Traditionally, risk management has centered on the role of patient safety and the reduction of medical errors to protect against financial liability and to enable the organization to achieve its mission. However, with an increase of risks posed by the expanding role of technology, cybersecurity concerns, the fast pace of medical science, and the continual change in regulatory, legal, political, and reimbursement climate, healthcare risk management has become more complex over time.
Furthermore, financial risk is shifting from payers to providers with the value-based care movement and risk-bearing models such as the Centers for Medicare and Medicaid Services’ pay for performance and bundled payment programs. Moody’s Investor Services stated in a 2017 report that “Maintaining high clinical quality will increasingly impact financial performance … as reimbursement moves away from a fee-for-service model and towards a greater emphasis on value and outcomes.”
Consider the example of a patient injury. In a traditional risk management model, a patient injury is usually viewed as falling within the domain of clinical services or possibly housekeeping services.
However, a patient injury has the potential to produce serious repercussions that affect every area of the business. A patient injury may result in a costly claim based on neglect or quality of care that negatively impacts the company’s reputation and customer satisfaction, which then affects census, which then affects company finances, which then affects staffing levels, and which then impacts the ability to meet workplace rules and mandated regulations. In other words, a patient injury leads to a trickle-down effect:
As a result, risk management programs are increasingly proactive and view risk through the broader lens of the entire healthcare ecosystem. Expanding the role of risk management across the organization for a more holistic approach is called Enterprise Risk Management (ERM). It is considered a “big picture” approach to risk. This example clearly demonstrates both the interconnectivity of risk among every area of business operation and the reason ERM emphasizes a holistic, organization-wide approach that looks at the synergistic effects of risk.
ERM encompasses eight risk domains instead of including only clinical and patient safety:
The foundational building blocks of ERM are an all-inclusive, company-wide commitment to treating risk management as a shared responsibility with the following goals:
While traditional risk management programs focus on value protection and risk mitigation, ERM adds a twist to this model. Using data and evaluation tools, and relying on insights and input from employees, ERM places equal emphasis on creating value. In this model, an engaged and focused cross-functional team that includes patients identifies opportunities to change processes, thereby contributing significant value to the organization by reducing risk, improving patient and job safety and satisfaction, and enhancing efficiency and service quality. ERM includes traditional risk identification methods mentioned earlier in addition to less-traditional risk identification methods, such as brainstorming, focus groups, interviews, and employee and physician satisfaction surveys. These methods are valuable for fostering forward-thinking and innovation as well facilitating collaboration and teamwork.
Decisions about risks are evaluated and analyzed for benefits (rewards/value) and disadvantages (costs/risks). In practice, ERM produces options and alternatives and results in reliable informed choices for planning a path forward.
Continual communication and transparency about the purpose, progress, and results of the ERM process are key to cultivating an environment of shared responsibility and accountability for risk management while cultivating a stronger sense of teamwork and collaboration.
The role of the healthcare risk manager must change to meet this new governance structure to oversee and facilitate implementation of the ERM framework. To be effective in this role, the healthcare manager will need to acquire a new set of skills and knowledge. Risk managers proactively identify risks and estimate potential consequences and upsides for clinical/patient safety and will need to expand this expertise to include the other seven domains. They also need to develop response plans in case risks become reality. In the face of an adverse and unforeseen situation, they need to mitigate organizational exposure by responding to and executing containment plans.
The healthcare risk management role is constantly evolving in response to its dynamic and multidimensional nature. Some of the current responsibilities of the risk manager include building relationships with stakeholders, documenting and reporting on risk and adverse situations, and creating processes, policies, and procedures for responding to and managing risk and uncertainty. It is imperative for risk managers to continually monitor and navigate the ever-shifting landscape of the healthcare risk continuum.
Authored by Cindy Ebner, MSN, RN, CPHRM, FASHRM