Embed Size (px)
Citation preview
Healthcare Management Forum Gestion des soins de santé 27
ealthcare risk management is a relatively new field that emergedprimarily as a consequence of escalating medical malpractice costs inthe 1970s.1 The American Society for Hospital Risk Management, adivision of the American Hospital Association, was created in 1978.Similar national bodies now also exist in Great Britain (The NationalPatient Safety Agency) and in Australia (The Australian Council for
Safety and Quality in Health Care) although they have only been in existencefor a few years. Canadian efforts have more recently been initiated with theNational Steering Committee on Patient Safety (2002) that recommendedcreation of a Canadian Patient Safety Institute, established in December 2003.The Canadian Council on Health Services Accreditation has had standardsrelated to risk management since the introduction of its Client CentredAccreditation Program (CCAP) program in 1995, and are now closely watchingpatient safety developments in Canada to align future accreditation programsaccordingly.
Traditionally, risk management activities have focused on issues of liabilityand minimizing losses. However, the fast pace of change in the healthcareenvironment towards resource restraint, growing openness, transparency,accountability, and measurable organizational performance is increasinglyyielding results-oriented approaches to risk management – more modern,integrated approaches to help clinicians and administrators better understand,manage and communicate risk and improve related decision-making. Thefocus of risk management has grown beyond human errors like malpractice ornegligence to the study of system-based adverse events which occur as theresult of a long sequence of events and processes. Issues of liability and riskmanagement, when considered within the current context of accountability,are now conceptually linked with quality improvement. Such integratedapproaches to risk and quality management are considered best practice.1
According to the Conference Board of Canada2 an Integrated Risk Managementsystem (IRM) is defined as “a framework that pulls together a variety ofdisciplines in the organization to address both sides of risk - minimizinguncertainty and maximizing opportunities.” A key difference between traditionaland integrated risk management is that IRM is geared to identifying newopportunities for improvement of risk practices, and prevention, in additionto minimizing losses, the traditional focus of risk management. Capitalizingon new opportunities for improvement, which can emerge from objectivesystem-wide analysis of errors, incidents and adverse events, is thefundamental principle of an integrated risk management system.
By way of example, consider the following hypothetical sentinel event: Apatient residing on a locked unit went missing when the “system” in placefailed to alert staff that she was wandering off the unit. Investigations revealedthat the patient’s Watch Alert bracelet was not functional and, as the unit didnot have bracelet testing equipment, staff were not aware of the malfunction.Furthermore, the elevator was not security code-controlled, allowing the
BRIEF REPORT
Building an Effective Risk ManagementProgram in a Healthcare Setting by Louise Patrick
Louise Patrick, PhD, CHE,is Director of Quality,Utilization & RiskManagement for theSCO Health Service inOttawa. Dr. Patrick hasclinical, research andbusiness backgrounds.She is also a clinicalpsychologist, assistantclinical professor at theUniversity of Ottawa,adjunct professor atCarleton University, anda surveyor with theCanadian Council onHealth ServicesAccreditation. Prior tojoining the healthcaresector, Dr. Patrick, whofurther holds a Bachelorof Economics Degreefrom ConcordiaUniversity in Montreal,had a 10-year career inthe telecommunicationsindustry.
H
AbstractThis paper outlines a step-by-step approach toimplementing an integrated risk managementprogram in a healthcare setting. The paperargues for a corporate approach to riskmanagement, based on centralized analysis of incidents and a focus on proactivemanagement of risk factors. The paperdiscusses implementation from both structuraland process perspectives and within the context of Canadian accreditation standardsand the National Patient Safety SteeringCommittee recommendations.
28 Healthcare Management Forum Gestion des soins de santé
patient to access it to exit. Thetraditional approach to managing risk insuch a case would be to obtain testingequipment for the Watch Alert Braceletsand a Key Pad lock for the elevator,hoping to reduce the probability of suchan event occurring again on this unit.
An integrated approach to risk manage-ment would mean:
> informing all units across thehospital of the event andcoordinating an organization-widebracelet testing exercise;
> informing the organization’s policiesand procedures coordinator that thewandering policy needs revision toinclude regular testing of thebracelets at fixed intervals;
> mobilizing quality improvementteams to investigate the prevalenceof such events across all units andconducting an analysis of theetiology of occurrences, thus taking asystemic view of this risk issue forthe organization;
> mobilizing research into best-practices in the management ofwanderings; and
> mobilizing the UtilizationManagement Committee toinvestigate current utilization ofexisting wandering-managementresources across the organizationand determining the optimalresources and systems required.
Lastly, an integrated approach to riskmanagement would follow up with anaudit of the prevalence of wanderingsacross the organization 12 months laterto ensure the efficacy of remediationimplemented.
According to the Joint Commission onAccreditation of Healthcare Organizations(JCAHO), implementation of an integratedrisk management system is one of thecriteria which define a LearningOrganization3 as risk information(collected and analysed) is used as alearning resource throughout theorganization. This requires a culturewhich firmly values disclosure of errors. Itis significantly different than a riskmanagement process based on the
circumscribed reporting of risk events toa select group of individuals within anorganization. The Canadian Council onHealth Services Accreditation (CCHSA)has incorporated the concept of integratingrisk management practices into theoperational activities of organizations inits Achieving Improved Measurement(AIM) accreditation program, as part ofthe System Competency dimension ofthe Leadership standards (standards 9.0to 10.0). The standards indicate that riskmanagement practices need to be linkedwith Continuous Quality improvementand Utilization Management systems.
How does an organization build aneffective risk management program?The Canadian Healthcare Association(2002)4 and the Canadian National SteeringCommittee on Patient Safety5 haveidentified three systemic barriers whichorganizations need to overcome in orderto establish functional risk managementsystems. These include a punitive cultureof blame that drives risk issues under-ground; failure to adopt a systemicapproach that would enable employeesto learn more effectively from adverseincidents; and uncoordinated reportingand analysis mechanisms. Althoughresearch into risk management strategiesand outcomes is relatively still in a stateof infancy, current best practice1,6 sourcessuggest that in addition to overcomingthe above mentioned barriers, an effectiverisk management program further requiresthe following elementary building blocks:a formal structure, sufficient scope tocover all categories of risk, risk strategiesand clearly defined procedures. Thus, theimplementation of an effective riskmanagement program involves thefollowing steps:6
> determining the scope of your riskprogram;
> selecting a type of structure and thekey features to support the program;
> identifying the RM strategies andregulatory processes required givenyour particular patient population(s);
> implementing coordinated tracking,measurement and analysismechanisms;
> fostering a patient-safety and adisclosing culture throughout theorganization;
> conducting ongoing educationalprograms on risk management for allstaff;
> designing communications systemsto disseminate risk incidentsinformation widely; and
> regularly monitoring and evaluatingthe program’s efficacy.
The main generally accepted scope of RMprograms6 includes patient care andpatient safety, employee-related risks,property and security risks, and financialrisks. Relatedly, a review of theliterature3,6 reveals that two types ofinfrastructures predominate in how riskmanagement is organized in healthcareorganizations: 1) centralized responsibilityand accountability for all risk functionswhere individual risk coordinators workunder the leadership of a corporate riskmanager and final accountability for allrisk management (clinical and non-clinical) rests with the risk manager; and2) shared responsibility with multiple setsof defined risk areas where responsibilityand accountability is divided amongdepartment heads who assume responsi-bility uniquely for risk managementactivities in their departments.
In terms of key structural elements, theAmerican Society for Healthcare RiskManagement recommends: 1) accountabilityderived from clearly defined riskmanagement responsibilities, measurablerisk management goals and relatedperformance appraisal process, 2) formalmechanisms to ensure that risk manage-ment activities are coordinated withother functions in the organizations; and3) computerized tracking of occurrences toprovide data processing, trends andbenchmarking analysis, and reportgeneration.
Establishing a formal risk managementinfrastructure with centralized andaggregated tracking and analysis under acorporate risk manager/patient safetyofficer may be an optimal way to organizethe key structural elements outlinedabove and maximize the efficiency of the
Healthcare Management Forum Gestion des soins de santé 29
risk management program. A corporate-level manager can lead and integrate allrisk management functions, includingorganization-wide education, evaluationof the corporation’s performance on risk-related factors, and formal reporting tosenior management. He or she cancoordinate and synthesize unit-basedrisk management efforts in conjunctionwith unit-level coordinators, thusensuring a standardized approach acrossthe facility and a wide dissemination ofcorporate risk management objectives.Such an infrastructure can generateeconomies of scale with regards toongoing risk and patient safety education,deployment of electronic systems tosupport tracking of risk events, and thedevelopment and implementation ofrisk-related policies and procedures. Itshould be noted, however, thatcomparative outcome analysis of riskmanagement infrastructure types in theCanadian healthcare system may not yethave been conducted; thus, the issue ofinfrastructure superiority remains anempirical question at this time and adirection for future research.
What about process?In addition to the structural elementsoutlined above, an effective risk manage-ment program requires well designedprocesses; for example, formal communi-cation and education mechanisms toensure a wide dissemination of adverseevents information across an organizationso that we may learn from mistakesmade. Processes and supports to reactpromptly to implementation of newsafety initiatives, policies and proceduresand/or new legislated changes to ensurecompliance are also required, as poorcorporate compliance can become asignificant risk. Newly emerginginitiatives7,8 in the healthcare sector –such as those of the National SteeringCommittee on Patient Safety and thoseof the Privacy Legislations – have riskmanagement implications and requiresuch compliance-facilitating mechanisms.Another important process to establishis one for auditing. Managing riskeffectively requires significant auditingand research abilities to identify risky
practices on a proactive basis. Forexample, previous studies9 have revealedthat 9% of physician orders containerrors leading to potential adverseevents. How a given organization standson this risk and on other similar riskswhich have been identified in theliterature remains unknown and thus“un-managed” from a risk perspective ifnot proactively audited. As such, manyhospitals are now making provisions forsuch capabilities in-house or turning toexternal, specialist auditors to conductinternal safety audits.10
Perhaps the most important organizationalprocess required is one of culturalchange: making a corporate commitmentto a risk management and a patient safetyculture. It is well-established1,4,5 thatimplementing a successful risk manage-ment program requires a culture whichsupports individuals acknowledgingmistakes when they are made and awillingness to share and talk openlyabout these mistakes with others. Suchblameless organizational cultures arechallenging to create, however supportiveliterature is newly emerging towards thisend.4,11,12 The following suggestions areoffered to support implementing anopen and blameless culture:
> adopt a formal full disclosure policyregarding all errors made, bothinternally and to patients/families;13
> adopt a “Second Victim”11 policy tosupport staff who make and discloseerrors, recognizing that the experienceis highly distressing to most;
> make use of “Lessons Learned”forums or “Risk Rounds”organization-wide (or city-wide) topromote learning from mistakes;
> create an Adverse Event team toensure follow-up in terms of requiredsystems and process changes, andmove quickly from problem tosolution; and
> develop evidence-based safetyinitiatives; if you have a researchdepartment, make patient safety amain research theme.
Lastly, the cultural change needed tosupport effective risk managementrequires moving to an empirical cultureregarding risk. Senior managementneeds to communicate its commitmentto risk management to everyone in theorganization by developing patient safetyand risk indicators and settingperformance targets for risk results. Riskresults need to be included in acorporation’s Balanced Score Card toevaluate the effectiveness of riskmanagement practices and engage instrategic decision-making regardingrisks. Current best practices1 recommendsthat the Board of Trustees and/or othergovernance bodies not just receiveinformation on sentinel events but beinvolved in the review of an organization’srisk management annual plan and report,in order to integrate risk managementinto the strategic process.
References 1. Performance Management Network. A review of Canadian
best practices in risk management. Report for the TreasuryBoard of Canada Secretariat; 1999.
2. Nottingham L. A conceptual framework for Integrated RiskManagement. Ottawa: Conference Board of CanadaPublications; 1997.
3. Sales A, Moscovie I, Lurie N. Implementing CQI projects inhospitals. Journal on Quality Improvement 2000;26(8):476-487.
4. Canadian Healthcare Association. Patient Safety andQuality Care: Actions required now to address adverseevents. A backgrounder report; 2002.
5. National Steering Committee on Patient Safety. Building asafer system: a national integrated strategy for improvingpatient safety in Canadian health care. Ottawa: RoyalCollege of Physicians and Surgeons; 2002.
6. Bryant J, Hagg-Ricket S. Development of a Risk ManagementProgram In: R. Carroll, ed. Risk Management HandbookAmerican Society for Healthcare Risk management. SanFrancisco (CA): Jossey-Bass Inc. Publishers; 2001.
7. Baker R, Norton P. Patient safety and healthcare error in theCanadian healthcare system: a systemic review andanalysis of leading practices in Canada with reference tokey initiatives elsewhere. Ottawa: Health Canada; 2002.
8. Gervais BL, LLP. Risk Management Health Law Seminar.Ottawa; November 2002.
9. Saxe-Braithwaite M. Walking the walk: practical tools for aculture of safety. Paper Presentation to the 5th Joint NationalConference on Quality in Health Care (CCHSA, CHE),Toronto; 2003
10. Devitt R, McLellan BA. Improving patient safety throughlessons learned. Paper Presentation to the 5th Joint NationalConference on Quality in Health Care (CCHSA, CHE),Toronto; 2003.
11. Wu AW. Medical Error: the second victim. British MedicalJournal 2000;320(7237):726-727.
12. Wu AW, Cavanaugh TA, McPhee J, Lo B, Micco GP. To tell thetruth: ethical and practical issues in disclosing medicalmistakes to patients. Journal of General InternalMedicine1997;12(12):770-775.
13. Hebert PC, Levin AV, Robertson G. Bioethics for clinicians:disclosure of medical error. Canadian Medical AssociationJournal 2001;164(4):509-513.
