COVID-19 has hospitals vigilant on managing not just the next pandemic, but risks in general

What are the risks present in healthcare, and how should healthcare organisations manage them?

The ongoing COVID-19 has demonstrated that the wider environment is ever-evolving; and much like how no one has imagined or predicted the large-scale fallout from an infectious disease like COVID-19, we will not be able to predict what form or shape the next pandemic or crisis will take… which brings many healthcare providers to focus more now on risk management.

Risk management is a common function in most corporate structures, with corporations of a certain size assigning a department specifically to oversee this task. It is even more crucial in the healthcare industry, where patient lives are part of the equation. Risk managers in hospitals and medical centres carry a somewhat heavier burden, as their responsibilities involve mitigating the risk of medical errors or hazardous situations that involve patient safety. At the same time, they also have to consider the other types of risks that are present for any organisation.

Types of risk domains in healthcare

The American Society for Healthcare Risk Management (ASHRM) categorised risks in the healthcare system into 8 key domains:

  • Operational
  • Clinical/Patient Safety
  • Strategic
  • Financial
  • Human Capital
  • Legal/Regulatory
  • Technology
  • Hazard

These domains may be interconnected or overlap with each other – for example, workplace injuries may be primarily grouped with the Human Capital risk domain, but the compensations to injured workers would be a risk categorised under the Financial domain, and any breach of workplace safety rules in causing the injuries would fall under the Legal/Regulatory domain. It is thus crucial for the risk management officers to have a comprehensive overview of the risks on an organisation-wide level.

Another way to look at risk management is to divide them into proactive vs reactive management. Reactive management takes place after the incident has occurred – plans are then put into place to prevent the same type of incident from reoccurring. On the other hand, proactive management focuses on identifying risks that may potentially affect the organisation, whether directly or indirectly, and taking mitigating measures to prevent the incidents from occurring in the first place. While reactive management cannot be avoided as unforeseen or sudden events do occur, organisation should also adopt proactive management as it is more cost-effective to adopt preventive measures, as compared to recovering assets or organisational reputation after an incident has happened.

Building a risk culture

A paper published in the International Journal of Innovation, Management and Technology recommends that the basics of any hospital’s risk management programme should comprise the following:

1) Appointment of a Risk Manager (who will have the support of the hospital community);

2) Risk Manager to make the rounds and meet department heads to acquaint each of them with his/her responsibilities;

3) Implementing a system that includes risk identification, evaluation of incident reports and insurance coverage.

In addition to these, one of the most crucial factors would be building the right ‘risk culture’ amongst management and staff. As risk management involves the collective effort of all members in identifying and working towards mitigating the risks in their own area of work, a culture that encourages sharing and collaboration is key.

In an interview, Vietnam’s American International Hospital shared how it set up an online reporting system that allows for anonymous reporting, so as to encourage staff to speak up without being held back by fear of punishment. The increase in incident reports received has served as learning opportunities for all staff to boost safety. In a similar vein, Singapore’s KK Women’s and Children’s Hospital established a Risk Reporting System, encouraging supervisors to highlight the importance of reporting near-incidents to their staff.

ASHRM noted that “organisations that adopt fear as a practice, engage in tactics that are not conducive to a learning environment, are not fair and just in dealing with employees and staff, allow for disruptive behaviour, and use risk reporting as the basis for disciplinary action” will not be able to implement a risk management programme successfully. Likewise, the best risk management strategies would not work in cultures that adopt a detached or avoidance attitude towards risk. A strong tone and engagement plan by the top management to shift mindsets and correct biases will be required.

There are many competing priorities for healthcare organisations, from patient safety, care to finance and sustainability. While significant resources might be required for incorporating a comprehensive risk management system, the benefits should pay off in the end – as it promotes quality workflow processes and protects the organisation’s reputation and assets.