Being a hospital Risk Manager carries an enormous amount of responsibility. Risk Managers work tirelessly to proactively prevent situations that can result in losses, harm or liability. These risks can include patient privacy breaches, medical errors, hazardous conditions, financial and personal liability and non-compliance with governing healthcare agencies such as the OIG and Medicare.
In healthcare, risk management professionals play a key strategic role as they hold responsibility for not only preventing situations but also for executing damage control. With human lives at stake, risk management helps to reduce patient health risks as well as financial and liability risks.
Before we look at the top five priorities that every healthcare risk manager should be focused on today, let’s take a closer look at what do risk managers do? Depending on the healthcare facility, their role may differ slightly, but standard functions include risk financing, event and incident management, regulatory, statistical analysis, insurance, claims management, clinical and business issues. Risk Managers are accountable for taking both a proactive and reactive approach to their work. Identifying potential risks while promoting safety events is a crucial aspect of their role.
Risk management is essential in highly regulated industries like healthcare given human lives are at stake. With healthcare in constant flux as new regulations are published, the rise of weather and climate disasters, and the effect of technology, Risk Managers need to focus on these five priorities.
1. Improving Patient Safety and Quality
With the focus being directed towards value-based care risk managers and quality managers must rally around patient safety. Collaboration across these two disciplines is key to delivering safe, high-quality patient care while minimizing risk. Access to critical information at the time of patient care is paramount for the proactive management of safe care delivery. Providing frontline staff with easy access at any time from anywhere to the most current policies and procedures is one approach Risk Managers can take to proactively mitigate the risk of medical errors at the time of patient care.
Medical errors are the third-leading cause of death after heart disease and cancer. A recent Johns Hopkins study claims more than 250,000 people in the U.S. die every year from medical errors. Other reports claim the numbers to be as high as 440,000.
Providing caregivers with access to critical information within seconds enables them to provide the best care possible improving patient safety and quality. Access to an online repository of the most current policies and procedures that can be easily searched and linked with evidence-based content can dramatically improve the patient experience and safety.
Often Risk Managers are responsible for developing the framework to successfully lead the organization through the process of accreditation with the various industry governing bodies such as The Joint Commission, HIROC, DNV, CAP, HFAP, and others. Ensuring that policies, processes, and procedures are up-to-date in accordance with industry and regulatory standards is key to being compliance ready and improving patient safety. Leading health systems are deploying technologies that enable them to receive real-time email notifications that contain information about the regulatory change and their corresponding policies that need to be updated to support the regulatory change. This approach drives greater transparency across all key stakeholders, reduces the risk of non-compliance and costly time-consuming requirements for improvement.
3. Vendor Risk Management
With the OIG laying down fines of $11,000.00 USD or more for every claim filed for services performed by sanctioned or excluded vendors or individuals, healthcare providers need to proactively mitigate their risk by conducting real-time monitoring or audits on their third-party business associates, vendors, contractors, and employees. Not only are the fines steep, but corporate reputations are at risk. Conducting pre-contract risk prevention is critical. Developing credentialing strategies that include risk audits of third-party vendors is vital to protect patients from harm, and to uphold corporate due diligence. Risk managers are responsible for governing the protocols and policies related to the hiring practices involving external vendors, business associates, and employees. Not only should they be working with other key stakeholders such as Human Resources, Supply Chain, Legal, and Materials Management to identify and determine meaningful policies to put into place, but Risk Managers should take an active role in evaluating potential technologies to streamline the validating and ongoing monitoring of third-party business associates across the federal and state sanction databases (FAC, FDA, LEIE, and SAM). Technologies such as Integrity Manager, enable healthcare professionals to automate continuous real-time third-party vendor integrity checks and audits associated with security and compliance risks.
4. Financial Risk
An area often overlooked by Risk Managers is contract management. However, the financial risk of lousy contract management is high. Risk Managers are not usually associated with the negotiations or administration of contracts; however, given the number of agreements that a healthcare provider has in place, this is one area that requires examination. Missed contract renewals can have a negative impact on the bottom line and contracting to conduct business with organizations or individuals who are listed on the exclusions and sanctions list can have long-lasting effects on a health system or hospital. Risk Managers need to understand how contracts are managed and the due diligence practices being executed to proactively prevent risk associated with vendors, finances and the overall business. Working alongside their procurement, supply chain, and material management counterparts, Risk Managers need to understand the entire contract management process to minimize any potential risks associated with bad contract management.
5. Data Security
From 2010 to 2016, the number of large-scale data breaches at American healthcare organizations increased 65%, according to reports from the Department of Health and Human Services Office of Civil Rights. Risk Managers need to focus on developing strategies and working closely with their IT counterparts to ward off cyber attacks that affect the business. Hackers are getting smarter and smarter, and PHI data is highly coveted by black market data thieves. You may recall the Anthem breach that compromised personal information on 78.8 million members and employees. Anthem said that hackers had breached one of its databases and gained access to member and employee data including names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses. More significant investments by healthcare providers around cybersecurity are needed to mitigate the risk associated with data breaches, potential costly lawsuits, and damage to the healthcare facilities’ reputation. All of which can be financially crippling. Comprehensive strategic cybersecurity coalitions within healthcare systems and facilities should be formed to examine the potential risks and launch prevention plans.
Risk is everywhere. Conducting business in an ever-evolving diverse digital world amplifies risk across the health system if the proper governance, due diligence, and systems are not deployed to intercept risks before they become problems.