Risk Management in Healthcare: A review article

https://democraticac.de/wp-content/uploads/2020/07/Journal-of-Afro-Asian-Studies-Sixth-issue-July-2020.pdf

Abstract

It is recognised that Hospitals are increasingly complex organizations conducting with a critical and risky business that affects human lives. More than ever before, hospitals are bound to cope with a lot of risks ranging from financial to clinical and other hazards. Hospital management should to be cognizant of these risks. Enterprise risk management approach as an intrinsic framework of healthcare organizations encourages to assess and address risks identified in the organizations to ascertain the probability of occurrence, the degree of impact to scope, cost, and quality. The process of prioritization is done in accordance with the risk assessment findings. The objective of risk management can direct healthcare organisations in order to proactively reduce the probability and impact of identified risks to a satisfactory level by establishing a culture founded upon assessment and prevention of errors and maximize value protection. Risk management is a major responsibility of all managers and employees and must be included in the structure and processes to support continuous quality improvement

Introduction

The health care industry relies on quality measurements and risk management activities. The risk cannot be avoided and exists in every human condition. Risk refers to uncertainties surrounding outcomes and future events. Risk is defined as an opportunity to loss or a probability of injury, loss of liability resulting from vulnerabilities that can be avoided through preventive actions (WHO, 2014). It is measured in consequences and probability terms. The heart of risk is uncertainty as you may not be sure if an event is likely to happen or not. Also, you may be unsure of its consequences would be if it did happen. Likelihood – the probability of an event to occur, and consequence – the impact / outcome of the event, are the two components that characterise the magnitude of the hazard.

Historically, studying the effect of error in medicine by patient safety researchers have adopted impact-based on definitions of medical error and its alternative conditions, limiting their focus to patients experiencing adverse outcomes or harm resulting from medical care (Thomas et al., 1999; Brennan et al., 1991). Possibly, this originate from principle of medical practice dating back to Hippocrates, “primum non nocere”, which translates to “First, do no cause harm” (Veatch, 1989; Nightingale, 1863).

In addition, the manner in which patient safety has been defined enhances an outcome-based approach to define medical error. Patient safety: avoidance, prevention and improvement of adverse events or harms caused by the health care process (NPSF, 2005; Kohn, Corrigan,& Donaldson, 2000).Moser (1956) mentioned that in the first studies of patient safety in the 1950s, medical errors were largely regarded as “disease of medical progress” and dismissed as “the price we pay for modern diagnosis and treatment”.

Modern medicine has done much in the medical fields led to complex forms of care processes. This results in a lot of chances for improving care, but also increases the dangers of adverse events and harm to the patient. The risks associated with patient care cannot be fully eliminated, clinical risk management plays a critical role in empowering hospitals to encourage patient safety(Vincent, 2006).According to WHO estimation in developed countries, 1 in 10 patients is susceptible to harm during hospital care (WHO,2014). As reported by the AHRQ National Health disparities 2013, the harm rate related to hospital stay in the United States is 25.1 per 100 admissions (WHO, 2014).

According to Chubb Healthcare, the challenges faced by hospitals in the United States because of the overall increase in the frequency of claims and the increase in larger awards in many states without cap on the magnitude of awards resulted in: (i) A renewed awareness about patient safety and medication errors; (ii) availability of insurance decline (iii) higher financial risks, (iv) premiums increase, (v) more selective by insurers (Singh & Ghatala, 2012).

Risk management activities have been introduced into the healthcare industry in response to increased costs of malpractice insurance. As of the 1970s, the risk management function consisted primarily of quality assurance nurses who report incidents and attend acute care hospitals, but there has been no proactive activity to prevent control activities (Kuhn&Youngberg, 2002).

Risk management is defined as the methodological process for identifying, evaluating and addressing potential and actual risks (Stoneburner, Goguen, &Feringa, 2002). One of the key elements of an effective risk management program is having sufficient scope to cover all potential sources of risk.

Hindsight bias happens when researchers work backwards from their knowledge of the event outcome. This linear analysis makes the road to failure seem as though it should have been expected or anticipated, although this is not the case. This determination is often made without any assessment of the systems or processes that may have contributed to the error (Biais& Weber, 2009).

Risk Management program:

Risk management can be useful in the following contexts (Alam,2016)

1. Enterprise Risk Management (ERM): Organizational Risk Management from top to bottom including financial and business viability.
2. Patient care
3. Medical staff (ex: credentials, privilege, job description, staff insurance, training, medical coverage)
4. Non-medical staff (ex: job description, training, medical coverage)
5. Financial (budget preparation, cost analysis, insurance coverage)
6. Managerial /Administrative (ex: Job Description, Delegation of tasks)
7. Project risk management (ex: scope of service, time frame, cost, human resources, operational, procedural, technical, law and regulations)
8. Facility management and safety (ex: building safety, Hazardous Materials Management (HAZMAT), internal and external emergencies, fire safety, maintenance plan for medical equipment and maintenance plan for the utility system).

The goal of risk management in health care is: (ACHS, 2013).

1. Reduce the likelihood of potential events that have adverse consequences on consumers / patients, employees and organisation
2. Reduce the risk of death, injury and / or illness to consumers / patients, employees.
3. Encourage consumer / patient outcomes
4. Efficient management of resources
5. Legislative compliance Support to ensure organizational development.

The objectives of the risk management program are:

1) Develop systems to manage the reporting of adverse events, near misses, and potentially unsafe conditions. The incident reporting process is designed to achieve the following tasks: (Runciman, Edmonds,& Pradhan,2002)

1. Risk Identification.
2. Set the risk values.
3. Expectation loss.
4. Decision making upon objective steps to minimise the consequence on the patient and the hospital.

Reporting responsibilities include internal reports and external reports to regulatory, governmental or voluntary agencies. This includes establishing of the risk management policy and event reporting policies and procedures that should specify (ACHS, 2013):

Who: should report, communicate, and take action

What: should be reported by employees, managers, executives, and committees

When: Risk should be reported and when information is distributed to physicians, staff, executive committees and governance / board of directors

Where: information storage, communication

How: Tools and processes are used – for example risk assessment, risk registers, and any risk removal from the current risk register.

Table 1: Good incident report elements (VHIMS, 2011)

2) Assuring the data collection and analysis to monitor risks which may lead to serious adverse events

The incident monitor system includes the following: (ACHS, 2013)

• Confidentiality
• All staff Involvement
• A just culture (No Blame / No Shame)
• All employees’ education and training
• Mechanisms to decrease staff fear of punishment
• Easy-to-use report forms that record detailed information regarding the incident
• Incidents investigation by involved employees and managers
• Capture the lessons learned and communicate them
• Widely discussing incidents and learning from information
• Implement system for benchmarking and Compare information with other organizations
• Take action to avoid reoccurrence and improve ways to prevent adverse events
• Integrating with the Organization’s risk management system
• Evaluation.

Incident monitoring helps organizations to identify specific areas of interest and develop interventions. The implementation of Incident Successfully monitoring by health units was followed by individual employees’morale improvement (Runciman, Edmonds,& Pradhan, 2002). However, incidents are often under- reported.

Risk management structure:

1. Scope and main tasks

The multi-disciplinary risk management program (RM) includes physicians and clinical support staff in all care areas, allied health professions, administrators, managers and others.

Operational risks may include :(Tita&Simpson, 2017)

 Clinical risk: These are risks associated with the provision of high-quality patient-centered care services.

 Non-clinical risks: These are the risks related to the environment in which patient care occur, including the use of facilities by employees, patients, contractors and visitors.

Table 2: Examples of clinical and non-clinical risks (ACHS, 2013)

Table 3: Quality and Risk Management Overlap (ACHS, 2013)

3. RISK MANAGEMENT PROGRAM PROCESS:

Table 4: Risk Management Process (AS/NZS 4360:1999)

Figure 1: Risk Management Framework

Periodic Review &Continuous Improvement

Step 1 – Select context

Objectives: To identify the goals and objectives for risk identification and management (Department of Health WA, 2016).

Identify, assess and document potential risks. Mapping of the following should be considered: social framework of risk management (what are your stakeholders exposed to?)  Identification of stakeholder objectives (do you want to ensure minimum financial effect, program effect, etc.); what are available resources to alleviate Effects of risk? What structures do we have to face with expected scenarios that can happen?

Context helps to identify the essentials and constraints of effective risk management within the organization (ACHS, 2013). Intensive care unit (ICU), (ER), ER (emergency room), blood transfusion services, CCU (coronary care unit), medication management including drug administration are areas of high-priority for risk management related to patient care (Alam, 2016).

Step 2 – Identify the risks

Objectives: To identify all risks related to reaching the objectives identified in Step 1.

Clinical risk Identification needs staff to understand of the following elements: (Department of Health WA, 2016)

Table 5: Clinical risk Identification

Figure 2: Possible methods of identifying clinical risks (Alam, 2016; Department of Health WA, 2016 ACHS,2013)

Categorisation of risk (Carroll, R, 2009)

Risk areas or domains, are simply a method used to segregate similar risks into manageable groups.

Table 6:Risk Categories

Step 3 – Analyse & Evaluate  risks

Objectives: To determine the outcome of any controls and evaluate its risk rating (Department of Health WA, 2016).

Table 7: Consequences assessment (HSE, 2008)

Table 8: Probability of Occurrence or Likelihood Score (Department of Health WA, 2016)

• Identify the type of risk that might affect your department/ service
• Calculate the risk score by multiplying the two scores (probability X consequences)

Table 9: Risk Score Calculation

Table 10: Mapping the Total Risks (HSE,2008)

Table 11: risk management action plan

Evaluate the risks

Objectives: To assess the action required by the level of risk specified in step 3, including evaluation whether management should be developed and / or risk could be escalated. Risk prioritization involves comparing the level of risk present during the analysis stage with pre-defined risk criteria and establishing a prioritised risks list for additional action (Department of Health WA, 2016).Risk registers are a tool that can be used to help prioritise risks and allocate resources appropriately(ACHS, 2013).

Table 12: Example of a risk register (Standards Australia and Standards New Zealand, 2004)

Step 4 – Treat Risks

1. A) decision must be takenfor the risk to eitherbe:
2. Avoidance (elimination): includes not doing risky practices, ie, avoiding areas considered unsafe, etc. Avoidance reduces the possibility of loss to zero. For example, the hospital may choose not to provide obstetric services, thus avoiding the risk of a birth trauma. Avoidance strategies also include the removal of hazardous products or completely removal of potentially hazardous situations from the organization or a ban in a regional hospital for obese or heavy smokers (Department of Health WA, 2016; NuPITA, 2010).
3. Reduction (Mitigation): The various loss control strategies is intended to reduce the potential impacts of certain risks without fully accepting or avoiding them, thus emphasizing the reduction of the severity of losses. Loss reduction treatments include fast incident investigation, disaster continuity drills, emergency management plans, staff equipped with safety kits, emergency numbers must be kept, firefighting equipment, data backup, and equipping building structure with alarm systems and A fire sprinkler system. Also, a facility providing obstetrical services may develop a protocol to save the placenta from births for pathological review. Such pathological results become a defense tool in any subsequent claim against the practitioner. Although this process does not avoid poor outcome, it aims to minimise the potential financial consequences of such incidents on the organization or the practitioner (Carroll, 2009).

Accreditation agencies, such as JCI, have developed formal requirements for clinical loss prevention efforts, such as root causes analysis (RCA) and failure mode and effects analysis (FMEA). Root cause analysis is a systematic process to identify the root causes of problems and approach to respond to them. Once the root cause analysis has been completed, the next step is to develop a quality improvement plan that addresses each identified root cause. Failure mode and effects analysis (FMEA) is a prospective investigation aimed at identifying weaknesses and preventing future failures. FMEA is required annually by JCAHO and focuses on improving risky procedures such as blood transfusion, chemotherapy, and high-risk medications (Senders, 2004).Healthcare failure mode effect analysis (HFMEA) and hazard vulnerability analysis (HVA).

3. Retention (Budget / Acceptance): Acceptance of loss when it happens. This management strategy includes potential losses associated with certain risks and plans to cover the financial consequences of these losses. (i) risks that cannot be avoided, or transferred(ii) risks where the risk of loss is not significant and the potential consequences are within the institution’s capacity to self-fund; (iii) quantifiable and predictable losses (iv) smaller risks (ex: missing eyeglasses) and that it may not be possible to purchase cost-effective insurance coverage. (Department of Health WA, 2016; Carroll, 2009).
4. Transfer (insurance or hedging): This can usually be done through another party (ex insurance, outsourcing services, etc). For clinical risks, this may take the form of transferring the entire activity to another hospital or provider. In some cases, clinical risk transfer may not be cost-effective to an external supplier who is less able to treat the risk. In such cases, health care providers must be aware of the hidden costs of risk transfer, for example high contract costs. (Department of Health WA, 2016;NuPITA, 2010).
5. B) Selectionof the best risk management techniques:

A risk management specialist may choose to employ any available set of risk management techniques to obtain desired results (Carroll, 2009).

1. C) Implementation of selected technologies:

The implementation process includes both technical risk management decisions to be made by risk management professionals and relevant decisions taken by other managers within the organization to implement selected risk management techniques (Carroll, 2009).

Step 5: Monitor& review and improve the risk management program

The final step in the risk management process is to assess and monitor the effectiveness of the risk management program by assessing the adequacy and appropriateness of the techniques used to identify, analyze and process the risks. The interdisciplinary approach to evaluate the impact of risk management program activities on the various departments in organizations and ensures that additional opportunities to improve the risk management function have been fully studied (Carroll, 2009).

Closing Risk: While there is active management, the risk has an “open” status. With the completion of action and management of risk, after careful deliberation, changing it to either “monitor” or “closed” status. “Monitor” risks are subject to periodic review (Ex six months) to ensure that they remain as “as practicable” as possible. A “closed” status is set for risks that complete all required actions and do not require any further action, and are archived in a “closed record” for audit purposes (Carroll, 2009).

Table 13: Types of outcome measures (Wolff &Bourke, 2002)

RISK MANAGEMENT COMMITTEE (Singh & Ghatala, 2012)

It is well known that the structure of committee is necessary for the suitable and effective functioning of the risk management program. The Assistant Administrator for Quality management will chair the Committee of Risk Management which should have representatives from the following departments:

1. Quality Assurance
2. Blood Bank
3. Medical Audit.
4. Infection Control
5. Safety and Security
6. Accreditation
7. Education
8. Physicians
9. Nurses
10. Legal Counsel
11. Tissue Committee
12. Professional Liability Committee
13. Professional Practices Committee
14. Medical Discipline
15. Medical—Legal Committee
16. Antibiotic Use
17. Therapeutics
18. Pharmacy
19. Medical Records
20. Utilization Review Committee

The purpose of the Risk Management Committee will be to aid the Risk Manager in fulfilling the responsibilities to decrease patient harms, visitors, and staff, and financial loss to the hospital (Singh& Ghatala, 2012).

Conclusion

Active risk management is advanced proactive approach plays a critical role in enabling hospitals to identify, analyze, monitor and manage risks. Risk management is an integrated part of health care that uses a number of disciplines to reduce the likelihood of organizational losses in health care. Proactive risk management allows an organisation to plan today for the worst-case scenario of tomorrow that jeopardize the ability of organization to maintain its mission.

References:

Alam, A.Y. (2016) Steps in the Process of Risk Management in Healthcare. Journal of Epidemiology Preventive Medicine 2(2): 118.Available at https://www.elynsgroup.com/journal/article/steps-in-the-process-of-risk-management-in-healthcare.

 AS/NZS 4360:1999 – Risk Management. Available at http://www.epsonet.eu/mediapool/72/723588/data/2017/AS_NZS_4360-1999_Risk_management.pdf.

Biais, B., & Weber, M. (2009). Hindsight bias, risk perception, and investment performance. Management Science, 55, 1018–1029.Available at https://www.researchgate.net/publication/220534508_Hindsight_Bias_Risk_Perception_and_Investment_Performance.

 Brennan, T.A., Leape, L.L., Laird, N.M., et al. (1991). Incidence of adverse events and negligence in hospitalized patients: results of the Harvard Medical Practice Study I. NEW ENGLAND JOURNAL of MEDICINE; 324:370-6. Available at https://www.nejm.org/doi/full/10.1056/NEJM199102073240604.

Carroll, R. (2009). Risk management handbook for health care organizations (5th ed.). San Francisco, CA: Jossey Bass Education.

Department of Health (2011), Victorian health incident information system (VHIMS). A guide to completing incident reports. Available at https://www2.health.vic.gov.au/Api/downloadmedia/%7BA466A035-A150-41EE-95A8-4DAE6393DF8B%7D.

Department of Health WA. (2016). WA Health Clinical Risk Management Guidelines, A best practice guide.Government of Western Australia.Available at https://ww2.health.wa.gov.au/~/media/Files/Corporate/general%20documents/Quality/PDF/WA%20Health%20Clinical%20Risk%20Management%20Guidelines.pdf.

Health Service Executive (HSE). (2008).Risk Assessment Tool and Guidance (Including guidance on application).Available athttps://www.hse.ie/eng/about/who/oqr012-20081210-v4-risk-assessment-tool-and-guidance-incl-guidance-on.pdf.

Kohn, L.T., Corrigan, J.M., & Donaldson, M.S. (2000). To err is human: building a safer health system. Washington: National Academy Press. Available at http://www.supersalud.gob.cl/observatorio/671/articles-14460_recurso_1.pdf.

Kuhn, A.M., & Youngberg, B.J. (2002). The need for risk management to evolve to assure a culture of safety. Quality and Safety in Health Care2002;11:158–62.Available at https://qualitysafety.bmj.com/content/11/2/158.

Moser, R.H. (1956). Diseases of medical progress. NEW ENGLAND JOURNAL of MEDICINE; 255: 606-14.Available at https://www.nejm.org/doi/full/10.1056/NEJM195609272551306?url_ver=Z39.88-2003&rfr_id=ori:rid:crossref.org&rfr_dat=cr_pub%3dpubmed.

 National Patient Safety Foundation (NPSF) (2000). Agenda for research and development in patient safety. Medscape General Medicine. 2000;2(3) .Available at  https://www.medscape.com/viewarticle/408064.

Nightingale, F. (1863). Notes on hospitals. 3d ed., London: Longman, Green, Longman, Roberts, and Green. Available at https://babel.hathitrust.org/cgi/pt?id=coo1.ark:/13960/t2j680x3z&view=1up&seq=8.

Runciman. W., Edmonds, M. & Pradhan, M.(2002). Setting priorities for patient safety. Quality and Safety in Health Care; 11(3): 224-229.Available at https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1743639/

Senders, J.W. (2004). FMEA and RCA: The mantras of modern risk management. Quality & Safety in Health Care 13:249-250.Available at https://qualitysafety.bmj.com/content/13/4/249.

Singh, B.,& Ghatala, M.H. (2012). Risk Management in Hospitals. International Journal of Innovation, Management and Technology. 3. 10.7763/IJIMT.2012.V3.266. Available at https://www.researchgate.net/publication/271297764_Risk_Management_in_Hospitals.

 Standards Australia and Standards New Zealand (2004) HB 436:2004, Risk Management Guidelines: Companion to AS/NZS 4360:2004, Sydney, NSW. ISBN 0 7337 5960 2. Available at https://www.saiglobal.com/PDFTemp/Previews/OSH/as/misc/handbook/HB436-2004(+A1).pdf.

Stoneburner, G., Goguen, A., & Feringa, A. (2002), Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30,  .Available at https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf.

The Australian Council on Healthcare Standards (ACHS) (2013). Risk Management and Quality Improvement Handbook. EQuIPNational. July 2013.Available at https://www.achs.org.au/media/69305/risk_management_and_quality_improvement_handbook_july_2013.pdf.

The New Partners Initiative Technical Assistance (NuPITA) (2010). Developing a Risk Management Plan. Available at https://www.usaid.gov/sites/default/files/documents/1864/Developing-a-Risk-Management-Plan.pdf.

 Thomas, E.J., Studdert, D.M., Burstin, H.R., et al. (1999). Incidence and types of adverse events and negligent care in Utah and Colorado. Medical Care; 38(3): 261-71. Available at https://journals.lww.com/lww-medicalcare/Abstract/2000/03000/Incidence_and_Types_of_Adverse_Events_and.3.aspx.

Tita, D., &Simpson, S. (2017). Risk Management Strategy (2016-2019).Kingston hospital NHS Foundation Trust  Version 14 Review Date: January 2017.Available at https://www.kingstonhospital.nhs.uk/media/202495/enc-m-risk-management-strategy-v14-dec-2015.pdf.

Veatch, R.M. (1989). Cross cultural perspectives in medical ethics readings. Boston: Jones and Bartlett Publishers. Available at https://books.google.com.sa/books?hl=ar&lr=&id=tkVpf1ofmfEC&oi=fnd&pg=PR9&dq=Veatch+RM.(1989).+Cross+cultural+perspectives+in+medical+ethics+readings.+Boston:+Jones+and+Bartlett+Publishers.&ots=Wj1j0vfqB5&sig=YRBZNzypQK4_eUR9FRih3yQsx3c&redir_esc=y#v=onepage&q&f=false.

Vincent, C. (2006). Patient safety. Edinburgh etc.: Elsevier Churchill Livingstone.

Wolff, A.M., &Bourke, J. (2002). Detecting and reducing adverse events in an Australian rural base hospital emergency department using medical record screening and review. Emergency Medicine Journal 19(1): 35–40.Available at https://emj.bmj.com/content/19/1/35.

World Health Organization (2014).10 facts on patient safety. Available from: http://www.who.int/features/factfiles/patient_safety/en/.