Risk Management The 5 Big Risks Marianna Kelly

Risk Management: The 5 Big Risks Marianna Kelly Avant Australian Association of Practice Management

Top five big risks Marianna Kelly Risk Adviser – Avant Australian Association of Practice Management

Agenda Employment issues Boundary issues Consent: GP/non-GP Cyber and social Follow-up Australian Association of Practice Management

Managing practitioner expectations o Contracts o Induction process o Policies and procedures o Code of conduct o Professional ethics Australian Association of Practice Management

Disruptive staff behaviour o Undermining the practice manager o Poor communication skills o Gossip o Mobile phones o Failure to complete tasks o Lack of compliance Australian Association of Practice Management

Allegation of bullying and harassment o What would you do if these issues were raised with you? o What are your obligations ethically and legally? Australian Association of Practice Management

Social media and the employee o Is it a problem? o Is it a positive for your business for employees to engage? Australian Association of Practice Management

Agenda Employment issues Boundary issues Consent: GP/non-GP Cyber and social Follow-up Australian Association of Practice Management

Consent in 2019 o Required for specialties and GPs. o Consent is a two way process. o Increased health literacy and access to information. o Increasing focus on transparency and trust. o Patient-centred care. o Changing patient expectations. o Increased patient complaints. Australian Association of Practice Management

Consent over time Paternalism – doctor knows best, patient does what the doctor says without much question. Informed consent – doctor provides patient with information so patient can decide for themselves Shared decision-making – clinicians and patients working together to explore and agree on the preferable approach for this patient in these circumstances * * See eg Kunneman M, Montori BMJ Qual Saf 2016; 0: 1 -3 Australian Association of Practice Management

A signed financial consent form, pre-operatively is a legal requirement? Best practice , but not a legal requirement. Yes, it is. Yes, but it doesn’t have to be in writing. No, no legal compulsion for IFC. Australian Association of Practice Management

Financial consent – ideal o Patient expectations and rights. o Informed both written and verbal include: o disclosure of out of pocket expenses o alternatives o possible ongoing, further costs. o Written and signed document is gold standard (estimate of fees or a range is acceptable). o Contributes to building patient relationship. Australian Association of Practice Management

Financial consent – the issues o How do you do it? o What is in and what is out? o How do you manage the fund variability? o How do you cover contingencies and adverse outcomes? Australian Association of Practice Management

Agenda Employment issues Boundary issues Consent: GP/non-GP Cyber and social Follow-up Australian Association of Practice Management

Why cyber security? Only a third of Australian healthcare organisations embed cyber security and awareness training into their policies and procedures. Cost in excess of 1 Billion dollars $1, 000, 000 58% Breached when patch available https: //www. digitalhealth. gov. au/ Australian Association of Practice Management https: //www. oaic. gov. au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics/ndb-scheme-12‑month-insights-report. pdf

Current challenges in cyber Ransomware Credential-harvesting malware Social engineering intended to prevent or restrict users from accessing their systems until a ransom is paid. designed to obtain an unsuspecting user's personal information when they log into websites or applications. techniques to manipulate human trust and elicit information. https: //www. allens. com. au/pubs/priv/pulse-1801/article-06. htm Australian Association of Practice Management

Preventing an attack BEST Australian Association of Practice Management

More on back-ups Three copies ideal Working files Cloud Hard drive Australian Association of Practice Management

Passwords Don’t use personal info in your passwords Change the default password on your devices Turn on two-factor authentication Use a passphrase (four random words) https: //www. staysmartonline. gov. au/news/four-ways-create-better-passwords-%E 2%80%93 -basic-best Australian Association of Practice Management

Policy and process – cyber Cyber security policy o Set out best practice for cyber safety such as password management, use of devices off site. o Outlines education required for staff. o Requirements for back-up systems, how often they are backed up and tested. o Regulations about white listing apps. o Guidelines for administration privileges and staff access to which data. Cyber response plan o Immediate actions if attack suspected. o Contact details for IT providers. o Roles of responsibilities for staff if attack confirmed. o Process for notification of patients. o Instructions on how and when to access back up data. o Contact details for media support, insurance etc. Australian Association of Practice Management 2

Policy and process – data breach Privacy policy o Outlines staff behaviour and training. o Patient electronic communication guidelines. o Storage of patient data. Patient privacy policy Data breach response plan o Advice on containment and assessment of data breach. o Process on how to assess for harm. o Who to notify – contact information. o Outline of the information required for the notification statement. o Outlines collection, use and disclosure, and security of patient information. o Overview on how patients can access their medical records o How patient’s can make complaints. Australian Association of Practice Management

Social Media o Is it useful for your business? o Compliance to regulations and guidelines. Australian Association of Practice Management

Agenda Employment issues Boundary issues Consent: GP/non-GP Cyber and social Follow-up Australian Association of Practice Management

Boundary issues o Treating a staff person or friend. o Treating family. o Good Medical Practice code of conduct. Australian Association of Practice Management

Agenda Employment issues Boundary issues Consent: GP/non-GP Cyber and social Follow-up Australian Association of Practice Management

Duty to follow-up Duty to the patient extends to the examination, diagnosis and treatment, the provision of information, and follow-up. Australian Association of Practice Management

Patient follow-up Patients may decline • Is their decision based on proper advice? • Ensure that this is documented. Good practice systems are important • Ensure that any test results/specialist letters are reviewed and acted upon. Good services are important • Ensure that any pathology/radiology services you use are providing you and your patients a good service. Australian Association of Practice Management

10 tips to decrease risk 1 2 3 4 5 • Aim for only one follow-up recall ‘system’ per practice. • Keep systems simple – do you need five ways to say ‘doctor will advise patient of result’? • Label recalls well. • If you are new to the practice, don’t add more recall reasons without discussing with the team. • Communicate your system with all staff. Australian Association of Practice Management

10 tips to decrease risk 6 7 8 9 10 • Ensure all staff have opportunity to attend training. • Document patient contact e. g. registered letter sent. • Mark results as given/notified. • Mark actions and recalls as performed or delete if not relevant. • Routinely check lists of results that require follow-ups, but have not been marked as given/notified. Australian Association of Practice Management

Questions? Australian Association of Practice Management