilities. “
  2. It is unclear whether the expectation is that the person delegated to be the Risk Manager shall have completed the required training listed as part of their oversight duties or is the expectation that all people involved in any risk management function be trained in all the areas.  If it is the second, this is problematic for larger entities where many of the specific risk management activities are delegated to separate individuals who specialize in certain functions.

B. No comment

C (1)  It is recommended that the guidance document should include the same language as the code which states that an assessment of environment of care means “a safety inspection has been performed at least annually of each service location owned, rented, or leased by the provider”.  Clarification should be made in the guidance document that organizations, even County run CSBs, are unable to do safety inspections at every location where service is provided as they can include jails, schools, the community and or private homes.

C (2) Regarding the clinical assessment or reassessment --  the review of an individual’s health risk should be conducted by the case manager/treatment team as part of the treatment provided by the organization and not a specific risk manager who most likely has nothing to do with the direct provision of clinical services.  While the organization should look to see if assessments are completed and plans changed as appropriate through either risk management activities and/or quality improvement activities, neither department would be expected to directly review individual health risks.  Please clarify the responsibilities of the risk manager when it comes to the review of the individual’s health risks.

C (3) No comment                           

C (4) Overall no concern regarding the expectation but it would be helpful to have examples of what is considered a high-risk procedure. 

C (5) No comment

D.  We are unable to comment on something that is yet undefined.  Please clarify what is meant by thresholds and triggers.

E. This seems to be a duplication of C1.  Please clarify what the difference is between a safety inspection and a risk assessment of the environment of care.  As we stated in our comments for C1 the department should be specific that are unable to do safety inspections at every location where service is provided as they can include jails, schools, the community and or private homes.

F. The department has been clear about what constitutes a serious injury to persons served.  It is suggested that the department be equally clear about what defines a serious injury to a staff member/visitor. 

 

CommentID: 83872
 

7/8/20  10:02 pm
Commenter: Deanna Rennon, Wall Residences

Guidance for Risk Management
 

DBHDS Proposed Risk Management Guidance Document

Overall Comment: This guidance document, instead of offering clarity in the regulations, actually increases the restrictions of the regulations by intensifying the requirements, increasing administrative burden, and financial burden on agencies that are already stretched thin.

Crosswalk or Guidance documents have been requested by different state/provider work groups, but when the guidance adds additional requirements and additional guidelines they no longer serve the purpose of support and rather hinder the ability of provider agencies to actually provide the direct care to the people in services.

With regards to the risk manager training and the additional fire safety training noted below, what will be DBHDS's guidance related to tracking of completion?  How is competence being defined?  Will DBHDS provide tests at the end of required training that will require a certain passing score?  Will there be required timelines for these new trainings?  Would this be required of those already in these roles and how long would agencies have to satisfy this requirement?

12VAC35-105-520. Risk Management

(A) The guidance identifies department approved training, which will require, DBHDS to develop, maintain, and update training online as well as offer the ability to review trainings developed by provider agencies prior to implementation.  Increasing the burden on DBHDS as well as provider agencies.  By adding the noted guidance to the already stated proposed regulation the way this is written, leaves the requirement open to allow DBHDS to add additional training requirements to provider agencies and the person identified to manage the risk management function.  This should be deleted as the proposed regulation already states department approved training.

(C) 3 Staff Competence and adequacy of staffing;

In this guidance document, there has been a required training added that is not anywhere else and something that has not been widely distributed to the provider community

-All employees have completed initial and annual fire safety training.

Is this a training DBHDS will distribute?  Will current staff have to satisfy this requirement as well?

(C) 5 A Review of Serious Incidents

Clarification is needed as to whether the following is another added requirement in addition to the regulation?

The provider has an updated policy that defines who has the authority and responsibility to
act when a serious incident or a pattern of serious incidents indicates that an individual is
at risk; and

In the following statement within the guidance, generally, an agency or team determine if appropriate follow-up occurs, but the wording of this guidance appears to indicate that DBHDS may be the entity that will determine this?


Serious incidents and patterns of serious incidents are reviewed and appropriate follow-up
is conducted or implemented to address individual or system-level risks.

CommentID: 83873
 

7/8/20  10:09 pm
Commenter: Jan Longman, Arlington County CSB

Comment on risk management guidance document
 

Arlington CSB concurs with comments submitted by the other Virginia CSBs and our community partners. 

Additionally, the guidance document attempts to propose a “one size fits all” solution for all providers regardless of organization size, census, or budget.

Monitoring and addressing risk in an integral function but processes and personnel roles and responsibilities should be variable according to the resources of the provider.

CommentID: 83874
 

7/8/20  11:28 pm
Commenter: Melanie Bond, Hampton-Newport News CSB

Comment - Risk Management Guidance Document
 

A. “Individual risk screening”: the guidance is unclear/vague as to the components of the screening; as a risk manager, completion of ‘screenings’ seems beyond the scope of the role, as a the risk manager should be an evaluator of assessments/screenings such as these that are completed by the direct service provider in an attempt to provide feedback regarding adequacy and the provider’s compliance with the tool, areas for improvement, etc.

D. “Uniform Risks and Triggers”: requirement to adhere to an undefined parameter is unrealistic and should be removed or delayed in implementation until the parameter is outlined and disseminated

CommentID: 83875