Risk Management in Medicine: A Primer

John J. Vargo, M.D.


An unwavering construct since the time of Hippocrates is that Medicine is an art that is practiced by human beings. Despite the ever-widening array of diagnostic and therapeutic modalities available to help patients, perfection remains a tantalizingly close, yet unattainable goal.   Each procedure carries with it a probability of therapeutic benefit, but also risk. Risk management is the process in which reasonable steps are taken to reduce (not prevent) the probability of liability.  This chapter outlines some of the basic concepts that are crucial in developing a successful risk management program in a clinical practice.

Risk management for physicians and other health care personnel has the following objectives:

An important focus of risk management is to provide a safe environment for the patient while at the same time, fostering the patient-physician relationship.  The establishment of a risk management committee allows this process to formalize on any level from a group practice to a large medical institution.  Committee representation from the medical staff, and administration should be sought. The institution’s legal counsel should be either a member of the committee, or readily available for advice. The chairman should be experienced in medical audits and the risk management process.  Information on potential liability hazards should be presented to this committee for review. Usually, the source of this referral process is other institutional committees (i.e., medical records, pharmacy, credentialing, etc.).  A risk manager is responsible for the development and coordination of various prevention programs. Risk management plays an important role in the development of continuous quality improvement initiatives (see Chapter 18).


The development of a risk management program should include the following components:

§         Early, sympathetic intervention after accidental injury to a patient

§         Preparation of incident reports

§         A prompt investigation and identification of specific patient injury incidents, and when possible, intervention

§         Generation and maintenance of a risk database, which will allow for the identification of the frequency / severity of incident exposure

§         Risk reduction strategy development, including staff training and credentialing as well as the implementation of corrective actions

§         An effective public relations program which stresses personnel to accurately identify and report incidents

The Physician Insurers Association of America (PIAA) is a group of 30 physician owned or managed professional liability insurance companies in the United States.  Its members are generally private practitioners and not from academic or military medical institutions. The PIAA members pool data from claims to obtain information for risk management. For the specialty of gastroenterology, 1286 claims were made from the period 1985-99.  Gastroenterology ranks 23rd in the 28 specialties included in the database for the number of claims reported.  The major reasons for medical misadventure were errors in diagnosis (31.2%) and improper performance (25.8%) (See table 1). When evaluated form a different standpoint, 61.2% of the claims was due to cognitive misadventure and only 38.8% were considered cognitive misadventures. Only 3.7% of the claims involved allegations of emotional trauma. The five-year indemnity for gastroenterologists has more than doubled for the period from 1995 to 1999, with the average payment being $296,596.
















Medical Misadventure
Total Claims

Errors in Diagnosis


Improper Performance


No inappropriate conduct by physician identified


Failure to supervise or monitor case


Medication errors


Failure to recognize a complication of treatment


Performed when not indicated or contraindicated


Improper supervision of residents or other staff


Failure or delay in referral or consultation


Not performed or reported




From: A risk management review of malpractice claims: Gastroenterology Research Department, Physician Insurers association of America, Rockville, MD 20850, Published, 2000.

Standard of Care and Clinical Guidelines

Standard of care describes the duty that the physician must fulfill in the care of their patients.  A breach of duty occurs when a physician fails to practice within this duty construct. Many professional societies have adopted guidelines, which can help the physician practice in several well-defined situations. [See www.gastro.org, www.acg.gi.org, www.guidelines.gov]  The purpose of guidelines is to provide clear, consensus-derived statements utilizing evidence-based medicine in order to describe the approach to an array of clinical situations. There are several potential drawbacks to guidelines. First, not all clinical situations fit into the rubric of a particular guideline.   Second, clinical scenarios may not have sufficient evidence in the literature to support an evidence-based conclusion and  “expert opinion” may be used as a substitute.  This can potentially lead to different conclusions on the management of a particular clinical situation. Third, within the realm of managed care, guidelines may use parameters designed to limit cost and place constraints on the physician’s clinical judgment. From a risk management standpoint, physicians should be familiar with the contents of practice guidelines as they can provide a reasonable approach to patient management.  A plaintiff’s attorney can also use guidelines as evidence that the standard of care was not followed in a particular case.  Any reason for deviating from an established guideline should be carefully documented.  It should also be stressed that more than one standard of care may be acceptable. Utilizing the most popular or “major” standard is usually more defensible than the less popular or “minority” standard.  Again, careful documentation of the reasons why the minority standard approach should be utilized should appear in the medical record. Many professional organizations such as the American Society for Gastrointestinal Endoscopy maintain a website with a full array of guidelines that are continuously updated. Additionally, any updates are mailed to society members on a biannual basis.


Thorough documentation is one the cornerstones of a successful risk management program. The quality, completeness and legibility of documentation are important. A common error medical personnel make is to ask or do something, but not record it.  The adage “if it isn’t documented, it wasn’t done” is an important concept to keep in mind. In fact, the public’s perception of a particular medical practice may be based on the quality of its records. Guidelines put forth by the Joint Commission on Accreditation of Healthcare Organizations include the following as important elements of the medical record:

§         Demographic data

§         History of present illness

§         Orders

§         Informed consent

§         Test reports

§         Clinical observation

§         Conclusion with recommendations at time of discharge

Documentation of procedures should be completed as soon as possible in order to minimize any loss of data. In the case of a dictated report, a temporary report should be placed in the medical record. This should include at the minimum, the type of procedure, its indications, the fact that informed consent was obtained, findings, impression and recommendations. Pre-procedural documentation should include the type of procedure and its indication, a list of medications and drug allergies.  For procedures requiring sedation, the cardiovascular segment of the physical examination should be repeated. Particular attention should be paid to the oropharyngeal anatomy.  Occasionally, patients with problematic anatomy may require the assistance of an anesthesiologist for sedation due to the fact that the proceduralist may not be able to support the patient’s airway should a state of oversedation exist. The components of the formal procedural note should include the following:


Complications should be objectively documented. A clear description of the complication, how it occurred, how it was managed by the physician, and communication with the patient and family members should be clearly entered in the medical record.  In the post-procedure setting, continuous monitoring of the patient’s physiologic parameters and recovery of psychomotoric function should be documented. Once the discharge threshold has been reached, five crucial elements should be reviewed with the patient:

An evolution to an “electronic record” continues. This creates unique problems of data storage, and confidentiality. Security measures such as login procedures, which allow stratified access to the electronic record on an as-needed basis, commensurate with the function of the personnel accessing the record should be in place.    Computer stored records should have appropriate back-up avenues. E-mail correspondence can be a valuable asset to some practitioners. It should be pointed out however, that the confidentiality of electronic correspondence may not be secure. In this situation, encryption programs may be considered. Patients should also be made aware that email may not be appropriate for emergency situations and that the email may be unread when the physician or other caregiver is not present. Guidelines for the use of email in the practice should be established and discussed with patients. In some instances, an electronic “disclaimer reply” can be used. 


Correction of a medical record involves a process of crossing out an entry with a single stroke of a pen, and placing a new entry next to the incorrect one followed by the date and initials of the party making the correction. No attempts should be made to remove or erase an entry. Any attempts to do so would severely cripple then entrant’s credibility in a litigation situation.  The physician owns the medical record, but the information contained within the record and the right to control access to the information is the patient’s.

Informed Consent


Informed consent is a dynamic process of communication which an excellent risk management technique.  It is a legal concept that fulfills the patient’s right to know the potential risks, benefits, and alternatives to a particular procedure or treatment.  It is implied that the patient has the capacity to fully understand the information provided or that an appropriate surrogate acting on behalf of the patient.   

Essential elements of the informed consent process include:



Informed refusal is the alternative outcome of the informed consent process, in which the patient with full mental capabilities and without coercion has declined a procedure after being given the information regarding the procedure and its ensuant benefits and risks. Informed refusal requires careful documentation including the potential negative impact of not having the procedure performed. For, example, in a patient with bile duct stones in whom endoscopic removal has been refused, the potential of a systemic bacterial infection (cholangitis) or inflammation of the pancreas may develop which could require surgical intervention.


Five exceptions to the informed consent process include:

Medical Malpractice

Medical malpractice is a component of tort law, which is defined as a “civil wrong.” Elements of tort law include the following:

Duty is the physician’s responsibility or obligation for the care of the patient and originates from the establishment of the physician-patient relationship. This can come about from a consultation or office visit, but can also occur simply with the patient scheduling an appointment and no contact with the physician. The scope of duty is based on the standards of care that has been previously described. The limits of the duty interval can be defined by standards of care. A patient may terminate physician-patient relationship at any time. The physician however, must give the patient adequate time to find alternative care and preferably, a written notice regarding the termination of care. Failure to do so could result in the physician being liable for abandonment.

A breach of duty is a deviation in the physician’s obligation to patient, which is usually based on standards of care. It is the responsibility of the practicing physician to keep updated in any changes in the standards of care. Additionally, any deviations from the standards of care should be carefully documented in the medical record with an informed consent.


Causation is the concept that links the breach of duty to any untoward event or damages. In a lawsuit, the plaintiff must prove to the trier of fact that the damages claimed were the result of a breach of duty.  Alternative analyses of causation include the substantial factor test, which states that the breach of duty was a substantial factor in the “eventuation of damages”, and the ibut fori test, which states that, but for the breach of duty, the damages would not have occurred.  Damages are the losses suffered by the litigant. General damages include pain and suffering. Special damages are medical expenses (past, present, and future); wage, profit and income loss, as well as funeral expenses. Punitive damages are awarded for gross negligence, which contains elements of reckless, wanton or willful disregard of plaintiff. This type of damage is not covered by medical malpractice insurance policies.

Other Topics

Vicarious liability means that persons in a supervisory role can be held accountable for their subordinate’s actions even if the supervisor did not commit or was unaware of the wrongful act. Therefore, when the negligence of a subordinate is imputed to the physician, he/she is said to vicariously liable.  The historical origin of vicarious liability is  respondeat superior: let the master answer for the civil wrongs (torts) of his servants. Several specific relationships could give rise to vicarious liability including those with an employer, administrator, preceptor, and proctor. A proctor is a physician who observes another physician. This usually involves the evaluation of skills for credentialing. Usually a proctor is not found liable for negligence unless he/she becomes personally involved in the patient’s case.  A preceptor is an instructor or teacher and may be found vicariously liable for the acts of a trainee. It is important that the preceptor set limits with the trainee’s involvement in patient care and in the case of procedural instruction, take over the responsibility of performing the medical procedure should the trainee’s performance and/or decision making be suboptimal. The employer can be held vicariously responsible for the actions of the employees. Risk management would include proper training and supervision to ensure the professionalism of the office staff.  Personnel functioning in an administrative capacity can also be held vicariously liable. For example, an administrator could be held liable for a complication if he/she knew or should have known that the physician performing the procedure was not appropriately credentialed. Taking this idea further, the hospital under the concept of  respondeat superior can be held accountable for the actions of its employees.


In summary, risk management represents a dynamic process in a health delivery system that can result in better patient care and decreased liability. Important components of the process include fostering a good relationship with the patient, obtaining informed consent, practicing within established guidelines, and careful attention to documentation.  A successful risk management program can also result in a productive Continuous Quality Improvement initiative.  Challenges to a successful risk management program are its horizontal and vertical integration into a health care delivery system, and the ability of any member of the system to it contribute without penalty.


1.  American Society for Gastrointestinal Endoscopy, Standards of Practice Committee. Proctoring and hospital endoscopy privileges. Gastrointest Endosc 1991;37:666-7.

2.  Berlin L. “Vicarious liability.” Am J Radiol 1997;169:621-4.

3.  Brennan TA, Leape L, Laird N, et al. Incidence of adverse events and negligence in hospitalized patients. N Engl J Med 1994;324:370-6.

4.  Gerstenberger PD, Plumeri . Malpractice claims in gastrointestinal endoscopy:  Analysis of an insurance database.  Gastrointest Endosc 1993;39:132-8.

5.  Henderson JA, Pearson RN, Siciliano JA. The Torts Process. Boston, Massachusetts, Brown, Little, and Company, 1994.

6.  Institute of Medicine Report. To err is human: Building a safer health system, 1999.

7.  Pozgar GD. Legal Aspects of Health Care Administration. Gaithersburg, Maryland, Aspen Publishers, 2002.

8.  Plumeri PA. Informed consent: Beware. J Clin Gastroenterol 1984;6:471-5.

9.  Plumeri PA. Endoscopic training directors: a few legal and ethical considerations. Gastrointest Endosc Clin N Am 1995;5:447-55.

10.  Richards EP, Rathbun KC. Medical Care Law. Gaithersburg, Maryland, Aspen Publishers, 1999.


Useful Websites

www.guidelines.gov national guideline clearinghouse

www.nih.gov National Institutes of Health website. Provides access to medical care consensus   statements

www.ama-assn.org/members/cits/summaries1.htm Provides information regarding medicare audits and reviews