About the Author

ROBERTA CARROLL, ARM, MBA, CPCU, CPHRM, is senior vice president of Aon Healthcare based in Tampa, Florida.

From the Back Cover

Risk Management Handbook for Health Care Organizations, Student Edition

This comprehensive textbook provides a complete introduction to risk management in health care. Risk Management Handbook, Student Edition, covers general risk management techniques; standards of health care risk management administration; federal, state and local laws; and methods for integrating patient safety and enterprise risk management into a comprehensive risk management program. The Student Edition is applicable to all health care settings including acute care hospital to hospice, and long term care. Written for students and those new to the topic, each chapter highlights key points and learning objectives, lists key terms, and offers questions for discussion. An instructor's supplement with cases and other material is also available.

American Society for Healthcare Risk Management (ASHRM) is a personal membership group of the American Hospital Association with more than 5,000 members representing health care, insurance, law, and other related professions. ASHRM promotes effective and innovative risk management strategies and professional leadership through education, recognition, advocacy, publications, networking, and interactions with leading health care organizations and government agencies. ASHRM initiatives focus on developing and implementing safe and effective patient care practices, preserving financial resources, and maintaining safe working environments.

From the Inside Flap

Risk Management Handbook for Health Care Organizations, Student Edition

This comprehensive textbook provides a complete introduction to risk management in health care. Risk Management Handbook, Student Edition, covers general risk management techniques; standards of health care risk management administration; federal, state and local laws; and methods for integrating patient safety and enterprise risk management into a comprehensive risk management program. The Student Edition is applicable to all health care settings including acute care hospital to hospice, and long term care. Written for students and those new to the topic, each chapter highlights key points and learning objectives, lists key terms, and offers questions for discussion. An instructor's supplement with cases and other material is also available.

American Society for Healthcare Risk Management (ASHRM) is a personal membership group of the American Hospital Association with more than 5,000 members representing health care, insurance, law, and other related professions. ASHRM promotes effective and innovative risk management strategies and professional leadership through education, recognition, advocacy, publications, networking, and interactions with leading health care organizations and government agencies. ASHRM initiatives focus on developing and implementing safe and effective patient care practices, preserving financial resources, and maintaining safe working environments.

Excerpt. © Reprinted by permission. All rights reserved.

Risk Management Handbook for Health Care Organizations, Student Edition

John Wiley & Sons

Chapter One

LEARNING OBJECTIVES

* To be able to describe the key elements necessary to have a successful risk management program

* To be able to discuss three barriers for successful risk management program development and provide at least one strategy for overcoming each

* To be able to discuss one nonclinical area of related risk for a health care organization

* To be able to identify the various organizational structures that can be successful in implementing a risk management program

Organizations and individuals have always sought ways to identify and reduce the risks that threatened their existence. In primitive agrarian societies, where families and villages produced barely enough to meet their most basic needs, the loss of a year's harvest, whether to forces of nature or to the plunder of warring tribes, surely spelled disaster. The attempts of such cultures to protect their food supplies and other necessities of life from destruction by fire, flood, and theft represent history's earliest risk management efforts. As societies developed into industrialized economies, individuals and organizations continued to seek ways to understand and anticipate the risks associated with such perils in an attempt to protect valuable property from such threats, ultimately establishing mechanisms for transferring the financial consequences of such losses through policies of insurance.

Despite the age-old concern with protecting assets from the risks associated with accidental losses, risk management has existed for only about fifty years. Health care risk management in its present form did not really begin to emerge until the malpractice crisis of the mid-1970s, when hospitals and other health care entities experienced rapid rises in claims costs, and subsequently insurance premiums, and witnessed the exit of several major medical professional liability insurers from the market. This crisis formed the basis for health care entities to develop the first risk management programs. The American Society for Healthcare Risk Management (ASHRM; formerly known as the American Society for Hospital Risk Management) was established in 1980 in response to this developing interest in risk management among health care organizations. Over the years, health care risk management has moved from a discipline focused almost exclusively on medical professional liability issues to a profession concerned with all of the risks associated with accidental losses facing a health care organization. In addition to hospitals, managed care organizations, long-term care, and ambulatory care, other providers of health care have come to realize the value of effective risk management and have developed formalized programs. Increasingly, risk management is moving toward the concept of enterprise risk management and considering the myriad of complex legal, regulatory, political, business, and financial risks facing health care organizations. As risk management moves toward this more strategic orientation and risk management professionals prepare themselves for new roles as chief risk officers, such factors as diverse work experience, higher education, and broad-based business, financial, and technical skills will be valued in health care risk management professionals more than ever before. Another recent development in risk management has been the return focus on patient safety.

The patient safety movement was prompted in large part by the 1999 publication of To Err Is Human: Building a Safer Health System, which articulated the findings of an Institute of Medicine study of the devastating consequences of widespread medical error in the nation's hospitals. Risk management professionals who had long had primary responsibility for investigating, analyzing, and maintaining data regarding adverse patient incidents joined with colleagues from performance improvement, health care administration, and a variety of clinical disciplines in an attempt to systematically identify the underlying causes of medical errors in their organizations and to design and implement effective interdisciplinary organizationwide patient safety programs.

RISK MANAGEMENT PROGRAM DEVELOPMENT

Whatever the health care setting or the sophistication of the risk management professional, an effective risk management program requires certain elementary building blocks: key structural elements, sufficient scope to cover all applicable categories of risk, appropriate risk strategies, and written policies and procedures. This chapter focuses on these building blocks, giving the novice risk management professional guidance in developing a comprehensive risk management program and providing the experienced risk management professional with a program overview that may be used as a self-assessment guide.

* * *

Developing a comprehensive risk management program depends on addressing several specific considerations. An effective risk management effort is built on key structural elements that enable the risk management professional to develop and enforce a risk management plan and enact the necessary changes in organizational policy. The program must include a defined scope of risks to be managed, including an examination of the risks associated with patients, medical staff, employees, governing bodies, property, automobiles, and other risks that subject the health care organization to potential liability or the threat of loss. Risk management strategies represent the mix of techniques employed to prevent or reduce potential losses and preserve the organization's assets. The final building block is a set of written policies and procedures that ensures program uniformity and consistency and assists in communication of the program to affected parties. This chapter describes how each of these four important considerations contributes to an effective risk management program.

KEY STRUCTURAL ELEMENTS OF THE RISK MANAGEMENT PROGRAM

The exact structure of a health care organization's risk management program depends on the size and complexity of its functions and the scope of other services that it offers. Several key structural components are necessary for any health care risk management program to succeed. Whether an entity is just beginning to organize its risk management program or is seeking to revamp or expand an existing program, attention to these structural factors will help ensure that the program has a solid foundation.

Authority

The risk management professional in a health care organization must maintain sufficient authority and respect to enact the changes in clinical practice, policies and procedures, and employee and medical staff behavior that are necessary to fulfill the purpose of the risk management program. The risk manager must deal on a daily basis with highly sensitive and confidential information that directly affects the organization's public image and financial status. The risk management professional is responsible for coordinating risk management activities with members of the medical staff and outside parties and with managers and employees at all levels of the organization. For these reasons, the risk management professional's position should be relatively high in the organizational hierarchy. Ideally, the risk management professional should report directly to the CEO, or at least to another member of the senior administrative management team. Risk management professionals whose positions rank below the department manager level on the organizational chart will almost certainly face difficulty in dealing authoritatively with medical staff, nursing administration, and department managers. They may also have difficulty gaining access to senior management and representing the organization in its relations with insurers, attorneys, and other outside parties involved in the risk management process. In many nonhospital health care organizations and in smaller hospital facilities, the designated risk management professional may serve primarily as a senior manager or clinician and devote only a relatively small percentage of work time to risk management activities. Under such a model, risk finance and insurance program administration are typically handled by the organization's finance department, workers' compensation programs are managed by human resource personnel, and safety programs are developed and overseen by a facility or maintenance manager. Although this division of labor might be efficient for apportioning the workload required for a successful risk management effort, it creates special challenges when establishing ownership of the risk management function and creating an identity for those activities that comprise risk management. Such part-time risk management professionals, especially those who view their risk management responsibilities as subordinate to their other job duties, might find it difficult to acquire the wide range of expertise necessary to adequately fulfill their risk management obligations and to stay abreast of rapidly changing and often complex legal and regulatory developments affecting the field.

Visibility

The risk management professional should be highly visible in the health care organization. No one individual can perform every function of a comprehensive risk management program single-handed, even in the smallest health care facility. Therefore, it is necessary for the organization's risk management professional, through consciousness-raising, education, and communication, to foster an awareness of risk management practices and techniques among senior management and the governing body, medical staff members, and employees at all organizational levels. The risk management professional's position should be structured to enhance opportunities for interaction with others through service on appropriate committees, participation in educational activities such as employee orientation and staff in-service offerings, and access to organizationwide communication mechanisms.

Communication

As health care facilities have merged into alliances and networks and acquired physician practices, clinics, and managed care organizations to form integrated delivery systems (IDSs), additional issues relating to potential liability, insurance coverage, claims management, and loss control have emerged. To anticipate risk management pitfalls and opportunities in this environment, the risk management professional must be an insider who is provided with information on proposed mergers, acquisitions, and joint ventures early in the due diligence process. Equipped with such information, the risk management professional is in a position to advise senior management on the risk management implications of various new business arrangements, many of which can be substantial but are frequently overlooked by executives not attuned to risk management issues and specific insurance requirements.

Coordination

Because of the wide range of risk management functions and the diversity of activities necessary for a successful risk management program, the health care organization should establish both formal and informal mechanisms for the coordination of the risk management program with other departments and functions. To adequately integrate and coordinate risk management with other functions, the risk management professional needs to establish reporting and communication relationships with key individuals within the organization:

* The chief executive officer (CEO) provides a vital link to the entity's governing board and medical staff and establishes the necessary support for the risk management program. The CEO serves as the key decision maker for many activities crucial to the risk management program, such as authorizing the settlement of larger claims and establishing insurance limits. Furthermore, the CEO often heads the team of senior managers responsible for the development of new business opportunities, mergers, and acquisitions.

* The chief financial officer (CFO) may have multiple risk financing responsibilities and provides valuable information for the risk management program. These functions include establishing limits on self-insured retentions or trusts, monitoring the financial operations of captives, and overseeing the performance of actuarial analyses. In some organizations, the CFO is the primary purchaser of insurance coverages and must therefore rely on information provided by the risk management professional to make appropriate decisions regarding risk financing activities on behalf of the organization.

* The performance improvement or quality management director serves as an important source of information regarding adverse clinical events occurring within the facility that have potentially serious risk management implications. The risk management standards promulgated by The Joint Commission (until 2007 known as the Joint Commission on Accreditation of Healthcare Organizations, or JCAHO) emphasize the interdependence of risk management and performance improvement activities. Both the development of proactive patient safety initiatives and an effective root cause analysis process for post-occurrence sentinel events depend on the active leadership and close coordination of the risk management professional and performance improvement director. The performance improvement director may also be able to assist a risk management professional who lacks clinical training in interpreting and analyzing information contained in medical records, and in providing clinical loss prevention services.

* The patient safety director or officer is responsible for systematically analyzing the sources of human error and systems issues that affect patient care. Patient safety directors or officers may report to the risk management professional or performance improvement director or to senior management in a health care organization. Patient safety directors or officers are very involved in the development of clinical risk management loss prevention initiatives.

* The compliance officer guides the development of policy and staff education efforts related to legislative and regulatory initiatives such as HIPAA, Sarbanes-Oxley, and Medicare fraud and abuse prevention.

* The infection control practitioner (ICP) provides information on patient infections that might give rise to liability claims and can assist the risk management professional in understanding infection control protocols aimed at reducing the frequency and severity of hospital-acquired infections and establishing guidelines for coping with AIDS, tuberculosis, and other communicable diseases.

* The safety officer may have primary responsibility for, or assist the risk management professional in, performing fire safety, hazardous materials management, emergency preparedness, and employee safety activities in compliance with Joint Commission standards. The safety officer usually chairs the organization's safety committee, which serves as a vital source of risk management information and organizational problem solving.

* The patient representative (or ombudsman) relays information regarding patient complaints and works with patients and families who have experienced difficulties with the organization or specific staff members to reach satisfactory resolutions of their concerns. Patient representatives, whether employees or volunteers, must be trained to recognize and appropriately manage risk management concerns that arise in the course of their activities and to relay information to the risk management professional.

(Continues...)

Excerpted from Risk Management Handbook for Health Care Organizations, Student Editionby Roberta Carroll Copyright © 2009 by Roberta Carroll. Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.