Concept of Risk Management in Health Care

Concept of Risk Management in Health Care.

Course Strategy Guide

Risk Management

This course introduces students to issues related to risk management in health care. Concepts will include the role of a risk manager, regulatory requirements, and risk factors unique to the health care industry.

Key Takeaways

Week One Topic: Concept of Risk Management in Health Care

Objective 1.1: Explain the concepts of risk management in the health care industry.

  1. Key concepts
    1. Designed to protect the organization’s assets
    1. Enterprise-wide to focus on all risks to an organization
    1. Aligned with the organization’s mission, vision, values, and goals
    1. Includes sufficient structure and scope to identify, communicate, and address all organizational risks
    1. Uses a structured decision-making process
    1. Definitions
      1. Risk: the chance of loss, damage, or negative outcome
      1. Risk identification: the process of identifying risks or potential exposures, such as financial, property, human, and reputation
      1. Risk analysis: the process of determining the probability and potential severity of the loss associated with the identified risk
      1. Risk control: steps taken to address the risks, including elimination, reducing likelihood, minimizing severity, segregating, and transferring
      1. Risk financing: steps taken to address risks, including assuming or transferring
    1. Structure of a risk management program
      1. Authority to implement policies and procedures, modify behaviors, and bring about necessary changes
      1. Visibility to prominently raise awareness of risks and employ risk management practices and techniques throughout the organization
      1. Communication mechanisms to receive and disseminate risk-related information in a timely manner to and from internal and external stakeholders
      1. Coordination mechanisms to support and enhance risk management activities
      1. Accountability for risk management responsibilities, achievement of risk management goals, and reporting of progress to leadership
    1. Scope of a risk management program
      1. Patients: confidentiality, protection, informed consent, nondiscrimination, emergency management, research studies, medical procedures, etc.
      1. Employees: safe work environment, occupation illness and injury, discrimination in recruiting, hiring and promotion, wrongful termination, and sexual harassment
      1. Medical and professional staff: credentialing, peer review, performance improvement, disciplinary actions, impaired status, fraud, and abuse
      1. Financial: lawsuits and contracts
      1. Property: structures, buildings, equipment, paper and electronic records, money or payments, and patient valuables
      1. Others: operation of cars, trucks, vans, ambulances, and helicopters; terrorism and bioterrorism; hazardous materials; maintenance of facilities; infectious biological water; volunteers; and students in training
    1. Mechanisms for identifying risks
      1. Complaints
      1. Satisfaction surveys
      1. Accreditation survey reports
      1. Regulatory reports
      1. State licensure surveys
      1. Internal audits
      1. Incident reports
      1. Infection control data
      1. Claims data
      1. Performance improvement data
      1. Generic occurrence screening
      1. Contracts and agreements
      1. Staff interviews, meetings, or discussions
    1. Risk assessment
      1. Use a risk assessment tool or other written criteria, such as the Risk Management Self-Assessment Manual, to avoid overlooking key points.
      1. Identify areas for assessment.
        1. Evaluate the organization’s structure.
        1. Identify the organization’s current products, services, and business relationships.
        1. Examine high-risk, high-volume, problem-prone, and high-visibility areas.
        1. Conduct an enterprise-wide inventory of the organization’s key functions and operations.
    1. Organizational commitment
      1. The board and leadership must support the risk management program by approving the program, assigning responsibility, enforcing accountability, and acting when support is needed.
      1. Risk management should be integrated into daily operations throughout the organization and become an integral part of the organization’s culture of safety.
      1. Risk management staff must interface with all levels of the organization and have sufficient authority, accountability, and resources to implement a risk management program.
      1. Risk management should be a collaborative process involving facilitation, communication, education, understanding, and compliance.
    1. Documenting a risk management plan
      1. Outline the purpose, scope, structure, and objectives of the risk management program.
      1. Identify organizational authority and accountability, as well as the roles and responsibilities for risk management.
      1. Create operational definitions to ensure common understanding of risk management terms.
      1. Identify risk management strategy and processes.
      1. Describe approaches to risk identification, risk assessment, risk handling, and risk monitoring.
      1. Include organizational performance goals and objectives.
      1. Identify mechanisms to identify and monitor organizational risks.
      1. Identify communication and reporting tools for the risk management program.
    1. Risk management program acceptance
      1. Make the risk management program visible to all staff in the organization and provide ongoing education and information to staff.
      1. Enlist the support of a prominent employee or professional staff to advocate for the risk management program and specific initiatives.
      1. Direct efforts on preventive aspects of risk management.
    1. Risk management process: Various risk management processes may be used depending on the organization’s needs and preferences. A common yet simple process follows:
      1. Identify types of losses or risks.
      1. Evaluate various risks techniques, such as risk control or risk financing.
      1. Select the best risk management techniques.
      1. Implement selected risk management techniques.
      1. Monitor the effectiveness of risk management techniques and make necessary improvements.

Objective 1.2: Explain factors that influence risk management in the health care industry.

  1. Internal
    1. Structure
      1. Facilities: location, maintenance, and workflow
      1. Human resources: sufficient, competent, and trained staff; and culture
      1. Financial resources: budget cuts, funding, and reimbursement
      1. Equipment and supplies: appropriate, sufficient, maintenance, and training
      1. Technology: currency, integration, and training 
      1. Governance and leadership: supportive and involved
    1. Process and systems: established, communicated, followed, effective, updated, and input or feedback
    1. External
      1. Customers and stakeholders: involvement and relationships
      1. Legal requirements, tort reform, and litigious society
      1. Regulatory requirements and increasing regulations
      1. Accreditation requirements and higher expectations
      1. Funders, payors, and insurers
      1. Performance reporting to regulatory agencies, report cards to public, and transparency   
      1. Political environment, health care reform, special interest groups, and health care policy
      1. Health status and wellness of patients, populations, and society
      1. Globalization and geographic distances
      1. Partnerships, collaboration, formal and informal relationships, and contractual agreements
    1. General
      1. Leadership
      1. Philosophy
      1. Staff
      1. Customers
      1. Processes
      1. Systems
      1. Partnerships
      1. Data-driven decision-making
      1. Continuous improvement

Week Two Topic: Enterprise Risk Management

Objective 2.1: Explain the relationship between risk management and quality management.

  1. Whereas risk management and quality management are separate disciplines, they have become more integrated over the years because of their organization-wide effects and similarities. Many organizations have combined risk and quality management functions to realize operational efficiencies.
    1. Risk management and quality management are proactive approaches that provide a long-term focus on sustaining the organization by reducing losses from negative events and by improving the products and services offered.
    1. Risk management and quality management share many philosophies and characteristics because both do the following:
      1. Originate from and are supported by leadership in the organization
      1. Link to and support the organization’s mission, vision, values, and goals
      1. Strive to reduce negative outcomes and improve organizational performance
      1. Focus on customers and their safety, needs, preferences, and expectations
      1. Require involvement and participation from all staff in the organization
      1. Require management involvement to coordinate activities to address issues
      1. Incorporate education and training programs for staff
      1. Must integrate into daily operations to be effective
      1. Involve a structured and methodical approach to data-driven decision-making
      1. Use appropriate tools and techniques for assessment, analysis, and decision-making
      1. Require ongoing monitoring of performance, communication with staff, and adjustment as needed in response to internal and external factors
      1. Be continuous, cyclical, and never-ending
    1. Risk management and quality management may bring about improvement and positive results in the following areas:
      1. Improved patient care
      1. Improved health outcomes
      1. More effective communication
      1. Increased employee morale
      1. Improved customer satisfaction
      1. Increased regulatory compliance
      1. Improved accreditation status
      1. Fewer accidents
      1. Decreased errors
      1. Decreased complaints
      1. Decreased litigation

Objective 2.2: Explain the concept of enterprise risk management.

  1. Enterprise Risk Management (ERM) is a comprehensive process that evaluates all risk exposures confronting an organization from the top down.
    1. ERM is a discipline that is broad in scope.
      1. Covers these basic functional areas
        1. Loss prevention and reduction, claims management, risk financing, regulatory and accreditation, compliance, risk management operations, and bioethics
      1. Part of the organization’s strategic plan
      1. Proactive and reactive processes
      1. Comprehensive
        1. Organization-wide
        1. Holistic
        1. Broad perspective
        1. Synergistic effect
        1. Comprehensive
        1. Strategic
        1. Thorough
        1. Robust
        1. Structured
      1. Value protection
        1. Reduce uncertainty
        1. Reduce variability
        1. Duplication
        1. Separation
        1. Shield asset
        1. Efficient use of resources
        1. Quality outcomes
        1. Safe practices
        1. Variability
      1. Value creation
        1. Increased market share
        1. Competitive edge
        1. Financial strength
        1. Improved return on investment (ROI)
        1. Increased margins
        1. Enhanced reputation
        1. Improved satisfaction scores
        1. Quality outcomes
        1. Credible
        1. Respected

Objective 2.3: Explain key drivers of value driven enterprise risk management.

  1. Risk domains and drivers
    1. Operational
      1. The business of health care is the delivery of care that is safe, timely, effective, efficient, and patient-centered within diverse populations.
    1. Clinical/patient safety
      1. Safety includes risks associated with the delivery of care to residents, patients, and other health care customers.
      1. Clinical risks include failure to follow evidence-based practice, mediation errors, hospital acquired conditions (HAC), serious safety events (SSE), and others. 
    1. Strategic
      1. Risks associated with the focus and direction of the organization; the rapid pace of change can create unpredictability
      1. Risks associated with brand, reputation, competition, failure to adapt to changing times, health reform, or customer priorities
    1. Financial
      1. Decisions that affect the financial sustainability of the organization, access to capital or external financial ratings through business relationships or the timing and recognition of revenue and expenses make up this domain.
      1. Risks might include costs associated with malpractice, litigation, and insurance, capital structure, credit and interest rate fluctuations, foreign exchange, growth in programs and facilities, capital equipment, corporate compliance (fraud and abuse), accounts receivable, days of cash on hand, capitation contracts, billing, and collection.
    1. Human capital
      1. Included are risks associated with employee selection, retention, turnover, staffing, absenteeism, on-the-job work-related injuries (workers’ compensation), work schedules and fatigue, productivity and compensation. Human capital associated risks may cover recruitment, retention, and termination of members of the medical- and allied-health staff.
    1. Legal/regulatory
      1. The failure to identify, manage, and monitor legal, regulatory, and statutory mandates on a local, state, and federal level. Fraud and abuse, licensure, accreditation, product liability, management liability, Centers for Medicare & Medicaid Services Conditions of Participation and Conditions for Coverage, as well as issues related to intellectual property.
    1. Technology
      1. Machines, hardware, equipment, devices and tools—can also include techniques, systems and methods of organization. Management information systems, electronic health records, social networking, and cyber liability.
    1. Hazard
      1. Insurable hazard risk related to natural exposure and business interruption.


Week Three Topic: Regulatory Standards and Risk Management Information for Decision Making

Objective 3.1: Explain how regulatory and accreditation standards affect the development of performance-management systems.

  1. Regulatory standards: a set of required minimum expectations of performance issued by government agencies that exercise authority over organizations to achieve compliance
    1. Regulatory standards designed to protect consumers
      1. Health Insurance Portability and Accountability Act (HIPAA) of 1996 – Public Law 104-191, Public Law 104-19, Public Law 104-191, 45 CFR Parts 160, 162, and 164, USDHHS: privacy and security of health information
      1. Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 – Public Law 111-5, 123 Stat 115: meaningful use of health information technology
      1. Patient Protection and Affordable Care Act (PPACA) of 2010 – Public Law 111-148, HR 3590: health care reform
      1. Emergency Medical Treatment and Labor Act (EMTALA) of 1986 – 42 CFR Parts 413, 482, and 489; CMS:anti-dumping in patient emergencies
      1. Sarbanes-Oxley Act (SOX) of 2002 – Title 15 USC Chapter 98: disclosure of financial information through the registration of securities
      1. National Research Act of 1974 established institutional review boards (IRB) – U.S. Department of Health and Human Services (HHS), 21 CFR part 56: research involving human subjects
      1. Patients’ Bill of Rights Act (various regulations and updates): continues to update and expand on patients’ rights and responsibilities
    1. Regulatory agencies in health care
      1. Centers for Medicare & Medicaid Services (CMS)
      1. Food and Drug Administration (FDA)
      1. Agency for Healthcare Research and Quality (AHRQ)
      1. Centers for Disease Control and Prevention (CDC)
      1. Occupational Safety & Health Administration (OSHA)
    1. Accreditation standards
    1. Accreditation agencies
      1. Joint Commission
      1. National Committee for Quality Assurance (NCQA)
      1. URAC
      1. Accreditation Association for Ambulatory Health Care (AAAHC)
      1. Community Health Accreditation Program (CHAP)
      1. Commission on Accreditation of Rehabilitation Facilities (CARF)
      1. Accreditation Commission for Health Care (ACHC)
      1. Healthcare Quality Association on Accreditation (HQAA)
      1. Certification Commission for Healthcare Information Technology (CCHIT)
    1. Other influential agencies
      1. Institute for Healthcare Improvement (IHI)
      1. National Academy of Medicine
    1. Effect on development of performance management systems
      1. Organizations’ success and sustainability is heavily dependent on maintaining compliance with regulatory requirements and achieving accreditation status.
      1. Customers, purchasers, funders, and other stakeholders expect and often require compliance with regulatory and accreditation standards as a prerequisite for purchasing products or services or conducting business. For example, accreditation may be required by Medicare and Medicaid for reimbursement.
      1. To meet these expectations and requirements, organizations must implement performance management systems to ensure compliance, manage risks, and continuously improve performance.
      1. Performance management systems provide the structure and outline the processes that may lead to the achievement of positive outcomes.

Objective 3.2: Analyze the information and information technology methods needed to make risk-management decisions in the health care industry.

  1. Organizational goals and objectives based on mission, vision, and values to guide decision-making
    1. Performance management data for factual decision-making
      1. Incident reports
      1. Quality and risk data
      1. Occurrence reports
      1. Customer survey information
      1. Reporting requirements
      1. Medical record review information
      1. Outcome data
    1. Interviews and discussions with stakeholders
    1. Evidence-based medicine and clinical guidelines
    1. Regulatory and accreditation standards
    1. Industry best practices
    1. Environmental factors
    1. Customer input
    1. Guidance from trusted consultants or industry experts
    1. Other information as determined to be relevant or useful

Week Four Topic: Enterprise Management and Corporate Compliance

Objective 4.1: Analyze risk management tools in the health care industry.

  1. Common risk-management and quality-management tools
    1. Flow chart
    1. Check sheet
    1. Run chart or control chart
    1. Bar chart
    1. Pareto chart
    1. Scatter diagram
    1. Histogram
    1. Cause-and-effect or fishbone diagram
    1. Failure mode and effects analysis (FMEA)
    1. Fault tree analysis (FTA)
    1. Five whys
    1. Other methods and frameworks used in quality management and risk management 
      1. Plan-do-check-act (PDCA) cycle
      1. Design, measure, assess, improve, and control (DMAIC)
      1. ISO 9000

Objective 4.2: Analyze challenges in making risk management decisions.

  1. Balancing the needs of all stakeholders
    1. Weighing the costs, level of effort, and investment of resources to achieve the best possible return on investment for the decision made
    1. Lack of trust in the validity or reliability of the data or a lack of data and information available for decision-making
    1. Not using a structured or methodical approach to decision-making to help guide the process  
    1. Insufficient buy-in or commitment from stakeholders
    1. Lack of time to thoroughly review the issues and make a well-informed decision
    1. Resorting to groupthink, the phenomenon where members of the group are more concerned with maintaining harmony and reaching consensus in the group than exploring divergent ideas or dealing with confrontation
    1. Making the best possible decision from the information available, with consideration given to other known or unknown factors
    1. Consideration of the challenges in translating decisions into actions to develop an approach that addresses resistance and leads to successful implementation

Week Five Topic: Risk Reporting and Risk Adjustment

Objective 5.1: Contrast formal and informal methods for reporting adverse events in health care organizations.

a. Formal risk identification methods are those that follow policies and procedures.

  1. Incident reporting
    1. Wrong site or wrong patient surgery
      1. Criminal acts
        1. Medication errors
        1. Falls
        1. Unexpected deaths
        1. Accidental punctures or lacerations
        1. Embolisms
        1. Pressure ulcers
        1. Hospital acquired infections
        1. Medical misadventures
    1. Focused occurrence reporting
      1. Missed diagnoses or misdiagnoses
      1. Surgically related occurrences
      1. Treatment- or procedure-related occurrences, such as reactions to contrast material used in a diagnostic procedure, undesirable exposure to X-rays, or burns resulting from improper use of hot packs 
      1. Left without being seen in the Emergency Department or return to the Emergency Department within a specified time period
      1. Blood-related occurrences, such as the wrong type of blood given to the patient, transmission of disease via infected blood, or improper use of blood or blood products
      1. Lack of adequate follow-up, such as failure to notify a patient of abnormal laboratory findings
    1. Informal risk identification methods are unstructured techniques that can provide valuable risk data.

1. Committee meeting minutes

a) Performance improvement

b) Quality assurance

  • Safety
    • Patient safety
      • Infection control
      • Bioethics
      • Departmental committees
        • Morbidity and mortality
        • Tissue review
        • Pharmacy
        • Therapeutics

2. Claims data

  • Survey report
    • Patient complaints
    • Patient satisfaction surveys
    • Rounding findings

Objective 5.2: Explain the role of risk adjustment in managing health care organizations.

a. Risk adjustment

  1. Risk adjustment allows meaningful comparisons of outcomes by accounting for patient-associated factors
    1. Differences in patients results in differences in expected outcomes
      1. Higher-risk patients
        1. Complex illnesses
        1. Co-existing diseases
        1. Greater risk factors
      1. Clinical outcomes are a function of intrinsic patient-related risk factors, treatment effectiveness, quality of care, and random chance
    1. Risk adjustment methods
      1. Methods used to set Medicare payments
        1. Diagnosis-related groups
        1. Medicare severity diagnosis-related groups
        1. Medicare severity long-term care diagnosis-related groups
        1. Resource usage groups
        1. Home health resource groups
        1. Case-mix groups
        1. CMS hierarchical condition categories
          1. CMS Hospital Compare
        1. Drug hierarchical condition categories
      1. Other methods
        1. 3M
          1. APR-DRGs
          1. Severity of illness
          1. Risk of mortality
        1. Thomson Reuters
        1. UHC-Premier
        1. Standard Form 36
          1. Subjective Functional Outcomes Assessment
        1. Pediatric
          1. Vermont Oxford Network
          1. Score for neonatal acute physiology
          1. Score for neonatal acute physiology perinatal extension
          1. Clinical risk index for babies
          1. Pediatric risk of mortality score
        1. Mental health
          1. Global assessment of functioning
          1. World Health Organization (WHO) disability assessment schedule
          1. Behavior and symptom inventory
        1. Long-term care
          1. Outcome and assessment information set

Tips for Success

  • It is vital to read all materials to discuss topics substantively. Be sure to include references where appropriate in your messages and assignments to substantiate the information you present.
  • When drawing on personal experiences from employment or other courses, be sure to cite specifics, such as your position title, the scenario, and the results.
  • The course design is evolving and not static. Discover how to weave learning from week to week. This strategy will help you internalize information and not simply memorize it in the short term. This also provides practice for how the work environment operates in a seamless and evolving fashion.
  • Be sure to ask questions privately or as part of your class and team discussion. Learning is not always about having the right answer but asking the right questions as well.
  • Use the grammar and spelling tools provided in the Center for Writing Excellence in the library.
  • Develop a weekly time management plan for meeting the requirements of this course. While work and personal schedules can be challenging, a time management plan will provide the assurance of regular attention to the demands and challenges of learning in this course.
  • Effective communication is often reflected by meeting timelines. Submitting assignments by their due date is great practice for professional etiquette and achieving assignment feedback not affected by a late penalty.
  • Team learning is managing a project as a group. There is recognition for individual and collective efforts.

Concept of Risk Management in Health Care