Virginia Law

A. The provider shall permit representatives from the department to conduct reviews to:

1. Verify application information;

2. Assure compliance with this chapter; and

3. Investigate complaints.

B. The provider shall cooperate fully with inspections and investigations and shall provide all information requested by the department.

C. The provider shall collect, maintain, and review at least quarterly all serious incidents, including Level I serious incidents, as part of the quality improvement program in accordance with 12VAC35-105-620 to include an analysis of trends, potential systemic issues or causes, indicated remediation, and documentation of steps taken to mitigate the potential for future incidents.

D. The provider shall collect, maintain, and report or make available to the department the following information:

1. Each allegation of abuse or neglect shall be reported to the department as provided in 12VAC35-115-230 A.

2. Level II and Level III serious incidents shall be reported using the department's web-based reporting application and by telephone or email to anyone designated by the individual to receive such notice and to the individual's authorized representative within 24 hours of discovery. Reported information shall include the information specified by the department as required in its web-based reporting application, but at least the following: the date, place, and circumstances of the serious incident. For serious injuries and deaths, the reported information shall also include the nature of the individual's injuries or circumstances of the death and any treatment received. For all other Level II and Level III serious incidents, the reported information shall also include the consequences that resulted from the serious incident. Deaths that occur in a hospital as a result of illness or injury occurring when the individual was in a licensed service shall be reported.

3. Instances of seclusion or restraint shall be reported to the department as provided in 12VAC35-115-230 C 4.

E. A root cause analysis shall be conducted by the provider within 30 days of discovery of Level II serious incidents and any Level III serious incidents that occur during the provision of a service or on the provider's premises.

1. The root cause analysis shall include at least the following information:

a. A detailed description of what happened;

b. An analysis of why it happened, including identification of all identifiable underlying causes of the incident that were under the control of the provider; and

c. Identified solutions to mitigate its reoccurrence and future risk of harm when applicable.

2. The provider shall develop and implement a root cause analysis policy for determining when a more detailed root cause analysis, including convening a team, collecting and analyzing data, mapping processes, and charting causal factors, should be conducted. At a minimum, the policy shall require for the provider to conduct a more detailed root cause analysis when:

a. A threshold number, as specified in the provider's policy based on the provider's size, number of locations, service type, number of individuals served, and the unique needs of the individuals served by the provider, of similar Level II serious incidents occur to the same individual or at the same location within a six-month period;

b. Two or more of the same Level III serious incidents occur to the same individual or at the same location within a six-month period;

c. A threshold number, as specified in the provider's policy based on the provider's size, number of locations, service type, number of individuals served, and the unique needs of the individuals served by the provider, of similar Level II or Level III serious incidents occur across all of the provider's locations within a six-month period; or

d. A death occurs as a result of an acute medical event that was not expected in advance or based on a person's known medical condition.

F. The provider shall make available and, when requested, submit reports and information that the department requires to establish compliance with these regulations and applicable statutes.

G. Records that are confidential under federal or state law shall be maintained as confidential by the department and shall not be further disclosed except as required or permitted by law; however, there shall be no right of access to communications that are privileged pursuant to § 8.01-581.17 of the Code of Virginia.

H. Additional information requested by the department if compliance with a regulation cannot be determined shall be submitted within 10 business days of the issuance of the licensing report requesting additional information. Extensions may be granted by the department when requested prior to the due date, but extensions shall not exceed an additional 10 business days.

I. Applicants and providers shall not submit any misleading or false information to the department.

J. The provider shall develop and implement a serious incident management policy, which shall be consistent with this section and which shall describe the processes by which the provider will document, analyze, and report to the department information related to serious incidents.