This document provides an overview of healthcare risk management and the risk management process. It discusses key topics including: - The objectives of risk management which are to prevent risks, control risks, finance risks, and analyze risks retrospectively and prospectively. - The definition of risk management and the important role it plays in protecting healthcare organizations from financial losses. - The five steps of the risk management process: identify risks, examine techniques to manage risks, select techniques, implement techniques, and monitor/improve the program. - Methods for identifying risks such as incident reporting systems and occurrence screening to facilitate early risk identification and risk reduction.

1. Certified Professional in
Healthcare Risk
Management Course
Dr. Mohamed Mosaad Hasan
MD, MPH, CPHQ, CPPS, GBSS

2. ICE Breaking Activity

3. Course objectives
To gain Knowledge and practical skills
related to:
• Risk Prevention
• Risk Control
• Risk Financing
• Retrospective and Prospective
Analysis
• Claims Management
• Bioethics

4. What’s Risk Management?
 Risk: The possibility of loss or injury.
 Management: The act or art of
conducting or supervising something or
the judicious use of means to
accomplish an end.
 Risk in Healthcare: The probability that
something undesirable will happen. It
implies the need for avoidance.
4

5. Risk Management
Definition and importance. “ an
organized effort to identify, assess,
and reduce risk to patients, visitors,
staff and organizational assets.
Goal of RM: is to protect the
organization from financial losses,
which may arise because of the risks
to which it is exposed.

6. Steps in the Risk Management
Process
 The Five Steps
– Identify and analyze loss exposures
 New and existing services
– Examine alternative risk management techniques
 Risk control
 Risk financing
– Select the best risk management technique or
combinations of techniques
– Implement selected techniques
– Monitor, evaluate, and improve the risk management
program

7. Risk Management

8. Medical errors
 Institute of Medicine defines medical error
as the failure to complete a planned action as
intended or the use of a wrong plan to
achieve an aim.
Medical errors are:
1- errors of commission (doing the wrong
thing);
2- errors of omission (not doing the right thing);
or
3- mistakes in execution (doing the right thing,
but doing it incorrectly).

9. Adverse event
 Adverse event can be described as
an injury caused by medical
management rather than by the
underlying disease or condition of the
patient.
 Medical error may or may not lead to
adverse event.
 Adverse event is preventable
(considered as medical error) or non
preventable (not a medical error).

10. Medical
error
Potentially
compensable
event
Preventable
Nonpreventable

11. Risk Management Professionals
Education and skills for risk managers.
 some clinical knowledge, because he must
review care and provide guidance to clinical
providers of care.
 they should have some knowledge of
healthcare law and have a thorough
understanding of the legal system.
 understanding the insurance industry is
important because risk managers help make
decisions regarding various insurance coverage
such as hospital professional liability, general
liability, and workers’ compensation.

12. Basic RM functions
 maintenance and monitoring of effective incident
reporting and occurrence screening programs.
 claims management.
 clinical and administrative responsibilities such
as policy review, credentialing, contract review,
internal and external reporting, and education.
 collaboration with the organization’s safety
officer (the risk manager may be the safety
officer in smaller organizations).

13. Basic RM functions
 collaboration with financial office staff
regarding insurance and other methods of
risk financing.
 regulatory compliance.
RM and TQM/QI are closely related.
Both are interested in maintaining or
exceeding the applicable standard of
care.

14. Question
 The main aim of clinical risk
management:
1. To identify the liability issues and
prevent financial loss
2. Coordination of care
3. Education
4. Resource management

15. Risk Management
 Risk Identification.
 Risk Control.
 Risk financing.

16. Risk Identification.
Training video

17. Risk Identification
 Risk identification is the process through which
we become aware of risks in the health care
environment that constitute potential loss
exposures for the institution.
 Identification of problems or potential
problems that can result in loss
 Type of value exposed to loss
 Potential cause of loss (peril)
 Extent of the projected financial
consequence of the loss

18. Risk Identification
 the heart of every effective risk management
program are systems for identifying near
misses, actual loss-producing events, and
risks leading to future losses.
 Exposures can include
1. loss of the facility’s financial assets through
liability judgments .
2. casualty losses to its physical plant and
property
3. human losses through death or injury.
4. less tangible losses to its public image and
reputation.

19. Classification of Exposures
 Property Losses: damaged/destroyed property
 Net Income Losses: revenues minus expenses
for a given accounting period
 Liability Losses: another individual or
organization brings a claim for alleged
wrongdoing
 Personnel Losses: death, disability, retirement,
resignation, or unemployment of individual with
special skills or knowledge that an organization
cannot readily replace

20. Systems for Risk Identification
Informal Risk Identification Systems
◦ Claims data
◦ Medical record requests
◦ Patient complaints
◦ Standardized surveys and questionnaires
◦ Personal inspections
◦ Committee minutes
◦ Survey or regulatory reports
◦ Recall notices
◦ Experts

21. Systems for Risk Identification
Formal Risk Identification Systems
◦ Incident reporting
◦ Occurrence reporting and screening
◦ Sentinel event tracking
◦ Failure mode and effect analysis
◦ Device reporting and tracking logs
◦ Security reports

22. Risk Identification
 Identification of risks is important but
early identification is our goal
 Early identification is important because :
1- A prompt investigation can be initiated
while information is still fresh and available.
2- An early intervention can be considered.
3- A high potentiality of eliminating or
reducing the cost of the claim.

23. Risk Identification
2 main methods to identify risks :
1- Incident reporting
2- Generic / Occurrence screening
Both aim at early identification of risks
and take appropriate measures to
eliminate or limit liability exposures.

24. Incident / occurrence
Reporting
 Definition of incident: any happening that is not
consistent with the routine care of a particular
patient or an event that is not consistent with the
normal operations of a particular organization.
 Considered as early warning system.
 The analysis result should be revised by process
owners and who have the authority to make
changes in protocols ,policies and procedures
Occurrenc
e happen
trigger
Completion
of a report
form
Reporting
to Quailty
and
department
head
Collected
and
analyzed

25. Content of the Incident Report
 vary in content and structure and vary
from organization to organization
 emphasis has been placed on making
forms “user friendly,”

26. Content of the Incident Report
Demographic information :
 including name, home address, and telephone number of the
patient, visitor, or employee involved in the incident. (For
patients, medical record numbers also may be recorded as
part of the identifying information.)
 This information is used to identify the potential claimant and
witnesses in case of litigation.
Facility-related information : such as admission or visit date,
patient identification number, patient room number, and
admitting diagnosis or presenting complaint.
This is used as aggregate data to determine whether certain
units of the system are more incident prone.
Trending this information promotes risk management
intervention and actions plan to react to frequency or severity
in incidents reported.

27. Content of the Incident Report
Socioeconomic data : on the individual
involved in the occurrence, such as age,
gender, marital status, employment, and
insurance status.
This information aids in assessing
potential loss. For example, collecting
employment status assists the risk
manager and counsel in determining the
potential for wage loss or economic (loss
of salary) damage.

28. Categories according to type of
event
 Medication error
 Adverse drug reaction
 Fall
 Equipment problem
 Complication related to procedure ,
treatment , or test
 Transfusion event
 Behavioral problem( e.g. , assault ,
elopement ,etc.)
 Visitors events
 Unsafe conditions with potential for harm

29. Categories according to harm to
patient
 Category A: circumstances or events that have the
capacity to cause error but no error occurred.
 Category B: An error occurred but the error did not
reach the patient i.e. no harm occurred ( near
miss )
 Category C: an error occurred that reached the
patient, but did not cause patient harm.
 Category D: An error occurred that may have to or
resulted in harm to the patient and required
intervention
 Category E: an error occurred that may have to or
resulted in the patient’s death ( sentinel event )

30. Staff Participation in Incident
Reporting
 Incident reporting should be the responsibility of all
staff , responsibility for completing an incident
report rests with any facility staff members who
witnesses, discovers, or has direct knowledge with
the incident
 In the integrated delivery system (IDS), this
presents
a significant challenge. The various facilities that
make up the IDS are usually geographically distant
from each other; as a result, promoting the
consistent and timely reporting of incidents
demands :
 effective staff education.
 Simplicity of the reporting system .
 easy accessibility to training in how to use it .

31. Staff Participation in Incident Reporting
Barriers How to remove
staff view reporting as a routine task or
low-priority paperwork.
1. By providing feedback on the results of
investigation and problem resolution
2. Trending and analysis reports that lead
to changes in protocol, procedures, or
equipment based on these findings
fear the report is an admission of
negligence that exposes them to liability
and could be used against them in court
or for a punitive measure
1. incident report is not used as either a
punitive measure in disciplining
employees or a vehicle for airing
interpersonal disagreements.
2. The event itself may require disciplinary
action but not through the incident
reporting process
3. Training must stress that the report
should be a factual account of what
happened; no finger-pointing . Incident
reports are meant to collect “just the
facts,” .

32. Staff Participation in Incident
Reporting
Why incident reports may not be filed when policy
directs staff to do so ?
• Observer is too busy to complete the report when
a narrative section is required.
• Staff believe that reporting is of little value due to
lack of feedback.
• Staff fear disciplinary action based on the report.
• Non-physicians are reluctant to report incident
involving physicians.
• Staff are concerned that the report may lead to a
lawsuit leading to personal responsibility.
• Staff failed to recognize that an incident occurred.
• Staff do not understand the definition of an
incident.

33. Sentinel event
 an unexpected occurrence involving death or serious
physical or psychological injury , or the risk thereof.
 Serious injury includes loss of limb or function.
 The risk thereof includes any process variation for
which a recurrence would carry a significant chance of a
serious adverse outcome.
 Death or major permanent loss of function (sensory,
motor, physiologic, or intellectual), suicide, rape,
hemolytic transfusion reaction, Surgery/procedure on the
wrong patient or wrong body part, infant abduction or
infant discharge to the wrong family.

34. Response to sentinel event
Root cause analysis

35. Occurrence Screening
 This system, utilizes a clearly defined list of patient
occurrences with which patient medical records are
screened.
 It’s an example of 100% review system ,
 The screeners are looking for deviations from practice,
policy, and procedures.
 Criteria for the screens are established in areas that are
considered to be either :
1. high risk.
2. have a high number of incidents that have been
reported as quality of care “red flags” to be further
evaluated.
3. areas where the effects of an untoward event
occurring can have disastrous results from an injury
standpoint.
As an example :inappropriate informed consent
documentation

36. Occurrence Screening
 In an inpatient setting, all patient records
are reviewed against the criteria within
forty-eight to seventy-two hours of
admission and every three or four days
thereafter until the patient is discharged.
 The patient chart also is reviewed
approximately two weeks after discharge
to ensure that compliance with all criteria
has been assessed.
 Results of this screening process are
prepared for each admission by trained
data retrieval personnel (screeners).

37. Occurrence Screening
 The abstract is then forwarded to the
quality improvement office for follow-up.
 When identified, serious occurrences are
reported immediately by the patient care
reviewers to the appropriate person for
action.
 All occurrences are aggregated to aid in
identifying any trends that reflect patient
care problems requiring remedial action.
 It’s concurrent (may be retrospective
review).

38. Question
 The occurrence needs to be
investigated directly after happening
and every time it occurs, is:
1. Adverse drug event
2. Potential compensable event
3. Preventable drug event
4. Sentinel event

39. Question
 After patient death due to medication
interaction ,the following action is:
1. Cause & effect diagram.
2. Root cause analysis.
3. Failure mood & effect analysis.
4. Probabilistic risk analysis.

40. Question
 Analysis of incidents , errors , and near –
miss reports result in enhanced patient
safety by:-
1. reducing risk and obtaining informed
consent.
2. obtaining informed consent and
recognizing human errors.
3. recognizing human errors and
improving systems.
4. improving systems and reducing risk.

41. Risk Control
 Definition: process of preventing loss from
occurrence or minimizing loss once risk occurred.
 risk control includes:
Risk Avoidance: not offering a particular
service in order to avoid its well-know
problems and risks , and associated legal
liability.
Risk shifting: moving liability responsibility
from the healthcare organization to an
external entity.
Risk prevention: minimizing or eliminating
risks.
41

42. Risk Prevention
◦ Contract Review
◦ Internal and External Reporting
◦ Education
◦ Policy review:
 Informed Consent
 Medical Record Confidentiality
◦ Credentialing
◦ Compliance with Country/State/Local law
◦ Safety Management
42

43. Informed Consent as a Loss Control Process
 Introduction
◦ Consent is a process, not merely the completion of a
form.
◦ Failing to obtain consent may result in punitive
damages and charges of unprofessional conduct

44. Basic Elements of Consent to Treatment
◦ Disclosure of the nature and purpose of the test or
treatment
◦ Description of the probable risks and benefits
◦ Explanation of risks and benefits of alternatives
◦ Risks and benefits of foregoing the test or treatment
◦ Opportunity for questions and understandable answers
◦ Opportunity to make a decision free of coercion and
undue influence
◦
Informed Consent as a Loss Control Process

45. Exceptions from the General Rules of Consent
◦ Emergency treatment exception
◦ Therapeutic privilege exception
◦ Compulsory treatment situation
Informed Consent as a Loss Control Process

46.  Importance of an Informed Refusal of Care
◦ Patient or recognized decision-maker must have
mental capacity
◦ Inform patient of consequences of refusal of
proposed test or treatment
◦ Document discussion with patient or recognized
decision-maker
◦ Patients and decision-makers have the right to
withdraw consent
Informed Consent as a Loss Control Process

47.  Needs of Specific Patients in the Informed Consent
Process
◦ Preliminary screening to identify special patients
◦ Patients who warrant special considerations
 Minors
 Mentally disabled or challenged persons
 Patients undergoing testing or treatment for certain
diseases such as HIV, blood transfusion, or breast
cancer
Informed Consent as a Loss Control Process

48.  Risk Management Approach to Consent or Treatment
◦ Policies and procedures
◦ Risk identifiers
◦ Education
◦ “Family-focused” consent process is encouraged
◦ Documentation
Informed Consent as a Loss Control Process

49. High Risk Clinical Areas
 Obstetrics
◦ Failure to identify fetal distress
◦ Failure to complete a cesarean section
◦ Administration of oxytocin
◦ VBAC (vaginal birth after cesarean)
 Emergency Department
◦ Medical evaluation and transfers
◦ Communication issues
◦ Ostensible agency

50. High Risk Clinical Areas
 Surgical Services
◦ Retained procedural item
◦ Misidentification of the patient or the correct operative
site
◦ Inadequate preoperative evaluation
◦ Outpatient surgery
 Anesthesia
◦ Failure to properly intubate the patient
◦ Conscious sedation
◦ Patient care responsibilities

51. High Risk Clinical Areas
 Intensive Care Units
◦ Medication administration
◦ Use of monitoring alarms
◦ Medical management with multiple providers
 Pediatrics
◦ Appropriate services and equipment
◦ Child abuse
◦ Patient safety

52. High Risk Clinical Areas
 Behavioral Health and Psychiatry
◦ Failure to prevent suicide
◦ Outpatient psychiatric environment
◦ Restraints
◦ Psychopharmacology
◦ Electroconvulsive therapy
◦ Elopement
◦ Sexual Assault
◦ Rights of Others

53.  Radiology Services
◦ Management and avoidance of contrast media
reactions
◦ Failure to diagnose
 Home Health Services
◦ Durable medical equipment
◦ Confidentiality of the medical record
◦ Security
High Risk Clinical Areas

54.  Physician’s Office Setting
◦ Training
◦ Patient tracking and diagnostic follow-up
 Long Term Care and Assisted Care
◦ Patient’s rights
◦ Staffing
◦ Abuse
◦ Slip and falls
◦ Decubitus
High Risk Clinical Areas

55. High Risk Clinical Areas
 Long Term Care and Assisted Care
◦ Elopement
◦ Restraints
◦ Documentation

56. Evolving Risk in Telemedicine
 Introduction
◦ Telemedicine defined
 The provision of medical services across
distances utilizing the electronic transmittal
of medical information
◦ Telemedicine’s role in health care delivery
 Critical in the new technological age in
health care
 Only one facet of a well-designed health
care program

57.  Telemedicine Risks
◦ Practice standards
◦ Financial compliance
◦ Regulatory implications
◦ Medical malpractice
◦ Data confidentiality and protection
◦ Technical shortfalls
Evolving Risk in Telemedicine

58.  Involvement of the Risk Manager in Telemedicine
◦ Familiarity with telemedicine
◦ Involvement in negotiations and decision-making
◦ Educating board, medical staff, administration, and
management
Evolving Risk in Telemedicine

59. Risk Financing
 paying for losses that do occur despite all
risk management activities performed
 Methods of risk financing
◦ Risk retention: pay for losses from within
organization.
◦ Risk transfer: pay for losses from outside
organization.
59

60. Structure of the Risk Management
Process
Transfer
RiskFinancing
Retention
TreattheExposureThroughRMTechniquesIdentify/AnalyzeExposure
RiskAvoidance
RiskControl
Property
Active
Non-insurance
&
Self-insuranceLoss
RiskAnalysis
+LossFrequency:
Howlikely is itthat
aloss willhappen?
+LossSeverity:
Howserious willthe
loss be? Insurer
Acarrier
Passive
Not
recognize
d
Non-Insurer
Hold
harmless
agreements
Risk
Identification
+Identifytheloss
Segregation
LossReduction(severity)
LossPrevention(frequency)
NetIncome Liability Personnel
ContractualTransfer
(noninsurance)

61. Governance Oversight Responsibilities
 To authorize and support the development and
implementation of an effective Risk Management
Program;
 To know how risk is addressed by the organization:
 To know how the risk management and quality
management programs interact,
 including the involvement of physicians;
 To know and monitor the areas of organizational
risk
61

62. Risk Management Plan
Risk management plan.
Often the RM plan is integrated with the quality
management plan because the two processes are
interdependent.
Important plan elements include:
 purpose and board statement of support o f RM.
 scope of the program, authority, and confidentiality.
 data collection and reporting mechanisms (both
internal and external).
 integration with quality management and program
effectiveness reviews.

63. Review
 Risk management for nurses.

64. 20