For healthcare organizations, workdays are fast paced, short staffed and intensely regulated. In this challenging environment, where any adverse incident can negatively impact an organization’s operations, reputation and earnings, there is little room for errors. That’s why the best healthcare companies practice enterprise risk management (ERM), engaging the whole organization in the shared responsibility of turning risks into opportunities for continuous improvement. ERM is flexible by design, adaptable to suit any organization’s mission and management style.
Common risks for healthcare organizations
- Laws, regulations, standards, corporate compliance
- Medicare conditions of participation
- Privacy, confidentiality (data breach)
- Medical records and discovery
- Human resources, credentialing, staffing
- Patients’ rights
- Medication management
- Infection prevention and control
- Abuse reporting
- Environmental safety
Identifying and evaluating risk
Healthcare organizations share broad categories of risk — i.e., clinical, regulatory, environmental, privacy — with specific risks that vary by type of organization. Based on the size and complexity of the organization, healthcare businesses use a variety of tools to identify and evaluate risks and associated opportunities. These include traditional incident, consultant, inspection, and peer review reports.
ERM also employs other hands-on, observational methods to identify and report risk incidents and patterns. These include brainstorming, focus groups, employee reporting, and patient and family satisfaction surveys.
Taken together, the results of these various risk evaluation techniques provide a thorough picture of both internal risk drivers (e.g., staff qualifications and training, employee fatigue, task interruptions) and external risk drivers (e.g., regulatory compliance; reimbursement issues; competition, weather).
Once a list of risks is compiled and examined for cross-functional risk (risks involving more than one department or area of operations), the list is reviewed for opportunities to produce “quick fixes,” or “quick wins,” which help build credibility for the ERM program among staff members. Other complex and/or long-term risks may be referred for more detailed study and the development of comprehensive mitigation strategies.
Risk inventory and ranking
The ERM team will compile a complete list of risks into a “risk inventory,” organized by domain (areas of primary responsibility) and prioritized on two dimensions. The first dimension is “likelihood,” which refers to the number of times an adverse event or risk occurs. The second dimension is “impact,” which refers to the potential harm to patient, employee, facility, finances, reputation, or combinations of some or all of these.
Another important factor for evaluating risk is “velocity,” which refers to the time available to anticipate an event, realize the outcome, and take action to mitigate the consequences. After completing a thorough risk inventory, organizations assign a value to each risk. The Likert scale ranking of 1 to 5 is convenient for this purpose and commonly used. In this model, “likelihood” and “impact” are plotted on X and Y axis, with the result being a clear, visual presentation of risk priorities, from unlikely/insignificant to highly likely/critically important.
Source: Figure 1. Source: American Society for Healthcare Risk Management, Enterprise Risk Management: A Framework for Success, 2014
The ERM approach to risk inventory and scoring brings objective clarity to the process of planning for risk mitigation and allocating resources for event response. Overall, adopting ERM enables healthcare organizations of any size to function in a more nimble, forward-looking way, where risk identification and mitigation are seen as shared responsibilities and treated as important opportunities to create value for patients, staff and the organization as a whole.
Unique risks to consider by type of healthcare business
Home health agencies
- Pressure ulcers
Outpatient care centers
- Infections caused by failure to properly disinfect equipment used in invasive procedures
- Handoff communications — instructions from clinicians to patients/families
- Failure to diagnose
- Failure to review lab/test results
We understand the issues facing today’s healthcare organizations and can help you identify solutions that reduce risks. Contact us today to find out more.