Risk Management in Hospitals - ROJoson - 2018 - Surabaya, Indonesia
1. Risk Management in Healthcare Institution
Reynaldo O. Joson, MD, MHA, MHPEd, MSc Surg
Darya-Varia Laboratoria Multidiscipline Scientific Forum
Surabaya, Indonesia
February 10, 2017
4. Risk Management in Healthcare Institution
For Hospital Administrators
Risk Management in Hospitals
Hospital Risk Management (HRM)
Reynaldo O. Joson, MD, MHA, MHPEd, MSc Surg
Darya-Varia Laboratoria Multidiscipline Scientific Forum
Surabaya, Indonesia
February 10, 2017
(45-minute lecture and 15-minute discussion)
5. Risk Management in Hospitals
Hospital Risk Management (HRM)
HUGE TOPIC!
Given
(45-minute lecture and 15-minute discussion)
OVERVIEW
SOME IMPORTANT EXAMPLES AND TIPS ON PROCESSES
Thoughts, Perceptions, Opinions and Recommendations (TPORs)
6. Survey on Risk Maturity
of Sample of Indonesian Hospitals – 2018 – Surabaya
Guide in ROJoson’s Lecture
Self-assessment of Hospital Owners and Administrators
7. Self-assessment on Risk Maturity
important and first step
in developing and continually improving
a risk maturity program of
hospitals / organizations!
IDENTIFY GAPS ACTION PLANS
8. Hospital Risk Maturity – ROJ’s TPORs
Concepts of Hospital Risk Maturity
What is Hospital Risk Maturity?
Level of development of the Risk Management
Program / Capability of a hospital
9. Hospital Risk Maturity – ROJ’s TPORs
Concepts of Hospital Risk Maturity
What is importance of Hospital Risk Maturity
Assessment?
To know the current status or level of development
of the Risk Management Program / Capability of a
hospital and then to move forward or improve.
10. Hospital Risk Maturity – ROJ’s TPORs
Concepts of Hospital Risk Maturity
How is the Hospital Risk Maturity Assessment done?
Self-assessment
Checklists - Questionnaire
Observation
Critical Incident Reports
External assessment
Checklists-Questionnaire
Observation
Evaluation of Critical Incident Reports
11. Hospital Risk Maturity – ROJ’s TPORs
Concepts of Hospital Risk Maturity
Questionnaires on Hospital Risk Maturity
Assessment
Many models!
Choose one that is simple – practical – with end-
results being same!
• Effective and efficient assessment
• Effective and efficient risk management program
(performance excellence)
12. Risk Maturity Levels
Risk Maturity Key Characteristics
Risk Naive No formal approach developed for risk
management
Risk Aware Scattered silo based approach to risk
management
Risk Defined Strategy and policies in place and
communicated. Risk appetite defined
Risk Managed Enterprise wide approach to risk
management developed and communicated
Risk Enabled Risk management and internal control fully
embedded in the operations
http://riskquestionnaire.grant-thornton.co.uk/
13. Risk Maturity Key Characteristics
Ad hoc Undocumented; in a state of dynamic change;
depends on individual heroics
Preliminary Risk defined in different ways and managed in silos.
Process discipline is unlikely to be rigorous.
Defined A common risk assessment/response framework is in
place. Organization-wide view of risk is provided to
executive leadership. Action plans implemented in
response to high priority risks.
Risk Integrated Risk management activities coordinated across
business areas.
Risk Optimized Risk discussion is embedded in strategic planning,
capital allocation, and other processes and in daily
decision-making.
http://www.theiia.org/Blogs/marks/index.cfm/post/Measuring%20the%20Maturity%20of%2
0Risk%20Management
Risk Maturity Levels
14. Risk Maturity Key Characteristics
Naïve Although a project risk management process may have
been initiated, its design or application is
fundamentally flawed.
Novice The project risk management process influences
decisions taken by the project team in a way that is
likely to lead to improvements in project performance
as measured against its objectives.
Normalized The project risk management process is formalised and
implemented systematically.
Natural The risk management process leads to the selection of
risk-efficient strategic choices when setting project
objectives and choosing between options for project
solutions or
delivery.
http://www.lundhumphries.com/pdf/SamplePages/Project_Risk_Maturity_Model_Hopkinson
_Ch1.pdf
Risk Maturity Levels
15. Risk Maturity Key Characteristics
Ad hoc
Defined
Managed
Integrated
Loosemore et al, 2006 Risk Management in Projects, 2nd ed, Taylor & Francis, Oxon
Risk Maturity Levels
16. Risk Maturity Key Characteristics
Ad hoc Organization is unaware of risk management
or its benefits
No formal policies or procedures
Reactive management through “heroic efforts
of individuals”
Possible blame culture
Defined Risk management is function based and
maybe inconsistent
Some policies are documented, but RM is
largely informal
Likely ‘silos’ effect
Senior management supports but not requires
RM
Risk Maturity Levels
Loosemore et al, 2006 Risk Management in Projects, 2nd ed, Taylor & Francis, Oxon
17. Risk Maturity Key Characteristics
Managed Common RM understanding and language
organization-wide
Formalized generic risk management process
“Bad news” accepted
Senior management requires RM
Integrated RM aligned with strategic planning and quality
improvement
RM is used in decision-making to gain
competitive advantage
Proactive approach and open culture
RM is responsibility of all
Risk Maturity Levels
Loosemore et al, 2006 Risk Management in Projects, 2nd ed, Taylor & Francis, Oxon
18. Results of Survey on Risk Maturity
of Sample of Indonesian Hospitals – 2018 -
Surabaya
Risk Maturity How many hospitals (%)
Ad hoc
Defined
Managed
Integrated
20. Hospital Risk Management – ROJ’s TPORs
OVERVIEW
Contents
Overview of hospital risk management
• What is risk
• What is hospital risk management
• General, preventive, ultimate goals of HRM
• Quality parameters - Assessment checklist
• Basic framework and processes of HRM
• Risk Management
• Critical success factors in HRM
• Critical governance factors in HRM
• Design and Development Plan - Manual of policies and procedures
• Multisectoral coordination and collaboration
• Recommendations in developing an integrated sustainable hospital
risk management
21. Risk Management in Hospitals
Recommended Resource Materials
• ISO 31000 – Risk Management – Principles and
Guidelines
• Joint Commission International
• International Society for Quality in Healthcare
(ISQUA)
https://isqua.org/docs/default-source/education-
/isqua-webinar_july-2016_luke-feeney.pdf?sfvrsn=0
• ISO 9001:2015 – Quality Management System –
with current emphasis on Risk-based Thinking
22. Hospital Risk Management – ROJ’s TPORs
Concepts of Risk and Hospital Risk Management
What is “RISK”?
What is Hospital Risk Management (HRM)?
23. Hospital Risk Management – ROJ’s TPORs
What is “RISK”?
Risk is a probability or threat of a
damage, injury, liability, loss, or other negative
occurrence
that is caused by
external or internal vulnerabilities, and
that may be neutralized through
preemptive action.
http://www.businessdictionary.com/definition/risk.html
24. Hospital Risk Management – ROJ’s TPORs
What is “RISK”?
“Risk” – effect of uncertainty on objectives (ISO 31000)
Effect – deviation from the expected – positive and/or negative.
Objectives can have different aspects (such as financial, health and
safety, and environment goals) and can apply at different levels (such
as strategic, organization-wide, project, product and process).
Uncertainty is the state, even partial, of deficiency of information
related to, understanding or knowledge of an event, its consequence,
or likelihood.
25. Hospital Risk Management – ROJ’s TPORs
What is “RISK”?
Risk – “any uncertainty that, if it occurs, could have a
positive or negative effect on achievement of one or more
organizational aims and objectives and
is assessed through the combination of magnitude of
potential injury (impact) and the probability (likelihood) that
the uncertainty will occur.”
http://www.who.int/management/general/risk/WhenRiskNotRisk.pdf
26. Hospital Risk Management – ROJ’s TPORs
What is Hospital Risk Management (HRM)?
Hospital risk management (HRM) is
a system or program that
manages the “risks” of a hospital.
•Department Risk Management
•Disaster Risk Management
•Patient Treatment Risk Management (Benefit-Risk; Medical
Malpractice Risk Management)
•Others
27. Definition of Risk Management – ISO 31000
“Risk Management” – coordinated activities to
direct and control an organization with regard
to risk.
“Risk Management System” - formalized
system that documents processes, procedures
and responsibilities for achieving the policies
and objectives of Risk Management System.
28. Concept of Risk Management – ISO 31000
•Risk management can be applied to an entire
organization, at its many areas and levels, at
any time, as well as to specific functions,
projects and activities.
Risk Management at -
• Board of Directors Level
• Operating Room
• Pharmacy
• Laboratory
• Nursing Floors
• Outpatient Department
• Emergency Room
• Etc.
29. Importance of Managing Risks in Hospitals
“Risk” – effect of uncertainty on objectives
•Risks can make or break the hospitals
•Positive or negative income
•Sustained or bankrupt hospital
•Proactively manage risk!
•Minimize SURPRISES!
30. Risk Management – Joint Commission
International Stipulations
Risk Management Program –
Clinical and administrative activities that
organizations undertake to identify, to evaluate, and
to reduce
the risk of injury to patients, staff, and visitors and
the risk of loss to the organization itself.
31. Risk Management – Joint Commission
International Stipulations
Standard QPS.11
•An ongoing program of risk
management is used to identify and
to proactively reduce unanticipated
adverse events and other safety risks
to patients and staff.
32. Risk Management – Joint Commission
International Stipulations
Intent of QPS.11
Hospitals need to adopt a proactive approach to
risk management. One such way is a formalized
risk management program whose essential
components include
a) risk identification;
b) risk prioritization;
c) risk reporting;
d) risk management;
e) investigation of adverse events; and
f) management of related claims.
33. Risk Management – Joint Commission
International Stipulations
Measurable Elements of QPS.11
1. The hospital’s risk management framework
includes a) through f) in the intent.
2. At least annually, a proactive risk-reduction
exercise is conducted on one of the priority risk
processes.
3. High-risk processes are redesigned based on the
analysis of the test results.
34. Risk Management – Joint Commission
International Stipulations
Standard FMS.3
• One or more qualified individuals oversee the
planning and implementation of the facility
management program
• to reduce and control risks in the care environment.
35. Risk Management – Joint Commission
International Stipulations
Intent of FMS.3
Hospitals work to provide safe, functional, and supportive
facilities for patients, families, staff, and visitors. To reach
this goal, the physical facility, equipment, medical
technology, and people must be effectively managed.
In particular, management must strive to
• reduce and control hazards and risks;
• prevent accidents and injuries; and
• maintain safe conditions.
36. Risk Management – Joint Commission
International Stipulations
Intent of FMS.3
Effective management includes multidisciplinary planning,
education, and monitoring as follows:
• Hospital leadership plans the space, technology, and
resources needed to safely and effectively support the
clinical services provided.
• All staff are educated about the facility, how to reduce
risks, and how to monitor and to report situations that
pose risk.
• Performance criteria are used to evaluate important
systems and to identify needed improvements.
37. Risk Management – Joint Commission
International Stipulations
Measurable Elements of FMS.3
1. Program oversight and direction are assigned to
one or more individuals qualified by experience and
training.
2. Evidence of the training and experience of the
qualified individual(s) is documented.
3. The individual(s) plans and implements the
program, including elements a) through f) of the
intent.
38. Risk Management – ISO 9001:2015
Stipulations
ISO 9001:2015 (Quality Management System) puts
emphasis on Risk-based Thinking.
Risk-based thinking enables an organization to
determine the factors that could cause its processes
and its quality management system to deviate from
the planned results, to put in place preventive
controls to minimize negative effects and to make
maximum use of opportunities as they arise.
39. Risk Management – ISO 9001:2015
Stipulations
An organization needs to plan and implement
actions to address risks and opportunities.
Addressing both risks and opportunities establishes
a basis for increasing the effectiveness of the quality
management system, achieving improved results and
preventing negative effects.
40. Risk Management – ISO 9001:2015
Stipulations
Opportunities can arise as a result of a situation favourable
to achieving an intended result, for example, set of
circumstances that allow the organization to attract
customers, develop new products and services, reduce
waste or improve productivity. Actions to address
opportunities can also include consideration of associated
risks.
Risk is the effect of uncertainty and any such uncertainty can
have positive or negative effects. A positive deviation
arising from a risk can provide an opportunity, but not all
positive effects of risk result in opportunities.
41. Hospital Risk Management – ROJ’s TPORs
What are the general goals of HRM?
• Maximize all potential risks with positive effects (rejoice
and celebrate)
• Prevent and mitigate all potential risks wth negative
effects
• Be prepared in terms of response and recovery in case the
risks become real
• Control resulting damage, injury, liability, loss, or other
negative occurrence to a minimum level
42. Hospital Risk Management – ROJ’s TPORs
What are the general goals of HRM?
• Avoid loss of and disability in
People (patients, visitors, staff) in the hospital
Resources of hospital
Business of hospital (business discontinuity)
• Avoid complaints related to risk occurrence and
consequences!
43. Hospital Risk Management – ROJ’s TPORs
What are the preventive goals of HRM?
• Promote safety for ALL patients, visitors, and staff in the
hospital
• Provide effective assistance and management during
emergencies (disasters)
• Prevent controllable deaths and disabilities
• Prevent and control losses (business, finances, properties,
and infrastructure)
44. Hospital Risk Management – ROJ’s TPORs
What are the ultimate goals of HRM?
SUSTAINABILITY OF THE HOSPITAL
AS LONG AS POSSIBLE
(target: 100 years)
45. Hospital Risk Management – ROJ’s TPORs
What are the ultimate goals of HRM?
SUSTAINABILITY OF THE HOSPITAL
AS LONG AS POSSIBLE
(target: 100 years)
Sustainable structure-wise
Sustainable financial-wise
Sustainable service-wise
46. Hospital Risk Management – ROJ’s TPORs
Sustainable structure-wise goal of HRM?
Sustainable structure-wise
Will NOT collapse
NOT be burned
NOT be flooded
NOT be destroyed by whatever hazards
and will continue to operate its business as long as possible
(target: 100 years).
47. Hospital Risk Management – ROJ’s TPORs
Sustainable financial-wise goal of HRM?
Sustainable financial-wise
Will NOT go bankrupt
Will have positive income
and will continue to operate its business as long as possible
(target: 100 years).
48. Hospital Risk Management – ROJ’s TPORs
Sustainable service-wise goal of HRM?
Sustainable service-wise
Will continue
to provide adequate and quality services
expected of a hospital for as long as possible, both during
crisis and non-crisis situations
49. Hospital Risk Management – ROJ’s TPORs
Quality parameters of an excellent HRM?
• Systematically and comprehensively formulated (with
document)
• With full support and commitment of top management
and ALL staff
• ALL staff of the hospitals trained and educated on program
50. Hospital Risk Management – ROJ’s TPORs
Quality parameters of an excellent HRM?
• With testing or exercises done regularly and at planned
intervals and as needed
• Being reviewed regularly at planned intervals and as
needed
• Has been tried and tested and has achieved its formulated
goals and objectives and specified targets
52. Principles of Risk Management – ISO 31000
To be effective, an organization should at all levels comply with
the principles below.
• creates and protects value.
• is an integral part of all organizational processes.
• is part of decision making.
• explicitly addresses uncertainty.
• is systematic, structured and timely.
• is based on the best available information.
• is tailored.
• takes human and cultural factors into account.
• is transparent and inclusive.
• is dynamic, iterative and responsive to change.
• facilitates continual improvement of the organization.
53. Hospital Risk Management – ROJ’s TPORs
Basic Framework in Hospital Risk Management?
Risk Management Framework (ISO 31000)
set of components that provide the foundations and
organizational arrangements for designing, implementing,
monitoring, reviewing and continually improving risk
management throughout the organization.
54. Risk Management Framework for Hospitals
From ISO 31000 – Risk Management – Principles
and Guidelines
55. Risk Management Framework for
Hospitals
From ISO 31000 – Risk Management – Principles and Guidelines
56. Hospital Risk Management – ROJ’s TPORs
Basic processes in Hospital Risk Management?
Risk Management Process (ISO 31000)
systematic application of management policies, procedures
and practices to the activities of communicating, consulting,
establishing the context and identifying, analyzing,
evaluating, treating, monitoring and reviewing risk.
61. Risk Management Process – ISO 31000
Communication and Consultation –
continual and iterative processes
that an organization conducts to
provide, share and obtain
information and to engage in
dialogue with stakeholders
regarding the management of risk.
62. Risk Management Process – ISO 31000
Establishing the Context –
Defining the external and internal parameters to be
taken into account when managing risk, and setting
the scope and risk criteria for the risk management
policy.
63. Establishing the Context
External context – external environment in which a
hospital seeks to achieve its objectives
• Cultural, social, political, legal, regulatory, financial,
technological, economic, natural and competitive
environment, whether international, national, regional
or local;
• Key drivers and trends having impact on the objectives
of the organization; and
• Relationships with, and perceptions and values of the
external stakeholders.
SWOT ANALYSIS – OT
64. Establishing the Context
Internal context – internal environment in which a hospital seeks to
achieve its objectives
• Governance, organizational structure, roles and accountabilities
• Policies, objectives, and the strategies that are in place to achieve them
• Capabilities, understood in terms of resources and knowledge (e.g. capital, time,
people, processes, systems and technologies)
• Information systems, information flows and decision-making processes (both
formal and informal);
• Relationships with, and perceptions and values of, internal stakeholders
• Organizational culture
• Standards, guidelines and models adopted by the organization, and
• Form and extent of contractual relationships
SWOT ANALYSIS – SW
65. Establishing the Context
Scope
•Clinical risk (involving medical care of
patients) ~ PATIENT SAFETY PROGRAM
•Non-clinical risk (not involving medical care of
patients)
66. Establishing the Context
INTEGRATION
•Clinical risk (involving medical care of
patients) ~ PATIENT SAFETY PROGRAM
•Non-clinical risk (not involving medical care of
patients)
•Quality and Risk Management
•Quality and Safety and Risk Management
67. Establishing the Context
Risk Management Policy of ROJHMC
To always use risk-based thinking and processes in planning and
deciding all activities in the hospital so as to minimize negative effects
and to maximize positive effects on accomplishment of objectives.
This policy shall be realized through:
• Understanding the potential risks on quality and safe health care
services, products, facility, environment and business development;
• Complying with all statutory and regulatory requirements on risk
management;
• Designing a structured, comprehensive, integrated, effective and
efficient risk management system;
• Providing adequate resources and highly competent staff to support
the implementation of the management system;
• Regularly evaluating and reviewing the results of implementation of
the management system;
• Continually improving the management system with innovations.
68. Establishing the Context
Quality and Safety Policy - ROJHMC
To continuously provide quality and safe health care services,
products, facility and environment to all our stakeholders
(communities, families, patients, workforce and partners).
This policy shall be realized through:
• Understanding the expectations of our stakeholders on quality and
safe health care services, products, facility and environment;
• Complying with all statutory and regulatory requirements;
• Designing effective and efficient quality and safe management
systems
• Providing adequate resources and highly competent staff to support
the implementation of the management system;
• Regularly evaluating and reviewing the results of implementation of
the management system;
• Continually improving the management system with innovations.
71. Risk Criteria – terms of reference against which the
significance of a risk is evaluated.
Establishing the Context
General Framework for Risk Criteria
75. Risk Management Process – ISO 31000
Risk identification - process of finding, recognizing and
describing risks.
• Involves identification of risk sources, events, their
causes and their potential consequences.
• From historical data, theoretical analysis, informed and
expert opinions, and stakeholders’ needs.
76. Risk Management Process – ISO 31000
Risk identification - process of listing potential risks and
their characteristics.
The results of risk identification are normally documented
in a risk register, which includes a list of identified risks
along with their sources, potential risk responses, and risk
categories.
77. Risk Management Process – ISO 31000
Risk analysis –
process to comprehend the nature of the risk
and to determine the level of risk.
Risk analysis provides basis for risk evaluation and
decisions about risk treatment.
Risk analysis includes risk estimation.
78. Risk Analysis (Estimation)
In hospitals, the risk estimation or analysis can be done on a
qualitative or quantitative basis or in some combination.
Qualitative analysis is based on judgement, previous
experience and intuition.
Quantitative analysis is generally based on an estimation of
the relative magnitude of harm that is likely to result and
the possibility that the event will actually occur.
Currently, a lot of hospitals do not analyze risk in a
quantifiable measure as they feel their risks are too complex
or cannot be measured. However, this can be done and in
fact, are being done.
79. Risk Analysis (Estimation)
In medical care, quantitative risk assessment is widely
practiced nowadays.
Examples, there are quantitative risk assessment for
perioperative complications with or without laboratory
testings; quantitative risk assessment for heart attack and
stroke in patients with metabolic syndrome; etc.
The statistical techniques commonly being used are the
multi-variate regression analysis; likelihood ratios; odds
ratios; predictive values; etc.
80. Risk Analysis (Estimation)
In hospitals, the risk is often evaluated by
determining the:
• degree of injury
• degree of patient dissatisfaction
• legal grounds for an actual claim
• potential public relations or community relations
impact
• financial loss or projection of loss
81. Risk Analysis (Estimation)
The recommendation is to move towards quantitative risk
estimation and analysis whenever and wherever possible to
get more specific estimate which will lead to more concrete
action plans and evaluation.
Another recommendation: start with a qualitative risk
analysis then segregate those risks in which a quantitative
analysis can be done and recommendable.
83. Samples of Likelihood Guide
Level Descriptor Description
5 Almost
certain
It will happen in the vast majority of
cases.
4 Most likely It will happen in a majority of cases.
3 Likely It will happen in some cases.
2 Unlikely It will happen in a few cases.
1 Remote It will happen only in a particular type of
case.
84. Samples of Likelihood Guide
Probability Descriptor Description
4 Frequent Likely to occur immediately or
within a short period (may
happen several times in 1 year)
3 Occasional Probably will occur (may
happen several times in 1 to 2
years)
2 Uncommon Possible to occur (may happen
sometime in 2 to 5 years)
1 Remote Unlikely to occur (may happen
sometime in 5 to 30 years)
85. Samples of Likelihood Guide
Remote (1) Unlikely (2) Likely (3) Most Likely (4) Almost Certain
(5)
Freq Prob Freq Prob Freq Prob Freq Prob Freq Prob
Occurs
every
5 years
or
more
1% Occurs
every
2- 5
years
10% Occurs
every
1-2
years
50% Bimont
hly
75% At least
monthl
y
99%
86. Samples of Impact Severity Guides
Score Impact
1 Negligible
2 Minor
3 Moderate
4 Major
5 Extreme
87. Samples of Impact Severity Guides
Negligible Minor Moderate Major Extreme
Adverse event
leading to
minor injury
not requiring
first aid.
No impaired
psychosocial
functioning
Minor injury or
illness, first aid
treatment
required <3
days absence
<3 days
extended
hospital stay.
Impaired
psychosocial
functioning
greater than 3
days less than
one month.
Significant
injury requiring
medical
treatment e.g.
fracture and /
or counselling.
>3 days
absence 3-8
days extended
hospital stay.
Impaired
psychosocial
functioning
greater than
one month less
than 6 months.
Major injuries /
long term
incapacity or
disability (loss
of limb)
requiring
medical
treatment and
/ or counseling.
Impaired
psychosocial
functioning
greater than 6
months.
Incident
leading to
death or major
permanent
incapacity.
Event which
impacts on
large number
of patients or
member of the
public.
Permanent
psychosocial
functioning
incapacity.
88. Samples of Impact Severity Guides
Level 1 Level 2 Level 3 Level 4 Level 5
Near miss /
potential harm
/ damage.
Patients with
potential:
Event / error
results in no
harm /
damage.
Patients with
potential:
Event / error
results in
temporary
minor harm /
damage.
Increased
length of stay.
Event / error
results in
permanent
harm damage.
This is a critical
incident.
Event / error
results in
death.
This is a critical
incident.
89. Sample of Risk Quantification Matrix
CONSEQUENCE Insignificant
1
Minor
2
Moderate
3
Major
4
Extreme
5
L
I
K
E
L
I
H
O
O
D
Almost Certain –
5
5 10 15 20 25
Most Likely – 4 4 8 12 16 20
Likely – 3 3 6 9 12 15
Unlikely – 2 2 4 6 8 10
Remote – 1 1 2 3 4 5
Key1: 1-5 = Low Risk ; 6-15 = Medium Risk; >15 = High Risk
Key2: 1-4 = Low Risk ; 5-10 = Medium Risk; >10 = High Risk
90. Risk Management Process – ISO 31000
Risk evaluation –
process of comparing the results of risk analysis with risk
criteria to determine whether the risk and/or its
magnitude is acceptable or tolerable.
Risk evaluation assists in the decision about risk
treatment.
91. sk Criteria
Risk EvaluationRisk evaluation
–
process of
comparing the
results of risk
analysis with
risk criteria to
determine
whether the
risk and/or its
magnitude is
acceptable or
tolerable.
Risk evaluation
assists in the
decision about
risk treatment.
93. Risk Management Process – ISO 31000Risk Treatment – process to modify risk
Risk treatment can involve
• Avoiding the risk by deciding not to start or continue with the
activity that gives rise to the risk;
• Taking or increasing the risk in order to pursue an opportunity;
• Removing the risk source;
• Changing the likelihood;
• Changing the consequences;
• Sharing the risk with another party or parties (including contracts
and risk financing); and
• Retaining the risk by informed decision.
Risk treatment that deal with negative consequences are sometimes
referred to as “risk mitigation”, “risk elimination”, “risk prevention”
and “risk reduction.”
95. Risk Management Process – ISO 31000
Monitoring – continual checking, supervising,
critically observing or determining the status in
order to identify change from the performance
level required or expected.
Review – activity undertaken to determine the
suitability, adequacy and effectiveness of the
subject matter to achieve established
objectives.
Monitoring and review can be applied to a risk
management framework, risk management
process, risk or control.
97. Risk Management Form Illustrating Risk Management Process
Risks
identified Causes
Date
risk
identifi
ed
Likelihood
Impact
Severity
Overall
Risk
Rating
Current
Controls
in
system
RISK ASSESSMENT Based on Context / Communication /
Consultation
• Risk Identification
• Risk analysis
• Risk evaluation
98. Risk Management Form Illustrating Risk Management Process
Risk
Response
Strategy
(Accept,
Control,
Transfer,
Avoid)
Action
Required
Respon
sible
Persons
Due
Date
Resou
rces
Requir
ed
Risk Treatment Plan
99. Risk Management Form Illustrating Risk Management Process
Monitoring and Review
Plan and Outcome
Post Tx
likelihood
Post Tx
impact
severity
Post Tx
Risk Score
Review
Date
100. Risk Management Form Illustrating Risk Management Process
Contingency Plan
What if risk really
happens?
106. Hospital Risk Management – ROJ’s TPORs
RISK IDENTIFICATION
RISKS commonly encountered in Philippine hospitals
Risk for
• tarnished corporate or hospital reputation
• man-made disasters (fire, felony, bomb threat, terrorism,
etc.)
• non-medico-legal suits (not arising from patient care, such
as workforce legal suits)
• biological disasters
107. Hospital Risk Management – ROJ’s TPORs
RISK ASSESSMENT
Risk assessment - likelihood of occurrence of
identified risks and impact when they occur.
Utility of risk assessment - more on prioritization
ALL risks identified must have preventive, mitigation,
preparedness, response, and recovery plans!
108. Hospital Risk Management – ROJ’s TPORs
RISK MANAGEMENT
•Formulation of strategies and action plans to
prevent, mitigate risks and to respond and recover
from the consequences of unavoidable risk
occurrence
ALL hazards approach!
BUT
ALL risks identified must have specific preventive,
mitigation, preparedness, response, and recovery
plans!
109. Hospital Risk Management – ROJ’s TPORs
RISK MANAGEMENT
Risks Prevention Mitigation Preparedness Response Recovery
Business non-
sustainability
Account
receivables
Medicolegal
suits
Technological
disasters
Natural
disasters
Tarnished
reputation
Man-made
disasters
Legal suits
Biological
disasters
Example of ALL-HAZARD APPROACH in Disasters
7 Basic Essential (Common) Steps in Response
• Declaration of disaster
• Creation of an incident command
• Notification of concerned authorities
• Mobilization and organization of staff and services
• Control of disaster
• Decongestion and post-disaster reconstruction
• Post-disaster evaluation and reporting
110. Hospital Risk Management – ROJ’s TPORs
RISK MANAGEMENT
Risks Prevention Mitigation Preparedness Response Recovery
Business
non-
sustainability
Account
receivables
Medicolegal
suits
Technological
disasters
Natural
disasters
Tarnished
reputation
Man-made
disasters
Legal suits
Biological
disasters
Example of ALL-HAZARD APPROACH in “Situations”
7 Basic Essential (Common) Steps in Response
• Declaration of “situation” (emergency – crisis)
• Creation of a “situation” command
• Notification of concerned authorities
• Mobilization and organization of “situation” team
• Legal team
• Crisis communication team
• Control of “situation”
• Post- “situation” reconstruction
• Post- “situation” evaluation and reporting
111. Hospital Risk Management – ROJ’s TPORs
RISK MANAGEMENT
Risks Prevention Mitigation Preparedness Response Recovery
Business non-
sustainability
Account
receivables
Medicolegal
suits
Technological
disasters
Natural
disasters
Tarnished
reputation
Man-made
disasters
Legal suits
Biological
disasters
Example of ALL-HAZARD APPROACH in “B-Situations”
7 Basic Essential (Common) Steps in Response
• Declaration of “B-situation” (emergency – crisis)
• Creation of a “B-situation” command
• Notification of concerned authorities
• Mobilization and organization of “B-situation” team
• Finance and audit team
• Business development team
• Control of “B-situation”
• Post- “B-situation” reconstruction
• Post- “B-situation” evaluation and reporting
113. Hospital Risk Management – ROJ’s TPORs
Strategy to Avoid Medico-legal Suits
To avoid medico-legal suits
All physicians must always take note of the goals in the
management of all patients:
Resolution of the health problem
Live patient
No complication
No disability
Satisfied patient
No medicolegal suit
115. International Patient Safety Goals
Goal 1 - Identify patients correctly
Goal 2 - Improve effective communication
Goal 3 - Improve the safety of high-alert medications
Goal 4 - Ensure correct site, correct procedure,
correct patient surgery
Goal 5 - Reduce risk of health care-associated
infections
Goal 6 - Reduce the risk of patient harm resulting
from fall
116. Hospital Risk Management – ROJ’s TPORs
Critical steps to ensure success of HRM
• Securing of administrative commitment and support
• Establishment and continual development of manual of
policies and procedures on risk management that include
risk preparedness (prevention, mitigation, preparedness,
response, and recovery plans)
• Regular conduct of risk control exercises
117. Hospital Risk Management – ROJ’s TPORs
RISK MANAGEMENT
•Formulation of strategies and action plans to make
the risk management program walk the talk!
Leadership
Managership
Communication
Education and Training
120. Leaders may delegate
responsibilities and
competencies to
managers.
But must know
principles of risk
preparedness, esp. in
managing Incident
Command!
Critical factors for
readiness!
121. Leaders
communicate with
managers and staff
effectively and
efficiently! Timely!
Stress importance of
risk preparedness!
Provide directions!
Express commitment
and support!
122. Leaders support
training of staff for
risk preparedness!
Undergo training to
gain competency,
esp. in Incident
Command!
To demonstrate
engagement and
involvement!
123. Hospital Risk Management – ROJ’s TPORs
Manual of Policies and Procedures
Recommendations:
The management program must be documented and placed
in a policies and procedures manual or primer,
disseminated to all staff, exercised, reviewed and re-
evaluated at planned intervals or as the need arises
anytime.
124. Hospital Risk Management – ROJ’s TPORs
The manual can have the following simple outline:
• Preface
• Scope
• Definitions
• Program Management
• Planning
• Implementation
• Exercises, evaluation and corrective action
• Management Review
Manual of Policies and Procedures
125. Hospital Risk Management – ROJ’s TPORs
The manual can have the following simple outline:
• Preface
• Scope
• Definitions
• Program Management
• Planning
• Implementation
• Exercises, evaluation and corrective action
• Management Review
Hospital Risk Management
Program Manual
Supplementary Manuals on
Implementing Guidelines and
Instructions
(covering the categories of
common hospital risks)
Manual of Policies and Procedures
126. Hospital Risk Management – ROJ’s TPORs
Multisectoral Task Force / Committee
Recommendations:
Creation of multisectoral task force / committee
to align, coordinate, collaborate, and integrate all risk
preparedness programs of the hospital
128. Hospital Risk Management – ROJ’s TPORs
Recommendations:
Examples of multisectoral task forces / committees
• Corporate Risk Management Committee
• Safety Promotion and Disaster Preparedness Committee
• Quality Management Committee
• Quality and Risk Management Committeee
Multisectoral Task Force / Committee
Essentials:
Multisectoral in membership
Headed by a top / senior
management representative
Aligning, coordinating,
integrating all risk preparedness
programs of the entire hospital
129. Hospital Risk Management – ROJ’s TPORs
OVERVIEW
Contents
Overview of hospital risk management
• What is risk
• What is hospital risk management
• General, preventive, ultimate goals of HRM
• Quality parameters - Assessment checklist
• Basic framework and processes of HRM
• Risk Management
• Critical success factors in HRM
• Critical governance factors in HRM
• Design and Development Plan - Manual of policies and procedures
• Multisectoral coordination and collaboration
• Recommendations in developing an integrated sustainable hospital
risk management
130. Case Studies of Hospitals
on Risk Management Program
Difficult to get info!
Majority = financial viability and sustainability
despite “un-enhanced” risk management program
Definite = incurred losses at one time or another
Challenges:
• Medicolegal suits
• Account receivables
131. Risk Management in Hospitals
Hospital Risk Management (HRM)
HUGE TOPIC!
Given
(45-minute lecture and 15-minute discussion)
OVERVIEW
SOME IMPORTANT EXAMPLES AND TIPS ON PROCESSES
Thoughts, Perceptions, Opinions and Recommendations (TPORs)
132. Risk Maturity Key Characteristics
Ad hoc Organization is unaware of risk management
or its benefits
No formal policies or procedures
Reactive management through “heroic efforts
of individuals”
Possible blame culture
Defined Risk management is function based and
maybe inconsistent
Some policies are documented, but RM is
largely informal
Likely ‘silos’ effect
Senior management supports but not requires
RM
Risk Maturity Levels
Loosemore et al, 2006 Risk Management in Projects, 2nd ed, Taylor & Francis, Oxon
133. Risk Maturity Key Characteristics
Managed Common RM understanding and language
organization-wide
Formalized generic risk management process
“Bad news” accepted
Senior management requires RM
Integrated RM aligned with strategic planning and quality
improvement
RM is used in decision-making to gain
competitive advantage
Proactive approach and open culture
RM is responsibility of all
Risk Maturity Levels
Loosemore et al, 2006 Risk Management in Projects, 2nd ed, Taylor & Francis, Oxon
134. Principles of Risk Management – ISO 31000
To be effective, an organization should at all levels comply with
the principles below.
• creates and protects value.
• is an integral part of all organizational processes.
• is part of decision making.
• explicitly addresses uncertainty.
• is systematic, structured and timely.
• is based on the best available information.
• is tailored.
• takes human and cultural factors into account.
• is transparent and inclusive.
• is dynamic, iterative and responsive to change.
• facilitates continual improvement of the organization.
135. Principles of Risk Management – ISO 31000
To be effective, an organization should at all levels comply with
the principles below.
• creates and protects value.
• is an integral part of all organizational processes.
• is part of decision making.
• explicitly addresses uncertainty.
• is systematic, structured and timely.
• is based on the best available information.
• is tailored.
• takes human and cultural factors into account.
• is transparent and inclusive.
• is dynamic, iterative and responsive to change.
• facilitates continual improvement of the organization.
136. Principles of Risk Management – ISO 31000
• Risk management creates and protects value.
• Contributes to the demonstrable achievement of
objectives and improvement of performance.
• Risk management is an integral part of all organizational
processes.
• Not a stand-alone activity that is separate from the
main activities and processes of the organization. Is an
integral part of ALL organizational processes. Integrate
risk management into the overall management system
of the organization.
137. Principles of Risk Management – ISO 31000
• Risk management is part of decision making.
• Helps decision-makers make informed choices,
prioritize actions and distinguish among alternative
courses of actions.
• Risk management explicitly addresses uncertainty.
• Explicitly takes account of uncertainty, the nature of
that uncertainty, and how it can be addressed.
138. Principles of Risk Management – ISO 31000
• Risk management is systematic, structured and timely.
• Contributes to efficiency and to consistent, comparable
and reliable results.
• Risk management is based on the best available
information.
• There must be data no matter how limited.
• Risk management is tailored.
• Aligned with the organization’s unique external and
internal context and risk profile.
139. Principles of Risk Management – ISO 31000
• Risk management takes human and cultural factors into
account.
• Recognizes the capabilities, perceptions and intentions
of external and internal people that can facilitate or
hinder achievement of the organization’s objectives.
• Risk management is transparent and inclusive.
• Appropriate and timely involvement of stakeholders
and decision makers at all levels of the organization,
ensures that risk management remains relevant and up-
to-date (and known to all and participatory)
140. Principles of Risk Management – ISO 31000
• Risk management is dynamic, iterative and responsive to
change.
• Continually senses and responds to change. As external
and internal events occurs, context and knowledge
change, monitoring and review of risks take place, new
risks emerge, some change, and others disappear.
• Risk management facilitates continual improvement of the
organization.
• Improving risk management maturity facilitates
continual improvement of organization.