Category: GRC/ERM

Healthcare administration: The vital role of healthcare risk management

Those working in the healthcare industry are no strangers to constant change. A healthcare risk management program and the right technology can help to effectively monitor risk across specialties and improve patient safety. Origami Risk’s Bill Schwacke spoke to Future of Personal Health about the intersection of risk management and the healthcare industry.

Risk management software is used in various industries. How is it applied to healthcare?
Risk management software is at the center of a healthcare organization’s approach to risk, safety, claims, and insurance. The software can define the provider’s approach to risk by linking, organizing, and distributing data from independent, critical functions to provide an organizational view of risk.

Can you elaborate on the correlation between patient safety and risk management software?
Patient safety and risk management software are often linked due to the nature of the data involved. While they often work independently, there are insights that can be discovered when linked together. These insights can improve quality of care and reduce claims/insurance costs for the organization.

Read the full article in Future of Personal Health.

ERM – Moving beyond enterprise risk assessments and risk heat maps

Enterprise risk heat map

Risk assessments and heat maps remain central components in most enterprise risk management (ERM) programs. Yet there is considerable debate about their effectiveness and both tools have no shortage of critics. In 2011 Howard Sklar, a Forbes contributor, outlined one of the most popular criticisms regarding companies that viewed risk assessments as a document instead of a risk management process. He noted, “Companies that fail in this way are often trying to check the risk-assessment box on their program. That’s fine, as far as it goes. At first glance, a risk assessment seems like a low-ROI effort. You put in time and potentially money, and you get back a piece of paper laying out what you already know.

Similarly, others deride heat maps as nothing more than “colorful guesses.” Brian Priezkalns, in the not-too-subtly titled article, Why I hate Heat Maps, says “Heat maps are just a terrible terrible terrible way to understand, communicate about, and decide how to respond to risks. They either mess up what you already knew, or they hide the fact you are too ignorant to make a rational decision. Everything that can be done with heat maps would be done better with actual numbers.”

If these tools have such fierce critics, then why are they still central to most ERM programs? In this article, we’ll examine what drives the limitations, and the key missing ingredient that turns them into powerful assets. read more

GRC: Where to start? Productive healthcare ERM tools

Coordinated care in hospitals starts with the right GRC tools and ERM framework.

In November 2018, Baylor St. Luke’s Medical Center in Houston made two medical errors, the second of which lead to the death of a 75-year-old patient. After an investigation by the Houston Chronicle and ProPublica, the Centers for Medicare and Medicaid Services issued a report in early 2019 that outlined a pattern of blood labeling errors at the hospital. A ProPublica article on the report states:

Dr. Ashish Jha, an expert in hospital quality, reviewed the government’s findings and said it appeared St. Luke’s was struggling to meet basic care standards. The labeling mistakes, he said, seemed indicative of ‘a broader systemic problem.’… St. Luke’s appeared to miss warning signs in the months prior to the deadly mistake, according to the government report.

The “broader systemic problem” Dr. Jha mentions is, unfortunately, not unique to St. Luke’s. Many hospitals and healthcare systems face organization-wide, process-related issues, especially in a modern healthcare landscape that’s rife with change. Mergers, multiple technology platforms, and changing healthcare policies, to name just a few, contribute to widespread miscommunication and a lack of transparency. This, in turn, jeopardizes the overall quality of care within these organizations.

Hospitals can stem the scope of these issues by implementing a healthcare enterprise risk management (ERM) program. Healthcare ERM establishes a standardized framework for identifying risk across an organization, encourages cross-departmental collaboration, and shifts hospitals from a reactive clinical risk program to a proactive holistic risk management program. A straightforward process, along with the right technology the leverages healthcare analytics, can help to make this shift effective.

read more

Facing the challenge of reputation risk management in higher education

The Operation Varsity Blues scandal has heightened reputation management concerns across the higher education community. Seeing how quickly any college or university can suffer reputational damage, and how lasting that damage can be, underscores how valuable an institution’s reputation is, and how critical it is to safeguard it.

The book Reputation management: The key to successful public relations and corporate communication by New York University professors John Doorley and Helio Fred Garcia opens with a quote from Warren Buffet who addressed a group of Salomon Brothers managers in 1991 after the firm became mired in a high-profile trading scandal: “If you lose dollars for the firm by bad decisions, I will be very understanding. If you lose reputation for the firm, I will be ruthless.”

Although numerous surveys show that many leaders of higher education institutions place the same value on reputation as Buffet does, effectively managing these risks remains elusive. In fact, most cannot even define what reputation is.

Defining Reputational Risk

In the article How to Manage Reputation Risk, Nir Kossovsky addresses the definitional ambiguity directly. “From your boardroom and C-suite to the SEC and Office of the Comptroller of the Currency, everyone agrees reputation risk exists, yet few can describe it. However, this isn’t as difficult as it seems.” Kossovsky defines reputation as the expectation of behavior that is set by stakeholders. “Customers have expectations when they buy products or services, employees have them when they accept jobs, vendors have them when they partner, creditors and investors have them, and even regulators have them.” For colleges and universities, this extends to the communities that house them, the potential pool of students and parents considering attendance, research partners, and the other organizations that interact with them.

read more

How ERM technology helps financial institutions address Matters Requiring Attention (MRAs)

Complying with Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulations is a major challenge for financial institutions. Those found with deficient practices are subject to receive a Matter Requiring Attention (MRA) notification. The Office of the Comptroller of the Currency (OCC) states, “MRAs communicate specific supervisory concerns identified during examinations in writing to boards and management teams of regulated institutions. MRAs must receive timely and effective corrective action by bank management and follow-up by OCC examiners.”

This combined requirement of timeliness and proof of effectiveness makes delivering an acceptable response particularly challenging. Unfortunately, MRAs are not uncommon. The article Get to Know the “5 Cs” — BSA Matters Requiring Attention notes, “Most banks receive some sort of finding or ‘Matter Requiring Attention’ (MRA) or ‘Matter Requiring Immediate Attention’ (MRIA) regarding their BSA Program during a BSA exam.” Given the likelihood of receiving an MRA, and the burden associated with the response, developing a robust process to handle them is essential.

This post will examine how the right Enterprise Risk Management (ERM) system is uniquely suited to not only help efficiently and effectively respond to the challenges associated with MRAs, but also (when properly configured) help minimize them.

To understand how this is possible it is useful to “learn from the mistakes of others.”

read more

Looking to launch an ERM program? Borrow ideas from startups

Implementing an enterprise risk management (ERM) program can be a daunting, intimidating project. Trying to introduce new frameworks and controls across the organization, roll up risk reporting from the unit to enterprise level, and initiate discussions with the board that lead to action can be overwhelming. Using techniques proven to work with startups, however, can make the process far more manageable and increase the odds for success.

Startup incubators often promote a few common themes:

  • Let customers/market dictate the product
  • Scale it down – start small and go live fast
  • Do the research and learn about the market
  • Get feedback as quickly as possible
  • Fail silently – incorporate lessons learned without dragging the whole effort down

These techniques suggest that the traditional high-profile, enterprise-wide rollout of a new ERM program may not always be the best way to launch. Instead, focusing on the smallest scale project—one with the potential to yield meaningful results—and relying on a customer-driven approach may be the key to creating a sustainable, effective ERM program.

read more

5 ways healthcare risk management software increases patient safety

Healthcare risk management starts with using healthcare incident reporting software and patient safety software.

A 2016 analysis published in BMJ revealed that medical error is the third-leading cause of death in the United States. This includes process errors, planning errors, and failures to act. Martin Makary, a health policy expert at Johns Hopkins and an author of the analysis, explains that the “complex medical system” in the U.S. “sometimes lacks transparency that results in the wide variation in quality of medical care that is the endemic problem in safety.” Makary also notes that “safety nets are missing and standardization is lacking.”

At the heart of this standardization problem lies outdated technology and confusing systems. Many healthcare providers continue to use lagging systems that don’t efficiently collect or analyze data. Furthermore, a mix of legacy and new systems makes for potential conflicts that add to the confusion and fortify workplace silos. Without the sharing of information, organizations fail to see big-picture strategies and solutions that could help prevent medical errors and increase patient safety.

read more

Make automation matter

It’s not exactly a secret: Regardless of size or industry, every organization stands to benefit from using automation technology to cut down on repetitive, time-consuming administrative tasks. More than simply speeding up a process or getting people to work faster, automating administrative tasks yields value by freeing up employees to focus on the aspects of their job that really matter and provide value.

Automation is wonderful. Except when it isn’t.

As covered in Behind the Hype of Robotic Process Automation (RPA), businesses can run into issues by rushing to reduce costs and improve productivity through automating processes without first evaluating their effectiveness and necessity. The benefits of automating repeatable, administrative tasks can also be lost if automation technology is too difficult to use. The result? Time that could be used performing more high-value activities winds up spent managing software.

read more

How to prepare for 2019 data breach trends

Data Breach Today offers predictions in What’s Ahead for Health Data Privacy, Security in 2019? While the article focuses primarily on health data, a few key trends apply more broadly and are likely to resonate with all types of organizations.

Prediction: Disruption from regulatory changes is likely

Rebecca Herold, author of 19 books on information security and CEO of The Privacy Professor consultancy, begins the list of predictions by examining the potential for agency updates to HIPAA. “Based on continued pressure from local, state and federal government agencies, law enforcement, researchers and others to ease the sharing of patient and mental health data by removing the need to obtain patient consent, I expect to see OCR issue proposed HIPAA updates,” she notes.

read more

The data-driven risk manager

Despite the widespread ambition of organizations to create a data-driven culture, few seem to make the transition successfully. In the article Big Companies Are Embracing Analytics, But Most Still Don’t Have a Data-Driven Culture, the authors cite the results of this year’s annual New Vantage Partners survey on data issues. “Virtually all respondents (99%) say their firms are trying to move in that direction, but only about one-third have succeeded at this objective. This gap appears every year in the surveys, and the level of success hasn’t improved much over time.”

According to a Gartner study, a similar disconnect is found: 80% of CEOs claim to accept the concept of data as an asset, yet only 10% say their organization treats it that way. Given the fairly daunting odds, why are so many organizations still fighting the uphill battle to establish a data-driven culture? Because, as a TechCrunch article notes, “Being data-driven pays!” As proof, the authors cite an MIT study finding a 5-6% higher output in data-driven organizations and other research indicating a more than $13 payback for every dollar spent on analytics.

The importance of the risk manager

Given the potential payoff of a data-driven culture, the analysis-based role of a risk manager can be a linchpin in the effort to elevate the role of data in strategic decision-making across the organization. To make this transition, risk managers need to adopt an enterprise risk management (ERM) mindset, regardless of whether the organization actually has an ERM program in place. The core of this mindset relies on using data to influence decisions and direct actions.

read more