- About PS&F
- Industry Focus
- Client Tools
- Education & Events
November 14, 2017
In the 1970s, the concept of financial risk management evolved and risk managers used insurance to manage operational losses. Clinical risk management emerged as a means to proactively prevent and minimize losses, and the American Hospital Association organized the Hospital Association of Hospital Risk Managers, now called the American Society for Healthcare Risk Management (ASHRM). In the 90s, another new kind of risk management, enterprise risk management (ERM), started to gain traction, but the healthcare industry was slower to adopt this approach. In 2011, this changed as ASHRM began efforts to educate its members and advance the practice of enterprise risk management, suggesting a modified model to meet the needs of the healthcare industry. At the recent ASHRM conference in Seattle, session content described how clinical risk managers across the country are utilizing the enterprise risk management approach. Is it changing the role of the clinical risk manager?
Numerous factors are forcing healthcare organizations to evaluate operational efficiencies – economic, regulatory, technology, changes in healthcare delivery, resource availability including staff, and even politics are some of these drivers. Maximizing profits, or at least not operating at a loss, has long been at the forefront of business objectives. However, how much risk can or should be taken to achieve this objective? Not all risk is inherently bad. Since tolerance for risk varies from organization to organization, organizations should consider both the upside and downside of risk. This involves a comprehensive evaluation of all areas of operation. While patient safety is an important aspect of the responsibilities of healthcare risk managers, innovations in technology, regulatory compliance, and other supportive functions have also been shown to play a vital role in a comprehensive risk management program. Therefore, many risk managers are now looking beyond clinical care to adopt an enterprise risk management strategy.
ASHRM has identified eight operational domains to consider when using the ERM philosophy – operations, clinical/patient safety, strategy, finances, human capital, legal/regulations, technology, and hazards. It takes a comprehensive approach to the assessment of risks.
Traditional risk management typically involves adopting key risk principles – problem identification, analysis of the issue, controlling the exposure, risk financing, and claims management – often using a departmental approach, managing one quantifiable risk at a time to achieve asset preservation. An enterprise approach involves some of the same principles. However, rather than departments and individuals, the focus is on organizational systems and processes. There is less emphasis on mitigating risk, and more on being proactive and creating value. While not every risk is predictable, the ERM model uses both quantitative and qualitative tools to determine possible outcomes and choose the best approach for optimizing organizational performance. ASHRM has identified eight operational domains to consider when using the ERM philosophy – operations, clinical/patient safety, strategy, finances, human capital, legal/regulations, technology, and hazards. It takes a comprehensive approach to the assessment of risks. As with any new approach, ERM requires the support of the board and senior leadership. Additionally, if there’s not a general awareness of ERM concepts within the organization, a readiness assessment should be conducted. 3
One problem with which risk managers have struggled is demonstrating the value of risk management – how can you quantify what didn’t happen because it was prevented? Benchmarking and measurements help risk managers accomplish this objective. How can an ERM business case be made? ERM also involves the opportunity to create value. Establishing key risk and performance indicators will demonstrate success in meeting your ERM objectives. If it can also demonstrate cost savings, then it will speak to those individuals charged with managing the organization’s financials. Here are a few examples of making a business case:
While data is important, healthcare risk managers must also enhance their visibility in their organizations in other ways. Here are some ideas:
The American Society for Healthcare Risk Management (ASHRM) recognizes healthcare Risk Management Week every year during the third week in June. However, risk managers should take steps to demonstrate that risk management is a valued discipline that affects every aspect of a healthcare organization’s operations every day of the year. The term “enterprise” risk management has never been more appropriate.
References and Resources:
1. American Society for Healthcare Risk Management, Enterprise Risk Management Certificate program – October 20-21, 2017.
2. ASHRM An Enterprise Risk Management Playbook 2015.
3. ASHRM Enterprise Risk Management Readiness Assessment Questionnaire – http://www.ashrm.org/resources/pdf/ERM-Readiness-Assessment-Questionnaire_FINAL.pdf
4. ASHRM Enterprise Risk Management: A Framework for Success, 2014, http://www.ashrm.org/pubs/files/white_papers/ERM-White-Paper-8-29-14-FINAL.pdf
5. ASHRM Enterprise Risk Management for Boards and Trustees: Leveraging the Value, http://www.ashrm.org/resources/pdf/ERM-for-Boards-and-Trustees.pdf
The views and opinions expressed within are those of the author(s) and do not necessarily reflect the official policy or position of Parker, Smith & Feek. While every effort has been taken in compiling this information to ensure that its contents are totally accurate, neither the publisher nor the author can accept liability for any inaccuracies or changed circumstances of any information herein or for the consequences of any reliance placed upon it.