Running head: RISK ASSESSMENTS 1

Risk Assessments: Childrens Hospital and Clinics

Eduardo Santoyo
HTM 680
National University

July 30, 2016

 Risk Assessments: Childrens Hospital and Clinics

The prescription and administration of medications is known as an area of high risk in

hospitals and ambulatory care settings. This paper will be discussing and identifying risks

associated with medication administration, and providing some possible strategies that could be

considered when looking at the case study of the Childrens Hospital and Clinics in Minneapolis,

MN in 2001. Using the Five Rights of medication administration, we will look at how using

this method could help with the incident that caused a near-fatal event.

The event that occurred involved the administration of morphine to a ten year-old patient

at the Childrens Hospital and involved a group of nurses, some of them experienced and one

who was new to the staff. That event brought about the study into the incident and many other

medical accidents that had occurred at the clinic. Julie Morath, Chief Operating Office at the

Childrens Hospital, and her teams efforts were the focus of the case study. The issue that was

brought up during her study of the incident can be tied back to risk mitigation. Risk is a function

of the likelihood of a given threat-sources exercising a particular potential vulnerability, and the

resulting impact of that adverse event on the organization (Stoneburner, Goguen, & Feringa,

2002). It is critical for success and minimizing risk of an organization to take into consideration

the Five Rights of medication administration (Right patient, right drug, right dose, right route,

and right time). In addition to the Five Rights, we can also look at the 9-step risk assessment

methodology, primarily focusing on Step 4 Control Analysis, in minimizing risk.

As discussed in the NIST Publication (2002) by Stoneburner, Goguen, and Feringa, the

goal of this step is to analyze the controls that have been implemented, or are planned for

implementation, by the organization to minimize or eliminate the likelihood (or probability) of a

threats exercising a system vulnerability. By taking into account control methods, control
categories, and the control analysis technique, we are able to look into the Childrens Hospital

incident that occurred with medication administration and the ten year-old patients near fatal

occurrence.

Control method mentions the security controls being either technical or nontechnical. A

technical control would be a safeguard that is incorporated into a computer hardware, software,

or firmware. Nontechnical control would be management and operational controls like a security

policy, operational procedure, and personnel, physical, and environmental security. Under this

control method, we could consider the nontechnical controls that were in place that could have

prevented the morphine administration to the patient. The operational procedure and personnel

both had an impact on the morphine being administered incorrectly. The new nurse on the floor

and other nurses not being familiar with the infusion pump being used did not help with

administrating the right dose. If the nontechnical controls could have been checked ahead of

time, the incident could have been prevented.

The next control would be the classification of either being preventative or detective.

Preventative control aides in inhibiting attempt to violate security policy. Detective controls

helps to warn of violations or attempted violations of security policy. If we could take the

detective controls into consideration, auditors are able to go back in look back at the audit trails

that are created, as well as the checksums. If the new nurse, as well as the experienced nurses

who assisted, were trained, certified, and allowed to operate the pump via a badge reader that

was attached to the machinery, it would have prevented the use of the machine. Having a system

check in place in order to operate the pump may have helped with the incident. The nurses

would be able to verify that all Rights would be checked: patient, drug, dose, route, and time.
The next component of control analysis would be the technique, which is seen here by

creating a checklist to help in analyzing controls in an efficient and systematic manner. It is

essential for the organization to update those checklists in order to reflect any type of changes in

their control environment, which would allow ensuring the validity of that checklist. Having an

updated checklist of the controls that are needed to be in place in regards to medication

administration and the use of electronic infusion pumps would help to create a safe environment.

It is required for the administration of medication, to be checked and revised periodically in

order to ensure medication safety.

The issue of how different medication administration for children versus adults must be

addressed as well. There are various factors that differentiate administration of medication

between the two groups. Medication must have the appropriate dosages based on weight,

buffering factors, and making sure the dosages are based on child-sized dosages. What should

not be different would the controls that were discussed. All the same controls should be in place

in order to avoid any kind of medicine administration errors or at the very least, keep them to a

minimum, as well as near misses.

Throughout the case study, medication errors are discussed as well as how often they

occur. Some say that we must take into consideration adding more Rights to the list. It is

important to take into account those basic Five Rights when administrating medication in any

type of environment. The risk assessments that are discussed by the National Institute of

Standards and Technology will aid in accomplishing and minimizing risk in health care settings.
 References

Edmonston, A., Roberto, M. A., & Tucker, A. (2007). Childrens Hospital and Clinics (A).

Harvard Business School. Retrieved from Harvard Business Review (9-302-050)

Federico, F. (2016) The five rights of medication administration. Institute for Healthcare

Movement. Retrieved from http://www.ihi.org/resources/pages/improvementstories/

fiverightsofmedicationadministration.aspx

Stoneburger, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information

technology systems. Recommendations of the National Institute of Standards and

Technology. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-

30.pdf