A powerful approach to healthcare governance


A powerful approach to healthcare governance

Enterprise risk management is increasingly being adopted as a way of doing business in healthcare. Fay Rozovsky, president of the Rozovsky Group, outlines how to transform the concept into a powerful, practical approach to healthcare organization governance and management.

The healthcare industry seems to be in a constant vortex of change. The phenomenon is nothing new. A look at the history of quality assurance in American healthcare exemplifies this point. Over the course of more than three decades, quality assurance has evolved into Total Quality Management (TQM), Continuous Quality Improvement (CQI), Performance Improvement (PI), and even Quality Assurance, Performance Improvement (QAPI).

With each evolution in quality has come considerable start-up expense in terms of new orientation and in-service programming, new tools, and indirect costs involving staff training time. Along with a shift to value-based reimbursement, quality continues to respond to the winds of change.

Enter the business-based concept of enterprise risk management (ERM). Known to those who work in other industries, ERM is a way of doing business. In essence, it is ‘baked into’ the fabric of the organization. This is as true for the aviation and rail industries as it is for the healthcare field.

The persistent change in quality may in part have contributed to the slow pace of adoption of ERM in the healthcare field. Along with a misunderstanding of what ERM is, the time is ripe for ‘de-coding’ ERM and transforming the concept into a powerful, practical approach to healthcare organization governance and management.

What is ERM?

An internet search will review a number of definitions of ERM. At the core of these definitions is a process that shares a number of common attributes:

  • ERM is a data-driven approach to business decision-making.
  • ERM enjoys the approval of the governing body and organization’s management.
  • The data is drawn from both internal and external information, thereby facilitating well informed strategic planning. 
  • The process is geared toward reducing uncertainty and limited variability.
  • By eliminating waste and variability, the organization can maximize savings for growing the business, or in the case of healthcare, new equipment, new services, and enhancement of patient safety initiatives.

ERM uses a series of tools and processes that are not too far afield from those used in quality. Failure mode and effect analysis (FMEA), root cause analysis (RCA), strength-weakness-opportunity-threat (SWOT) analysis, and gap analysis are used in ERM. Heat maps, dashboards, and more are also used in ERM.

Although there is a lot that is familiar, there are differences, too. ERM uses certain tools to identify risks. These tools include risk registries and risk inventories. The data may be generated by use of self-assessment tools, interviews, and brain-storming sessions as well as information gleaned from existing information sources. Incident reports, patient complaints, grievances, compensatory events, and return rates to a hospital emergency department within an established timeframe after discharge are illustrative of such information resources.

“ERM incorporates clinical risk management and patient safety into a much larger context emphasizing a business-analytic methodology for the benefit of the entire organization and the community it serves.”

ERM captures information into what are termed ‘risk domains’. The idea is not to create siloes. Rather, it is to help package information in a format that is amenable to risk analysis, evaluation, and framing an achievable action plan. A risk may appear in a domain focused on hazards, and, at the same time, pop up in a domain that addresses legal/regulatory issues. Recognizing the overlap permits design of appropriate risk treatment.

ERM requires leadership to approve an action plan, providing as well the necessary resources to implement it. Project planning, milestone actions, and results are shared with leadership. Opportunities to adjust the plan come from post-implementation monitoring feedback as well as data input on changes occurring internally and externally.

An ERM effort can be targeted in one unit, one department, a service line, one facility, or an integrated healthcare organization. In other words, ERM is a scalable process. However broad the scope of the initiative, at the conclusion is the presentation of important metrics. Were the desired deliverables achieved? At what cost? Was there a return on investment of the resources allocated? If so, how much? One can also anticipate governing body and leadership team asking important questions, such as based on the data, what lessons were learned that can inform future ERM initiatives in terms of anticipated costs, projected savings, and outcomes?

ERM is not narrowly drawn. It is far more robust, broader and comprehensive than clinical risk management. Indeed, ERM incorporates clinical risk management and patient safety into a much larger context emphasizing a business-analytic methodology for the benefit of the entire organization and the community it serves.

Getting to ERM

In the harried world of contemporary healthcare, adding another layer to operations would not be welcome. Asking the governing body or senior management team to adopt a new way of ‘doing business’ could be met with resistance. At the middle management level, there can be a similar reaction. Staff may be dubious, thinking ERM will mean more work or staff cutbacks.

Demystifying ERM can help avoid resistance and misunderstanding. The question is how should one proceed? Several strategies are available to help facilitate getting a successful ERM program while ‘de-coding’ the concept. These strategies include the following ideas:

  1. Use an agreed-upon ERM nomenclature and tool set: recognize that various members of the management team may use tools and processes recommended by their respective trade or professional associations. Establish a convention for terms, definitions, and tools that is easy to understand and to apply.
  2. Set an agreed-upon context for ERM: do not impose an elaborate system. Rather, ask the end users—the governing body and the leadership team—how they want information presented to them, whether it is written format; a summary with bulleted data, or an array of data presented in pictorial format.
  3. Get everyone on the same level playing field: offer orientation and training for the governing body, leadership team, middle management and staff.
  4. Step away from the theoretical: utilize practical, easy to understand case examples of ERM in the healthcare field. Recognize that case studies can help translate concepts into a context that is can be applied quickly in the organization.
  5. Get input from the end users: recognize that staff, middle management, and senior leadership possess years of experience with all types of programming in quality and risk. Leverage this experience to garner their input into the development and implementation of the ERM program.
  6. Keep the lines of communication open: maintain a two-way channel of communication through the ERM development and adoption phase.
  7. Start with a manageable project: think about using a non-clinical issue that impacts the entire organization as an illustrative project. Consider such issues as organizational heating, lighting, cooling, and contingency planning for natural and man-made disasters. For this purpose, track the metrics on money spent in the ramp-up in the ERM project and the return on investment (ROI) at the other end of the project.
  8. Implement an ERM chain of command: identify knowledgeable individuals who can field questions about ERM and how to handle challenging issues that are identified in the ramp-up or application of ERM.


Healthcare ERM need not be fitted out with elaborate definitions, tools, and processes. Instead, the ERM context can be, as discussed previously, a data-driven business approach to decision-making geared to reducing process variation and uncertainty in a field that is constantly facing an array of worrisome changes. Merger and acquisition of healthcare organizations, buying medical practices, addressing ‘reforms’ to the Affordable Care Act with the new administration taking office on January 20, 2017 and more are amenable to an ERM process that can establish a useful structure for governance and management.

Realizing success with ERM offers the prospect of safeguarding the assets of the organization, meeting charitable work in the community, enhancing patient safety and job satisfaction for employees. Using agreed-upon metrics to measure ERM initiatives is an important step as well. The ability to demonstrate the ROI of an ERM project or strategy will go a long way to de-coding ERM and demonstrating the value of following such a business concept in the healthcare context.

Fay A. Rozovsky, JD, MPH, DFASHRM is healthcare risk management author, consultant and educator on a host of topics including ERM. She can be reached at fay@therozovskygroup.com. For further information, visit www.therozovskygroup.com

Rozovsky Group, US, Fay Rozovsky, Healthcare, Risk management,