Healthcare risk managers have the opportunity to engage leaders from across their organizations to think more broadly about maximizing value protection and managing risk that comes with uncertainty through the application of an enterprise risk management (ERM) framework. While the implementation of an ERM program might seem daunting to some, moving from a traditional risk management framework to an ERM framework may seem more achievable by using real life risk scenarios to engage leadership. By demonstrating the myriad risks one event can present across the organization and placing those risks into a domain context that addresses the issues, a “bigger picture” evolves. Risk managers can be leaders in the ERM journey by guiding stakeholders to move out of silos for problem solving and into an organization wide, collaborative decision-making process.
All entities face uncertainty. With uncertainty comes risk as well as the opportunity to create value by taking advantage of the synergies between all of the risk domains in an organization. To do so, risk managers must guide leadership to identify risk domains appropriate for the organization.
Implementing a comprehensive ERM program may take years. Each organization must develop its own timeline and plan, recognizing changes may be necessary to move toward a more risk-aware culture. Defining a risk appetite, articulating strategy and objectives, and conducting a risk inventory are some of the steps that will be taken along the way. As this work is started, demonstrating how a realistic risk event may impact the organization across domains is one strategy for introducing ERM concepts to leadership and key stakeholders.
Significant acts of workplace violence have been occurring with increasing frequency around the country. Using an example such as a hospital shooting directed at a staff member or physician, one can work through the domains to explore where risks to the organization may exist and highlight the value of an ERM analysis.
Using the ASHRM risk domains, the following examples help illustrate how an active shooting event has the potential to impact the entire organization. The possible risks identified in each domain will require leaders from across the organization to collaborate and develop solutions.
Operational risks – When an active shooting occurs, access to and egress from the hospital will likely be shut down. Communication pathways to employees and physicians should be previously established, and the message delivered will need to be clear, concise and timely. If staff members are unable to enter the hospital at shift change because the shooter hasn’t been located, how will they be contacted? There should also be an established process for communicating with patients who may not be able to arrive for scheduled surgeries or other procedures. Other operational functions may also be interrupted, such as deliveries, parking and ambulance access.
Clinical risks – These fall under one of two domains where there is a high risk of physical harm. Clinical risks may include the inability to care for an injured patient because staff members are injured or cannot access the hospital room, specific equipment or medication because the shooter’s location is unknown. Other clinical risks can include issues such as the general fear and anxiety from patients or staff being pulled to answer calls from family members.
Financial risks – Several potential causes of financial risks include possible litigation related to patient injuries or workers’ compensation claims filed by staff members with physical or emotional injuries. In addition, there is a risk of lost revenue due to patients not being able to come in for surgeries and other treatment, or from the downstream effect of reduced patient volume resulting from decreased consumer confidence in the facility. Among the risks to consider, there may also be the potential for a ransom demand if the shooter takes hostages.
Human capital risks – These risks are critical when considering the human capital needs in any healthcare facility. There is the potential for loss of life, short- and long-term disability, loss of confidence in leadership if emergency preparedness appears weak, and difficulty with recruitment and retention efforts due to the poor reputation for workplace safety.
Strategic risks – This type of event is sure to be reported in the news and can have a significant effect on the reputation of the hospital, depending on the outcome and the facility’s response. Loss of reputation, particularly in a competitive market, could be quite detrimental to the organization. Other risks may include inexperienced or unprepared media relations staff, the inability to manage the press that could descend on the facility and failure to respond to known threats in the community.
Technology risks – These risks could come in various forms such as those involving social media. There is the potential for patients or visitors to tweet from inside their rooms, post videos on YouTube and more. Additionally, failure to use equipment such as security monitors and alarms may be raised as an issue during the debriefing.
Legal and regulatory risks – After an event like this, regulatory agencies and accrediting organizations will likely appear quickly, and the hospital should be prepared to address both preparedness for and response to the event. These issues could further feed into loss of accreditation, loss of revenue and public reporting of facility deficiencies.
Hazard risks – This domain gets to the core of preparedness for this type of event – from a community assessment of risk to development and testing of a response plan.
While not all-inclusive, the more expansive view outlined above highlights the importance of proactively developing risk responses across the enterprise. It is important to understand that input from each stakeholder – whether the contribution is major or minor – will help position the risk manager to elicit buy-in for the ERM process. Even if the organization is not ready to take a deep dive into the ERM pool, risk managers can still capitalize on the opportunity to bring a wide range of stakeholders into the decision-making process. By continually demonstrating the value of this work, healthcare risk managers can help organizations transition to this new ERM model.
Ann Gaffey, RN, MSN, CPHRM, DFASHRM, SVP, Healthcare Risk Management and Patient Safety
Reference: 1) Carroll, R. An Enterprise Risk Management Playbook: An Implementation Guide for Healthcare Professionals, American Society for Healthcare Risk Management 2015.