Risk management in healthcare is a topic that is gaining increasing importance. A large driver of this attention is the shift from fee-for-service to value and outcome-based models. An article in the New England Journal of Medicine’s (NEJM) Catalyst blog notes, “For these reasons, hospitals and other healthcare systems are expanding their risk management programs from ones that are primarily reactive and promote patient safety and prevent legal exposure, to ones that are increasingly proactive and view risk through the much broader lens of the entire healthcare ecosystem.”
This demand for an expanded view of healthcare risks has fueled the demand for Enterprise Risk Management (ERM) solutions. The road to fully functional ERM programs, however, has proven to be a challenging one for most healthcare organizations. The NEJM Catalyst article cites a report from Healthcare Financial Management Association (HFMA) that states, “Despite the growing importance of programs today, and the raised awareness of their importance, many healthcare providers have been slow to adopt a more sophisticated approach… The current state for most providers falls between ‘basic’ and ‘evolving’ maturities for ERM programs.”
Confounding factors for the healthcare industry
Part of the reason that an ERM approach can be difficult in healthcare is because the industry faces amplified risk profiles in several key areas, with risk levels that are well above those faced by other industries. Notable examples include:
- Cyber risk
- Regulatory risk
- Legal risk
- Workplace safety
Despite the widespread ambition of organizations to create a data-driven culture, few seem to make the transition successfully. In the article Big Companies Are Embracing Analytics, But Most Still Don’t Have a Data-Driven Culture, the authors cite the results of this year’s annual New Vantage Partners survey on data issues. “Virtually all respondents (99%) say their firms are trying to move in that direction, but only about one-third have succeeded at this objective. This gap appears every year in the surveys, and the level of success hasn’t improved much over time.”
According to a Gartner study, a similar disconnect is found — 80% of CEOs claim to accept the concept of data as an asset, yet only 10% say their organization treats it that way. Given the fairly daunting odds, why are so many organizations still fighting the uphill battle to establish a data-driven culture? Because, as a TechCrunch article notes, “Being data-driven pays!” As proof, the authors cite an MIT study finding a 5-6% higher output in data-driven organizations and other research indicating more than a $13 payback for every dollar spent on analytics.
The importance of the risk manager
Given the potential payoff of a data-driven culture, the analysis-based role of a risk manager can be a linchpin in the effort to elevate the role of data in strategic decision making across the organization. To make this transition, risk managers need to adopt an enterprise risk management (ERM) mindset, regardless of whether the organization actually has an ERM program in place or not. The core of this mindset relies on using data to influence decisions and direct actions.
Vendor management is becoming an area of increased focus for risk managers. The operational, financial, and regulatory risks third-party vendors and contractors pose to an organization continue to expand unabated. Despite the magnitude of the threat posed from lax vendor management programs, many risk managers do not feel their organizations have the technology and capabilities in place to properly face the challenge.
A Deloitte study notes that 94% of responding executives have only low to moderate levels of confidence in the tools and technology they use to manage third-party risk. Nearly 90% have similar lack of confidence in the quality of the underlying risk management process. Armed with dubious solutions and processes, risk managers fighting for effective vendor management assessment may find it an uphill battle.
The status quo may not hold
Recent New York Times coverage of the dire supply chain effects Hurricane Maria had on the availability of critical prescriptions in the U.S. illustrates how quickly vendor management issues can escalate. The article notes, “Federal officials and major drugmakers are scrambling to prevent national shortages of critical drugs for treating cancer, diabetes and heart disease, as well as medical devices and supplies, that are manufactured at 80 plants in hurricane-ravaged Puerto Rico.”
Trying to determine the value of enterprise risk management (ERM) is a difficult challenge. A quotation frequently attributed to Albert Einstein (although more likely originally said by sociologist William Bruce Cameron) gets to the crux of the issue: “Not everything that can be counted counts, and not everything that counts can be counted.”
Issues with measuring ERM value
Donna Galer, writing for the Insurance Thought Leadership blog, summarizes the reasons why the value of ERM programs are not easily quantified:
- It is extremely hard to know when a loss did not happen because of ERM.
- It is just as hard to quantify the cost of loss that did not happen.
- It is difficult to quantify the “soft” benefits of enhanced reputation because ERM is practiced or because of improved strategic alignment in the organization; ERM requires an understanding of the company’s strategic goals and objectives to identify the risks that might derail their achievement.
- It is often hard to justify the time and expense of measuring something that is not easy to measure.
Determining the objective value of a prevented loss or improved strategic alignment is highly problematic. Despite the very real value associated with those activities, determining a specific value without having an actuary assess probabilities and amounts seems extremely difficult. Not everything that counts can be counted.
As discussed in previous posts, the manufacturing skills gap is a critical risk that demands effective risk management strategies. The real world impacts that can be felt from this risk include:
- Increased wage costs
- Production inefficiencies
- Increased workers’ compensation expenses
- Inability to meet customer demand and potential loss of market share
- Inability to expand
- Decreased R&D effectiveness
In addition to the skills gap, manufacturers face numerous other risks arising from factors that include new regulations, geopolitical shifts, supply chain vulnerabilities, and environmental impacts. Added on top of that are the traditional risks that face all industries such as market risk, disruptive competitors, technology obsolescence, and health/safety risks. Collectively, manufacturers must address a larger number of risks, that change more frequently, and are more interconnected than most industries.