Providers looking for a competitive advantage are increasingly deploying new technologies to gain an edge. But new tech brings fresh risk that must be managed. And as digital tools continue to proliferate hospital finance and operations executives are embarking on a tactic of enterprise risk management.
What that means: "Everybody needs to be a risk manager," according to Faye Sheppard, President of the the American Society for Healthcare Risk Management.
Enterprise risk management means looking across the healthcare continuum and empowering all the individuals throughout an organization take an active role in evaluating and assessing risk -- then coming up with plans of action to address them. All departments should look at every risk undertaking, including finance and IT. It's a more holistic and inclusive organizational approach to risk management.
Sheppard is both a registered nurse and an attorney with 35 years in risk management as well as previous roles including in-house counsel for a large tertiary pediatric medical center and director of risk management for a 14-hospital acute healthcare system for 10 years.
Relative to healthcare, Sheppard said the reasons to look across the continuum include hazards, challenges and financial implications that come with, for instance, a patient safety issue and IT implications or human capital risk.
"We haven't really been looking at risk as thoroughly as we could and we are trying to expand that horizon because it really adds a lot more value to the organization if we look at risk across the continuum," Sheppard said.
ASHRM defines enterprise risk using domains: clinical and patient safety, operational risk, strategic risk(marketing, strategic plan), financial risk, human capital risk/individual risk(safety), legal and regulatory risk, technology risk i.e. IT, equipment, AI and finally Hazard risk which includes such things as hurricanes and tornadoes.
To accomplish enterprise risk management, leadership buy-in is an absolute must as well as educating stakeholders including other c-suiters and clinical staff that they all have roles to play.
CFOs, for instance, are concerned about risk that impacts dollars and cents. If a provider were to implement telemedicine services the CFO would be concerned about the costs and other financial risks. From an operational standpoint the finance chief wants to know what was involved as far as risk, what space is needed, legal and regulatory concerns to avoid fines, protecting patient info and the needed architecture and structure for that. From the human capital perspective, would there be additional staff needed and what kind of staff and other concerns.
"If I use the right people and I have the right people at the the table from those domains, I can take the risk from a proactive standpoint and create value if we do it well," Sheppard said. "All the people from those domains are looking at it and putting in their two cents to get a comprehensive view and value proposition."
Adding value, in fact is the bottom line as far as why enterprise risk management is a worthwhile undertaking.
Traditionally, risk managers in the past have been regarded as reactive, and they still need to be. But also taking advantage opportunities to be proactive in assessing risk ahead of tim, and addressing those accordingly, will become increasingly critical.
Businesses in other industries that have done ERM perform better and have better ratings from agencies like Standard and Poor's.
"Risk is not always the downside of things. There's opportunities if I'm willing to take the risk. I can be more competitive in the healthcare environment. I can be more effective," Sheppard said. "So in that way, enterprise risk management can create value."