Enterprise Risk Management (ERM) Leadership Operational Patient Safety/Clinical Care Strategic

Insights into Organizational Risk Assessment

Improving health care risk management processes and systems is ongoing. Leigh Ann Yates, AIC, MBA, CPHRM, DFASHRM, offers insights into her experiences as an outside expert coming in to assess a health care organization’s effectiveness at risk, quality, safety and compliance management. Her job is to help businesses understand the gap between where they are and where they need to be.

Yates uses many layers of analysis to help organizations pursue higher levels of quality and safety for patients. Her initial assessment is based on the American Society for Healthcare Risk Management (ASHRM) Enterprise Risk Management (ERM) domains: operational, clinical/patient safety, strategic, financial, human capital, legal/regulatory, technology and hazard. Her process includes looking at infrastructure and business model design, and identifying internal and external resources that will help position an organization for success. Time management and avoiding recreating the wheel are integral to her approach

Her layers of analysis in purposeful order are:

  1. Organizational mission, vision, values, and objectives

Determine whether leaders and staff have knowledge of the organization’s goals and objectives, which need to be understandable, reasonable and attainable. Yates points out that if you don’t fully understand the goals and the aim, you may be spending a great deal of time working on the wrong things. 

Annually leaders should brainstorm to define which goals are most important in taking the organization to the next levels of success. Patient safety and the reduction of patient harm are everyone’s goals, however, attaining the highest level of safe care can be quite challenging. Figuring out how everyone can row in the same direction with eyes on highly reliable health care is always the challenge. 

  • Action plan and commitment

Motivation, buy-in and commitment are critical with goal setting. Using feedback from front line staff always sheds light on where opportunities lie. Outlining an action plan and identifying those committed to the plan are important steps. Assessing the needs of your local team is pivotal in determining what is required to attain goals. Success is more likely if risk managers can create opportunities for team interaction, feedback and involvement. Every team needs to feel part of the decision-making process.

  • Resources and staff

Yates studies an organization’s infrastructure to determine how risk, quality, legal, patient experience, compliance, and patient safety are designed. Depending on the organization, there might be several different designs and business models. For instance, smaller organizations may have one leader for several departments, whereas, larger organizations may have several leaders focused on each pillar of service. There are always opportunities for a leaner, more focused configuration once roles and workflows are defined.

  • Assessment of current operations

At the beginning of an assessment, Yates asks staff to write down their duties in “swim lanes,” a style of simple process flow diagrams or flowcharts that visually distinguish job sharing and responsibilities for sub-processes of a business procedure. She meets with each stakeholder to understand what they do, how they do it and how it relates to the operations of the respective department. It is during this process that efficiency and time management can be evaluated. The assessment might determine that automation could replace some work functions, freeing up time to spend on other areas. The goal is to consistently look for opportunities to improve efficiency and reliability.

  • Automation, data collection, and standardization

Automation is important and capturing data is critical. Combining the two helps pave the way to reliability and consistency. Both tell the story and help create a direction for focusing on reducing patient harm and organizational risk.  

Sample questions to assess and flesh out opportunities include:

  • Which data analytic tools are used? Are they working?
  • How is data telling the story?
  • What information is standardized? Is there a need for more standardization?
  • Is the data collected used to help communicate “lessons learned” to the organization?
  • How are these lessons communicated back to the organization?
  • How are harm events and quality measures compiled and reported?
  • Is there a “good catch” system in place?   
  • How quickly, with which tools/methods and by whom, are root cause analyses performed?
  • How are infection rates tracked and displayed so leadership can see where they stand with compliance and deviation rates in real time?
  • How is hand hygiene data collected, measured and reported back to the organization?
  • How are patient complaints recorded, measured, and communicated?
  • How are statistics from claims and lawsuits measured, and do lessons learned shine a light on opportunities for improvements in patient safety and patient experience?
  • How are data collected and organized for reporting to risk, quality and legal committees?

Technology for automation is costly. Yates noted that risk managers are often faced with budgetary constraints and must get creative to demonstrate the value add and return on investment (ROI) regarding new technology and risk reduction, as well as qualitative data that demonstrate dollars paid out for risk events.

Guidance or a fresh perspective can be obtained by consulting with key leaders within the organization as well as reaching out to members of ASHRM national and local chapters to discuss methods and ideas to more clearly communicate ROI. Organizations are often in strong competition for every available technology dollar and prioritizing how it will be spent can be a dilemma. A lack of technology puts the organization at great risk of drowning in repetitive work that leads to burnout and possibly failure of a department’s critical mission.

  • Operational challenges and culture 

Yates asserts an organization should always start with building trust because it creates a safe space for information exchange. When staff is included as part of the information gathering team, they feel part of something larger. Interviewing staff in all departments enables the discovery of the actual challenges, barriers or concerns a team faces within their respective jobs. In assessing organizational culture, the risk manager should evaluate staff attitudes about reporting unsafe conditions and patient harm as well as the organizational response. Interview questions might include:

  • How does the CMO/CEO interact with the Risk Manager? 
  • Does the Risk Manager have a seat at the table?
  • Has anyone ever been fired after reporting an untoward event? 
  • Does the organization have a forum for employees and staff to provide feedback and make suggestions?
  • Does the organization embrace a culture of safety?  Is it based on Just Culture and the Just Culture algorithm?
  • Are there town hall meetings to support organizational communication?
  • How are the lessons learned communicated?

  • Six Sigma and High Reliability Organizations (HRO)

Yates often reviews if the organization practices Six Sigma or High Reliability as well as the failure rate of new processes being put into place. If the failure rate is high, she questions processes, training, buy-in and communication. Solutions include streamlining processes and asking questions such as — Do they make sense? Are front line staff helping vet processes?  Once again, staff engagement is vital to establish and foster accountability with learning, as well as processes and protocols that are safe and efficient. Without employee engagement, success is limited. 

  • Study of workflows and standard work

Evaluating the “swim lanes” and determining any misaligned or out-of-scope workflow is a fundamental part of an assessment. Yates examines employees’ standard work and how those standards are upheld. She determines possible gaps and potential opportunities for improvement and realignment. Ensuring staff members know their standard work helps refine workflow, scope and duties.

  • Policies and procedures review

Many organizations struggle with policies and procedures. Keeping track of these can be a daunting task. Identification and tracking of each policy and procedure is a necessary and critical part of effectively and efficiently operating an organization. Reviewing, updating and retiring policies and procedures become overwhelming for many, leaving an organization exposed to risk.  

Too many times policies and procedures are written with such detail that it creates risk. When deviations occur, organizations are exposed to risk. Risk managers must teach organizational leaders that policy writing is a critical and important factor in risk reduction. Yates points out that one of the first questions lawyers ask when a case is in litigation is about policies in effect at the time of the event or loss.

“This is one of the biggest challenges I face each place I go,” says Yates. “Many organizations do not have the technology to keep up with the number of policies created, let alone track the changes and updates that need to be implemented. Many organizations have too many policies and procedures.” 

She asserts that some leaders are not aware of which policies are applicable to their service line or area. Others do not know how to search for a policy. Yates adds that she is impressed when leaders are open to learning new methods of practice, along with adopting change. 

Implementation and Execution

Once an assessment has been completed, efforts to implement and execute must be defined. Action plan implementation is key to any goal or objective. Yates stresses that when a project or assessment takes too long, risk managers face staff burnout prior to implementation, maintaining engagement, as well as allowing time for the final step of execution. A careful plan must be established and communicated back to the respective teams and leadership to ensure a successful mission.

Follow Through

The most valuable assessments come from the minds of many, and have the support of multiple disciplines across the organization. This requires leading rather than doing by:

  • Recruiting and encouraging others to get needed resources, talent, and funding
  • Identifying an organizational historian as current design and infrastructure are studied  
  • Making certain someone can step into place when an employee’s time is taken by other responsibilities
  • Ensuring that time management and not recreating the wheel remain key objectives
  • Creating an inspirational rallying cry that encapsulates the benefits employees and patients will gain from the results and posting it prominently for all to see

Dan Corcoran is the CEO of SafeQual, a software technology, process improvement and systems integration company. He has more than 25 years of providing business transformation software solutions to Fortune 500 companies.

Sign Up for ASHRM Forum Updates