Risk Management Handbook for Health Care Organizationsby American Society for Healthcare Risk Management (ASHRM)
This comprehensive textbook provides a complete introduction to risk management in health care. Risk Management Handbook, Student Edition, covers general risk management techniques; standards of health care risk management administration; federal, state and local laws; and methods for integrating patient safety and enterprise risk management into a comprehensive
- LendMe LendMe™ Learn More
This comprehensive textbook provides a complete introduction to risk management in health care. Risk Management Handbook, Student Edition, covers general risk management techniques; standards of health care risk management administration; federal, state and local laws; and methods for integrating patient safety and enterprise risk management into a comprehensive risk management program. The Student Edition is applicable to all health care settings including acute care hospital to hospice, and long term care. Written for students and those new to the topic, each chapter highlights key points and learning objectives, lists key terms, and offers questions for discussion. An instructor's supplement with cases and other material is also available.
Read an Excerpt
Risk Management Handbook for Health Care Organizations
John Wiley & SonsISBN: 0-7879-6797-1
Chapter OneEnterprise Risk Management: Laying a Broader Framework for Health Care Risk Management
Ward R. H. Ching
Enterprise Risk Management (ERM) represents a fundamentally new way for health care organizations to conceptualize and manage risks. ERM has emerged over the past five years as a powerful financial, operational, and strategic management framework that focuses on identifying, managing, and exploiting the various risks of the corporation. At the heart of the ERM framework is the recognition that "risk is capital," and that the more traditional definitions of risk are inefficient, conceptually constricting, and are where mitigation techniques can lead to suboptimal resource allocation or the misapplication of financial or operational solutions. Equally fundamental to the ERM framework is the notion that a corporation's risks do not exist in isolation, but can be better understood in terms of their relative importance or contribution to a risk portfolio.
These important distinctions require further examination. It is important to understand that ERM is a framework or a way of thinking about risk. The assertion that risk is capital strongly suggests that risks not only have classic downside potential, but also may exhibit upside or "profitable" characteristics. Therefore, if an organization can identify and manage its risks more effectively than its competition, then the organization may be able to"exploit" its risk management approach and realize a sustainable competitive advantage.
Increasingly, financial and operational managers have discovered that health care corporations, at least in North America, organize themselves functionally into silos that, to a significant degree, operate independently. Within the silos, management may have different perceptions of risk and treat risk differently. For example, hazard risks are usually handled by the corporate risk manager; technology risks, such as Internet security, are handled by the IT department; capital acquisition and market risks (those that have a potential negative impact on earnings arising from changes in market conditions or competition) are handled by the chief financial officer; and human resources-related risks, ranging from absenteeism to corporate benefits, health care, and retirement program management, are typically handled by the human resources department. Also, reputational, brand value-related risks, and corporate governance risks are being managed by finance and audit committees at the board of directors level. In most, if not all, of these cases, the definitions of risk, how risk is measured, and the inventory of possible mitigation solutions is varied and potentially counterproductive. For health care organizations, the ability to understand and deal with risk is extremely important. The health care market environment now requires significant financial dexterity and heightened executional nimbleness when executing strategy. Those organizations that are unable to understand and manage risks within this more chaotic and fluid environment will suffer the ultimate penalty of lost market share, increased operating costs, and eventually, loss of the franchise. A number of recent events have encouraged health care risk managers to broaden their risk management perspectives and seek organizational alliances outside their core competency or specialty. These include the Y2K event, the Health Insurance Portability and Accountability Act, and the new Patient Safety Initiatives report delivered in 1999. All of these events require that risk be reassessed and redefined on a broader basis, and there is a need to capture the strengths of various disciplines to create a more comprehensive view of the organization.
Set against this backdrop, the focus of this chapter is to set the stage for the rest of the handbook by exploring the historical antecedents of ERM, illustrating how ERM is currently being deployed, and suggesting ways in which a health care organization can use ERM to better understand, manage, and exploit risk.
THE ORIGINS OF ERM
The place to begin looking for the conceptual origins of ERM lies first in understanding the conventional definitions of risk. Risk has been traditionally defined as either "speculative or pure" or "fortuitous" risks. A speculative or pure risk consists of an event(s) or action(s) for which an observable probability of financial gain or loss can be established. Investment in the stock market, particularly in 2002, represents a good example this type of risk because capital invested in the market carries a calculable probability of financial reward or loss. These rewards or losses can be observed continuously, and the probability of gain or loss can be calculated with a degree of specificity. A fortuitous risk is also an event(s) or action(s), but substantively different from speculative or pure risks, because it only generates economic loss. Fortuitous risks are generally defined as insurance risks (property, casualty, workers' compensation, hospital general liability, and medical professional). The financial performance of these risks can be quantified. More important, from a risk management perspective, a market exists that utilizes loss probabilities to calculate a risk premium, with which the risk is transferred to a third party, usually in the form of an insurance contract.
Within the context of ERM, risks can behave either speculatively or fortuitously. The notion that risk is capital underscores this point. The segregation of risks into speculative and fortuitous categories serves to make it easier for "markets" to organize around them. Corporations or governmental bodies approach the stock and bond markets around the expected behavior of investors as they evaluate the new issuance of equity stocks and bonds. The market was set up to understand and manage risk from a price perspective. So too, we observe the historical development of the insurance market as an efficient way to organize capital for the expressed purpose of understanding and transferring risk in the form of insurance policies. The economic assumption at the base of the formation of the insurance market is that large numbers of insureds will pay defined premiums in exchange for a binding legal contract that will pay the insured in the event of a specified loss. The mathematical law of large numbers allows for the aggregation of risk and spreads the risk among a number of insurers who bear the liability in exchange for the premiums.
A fundamental economic problem presents itself when elements of a speculative risk and a fortuitous risk collide in the form of new risk categories. Operational risks, generally defined as those risks that directly affect cash flow or operational efficiency, can take on characteristics of both speculative and fortuitous risk. In these cases, managers have been traditionally forced to chose between treating the risk as one or the other.
Within the ERM framework, the definition of a risk tends to ignore the mutually exclusive speculative or pure versus fortuitous classification scheme. In an ERM context, a risk exists if it can be defined as an observable event(s) or action(s) that can have a material effect on the financial or operational performance of the organization. To be considered, a risk must first be:
Measurable, utilizing a standard unit of account (revenues, percentage of return on investment [ROI] or earnings before interest and taxes [EBIT], number of beds, patient visits, and so on)
Observable over a period of time
A second major ERM tenant is that risks do not exist or behave in "isolation" but can be identified, grouped, and catalogued in risk domains. A risk domain represents a naming convention or taxonomy that allows the analyst to group risks together in much the same way biologists group species or animals or plants. The assumption within ERM is that risk domains are flexible and convenient ways to observe seemingly independent risks, yet their actual behavior may evidence material movement or organize into families or clusters that can travel across or between domains. Another way to understand domains is to view them as semipermeable membranes within and across which ERM risks or groups of risks can travel. The notion that they only exhibit downside potential (fortuitous) or can display upside and downside behavior (speculative or pure) is rendered immaterial.
The risk domains that are treated throughout the text of this book include:
Operational Risk: Risks derived from an organization's core business practices, which rely on systems, practices, and people. Within this risk domain are risks associated with a diverse number of clinical areas as well as alternative delivery sites.
Financial Risks: Risks associated with an organization's ability to raise capital, maintain access to capital, contracting issues, cost of risk, and evaluating vendor support. This domain includes risks eligible for risk financing treatments such as insurance and self-insurance.
Human Capital: Risks associated with the acquisition, management, and maintenance of a human workforce. These risks would include workers' compensation, unionization, turnover, absenteeism, strikes, workplace violence, harassment, and discrimination. Environmental issues related to safety and security, occupational, and environmental hazards are also included within this domain.
Strategic: Risks that impact the growth of an organization and include mergers, acquisitions and divestitures, advertising liability, joint ventures, and other collaborations. This domain also includes a broad spectrum of reputational risks that center on performance expectations related to customer and community relations.
Legal and Regulatory: Risks associated with the varied and complicated area of mandated health care-related rules, regulations, statues, standards, and regulations. This domain also includes risks associated with licensure, accreditation, and HIPPA.
Technology: Risks associated with new technologies, inventory control, biomedical, telemedicine, e-health, e-commerce, risk management information systems, and equipment obsolescence.
Exhibit 1.1 illustrates the relationship between the various domains.
As shown in this exhibit, the ERM framework deliberately changes the way in which risks and risk domains are characterized and viewed. Within the ERM framework, risks and risk domains are viewed as a larger space, eliminating the artificial barriers that have traditionally been used to identify and contain risks.
Exhibit 1.2 provides a specific definition of ERM.
Simply stated, ERM is a structured analytical process that focuses on identifying and estimating the financial impact and volatility of a defined portfolio of risks. As such, it represents a way of recognizing and discussing risks in a very specific and robustly analytical way. ERM seeks to provide a common metric and discussion platform for senior management decision making. For the health care industry, it represents an operational and cultural framework upon which to recalibrate corporate strategy and deliver improved financial and operational results.
As Exhibit 1.2 shows, ERM focuses on health care issues utilizing three key lenses. The first is referred to as "frameworks," the way an organization defines risk, selects a meaningful core metric, and utilizes the information it gathers about risks to evaluate strategic issues. The second lens is called "tools," which are used to explore the risk framework through financial planning analysis, actuarial forecasting, dynamic financial analysis, economic value-added analysis, critical pathing, and market assessment. The third ERM lens focuses on identifying and implementing solutions to ERM-related problems.
Exhibit 1.3 illustrates the evolution between the more traditional definitions of risk management and ERM. The term evolution is used instead of replacement because with any paradigm shift, the strengths of the older perspective must be accommodated and improved in the new framework. The older risk paradigm conveyed a static definition of risk, where the probability of loss was the only expected financial outcome. The key to risk management was to mitigate the probability of losses through aggressive loss control, safety, clinical risk management, training, and, where losses could not be controlled, transferred through the use of insurance. A core assumption was that an organization's future performance was a function of its historical performance, and this relationship was assumed to be linear. If one understood the loss exposures and the growth of the organization, one could use linear methods to calculate future expected losses by specific risk.
Consistent with this traditional definition, the older risk management paradigm assumed that risks were best handled within their functional silos. The approach further contends that successful risk mitigation within the silos were additive and provided the organization with a positive cost of risk. The problem was that the definitions of risk and the metrics used were generally different. There was no common metric tied to financial or operational performance to determine if the risk management approach was producing intended results. Under the older risk paradigm, a leap of faith was required to believe that risks were being identified and measured correctly, and that sufficient risk treatment was being applied to prevent serious or catastrophic cash flow impairment.
Another element of the traditional risk paradigm asserts that partial or full risk transfer into an organized market maximizes shareholder value. The core assumption is that properly mitigated or transferred risks remove volatility off the corporate financials and by doing so protect shareholder value. Recent capital market representations seem to suggest that the markets, particularly the rating agencies (Fitch, Moody's, and Standard & Poors), view cash flow derived from the firm's core businesses as the key economic indicator of financial health. The market (meaning the equity or stock market combined with the rating agencies) is increasingly viewing significant investments in risk transference instruments that are intended to replace existing property, equipment, and processes as potentially redundant and unnecessary risk mitigation investments. The market recognizes and understands that corporations take risks and are in potentially risky businesses. Their success, as measured in terms of long-term, positive, and growing cash flow, is what grows shareholder value. From the market's perspective, managing volatility across all risk domains is considered a superior vantage point.
The new risk paradigm builds upon the traditional model by declaring that risk is capital.
Excerpted from Risk Management Handbook for Health Care Organizations Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Meet the Author
Roberta Carroll, ARM, MBA, CPCU, CPHRM, is senior vice president of Aon Healthcare based in Tampa, Florida.
American Society for Healthcare Risk Management (ASHRM) is a personal membership group of the American Hospital Association with more than 5,000 members representing health care, insurance, law, and other related professions. ASHRM promotes effective and innovative risk management strategies and professional leadership through education, recognition, advocacy, publications, networking, and interactions with leading health care organizations and government agencies. ASHRM initiatives focus on developing and implementing safe and effective patient care practices, preserving financial resources, and maintaining safe working environments.
and post it to your social network
Most Helpful Customer Reviews
See all customer reviews >
Simply Amazing! I plan to continuously reference this book.