Skip to Content

Expanding the Role of Healthcare Risk Management

In the 1970s, the concept of financial risk management evolved and risk managers used insurance to manage operational losses. Clinical risk management emerged as a means to proactively prevent and minimize losses, and the American Hospital Association organized the Hospital Association of Hospital Risk Managers, now called the American Society for Healthcare Risk Management (ASHRM). In the 90s, another new kind of risk management, enterprise risk management (ERM), started to gain traction, but the healthcare industry was slower to adopt this approach. In 2011, this changed as ASHRM began efforts to educate its members and advance the practice of enterprise risk management, suggesting a modified model to meet the needs of the healthcare industry. At the recent ASHRM conference in Seattle, session content described how clinical risk managers across the country are utilizing the enterprise risk management approach. Is it changing the role of the clinical risk manager?

Numerous factors are forcing healthcare organizations to evaluate operational efficiencies – economic, regulatory, technology, changes in healthcare delivery, resource availability including staff, and even politics are some of these drivers. Maximizing profits, or at least not operating at a loss, has long been at the forefront of business objectives. However, how much risk can or should be taken to achieve this objective? Not all risk is inherently bad. Since tolerance for risk varies from organization to organization, organizations should consider both the upside and downside of risk. This involves a comprehensive evaluation of all areas of operation. While patient safety is an important aspect of the responsibilities of healthcare risk managers, innovations in technology, regulatory compliance, and other supportive functions have also been shown to play a vital role in a comprehensive risk management program. Therefore, many risk managers are now looking beyond clinical care to adopt an enterprise risk management strategy.

ASHRM has identified eight operational domains to consider when using the ERM philosophy – operations, clinical/patient safety, strategy, finances, human capital, legal/regulations, technology, and hazards. It takes a comprehensive approach to the assessment of risks.

Traditional risk management typically involves adopting key risk principles – problem identification, analysis of the issue, controlling the exposure, risk financing, and claims management – often using a departmental approach, managing one quantifiable risk at a time to achieve asset preservation. An enterprise approach involves some of the same principles. However, rather than departments and individuals, the focus is on organizational systems and processes. There is less emphasis on mitigating risk, and more on being proactive and creating value. While not every risk is predictable, the ERM model uses both quantitative and qualitative tools to determine possible outcomes and choose the best approach for optimizing organizational performance. ASHRM has identified eight operational domains to consider when using the ERM philosophy – operations, clinical/patient safety, strategy, finances, human capital, legal/regulations, technology, and hazards. It takes a comprehensive approach to the assessment of risks. As with any new approach, ERM requires the support of the board and senior leadership. Additionally, if there’s not a general awareness of ERM concepts within the organization, a readiness assessment should be conducted. 3

Risk Management

One problem with which risk managers have struggled is demonstrating the value of risk management – how can you quantify what didn’t happen because it was prevented? Benchmarking and measurements help risk managers accomplish this objective. How can an ERM business case be made? ERM also involves the opportunity to create value. Establishing key risk and performance indicators will demonstrate success in meeting your ERM objectives. If it can also demonstrate cost savings, then it will speak to those individuals charged with managing the organization’s financials. Here are a few examples of making a business case:

  • Measure and attribute a decrease in workers’ compensation costs to improvements in safety, wellness, and return to work programs.
  • Demonstrate a reduction in non-payment of preventable adverse events and other hospital-acquired conditions.
  • Work with your broker or insurance carrier loss control consultants to acquire risk management credits that favorably affect your cost of insurance.

While data is important, healthcare risk managers must also enhance their visibility in their organizations in other ways. Here are some ideas:

  • If your organization is ready for ERM, become knowledgeable in the process and design your own ERM program. While there’s no one right way, ASHRM’s resources will assist you in designing your framework. Identify a champion to support your efforts, define your vision and objectives integrating the organization’s strategic plan, and designate ERM program committees that you may already have in place. Next, identify some cross-functional (domains) team members, risk tools, your performance metrics, and then write your plan.
  • Look for opportunities to grow into a chief risk officer role through increasing your knowledge of business and risk financing; offer to take a role in handling your organization’s insurance program if that is not already part of your current responsibilities.
  • Participate in board of director meetings providing information on internal risk management issues, how the issues are being addressed, and industry trends. Tie ERM into areas the board is concerned about, like financial performance and successful implementation of a strategy that meets organizational objectives.
  • ERM doesn’t mean you have to do everything yourself, you have a team. Start small. Facilitate a micro ERM project, the success of which can demonstrate your knowledge and the process’ integrity. Select a risk issue that involves multiple domains or departments and may not require a large expenditure to address (for example, medication reconciliation or implementation of an animal assistive intervention program).
  • Develop some new best friends – in human resources, compliance, internal audit, etc. Concentrate on services that you currently may not have much connection with if your focus is solely on clinical risk.
  • Obtain additional certifications like the Associate in Risk Management and ARMe (new program in enterprise risk management).
  • Demonstrate your risk management expertise when a new line of service is being considered or when a new facility is being acquired. For example, many organizations are considering virtual clinics.
  • Meet regularly with senior leadership (and your new best friends) to view risks across all domains, discuss activities, and the impact of your efforts on organizational safety and the bottom line.
  • Take the lead or participate on committees and education programs backing important initiatives.
  • Be active in professional associations and organizations sharing trends in healthcare risk management with work colleagues.

The American Society for Healthcare Risk Management (ASHRM) recognizes healthcare Risk Management Week every year during the third week in June. However, risk managers should take steps to demonstrate that risk management is a valued discipline that affects every aspect of a healthcare organization’s operations every day of the year. The term “enterprise” risk management has never been more appropriate.

References and Resources:

  1. American Society for Healthcare Risk Management, Enterprise Risk Management Certificate program – October 20-21, 2017.
  2. ASHRM An Enterprise Risk Management Playbook 2015.
  3. ASHRM Enterprise Risk Management Readiness Assessment Questionnaire –
  4. ASHRM Enterprise Risk Management: A Framework for Success, 2014,
  5. ASHRM Enterprise Risk Management for Boards and Trustees: Leveraging the Value,

The views and opinions expressed within are those of the author(s) and do not necessarily reflect the official policy or position of Parker, Smith & Feek. While every effort has been taken in compiling this information to ensure that its contents are totally accurate, neither the publisher nor the author can accept liability for any inaccuracies or changed circumstances of any information herein or for the consequences of any reliance placed upon it.

Return to Articles index