Inside the Fundamentals of Health Care Enterprise Risk Management

Risk management in the health care industry, including home health care, is critical in controlling and mitigating risk. Traditionally organizations have adopted a risk management model that involves risk identification, risk analysis, risk control, risk financing and claims management. As health care moves from hospital-based disease management to a combination of inpatient, outpatient and post-acute care delivery models, managing risk became more complicated. There hasn’t been clear coordination among the different silos within an organization to see the big picture and how each department or function can support the organization’s objectives and deliver value. As a result, enterprise risk management (ERM) has come into the forefront. 

ERM in healthcare, according to the American Society for Healthcare Risk Management (ASHRM), is defined as promoting “a comprehensive framework for making risk management decisions which maximize value protection and creation by managing risk and uncertainty and their connections to total value.” Each organization’s ERM framework depends on the organization’s culture, strategy, mission, vision and readiness to advance this model of managing risk, notes the ASHRM. 

The ASHRM ERM model focuses on specific types of risks in eight domains with the risk manager assisting each leader in addressing the issues in the various departments or functions. These domains include:

Operational: Relates to exposures resulting from inadequate or failed internal processes, people or systems. These may be risks related to staff and credentialing, documentation, practice deviations and others.  

Clinical/Patient Safety: Relates to delivery of care to patients and may involve medication errors and safety issues.

Strategic: Relates to risks that arise as organizations adapt to changes, such as health care reform, M&As, joint ventures, and other areas that carry potential strategic exposures. 

Financial: Relates to risks that may include costs associated with malpractice, litigation and insurance; capital structure, credit and interest rate changes; corporate compliance; billing and collection; and more.

Human Capital: Relates to an organization’s staff, including employee hiring, retention, turnover, termination, absenteeism, work-related injuries, work productivity, and compensation. 

Legal and Regulatory: Relates to local, state, and federal statutory mandates with risks that may arise from fraud and abuse, licensure, accreditation, product liability, management liability (D&O/EPLI), Medicare/Medicaid, and other issues.

Technology: Relates to risks including cyber liability and privacy issues from the use of technology for clinical diagnosis and treatment, data storage and retrieval, and asset preservation.

Hazard: Relates to natural catastrophes and business interruption risks along with fire, slips and falls, and other hazards.

Risk identification, analysis and control as with a traditional risk management approach are distributed across all eight domains in the ERM model and include individuals within each domain who have the expertise to share and help direct their efforts. For instance, in looking at the technology risks of an organization, the chief information officer will be the point person in helping to identify and mitigate exposures.

Integrating an ERM approach into everyday practice across all departments and functions helps to establish a disciplined approach to managing risk and protecting a health care organization’s well being. 

Manchester Specialty Programs specializes in providing agents and brokers with totally integrated business insurance solutions to meet the needs of Home Care, Allied Health and Human/Social Services organizations. For more information about how our products and services can help protect your insureds, please contact us at 855.972.9399.

Source: American Society for Healthcare Risk Management