Risk management and risk response have long been routine enterprise-wide processes for some industries such as manufacturing. Healthcare has been a bit slower to the table, having taken a more siloed approach and initially focussing risk management efforts on clinical risks around patient safety, and response to medical liabilities. Nowadays however, there are many moving parts in healthcare that are presenting multifaceted risks such as the increasing role of healthcare technologies; cyber threats; non-privacy information technology (IT) risks; value-based care; patient satisfaction, patient complaints, and performance scores; and revenue cycle management. As healthcare strives to balance the demands of patients, providers, payers, and the government, healthcare stakeholders are moving from clinical risk management plans and embracing a more holistic organization-wide view through Enterprise Risk Management (ERM).
According to an article in the New England Journal of Medicine (NEJM) Catalyst, healthcare ERM is made up of “the systems and processes employed to uncover, mitigate, and prevent risks in healthcare institutions.” It takes into consideration all the components that contribute to the proper functioning of the healthcare organization – all departments, staff, IT resources, infrastructure, business associates, etc. – moving them out of the silos and into an integrated system. The Project Management Institute (PMI) in a publication refers to risk management as “the systematic process of identifying, analyzing, prioritizing, and responding to risk,” which is critical for any healthcare organization in the current climate.
Enterprise risk management in healthcare is not just about compliance, it is also important for helping organizations to predict their next steps in remaining competitive and financially viable. The NEJM Catalyst article further states that “by employing risk management, healthcare organizations proactively and systematically safeguard patient safety as well as the organization’s assets, market share, accreditation, reimbursement levels, brand value, and community standing.” A well-structured and robust healthcare ERM provides a comprehensive framework for making risk management decisions that will result in maximum value protection.
To be successful in healthcare ERM, a proper framework is essential to ensure that all players are on the same page as to how to identify, manage, and mitigate risks. One such risk management framework is mentioned below in Figure 1 and involves three (3) steps:
Risk identification is the first step in any risk management process. It is essential that risks should be accurately identified for the effective functioning of a healthcare ERM plan. The risk identification process must be proactive, include multiple employees, and must create value for and protect the organization. A healthcare ERM plan should clearly identify specific risk events, details of the risk scenarios, and descriptions of how each risk could impact the organization should the risk occur.
Implementing enterprise risk management plan can be challenging if not handled properly. For some organizations this will represent a culture change and a total shift in the way things are done and thus must be approached delicately. To facilitate a smooth implementation process, here are a few best practices to follow:
Enterprise risk management in healthcare is gaining traction in the industry. Healthcare stakeholders are realizing the need to identify, analyze, manage/mitigate, and monitor risks for compliance as well as for maintaining a competitive edge and remaining financially viable. Healthcare ERM is a process that requires proper planning and a robust framework for it to function efficiently and realize its full potential.