Corrective Action Plan

MEMORANDUM

TO: Vice President Finance

FROM: Administrator

DATE: September 20, 2021

 

RE: Corrective Action Plan (CAP)

 

The problem

I am writing to inform you that we have violated a healthcare law by not reporting to the FDA Adverse Event Reporting Systems (FAERS) about the death of five patients under our long-term care facility. The death of these patients resulted from medical errors caused by our health care providers. I have been investigating the problem; however, we have not done the reporting made initiatives to report the incidence. By not reporting the deaths of the patients, we are non-compliant with the health care laws and protocol. Medication errors resulting in death or serious adverse effects should be reported to the FDA Adverse Event Reporting Systems (FAERS). Hence, we will face a penalty for non-compliance as stipulated by the law (Bharadwaj et al., 2017).

The FDA may take regulatory actions after reporting the deaths from medication errors. The actions may include improving product safety and protecting public health, such as communicating new safety information to the public, updating product labeling information, and restraining drug use; this is based on evaluating the potential safety concern. The evaluation of submitted reports aids in identifying the cause of the medication errors and deaths of patients. We failed to submit the report due to insufficient details to estimate the adverse event or medication error incidence. The healthcare facility and its employees have been rendered non-compliant and thus will face a penalty. Notably, we should report adverse events immediately or when suspicious to prevent life-threatening and death incidences (Bharadwaj et al., 2017).

The Law

Our institution was non-compliant with the CFR § 312.32 IND safety reporting code (2020) that demands the reporting of death or life-threatening events that result from the use of drugs in a human.  The regulation demands health care providers to notify FDA and all investigators on the possible serious risks associate with drug use. FDA Adverse Event Reporting Systems (FAERS) governs the issue and outlines the penalties of failure to report deaths and medical errors. Tarnished reputation, business disruptions, poor patient care financial losses, license revocations, trust erosion, and security breaches can result from non-compliance of not reporting deaths to the FDA Adverse Event Reporting Systems (FAERS) (Bharadwaj et al., 2017).

COSO Framework

The COSO framework focuses on accomplishing operational, reporting, and compliance objectives. The framework is a continuous process dependent on people’s actions rather than codified policies and procedures. It provides acceptable security assurance to senior management and may be tailored to the demands of the whole company and each department, unit, or process. Using the COSO framework, an organization will be in opposition to report problems that lead to non-compliance. The actions of the employee will be accountable and not just focusing on the policies. In that manner, medical errors will be mitigated. Each department should adopt the COSO framework and put it into practice for better outcomes (Bognár & Benedek, 2021).

The COSO framework comprises internal control goals that should be met to improve compliance and correct system-wide problems. The goals are divided into three categories, namely operations, reporting, and compliance. Under operations objectives, the healthcare facility or any other organization will emphasize the efficacy and effectiveness of the company’s operations. Secondly, the reporting objective promotes transparency and ensures that internal and external finances are reported. The last internal goal comprises the compliance objective, where the healthcare facility or any other organization will adhere to the law and other regulations. Therefore, the COSO framework ensures our long-term care facility avoids future non-compliance and other system-wide problems (Thabit, 2019).

COSO framework consists of five internal control components: information and communication, control environment, control activities, risk assessments, and monitoring. The most crucial component is the control environment that entails employees’ ethical values, human resource policies, commitment to employing competent employees, and organizational structure. Secondly, the risk assessment component will enable our facility to evaluate any risks that may affect the organization, lead to penalties, and weigh risks vs. risk tolerance (Park et al., 2021).

Of importance, the control activities component entails all the tasks and activities the management has laid out to meet the internal control objectives. When employees follow the laid out tasks and activities without shortcuts the then the organization will be compliant, and system-wide problems will be avoided. The fourth components comprise information and communication. A key to a solid system is precise and effective communication, and the flow of relevant and high-quality information will improve the facility’s compliance (Park et al., 2021). Finally, internal control monitoring can be accomplished using special periodic assessments and continuous evaluations merged into our business operations.

Corrective Action Plan

I will assess the current internal system and other top management. I will improve the system according to COSO’s model. I will conduct a seminar where all lower management and other employees will learn about the COSO framework. Subsequently, I will implement the strategies and evaluate to determine whether the employees follow the corrective measures. Since each employee in the facility has a mandate to remain compliant, all employees will be required to play their roles to ensure the action plan works to achieve the desired objectives. I will form a group of employees from various departments in the facility to suggest and develop recommendations necessary for a better internal control system.

I recommend the facility to ensure there is a flow of precise and quality information through departments. The data should be documented or sent electronically. Paperwork can also be saved electronically, making the information more accessible. Electronically stored documents are easy to change during takeout and returns (Bognár & Benedek, 2021). There must be a good form of filing and either physically or electronically, to avoid loss of information. In this course of action, I relied on the information and communication component of COSO.

I recommend that we come up with a risk assessment and management committee to avoid future compliance issues. With all documents and information accessible, it will be easier for the risk management committee to identify and mitigate non-compliance risks on time.  I suggest we put in place rigorous compliance training for all employees. Again, the Power DMS management tool allows the healthcare -information technology administrators to track and link all of these areas: policies, signatures, and training (Thabit, 2019). The mentioned tool will be crucial to the risk management team. In this course of action, I applied the risk assessment component of COSO.

To avoid medical errors, I recommend four strategies: employees should follow proper medication reconciliation procedures. Nurses are obligated to ensure that organizational policies related to medication records are followed. Employees should Double check—or even triple-check—procedures, and everything should be documented. Of importance, employees should learn the institution’s medication administration guidelines, policies, and regulations. Following the mentioned strategies will alleviate life-threatening and death incidences for improved patient outcomes.

 

 

References

Bharadwaj, S. A., Yarravarapu, D., Reddy, S. C. K., Prudhvi, T., Sandeep, K. S. P., & Reddy, O. S. D. (2017, February). Enhancing healthcare using m-care box (monitoring non-compliance of medication). In 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics, and Cloud)(I-SMAC) (pp. 352-356). IEEE.

Bognár, F., & Benedek, P. (2021). A Novel Risk Assessment Methodology: A Case Study of the PRISM Methodology in a Compliance Management Sensitive Sector. Acta Polytechnica Hungarica, 18(7).

CFR § 312.32 IND safety reporting code (2020). Retrieved from https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm?fr=312.32

Park, K., Qin, J., Seidel, T., & Zhou, J. (2021). Determinants and consequences of non-compliance with the 2013 COSO framework. Journal of Accounting and Public Policy, 106899.

Thabit, T. (2019, April). Determining the effectiveness of internal controls in enterprise risk management based on COSO recommendations. In International Conference on Accounting, Business Economics and Politics.