Risk registers in healthcare organizations are far more than just data collection and reporting tools. An enterprise-wide approach to risk and incident management can make a difference to patient safety and save lives, writes Dr Dan Cohen, international medical director of Datix.
Enterprise risk management (ERM) supports continuous improvement and risk aversion and identifies mitigation efforts. It will also help to meet the growing demand for transparency across the organization. However, these benefits are difficult to achieve with traditional paper-based or spreadsheet risk solutions which then need to be manually formatted for presentation to management. The implementation of an integrated risk and incident system is the only way cost-effectively to provide a ‘true picture’ and to enable the active management of risk and patient safety.
SETTING THE RIGHT RISK-AWARE CULTURE
Whatever system is in place, without the right risk culture the process and performance of risk management will run into difficulties. With increasing numbers of regulations it is important for boards to take a leading role in defining and overseeing an organization’s risk culture.
Setting, communicating and embedding the right risk management culture has a significant impact on how employees perceive ‘the way we do things round here’. A risk-aware culture will influence how staff action all aspects of the risk management process, including the open communication of risk information, which ultimately leads to informed decision-making and patient safety.
HEALTHCARE—A RISKY BUSINESS
The healthcare industry is defined by continuous change. However, continuous change does not necessarily mean continuous improvement. Emerging technologies provide great promise for advancing diagnostic and therapeutic options although there is a liability that the increasing number and complexity of healthcare options raises the risk of active or latent system failures possibly harming patients.
Every day thousands of patients are harmed and hundreds die in modern well-equipped hospitals staffed by highly trained individuals who have devoted themselves to careers as helpers. Benevolent intentions do not necessarily translate to risk management and safety, and the reasons for this are both known and unknown. No matter how you choose to cut the pie, the healthcare industry is risky; it’s dangerous for patients and also for staff working in the industry. The challenge that remains is to understand how so many things can go wrong when the intention is to achieve quality outcomes. This can be achieved only by using effective risk management systems, particularly in conjunction with incident reporting, complaints handling and claims management.
PROACTIVE AND REACTIVE RISK IDENTIFICATION
Risk management solutions in healthcare should allow for the identification of risks proactively and reactively. Proactive identification might include risks highlighted by way of:
• Analysis of historical clinical or patient safety data;
• Financial statements;
• Accreditation survey results;
• Malpractice incidents and claims;
• Standards and compliance issues; and
• Patient complaints.
Other risks can be identified reactively as a result of:
• Unexpected or unplanned for changes in accreditation requirements;
• Regulatory reporting requirements;
• Healthcare reimbursement charges; and
• Patient safety incidents, both near-misses and incidents that result in harm.
Once risks are identified and prioritized by management they are usually then added to a risk register. With a system such as Datix Risk Register, which can be integrated into other modules including Datix Incidents and Datix Complaints, risks that relate specifically to patient safety incidents, patient complaints or malpractice claims can be seamlessly fed into the risk process for tracking and mitigation. For example, if patient falls are considered a major risk for a healthcare organization, then data related to patient safety incidents classified as falls in the incident reporting, complaints and/or claims modules can be integrated to automatically populate the risk register.
NOT ALL RISKS ARE CREATED EQUAL
Not all healthcare risks can be identified via patient safety incident reporting, complaints handling or claims management. For example, staffing shortages in intensive care units might be an organizational risk identified by human resources or the nursing management office. While there may not be any incidents or complaints directly related to a shortage of staff the implications for the future are clear for all to see. In this instance, the relevant data regarding staff levels, by day, shift, weekend, week or month can be entered into the risk management system by direct managerial or staff input or by integration with other human resources and workforce management solutions that track this data.
MITIGATE AND MODULATE
Once risks are identified the goal for every healthcare organization is to develop strategies to mitigate and modulate those risks in time. An ERM process enables the evolution of processes, continuous improvement and monitoring. Outcomes can be reassessed and processes can be adjusted over time. Some mitigation actions may need to be strengthened and others moderated. Without a single data depository and a semi-automated solution this valuable information can become time-consuming to collect, quickly out of date and even neglected entirely.
With a consolidated risk management tool tasks such as analysis and reporting can be easily assigned to staff, with automatically sent email reminders giving timelines, due dates and requests for specific reporting/analysis.
Let’s revisit those manual and spreadsheet-based risk management systems (see table, left). While some healthcare organizations continue to rely on them for the management of risk the potential difficulties are plain to see.
It is often argued that healthcare should adopt the principles and methodologies of high reliability organizations (HROs) such as those in aviation and nuclear power industries. However the healthcare industry possesses a variety of complex and unique characteristics, mainly centered around human factors affecting staff and complexities of illnesses and lifestyle issues of patients. One thing is clear: an ERM tool to support continuous improvement will go a long way towards achieving better, safer patient outcomes.
Dan Cohen, risk, data collection, Datix