Chapter 43 – Indian Health Service Safety Tracking and Response (I-STAR) Policy

3-43.1  INTRODUCTION

1. Purpose.  This policy establishes the roles and responsibilities of all Indian Health Service (IHS) personnel in the event/incident reporting process.  This policy establishes a systematic, organizational, and enterprise-wide safety culture that aims to identify system improvements necessary to protect patients, visitors, personnel, and facilities, creating an environment in which potential problems are anticipated, detected early, and a response is provided to prevent unintended consequences and to create a highly reliable system of care.
2. Scope.  This chapter applies to the IHS-operated health care programs and facilities, referred to in this policy as IHS facilities, which include, but are not limited to, hospitals, critical access hospitals, ambulatory care, and behavioral health treatment facilities.  Further, this policy applies to:  Area Offices, Headquarters (HQ), and IHS employees.  Tribally operated and Urban Indian Organization health care programs or facilities may adopt this policy.  The content of this chapter is intended to augment other Indian Health Manual (IHM) chapters, circulars, special general memoranda, and policies in general.  Items outside this policy’s scope are found in sections IHM 3-43.2 J.
3. Policy.  The IHS policy is to report all events/incidents/good catches, and all associated actions and responses (e.g., investigation, quality review, root cause analysis (RCA)) will be recorded via the IHS Safety Tracking and Response (I-STAR) web-based events reporting system.

   This policy and the I-STAR Standard Operating Procedures (SOP) Manual establish the process for implementing Agency-wide requirements associated with I-STAR reportable events/incidents. The I-STAR Policy and I-STAR SOP will be reviewed according to IHM Policy requirements.

   Reporting into I-STAR does not replace other reporting required by law or policy.

4. Definitions.
   1. Closed Loop Communication.  The act of providing follow-up communication to staff who report events/incidents.
   2. Event or Incident.  An event or incident is defined as a real or potential event (i.e., good catch) or condition not consistent with the routine care or operation of the organization or its services that does or could result in an occupational injury or illness, a visitor injury, a patient safety error, an adverse event, a security event, property damage, utility system failure/interruption/deficiency, or a hazardous condition (See I-STAR SOP).
      1. Adverse Event or Adverse Incident.  An undesired outcome or occurrence, not expected within the normal course of care or treatment, disease process, condition of the patient, or delivery of services at the organization that involves harm or death.  This definition also includes any process variation in which a recurrence of the event/incident carries a significant chance of serious adverse outcomes.
      2. Adverse Drug Event.  An Adverse Drug Event (ADE) is an unwanted effect or harm that occurs after using a medication where the medication is suspected as the cause of the unwanted effect or harm.
         1. Medication Error.  Any preventable event that may cause or lead to inappropriate medication use or patient harm while the medication is controlled by the health care professional, patient, or consumer.
         2. Serious Adverse Drug Event.  An ADE that occurs at any dose that results in death, is life-threatening, requires inpatient hospitalization or causes prolongation of an existing hospital stay, results in persistent or significant disability/incapacity, may have caused a congenital anomaly/birth defect, or requires intervention to prevent permanent impairment or damage.
      3. Good Catch.  Circumstances that have the capacity to cause an event or incident, whether or not it would have been adverse, but did not cause an injury, illness, hazardous event, property damage, or security incident either by chance recognition or through timely intervention.  Good catches are opportunities for learning and afford the chance to develop preventive strategies and actions.  Example categories of good catches are:  hazardous conditions, category A or B medication safety event/incident, or patient safety interventions.  These are also referred to as close calls or near misses.
      4. Sentinel Event.  Sentinel Events are a type of adverse event defined as unexpected occurrences involving death, serious physical or psychological injury, or risk thereof.  Serious injury specifically includes loss of limb or function.  The phrase “risk thereof” includes any process variation for which a recurrence would carry a significant chance of serious adverse outcomes.
      5. Workplace Violence.  Any act or threat of physical violence, harassment, intimidation, or other threatening disruptive behavior that occurs at the work site.  These may include, but are not limited to, harassment, intimidating/hostile/offensive behavior, sexual harassment, bullying, and as further defined by the IHM 11-6, Prevention of Workplace Harassment.
   3. Harm.  Temporary or permanent impairment of the body's physical, emotional, or psychological function or pain that requires intervention.
   4. IHS Safety Tracking and Response System.  The IHS Safety Tracking and Response System (I-STAR) is a web-based system to document events/incidents and good catches.  This system documents, investigates, tracks, and trends event/incident data enterprise-wide.
   5. Immediate Threat.  A situation in which immediate corrective action is necessary to prevent death or serious physical harm and those events that pose an immediate threat to health or safety.
   6. Intentionally Unsafe Acts.  Intentionally unsafe acts are any events that result from:
      1. A criminal act;
      2. An act wherein both unsafe action(s) and their harmful consequence(s) are intended;
      3. An act while impaired due to any alcohol or substance abuse; or
      4. Events involving alleged or suspected abuse of a patient or staff.
   7. Just Culture.  A just culture recognizes that individual staff must not be held accountable for system failings over which they have no control.  The organization and its leadership are accountable for the systems they have designed and for supporting the safe choices of both management and staff.  Each employee is accountable for their choices and behaviors within the organization.  Each employee consistently reports events/incidents, good catches, and risks for potential errors or harm.  A just culture requires a shift of focus from errors and outcomes, to system design and management of the behavioral choices of all employees to strengthen processes and systems that result in an increase in workforce and patient safety.
   8. Risk Consequence Score.  A method of categorizing events based upon the severity category with a likelihood of recurrence category (probability) for an event or incident.  This score is assigned during the event or incident investigation and finalized during the final review.  The I-STAR SOP provides further detail.
   9. Root Cause Analysis.  The root cause analysis (RCA) is a specific type of comprehensive systemic analysis (CSA) most commonly used for events/incidents requiring analysis.  The RCA aims to uncover the root cause(s) of a problem so that solutions can be appropriately targeted.  To avoid confusion, the term RCA indicates CSA and must adhere to the procedures provided in the I-STAR SOP.
   10. Safety Culture.  An organizational safety culture is the shared values, beliefs, attitudes, perceptions, and patterns of behaviors that prioritize safety, open communication of risks and promoting behaviors that minimize harm using a system-based approach rather than an individualized approach.  Key components include.
       1. Acknowledgment of the high-risk nature of an organization's activities and the determination to achieve consistently safe operations.
       2. Promoting just culture principles and encouraging staff reporting of risks, events/incidents, and good catches into I-STAR;
       3. Encouragement of collaboration across ranks and disciplines to seek solutions to patient safety problems; and
       4. Organizational commitment of resources to address safety concerns
   11. Second Victim.  The healthcare professionals, caregivers, and staff who sustain psychological, cognitive, or physical reactions after having been involved in an adverse patient event, medical error, and/or patient-related injury that harms patients to whom they are providing care.
   12. Severity of Harm Score.  The level of severity of harm that the initial event reporter assigns upon entry into the I-STAR web-based events reporting system.  Scores are defined as;
       1. Patient and Visitor Events:
          1. Low – minimal harm caused;
          2. Moderate – short-term harm caused;
          3. Severe – permanent or long-term harm caused; or
          4. Death.
       2. Worker Events:
          1. First Aid;
          2. Medical Treatment;
          3. Hospitalized (for treatment); or
          4. Death.
5. Authorities.
   1. Indian Health Care Improvement Act, 25 United States Code (U.S.C.) § 1601 et seq., as amended
   2. Confidentiality of medical quality assurance records; qualified immunity for participants, 25 U.S.C. § 1675
   3. 29 C.F.R. Part 1904 – Recording and reporting occupational injuries and illnesses
   4. Indian Health Service Safety Tracking and Response (I-STAR) Standard Operating Procedures.

3-43.2 RESPONSIBILITIES

1. Director, IHS.  The Director, IHS, or their delegated designee, is responsible for:
   1. Administrative issuance of this policy;
   2. Ensuring this policy is fully implemented throughout the Agency; and
   3. Ensuring HQ-level event/incident reporting individual or team is in place to investigate and close HQ-level events.
2. Deputy Director for Quality Healthcare and Enterprise Risk Management.  The IHS Deputy Director for Quality Healthcare and Enterprise Risk Management (DDQHC-ERM; or equivalent position/delegate designee) will support this policy by:
   1. Providing policy updates;
   2. Maintaining and updating policy exhibits
   3. Maintaining and updating I-STAR SOP; and
   4. Maintaining the I-STAR web-based events reporting system.
3. Area Director.  Each Area Director will ensure that all safety programs are consistent with current policy and are operational and effective within their region by:
   1. Ensuring the Area Governing Body (GB) has a process to review and report event/incident outcomes and mechanisms to mitigate future reoccurrences.
      1. Providing oversight to Service Units to ensure event/incident entries are investigated and closed within the appropriate time frames; and
      2. Providing GB oversight of review and assessing data to identify trends on events/incidents during GB sessions.
   2. Ensuring Area level event/incident reporting individual or team is in place to: 
      1. Investigate and close Area Office level events;
      2. Advise and support Service Unit event/incident reporting teams; and
      3. Manage online event/incident system access.
   3. Ensuring the appropriate notification of events as defined in this policy.
4. Chief Executive Officers.  The CEOs of IHS-operated Service Units will:
   1. Ensure execution of this policy;
   2. Ensure timely reporting of Service Unit events/incidents;
   3. Ensure I-STAR web-based event reporting system login users conduct timely review, investigation, and closure of Service Unit event/incident entries;
   4. Ensure supervisors are accountable for their own and their subordinates’ roles in event/incident reporting, investigation, and action plans, as applicable;
   5. Ensure corrective and preventive action processes are developed and implemented in response to individual events or trends and report to GB as appropriate;
   6. Ensure compliance with accreditation requirements regarding sentinel events, including ensure any local sentinel event policies are followed;
   7. Ensure the appropriate notification of events as defined in this policy; and
   8. Ensure Service Unit staff complete the required training as defined in this policy.
5. Login Users.  Personnel with login access (login users) to the IHS events reporting system will:
   1. Hold event/incident details confidential, other than that authorized by law and required for investigation, follow-up, and required reporting;
   2. May serve as the event/incident investigator;
   3. Complete event/incident investigation and close-out actions.  Refer to the I-STAR SOP for investigation timelines and for recommended primary roles by category of event (e.g., Medication, Patient Care, Worker events).
   4. Use system data to identify occurrence patterns and opportunities for training and system improvement, but such information will be de-identified;
   5. Ensure closed loop communication is provided to staff members who report an event for which an RCA is required; and
   6. Assist with/complete summary reports as requested.
6. Supervisors.  Supervisors will:
   1. Ensure event/incident submission by employee(s) within the I-STAR web-based events reporting system and other applicable reporting systems (e.g., Employees’ Compensation Operations and Management Portal (ECOMP), MedWatch, Vaccine Adverse Event Reporting System (VAERS));
   2. Submit an event/incident in the I-STAR web-based events system on behalf of their employee if the employee is unable to complete the report due to injury or illness;
   3. Provide prompt and factual information in the I-STAR web-based events system regarding injuries/illnesses occurring to staff, patients or visitors, security issues, and property damage or allegations thereof;
   4. Ensure appropriate personnel safety event/incident reporting training occurs for subordinates within 30 days of hire and at least annually thereafter;
   5. Regularly inspect event/incident and good catch data to determine potential sources of risk and take active steps to proactively prevent future event/incident occurrences;
   6. Create an environment in which a safety culture is employed, which prevents retaliation against the reporter of an event/incident and/or those performing investigation and follow-up of activities;
   7. Support staff “second victims” during serious patient harm events, including the Federal Occupational Health Employee Assistance Program, as appropriate;
   8. Ensure closed loop communication is provided to staff members who report an event for which an RCA is required; and
   9. See section 3-43.2 J for additional reporting requirements.
7. IHS Employees.  All IHS employees will:
   1. Promote and maintain a safety culture;
   2. Create an environment in which a safety culture is employed, which prevents retaliation against event/incident reports and/or those performing investigation and follow-up activities;
   3. Enter accurate good catches and events/incidents in the I-STAR web-based events reporting system within 24 hours of the event, or as soon thereafter as feasible;
   4. Enter events in other additional and applicable reporting systems (e.g., ECOMP, MedWatch, VAERs) as appropriate;
   5. Participate openly and honestly with event/incident investigations;
   6. Follow all safety instructions in the performance of job duties;
   7. Promote workplace safety for self and others; and
   8. Know their role in event/incident response, as applicable.

3-43.3 CORE ELEMENTS

1. Event/Incident Reports.  Copies of event/incident reports will not be kept on file in:
   1. Personal records, regardless of file medium used; or
   2. Patient medical records.
   3. Records generated as part of the IHS Medical Quality Assurance Program are confidential per 25 U.S.C. §1675 and will be handled in accordance with 25 U.S.C §1675 and any other applicable authorities.
2. I-STAR Web-Based Events Reporting System.  The I-STAR web-based events reporting system will not be used for the following occurrences and will be reported as per the IHS policy:
   1. Discrimination or failures within Equal Employment Opportunity (EEO) protections will follow the guidelines established by the IHS’s Diversity Management and EEO Program;
   2. Health Insurance Portability and Accountability Act (HIPAA)/ Privacy Act-related events will be reported through existing channels designed for this purpose.  Contact the local or Area HIPAA/ Privacy Act Liaison for guidance;
   3. The IHS Provider misconduct will follow the reporting and action requirements of IHM Part 3-23, Ethical and Professional Conduct of Health Care Providers and those designed by the respective organization’s Medical Staff Bylaws; and
   4. The I-STAR web-based events reporting system is inappropriate for entering patient/employee complaints or grievances.  Employees should refer to their local Office of Human Resources for procedures for reporting these events.
3. Additional Reporting.  Additional reporting will be required for the following occurrences outside of the I-STAR web-based events reporting system:
   1. Events involving workplace harassment and/or violence will also be reported in accordance with IHM 11-6, Prevention of Workplace Harassment;
   2. Allegations or incidents of pediatric patient sexual assault will also be reported in accordance with IHM 11-2, Protecting Children from Sexual Abuse by Health Care Providers;
   3. Security and property events involving external law enforcement will also be reported in accordance with IHM 5-12, Personal Property Management and the HHS Safety Manual (must be on D1 network);
   4. Employee injuries and illnesses will also be recorded, reported, and notification provided in accordance with IHM 1-9, Occupational Safety and Health Program.  This includes, but is not limited to recordkeeping, reporting, and notification requirements with:
      1. Employee injury or illness events and policy and regulatory requirements with OSHA recordkeeping and reporting/notification;
      2. Employee injury or illness event reporting in ECOMP;
   5. Sentinel events will be reported according to the organization's Sentinel Event Reporting policies;
   6. The ADEs and Vaccine Adverse Events (AVE) will follow additional reporting requirements as published in IHM 3-7, Pharmacy:
      1. All serious, unusual, or previously unreported ADEs will be reported directly to the FDA MedWatch system, including “IHS” in Section G of the report form.
      2. The AVEs will be reported using Form VAERs-1, Vaccine Adverse Event Reporting System, including “IHS” in item #26 of the report form.
      3. For events reported to FDA MedWatch or VAERs, users must document events in alignment with IHS guidance to ensure the Agency can capture enterprise-level data and trends for the reportable events.
   7. All other incident types for which IHS policy, HHS policy, Federal law, or accreditation organizations require additional reporting outside of the incident reporting system; staff will provide additional reports as indicated.
4. Risk Identification.
   1. Root Cause Analysis.  All IHS facilities will complete a root cause analysis (RCA) for any event/incident or good catch that has a severity of harm score of severe harm or death, or for events that meet the criteria identified in the risk consequence score of extreme, sentinel events, events representing an immediate threat to health or safety, and as outlined in the I-STAR SOP.
      
      The RCAs will be conducted using IHS standardized methodology, tools, and documentation.  These RCA procedural items are located on the IHS Safety Tracking and Response (I-STAR) web page and the Root Cause Analysis and Action (RCA2) – PatientSafety (ihs.gov).
   2. Intentionally unsafe acts must be dealt with through avenues other than those defined in this policy.
   3. If an event involves what appears to be an intentionally unsafe act, an administrative investigation (AI) or similar review may be appropriate and an RCA may be inappropriate.  However, in some cases, it may be appropriate to do both types of reviews.  An AI might review a licensed practitioner willfully performing a procedure outside of their scope and privileges.  An RCA on the same topic might review the local processes for reviewing and enforcing practitioner privileges and preventing out-of-scope practice (e.g., reviewing privileges before operating room time is booked).
5. Training.
   1. Initial Training.  All staff will receive initial event/incident reporting training within 30 days of hire.  Training will include I-STAR event/incident reporting and orientation to this IHS Safety Tracking and Response policy.
   2. Annual Training.  All staff will receive annual events/incident reporting training.