One of the most rewarding engagements we have with our senior living clients is assisting them with evaluation and assessment of their organizational risk management and setting annual goals for implementing quality and process improvement, regulatory compliance and culture change. Organizational assessments of vulnerability risks and strengths promotes transformation toward proactive risk management. Anyone who knows me has heard me say “Risk management is everyone’s responsibility!” This article will provide an overview of “Enterprise Risk Management” with recommendations.
Also, new this year, Adelman Law firm will be hosting a complimentary monthly webinar series focused all things risk and litigation mitigation, best practices for records production, arbitration and plenty of other topics. Please save the dates for The Senior Living Empower Hour all beginning at 1:00pm CST:
January 31
Litigation Risk Management is Everyone’s Responsibility - Enterprise Risk Management in Senior Living
February 28
Arbitration Agreements Under the New Guidance
March 21
Resident and Family Expectations Management
April 25
Medical Records/Document Management - To Produce or not To Produce?
May 30
Preservation of Evidence - Know When to Hold ‘Em
June 20
The 2023 HIPAA Privacy Act
July 25, August 29, September 19, October 31, November 21, December 19
Topics TBD
Please email Sara Cantú, scantu@adelmanfirm.com for more information about registration!
Back to the regularly scheduled program!
Proactivity and Transformative Risk Strategies in Healthcare. The evolution of healthcare is driving a reassessment of how healthcare providers view and manage risk while providing quality care and a safe working environment. Direct care professional shortages, increased regulatory scrutiny and the changing needs patients and families especially in senior living, create new and different risks and opportunities for enterprise risk management and transformational, sustained changes.
What can healthcare providers do proactively to meet the challenges ahead?
Organizations can focus on Health Care Enterprise Risk Management (ERM) and embracing the concept that a long-term view of risk provides a complete perspective of all interrelated risks to the organization, rather than attempting to manage risk in silos. Ownership of risk must be shared across the enterprise. ERM allows for greater organizational capacity to manage uncertainty. Also, it is important to appreciate that underwriters look favorable on organizations that have a risk management professional to guide internal preventative and risk mitigation strategies.
What is ERM?
ERM, is a top-down and bottom-up, holistic portfolio view of the most significant risks to achieving a health care organization’s strategic objectives. An enterprise-wide view would consider human capital risks stemming from inadequate training about privacy that, if not identified and treated properly, could lead to privacy breaches impacting legal and regulatory compliance. Inadequate training on the EHR could lead to delays in providing patient care and incomplete documentation of care. This may impact strategic risk related to inaccurate data capture, impacting reporting of key quality metrics and ultimately reimbursement for care related to the success of those metrics. When the holistic view is used to identify risk and treat it proactively, value can result in part through efficiency in patient care from a more satisfied work force, improved cybersecurity that minimizes risk of data breach, and accurate data collection and reporting of quality metrics.
Operational
The business of healthcare is the delivery of care that is safe, timely, effective, efficient, and patient-centered within diverse populaitons. Operational risks relate to those risks resulting from inadequate or failed internal processes, or systems that affect business operations. Examples include risks related to: adverse event management, credentialing and staffing, documentation, chain of command, lack of internal controls, supply chain and identification of existing opportunities within management oversight.
Clinical/Patient Safety
Risks associated with the delivery of care to patients, residents and other healthcare customers. Clinical risks include: failure to follow evidence based practice, medication errors, hospital acquired conditions (HAC), serious safety events (SSE), healthcare equity, opportunities to improve safety within the care environments, and others.
Strategic
Risks associated with the focus and direction of the organization. Because the rapid pace of change can create unpredictability, risks included within the strategic domain are associated with brand, reputation, competition or failure to adapt to changing times (such as health reform to shifting customer priorities). Managed care relationships/partnerships, conflict of interest, marketing and sales, media relations, mergers, acquisitions, divestitures, joint ventures, affiliations and other business arrangements, contract administration, and advertising are other areas generally considered as potential strategic risks.
Financial
Decisions that affect the financial sustainability to the organization, access to capital or external financial ratings through business relationships or the timing and recognition of revenue and expenses make up this domain. Risks might include: capital structure, credit and interest rate fluctuations, foreign exchange, growth in programs and facilities, capital equipment, regulatory fines and penalties, budgetary performance, accounts receivable, days of cash on hand, capitation contracts, reimbursement rates, managed care contracts, revenue cycle/billing and collection.
Human Capital
This domain refers to the organization’s workforce. Included are risks associated with employee selection, retention, turnover, staffing, absenteeism, on-the-job work-related injuries (workers’ compensation), work schedules and fatigue, productivity, compensation, succession planning and labor unionization activity. Human capital associated risks may cover recruitment, diversity, retention, and termination of members of the medical and allied health staff.
Legal/Regulatory
Risk within this domain incorporates the failure to identify, manage and monitor legal, regulatory, and statutory mandates on a local, state and federal level. Such risks are generally associated with fraud and abuse, licensure, accreditation, product liability, management liability, Centers for Medicare and Medicaid Services (CMS) Conditions of Participation (CoPs) and Conditions for Coverage (CfC), as well as issues related to intellectual property.
Technology
This domain covers machines, hardware, equipment, devices, wearable technologies and tools, but can also include techniques, systems and methods of organization. Health care has seen an escalation in the use of technology for clinical diagnosis and treatment, training and education, information storage and retrieval, and asset preservation. Examples also include Electronic Health Records (EHR) and Meaningful Use, financial and billing systems, social media and cyber security; cyber risks can be significant.
Hazard
This ERM domain covers assets and their value. Traditionally, insurable hazard risk has related to natural exposure and business interruption. Specific risks can also include risk related to: logistics/ supply chain, facility management, plant age, parking (lighting, location, and security), valuables, construction/renovation, earthquakes, windstorms, tornadoes, floods, fires and pandemics.
ERM Guiding Principles
The following guiding principles have been developed as basic building blocks supporting the framework for ERM in healthcare:
Advance safe and trusted health care
Empower health care risk managers to mitigate risk and maximize value
Promote ethical and transparent decision making
Improve patient safety through execution of ERM principles
Improve strategic decision making
ERM Practices
Are continuous
Require a paradigm shift in how an organization identifies and manages risks and opportunities
Are “not a stop on the road, but a journey”
How is ERM Implemented?
It is not uncommon for senior living health care providers to be overwhelmed by the idea of transitioning from a traditional insurance-led, asset-protection risk management program to a fully matured ERM model and process. Our firm has developed tools and resources to determine the organization’s readiness for ERM. A gap analysis can be used to determine the breadth of the current state and actions required to achieve the desired state for your risk management program.
The Four Major ERM Implementation Steps which form the basis of our firm’s collaboration with clients are:
Planning
Know the organization’s mission, vision, objectives, and current strategic plan
Understand current practice regarding risk identification, analysis and reporting
Summarize the effectiveness and sustainability of previous root cause analyses and action plans. Learn how the organization identifies opportunities to create value
Identify organizational objectives for establishing ERM. (Why now? Is there a sentinel, triggering event such as a rating agency’s questions during a visit?)
Evaluate organizational readiness for ERM specifically as it relates to culture
Describe resources necessary for ERM implementation and identify whether those resources are external or internal to the organization and are available.
Development
Draft clearly articulated goals and objectives. Include key risk indicators or other metrics where appropriate
Develop and deliver ERM education to board, senior leadership and medical staff leaders
Engage/deploy necessary resources
Develop risk appetite and tolerance statements for significant risks
Develop a framework for EMR decision making including organizational guiding principles
Develop committee structure (ERM steering committee and ERM work group) identify membership as appropriate and draft committee charters
Draft the ERM plan and timeline
Identify success metrics to mirror articulated goals and objectives
Integration
Integrate ERM practices into the strategic planning process, business practices and business unit
Support and implement the steps to effectively and efficiently identify, assess, and respond to organizational exposure to loss including the techniques for: avoidance, retention, transfer, mitigation and value creation
Adopt risk champions for specific projects and as program supporters from among the board, senior leadership and medical staff leadership
Integrate the process throughout the organization by educating all employees on their role and responsibility related to ERM
Develop a communication plan to facilitate organization-wide integration
Monitoring/Evaluation - Proactively build criteria into each implemented risk strategy to identify how success will be measured, what metrics will be used, how often to report, in what format and to whom to report, and the identification of the assigned responsible party/ies.
Prepare an annual ERM report for the board that includes:]
Identified risks
Risk prioritization
Status of risk strategies implemented
Value creation opportunities
Goals for the next period
Challenges encountered
Recommended new projects and strategies
Periodic (monthly, quarterly, yearly) reviews of KPIs and KRIs also should be conducted to evaluate all risks identified and the effectiveness of chosen risk strategies.
Adelman Advantage Recommendations: As healthcare professional liability defense attorneys and risk managers, our firm has engaged with a variety of healthcare risk and litigation management models. ERM encompasses the widest array of strategies to provide a proactive strategy for organizational risk mitigation that improves quality of care, resident safety, and controls financial and risk outcomes. We welcome connecting with you on how your senior living community is managing risk, litigation, and how ERM can be implemented with your teams.
Join us for The Senior Living Empower Hour and set your ERM goals for 2023!
