How To Develop An Effective Hospital Risk Management Program

hospital (2)

Risk management is a planned and a structured process aimed at helping the project team make the right decision at the right time to identify, classify, quantify manage and control risks.

Defined broadly, hospital risk management is concerned with a t variety of issues and situations that carry potential liability or casualty losses for an institution. An effective risk management program in a hospital requires certain fundamental building blocks which include: key structural elements, sufficient scope to cover all applicable categories of risk, appropriate risk strategies, and written policies and procedures. This article focuses on those building blocks; giving the novice risk manager guidance on how to develop an effective risk management program; and the mature risk manager a program overview that can be used as an assessment guide.

Key Structural Elements

The structural elements are those program components that enable the risk manager to develop and enforce the risk management plan and enact needed changes in policy. The scope of risk to be covered includes an examination of risks associated with;

  • Patients, medical staff, employees, government bodies, property, automobiles, and;
  • Other things that subject the health care organization to potential liability or the threat of loss.

The exact structure of a given healthcare organization’s risk management program depends on the size and complexity of its facilities as well as the scope of patient care and other services it offers. However, several key structural components are necessary for any healthcare risk management program to succeed. The pillars include; authority, visibility, communication, coordination and accountability.

Scope of Risk Management Program

The primary purpose of a healthcare risk management program is to protect the healthcare organization against loss. Therefore, one of the building blocks of an effective program is sufficient scope to cover all potential sources of risk.

Although many risk managers tend to focus on the professional liability aspects of healthcare risk management; the discipline extends into many other areas that are equally important to the survival of the modern healthcare organization.

To be truly comprehensive, a risk management program must address the full scope of the following categories of risk:

  • Patient care related risks: Patient care risk management, including information gathering, loss control efforts, professional liability risk financing, and claims management activities; forms the core of most healthcare risk management programs. Although most patient-related risk management activities focus on direct clinical patient-care activities and the consequences of inappropriate or incorrectly performed medical treatments; other important patient-related issues include:
    • Confidentiality and appropriate release of patient medical information.
    • Protection of patients from abuse and neglect and from assault by other patients, visitors or staff.
    • The securing of appropriate informed patient consent to medical treatment.
    • Protection of patient valuables from loss.
    • Appropriate triage, stabilization and transfer of patients to emergency departments.
  • Medical staff-related risks: These relate to the risks experienced by clinical staff. It is imperative that the healthcare organization risk manager includes physicians in clinical loss prevention and claims management programs, and elicits their support of overall risk management activities. Risk management concerns stemming from the unique relationship between a health care organization and its medical staff merit the risk manager’s particular attention. Of special importance are:
    • Medical staff peer review and quality improvement activities.
    • The confidentiality and protection of the data generated through such processes.
    • The medical staff credentialing, appointment, and privileging processes.
    • Medical staff disciplinary proceedings and related issues of due process, antitrust, and restraint of trade.
  • Employee-related risks: Several issues relating to the employment of personnel deserve the health care risk manager’s attention. Of obvious importance are maintaining a safe work environment for employees, reducing the risk of occupational illness and injury, and providing for the treatment and compensation of workers who suffer on-the-job injuries and work-related illnesses. In this regard, it is important that the risk manager maintain a working knowledge of state regulations promulgated by the Occupational Safety and Health Administration (OSHA). This will allow the risk manager to work effectively with the human resources department, employee health nurse, and designated safety officer.


  • Property-related risks: Complex healthcare institutions have significant property assets, including large hospital and clinic structures, medical office buildings, and valuable medical and data processing equipment. It is incumbent upon the risk manager to protect these assets from risk of loss due to fires, floods, windstorms, earthquakes, and other perils that may damage or destroy such property. In addition, healthcare institutions typically maintain a large volume of paper and/or electronic records—patient medical, business, and financial—that are essential to the ongoing operations of the entity and that must be protected from damage or destruction.


  • Financial risks: Although the ordinary business risks associated with new ventures or services and the continued financial viability of the organization’s existing operations traditionally are considered to be outside the sphere of risk management concerns, there are at least two areas of financial risk with which the risk manager should be concerned. They include;
  • The directors and officers of healthcare organizations, like those of other corporate entities, may face liability imposed by suits from shareholders or others alleging inappropriate conduct in the fulfillment of their respective duties. Bylaws frequently require the entity to defend and indemnify its directors and officers for such claims. Likewise, the entity itself may face similar actions. It is therefore important for the risk manager to understand the corporate structure of the organization; any requirements imposed by charter, bylaws, or other documents; and the opportunities to transfer such risks through policies of insurance in order to adequately protect the organization’s assets.
  • Risk managers who represent the interests of healthcare providers who contract with Managed Care Organizations (MCOs) on an “at-risk” basis (typically through capitated payment arrangements) need to consider available options for limiting the financial risks inherent in such agreements. These risks may be characterized as either specific, in which the costs associated with providing care to an individual plan subscriber greatly exceed expectations; or aggregate, in which the total costs of providing required healthcare services under the plan agreement are higher than anticipated.

Risk Management Strategies

Risk management strategies represent the mix of techniques employed to prevent or reduce losses and preserve the organization’s assets. These include;

  • Identify and analyze loss exposures
  • Consider alternative risk management techniques
  • Select what appears to be the best risk management technique or combination of techniques
  • Implement the selected technique(s)
  • Monitor and improve the risk management program

Development of effective standard operating procedures: An effective risk management program needs to be documented as a policy to provide and maintain the procedures that shall be used in the hospital in strict conformity. The guide consists of systematic and industry-wide general guidelines that should be adopted by the hospital that is keen on firming up their risk management program to aid in their service delivery as well as define responsibility and approval limits. This is geared to reducing risks that might emanate as a result of professional negligence and cost the organization greatly.

Way Forward

Establishing a risk management program is not a simple task, particularly in today’s complex healthcare environment. Assessment of the healthcare organization’s internal and external relationships and forces will provide an overview of the issues the risk management program must address.

Obtaining commitment to the program from all levels of the organization, top to bottom, can be a slow process in some instances; but must be achieved for full integration to occur. Translating a written plan into functional risk management processes requires excellent collaboration and facilitation skills. No matter how well defined the risk management plan is, the program will always be “getting started” as it adapts to the changes in healthcare sector.

Author: Eddie Opiyo