Risk Management Tips for Physicians in New York

MLMIC’s Risk Management Tips brochures are published to help physicians and facilities improve patient care and, ultimately, reduce the number and severity of claims.

Open or download our latest Risk Management Tips:

Tip #1: Maintaining Patient Confidentiality
Tip #2: Tracking Test Results
Tip #3: Prescription Medications and Patient Safety
Tip #4: Management of Medical Equipment for Patient Care
Tip #5: Follow-up of Missed or Cancelled Appointments
Tip #6: Managing Medication Samples
Tip #7: Safely Caring for Patients of Size in the Office Practice
Tip #8: Management and Documentation of After-hours Telephone Calls from Patients
Tip #9: Effective Communication with Patients
Tip #10: Managing Patients with Chronic Pain
Tip #11: Using Chaperones during Physical Examinations
Tip #12: Promoting Communication Between Referring and Consulting Physicians
Tip #13: Handling Patients’ Complaints Properly
Tip #14: Managing Drug Seeking Patients
Tip #15: Communicating and Following-Up Critical Test Results
Tip #16: Promoting Adherence to a Medication Regimen
Tip #17: Communicating with Low Health Literacy Patients
Tip #18: Discontinuing the Physician–Patient Relationship Properly
Tip #19: Treating Patients with Whom You Have a Close Relationship
Tip #20: Reducing the Risk of the “Copy and Paste” Function in Electronic Health Records
Tip #21: The Use of Computers in Examination Rooms
Tip #22: The Proper Use of Patient Portals
Tip #23: Managing Patient Noncompliance
Tip #24: Security of Patient Information and Health Information Technology
Tip #25: Managing Negative Online Reviews
Tip #26: The Proper Use of Scribes

Tip #1: Maintaining Patient Confidentiality
The Risk: Patient confidentiality breaches pose a significant risk in the healthcare setting. HIPAA and New York State laws govern your obligation to maintain the confidentiality of protected health information (PHI). Staff and providers must be aware that routine office practices, including telephone contact, verbal discussions, and computer use, inherently carry the risk of patient confidentiality breaches.
Recommendations:
1. Staff should be educated, at a minimum annually, regarding HIPAA and patient confidentiality. This should be documented and maintained in their personnel files.
2. Confidentiality agreements should be signed by all staff members.
3. Staff conversations regarding patient care should not be audible to patients and visitors in the waiting area.
4. The staff should be advised to never discuss patients outside the office, including the use of social media.
5. Assess the flow of patients through the office to determine how best to maintain the privacy of PHI.
6. Computer screens should not be visible to patients or visitors.
7. Computers in exam rooms should not be left on or active when staff or providers are not present.
8. Any electronic device that is used for the transmission of PHI must be encrypted and have regular software updates installed.
9. The practice can leave messages on patient answering machines (e.g., regarding appointments) only if contained in your Notice of Privacy Practices. Patients must be offered the option of opting out.
10. Business Associate Agreements must be obtained and maintained for all vendors who have access to PHI.
Download this as a PDF
Tip #2: Tracking Test Results
The Risk: The receipt and review of test results are important aspects of patient care and safety in physician practices. Tests may not be completed or results may be lost, overlooked, or not received, leading to potential delay in diagnosis and subsequent liability exposure. Follow-up procedures should be an integral part of your practice and can help ensure that patients obtain the necessary testing, as ordered, and that results are received, reviewed and properly addressed.
Recommendations:
1. Inform patients about the indications for the test(s) and document this conversation in the medical record.
2. Implement a follow-up system in your practice to ensure that patients have undergone the recommended test(s) and that the results are returned to the office.
3. The follow-up system should allow you to track the following information: patient name, test order date and the date the results were received.
4. The medical record should indicate the date of the provider review.
5. It is the provider’s responsibility to notify patients of significant test results. This should be documented in their medical record.
6. Your process should include follow-up when patients have not undergone the recommended test(s). This may include telephone and/or electronic communication. All attempts to reach the patient should be documented in the medical record.
7. A follow-up mechanism that utilizes the same process also should be in place to track consultations.
Download this as a PDF
Tip #3: Prescription Medications and Patient Safety
The Risk: Medication errors result in a significant portion of medical liability claims. Patient harm can result from known risks, adverse or allergic reactions, drug interactions, and errors in prescribing. Careful attention to detail in prescribing and monitoring the use of medications promotes patient health and safety.
Recommendations:
1. Physicians must discuss the indications, risks, benefits, and alternatives of prescription medication with their patients and document these discussions in the medical record.
2. The patient’s allergy history should be reviewed prior to prescribing.
3. Allergies/sensitivities should be documented in a highly visible and pertinent part of the record.
4. Medication reconciliation should be performed on a routine basis, including the use of herbal supplements and over-the-counter drugs. Patients should be encouraged to bring a list of medications or actual prescription bottles to their visit(s) to facilitate this process.
5. Written consent should be obtained for high risk medications such as allergy shots, joint injections, fertility medications, chemotherapy, etc.
6. The blood levels/side effects of certain medications should be monitored with laboratory and/or diagnostic tests as indicated. Test results should be reviewed and adjustments made as necessary.
7. Discontinuance of or a change in medication(s) should be documented in the medical record, including the rationale for the change.
8. Patient visit intervals should be established for the continuance of prescription medications.
Download this as a PDF
Tip #4: Management of Medical Equipment for Patient Care
The Risk: Many procedures are performed in the office setting using physician-owned or leased medical equipment. Failure or malfunction of this equipment may lead to patient, staff or provider injury. The appropriate maintenance of this equipment is essential to patient safety.
Recommendations:
1. A process should be in place for maintenance of medical equipment. The manufacturers’ directions for use and recommended preventative maintenance schedule should be followed.
2. A record of all maintenance activities should be generated and retained.
3. All patient care equipment should be inspected on an annual basis at a minimum, or more often if recommended by the manufacturer.
4. Equipment should be labeled with the inspection date, the initials of the inspector, and the date that the next inspection is due.
5. A designated staff member should confirm that all required inspections and preventative maintenance of equipment is performed at appropriate intervals.
6. Relevant staff should be properly trained in the use of medical equipment. Documentation of training and education should be maintained in their personnel files.
7. The scope of practice of medical personnel/licensed staff must be considered when they perform or assist in a procedure and/or use medical equipment.
8. A process should be in place that requires the immediate removal of malfunctioning equipment from use in the practice. This process should include a provision to sequester any piece of equipment which may be directly involved in injury to a patient, staff, or provider. Prompt notification to your medical professional liability insurance carrier is recommended when an equipment related patient injury occurs.
Download this as a PDF
Tip #5: Follow-up of Missed or Cancelled Appointments
The Risk: A missed or cancelled appointment and the failure to follow up with or contact the patient may result in a serious delay in diagnosis or treatment. A well-defined process that includes provider notification and follow-up procedures in this situation will help ensure continuity of care and enhance patient safety.
Recommendations:
1. Develop a process for the follow-up of patients who have missed or cancelled appointments.
2. Physicians should be notified of all missed or cancelled appointments on a daily basis.
3. The physician should assess the clinical importance of the appointment, the severity of the patient’s medical condition, and the risk(s) associated with the missed or cancelled appointment to determine appropriate follow up.
4. A reminder telephone call from the office staff may suffice for patients at minimal risk. The telephone call and the content of the message or conversation should be documented in the patient’s record.
5. A telephone call from the physician may be indicated for patients at higher risk. The physician should emphasize the importance of follow-up care and the risks inherent in failing to comply. This conversation should also be documented in the medical record.
6. If there is no response from the patient or the patient develops a pattern of not keeping or missing appointments, a letter with a certificate of mailing should be sent to the patient to advise him/her of the risk of non-compliance. A copy of the letter should be maintained in the patient’s medical record.
7. All efforts to contact the patient, either by telephone or in writing, should be documented in the medical record. This provides evidence that the patient was made aware of the importance of continuous medical care.
8. Educate your staff regarding patient follow-up processes in your practice. Consider conducting periodic record reviews to evaluate the effectiveness of the established processes for patient follow-up.
9. Continued failure of a patient to keep appointments may be deemed non-compliance with treatment. Consideration should be given to discharging the patient from your practice. The attorneys at Fager Amsler Keller & Schoppmann, LLP are available to assist you in determining how and when to properly discontinue a physician-patient relationship due to patient noncompliance.
Download this as a PDF
Tip #6: Managing Medication Samples
The Risk: Medication samples are widely used in a physician’s office practice. A standard process should be in place for the proper handling, storage, dispensing, and disposal of medication samples. The safe management of medication samples can help prevent medication errors and subsequent patient injuries.
Recommendations:
1. Develop policies and procedures for storing, handling, dispensing, and disposing of medication samples in your office practice.
2. Store medication samples in a safe and secure location in your office to reduce the risk of theft and unauthorized use. Limit access to medication samples to licensed staff members. These samples must not be kept in examination rooms or areas that are easily accessible to patients and visitors (e.g., in unlocked drawers or on countertops). Follow the manufacturer’s recommendations for storage of each drug.
3. Maintain a log of your supply of medication samples. The log should include documentation of the monitoring of expiration dates.
4. Assign the responsibility for monitoring and tracking the inventory of medication samples to a licensed staff member.
5. Explain the proper use of the medication to patients. Include any special instructions or warnings in that discussion and document same in the patient’s medical record.
6. The sample medications should be labeled according to the provider’s order with the same labeling requirements as a pharmacy. According to New York State Education Law § 6807 (1) (b), the label should include:
  - Name of the patient
  - Name of drug
  - Dosage
  - Name of practitioner prescribing medication
  - How often to take medication
  - How much medication was prescribed (number of pills)
  - Special instructions on how to take the medication (e.g., with meals, etc.)
7. Properly dispose of expired medication samples in accordance with state, federal, and local laws.
Download this as a PDF
Tip #7: Safely Caring for Patients of Size in the Office Practice
The Risk: Obesity continues to be a serious health issue in the United States. Physicians’ offices may not be well equipped to accommodate patients of size. Injuries can occur if appropriate equipment is not available to accommodate them. Further, bias or ambivalence by healthcare professionals in treating obese patients can negatively affect patient care and lead to poor outcomes. Providing a safe environment, while optimizing sensitivity to the needs of this patient population, will enhance patient care and minimize your exposure to claims of negligence.
Recommendations:
1. Examination rooms and waiting areas should include appropriate and safe furnishings, such as large sturdy chairs, high sofas, benches, or loveseats that can accommodate patients of size and visitors.
2. Diagnostic and interventional equipment that can accommodate morbidly obese patients should be available. This may include, but is not limited to:
  - Appropriate scales for patients who weigh more than 350 lbs.
  - Extra large adult-sized blood pressure cuffs
  - Gowns to accommodate patients weighing more than 350 lbs.
  - Extra-long phlebotomy needles and tourniquets
  - Large examination tables
  - Floor-mounted toilets
  - Sturdy grab bars in bathrooms
  - Sturdy step stools in examination rooms
3. The office staff should be knowledgeable about the weight limits of their office equipment. Color coded labels can be used to discreetly identify weight limits.
4. The office staff should be educated and trained in techniques for safely assisting and transferring patients of size.
5. Although patients of size may face many additional medical issues, they are less likely to obtain preventative care and more likely to postpone or cancel appointments because of embarrassment and/or a feeling of bias on the part of healthcare providers. Patient support and follow-up are important.
6. Healthcare providers should assess their own potential for weight bias. Recognize any pre-conceived ideas and attitudes regarding weight. Give appropriate feedback to patients to encourage healthful changes in behavior. Encourage patients to set goals and actively participate in their plan of care.
7. Educate the staff about the needs of this patient population to enhance their ability to demonstrate understanding, respect, and sensitivity.
Download this as a PDF
Tip #8: Management and Documentation of After-hours Telephone Calls from Patients
The Risk: The failure to properly handle and document after-hours telephone calls can adversely affect patient care and lead to potential liability exposure for the physician. Should an undocumented telephone conversation become an issue in a lawsuit, the jury is less likely to believe the recollection of the physician, who receives a large number of calls on a daily basis.
Recommendations:
1. Establish a system to help ensure that all after-hours calls are responded to in a reasonable time frame and are documented in the patient’s medical record.
2. Medical record documentation of after-hours calls should include the following:
  - Patient’s name
  - Name of the caller, if different than the patient, and the individual’s relationship to the patient
  - Date and time of the call
  - Reason or nature of the call, including a description of the patient’s symptoms or complaint
  - Medical advice or information that was provided, including any medications that were prescribed
3. If the patient’s condition warrants the prescription of medications, it is important to inquire about and document any medication allergies, as well any other medications the patient is currently taking.
4. If you use an answering service, it should be periodically evaluated for courtesy, efficiency, accuracy, and proper recordkeeping.
5. The use of answering machines or voicemail systems for after-hours calls is not recommended for the following reasons:
  - There are no safeguards in the event of a malfunction.
  - Patients do not always understand that no one will call back, even if this is stated in the message.
  - If, as a last resort, an answering machine or voicemail must be used, the message should be brief, simple, and include: (The office is now closed. If you believe you are experiencing a medical emergency, please disconnect and call 911.)
6. When after-hours coverage is provided by another physician’s practice, a process should be in place to ensure that documented telephone conversations are promptly forwarded to your office.
Download this as a PDF
Tip #9: Effective Communication with Patients
The Risk: Effective communication is the cornerstone of the doctor-patient relationship. Patients’ perceptions of physician communication skills may impact the potential for allegations of malpractice. The following are some suggestions that are designed to promote open communication and enhance your ability to reach an accurate diagnosis and develop an appropriate plan of care.
Recommendations:
1. Employ active listening techniques and allow the patient sufficient time to voice their concerns.
2. Sit at the level of the patient and maintain eye contact.
3. Assess the patient’s literacy level. This may be as simple as asking what is the highest grade level the patient attained.(http://www.ahrq.gov/professionals/qualitypatient-safety/quality-resources/tools/literacy/index.html)
4. Use lay terminology when communicating with patients and their families.
5. Develop plans for communicating with patients who are hearing impaired, deaf, or have limited English proficiency (https://www.ada.gov/effective-comm.htm).
6. Utilize the teach-back method when providing patients with instructions and information. This technique requires that patients repeat the information provided in their own words. The teach-back method is particularly useful in assessing patients’ understanding of:
  - Informed consent discussions
  - Medication instructions including side effects and adverse reactions
  - Test preparation
  - Follow-up instructions
  If the patient is unable to convey the information, it should be restated in simpler terms, perhaps utilizing pictures and/or drawings.
7. Evaluate your educational tools and consent forms to determine the grade level at which they are written. This will allow you to provide written materials that will be understandable to the majority of your patient population. Techniques that determine the readability and comprehension levels of documents are available from numerous sources including:
  - http://www.cms.gov/Outreach-and-education/Outreach/writtenMaterialsToolkit/downloads/toolkitpart07.pdf
  - http://www.readabilityformulas.com/
8. At the conclusion of your patient encounter, ask the patient/family if they have any questions or concerns that have not been addressed.
9. Medical record documentation should reflect all aspects of patient interactions and comprehension. This will demonstrate the effectiveness of your communication skills and promote patient satisfaction, which may reduce your potential exposure to claims of malpractice.
Download this as a PDF
Tip #10: Managing Patients with Chronic Pain
The Risk: The management of chronic pain through the prescription of controlled medication poses challenges and risks to both the patient and the healthcare provider. Common allegations against providers in pain management claims include:
- Liability for failure to adequately treat pain
- Liability for allegedly inappropriately prescribing controlled substances
- Potential for civil charges being brought against a physician or other provider for the patient’s diversion of narcotics and/or drug abuse or overdose
- Liability for failing to recognize a patient’s addiction and/or diversion and to refer the patient for treatment
Recommendations:
1. Perform and document a thorough initial evaluation of the patient. This should include: a history and assessment of the impact of the pain on the patient; the nature, type and causation of the pain; and a focused physical examination to determine if there are objective signs and symptoms of pain. The provider also should review pertinent diagnostic studies, previous interventions and drug history and assess the extent of co-existing medical conditions which impact the patient’s pain. It is important to obtain the names of all other providers the patient is seeing or has seen, and the pharmacies the patient uses.
2. Develop a specific treatment plan based upon the evaluation.
3. Maintain accurate and complete medical records that clearly support the rationale for the proposed treatment plan.
4. Perform a thorough informed consent discussion regarding the plan of care, including the risks, benefits, and alternatives, and the risks of the alternatives, including no treatment with controlled substances.
5. Request the patient’s consent to obtain copies of the records of all prior treating physicians, and review these records before prescribing controlled substances, to determine if there is a history of drug seeking behavior or abuse.
6. Use a written pain management agreement when prescribing controlled substances for patients with chronic pain. If the patient has a prior history of drug abuse, refer the patient to a pain management practice or clinic, if possible. A pain management agreement outlines the expectations of the provider and the responsibilities of the patient, including:
  - Baseline screening of urine/serum medication levels
  - Periodic unannounced urine/serum toxicology screening
  - Medications to be used, including dosage(s) and frequency of refills
  - A requirement that the patient receive medications from only one physician and use only one pharmacy
  - Frequency of office visits
  - Reasons for discontinuance of drug therapy (e.g., violation of agreement). A sample pain management agreement can be obtained by contacting Fager Amsler Keller & Schoppmann, LLP at (877) 426-9555
7. Document and monitor all prescriptions and prescription refills.
8. Consult the New York State Prescription Monitoring Program (I-STOP) registry prior to prescribing any controlled pain medications. Document either that you have consulted the registry, or the circumstances why consultation was not performed.
9. Protect prescription blanks if still utilized in your practice. Limit and monitor staff access to computer-generated prescriptions.
10. Take positive action if you suspect patient addiction or diversion. Public Health Law § 3372 requires a physician to report to the New York State Bureau of Controlled Substances any patient who is reasonably believed to be a habitual user or abuser of controlled substances by calling (518) 402-0707.
11. Refer the patient for treatment of addiction, if appropriate, and document this discussion with the patient in the medical record.
12. If a patient is believed to be selling/diverting narcotics, and the patient’s random urine test confirms no drug use or there has been a forgery or theft of prescriptions, contact the law firm of Fager Amsler Keller & Schoppmann, LLP to discuss how to discharge the patient and how to handle requests for medications from the patient before the discharge is final.
Download this as a PDF
Tip #11: Using Chaperones during Physical Examinations
The Risk: Providers must recognize that, at any time, a patient may make a complaint to the Office of Professional Medical Conduct alleging that he or she was the victim of a physician’s sexual misconduct. Having a chaperone present during intimate physical examinations may be beneficial to both the physician and the patient. First, it may provide reassurance to patients, demonstrating both respect for their concerns and an understanding of their vulnerability. Second, the use of chaperones can provide legal protection for the physician in the event of a misunderstanding or false accusation of sexual misconduct on the part of the patient.
Recommendations:
1. A provider should always use a chaperone when performing breast or pelvic examinations.
2. Consideration also should be given to the use of a chaperone for:
  - rectal and/or testicular examinations;
  - unusual situations where the physician is concerned that the patient, spouse, or family member may seem uncomfortable or apprehensive;
  - when a parent or spouse demands to be present; and
  - when a patient acts seductively or otherwise inappropriately.
3. The presence of a chaperone must always be documented in the patient’s medical record.
  - The provider can simply document “chaperone in room for the entire exam” and the chaperone’s initials.
  - Adding the name and title of the staff member who chaperoned the exam allows you to verify their presence at a later date, should the need arise.
4. A template indicating the use of a chaperone is available from Fager Amsler Keller & Schoppmann, LLP from which either a stamp for a paper record or a data field for an electronic health record (EHR) can be used in your office.
5. A chaperone should be provided even if the provider is the same gender as the patient.
6. Chaperones should be educated about patient privacy and confidentiality issues.
7. Unless specifically requested by the patient, family members should not be used as chaperones.
8. Respect for the patient’s privacy can be further maintained by speaking to the patient privately before and/or after the examination.
Download this as a PDF
Tip #12: Promoting Communication Between Referring and Consulting Physicians
The Risk: Lack of communication between providers may result in poor coordination of care. This may include a delay in diagnosis or treatment, the failure to order diagnostic testing or act upon abnormal test results, or the failure to prescribe appropriate medications. Clearly defining the roles and responsibilities of the referring and consulting physicians will promote safe and effective patient care.
Recommendations:
1. A tracking system should be in place to determine if the patient obtained the recommended consultation.
2. Referring physicians should develop a process for determining whether a report has been received from the consulting physician.
3. All consultation reports must be reviewed by the referring physician prior to being placed in the patient’s medical record.
4. If a patient has been non-compliant in obtaining the recommended consultation, follow-up is necessary. Document all attempts to contact the patient and any discussions with the patient, including reinforcement of the necessity and reason for the consultation.
5. If a report is not received in a timely manner, contact the consultant to determine if the patient has been seen and whether a report has been generated.
6. Consultants should routinely send reports to referring physicians in a timely manner. These reports should include the:
  - findings;
  - recommendations including interventions; and
  - delineation of provider responsibility for treatment and follow-up of test results.
7. The consultant should contact the referring physician when a patient fails to keep an appointment. The medical record should reflect the missed appointment, as well as notification of the referring physician.
8. All telephone conversations between referring and consulting physicians should be documented. Timely communication must occur when an urgent or emergent clinical finding is identified.
Download this as a PDF
Tip #13: Handling Patients’ Complaints Properly
The Risk: Patient satisfaction is an integral part of providing healthcare, regardless of the clinical setting. Dissatisfaction with medical care may be a harbinger of medical malpractice litigation. When you receive a complaint about care, how you handle the situation may directly impact the potential for any future litigation. All physician office practices should have a policy or protocol in place to address patient complaints.
Recommendations:
1. One individual should be identified and consistently used as the primary person to address patient complaints. This is often the office manager.
2. All staff should know to whom complaints should be addressed, as well as what information constitutes a complaint that requires attention or intervention by that person. This should, at a minimum, include:
  - written or verbal complaints regarding medical care;
  - billing or payment issues that involve concerns about the clinical care; and
  - letters of complaint from third party payors, IPRO, NYS Department of Health, or other regulatory entities. We recommend that you retain personal counsel for assistance in formulating written responses to such agencies.
3. Effective communication skills are essential when addressing a patient complaint.
  - Express concern for the patient’s condition and wellbeing.
  - Never be adversarial or defensive.
  - Be an active listener and ask questions when appropriate.
  - Avoid judgmental comments about patients and their families, or negative remarks about staff, physicians, or other providers.
  - Investigate complaints and follow up as indicated.
4. Conversations with patients should be documented in the medical record. It is appropriate to quote the patient when documenting their concerns.
5. Keep letters of response to complaints concise and simple. A copy of the written response should be kept in the patient’s medical record.
6. When complaints involve clinical issues or are complex, physicians or other providers should be involved in addressing the situation.
7. Attorneys’ requests for records may be an indication of a patient’s unhappiness. The patient’s medical record should be reviewed in conjunction with these requests in an effort to assess the potential for medical malpractice litigation.
8. Consider seeking guidance when presented with unusual or difficult situations. MLMIC staff is available to assist insureds with handling complaints, formulating responses, and determining potential exposure to claims of malpractice.
9. Never document any contact with MLMIC or your attorneys in the patient’s medical record.
Download this as a PDF
Tip #14: Managing Drug Seeking Patients
The Risk: Healthcare professionals share in the responsibility for minimizing prescription drug abuse and drug diversion. Physicians are tasked with differentiating patients in need of effective pain management from those who may be seeking drugs for inappropriate reasons. The following recommendations are intended to provide guidance for healthcare providers when confronted by drug seeking patients.
Recommendations:
1. Perform a complete review of the patient’s pertinent history, and conduct a thorough medical evaluation. Address and document all objective signs and symptoms of pain.
2. Exercise concern when dealing with patients who are not interested in having a physical examination, are unwilling to authorize the release of prior medical records, or have no interest in a diagnosis or a referral, saying they want the prescription immediately.
3. Be cautious if a new patient has an unusual knowledge of controlled substances, or requests a specific controlled substance, and is unwilling to try any other medication.
4. Document a trial of non-narcotic medication and/or physical therapy before choosing to place the patient on a controlled substance.
5. If you are able to identify the true source of the patient’s pain, document that and any positive test results in the medical record.
6. New York State physicians must consult the I-Stop registry prior to prescribing any Schedule II, III or IV controlled substances. To establish a Health Commerce System account to enable you to do so, access the website at https://hcsteamwork1.health.state.ny.us/pub/top.html.
7. Document the patient’s informed consent for treatment of chronic pain with controlled substances. Have the patient sign a written pain management agreement (available from Fager Amsler Keller & Schoppmann, LLP) when prescribing controlled substances for chronic pain.
8. Specifically document drug treatment outcomes and the rationale for medication changes.
9. Assess whether further treatment for addiction or pain management is appropriate, and document this discussion with the patient. If necessary, refer the patient for consultation, to a pain management clinic, or to a rehabilitation facility.
10. Carefully monitor and protect Official New York State Prescription pads if you use them. Unless an exemption is applicable, prescriptions for controlled substances are to be electronically dispensed.
11. When electronically issuing or writing a prescription for controlled substances, write the quantity and the strength of drugs in both letters and numbers to prevent alteration.
12. Report patients who are reasonably believed to be habitual users or abusers of controlled substances to the New York State Bureau of Controlled Substances. This is required by New York State Public Health Law §3372.
13. Contact the law firm of Fager Amsler Keller & Schoppmann, LLP to discuss how to address a patient who you believe is selling/diverting narcotics, or altering, forging, or stealing prescription pads.
Download this as a PDF
Tip #15: Communicating and Following-Up Critical Test Results
The Risk: The communication of test results is an important part of providing care and may involve various healthcare professionals. Test results may be over-looked, lost, scanned into the wrong record, etc. Abnormal test results requiring follow-up present an additional risk if they are not received, reviewed, or communicated to the patient. This may result in missed or delayed diagnoses, patient injuries, and subsequent claims of malpractice. If a physician orders a test, he or she is responsible for ensuring that the results have been received and reviewed. Physician practices should have policies and procedures in place for the management of test results.
Recommendations:
1. All ordered tests must be documented in the patient’s medical record.
2. A process should be in place to confirm and document the receipt of test results. Many electronic health record systems allow practices to efficiently track pending laboratory/diagnostic studies.
3. All incoming laboratory reports and diagnostic tests must be reviewed and authenticated by the provider.
4. The provider must document communication of the test results to the patient. Any recommendations or interventions must also be documented.
5. Providers should have a system in place for the follow-up of pending laboratory/diagnostic test results for their patients who have been discharged from the hospital or emergency department. Receipt and review of these results should be documented in the patient’s medical record. Communication of the results to the patient should also be documented.
6. It is important for physicians to clearly establish who is responsible for follow-up when tests are ordered for a patient by another specialist or consultant.
7. Patients should be advised of all test results, normal or abnormal. This communication should be documented in the medical record.
Download this as a PDF
Tip #16: Promoting Adherence to a Medication Regimen
The Risk: Patient nonadherence to a prescribed medication regimen is a common problem that physicians in all specialties encounter. Some factors that may influence medication adherence include the complexity of the regimen, the age of the patient, and the cost of medications. Patients and/or caregivers should be advised of the importance of taking medications exactly as directed. Educating patients regarding the use of medications should include information about potential drug interactions, side effects, and other related problems that may warrant medical intervention.
Recommendations:
1. Prescribing providers should educate patients about each medication, including its name, appearance, purpose, and effect. This education should include any potential side effects and/or interactions associated with the medication regimen. It should also stress the importance of contacting a healthcare provider should any reactions, questions or concerns arise.
2. Query patients regarding any underlying issues with medication selection in order to resolve any concerns.
3. The importance of using only one pharmacy to obtain all medications should be emphasized to patients or their representatives.
4. Patients should also be advised to:
  - keep an accurate list of all medications including generic and brand names, over-the-counter medications, and herbal supplements, which includes dosages, dosing frequency, and the reasons for taking the medication;
  - maintain a complete list of medical providers and their contact information;
  - post the name and telephone number of their local pharmacy in a prominent location along with the name and phone number of their physician;
  - establish a daily routine when taking their medications; and
  - bring a list of all medications that they are taking to each and every appointment.
5. Make patients aware of the various medication adherence aids and devices available, such as dosing reminders, pill boxes, and refill reminder programs.
6. Provide useful written information in plain language that clearly explains how patients can correctly manage their medications.
7. Consider utilizing the “teach back method” when explaining medications to patients. First teach the information, then ask patients to repeat it back in their own words.
8. Physicians should help patients manage their medications, caution them to not share medications, and advise them to follow storage recommendations and dispose of old medications properly.
Download this as a PDF
Tip #17: Communicating with Low Health Literacy Patients
The Risk: The lay public often has limited knowledge and understanding of medical terminology. A patient’s ability to understand medical information may be compounded by stress, age, illness, and language or cultural barriers. Effective communication with patients may improve compliance with treatment regimens, enhance the informed consent process, and increase safe medication use. Physician office practices can improve the patient experience, and reduce potential liability exposure, by employing the following recommendations.
Recommendations:
1. Use lay terminology whenever possible. Define technical terms with simple language. Patient education materials should be written in plain language, avoiding the use of medical jargon.
2. Verbal instructions may be reinforced with visual aids and printed materials that are easy to read and include pictures, models, and illustrations. Consider using non-printed materials, such as videos and audio recordings, as indicated.
3. Offer to assist your patients when completing new patient information or any other practice documents. Provide this help in a confidential way, preferably in an area that is private and conducive to this type of information exchange. Encourage your patients to contact you with any further questions.
4. The use of interpreters may be indicated for patients who are not fluent in the English language.
5. At the end of the encounter, use open ended questions rather than yes/no questions to further assess patient understanding. Instead of asking “Do you have any questions?” try asking “What questions do you have for me?”
6. Providers and staff should be familiar with and utilize the principles of the “teach back method” when reviewing new medications or treatment plans with patients. First teach a concept, then ask patients to repeat back the information they just heard using their own words.
7. Patients and family members may be embarrassed by, or unaware of, their healthcare literacy deficits. An empathetic approach to understanding patient health literacy will enhance your physician-patient relationship.
Download this as a PDF
Tip #18: Discontinuing the Physician–Patient Relationship Properly
The Risk: Once the physician-patient relationship is established, physicians have a legal and ethical obligation to provide patients with care. However, there may be circumstances when it is no longer appropriate to continue the physician-patient relationship. A physician may choose to discharge a patient for a variety of reasons such as non-compliance with treatment, failing to keep appointments, or inappropriate behavior. Properly discharging a patient from care can be a complex issue. In order to avoid allegations of abandonment, providers should consider establishing a formal process for discharge.
Recommendations:
1. The discharge of each patient must be determined by the physician on an individual basis and based on medical record documentation of patient non-compliance or disruption. We recommend that you contact Fager Amsler Keller & Schoppmann, LLP for specific advice.
2. A formal patient discharge should be made in writing. You must give the patient at least 30 days from the date of the letter to call you for an emergency in order to avoid charges of abandonment. This time period may be longer depending on the patient’s condition and the availability of alternative care.
3. The three most common reasons why physicians discharge patients are:
  - nonpayment;
  - noncompliance with the physician’s recommendations; and
  - disruptions in the physician-patient relationship.
4. The discharge is to be effective the date of the letter.
5. Refer the patient to the local county medical society, their health insurer, or a hospital referral source to obtain the names of other physicians.
6. Provide the patient with prescriptions for an adequate supply of medication or other treatment during the 30 day emergency period.
7. Use the USPS certificate of mailing procedure, not certified mail, to send the discharge letter so it can not be refused/unclaimed by the patient, and it can be forwarded if the patient has moved.
8. When the patient to be discharged is in need of urgent or emergent care or continuous care without a gap, is more than 24 weeks pregnant, or has a disability protected by state and federal discrimination laws, the question of whether the patient can be discharged should first be discussed with counsel since discharge may not always be possible.
9. Become knowledgeable about the requirements regarding any restrictions on discharge imposed by the third party payors with whom you participate.
10. Promptly send the patient’s records to the patient’s new physician upon receipt of a proper authorization.
11. Flag the office computer or other appointment system in use to avoid giving the patient a new appointment after discharge.
12. Document the problems that have led to the discharge in the patient’s record.
13. Form letters and a memorandum on the discharge of patients are available from Fager Amsler Keller & Schoppmann, LLP.
Download this as a PDF
Tip #19: Treating Patients with Whom You Have a Close Relationship
The Risk: Physicians are often asked by close friends, relatives, or colleagues for medical advice, treatment, or prescriptions both inside and outside of the office. At times, these individuals may be seen by you as a courtesy and/or at no charge. Although the American Medical Association advises physicians not to treat immediate family members except in cases of emergency or when no one else is available, this practice continues to occur.

Over the years, we have seen a number of lawsuits filed against physicians by close friends, colleagues, and even their own family members because of care provided by our insureds. The defense of these suits is frequently hampered by the fact that there are often sparse or entirely non-existent medical records for the patient. The failure to maintain a medical record for every patient is defined as professional medical misconduct by Education Law § 6530(32). Providing care under these circumstances may pose unique risks. Here are some recommendations about how to handle these situations.
Recommendations:
1. Always create a medical record for friends, relatives, and colleagues for whom you provide care of any kind.
2. All patient encounters must be documented in the medical record, including those that occur outside the medical office.
3. Take a complete medical history when seeing friends, relatives, or colleagues as patients. If indicated, this should include issues that may be uncomfortable to discuss, such as the use of psychotropic medications or sexual history.
4. A thorough medication history should be obtained from the patient to avoid potential drug interactions. Identify any contraindications when prescribing medication.
5. Perform a thorough physical examination. Sensitive portions of a physical examination should not be deferred when pertinent to the patient’s complaints. These may include breast, pelvic, or rectal examinations. A chaperone should be used for those portions of the examination.
6. Do not write prescriptions, especially for controlled substances, for individuals with whom you do not have an established professional relationship. Always document the reasons for prescribing medications along with the dose. If narcotics are prescribed, consult the Prescription Monitoring Program (I-STOP) registry and document that in the medical record.
7. When a surgical procedure is to be performed:
  - a signed informed consent form must be obtained and placed in the medical record; and
  - the medical record must contain documentation that the informed consent conversation with the patient has occurred and that the patient consented to the procedure.
Download this as a PDF
Tip #20: Reducing the Risk of the “Copy and Paste” Function in Electronic Health Records
The Risk: The “copy and paste” function of electronic health record systems (EHRs) allows users to easily duplicate information such as text, images, and other data within or between documents. While this function offers convenience and efficiency to healthcare providers, it also poses unique liability risks when the information copied and pasted is either inaccurate or outdated. Further, redundancy within the new entry may cause difficulty in identifying current information and may create overly lengthy progress notes.
Recommendations:
1. Develop a comprehensive policy and procedure for the appropriate use of the copy and paste function. The policy should include a process to monitor and audit both the staffs’ and providers’ use of this function.
2. Educate all EHR users about:
  - the importance of verifying that the copied and pasted information is correct and accurately describes the patient’s current condition;
  - the risks to patient safety in the inappropriate use of this function; and
  - the importance of adhering to all regulatory, legal, and compliance guidelines.
3. Determine what portions of the record may be copied and pasted. At a minimum, the healthcare provider’s signature(s) should not be copied and pasted.
4. Confirm that the source of information which has been copied and pasted can be readily identified and is available for review in the future.
5. Confirm that the history of the present illness is based upon the patient’s description during that visit.
6. Use the medical, social, or family history from a previous note only after it has been reviewed with the patient to confirm it is current.
7. Verify that the diagnoses in your assessment are only those addressed at that visit. Although some EHRs allow the copying of all diagnoses in the problem list, some may either have already been resolved or they are not the reason for this particular encounter.
8. Contact your EHR vendor as necessary to help you and your staff comply with established policies. This may include the vendor making modifications which disable the copy and paste function in designated fields, and assisting in performing audits of the use of the copy and paste function by staff and providers.
Download this as a PDF
Tip #21: The Use of Computers in Examination Rooms
The Risk: The presence of laptops/tablets in examination rooms has become commonplace as more providers implement electronic health records. This method of documentation may place a barrier between the provider and the patient. Providers may miss non-verbal cues, and patients may perceive an electronic device as a hindrance to communication. In several recent medical malpractice cases, plaintiffs testified that the provider spent too much time entering information into the computer and not enough time listening. Utilizing effective communication skills to engage the patient while using a computer will enhance the integration of this technology into healthcare and improve the patient experience.
Recommendations:
1. Analyze the examination room for placement of the computer. Position the computer in a way that enhances provider/patient communication. Consider using a cart on wheels to position the computer so that the provider faces the patient.
2. Establish eye contact with the patient and listen to his/her concerns before using the computer. Look at the patient while you speak.
3. Reassure the patient that you are listening to him/her.
4. Utilize the POISED¹ model:
  - P = Prepare for the visit
  - O = Orient the patient to what you are doing
  - I = Information gathering – allowing time for conversation
  - S = Share what you are looking at on the screen with the patient
  - E = Educate the patient, reinforce the plan of action
  - D = Debrief and assess the degree to which the patient understands the recommendations and plan. Utilize the “teach-back method.”
5. Print a copy of the visit for the patient and retain a copy in the patient’s record (e.g., after-visit summary).
6. When computers remain in examination rooms, providers must log off at the completion of the encounter to protect patient privacy.
RESOURCES
¹Frankel Ph.D., JAMA Internal Medicine commentary, November 30, 2015.

Download this as a PDF
Tip #22: The Proper Use of Patient Portals
The Risk: Patient portals are an effective tool to actively engage patients in their care to improve health outcomes. However, healthcare professionals must be aware of the potential risks presented by this technology. Some of these risks include: reliance on the patient portal as a sole method of patient communication; patient transmission of urgent/emergent messages via the portal; the posting of critical diagnostic results prior to provider discussions with patients; and possible security breaches resulting in HIPAA violations. Implementing appropriate policies and procedures in the use of portals will enhance patient communication and mitigate liability risks for the practice.
Recommendations:
1. Develop comprehensive patient portal policies which include:
  - patient username and password requirements (minimum number of characters including capitals and non-alphabet characters);
  - a privacy/confidentiality statement on all outgoing messages;
  - encryption updates;
  - account lockout after a specified number of failed login attempts;
  - a mechanism to ensure termination of user access when indicated (e.g., the patient leaves the practice, death, inappropriate use of the portal, etc.);
  - timeframes for responding to patient communication;
  - designated responsibility for replying to patients when the primary provider is not available;
  - utilizing a two patient identifier system for importation of diagnostic studies into the patient portal;
  - monitoring patient access to posted diagnostic results;
  - a follow-up system for patients that do not access the portal; and
  - a mechanism to notify patients if the portal is not functioning properly. A notification should be placed on the practice’s website, and also included on any prerecorded telephone message.
2. Advise patients of the reporting mechanism for:
  - email address changes;
  - questions regarding portal use;
  - potential errors in their information; and
  - suspected breaches of privacy.
3. Providers should not use the portal as the means to communicate critical/significant diagnostic results. Diagnostic results should not be posted to the portal until this communication occurs.
4. Instruct patients that the portal is not to be used to evaluate and treat new problems.
5. Utilize a disclaimer on the portal that clearly states it is not to be used for emergencies/urgent problems and include instructions for patients to call 911 or go to the nearest emergency department.
6. Consider the use of a patient portal user agreement that:
  - defines the information patients may access (e.g., appointments, medication refills and referral requests, form downloads, routine appointment reminders, and laboratory reports);
  - prohibits requests for narcotic medication refills;
  - states that the patient portal is the only permissible method of electronic communication with the practice; and
  - includes the disclaimer statement regarding urgent/emergent/new problems.
7. Have staff educate patients regarding the use of the portal and the contents of the portal user agreement upon patient sign-up and as necessary.
Download this as a PDF
Tip #23: Managing Patient Noncompliance
The Risk: Patient noncompliance is one of the most difficult challenges for healthcare providers. Noncompliance may include missed appointments and the failure to follow a plan of care, take medications as prescribed, or obtain recommended tests or consultations. The reasons given by patients for noncompliance vary from the denial that there is a health problem to the cost of treatment, the fear of the procedure or diagnosis, or not understanding the need for care. Physicians and other healthcare providers need to identify the reasons for noncompliance and document their efforts to resolve the underlying issues. Documentation of noncompliance helps to protect providers in the event of an untoward outcome and allegations of negligence in treating the patient.
Recommendations:
1. Establish an office policy to notify providers promptly of all missed and canceled appointments. We recommend that this be done on a daily basis.
2. Formalize a process for follow up with patients who have missed or cancelled appointments, tests, or procedures. This process should include recognition of the nature and severity of the patient’s clinical condition to determine how vigorous follow up should be.
  - Consider having the physician make a telephone call to the patient as a first step when the patient’s condition is serious.
  - If the patient’s clinical condition is stable or uncomplicated, staff should call the patient to ascertain the reason for the missed or canceled appointment.
  - All attempts to contact the patient must be documented in the medical record.
  - If no response or compliance results, send a letter by certificate of mailing outlining the ramifications of continued noncompliance.
3. During patient visits, emphasize the importance of following the plan of care, taking medications as prescribed, and obtaining tests or consultations.
4. Seek the patient’s input when establishing a plan of care and medication regimen. Socioeconomic factors may contribute to the patient’s noncompliance.
5. To reinforce patient education, provide simple written instructions regarding the plan of care. Use the teach-back method to confirm that patients understand the information and instructions provided.
6. With the patient’s permission, include family members when discussing the plan of care and subsequent patient education in order to reinforce the importance of compliance.
7. When there is continued noncompliance, patient discharge from the practice may be necessary. The attorneys at Fager Amsler Keller & Schoppmann, LLC are available to discuss patient noncompliance and the discharge of a patient.
Download this as a PDF
Tip #24: Security of Patient Information and Health Information Technology
The Risk: With virtually all medical offices and healthcare facilities connected to the internet and using computer systems for the practice of medicine, maintaining the security of computers and other electronic devices, as well as the privacy of patients’ protected health information (PHI), has become critical.

The following are tips for staff and providers on securing this technology and information.
Recommendations:
1. Require that staff and providers have strong and unique passwords:
  - Passwords should have a minimum number of 12 characters and include upper and lower-case letters, numbers and symbols.
  - Passwords should be changed at set intervals.¹
2. Do not share passwords:
  - Do not allow others to document in an electronic health record (EHR) under your password, while you are logged on.
3. Grant staff access to an EH only on a “need to know” basis:
  - Individuals should be granted access only to the information necessary to perform his/her job.
  - If an employee transfers to a different job function, have a process in place to reduce or increase their access based on the new job functions.
4. Educate staff regarding not:
  - plugging in their personal devices to USB ports on the system’s computers;
  - installing software on their work computers without prior approval;
  - clicking on suspicious links in emails; and
  - allowing USB devices to leave the facility unencrypted.
5. Position computers and printers away from patient and visitor traffic:
  - Consider the use of screen filters to prevent visualization of PHI by others.
6. Encrypt all computer hard drives. At a minimum, all laptops and tablets should be encrypted, especially if they are to leave the facility.
7. Provide frequent and ongoing cybersecurity education and training.
8. Policies and procedures should clearly define the disciplinary actions to be taken for the inappropriate use of the computer system.
9. Develop a cybersecurity incident response process to address a security breach or cyberattack, and test it at least annually to confirm that there is:
  - defined procedure for reporting any suspected information security incident;
  - an obligation for employees to report any suspected incident immediately upon discovery; and
  - an individual(s) with clearly assigned responsibilities for managing incidents.
10. Promptly disable an individual’s access to the computer system upon their leaving employment:
  - For involuntary dismissal, disable access prior to the notification of termination.
  - If access to the employee’s emails, voicemail, etc. is necessary, assign another qualified individual to address any information that requires review or action.
11. Maintain inventory control of all computerized devices including laptops, thumb drives, handheld devices, etc.
12. Install appropriate anti-virus software and update devices frequently to protect the computer system from security vulnerabilities.
13. Perform system back-ups of files and data routinely:
  - Test back-up restoration semi-annually, at a minimum.
14. Perform audits to assure compliance with health information technology policies and any applicable regulations.
¹Current guidelines suggest that if the password length is set to 16 characters, it should be changed annually at a minimum.

Download this as a PDF
Tip #25: Managing Negative Online Reviews
The Risk: Healthcare providers recognize that along with their practice websites, public websites such as Yelp, Healthgrades, and Rate MDs, and social media sites like Facebook and Twitter, can be used as marketing tools to inform the public of their services. The online community, however, is then afforded an opportunity to respond, rate, and, at times, complain about those services. These statements and reviews are readily accessible to anyone with an internet-ready device to open and read.

While there is a basic instinct to immediately respond to negative online reviews, healthcare providers must remember that privacy rules make a complete response via social media inappropriate, and responding directly to an online post puts the healthcare provider at risk of disclosing protected health information (PHI). Your response may not contain any identifying statements, but the mere recognition of a patient-provider relationship is a potential HIPAA violation.

The following tips will help you successfully and appropriately respond to negative online reviews:
Recommendations:
1. Critically review all social media posts for accuracy and authenticity. While some negative statements regarding the performance of you or your staff may be difficult to read, evaluate these reviews to determine if there is any opportunity for learning or process change.
2. Do not become engaged in online arguments or retaliation—especially if the comments made are particularly negative and potentially detrimental to the reputation of the facility or physician.
3. According to federal and state confidentiality and privacy laws, providers are precluded from identifying patients on social media. In order to protect patient privacy, all patient concerns and complaints should be resolved by the practice by contacting the patient directly and not through social media.
4. If you do choose to respond via social media, use a standard response that also serves as a marketing opportunity for your practice. Some examples include:
  - “[Insert name] Medical Group is proud to have been providing comprehensive and compassionate care in the community since [insert year] and takes our treatment of its patients and their privacy seriously. Because federal privacy laws govern patients’ protected health information, it is not the policy of [insert name] Medical Group to substantively respond to negative reviews on “ratings” websites, even if they provide misleading, unfair or inaccurate information. We welcome all our patients and their families to address any concerns/requests or information about their care with us directly, as we strive to continue to provide individualized care in our community.”
  - “At our medical practice, we strive for patient satisfaction. However, we cannot discuss specific situations due to patient privacy regulations. We encourage those with questions or concerns to contact us directly at [insert phone number].”
5. If you feel the patient’s complaint has disrupted the physician-patient relationship, consider discharging the patient from your practice. This action may be viewed as retaliatory by the patient and may set off a new series of negative posts. Attorneys at Fager Amsler Keller & Schoppmann, LLP are available to assist you to make this decision.
6. Notify your local authorities if you feel at any time that your safety, the safety of your staff or your family is threatened or at risk.
Download this as a PDF
Tip #26: The Proper Use of Scribes
The Risk: As the use of electronic health records (EHRs) has become widespread, documentation practices and workflow patterns have changed significantly and have added to a growing clinical and administrative workload. The use of this technology has increased the amount of time necessary to complete medical record documentation and order entry.

One way that physicians have chosen to address these issues is through the use of scribes. Scribes originated in the fast-paced clinical setting of the emergency department (ED) as a way to reduce the time physicians needed to spend documenting care in an electronic format. The use of scribes has expanded from these roots in the ED to numerous other clinical settings. Scribes perform EHR data entry under the direct supervision of a licensed professional, freeing the physician or other provider to spend more time directly interacting with the patient.

As unlicensed members of the healthcare team, the recruitment, training and supervision of scribes is paramount in managing their use in all clinical settings. Whether you are currently using scribes in your practice, or are considering employing them, the following recommendations may be useful in evaluating your program or determining strategies for implementation.
Recommendations:
1. Use documentation policies for your organization that comply with regulatory requirements. In addition, practices should monitor federal, state and regulatory changes to maintain compliance with these guidelines.
2. Develop a written job description for scribes that outlines required qualifications and competencies, including proficiency with your EHR system and medical terminology. Clearly delineate job responsibilities.
3. Provide orientation that includes, but is not limited to, HIPAA, privacy regulations, organizational policies, and patient rights.
4. Scribes should not perform any clinical functions or provide any direct patient care (unless they are otherwise a licensed healthcare provider such as an LPN or RN.) This includes:
  - acting independently;
  - touching patients;
  - handling bodily fluids or specimens;
  - translating for a patient;
  - interpreting any information; and
  - conducting other duties while acting as a scribe.
5. Scribes should be assigned their own unique user ID/password credentials to access the EHR system. All entries to the record made by a scribe must be while logged in with their own password and user ID. In the event a licensed clinical staff member functions as a scribe, they must have two separate user IDs and passwords and use them accordingly.
6. Introduce the scribe to the patient, and give the patient the opportunity to decline having the scribe present during the examination.
7. The primary responsibility of the scribe should be to document the clinical encounter, including the history of present illness, a review of systems, the physical exam, and the assessment and plan, as presented by the provider. Scribes may also create pending orders as dictated by the provider. Providers must review and complete all medical orders.
8. All information entered into a medical record by a scribe must include:
  - the name of the patient and the provider providing care;
  - the date and time; and
  - authentication.
9. Providers must review the scribe’s documentation and verify the entry. An attestation statement should include:
  - affirmation of the provider’s presence during the time the encounter was entered;
  - confirmation that the provider reviewed the information and verified its accuracy; and
  - authentication, including date, time, name and credentials.
10. Perform regular audits/assessments of the scribe’s documentation and provide constructive feedback for performance improvement, as indicated.
REFERENCES
Download this as a PDF