Running a healthcare organization today is more challenging than ever.
Healthcare CEOs must address an enormous range of issues, including:
- Acute pressures to contain costs, but also to innovate, to improve
the quality of care and service, to reduce legal and malpractice claims,
and to satisfy a myriad of conditions and requirements set by a multitude
- Intense competition for patients and consumers - as well as experienced
physicians, nurses, pharmacists, technicians, and other qualified staff
- in an environment of rapid consolidation and reorganization.
- Countless regulations and standards from government, certification,
and accreditation agencies, covering everything from clinical testing
protocols and infectious disease controls to maintaining auditable accreditation
records and servicing durable medical equipment.
- Unparalleled operational complexities from such factors as highly
specialized and stratified workforces, supply-chain management and GPOs,
and coordinating multiple payers and drug formularies.
In the midst of -
and because of - these challenges, healthcare organizations are also threatened
by a multitude of risks. Skilled executives know they cannot accomplish
their objectives without addressing the attendant risks, and they seek
and receive assurances from their staffs that measures are in place to
protect the organization.
The truth is, however,
that many serious risks are invisible from the executive suite because
most organizations lack a risk-management infrastructure to identify,
mitigate, and monitor enterprise-wide risk. As a result, employees throughout
the organization are constantly accepting risks - and taking risks - that
could derail the entire organization that no one in senior management
knows anything about.
How could this happen
in a technologically advanced healthcare organization that adheres to
all the latest management practices? Although there may be others, we
have identified three major reasons:
- No risk-management infrastructure: While most healthcare organizations
have structures in place to track and report financial, clinical, and
compliance information, they lack a risk-management infrastructure to
identify, treat, and monitor risks across the entire enterprise and to
consolidate risk information in meaningful reports to senior management.
- Business unit managers lack fundamental risk-management skills: The
healthcare industry is filled with managers who excelled at clinical positions
and were promoted to management positions, but never received proper training
in basic management skills. As a result, they spend most of their time
doing what they know best - reacting to operational issues and clinical
risk - while failing to focus on strategic issues that can affect the
- False sense of security from the measures that are in place: Healthcare
regulations, by and large, are adopted to protect others, not the healthcare
organization itself. However, healthcare organizations frequently - and
mistakenly - rely on their compliance programs to protect them from harms
not addressed by the regulatory scheme. And while insurance is an important
risk-mitigation tool, there are many risks - and many consequences - that
cannot be insured but can cause irreparable harm to an organization and
What are the best
practices when it comes to dealing with risk? Innovative healthcare organizations:
CEOs who adopt these best practices will go a long way toward protecting
their organizations from negative events. But a robust risk-management program
- Recognize that risk management is a strategic function in which
the board and senior managers must be actively engaged.
- Adopt a risk-based approach to securing the organization to ensure
that limited risk mitigation resources are allocated efficiently and appropriately.
- Establish a risk infrastructure to systematically identify, treat,
and monitor risks across the organization.
- Train managers in risk-management practices, ensuring that they
have the tools and skills necessary to identify and respond to risk.
- Create a culture of accountability so that all managers, employees,
and business partners understand their roles with respect to risk management.
- Provide greater assurance of achieving the organization's strategic
- Reduce overall costs of risk management through technology and
- Enhance stakeholder value through better corporate governance;
- Drive sophisticated management practices and accountability into
the organization's middle managers.
can assist your organization in achieving these results through:
- Assessments of how the organizations presently manage risk;
- Assistance in building an Enterprise Risk Management infrastructure;
- Development of risk metrics to monitor emerging threats;
- Training of unit mangers in advanced risk-management practices;
- Outsourced internal audit services; and
- Investigations of misconduct.