Skip to main content

The healthcare climate is complex and demanding and the stakes are high. A focus on patient safety and reducing preventable harm has historically been, and will continue to be, unique to healthcare organizations. However, the changes in healthcare reimbursement models, regulatory and legal compliance, and the increased use of technology have brought additional risks to the forefront for healthcare organizations.

In the current healthcare risk landscape, risks are more interconnected than ever before. No longer are they restricted to, nor can they be resolved in, silos. Instead, they unfold across departments, can affect multiple roles, and have impacts on various levels in a healthcare system. Organizations must unify their safety, risk, and compliance functions to achieve effective risk management that fully protects their patients, employees, and businesses.

Origami Risk’s Anooja Cannon, Senior Market Strategy Lead, and Bill Schwacke, Healthcare Practice Lead, recently hosted a webinar, “An Integrated Approach to Healthcare Safety, Risk, and Compliance Management,” to explain what an integrated risk management (IRM) approach means and discuss the importance of an IRM framework and technology for healthcare organizations.


As it often is in other sectors, risk management isn’t just a matter of saving money, improving efficiencies, or avoiding reputational damage. Healthcare industry incidents and errors can have devastating consequences on patients’ lives. Mishandled risk in healthcare facilities can have life-altering implications and has become extremely difficult to mitigate. The rise in the aging population and chronic diseases coupled with the lasting impact of the recent COVID-19 pandemic has contributed to major issues with staffing availability, resource allocation, capacity constraints, and supply chain disruptions. With all of these factors in play, health care is now pressed with higher demand, increased complexity, and a greater need for coordination among stakeholders.

An IRM framework assimilates specialist knowledge across an entire organization to promote unified, swift responses to interconnected risks. Healthcare organizations that adopt a well-planned integrated risk management strategy, supported by fully-integrated risk management technology, will note the positive impacts on patient safety, employee productivity, and continued process improvement while reducing administrative burden company-wide.


Per the American Society for Health Care Risk Management, the risks healthcare organizations face can be grouped under the following “great eight” risks. Each group must be accounted for to successfully implement IRM in an organization:

Great 8 Risks

.1. Operational risks arise from inadequate processes, system failures, supply chain disruptions, staffing issues, or inefficient workflows; they include adverse event reporting, facility or equipment issues, and communication breakdowns that affect patient care.

2. Clinical risks can put patients’ health and well-being in jeopardy, and result from issues such as medical errors, misdiagnoses, and surgical complications.

3. Strategic risks originate from an organization’s decisions and initiatives in response to challenges that include competitive pressures, evolving patient needs, and changes in the healthcare landscape.

4. Financial risks impact the financial stability of an organization and encompass issues related to reimbursement, payment delays, billing and coding errors, fraud, waste and abuse, and inadequate revenue generation. Governmental policies and regulatory changes can contribute to these risks as well.

5. Human Capital risks stemming from acquisition and retention, engagement, training, and overall work experience for employees or staff can have dire consequences on organizational performance and patient care. For example,  the results of a three-year study (documented in the article Emotional Exhaustion Among US Health Care Workers Before and During the COVID-19 Pandemic, 2019-2021) shows that about 40% of doctors and almost 50% of nurses reported feeling burned out.

6. Legal & Regulatory risks refer to potential violations of laws or standards of care such as HIPAA, quality standards, and accreditation. Failure to comply with these regulations may result in legal penalties, reputational damage, or loss of funding.

7. Technology risks associated with data breaches, cybersecurity system failures, interoperability issues, and outdated infrastructure risks are rampant in today’s tech-centric healthcare landscape. According to the article More Healthcare Devices Means More Cyberattacks – How Weak Medical IoT Security Threatens Patient Care, an astounding 75% of healthcare practices have experienced at least one cyberattack.

8. Hazard risks include pandemics, natural disasters, and other incidents that could disrupt healthcare operations, infrastructure, or patient care.



It’s important to understand how one risk event can have a significant ripple effect. Take the story of Valley Brook Hospital (a fictitious facility). Like many healthcare facilities, VBH experienced a severe clinical staffing shortage and the staff were working extra hours to cover the gaps. This resulted in fatigue and burnout among staff members.

Following a cardiac surgery, Patient A was prescribed warfarin, an anticoagulant used to prevent blood clots. Due to a staff member’s exhaustion, the dosage amount was misread and the patient received an incorrect dose of what was otherwise the correct medication. This error caused the patient to experience severe bleeding that resulted in long-term GI complications. As a result of this medical error, the patient suffered from a decreased quality of life due to ongoing pain and needed medical interventions that impacted both the patient and their family. 

There was no immediate incident report filed by the staff member who administered the incorrect dosage. Eventually, the patient's family sued VBH for medical malpractice. The story was picked up by a local news outlet.

After further investigation, it was found that the hospital's medication administration process and staffing practices did not meet quality standards. The staff member who administered the wrong dosage was treated poorly by the Administration, and due to the lack of support and the punitive nature of their leadership's actions, the staff member decided to quit their job.


This fictitious situation demonstrates how poor risk management practices can have a significant impact — financially, legally, culturally, and reputationally. As you can see from this example, an unmitigated risk can trigger other risks, both directly and indirectly. Without a holistic and comprehensive approach, risks associated with one adverse event could be missed, ignored, or addressed with a lack of urgency (or not at all) , which can ultimately impact the organization in several meaningful and adverse ways. VBH lacked a centralized approach to risk management, safety, and compliance. This resulted in communication issues and, ultimately, a mishandled situation.



With an integrated risk management approach, the medication event or the administration of Patient A’s medication might not have occurred due to preventative measures or adherence to best practices that could’ve help staff prevent the misadministration of medication.

This would have come in the form of corrective action, such as the implementation of new technology or policies and procedures to help the staff with medication administration. In addition, if the adverse event did in fact happen, staff would have been able to report that event quickly and effortlessly to notify the appropriate teams in an expedited manner.

In this case, not only would leadership have been notified, but also the pharmacy team, the med safety team, and the risk management team, as well. And even if the misadministration of medication had been caught beforehand, a near-miss still would have been reported — an example of the learning aspects of an IRM approach.

In either case, staff would have been recognized for recording the event and contributing to VBH’s IRM methodology, which might’ve played out as follows: a root cause analysis (RCA) would have been automatically launched in a timely manner. Teams would have been assigned, a timeline of events would have been established, contributing factors would be identified, and an action plan would have been formulated to expedite the resolution of the issue.

Perhaps a medication safety audit would also have been conducted based on proactive monitoring of thresholds for medication events or on an ad hoc basis based on the seriousness or the severity of the event. An audit might also have been triggered for similar locations across the organization to be able to help identify if this was an isolated event or a potential systemic issue. 

Analyzing this data through reports, analytics, dashboards, and presentations would be used to inform the learning environment. Data collected from each area of the organization could then be used to support ongoing improvements throughout the organization such as proactive changes to staffing policies and procedures. 

All of this was achieved by keeping the staff involved throughout the entire process. This can help to support a patient safety culture and ensure that employees feel heard and involved, a key element in a “just culture”.



Implementing proactive, holistic risk mitigation strategies requires significant time, resources, and commitment from an organization’s leadership and across all departments. When beginning such a considerable undertaking, it’s important to take it one step at a time. Here’s how you can get started:

Perform a data audit

Fully capture your risk environment to quantify risks, then analyze your risk portfolio to assess each risk. After that, prioritize the risks and build action plans to address them.

Investigate incidents

Complete a thorough investigation by breaking down each occurrence into a problem and causes, with each cause organized by theme into parent categories.

Share insights and make decisions

Buy-in from key stakeholders is crucial here. Collaboration, patient safety, and timely reporting are pivotal values to foster in an IRM culture. Leadership must create a supportive environment that encourages clear communication with employees. Increase automation to reduce redundancy wherever possible, and initiate efforts to improve safety practices and monitor their outcomes.


IRM requires the right technology to propel it through an entire healthcare organization. Here are three points to bear in mind when seeking the right solution:


The system must be capable of evolving to stay relevant as business needs and external factors change over time.


The platform must make every effort to ensure data privacy by leveraging cutting-edge technology, data encryption, and other methods to safeguard information.


IRM is organization-wide, and the technology systems used to implement and support it need to scale in a way that meet functional and budgetary requirements.


Healthcare organizations that fail to embrace IRM are putting the well-being of their patients and businesses at stake. With the right combination of organizational collaboration and technology solutions, IRM can help prevent patient harm, encourage learning and process improvements, and mitigate risk exposure.

To learn more about Origami’s integrated risk management solutions, contact us to request a demo.


Javascript Code