Kusserow on Compliance: Five major ambulatory risk areas

The Emergency Care Research Institute (ECRI) Institute analyzed 4,355 adverse events reported and found diagnostic testing errors pose the biggest risk to patients in ambulatory care settings with nearly half occurring in physician practices. Nearly half involved diagnostic testing errors with one fourth relating to medication safety and the remaining involving falls, security, and safety and privacy-related risks. The following risk areas were cited: 

Diagnostic testing errors. This is the leading cause of liability claims against primary care doctors and accounts for the highest proportion of payouts. Most of these errors involved laboratory tests. Other tests where problems occurred included imaging tests, pathology, and cardiology.

Medication safety events. Two-thirds of safety events were classified as wrong drug, wrong patient, or wrong time, the analysis found. Medication errors are a leading cause of malpractice claims in ambulatory care and can occur during any stage of the medication process. They are often the result of a series of failures within a system, the report said.

Falls. About half of the 800,000 hospitalizations from fall-related injuries occur in ambulatory settings in the exam room or waiting room.

HIPAA violations. Misunderstandings concerning HIPAA privacy and security rules prompted more than 350 HIPAA-related events to be reported to the ECRI Institute. The majority of these pertained to inadvertent disclosure of patients’ protected health information.

Security and safety incidents. Most such events involved verbal threats or disruptive behavior by patients or visitors.

Tips to Reduce Risks


  1. Provide decision support tools to assist in ordering the proper tests and monitoring processes for test tracking and follow-up.
  2. Standardized medication management procedures and create a policy directing how to report and manage safety events.
  3. Screen patients for fall risk at every visit, when a change in condition occurs and after a fall.
  4. Train staff on HIPAA Privacy/Security rules, particularly as they relate to disclosure of PHI.
  5. Train staff on what to do in the event of a violent incident and conduct monthly security and safety surveillance rounds.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.