Skip to main content
The Official Web Site of the State of South Carolina

Risk Management

The South Carolina Department of Disabilities and Special Needs (DDSN) recognizes that every provider, no matter how well run, its employees, and people supported in services inherently possess exposure to risk. DDSN also recognizes that management of the risk factors that impact on the provider, its employees, and the people that it serves requires a broad-based, coordinated managerial approach in order to mitigate any harm or loss. A broad- based provider Risk Management program should fulfill the following purposes:

  1. Improve the safety and quality of life for people supported and employees;
  2. Conserve financial resources;
  3. Prevent litigation; and
  4. Maintain relationships of trust among stakeholders.


Tools of Risk Management

In order for a provider’s Risk Management Program to be effective, the following “tools” need to be available.

  • INFORMATION- knowledge, expertise, and commitment of employees; sound policies and procedures; risk incident reporting systems; computerized databases; correction and feedback loops.
  • ADMINISTRATIVE SUPPORTS- provider organization; well-developed infrastructure; committees of reference; systems of communication, decision making, and follow up; provider mission, vision, and values.
  • TRAINING PROGRAMS- pre-service training; in-service training; specialty training in rights of people supported, behavioral support planning, critical incident reporting, medication administration, driver safety, etc.
  • QUALITY ASSURANCE/IMPROVEMENT PROGRAMS- satisfaction of people supported; personal outcomes; continuous quality improvement; etc.

DDSN and its provider network have the responsibility to prevent, as much as possible, the occurrence of unfavorable events in the lives of people served. Examples of unfavorable events for people supported include the following:

  • Abuse,
  • Mistreatment,
  • Exploitation,
  • Critical incidents,
  • Accidents/injuries,
  • Medication errors,
  • Preventable illnesses,
  • Preventable restraints, and
  • Preventable deaths.

It is very important that service providers have reliable systems for reporting, analyzing, and following up on unfavorable events for people supported. Each of these systems should be governed by policies and procedures, and have sufficient resources at their disposal to assure that corrective actions are undertaken to lessen the occurrence of unfavorable events in the future.


Once unfavorable event data has been collected and obvious trends or patterns have been identified (i.e., “eyeballing” the data), it is important to have a strategy to analyze the data in a more in-depth fashion in order to identify as many additional trends or patterns as possible. Thinking of the exercise as a kind of experiment may facilitate this process of trend identification and analysis.

A person or team may sift through the data and then develop “hunches” or hypotheses as to what might be the cause(s) of the unfavorable event.

Once a hunch or hypothesis has been thought of, then it can be tested by comparing what it claims against the data that has been collected on that kind of unfavorable event for people supported. If trends or patterns emerge, then the hunch or hypothesis is confirmed, and the agency has a solid place to start in its prevention efforts.

Hunches or hypotheses that can assist in identifying trends in unfavorable events may be developed by focusing on three (3) areas:

  • Variables in the people supported;
  • Staff Variables; and
  • External Variables.

By focusing methodically on the variables in these three (3) areas, the provider may be able to identify trends or patterns between the unfavorable event and one variable, or identify more complex patterns between the unfavorable event and multiple variables.

After trends or patterns have been identified, then through training, policy/procedure change, staffing change, environmental changes, etc., the provider may be able to reduce the likelihood that that type of unfavorable event will occur in the future.


In the quality assurance and people-oriented risk management literature, the below-listed variables have all been associated with some types of unfavorable events. Staff may want to test whether patterns or trends exist between the unfavorable event(s) and these variables. The variables make up the substance of the hunch or hypothesis. For example, under “Variables Among People Supported: Age” a simple hunch or hypothesis might be, “Elderly people are more subject to falls,” or “Young children are more subject to abuse.” This may continue through those variables that apply to the unfavorable event(s) that are under consideration.

Variables Among People Supported

  • Age (e.g., elderly; children)
  • Gender
  • Medical diagnoses—(e.g., aspiration; GERD)
  • Type of disability— (e.g., MR; Spinal cord injury)
  • Level of disability—(e.g., mild; severe)
  • Communication ability— (e.g., non-verbal; verbal)
  • Kinds of injuries— (e.g., fracture; bruise; fall; bed sore)
  • Involvement or lack of involvement of medical specialists— (e.g., used; never referred)
  • Cause of death—(e.g., trauma; dehydration; bowel obstruction)
  • Location of death—(e.g., home; work; ER; while a hospital in-patient)

Staff Variables

  • Employee
  • Length of service— (e.g., months; years)
  • Level or types of training— (e.g., CPR; First Aid; PRA)
  • Age of employee
  • Gender of employee
  • Staff to client ratio—(e.g., 1 to 4)
  • Shift—(e.g., 1st, 2nd, 3rd)
  • Day of week
  • Regular staff or contract staff; “pulls” or overtime
  • Number of hours worked/ on duty

External Variables

  • Specific residence
  • Specific day program
  • Specific location within the building— (e.g., bathroom; bedroom; kitchen)
  • Environmental risks—(e.g., slippery floors; stairs; playgrounds; swimming pools; busy street)
  • Level/ type of home/ program— (e.g., ICF/IID; CTH; SLP)
  • Weather—(e.g., dark; rainy; windy)
  • Season of the year
  • Provider
  • Region of the state
  • Level of family involvement— (e.g., highly involved to no contact)

As the provider becomes more and more familiar with unfavorable event data it has collected, it can add other variables to this listing that may assist in understanding, and ultimately in preventing, as much as is humanly possible, unfavorable events for people supported by the provider.


Using data related to people supported by the provider, staff, or external variables to test for trends or patterns in unfavorable event data will assist staff in determining what changes or improvements can be made (and in what order of priority) in order to lessen the occurrence of these unfavorable events in the future.


Let’s Look at Rights….

When addressing the Rights issue, it is easy for providers to become overwhelmed. When you talk about rights, some may jump to the conclusion that we are talking about giving people unlimited choices, without restriction. That is not true. When people learn about Rights, they must also learn about their responsibilities in exercising those rights. Every action has a consequence and people must understand the result of their decisions.

As DDSN staff talk about educating people with disabilities about their rights, we are not taking the subject lightly. For one thing, it is understood that most staff, managers included, have a hard time explaining what rights are important to them. People with disabilities are no different. For the system to move forward, we must first begin with a basic education process that defines our basic rights.

As providers begin to move forward, here are a few examples of things we have seen around the state that have worked well for other providers:

  1. Create a Right of the Month. Cover basic rights issues in the provider’s newsletter and provide examples of how staff can help promote rights with the people they serve. If your newsletter is distributed to the public, that is even better- you are now educating the public about people with disabilities and helping them understand that rights are important to everyone.
  2. Make Rights Education a basic part of your new employee orientation and a part of your ongoing training.
  3. Use periods of down-time in the workshops as opportunities to learn about what rights are important to people and what responsibilities come along with exercising rights.
  4. Ask people with disabilities to help interview prospective employees. What better way to demonstrate respect than to include people with disabilities in the hiring decisions for people that will work for them. Ask for their input during employee evaluations, too.
  5. Ask people if they would like to have a key to their own home. For those who do, make sure they understand the responsibility involved in having the key.
  6. Educate your Human Rights Committee (HRC) about due process. If people supported are not already attending the HRC meetings, why not? Ask them if they want to attend. Many may not realize that there is an option to go.
  7. Review the behavior support plans for people supported by your organization. Are they restrictive in nature? The Plans should not restrict a person’s contact with natural supports or restrict their right to use goods/services that they have paid for. The person must give consent for the plan. In some cases, family members have given consent, but not the person supported.
  8. Make sure the people supported are invited to any meetings that may be held to discuss their services. This sounds simple, but meetings often take place in their absence. Remember the “Nothing about me, without me” principle.

With a little planning, rights training can be incorporated into your agency’s everyday activities without additional cost or down-time.

Balancing Rights and Risk

An important component of the DDSN Risk Management Program is associated with balancing the goal of promoting independence and self-determination with the provider’s responsibility to keep the individual safe from foreseeable harm. This area of risk management has taken on new importance over the last decade as a result of the shift in treatment/habilitation that has empowered people supported to be more in control of their lives and decisions.

Exposure to risk is a part of everyday life, and it is largely through making choices and assuming some risk that judgment (i.e., capacity) is developed. However, the ability to distinguish between reasonable and unreasonable risks is sometimes a complex task, and people with disabilities can be vulnerable to abuse, neglect, exploitation and a variety of other dangerous situations that may be the result of their own decision making.


Finding the balance between the provider’s responsibility to protect people, while at the same time promoting their personal growth and autonomy always begins with the person and those who know him/her best. This would include the family, members of his/her “circle of support,” and often the direct support professionals that work with the person on a regular basis.


    In the eyes of the law, if a person is 18 years of age or older, and has not been adjudicated as incompetent, then there is a presumption that the person is competent to make his/her own life’s decisions, and to assume the consequences of those decisions. (As mentioned above, this presumption may be restricted by the terms of the Adult Health Care Consent Act and DDSN Directive 535-07-DD: Obtaining Health Care Consent for Minors and Adults, for decisions involving healthcare.)


    There are certain factors that may be present in a person’s life that reduce the validity of this presumption of competence. These factors generally exist with degrees of severity. Some of the factors that reduce the likelihood that a person is truly able to make all their own decisions and accept the risks involved include:

    • Level of cognitive impairment
    • Level of social adaptive impairment
    • Level of expressive and receptive language impairment
    • History and experience in decision making
    • Presence of or degree of mental illness
    • Presence of or degree of substance abuse

    Using the above mitigating factors, a determination can be made as to whether the person has a reduced capacity to make their own decisions, and furthermore, the relative degree of the reduced capacity.


    Not all decisions are of equal weight. Some decisions are of little consequence, while others may determine the quality and even the length of a person’s life. The consequences of a decision, in relation to the amount of risk that is involved, may be determined by asking:

    • What is the potential that harm will occur?
    • What would be the severity of the harm?
    • What would be the duration of the harm?

    Using the above answers, a determination can be made as to the degree of potential harm associated with the decision, choice or situation under consideration. The more likely that harm will result from a decision or choice, the more competence the person supported by the provider should possess before that decision is left fully in their hands.


Once the person’s present level of competence is determined by reviewing the factors that reduce capacity, and the level of harm that may result associated with a particular decision or situation is determined, then a simple graph can be established that may guide how much scrutiny a provider, a team (or even a family) should give to various decisions/situations. Such scrutiny should involve a careful study or examination of a situation before moving forward. This is done by plotting the level of competence on the vertical axis and the amount of risk on the horizontal axis.

  1. LOW SCRUTINY (low risk combined with high capacity) would indicate that the person can make these decisions by themselves.
  2. MEDIUM SCRUTINY (medium risk and/or medium capacity) would indicate that the decision or situation requires support for the person, such as consultation with the family, circle of support, treatment team, etc. before the decision is made.
  3. HIGH SCRUTINY (high risk and/or low capacity) would indicate that the decision should be made by the provider, or some other substitute decision maker, after consultation with the individual, family, team, professional staff, or employing other specialty consultations.

The keys to establishing the proper balance between the person’s right to make his/her own decisions and the organization’s duty to protect from foreseeable harm or risk are in:

  1. Having a rational basis for establishing any reduced capacity;
  2. Having a rational basis for establishing any potential for harm; and then
  3. Varying the degree of assistance/ support given to the person based upon these first two factors.


Just like the rest of us, a person supported by the provider’s good judgment can increase with training, experience, and consultation with others. The following strategies can be utilized in order to increase the person’s capacity to make good decisions, and by so doing, reduce the risk of harm to the individual.

  • Additional training
  • Additional experience through practice or approximating
  • Family support/involvement
  • Professional counseling
  • Mentoring
  • “Circle of Support” involvement
  • Neighborhood support
  • Staff supervision/shadowing/fading of supports
  • Dividing a task/situation into those parts that may be done independently, and those parts where supervision/support is presently needed.


Service and support providers need to assure that they are on firm ground from an ethical and a liability point of view, as they turn more and more control for decision making over to the person supported. If harm does occur to a person under the providers care and supervision, then the provider will need to document the steps that it took in order to properly balance the rights of a person to make their own decisions with the duty of the provider to protect from foreseeable harm.

Below are listed some of the steps an agency can take to accomplish this.

  • Utilize a rational, defensible process in assessing when a decision can be left in the hands of the person and when graduated supports should be applied.
  • Seek family involvement in decisions.
  • Use a team approach in deliberations.
  • Seek outside consultations, a second opinion, or an “independent clinical review”.
  • Utilize the services of an ethicist or Ethics Committee when appropriate.
  • Communicate with other providers or DDSN Central Office to determine what the standard of care has been in that particular area.
  • Document deliberations and actions.
  • Refer very difficult cases to the courts for adjudication.
  • Provide regular training to staff on making balanced decisions in this area.
  • When in doubt, err on the side of health and safety.
  • Assure that appropriate liability insurance is in place.

Risk Management and the DDSN Network

Centers for Medicare and Medicaid Services (CMS) requirements for Home and Community-Based Waiver services require quality assurance and risk management programs that include the following:

  • A continuous quality improvement process that includes monitoring, remediation, and quality improvement.
  • Evidence based Review of Data that includes outcome measures for program performance.
  • Evidence of the establishment of sufficient infrastructure for the program.

Providers should monitor their data to look for over-reporting and/or under-reporting. High reporting rates may not indicate a problem, but low reporting rates can. Providers with higher rates of reporting have often established a meaningful culture of safety. This culture rewards accurate reporting and early identification of issues. Low incident rates may reflect a provider’s bias toward under-reporting. The rate is a relative number, as it represents the number of cases with or without an incident compared to the total number of cases in the population.

From a systems perspective, the following questions may be helpful:

Who:        Who were the people involved? Was this a repeat incident? 
What:       What types of incidents have been reported? 
                 Are there patterns? 
                 Are there particular types of incidents that seem to be increasing? 
                 Are there common factors? 
Where:    Are incidents limited to a few locations or with a few staff? 
                 Is the setting always the same? 
When:     When are the incidents taking place? 
                 Is there a pattern? 
Why:        Are there any obvious reasons? 
                Consider environmental and technology requirement factors, staff 
                 roles, training and support to staff. 
How:       How can your organization reduce risk and avoid repeat occurrence?

Small numbers (few incident reports) require more analysis to ensure meaningful trends or patterns. Reviewing reports over a longer period and/or comparing other programs to benchmarks may improve the analysis. The analysis should include differences between types of incidents within groups and/or services settings. Procedures may use benchmarks to set triggers and allow for risk adjustment. Additional analysis would include consideration of age, level of disability, functional skills, behavioral health and medical concerns.

It is important to pay attention to the type of incidents reported and the frequency and pattern of incidents reported. Consider incidents across the system and not just the individual. Incident reports may indicate that current services are not meeting the needs of a person supported or a group of people supported by the provider. Repeat incidents require additional attention. Consider the following:

  • Is the level of support appropriate for the person?
  • Has the person recently experienced any major changes in their life?
  • Are support staff properly trained to assist the individual?
  • Has the person been appropriately supervised?
  • Is the staffing pattern appropriate to meet the needs of the people supported?
  • Has there been a change in the person’s health status?

Risk Management Committee Review should include a review of incident data to monitor the effectiveness of individual services and supports. The goal is risk reduction and safety enhancement. The Risk Management Committee may also consider other factors (licensing, staffing, medical and behavioral supports) with corresponding incidents. The Risk Management Committee may use the incident data to establish goals, target training, (both ongoing and specialized), evaluate the effectiveness of current strategies, target higher-risk activities for more support, improve support planning and guide quality improvement efforts.


Six basic functions of an Incident Management System: 
Identify, Notify, Trigger, Analyze, Inform, and Document.

Frequently Asked Questions about DDSN Risk Management:

  1. Where do I get the information for my Risk Management Committee to track, trend, and analyze my organization’s Incident Management reports?

    Providers have access to a variety of reports on the DDSN Applications Portal through the R2D2 Reports link. Under the ANE, Critical Incident, and Death Reporting tabs, providers can run reports to track the types of reports, the people involved, types of incidents, safety plans, and quality assurance actions to be taken. In addition, providers can run reports to track the timely submission of each individual report. This data can be compared to DDSN’s Statewide Incident Management Data that is distributed to providers on a quarterly basis.

  2. How frequently should the Risk Management Committee review my agency’s data?

    According to DDSN’s Risk Management Directive, a provider’s Risk Management Committee should meet at least quarterly.

  3. What should the Risk Management Committee review?

    The Risk Management Committee should review the type and frequency of reports in the system and compliance with the reporting requirements. They should also analyze information to determine if there are concerns with specific work shifts where incidents have been reported, the staffing levels assigned to a location, training of staff, need for fall assessments, need for swallow studies, status of assistive technology, or the effectiveness of behavior support plans.

  4. Does the Risk Management Committee need to look at information in the Therap General Event Reporting (GER) Module?   Yes.

    The GER module should contain information from Direct Support Professionals reporting individual concerns about people supported. Many GER entries result in Critical Incidents, but the Risk Management should evaluate the information in the system to determine appropriate preventive strategies. Providers can also use the GER to ensure staff are documenting appropriately.

  5. How will a Basic Assurances® Review evaluate the provider’s Risk Management Committee?

    Factor Four of the Basic Assurances® states that there must be Protection from Abuse, Neglect, Mistreatment, and Exploitation. Indicator C addresses the activities of a risk management committee. The provider implements systems for reviewing and analyzing trends, potential risks and sentinel events including allegations of abuse, neglect, mistreatment and exploitation, and injuries of unknown origin and deaths. Specifically, Probe 2 inquires about the provider’s systems used to identify patterns or isolated incidents that may be indicative of abuse, neglect, mistreatment, or exploitation and situations that may precipitate abuse or neglect. Probe 3 asks if there is a system for maintaining data on reports of ANE that enable the evaluation of both individual and organizational outcomes. Probe 4 addresses the maintenance of data related to injuries of known and unknown origin and Probe 5 addresses mortality reviews. Finally, Probe 6 inquires about the presence of a system to review intrusive and restrictive interventions to enable evaluation of both individual and organizational outcomes.

DDSN Risk Management Training (PDF)