Risk Management in Risky Times:Issues and Strategies for Identifying and

Minimizing Risk

May 7, 2015Family Service Ontario

Elyse Sunshine

2

Agenda

Part 1: Risk Management

Part 2: Risk Management in Action: Requests for Records

3

PART 1: Risk Management

4

Why is Risk Management Important ?

5

Current Trends in Organizations

PAST PRESENT

Public trust and respect Being viewed with suspicion. Increased demands to be transparent and accountable

Informal recruitment, orientation, training

Selective and targeted recruitment. Formal processes for orientation and training.

Decisions being made by the whole Board

Use of smaller committees to recommend policies and programs to the Board

Financial oversight being solely left to a treasurer

Relevant financial information being shared with the entire Board

Informal and infrequent assessment of staff and Board members

Performance of all involved parties being subject to clear expectations and standards

6

Accountability

• Accountability can take many forms: • Responsibility and Ethics• Governance• Regulation, policy, by-laws• Meetings• Administrative or judicial penalties imposed to

address regulatory non-compliance • Reporting requirements • Court actions mounted by dissatisfied stakeholders

7

Transparency

• As an organization, you must ensure that communications are honest, understandable and accessible.

• Important to ensure that your communications include your mission, programs and other activities.

8

Transparency, cont.

• A good organization not only speaks but listens – to the members, to stakeholders and to the public.

• Providing opportunities for members and stakeholders to provide input enhances image and can provide valuable ideas

• Need to be responsive to requests for information – creates the image of a transparent, trustworthy organization

• Consider a complaints process – not the same as a Regulatory College complaint but a process to deal with complaints and concerns about the organization

9

Types of Risk

• Safety and Facility• Occupational Health• Operational• Communication• Financial• Security• AND SO ON…

10

Real risk examples

• Someone getting injured on agency property• A breach of confidentiality• A staff member (that you were going to terminate)

going off on a sick leave• Mismanagement of agency funds (deliberate or

accidental)• A client falling through the cracks

11

What is risk management anyway?

• A “trendy” term for looking for trouble before it finds you

• When considering RISK: unknown, uncertainty, threats, vulnerability, impact

• Risk Management is an effort to identify, quantify, evaluate and correct risks or potential risks that could lead to harm to the overall organization, clients, staff and stakeholders

• Many different models (using different acronyms)• Formalized process

12

Different Models – Similar Principles

• Although many different approaches to risk management , at the heart, we are looking at• Understanding the environment (law, rules, people

practicalities) • Identifying where the risks lie (staff, equipment,

processes) • Analyzing and assessing

• How we avoid risk• How we mitigate risks • How we minimize the impact of risk

• Planning / Addressing the risks• Following-up (short and long-term)

13

Basic Risk Management Strategy

Consider: 1. What could possibly happen?2. How likely is it that those things will / could happen? 3. What consequences would arise if those things

happened? How severe would they be? 4. How can the likelihood that the thing will happen be

mitigated and to what degree?5. What can be done to reduce the impact of the things

happening?6. What cannot be avoided? What is the potential for

exposure? 7. How often should we (re)assess?

14

Good Risk Management

• Proactive (not reactive)• Includes not just analysis but follow through• Is constantly evolving• Is practical and realistic• Is relevant to the organization• Involves extremal and internal participants

Part 2: Risk Management in Action - Handling Requests for Records

15

16

Who requests records?

• Courts or inquests - as evidence• Health professional regulatory

Colleges - investigations, assessments, disciplinary matters etc.

• Ministries of the Government • Clients or their agents - to obtain

services and/or funding• Third party insurers - to adjudicate

claims

17

Subpoenas

• Subpoena is Latin for “summons to witness”

• An order of a court or tribunal requiring a named individual’s presence in court or as a witness in aid of a proceeding, at a specific time and place

• The subpoena may require you to bring documents or other things that are specifically described in the subpoena

18

When Might I be Served with a Subpoena?

• Civil Court ActionExamples:

• Insurance claims• Malpractice claims

• Tribunal HearingExamples:

• College discipline hearing• WSIB hearing

19

Requirement to Respond

If you disregard a subpoena, there could be serious legal consequences, i.e. an arrest warrant may be issued, professional misconduct proceedings could be instituted by your regulator

20

How to Handle the Subpoena

• Contact the person (usually a lawyer) who has arranged for service of the subpoena

• Do not discuss or provide any information without the patient’s or client’s consent

• Provide your contact information and make yourself accessible

• Request that you be advised exactly when and where to attend the proceeding so as to minimize any inconvenience to you and your practice – subpoena money is not a lot given the inconvenience

21

Handling Subpoenas con’t.

• Appear at the proceeding carrying the documents• Attend with legal counsel (if desired)• You should not produce the information until you

are ordered to do so by the judge or adjudicator• If some of the information requested appears not

to be relevant to the case at hand, you may also advise the judge of that fact and the scope of the evidence to be produced may be restricted

22

The Search Warrant

A warrant issued under authority of law directing a sheriff, constable or officer to search a specified premises and seize certain documents

23

Obtaining a Search Warrant

• To obtain a warrant, police officer must apply to a Justice of the Peace

• There must be reasonable and probable grounds that the warrant will uncover evidence required to be established in the case

24

How to Handle the Search Warrant

• Review the document to see that it is genuine, and directed at that location.

• Even police officers generally do not have the right to demand information from a health professional, absent a court order, subpoena, or search warrant

• Contact your lawyer

25

How to Handle the Search Warrant

• Ensure that access is provided only to those documents that fall within the strict terms of the warrant (best done with legal advice, otherwise could be considered obstruction)

• Record the officer’s name and badge number, the request for information and the information provided

• A copy of the search warrant should be included in the client’s medical record

• If the client requires ongoing care, request a copy of the chart before they take it

26

Court Orders

A Court will order a client or their health professional to produce their records where the records are relevant to the matter (i.e. injury) in question

27

Handling a Court Order

• You are required to comply with a court order directing production of a client’s records

• If warranted, you will have an opportunity to challenge the order during the motion, which precedes the granting of the order – get advice

• Failing to comply with a court order can result in fines, sanctions or even imprisonment

28

Requests from Licensing Bodies

You may be required to respond to a request for records by a regulatory College for the purposes of administering and enforcing the Regulated Health Professions Act, 1991 (RHPA) in the context of:

• Complaints• Section 75 investigations • Discipline proceedings• Quality Assurance Audits

29

RHPA – Exception to PHIPA

Section 9(2) PHIPANothing in this Act shall be construed to interfere with,(e) the regulatory activities of a College under the Regulated Heath Professions Act, 1991, the College under the Social Work and Social Service Work Act, 1998 or the Board under the Drugless Practitioners Act

30

• Review the context for the request and the legal authority for same

• Assemble the documents requested but do not send• If originals are required to be produced, make a coloured

copy for yourself (if possible)• Make sure the records requested are organized and

complete• Do not modify or destroy the records. If need to clarify an

entry, ask your lawyer • When charts are returned, do not re-file into your system

until all proceedings have been resolved

Responding to Regulatory Requests

31

Client Requests for Records

On request, and with very limited exceptions, a client is entitled to see his or her entire medical record and to receive copies of it

32

What do you have to provide?

Generally speaking, all information contained in the record must be released to patients upon request, including:

• Progress notes• Consultation reports• Records from previous health professionals• Correspondence etc.

You do not have to provide medical/legal correspondence between you and your lawyer about the patient (avoid keeping such documents in the patient's file)

33

Refusals to Provide Records to Clients –PHIPA

Health professionals can refuse to provide records for the following reasons:

• Legal privilege• Another act or a court order prohibits disclosure• The information was collected or created primarily in

anticipation of or for use in a proceeding, and the proceeding has not been concluded

• Granting the access could reasonably be expected to result in a risk of serious harm to the treatment or recovery of the individual or a risk of serious bodily harm to the individual or another person

34

Handling Client Requests

• Determine what client is requesting (i.e. entire record, specific entry, copy of lab report)

• Do not release the original record or leave the patient alone with the original record

• Advise patient if you intend to charge for the copy (such charges must be reasonable)

• Do not erase or modify any part of the record before providing it (can make additions, if done properly)

• If you are going to refuse, ensure rationale for refusal is reasonable and defensible (cannot refuse to avoid a legal proceeding)

35

Third Party Requests

• Providing information to third parties can be a complex matter

• Cannot provide any information concerning the patient to a third party unless the patient or the patient’s authorized representative consents to this disclosure or the disclosure is required by law

36

Who Else May Seek Records?

• Third Party Payors

• Lawyers

• Other Health Professionals

• Clinic / Facility Owners

37

Requests by Third Party Payors

• Requests for records may come as a result of clients seeking benefits, reimbursements or other financial compensation or assistance

• The express (written) consent of the client or SDM is required before releasing any information to such individuals

• If client refuses to provide consent, document refusal and advise requestor of the fact

• Good idea to discuss the ramifications with the client or SDM of providing or failing to provide the information and to document your discussion

38

Requests by Lawyers

• Client’s or opposing party’s lawyer may request records

• Determine who the lawyer is and who they represent

• The request must be accompanied by the patient’s written consent

• Good idea to confirm the request with the patient • Only send what is being requested • Never send originals• Can charge reasonable fee for copying the file

39

FAQs

1. Is an access parent entitled to a record of child?2. Does access to a client’s file include access to 3rd party

reports?3. Must rough notes be kept?4. Can a custodian release information pursuant to a

standard consent form? For how long is a consent form valid?

5. What proof is required before the file can be released to someone?

40

FAQ 1: Access Parents

• PHIPA defines “parent” not to include parent who has only a right of access

• If child is not capable, custodial parent is SDM• Access parent entitled to information because of Children’s

Law Reform Act, but right should ideally be asserted against custodial parent or via court order

• Note: Court order directing custodial parent to consent to release of PHI is not a court order directing custodian of record (i.e. the agency) to provide it

• But custodian can, in its discretion, provide information based on such provision being “permitted or required by law”.

Custody and Consent • Is the CLRA a law that permits or required

disclosure of PHI? Perhaps.• Therefore,

• The provider should therefore treat requests for PHI from an access parent as discretionary

• Consider all of the circumstances before making a decision

41

42

FAQ 2: Access to 3rd Party Reports

• Access to a file includes all information in file except where an exception applies

• For example, access may be denied where granting access could result in the identification of a person who should not be identified or in a risk of serious harm to the treatment or recovery of the individual, or of serious bodily harm to the individual or others;

• Best practice in case exception applies: direct client to author of report

43

FAQ 3: “Rough” Notes

• Generally, health care providers don’t have time to rewrite notes

• Electronic records maintain all records – revising the records raises questions

• If practice is to dictate/summarize notes shortly after preparing same, acceptable to discard “rough notes”

• If report not generated immediately thereafter, sessional notes should be kept

44

FAQ 4: Consent Forms

• Consent is a process, not a form! - The form does not replace discussion

• No obligation that consent to collection, use or disclosure of PHI be time limited

• Standard consent forms can be very broad – may not be necessary or appropriate

• If the client whose records are requested is capable, he or she should consent before PHI is released

• HIC can accept standard consent form, but if in doubt, get new consent executed

• Best Practice: Counsel client as to implications of consent

45

FAQ 5: Proof of Relationship

• PHIPA permits reliance on the accuracy of an assertion made by a person who states that he or she is authorized to request access to PHI or to consent to the collection, use or disclosure of PHI unless it is not reasonable to do so in the circumstances

• Document the basis for relying on, or refusing to rely on, any such assertion

46

Questions?

47

For More Information

Elyse SunshineRosen Sunshine LLP123 John Street, Suite 200Toronto, OntarioM5V 2E2

Tel: (416) 572-4902E-mail: sunshine@rosensunshine.comWebsite: www.rosensunshine.com