The demand for and importance of health services has increased due to the aging of the population, and health organizations have a special responsibility to society. In healthcare, managing different risks – safety, malpractice, or finance – is integral to the work processes. Risks include any phenomena that can lead to unexpected negative results, particularly losses. Consequently, risk management (RM) focuses on analyzing current processes and identifying weaknesses to take preventive measures for risks elimination. Key actions on RM can be taken at the organization’s executive level, and CEO plays a vital role in this process. Although various RM strategies have already been established in health organizations, their effect can be limited in a rapidly changing environment, and it is essential to consider multiple approaches.
Risks in healthcare organizations are primarily concentrated around patient safety. By ensuring customer safety and reducing medical errors, hospitals follow their mission and protect themselves from financial liability to patients (NEJM Catalyst, 2018). However, the world is changing, which also affects the provision of medical services. In particular, technology is increasingly being introduced into health care, and privacy risks now require more attention than before. As medical science develops, the political and regulatory components change. Other significant changes relate to the emergence of new risk-bearing models that increase financial risks for service providers (NEJM Catalyst, 2018). Moreover, such a crisis as the world pandemic COVID-19 caused significant losses to hospitals and jeopardized the financial viability of hospitals. To react to the challenges of the pandemic, health organizations were forced to close outpatient departments and cancel patient appointments (Khullar et al., 2020). Given the number of potential risks and their ongoing transformation, (RM) is vital to the functioning of hospitals.
RM protects healthcare providers from incidents and financial losses and improves the organization’s reputation by maintaining a high quality of services provided. RM includes the identification of existing risks, their assessment, and risk mitigation actions (Ferdosi et al., 2020). Therefore, the first step in the RM process is risks identification and classification. Ferdosi et al. (2020) argue that risks can be internal and external, and their classification tools are intra-organizational, inter-organizational, and retrospective-prospective. Researchers divide analysis and risk assessment models into levels:
- High level: These tools look at many scenarios in detail and include the following examples – Six Sigma, Clinical Risk and Error Analysis (CREA), and other models.
- Middle level: Tools provide less information for analysis – Health failure mode and effect analysis (HFMEA), root cause analysis (RCA), and other techniques.
- Low level: Tools use a limited amount of information – human reliability assessment (HRA), hazard checklists (HCl), and similar models.
After analyzing and evaluating threats, organization management selects a strategy for its treatment. Ferdosi et al. (2020) highlight strategies such as avoidance, reduction (including prevention and mitigation), sharing, and acceptance. Arvin (2019) highlights the same strategies, confirming their prevalence in use. Avoidance involves actions directed at risk elimination at its source. Reduction, which includes the two mentioned approaches, is applied when the complete elimination of the threat is impossible, but the organization can reduce the frequency of risk and severity of its consequences. Risk sharing occurs when another entity, such as an insurance company, assumes responsibility. Risk acceptance is applied when it is impossible to take other actions as avoidance or sharing. Arvin (2019) adds an exploiting strategy that implies that the organization uses the risks discovered as an opportunity to improve its practice. Various approaches are applied depending on the context of the risk, its type, and complexity.
The risks described earlier are different and often addressed by the particular departments. For example, IT deals with data privacy matters and financial units – with monetary issues. Arvin (2019) notes that such a separated approach is ineffective, and it is necessary to combat risks in a coordinated manner. To do this, experts propose an Enterprise Risk Management (ERM) strategy that extends traditional RM to see the big picture (Arvin, 2019; NEJM Catalyst, 2018; Etges et al., 2019). ERM aims to find and reduce all risks that the organization may encounter. Within this approach, management can make RM decisions for the benefit of the entire organization, even if they are not in the interests of the individual unit (Etges et al., 2019). Applying this approach to RM planning, the organization should use each of the described strategies for risk treatment, considering it from different perspectives (Arvin, 2019). ERM covers the entire organization and better supports the financial well-being of the health entity.
In conclusion, one of the necessary actions to improve the quality and effectiveness of medical services is the use of the RM system. Risks to patients, staff, and organizations are widespread in the health sector, and they all bring financial losses to the institution threatening its ability to work. RM allows them to identify, assess the complexity of the consequences and the frequency of risk, and develop tactics of counteraction. Once the risk is identified and evaluated, the CEO can choose the most appropriate strategy – avoidance, reduction, sharing, acceptance, or exploiting. Researchers have recently been considering an integrated approach to RM – ERM. It helps to find and eliminate more risks, thereby preventing significant financial losses.
Arvin, M. (2019). Mastering risk: How healthcare organizations can tap into the power of enterprise risk. Healthcare Financial Management Association (HFMA). Web.
Etges, A. P. B. D. S., de Souza, J. S., Kliemann Neto, F. J., & Felix, E. A. (2019). A proposed enterprise risk management model for health organizations. Journal of Risk Research, 22(4), 513-531. Web.
Ferdosi, M., Rezayatmand, R., & Molavi Taleghani, Y. (2020). Risk Management in executive levels of healthcare organizations: Insights from a scoping review (2018). Risk Management and Healthcare Policy, 13, 215–243. Web.
Khullar, D., Bond, A. M., & Schpero, W. L. (2020). COVID-19 and the financial health of US hospitals. Jama, 323(21), 2127-2128. Web.
NEJM Catalyst. (2018). What is risk management in healthcare? New England Journal of Medicine (NEJM) Catalyst. Web.