GRC: Where to start? Productive healthcare ERM tools

Coordinated care in hospitals starts with the right GRC tools and ERM framework.

In November 2018, Baylor St. Luke’s Medical Center in Houston made two medical errors, the second of which lead to the death of a 75-year-old patient. After an investigation by the Houston Chronicle and ProPublica, the Centers for Medicare and Medicaid Services issued a report in early 2019 that outlined a pattern of blood labeling errors at the hospital. A ProPublica article on the report states:

Dr. Ashish Jha, an expert in hospital quality, reviewed the government’s findings and said it appeared St. Luke’s was struggling to meet basic care standards. The labeling mistakes, he said, seemed indicative of ‘a broader systemic problem.’… St. Luke’s appeared to miss warning signs in the months prior to the deadly mistake, according to the government report.

The “broader systemic problem” Dr. Jha mentions is, unfortunately, not unique to St. Luke’s. Many hospitals and healthcare systems face organization-wide, process-related issues, especially in a modern healthcare landscape that’s rife with change. Mergers, multiple technology platforms, and changing healthcare policies, to name just a few, contribute to widespread miscommunication and a lack of transparency. This, in turn, jeopardizes the overall quality of care within these organizations.

Hospitals can stem the scope of these issues by implementing a healthcare enterprise risk management (ERM) program. Healthcare ERM establishes a standardized framework for identifying risk across an organization, encourages cross-departmental collaboration, and shifts hospitals from a reactive clinical risk program to a proactive holistic risk management program. A straightforward process, along with the right technology the leverages healthcare analytics, can help to make this shift effective.

What is ERM?

ERM is often described an organization-wide program for identifying, mitigating, and preventing risk through the use of data aggregation and cross-departmental communication. But the heart of ERM involves more than that. To bring about lasting, meaningful change with an ERM program, organizations must engage with data analytics to spot trends and develop strategies that lead to better decision making.

As noted in the article Avoiding common ERM pitfalls, Michael Yip, former vice president of risk management at DFW Airport, “contends that risk management should be held in the same regard as other key business functions such as legal, finance, and the like. As he sees it, ERM involves the true application of enterprise risk, ‘not just the mechanics’ of doing risk assessments.”

Common roadblocks to ERM

Implementing ERM can be a daunting process for many healthcare organizations. Given the urgent nature of hospital work, continuous intake and management of patients, and rapidly changing healthcare laws and policies, an expansive new initiative may seem like an additional load to throw at staff members already operating at max capacity. The Risk Management magazine article 10 Common ERM Challenges lists several of the hurdles involved in establishing an ERM program, including the issue of how to share information with various internal and external parties, and how to communicate risk.

And if those challenges weren’t difficult enough, there is often disagreement over who should run an ERM program. The Risk Management magazine article elaborates on this dilemma, stating, “The question regarding who should ‘own’ ERM is often unclear and commonly disputed at the board, audit committee and management levels.”

ERM thrives only when ownership of the program is shared across the entire organization (hence the enterprise in enterprise risk management), and when core strategic goals have been properly communicated with those various departments. The far-reaching nature of ERM can feel overwhelming for healthcare organizations already struggling to manage their complex internal structure, but the benefits to quality care are too great to forego it. The article What is Risk Management in Healthcare? summarizes the necessity and power of ERM:

…Rigorous risk management strategies are paramount to every healthcare organization’s viability. By establishing an ongoing and systematic approach to minimizing the risks inherently associated with the field of healthcare, more and more healthcare organizations are successfully protecting quality of care and financial strength while navigating the tumultuous era of change.

The good news is that ERM does not have to be overly complicated. By starting small, being deliberate about an ERM framework, and using the right healthcare risk management software, hospitals will reap the benefits of a robust healthcare ERM program.

How to get started

Michael Yip champions the concept of keeping ERM simple, noting that organizations can find components of ERM already underway. As mentioned in the eBook Choosing ERM Technology and Frameworks, “Another pitfall Yip often sees is risk managers making ERM overly complicated. To avoid this, he suggests changing the perspective. ERM does not need to be a complex mystery. ‘No matter what organization you are a part of,’ Yip says, ‘you are already doing some form of it today.’”

With some thoughtful adjustments, you can make your existing processes much more effective while formalizing processes for increased accountability.

Identify your team

Before making any changes, hospitals must identify who will lead ERM efforts across the organization. The first step is to create an ERM committee with members from risk management, legal, leadership, the nursing staff, the physician staff, and more. This cross-departmental team will be responsible for overseeing the implementation and nurturing of the ERM program.

Security Health Plan, a not-for-profit HMO in Wisconsin, provides an example of what this might look like in practice. The organization began by creating a committee of existing staff members to help develop and carry out its new ERM program in 2014. According to the HFMA Leadership article How to Optimize Enterprise Risk Management Strategy in Health Care, “The committee organizes quarterly meetings to gather feedback from staff who represent various departments and are in positions to identify key risks. The committee regularly communicates information back to leadership.”

Finally, teams can designate specific roles for each member. According to How to Optimize Enterprise Risk Management Strategy in Health Care, the ERM strategy for Indiana-based Hendricks Regional Health included identifying an owner for each particular risk scenario, including “projected scenarios and data on likelihood, key performance indicators to be monitored, plans of action to respond to each scenario, and follow-up after risk events.”

The right team provides the backbone for cross-departmental engagement with an ERM program.

Nail down a strategy

Once a team is in place, an organization must clearly define its ERM program’s strategy to make sure everyone is in step. Yip offers a summary of what a team’s purpose might look like: “Our program is “going to provide a system that will holistically gather the data for us, and then we are going to all speak the same the same terminology, all work towards the same material thresholds, and all go after [the organization’s objectives].”

According to the ASHRM white paper Enterprise Risk Management: A Framework for Success, “Objective setting is an important step to ensuring the ERM strategy and comprehensive ERM plan are actionable and operationalized. Clear objectives offer a roadmap that will support goal attainment.” To determine these objectives, ASHRM suggests doing a SWOT analysis, which considers an organization’s strengths, weaknesses, opportunities, and threats. For many hospitals, decreasing medical error, establishing a safety culture, and improving patient care are the end goals. The Avoiding common ERM pitfalls article says, “The key is to look at each proposed step and relate it directly back to objectives the executive team is already focused on. Identifying those which most strongly align with organizational targets and goals helps to shortlist the framework elements to those which matter most.”

A critical step in establishing strategy is getting agreement from leadership on what the objectives are and how they want to receive reports on the progress of those objectives. The COSO guide Embracing Enterprise Risk Management: Practical Approaches for Getting Started outlines the importance of stakeholder buy-in:

The board and senior management should agree on their initial objectives regarding ERM, its benefits and their expectations for successful ERM. At a high level, there should be clear agreement and alignment of the board’s and senior management’s expectations, timing and expected results. This should include agreement on the resources to be made available and targets dates for the effort. The board should also consider the timing and level of status reporting that will be required to effectively monitor and oversee the ERM effort.

Establishing a strategy is an essential component for getting an ERM program off the ground, but the right technology is the linchpin for generating the results that lead to lasting change, without additional headaches for already-slammed staff members.

Choosing the right healthcare ERM technology

A flexible, integrated healthcare risk management information system (RMIS) can be the key to launching a successful ERM program. Origami Risk adapts to fit an organization’s unique requirements, offering the following tools that contribute to improved decision making.

Risk assessments

As stated in ERM: Moving beyond risk assessments and heat maps, “Risk assessments can be highly effective when viewed as the first step in a process. They provide the structured, organized data needed to identify tolerance gaps.”

As an initial step, Origami’s ERM system allows hospitals to customize risk records to fit their unique structure or process. This includes creating dashboards and reports highlighting the risk factors most critical to their strategic goals. With risk assessments in one centralized location, hospitals can standardize risk and exposure data for better analysis and reporting, as well as provide easier tracking of high-risk exposure across multiple years. Origami also incorporates ASHRM’s eight risk domains, which helps guide ERM best practices across an organization.

Workflow & communication

Origami’s healthcare risk management software streamlines workflow and communication, eliminating one of the biggest barriers to ERM success. Rather than manually creating and sending out spreadsheets, followed by the tracking down of responses, employees can offload those tasks to the software. Origami sends automatic alerts and task assignments keeps parties across all departments up to speed. Increased transparency and communication helps ERM become the collaborative initiative it’s meant to be. The Catalyst NEJM article What is Risk Management in Healthcare? states that a healthcare ERM program uses technology “to synchronize risk mitigation efforts across the entire organization and remove risk associated with siloed departments or business units.”

Healthcare analytics

The real power of an ERM program comes from turning healthcare data into insight. While collecting data and sharing it with the right parties is a crucial piece of the puzzle, analyzing that data to inform better decisions is what moves healthcare organizations and their quality care efforts forward.

The automation afforded by software like Origami Risk frees hospital staff to “set their sights on the bigger picture,” as the article How hospitals can increase patient safety event reporting states. Healthcare analytics allows hospitals to see trends and spot outliers. The article goes on to state, “Origami Risk uses several root-cause methodologies—including fishbone, RCA2, and the 5 whys—to help make better strategic decisions and enhance program quality.”

When organizations have the opportunity to ask questions like “what does this data mean?” and “what should we do about it?” they move to a proactive mindset. ERM: Moving beyond risk assessments and heat maps puts it this way: “The conversation and analysis sparked by these two questions are what yield the high-value information management demands. That context converts abstract data into actionable reports.”

A healthcare ERM program unifies quality care efforts

Medical error is a major issue facing hospitals around the country. A lack of coordinated processes and communication among departments and staff plays a big role. A healthcare ERM program, bolstered by the right technology, can help get everyone from leadership to legal to nursing in lockstep—in regard to both processes and risk prevention goals. With buy-in at all levels, healthcare ERM can go a long way toward preventing recurring medical errors that led to the tragedy at St. Luke’s.

Get in touch with our healthcare risk management team today.