Auditors: Focus on these top clinical risk areas in 2022

Rebecca M. Welker, Erin Meyer, Amy Uldrick
| 2/8/2022
Focus on these top clinical risk areas in 2022

Patient safety is a chief priority for healthcare provider organizations. It’s no surprise, therefore, that patient safety consistently ranks on the annual lists of top risks for healthcare organizations published by Crowe as well as on its “2021 Top Clinical Risks in Healthcare.” Noncompliance with safety-related regulatory requirements and evidence-based clinical practices can result in patient harm, decreased quality-based scores, reduced medical reimbursement, and other negative impacts.

Three high-risk, critical areas for patient safety today include infection prevention, device disinfection and sterilization, and surgical safety (including surgical suite disinfection). Organizations should consider including these important safety-related areas in their risk assessments and audit plans.

Following is a look at common audit findings in these areas and strategies auditors can use to help mitigate risks. Additionally, it’s important to note that patient safety should be a focus across the continuum of care. Audits should address safety compliance in inpatient settings, such as the operating room (OR), as well as in ambulatory surgery centers and physician practices, especially as industry trends show more patient care moving to outpatient settings in the years ahead.1

Infection prevention

The risks involved with hospital acquired conditions (HACs) are numerous and great. They include patient harm, poor quality scores and ratings, revenue loss through payment reductions, and high costs to treat HACs. Of the numerous HACs, two of the most common are central line-associated bloodstream infection (CLABSI) and patient falls.

Common auditor findings related to CLABSI include:

  • Missing consent and patient education. Auditors review the consent process, including staff training in this area. They also review whether informed consent information in the electronic health record (EHR) matches what auditors observe on-site.
  • Errors made during skin prep and insertion. Auditors review the skin prep process to determine if the skin prep is sitting for the required length of time and if the sterile field has been broken.
  • Missing documentation. Auditors review medical records to make sure documentation is complete. For example, was the order placed and is a description of the necessity for the central line included?

Common auditor findings related to patient falls include:

  • Over- or underreporting of falls. Auditors review documentation to see if it supports the number of falls reported internally (through the organization’s event reporting system) and externally (for example, to the health department or Medicare).
  • Missing documentation of fall risk assessment and interventions. Auditors review documentation to make sure it addresses processes for fall risk assessment and fall interventions.
  • Missing quality improvement structure and improvement processes (for example, post-fall debriefs or root cause analyses). Auditors review the process from start to finish to determine if the appropriate infrastructure is in place to support efforts toward a reduction in HACs.

Device disinfection and sterilization

Clinical audits performed on device disinfection and sterilization processes in acute and ambulatory settings are vital and help mitigate risks including:

  • Risks to patients. Transfer of bacteria or viruses on dirty equipment can result in potential deadly infections.
  • Risks to staff. Chemicals used to disinfect equipment or contaminated instruments and sharps can lead to potential staff injury.
  • Risks to devices. Devices can be damaged or destroyed if staff does not follow proper disinfection and sterilization procedures.
  • Risks to the organization’s reputation. News and social media outlets frequently pick up patient infection stories.

Hospitals can use two processes to clean reusable devices between patients: sterilization or high-level disinfection. Auditors review three major steps (and numerous substeps within these) for each cleaning process:

  1. Point of use/pre-cleaning (to immediately remove bioburden before it dries and hardens, which can interfere with the rest of the cleaning process)
  2. Manual/thorough cleaning (by manually scrubbing with enzymatic cleaner prior to disinfection or sterilization)
  3. High-level disinfection or sterilization (the last step required to reprocess the device at the highest level necessary)

Common auditor findings in the areas of device disinfection and sterilization include:

  • Errors throughout all three major steps and their component steps. Auditors observe the process to verify that staff performs necessary steps.
  • Errors in design layout of the device reprocessing room. Auditors observe and walk through the decontamination room and other areas involved in reprocessing of devices to verify rooms are safe and compliant.
  • Noncompliance with policies and training. Auditors review policies and training materials to verify that information is updated and relevant and that it aligns with industry standards and manufacturers’ instructions for use.
  • Lack of monitoring. Auditors review quality assurance processes to verify oversight and monitoring of logs and verify maintenance for solutions and machines used in disinfection or sterilization.

Surgical safety and surgical suite disinfection

A surgical suite can be the site of many risks, such as unintended retained foreign objects, wrong site/wrong surgery, surgical fires, and cross-contamination or infection between patients from uncleaned OR equipment, to name a few. Auditors can choose to perform one comprehensive audit covering both surgical safety and surgical suite disinfection or conduct two separate audits reviewing surgical safety elements (such as sponge accounting, fire safety, and the “timeout” procedure to confirm patient and procedure) and evaluating surgical suite disinfection practices (for terminal and in-between case cleaning) separately.

Common auditor findings related to surgical safety and surgical suite disinfection include:

  • Sponge accounting system steps and counts missed. Auditors validate sponge accounting processes to verify surgical sponges, sharps, and other instrument counts are performed and maintained during a surgical case. Procedures can vary by facility, but general guidelines recommend counts be performed at the start and end of a case, upon closing the incision, when closing a cavity, and when there is a permanent change of staff made during a case.
  • Fire risk not assessed. Auditors look for fire risk elements and whether risk of fire in the surgical suite has been assessed. An industry best practice is to note the assessment out loud during the timeout procedure. Auditors can verify in the medical record the fire assessment was documented.
  • Timeout procedure and site-marking process performed incorrectly. Auditors look to see who is performing the site-marking process, who is leading the timeout procedure, and which staff members are and are not engaged. Are team members working during the timeout procedure (when they are supposed to be pausing and focusing to confirm the correct patient, procedure, and site)? Are all essential elements covered during the timeout? Is the site-marking process performed correctly?
  • Critical items missed during in-between case cleaning. Auditors look to see if staff missed the cleaning of critical, high-touch areas and equipment such as the operating table, monitors, and pumps. Do cleaning processes flow from high to low and cleanest to dirtiest, following industry best practice?
  • Terminal cleaning steps missed. Auditors assess whether any steps were missed, performed out of sequence, or performed incorrectly.
  • Policies and training materials not aligned with industry standards, absent, or outdated. Auditors validate whether the organization’s policies reflect what is happening during surgical cases and suite cleaning. For health systems with multiple facilities and departments, auditors also check that policies, processes, and training regarding safety expectations are aligned across the organization to both organizational and industry standards.

Mitigating risks: Steps to take now

Organizations can take several steps to mitigate patient safety-related risks and improve overall patient safety. Four vital steps include:

  1. Identify opportunities. Review organizational data to find areas that might benefit from an audit. For example, incident reports can reveal near misses, and reports on surgical site infections can show how infection rates are trending and whether interventions might be needed. If your compliance or internal audit department is monitoring claims data, ask staff members to provide trends for hospital-acquired conditions and all the claims-based quality measures.
  2. Validate that practice matches policy. Auditors can work with quality, risk, or infection prevention team members to verify that organizational practice matches the organization’s policy or industry safety standards. Those team members should be knowledgeable in the specific areas being audited (for example, high-level device disinfection and sterilization requires specialized knowledge). The audit team also could consider partnering with other units or departments (such as sterile processing for device disinfection/sterilization) and other specialists throughout the organization who can verify best practices in each area. Auditors also can work with staff members from these areas to discuss and determine an ongoing monitoring strategy for patient safety risk areas.
  3. Focus on quality improvement processes and leadership engagement. If audit findings are identified, the audit team, working with organizational leadership, should determine next steps. Among the decisions to be made are who will review the results and how the results will be communicated to high-level leadership and front-line clinical staff. The group also should decide on an action plan to address current – and prevent future – risks.
  4. Conduct ongoing assessments. Reviewing infection prevention, device disinfection and sterilization, and surgical safety and surgical suite disinfection processes requires multiple individuals spanning numerous departments across a healthcare organization. An organization can have safety precautions in place and staff training completed yet still have risk gaps. Ongoing assessment is essential. Also, organizations can benefit from an independent assessment of their patient safety audit practices, ideally once every one to two years. Third-party specialists knowledgeable about today’s most pressing patient safety risks can provide an invaluable perspective to auditors and organizational leadership on how to prioritize their risks and focus their resources on addressing those risks in the most effective way possible.

1 Madeleine McDowell, “Sg2 2021 Impact of Change Forecast: Post-Pandemic Recovery, Rising Acuity and Ambulatory Shifts,” June 3, 2021, Sg2,

Contact us

Rebecca M. Welker
Managing Director, Healthcare Consulting
Erin Meyer
Erin Meyer
Amy Uldrick
Amy Uldrick