Implementing a successful risk management program
More and more healthcare organizations are implementing enterprise risk management (ERM) because of its effectiveness at cultivating cultures of shared responsibility, at improving efficiency, compliance and profitability, and for its adaptability to suit each company’s size and structure. In all cases, it begins with the steady, ongoing involvement of leadership in every department and area of operations.
For organizations to sustain and reap the benefits of ERM over the long term, there are three keys to implementation. These include: (1) keeping the program up-to-date, (2) a commitment to continually train and educate staff, and (3) incorporating ERM into the organization’s policies and procedures.
1. Keep programs up-to-date
To help sustain a robust and effective ERM program over the long term, organizations should ensure that the program remains current with all applicable laws, regulations and standards. Risk assessment and management practices should assure the timely implementation of any new regulations, and for periodic review and adjustments, as necessary.
And because bad things can happen even to the best of companies, emergency plans should be reviewed and updated on a regular basis. Emergency plans should account not only for the physical safety of clients and staff, but also for facilities, records and data.
Where data security is concerned, organizations should plan to respond quickly and purposefully in the event of a data breach that compromises customers’ confidential information and/or an organization’s financial or employment records.
2. Continuous employee training
ERM programs are most effective when every employee — in every department and at every level — understands and embraces the concept of their fully shared responsibility for identifying and mitigating risks. ERM should be baked into organizational culture.
With this in mind, organizations should commit to train employees on the principals of ERM beginning with the onboarding process. In addition, education and training should take place at regular intervals, to refresh employees’ orientation to the ERM program.
Education programs should reinforce the risk management responsibilities of each individual role and how effective risk management benefits every client and employee, and strengthens the organization as a whole. Likewise, education programs should reinforce how the negative impacts of risk-related incidents tend to cascade across department functions and throughout the organization. In other words, “We are all in the business of risk management.”
3. Policies and procedures
Incorporating the principals of ERM into the organization’s policies and procedures helps ensure the program’s ongoing success. This includes applying a full array of methods to help identify risks — including traditional methods such as claims history, incident and employee injury reports, and customer complaints, as well as non-traditional methods such as brainstorming, focus groups, interviews, and patient satisfaction surveys.
Every process and procedure — from patient evaluation, admission, care planning, to discharge — should account for risk evaluation and mitigation. Whether it is preventing falls or pressure ulcers, the safe administration of meds, home safety assessments, or data security, ERM effectively promotes safety throughout the care continuum.
The following resources offer a variety of helpful information on enterprise risk management, including templates for developing risk management plans in healthcare organizations:
- Federal Emergency Management Agency (FEMA)
- Centers for Disease Control and Prevention (CDC)
- Centers for Medicare & Medicaid Services (CMS)
- American Society for Healthcare Risk Management (ASHRM)
- The Risk Management Society (RIMS)
We understand the issues facing today’s healthcare organizations and can help you identify solutions that reduce risks. Contact us today to find out more.