Healthcare is undergoing dramatic change. The operating environment for hospitals is rapidly shifting from a volume-based delivery model to a value-based one. A road map for hospitals to transform from the fee-for-service first curve to the pay-for-performance second curve system was set forth by the American Hospital Association, who identified the top three high-priority strategies for successful quality improvement and increased efficiency:
- Alignment of hospitals, physicians, and other providers across the continuum
- Utilizing evidence-based practices to improve quality and patient safety
- Improving efficiency through productivity and financial management
Risk management professionals are uniquely positioned to support implementation of these “second curve” strategies in their organizations. As hospitals and health systems seek to acquire non-hospital-based providers such as physician practices and other services as a strategy to increase competitive advantage, stabilize bottom lines, and improve market share, risk managers are often asked to assess the risks of the practices or services either before or immediately after acquisition. Alignment of risk management and patient safety programs necessarily follows.
Enterprise risk management (ERM) provides a framework for achieving safe and reliable healthcare delivery and can provide a structure to fully integrate risk management and patient safety across care settings. This entails an interactive – versus a reactive – approach to risk identification, analysis, and treatment through an entrenchment of risk management principles into corporate operations and strategic planning.
Managing risk with an enterprise-wide view allows a healthcare organization to use a cross-functional approach to assess, evaluate, and measure risks, and help guide decision-making within the organization’s tolerance for risk as it implements plans to be strategically adept under Affordable Care Act reforms.
Recent trends, including globalization of financial and business markets, continued integration of the insurance industry, increased regulation, and a greater focus on corporate governance, have stimulated a shift to ERM from the traditional “silo” approach to risk management in healthcare organizations.
An ERM program can help healthcare leaders focus on better management of patient safety risks as well as business risks and, in turn, increase the value of their organizations through gains in reputation, prevention of financial losses, and investment in expanded healthcare services to benefit both the organization and the community.
Additionally, where traditional risk management centers mainly around the risk control activities of avoidance, control, and risk transfer through insurance and other means, ERM sees risk as an asset and sees the potential for gain as well as for loss in risk-producing activities.
ERM goes beyond clinical risks
ERM provides a logical framework for identifying, measuring, and acting on the broad scope of potential risks facing healthcare organizations today. The benefits of ERM go beyond avoiding financial losses and legal entanglements and include enhancement of management effectiveness, increased value for all stakeholders (patients, staff, suppliers, and the community), better stability for the organization, protection of reputation, and increased board confidence.
Instead of dealing with risks separately or within functional departments, ERM recognizes that risks are interrelated and can be managed across various domains:
- Operational risks arise from the healthcare organization’s core business: the delivery of healthcare services in all care settings.
- Financial risks are associated with an organization’s ability to raise and maintain access to capital, contracting issues, cost of risk, and evaluation of supplier support. This domain includes risks eligible for risk financing techniques, such as insurance.
- Human capital risks include the organization’s ability to recruit, manage, and retain human workforce. Workers’ compensation, occupational hazards, turnover, workplace violence, harassment, and discrimination fall under this domain.
- Strategic risks are risks that have an impact on the growth of the organization and include mergers, acquisitions, joint ventures, and advertising liability. In addition, this domain includes reputational risk associated with community relations and performance expectations by patients and payers.
- Legal and regulatory risks are associated with numerous complex rules, regulations, statutes, and standards. Examples include licensure, accreditation, and Medicare compliance.
- Technological risks include those associated with biomedical devices, telemedicine, electronic medicine, and information systems that support electronic health records.
ERM in healthcare entails identifying critical risks; quantifying their financial, operational, and strategic impact; and implementing risk management strategies to maximize enterprise value.
Beginning with a risk assessment to identify the organization’s risks, generally through surveys, interviews, and observations to inventory and categorize risks by domain, identified risks are analyzed and prioritized for action according to the level of impact they would have on the organization.
Sedgwick healthcare risk management and patient safety consultants have a proven record of successful partnerships in conducting comprehensive risk assessments with prioritization and support for implementation of program improvements. Learn more and read additional detail behind this article in our latest Professional Liability Risk Resource newsletter.
Kathleen Shostek, RN, ARM, BBA, FASHRM, CPHRM, Senior Healthcare Risk Management Consultant
- Second Curve Road Map for Health Care. Health Research & Educational Trust. Chicago: April 2013.
- ECRI Institute. Enterprise Risk Management: An Overview. Healthcare Risk Control 2006 Risk Analysis Supplement A.
- Heim T. Searching for risk: the search for business risk will take you on an enlightening journey throughout your organization. Healthc Financ Manage 2004 Apr;58(4):52.
- Carroll R (ed.). Risk Management Handbook for Health Care Organizations. San Francisco: Jossey-Bass; 2004.