Risk Management Handbook for Health Care Organizations / Edition 5

Paperback (Print)
Rent from BN.com
(Save 74%)
Est. Return Date: 06/17/2014
Buy New
Buy New from BN.com
Used and New from Other Sellers
Used and New from Other Sellers
from $82.21
Usually ships in 1-2 business days
(Save 34%)
Other sellers (Paperback)
  • All (10) from $82.21   
  • New (8) from $82.21   
  • Used (2) from $92.69   


This comprehensive textbook provides a complete introduction to risk management in health care. Risk Management Handbook, Student Edition, covers general risk management techniques; standards of health care risk management administration; federal, state and local laws; and methods for integrating patient safety and enterprise risk management into a comprehensive risk management program. The Student Edition is applicable to all health care settings including acute care hospital to hospice, and long term care. Written for students and those new to the topic, each chapter highlights key points and learning objectives, lists key terms, and offers questions for discussion. An instructor's supplement with cases and other material is also available.

The book contains black-and-white illustrations.

Read More Show Less

Editorial Reviews

Dena Ellis Belfiore
This book describes the key elements of a risk management program. It is designed for an entry-level risk manager or other health professional seeking information or understanding of a risk management program. The examples in the book are most applicable to the acute care setting, although the concepts could be extrapolated to outpatient and other less traditional patient care settings. This book features examples of the basic tools of a risk management program: job descriptions, board reports, sample policies and procedures, and congratulatory and rejection letters. This book thoroughly covers the basics of a risk management program. The strategies have been proven effective in well-managed programs. In part three, on techniques of risk management, the examples are concise and help the reader actualize the concepts. I was impressed by the expansive list of references. The chapter on data management advances in computer technologies will increasingly change the shape of risk management programs and will be the focal point for the program. Topics of interest to risk managers not covered in this book are computerized documentation systems and compliance with COBRA legislation.
From The Critics
Reviewer: Dena Ellis Belfiore, RN, MS (St. Joseph's Hospital)
Description: This book describes the key elements of a risk management program.
Purpose: It is designed for an entry-level risk manager or other health professional seeking information or understanding of a risk management program.
Audience: The examples in the book are most applicable to the acute care setting, although the concepts could be extrapolated to outpatient and other less traditional patient care settings.
Features: This book features examples of the basic tools of a risk management program: job descriptions, board reports, sample policies and procedures, and congratulatory and rejection letters.
Assessment: This book thoroughly covers the basics of a risk management program. The strategies have been proven effective in well-managed programs. In part three, on techniques of risk management, the examples are concise and help the reader actualize the concepts. I was impressed by the expansive list of references. The chapter on data management advances in computer technologies will increasingly change the shape of risk management programs and will be the focal point for the program. Topics of interest to risk managers not covered in this book are computerized documentation systems and compliance with COBRA legislation.
From The Critics
Reviewer: Joyce M Biehn, BSN (Froedtert Hospital)
Description: This handbook delivers a complete framework for the risk manager, outlining the development of a comprehensive risk program and addressing the many diverse areas of risk that the risk manager might encounter. This edition is more complete than the 1997 predecessor and reflects the growing responsibilities of the risk manager in healthcare.
Purpose: The purpose is to offer basic tools for risk management program development. It identifies the related job functions of the risk manager as well as the key supporting relationships. This book will meet the needs of any person who is going to develop a risk program in a healthcare setting, particularly in acute care. It presents the broad objectives of a risk program clearly and succinctly. The book meets the authors' objectives.
Audience: It is intended as a reference for the risk manager, but, according to the author, it is for multiple audiences. I agree that the book will be used most extensively by risk managers, but there are sections that could be used as references by security and safety officers and individuals working in the field of corporate compliance. The editor and the contributing authors are very credible. I have heard many of them speak and have read other publications they have authored. The authors have varied experiences and are from different geographical areas of the country, which enhances the book.
Features: The handbook very adequately describes the responsibilities of a risk manager and the development of a risk management program. It provides information about risk identification, what the risk manager can do to minimize or control risk, and includes a number of tools for the risk manager to use to evaluate the risk control initiatives. The best feature of this book are the new chapters that round out the book and emphasize the current issues that face today's risk manager. Risk managers' roles and responsibilities have evolved and continue to do so in the ever-changing healthcare field. The added chapters help to address the changes and the challenges. The list of exhibits, figures, tables, and appendixes presented in the front of the book make it easy to use and identify those areas one wants to research. This book has fulfilled its objectives as a primer for the risk manager.
Assessment: This is a very useful tool for healthcare risk managers. The addition of 12 chapters in this edition has increased its value. The handbook presents a thorough picture of what risk managers might encounter in the daily operation of a comprehensive risk program. Other books such as Vincent's Clinical Risk Management: Enhancing Patient Safety, 2nd edition (BMJ Publishing, 2001), limit the scope of the discussion of risk management. The Vincent book addresses only the clinical aspect of risk management and does not address any other factors that may affect the clinical picture. This handbook is much more comprehensive and, although it may not have all of the answers, it will get risk managers thinking about opportunities for controlling risk or minimizing risk that they may not have previously considered. I believe this book offers helpful methods for an organization to recognize risk, describes methods to minimize risk, and gives examples of tools to use to evaluate risk. I will use it as a resource.

4 Stars! from Doody
Read More Show Less

Product Details

  • ISBN-13: 9780470300176
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 4/27/2009
  • Series: Jossey-Bass Public Health Series , #30
  • Edition description: Student
  • Edition number: 5
  • Pages: 672
  • Sales rank: 274,505
  • Product dimensions: 6.80 (w) x 9.20 (h) x 1.40 (d)

Meet the Author

Roberta Carroll, ARM, MBA, CPCU, CPHRM, is senior vice president of Aon Healthcare based in Tampa, Florida.

American Society for Healthcare Risk Management (ASHRM) is a personal membership group of the American Hospital Association with more than 5,000 members representing health care, insurance, law, and other related professions. ASHRM promotes effective and innovative risk management strategies and professional leadership through education, recognition, advocacy, publications, networking, and interactions with leading health care organizations and government agencies. ASHRM initiatives focus on developing and implementing safe and effective patient care practices, preserving financial resources, and maintaining safe working environments.

Read More Show Less

Read an Excerpt

Risk Management Handbook for Health Care Organizations

John Wiley & Sons

ISBN: 0-7879-6797-1

Chapter One

Enterprise Risk Management: Laying a Broader Framework for Health Care Risk Management

Ward R. H. Ching

Enterprise Risk Management (ERM) represents a fundamentally new way for health care organizations to conceptualize and manage risks. ERM has emerged over the past five years as a powerful financial, operational, and strategic management framework that focuses on identifying, managing, and exploiting the various risks of the corporation. At the heart of the ERM framework is the recognition that "risk is capital," and that the more traditional definitions of risk are inefficient, conceptually constricting, and are where mitigation techniques can lead to suboptimal resource allocation or the misapplication of financial or operational solutions. Equally fundamental to the ERM framework is the notion that a corporation's risks do not exist in isolation, but can be better understood in terms of their relative importance or contribution to a risk portfolio.

These important distinctions require further examination. It is important to understand that ERM is a framework or a way of thinking about risk. The assertion that risk is capital strongly suggests that risks not only have classic downside potential, but also may exhibit upside or "profitable" characteristics. Therefore, if an organization can identify and manage its risks more effectively than its competition, then the organization may be able to"exploit" its risk management approach and realize a sustainable competitive advantage.

Increasingly, financial and operational managers have discovered that health care corporations, at least in North America, organize themselves functionally into silos that, to a significant degree, operate independently. Within the silos, management may have different perceptions of risk and treat risk differently. For example, hazard risks are usually handled by the corporate risk manager; technology risks, such as Internet security, are handled by the IT department; capital acquisition and market risks (those that have a potential negative impact on earnings arising from changes in market conditions or competition) are handled by the chief financial officer; and human resources-related risks, ranging from absenteeism to corporate benefits, health care, and retirement program management, are typically handled by the human resources department. Also, reputational, brand value-related risks, and corporate governance risks are being managed by finance and audit committees at the board of directors level. In most, if not all, of these cases, the definitions of risk, how risk is measured, and the inventory of possible mitigation solutions is varied and potentially counterproductive. For health care organizations, the ability to understand and deal with risk is extremely important. The health care market environment now requires significant financial dexterity and heightened executional nimbleness when executing strategy. Those organizations that are unable to understand and manage risks within this more chaotic and fluid environment will suffer the ultimate penalty of lost market share, increased operating costs, and eventually, loss of the franchise. A number of recent events have encouraged health care risk managers to broaden their risk management perspectives and seek organizational alliances outside their core competency or specialty. These include the Y2K event, the Health Insurance Portability and Accountability Act, and the new Patient Safety Initiatives report delivered in 1999. All of these events require that risk be reassessed and redefined on a broader basis, and there is a need to capture the strengths of various disciplines to create a more comprehensive view of the organization.

Set against this backdrop, the focus of this chapter is to set the stage for the rest of the handbook by exploring the historical antecedents of ERM, illustrating how ERM is currently being deployed, and suggesting ways in which a health care organization can use ERM to better understand, manage, and exploit risk.


The place to begin looking for the conceptual origins of ERM lies first in understanding the conventional definitions of risk. Risk has been traditionally defined as either "speculative or pure" or "fortuitous" risks. A speculative or pure risk consists of an event(s) or action(s) for which an observable probability of financial gain or loss can be established. Investment in the stock market, particularly in 2002, represents a good example this type of risk because capital invested in the market carries a calculable probability of financial reward or loss. These rewards or losses can be observed continuously, and the probability of gain or loss can be calculated with a degree of specificity. A fortuitous risk is also an event(s) or action(s), but substantively different from speculative or pure risks, because it only generates economic loss. Fortuitous risks are generally defined as insurance risks (property, casualty, workers' compensation, hospital general liability, and medical professional). The financial performance of these risks can be quantified. More important, from a risk management perspective, a market exists that utilizes loss probabilities to calculate a risk premium, with which the risk is transferred to a third party, usually in the form of an insurance contract.

Within the context of ERM, risks can behave either speculatively or fortuitously. The notion that risk is capital underscores this point. The segregation of risks into speculative and fortuitous categories serves to make it easier for "markets" to organize around them. Corporations or governmental bodies approach the stock and bond markets around the expected behavior of investors as they evaluate the new issuance of equity stocks and bonds. The market was set up to understand and manage risk from a price perspective. So too, we observe the historical development of the insurance market as an efficient way to organize capital for the expressed purpose of understanding and transferring risk in the form of insurance policies. The economic assumption at the base of the formation of the insurance market is that large numbers of insureds will pay defined premiums in exchange for a binding legal contract that will pay the insured in the event of a specified loss. The mathematical law of large numbers allows for the aggregation of risk and spreads the risk among a number of insurers who bear the liability in exchange for the premiums.

A fundamental economic problem presents itself when elements of a speculative risk and a fortuitous risk collide in the form of new risk categories. Operational risks, generally defined as those risks that directly affect cash flow or operational efficiency, can take on characteristics of both speculative and fortuitous risk. In these cases, managers have been traditionally forced to chose between treating the risk as one or the other.

Within the ERM framework, the definition of a risk tends to ignore the mutually exclusive speculative or pure versus fortuitous classification scheme. In an ERM context, a risk exists if it can be defined as an observable event(s) or action(s) that can have a material effect on the financial or operational performance of the organization. To be considered, a risk must first be:

Specifically definable

Measurable, utilizing a standard unit of account (revenues, percentage of return on investment [ROI] or earnings before interest and taxes [EBIT], number of beds, patient visits, and so on)

Observable over a period of time

A second major ERM tenant is that risks do not exist or behave in "isolation" but can be identified, grouped, and catalogued in risk domains. A risk domain represents a naming convention or taxonomy that allows the analyst to group risks together in much the same way biologists group species or animals or plants. The assumption within ERM is that risk domains are flexible and convenient ways to observe seemingly independent risks, yet their actual behavior may evidence material movement or organize into families or clusters that can travel across or between domains. Another way to understand domains is to view them as semipermeable membranes within and across which ERM risks or groups of risks can travel. The notion that they only exhibit downside potential (fortuitous) or can display upside and downside behavior (speculative or pure) is rendered immaterial.

The risk domains that are treated throughout the text of this book include:

Operational Risk: Risks derived from an organization's core business practices, which rely on systems, practices, and people. Within this risk domain are risks associated with a diverse number of clinical areas as well as alternative delivery sites.

Financial Risks: Risks associated with an organization's ability to raise capital, maintain access to capital, contracting issues, cost of risk, and evaluating vendor support. This domain includes risks eligible for risk financing treatments such as insurance and self-insurance.

Human Capital: Risks associated with the acquisition, management, and maintenance of a human workforce. These risks would include workers' compensation, unionization, turnover, absenteeism, strikes, workplace violence, harassment, and discrimination. Environmental issues related to safety and security, occupational, and environmental hazards are also included within this domain.

Strategic: Risks that impact the growth of an organization and include mergers, acquisitions and divestitures, advertising liability, joint ventures, and other collaborations. This domain also includes a broad spectrum of reputational risks that center on performance expectations related to customer and community relations.

Legal and Regulatory: Risks associated with the varied and complicated area of mandated health care-related rules, regulations, statues, standards, and regulations. This domain also includes risks associated with licensure, accreditation, and HIPPA.

Technology: Risks associated with new technologies, inventory control, biomedical, telemedicine, e-health, e-commerce, risk management information systems, and equipment obsolescence.

Exhibit 1.1 illustrates the relationship between the various domains.

As shown in this exhibit, the ERM framework deliberately changes the way in which risks and risk domains are characterized and viewed. Within the ERM framework, risks and risk domains are viewed as a larger space, eliminating the artificial barriers that have traditionally been used to identify and contain risks.

Exhibit 1.2 provides a specific definition of ERM.

Simply stated, ERM is a structured analytical process that focuses on identifying and estimating the financial impact and volatility of a defined portfolio of risks. As such, it represents a way of recognizing and discussing risks in a very specific and robustly analytical way. ERM seeks to provide a common metric and discussion platform for senior management decision making. For the health care industry, it represents an operational and cultural framework upon which to recalibrate corporate strategy and deliver improved financial and operational results.

As Exhibit 1.2 shows, ERM focuses on health care issues utilizing three key lenses. The first is referred to as "frameworks," the way an organization defines risk, selects a meaningful core metric, and utilizes the information it gathers about risks to evaluate strategic issues. The second lens is called "tools," which are used to explore the risk framework through financial planning analysis, actuarial forecasting, dynamic financial analysis, economic value-added analysis, critical pathing, and market assessment. The third ERM lens focuses on identifying and implementing solutions to ERM-related problems.

Exhibit 1.3 illustrates the evolution between the more traditional definitions of risk management and ERM. The term evolution is used instead of replacement because with any paradigm shift, the strengths of the older perspective must be accommodated and improved in the new framework. The older risk paradigm conveyed a static definition of risk, where the probability of loss was the only expected financial outcome. The key to risk management was to mitigate the probability of losses through aggressive loss control, safety, clinical risk management, training, and, where losses could not be controlled, transferred through the use of insurance. A core assumption was that an organization's future performance was a function of its historical performance, and this relationship was assumed to be linear. If one understood the loss exposures and the growth of the organization, one could use linear methods to calculate future expected losses by specific risk.

Consistent with this traditional definition, the older risk management paradigm assumed that risks were best handled within their functional silos. The approach further contends that successful risk mitigation within the silos were additive and provided the organization with a positive cost of risk. The problem was that the definitions of risk and the metrics used were generally different. There was no common metric tied to financial or operational performance to determine if the risk management approach was producing intended results. Under the older risk paradigm, a leap of faith was required to believe that risks were being identified and measured correctly, and that sufficient risk treatment was being applied to prevent serious or catastrophic cash flow impairment.

Another element of the traditional risk paradigm asserts that partial or full risk transfer into an organized market maximizes shareholder value. The core assumption is that properly mitigated or transferred risks remove volatility off the corporate financials and by doing so protect shareholder value. Recent capital market representations seem to suggest that the markets, particularly the rating agencies (Fitch, Moody's, and Standard & Poors), view cash flow derived from the firm's core businesses as the key economic indicator of financial health. The market (meaning the equity or stock market combined with the rating agencies) is increasingly viewing significant investments in risk transference instruments that are intended to replace existing property, equipment, and processes as potentially redundant and unnecessary risk mitigation investments. The market recognizes and understands that corporations take risks and are in potentially risky businesses. Their success, as measured in terms of long-term, positive, and growing cash flow, is what grows shareholder value. From the market's perspective, managing volatility across all risk domains is considered a superior vantage point.

The new risk paradigm builds upon the traditional model by declaring that risk is capital.


Excerpted from Risk Management Handbook for Health Care Organizations Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Exhibits, Figures, Tables, Photographs, and Appendixes.

The Contributors.


About This Book.

ONE: Development of a Risk Management Program (Jane J. McCaffrey, and Sheila Hagg-Rickert).

Risk Management Program Development.

Key Structural Elements of the Risk Management Program.

Scope of the Risk Management Program.

The Risk Management Process.

Evolution of the Risk Management Program.

Selecting an Appropriate Risk Management Program Structure.

Assessing Areas of the Organization That Need Risk Management.

Key Components for Getting Started.

Writing a Risk Management Program Plan.

Achieving Program Acceptance.

TWO: The Health Care Risk Management Professional (Jeannie Sedwick).

The Risk Manager’s Job: Functional Areas of Responsibility.

Health Care Risk Management Across a Spectrum of Settings.

Required Skills for the Successful Health Care Risk Management Professional.

Risk Management Ethics.

A Profile of the Health Care Risk Management Professional.

Education and Professional Recognition Programs.

THREE: Patient Safety and the Risk Management Professional: New Challenges and Opportunities (Denise M. Murphy, Katrina Shannon, and Gina Pugliese).

The Scope of Medical Errors.

Seeking Solutions: What Are the Causes of Medical Errors?

FOUR: Health Care Legal Concepts.

Peter Hoffman.

Legal Issues Common to All Health Care Providers.

Legal Issues Related to Specific Health Care Providers.

FIVE: Governance of the Health Care Organization (John Horty, and Monica Hansolvan).

Essential Responsibilities of the Hospital Board.

Basic Legal Duties of Health Care Trustees.

Lessons from the Panel on the Nonprofit Sector.

Federal Sentencing Guidelines for Organizations.

The Sarbanes-Oxley Act of 2002.

The Volunteer Protection Act of 1997.

Risk Management and the Board.

The Medical Staff, Risk Management, and the Board.

SIX: Early Warning Systems for the Identification of Organizational Risks (Roberta L. Carroll).

Early Identification of Exposure to Loss.

Food and Drug Administration.

Institute for Safe Medication Practices, United States Pharmacopeia, and National Coordinating Council for Medication Error Reporting and Prevention.

Medical Event Reporting System—Transfusion Medicine.

Intensive Care Unit Safety Reporting System.

Pittsburgh Regional Healthcare Initiative.

Other Voluntary Programs.

Standardizing a Patient Safety Taxonomy: The National Quality Forum.

Protecting Sensitive Information.

SEVEN: The Risk Management Professional and Medication Safety (Hedy Cohen, and Nancy Tuohy).

Latent and Active Failures.

Systems Thinking.

Risk Management: A Prioritizing Approach.

EIGHT: Ethics in Patient Care (Sheila Cohen Zimmet).

Ethical Principles and Moral Obligations.


Institutional Review Boards.

Patient Self-Determination Act.

"Do Not Resuscitate": Withholding or Withdrawing Treatment.

NINE: Documentation and the Medical Record (Sandra K. Johnson, Leilani Kicklighter, and Pamela Para).


Record Retention.

Release of Records.

Ownership of Medical Records.

Medical Record Audits.

Documentation and Risk Management.

Emerging Risk Exposures.

The Risk Management Professional’s Role.

TEN: Statutes, Standards, and Regulations (Mark Cohen).

Patient Care.

Medicare Modernization Act.

Medical Staff.

Life Safety Code.

Federal Health Insurance Laws and Regulations.

Tort Reform.

Policy and Procedure Manuals.

Case Law.

ELEVEN: Basic Claims Administration (Ellen L. Barton).

The Claims Environment.

The Claims Process.

The Risk Management Professional’s Responsibilities.

Regulatory Reporting of Claims.

TWELVE: Introduction to Risk Financing (Dominic A. Colaizzo).

Risk Financing in the Context of the Risk Management Process.

Risk Retention.

THIRTEEN: Insurance: Basic Principles and Coverages (Kimberly Willis, and Judy Hart).

Definition of Insurance.

Specific Types of Insurance for the Health Care Industry.

FOURTEEN: Information Technologies and Risk Management (Ronni P. Solomon, and Madelyn S. Quattrone).

Risk Management Information Needs.

Risk Management Information Systems.

Using Information Systems to Generate Reports.

Integrating Risk Management, Quality Assurance, and Patient Safety.

Electronic Mail.

Internet- and Web-Based Technology.

Personal Health Record.

Electronic Health Records and Systems.

Clinical Information Systems and "Smart" Technologies.

Infrastructure Technology.

Point-of-Care Technology.


Appendix 14.1: IT Glossary for Risk Managers.

FIFTEEN: Risk Management Metrics (Judith Napier, and Trista Johnson).

Benchmarking Defined.


Measuring Change.

Developing New Metrics.


Key Terms.



Suggested Reading.

SIXTEEN: Accreditation, Licensure, Certification, and Surveying Bodies (Frederick Robinson).

The Consumer Era of Health Care.

What the Health Care Risk Management Professional Needs to Know.

Mandatory Surveying Bodies.

Voluntary Surveying Bodies.


Appendix 16.1 Accreditation Organizations and Government Agencies.

SEVENTEEN: Emergency Management (Michael L. Rawson, and Harlan Y. Hammond).

The Steps of Emergency Management.


Planning and Preparation.

Implementation and Response.


EIGHTEEN: Occupational Safety, Health, and Environmental Impairment: A Brief Overview (John C. West).

Administrative Procedure Act.

Administrative Enforcement.

Specific Occupational Safety and Health Issues.

Appendix: A Guide to Medical Terminology.



Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)