When the immediate demands of a crisis situation have been dealt with there is still much for a risk manager to do. HRMR asked two experts how to make the best of a bad situation.
In the wake of a crisis, once the dust has settled, there is a vital step that no risk manager can afford to ignore: the need to look back over the event and learn the necessary lessons. For Patricia Hughes, vice president, healthcare for OneBeacon Professional Insurance, the value of looking back cannot be overestimated, even when the need to learn wider lessons from an incident is not immediately apparent.
“I always point out to people that when you do a ‘lookback’ what you may very well discover is that while it affected only one individual, the systems, processes, human factors and the whole cascade of events that allowed it to happen for that one individual could very well be putting many others at risk,” she says.
“It makes sense to use the process to look back at these kinds of events and look for the gap that allowed it to happen. This is where an enterprise risk management or enterprise wide approach is valuable, rather than looking at it from the perspective of its having affected just one patient, and not broadening it out.”
Tracy Knippenburg Gillis, who leads Marsh Risk Consulting’s Reputational Risk & Crisis Management practice, agrees that a post-incident review process is vital. It should include communicating with the groups that were engaged during the response and gathering from them their assessment of what went well, what didn’t go so well, and what was done or adapted that would be useful to explore further or capture for future use. She says it is vital to gather all their perspectives together to achieve a consolidated view.
“Often you’ll find one group’s perspective of what happened is not informed by what other teams were doing, or there’s a lack of information that can be identified through a post-incident review,” she says.
“People want to end the review and go back to normal life, so it’s sometimes challenging to get everybody to focus on it. You want to capture everything immediately after the event so that it’s fresh in people’s minds.”
She adds that one of the essential things to consider throughout all aspects of crisis management, from the planning and preparedness side to the actual response, and finally the post-incident review, is documentation.
“There needs to be a clear decision over how the response will be documented by individuals and teams and how information will be shared, verbally, in writing or electronically,” she says. “Those are important information sources in the post-incident review—and it’s also important to note that it might also be part of litigation review and claims.”
Hughes agrees that one of the biggest challenges when dealing with the aftermath of a crisis is inaccurate information being communicated. She says that when talking about what happened it is vital to get yourfacts right—especially when communicating with those affected by the incident.
“The very first thing we need to do is get a handle on what are we talking about,” she says. “I’m a believer that if you don’t get the accurate information early on and communicate it then human beings will fill in the blanks and make their own story about an event. And that’s not what we want.”
In addition to providing accurate and timely information to those affected, she says it is important to assist any regulatory or accreditation agencies who may come calling, perhaps after having read about the event in the media. It is also wise to make time to attend to the needs of the staff who may have been involved in the error.
“The staff can be a forgotten group of individuals who feel very upset about how something like this could have happened,” she says. “When an error is made it can be devastating to individuals on the staff and I think we’re getting better in healthcare at thinking about that. There was a case in the UK where a nurse committed suicide after an error. We really need to make sure that staff members who were involved are all right and that they are able to keep on providing care.”
A significant benefit of looking back over a crisis is the chance to create plans that will prevent a similar situation from occurring in the future. Hughes’ number one tip for dealing with future crises is to have a clear policy, procedure and plan that you put in place ready to be mobilised should a crisis occur.
“I developed a crisis management plan in my organization and it went down to a level of having a ‘call tree’ in place with designated individuals, because in my experience these things don’t always happen at noon on Wednesday—in fact, Murphy’s law will apply and they’re more likely to happen at 2am on Saturday morning. You need to be able very quickly to mobilise individuals, leadership, resources and set up your command post and start working on it.
“You’ve got to be immediate and accountable so you need a crisis management or strategic management plan that clearly identifies who is doing what and makes full use of your internal and external resources and communications. It’s not the kind of thing you want to be figuring out as you’re also trying to deal with a natural disaster or a devastating event.”
Knippenburg Gillis agrees. She says that organizations that are well prepared and practice often do better at the response and in many cases are able to manage the situation so that it does not became a crisis in the first place. For these organizations, a post-incident review often serves to provide confirmation that they had the right processes in place and responded in the best possible way.
“Those who are better at this will find more reaffirmations of their process in the post-incident review. Those who didn’t have a lot of planning and preparedness in place were trying to figure it out on the fly during the crisis, and they are going to find out a whole lot more at the end,” she says.
“If at the beginning an organization’s got a lot of preparedness in place, what they learn at the end are enhancements. For those that have less in place, there’s a whole lot more they’re going to be discovering. Typically what they conclude is that they need to do a lot more upfront so that it doesn’t happen like that again.”
Knippenburg Gillis’ key piece of advice is not to be overwhelmed by the number of risks that could lead to a crisis. The best practice is to have is a singular approach to managing crisis, regardless of the cause, with clearly delineated roles.
She says that whatever the event, from a tornado to a cyber-attack or an accusation of misconduct or fraud, the management team needs to react in a common and similar fashion in terms of how they go about addressing the situation and understanding the potential impact and consequences and ultimately managing through it.
“It’s not business as usual nor easy, or everyone would be doing it well,” she says.
“It’s different from how you would normally run your business, so it requires unique skills and expertise and unique processes to manage your way through these situations. It requires you to have a common approach to a crisis, regardless of the cause.”
Lookback, crisis management, Patricia Hughes, OneBeacon Professional Insurance, Tracy Knippenburg Gillis, Marsh Risk Consulting