Are there recommended patching best practices?

Yes. There are patch deployment approaches that tend to minimize problems and make troubleshooting easier. Please review these items for applicability in your environment.

Patch Deployment Best Practices Summary

Always update your database before query
  or setup an automated update schedule (or both)
Always query hosts prior to patch deployment
  or set up an automated query schedule (or both)
Test a new patch deployment on one machine
Use "Send Alert" to get users to clean up targets
Use "Reboot" for targets prior to deployment
Ignore "Obsoletes" during patch selection
Apply service-packs by themselves
Sort patches by date
Sort by icon to quickly locate all Service-Packs, or security fixes
Let the Install Wizard help "prune" your selected patch list

Details

Always update your database before query

Always query hosts prior to patch deployment for an accurate view of "available vs. installed" patches

  or...

Set up an automated query schedule

Note: You can schedule network enumeration and validation along with querying, however it may be best to hold off on validation till more validation metadata is added to the UE remediation database over the course of the next several upcoming 6.x releases, and realize that validation imposes a fair amount of extra overhead to check the integrity of the existing patch environment on a host by host basis. Think of it as "Querying x 2".

Test a new patch deployment on one machine, then deploy more widely.

Use "Send Alert" to ask users to close all applications and reboot before leaving, this can prevent problems

You might consider rebooting of targets prior to patch deployment, using the "Reboot" command

Sometimes remotely rebooting machine(s) allows a patch install to finish, or cleans up a machine that isn't co-operating. Some admins like to reboot machines prior to patching. You can send a message and delay the reboot for up to approximately 9 hours (32,767 seconds).

In general, when selecting patches, ignore “obsoletes” (red balloon)

Apply service-packs by themselves, apply more recent individual updates after, this avoids dependency problems!

Sorting patches by date can help figure out newer vs. older patches

Sort by icon to quickly group all Service-Packs, or all security fixes

Select individual patches, then prune based on Install Wizard dialogue box messages

  or

Hit “continue” in the “dependencies found” dialog to skip the invalid updates and proceed

Note: Its best to do some research on the selected patches as a check that the updates make sense

If UpdateEXPERT patch installation fails, try to install the patch without UpdateEXPERT, the patch itself may be flawed. See %windir%\Qnnnnn.log for patch requirements and actions.