Running a healthcare organization today is more challenging than ever. Healthcare CEOs must address an enormous range of issues, including:

  • Acute pressures to contain costs, but also to innovate, to improve the quality of care and service, to reduce legal and malpractice claims, and to satisfy a myriad of conditions and requirements set by a multitude of payers.
  • Intense competition for patients and consumers - as well as experienced physicians, nurses, pharmacists, technicians, and other qualified staff - in an environment of rapid consolidation and reorganization.
  • Countless regulations and standards from government, certification, and accreditation agencies, covering everything from clinical testing protocols and infectious disease controls to maintaining auditable accreditation records and servicing durable medical equipment.
  • Unparalleled operational complexities from such factors as highly specialized and stratified workforces, supply-chain management and GPOs, and coordinating multiple payers and drug formularies.

In the midst of - and because of - these challenges, healthcare organizations are also threatened by a multitude of risks. Skilled executives know they cannot accomplish their objectives without addressing the attendant risks, and they seek and receive assurances from their staffs that measures are in place to protect the organization.

The truth is, however, that many serious risks are invisible from the executive suite because most organizations lack a risk-management infrastructure to identify, mitigate, and monitor enterprise-wide risk. As a result, employees throughout the organization are constantly accepting risks - and taking risks - that could derail the entire organization that no one in senior management knows anything about.

How could this happen in a technologically advanced healthcare organization that adheres to all the latest management practices? Although there may be others, we have identified three major reasons:

  1. No risk-management infrastructure: While most healthcare organizations have structures in place to track and report financial, clinical, and compliance information, they lack a risk-management infrastructure to identify, treat, and monitor risks across the entire enterprise and to consolidate risk information in meaningful reports to senior management.
  2. Business unit managers lack fundamental risk-management skills: The healthcare industry is filled with managers who excelled at clinical positions and were promoted to management positions, but never received proper training in basic management skills. As a result, they spend most of their time doing what they know best - reacting to operational issues and clinical risk - while failing to focus on strategic issues that can affect the entire organization.
  3. False sense of security from the measures that are in place: Healthcare regulations, by and large, are adopted to protect others, not the healthcare organization itself. However, healthcare organizations frequently - and mistakenly - rely on their compliance programs to protect them from harms not addressed by the regulatory scheme. And while insurance is an important risk-mitigation tool, there are many risks - and many consequences - that cannot be insured but can cause irreparable harm to an organization and its stakeholders.

What are the best practices when it comes to dealing with risk? Innovative healthcare organizations:

  • Recognize that risk management is a strategic function in which the board and senior managers must be actively engaged.
  • Adopt a risk-based approach to securing the organization to ensure that limited risk mitigation resources are allocated efficiently and appropriately.
  • Establish a risk infrastructure to systematically identify, treat, and monitor risks across the organization.
  • Train managers in risk-management practices, ensuring that they have the tools and skills necessary to identify and respond to risk.
  • Create a culture of accountability so that all managers, employees, and business partners understand their roles with respect to risk management.
CEOs who adopt these best practices will go a long way toward protecting their organizations from negative events. But a robust risk-management program will also:

  • Provide greater assurance of achieving the organization's strategic objectives;
  • Reduce overall costs of risk management through technology and operational efficiencies;
  • Enhance stakeholder value through better corporate governance; and
  • Drive sophisticated management practices and accountability into the organization's middle managers.

Chadwick Associates can assist your organization in achieving these results through:

  • Assessments of how the organizations presently manage risk;
  • Assistance in building an Enterprise Risk Management infrastructure;
  • Development of risk metrics to monitor emerging threats;
  • Training of unit mangers in advanced risk-management practices;
  • Outsourced internal audit services; and
  • Investigations of misconduct.