This paper examines risk management as a vital component of healthcare governance. It defines risk and risk management within the clinical and administrative context, drawing on the Joint Commission's framework, and explores the rising financial costs organizations face when risk management is inadequate. The paper surveys key government regulations — particularly HIPAA — alongside state and international requirements, and outlines the role of interest groups such as the JCAHO and the AMA in safeguarding patient rights. The paper concludes with practical recommendations for building a culture of compliance and ethical conduct through comprehensive planning, staff education, and technology-enabled reporting systems.
Risk exists in any endeavor. Many people drive every day risking a traffic collision, others live in areas where the risk of spring tornadoes is extreme, and still others work around high-power electric lines. The question to ask is: how can a person moderate the risks they face each day? Ensure the vehicle is performing at optimal capacity and that driving is undistracted and intentional. Ensure that a safe place exists nearby in the event of dangerous weather. Follow all of the safety regulations that accompany the work of an electric company lineman. Essentially, people need to be alert and responsive to the situations that present themselves. Individuals must also understand that they have addressed all but the most unforeseen eventualities — such as making sure the car they drive is properly maintained.
For a business, the risks can be equally pressing. The healthcare industry has taken precautions for many years to protect the rights of the people who patronize health services. Societies license healthcare providers at all levels, hospitals are governed by both governmental and association rules, and patients have the expectation that they will receive the best care available. But is that always the case? Even within the best healthcare system in the world, issues still present themselves. The science of risk management is fraught with difficulty because not every risk is readily apparent. What follows is a discussion of risk management as it relates to the healthcare industry.
Defining risk and risk management as they apply to healthcare is the first important step. Risk is "the possibility of a loss or other adverse event that has the potential to interfere with an organization's ability to perform its mandate" (Miller, 2010). This could be a patient safety issue, a failure to ensure that adequate facilities and tools for care are available, or mistakes by personnel. Risk management is "clinical and administrative activities undertaken to identify, evaluate, and reduce the risk of injury to patients, staff, and visitors and the risk of loss to the organization itself" (Miller, 2010). This definition, drawn from the Joint Commission, covers all manner of situations that could affect risk within a healthcare organization.
The cost of doing business for healthcare organizations is rising, especially when they do not have a comprehensive risk management plan in place (Ethics Point, 2010). According to research, the issue facing many organizations is not that they fail to manage risk, but that they do not do so efficiently. This inefficiency causes the costs of risk management to rise (Ethics Point, 2010).
Because of the heavy cost of manpower required to manage intense regulation, the efficiency cost stemming from lack of proper planning, and the overall larger costs generally associated with healthcare, providers have been hit hard by additional costs incurred through poor risk management. In 2008, the average healthcare agency lost seven percent of its revenue due to fraud (Ethics Point, 2010). Regulations such as HIPAA carry severe penalties, and access breaches increase every year (Ethics Point, 2010). With each breach of a patient's file come heavy fines that must be absorbed into a company's bottom line. Another consequence of these breaches of personal information is that patients seek care elsewhere. This creates a real loss of revenue that is difficult to recover due to the subsequent loss of credibility (Ethics Point, 2010). Other costs associated with poor risk management include loss of staff, overtime expenses to address an issue, and the cost of updating infrastructure — such as IT systems and building code violations — to meet new requirements (Truarx, 2011).
Most healthcare agencies respond reactively when a threat is realized. A sound risk management plan would have reduced the likelihood of such an occurrence, but many organizations do not maintain one sufficient to address all contingencies. As a result, the costs of managing risk rise while reactive measures are hastily implemented when problems occur.
"HIPAA and federal, state, international rules"
"Watchdog organizations and accreditation bodies"
"Strategies for compliance and risk reduction"
Always verify citation format against your institution’s current style guide requirements.