Online College Courses for Credit

The Value of Risk Management

The Value of Risk Management

Author: Capella Healthcare

The Value of Risk Management

See More

what's covered
In this lesson, you will learn about the value of risk management. Specifically, this lesson will cover:
  1. Complexity
  2. Enterprise Risk Management (ERM)

1. Complexity

Traditionally, risk management has centered on the role of patient safety and the reduction of medical errors to protect against financial liability and to enable the organization to achieve its mission. However, with an increase of risks posed by the expanding role of technology, cybersecurity concerns, the fast pace of medical science, and the continual change in regulatory, legal, political, and reimbursement climate, healthcare risk management has become more complex over time.

Furthermore, financial risk is shifting from payers to providers with the value-based care movement and risk-bearing models such as the Centers for Medicare and Medicaid Services’ pay for performance and bundled payment programs. Moody’s Investor Services stated in a 2017 report that “Maintaining high clinical quality will increasingly impact financial performance … as reimbursement moves away from a fee-for-service model and towards a greater emphasis on value and outcomes.”

2. Enterprise Risk Management (ERM)

Consider the example of a patient injury. In a traditional risk management model, a patient injury is usually viewed as falling within the domain of clinical services or possibly housekeeping services.

However, a patient injury has the potential to produce serious repercussions that affect every area of the business. A patient injury may result in a costly claim based on neglect or quality of care that negatively impacts the company’s reputation and customer satisfaction, which then affects census, which then affects company finances, which then affects staffing levels, and which then impacts the ability to meet workplace rules and mandated regulations. In other words, a patient injury leads to a trickle-down effect:

Patient injury leads to a trickle-down effect

As a result, risk management programs are increasingly proactive and view risk through the broader lens of the entire healthcare ecosystem. Expanding the role of risk management across the organization for a more holistic approach is called Enterprise Risk Management (ERM). It is considered a “big picture” approach to risk. This example clearly demonstrates both the interconnectivity of risk among every area of business operation and the reason ERM emphasizes a holistic, organization-wide approach that looks at the synergistic effects of risk.

ERM encompasses eight risk domains instead of including only clinical and patient safety:

  • Operational
  • Clinical/Patient Safety
  • Strategic
  • Financial
  • Human Capital
  • Legal/Regulatory
  • Technology
  • Hazard
The American Society for Healthcare Risk Management (ASHRM) defines ERM as a "comprehensive framework for making risk management decisions which maximize value protection and creation by managing risk and uncertainty and their connections to total value." It is a management strategy driven by business values in which organizations proactively and systematically protect patient safety while minimizing cost and improving quality.

The foundational building blocks of ERM are an all-inclusive, company-wide commitment to treating risk management as a shared responsibility with the following goals:

  • To advance safe and trusted healthcare
  • To optimize organizational readiness and effectively manage uncertainty
  • To utilize data to identify and prioritize risks
  • To encourage multi-disciplinary accountability
ERM is built on top of a governance structure that aligns business operations with the risk management program. It stresses the use of technology to orchestrate risk mitigation efforts across the enterprise and to eliminate the risk associated with siloed department or business units. Data analytics are implemented to support decision-making, departmental synergy, risk prioritization, and resource allocation. Analytics can also monitor benchmarks as a way to illustrate value of costs prevented for ERM initiatives.

While traditional risk management programs focus on value protection and risk mitigation, ERM adds a twist to this model. Using data and evaluation tools, and relying on insights and input from employees, ERM places equal emphasis on creating value. In this model, an engaged and focused cross-functional team that includes patients identifies opportunities to change processes, thereby contributing significant value to the organization by reducing risk, improving patient and job safety and satisfaction, and enhancing efficiency and service quality. ERM includes traditional risk identification methods mentioned earlier in addition to less-traditional risk identification methods, such as brainstorming, focus groups, interviews, and employee and physician satisfaction surveys. These methods are valuable for fostering forward-thinking and innovation as well facilitating collaboration and teamwork.

Decisions about risks are evaluated and analyzed for benefits (rewards/value) and disadvantages (costs/risks). In practice, ERM produces options and alternatives and results in reliable informed choices for planning a path forward.

Continual communication and transparency about the purpose, progress, and results of the ERM process are key to cultivating an environment of shared responsibility and accountability for risk management while cultivating a stronger sense of teamwork and collaboration.

The role of the healthcare risk manager must change to meet this new governance structure to oversee and facilitate implementation of the ERM framework. To be effective in this role, the healthcare manager will need to acquire a new set of skills and knowledge. Risk managers proactively identify risks and estimate potential consequences and upsides for clinical/patient safety and will need to expand this expertise to include the other seven domains. They also need to develop response plans in case risks become reality. In the face of an adverse and unforeseen situation, they need to mitigate organizational exposure by responding to and executing containment plans.

The healthcare risk management role is constantly evolving in response to its dynamic and multidimensional nature. Some of the current responsibilities of the risk manager include building relationships with stakeholders, documenting and reporting on risk and adverse situations, and creating processes, policies, and procedures for responding to and managing risk and uncertainty. It is imperative for risk managers to continually monitor and navigate the ever-shifting landscape of the healthcare risk continuum.

term to know

Enterprise Risk Management (ERM)
A comprehensive framework for making risk management decisions that maximize value protection and creation by managing risk and uncertainty and their connections to total value
Authored by Cindy Ebner, MSN, RN, CPHRM, FASHRM


If you are struggling with a concept or terminology in the course, you may contact for assistance.

If you are having technical issues, please contact

Terms to Know
Enterprise Risk Management (ERM)

A comprehensive framework for making risk management decisions which maximize value protection and creation by managing risk and uncertainty and their connections to total value