OIG 'state of the union': Hospitals still underreporting adverse events

Report also finds inaccurate or absent diagnosis codes

Hospital reporting on adverse events is still lacking, according to a report from the Department of Health and Human Services Office of Inspector General (OIG), released in March.

"I don't think any of us were terribly surprised by the OIG report. I think it was carefully done, but I think it's a cautionary note because it indicates that there are more things happening to patients than get reported," says Bill Munier, MD, MBA, director of the Center for Quality Improvement and Patient Safety at the Agency for Healthcare Research and Quality (AHRQ).

In 2008, the OIG began a case study to "determine the incidence of adverse events" and has now released its report — "Adverse Events in Hospitals: Methods for Identifying Events." As part of its study, the agency reviewed a random sample of 278 Medicare beneficiary hospitalizations. The objective: to evaluate the use of various methods for identifying harm to Medicare beneficiaries. The OIG used five screening methods to identify events — nurse reviews of records, interviews with beneficiaries, two types of billing data analysis, and reviews of hospitals' internal incident reports. It uncovered shortcomings in screening methods for Medicare payments and federal initiatives to identify, track, and monitor events. Analysis of billing data showed inaccurate or absent billing codes and insufficient internal incident reports. With the former, the report says, hospitals could be receiving overpayments. For the latter, there were no incident reports for 112 of 120 events identified "including some of the most serious events involving death or permanent disability to the patients."

Among its recommendations, the OIG has suggested that:

  • CMS and AHRQ "explore opportunities to identify events when conducting medical record reviews for other purposes"
  • CMS "ensure that hospitals code claims accurately and completely to allow for identification of hospital-acquired conditions [HACs] affected by Medicare's payment policy"
  • CMS "provide interpretive guidelines for state survey agencies to assess hospital compliance with requirements to track and monitor adverse events"
  • AHRQ "inform PSOs [patient safety organizations] that internal hospital incident reporting may be insufficient to provide needed information about events to PSOs."

"I think a lot of people think that the incident reporting systems are picking up what they should be picking up," Munier says, adding that AHRQ thinks the report was sound. CMS also has stated it agrees with the recommendations made in the report.

"What I would say is that the report is sort of a clarion call that adverse event reporting systems, as they have been done historically, aren't getting the job done," Munier says.

The report also shows "that there is no one system that really has the answer for this. And doing a chart review the way they did, which I think was the most accurate method [the study found for identifying events], is very labor-intensive."

Henry Fader, attorney with Pepper Hamilton LLP, says he had heard from multiple sources before the publication of the report "that people were putting multiple conditions down even if it was something minor so they wouldn't be flagged for having a hospital-acquired condition. And I know the state reporting agencies have also noticed a lot of underreporting on infections." Fader recalls a recent article that suggested that light reporting on HACs is linked to overreporting of present-on-admission (POA) indicators.

Hospitals are going to have to have policies on how to deal with HACs, he says. "I think what this is showing is very quickly after there's an incident or a suspected incident, you have to make a decision about, 'What are we going to here? Are we going to bill it? Are we not going bill it? Are we going to talk to the family or not talk to the family?'"

Jill Rosenthal, MPH, program director at the National Academy for State Health Policy, says there are many important takeaways for quality managers. One message, she says, is that it's difficult to identify these events. "[OIG] used various types of strategies to identify the events and found quite a bit of variation in what turned up."

She suggests that hospitals go back and review how POAs should be coded and "make a concerted effort to improve the coding of POAs."

"I was surprised at the number of events that turned up through hospital review. It's pretty low. And given that in many states it's required that those events be reported, and given that it's required that they be coded by POAs, I think that looking at improving hospital incident identification is a big message here," she says.

She suggests using the Institute for Healthcare Improvement's tools on incident reporting and says that many states that require reporting of this sort do training sessions and "provide information to facilities on how to identify and report root causes of events."

"I also think with the emphasis on health information technology and medical records, I hope there will be improvements in how those kinds of events get identified," she says. She thinks the move to electronic systems and more information on how to improve POA coding will help ease the burden of tracking events. "I think it also gets back to [the fact] that you need various mechanisms to identify the events because none of them work perfectly on their own."

She thinks variation in state reporting requirements also will become more standardized with time. "More states are adopting the NQF [National Quality Forum] list of serious events. The CMS hospital-acquired condition payment policy incorporates a lot of the NQF events. And I think with the patient safety organizations, the efforts to develop common formats, I think it's all coming together slowly but surely," she says.

"I think given that there's a nonpayment policy for Medicare and there are a number of states that have that same policy through Medicaid, and given that our new health reform legislation requires Medicaid to do that in the future, it's going to become increasingly important that facilities are able to code accurately and that they're able to identify those events."

Just how CMS and AHRQ will follow up with the recommendations remains to be seen, "but given that there's increased attention on it at the national level, I think that we'll see more happening to improve identification of events in the future," she says.

Munier points out that information gathered and reported to patient safety organizations is protected and cannot be used against hospital staff, as fear of reprisal remains one of the biggest barriers to voluntary reporting. AHRQ is refining its common formats to help hospitals report in a "more scientific and structured ways" when working in concert with a PSO.

"If everyone [reports] differently, you never get smarter about it. So we're also issuing the specifications for turning these common formats into electronic form... By specifying not only the definitions on paper, but also electronically, we are getting to a level of specificity that's necessary in order to really know that we're collecting valid information in the same way in different hospitals." (To get more information on AHRQ's common formats and PSO engagement, visit www.pso.ahrq.gov.)

In May, AHRQ had its second annual meeting of PSOs and also met with software developers to evaluate "the technical specifications, which we hope will be very helpful in expediting the development of software to automate the AHRQ common formats."

Munier acknowledges the disparities among different regulating bodies and reporting requirements. "A lot of well-meaning organizations, ours included, of course, have developed lists of events or definitions to meet the needs of their own constituencies. And this has happened over time, and there's no one overall agent that has the authority or the sway to say, 'This is what you're going to be collecting,'" he says.

Moving forward, AHRQ will meet with CMS, NQF, the Centers for Disease Control and Prevention, and state regulators on collecting information on hospital adverse events. "Now, that won't solve [the problem of disparate requirements], but I think getting together and beginning to discuss how we can begin to come together in terms of what we're reporting is the first step," he says.

He says "as PSOs begin to get operational and work with hospitals, we're going to see whether they've made a difference or not, whether working with a PSO encourages more reporting, and whether, over time, patient care is delivered more safely."

Fader says the report is a "wake-up call." With analysis showing that HACs "were being underreported either from a present-on-admission situation or the incident reports were being underreported" and with the recommendation that "state surveyors be trained to look for underreporting and that they look for the lack of incident reports in certain areas and then that they were going to continue to study why this underreporting was going on," hospitals should heed the call.

He says hospitals can no longer work in silos. "You no longer can isolate the billing department, the risk managers, the medical staff, and everybody goes about their own function without having cross-fertilization of ideas and dealing with problems as they've arisen," he says.

Munier also highlights the need for cross-discipline communication. "If you want to talk about high-level concepts that are important to this whole endeavor, the other big one is teamwork, which has to do with patient safety and quality. Too often I think the professionals in hospitals have worked in independent silos — the nursing silo, the doctor silo, the pharmacy silo, the medical records silo, and we're finding increasingly that teamwork can make it a safer and better place for hospitals."

AHRQ has tools to help hospitals both gauge the culture of safety from the employee's perspective (http://www.ahrq.gov/qual/patientsafetyculture/hospsurvindex.htm) and to encourage teamwork as part of its work with the Department of Defense called TeamSTEPPS (http://teamstepps.ahrq.gov/).

Beyond building the culture of safety that supports more transparency and reporting of events, some states have been successful in building that culture on a statewide-basis, he says. "In the state of Pennsylvania, where they're getting a very high number of near-misses reported, where they do have protection of information, and where it's being used only for educational purposes and not to sue people, they're getting an awful lot of near-misses and they are helping that state learn how to make care safer."

Munier says establishing the culture can make the difference.

"I think it's a project that's going to take a number of years. It's certainly not something you're going to snap your fingers and have improvement right away. We're doing everything we can. We have our culture surveys, surveys of patient experience, all which are aimed at finding out whether what's going on at the hospital level is conducive to the kind of culture that would encourage reporting and improvement. So I think we're doing everything we can to push things in the right direction," he says.

"The [OIG] report does two things. It lays out a quantitative assessment of the job that needs doing, and it also provides objective evidence that everybody can look at why they need to do a better job, and I think that's a good thing," he says.

(To view the OIG report, go to: http://oig.hhs.gov/oei/reports/oei-06-08-00221.pdf.)