Without an ERM program in place, it makes it exceptionally difficult for healthcare organizations to to predict the next steps they must take to be competitive and financially viable — especially in today’s uncertain market, regulatory and reimbursement environment. The benefits of Enterprise Risk Management (ERM) are getting a lot of attention in the healthcare industry these days, but adoption still appears to be slow. Further, adoption of mature ERM programs — or Integrated ERM — is even slower.
First Of All…What Is ERM And Why Does It Matter?
Whereas traditional risk management in healthcare was borne out of protecting hospitals and doctors from the surge of malpractice and professional liability suits of the 1970s and 1980s, ERM is more holistic. It takes into account much more than one hot-button issue at a time — looking across departments at operational, financial and strategic risks, in addition to anticipating one-off unexpected risks.
Even more, the evolution of technology has evolved ERM into what is now being called Integrated ERM. While many healthcare professionals are aware of the term “integrated risk management” in the context of managing hazard-based risk beyond the inpatient care settings within their health systems and integrated delivery networks, Integrated ERM is different. With risks now including patient data potentially being hacked, having a system in place to institute risk management is more important than ever.
What Is Integrated ERM?
Integrated ERM brings all risks from across the enterprise together to determine how they interrelate — uncovering insights that have previously been hidden within individual silos. The often-cited benefits of adopting Integrated ERM within healthcare institutions include:
High-quality patient care In addition to effectively highlighting patient safety issues that can then be resolved, Integrated ERM also enables healthcare organizations to more easily adopt increasingly popular patient-centered value-based care models.
Compliance While Integrated ERM is not about managing risk solely to meet compliance requirements, compliance is often a benefit of taking risks out of silos, obtaining a comprehensive view of those risks, and uncovering a plan of action that goes well beyond compliance standards.
Resilience Because Integrated ERM accounts for both the upsides and downsides of risk, it can help organizations to better withstand hazards, as well as thrive in the wake of a changing marketplace when value-enhancing risks are taken, like adding a profitable new clinical business line, or merging with other providers
Proper Investment Integrated ERM hinges on well-founded data that can rank your risks and offer insight on where to invest. Whether you invest in risk mitigation or value-incented risk-taking, you can feel more confident about your spend.
Improved Processes Integrated ERM can eliminate redundancies that often transpire due to operating in silos. The resulting transparency and collaboration means less likelihood of creating additional problems in one area after solving for a problem in another area.
All these benefits can come to fruition in a multitude of ways. For instance, many healthcare organizations are switching from fee-for-service or volume-based payment models to value-based payment models, whereby healthcare providers are incentivized based on the level of quality care they provide patients.
Lessons learned from other adopters of Integrated ERM
While the healthcare industry faces a multitude of unique risks and challenges that don’t apply to any other industry, it can still benefit from the lessons learned by other industries that adopted ERM in its more fledgling state, years ago.
In fact, healthcare organizations that are just now adopting the ERM process may have a considerable advantage: They might be able to avoid the growing pains early adopters experienced and implement industry-neutral ERM best practices “off the shelf,” rather than invent or reinvent the wheel.
Further, healthcare organizations might be able to advance to a more mature Integrated healthcare ERM program sooner — meaning they could see bigger benefits faster. Four lessons that healthcare organizations can take away from those industries that have already adopted ERM include:
- ERM goes beyond compliance: Compliance should be a benefit of ERM — not its sole driver. That’s why it’s listed as only one of eight healthcare ERM domains: On it’s own, compliance management solely takes into account the hazards of risk, not the potential upsides that could add value to the business or create a competitive advantage. Look across all eight risk domains to formulate a robust program that will deliver on minimizing uncertainty and maximizing value.
- Risk cultures start at the top: ERM is not a one-time process. It’s an ongoing program that can only be sustained if it’s ingrained in an organization’s culture and is supported at the top. If leadership isn’t pushing you to implement ERM, you will need to push them. Relaying the benefits of ERM, alone, probably won’t be enough. Cater your pro-ERM message to the interests and roles of the leaders from whom you need support. Solid communication, morale-building and negotiation skills will be needed to influence leadership.
- Risk governance should be formalized: Leadership needs to be more than just engaged and supportive of ERM. They need to be accountable. Executives, board members, and leaders from departments that represent each of the eight risk domains should be assigned roles and responsibilities related to ERM, and expected to execute within whichever ERM framework your organization elects to implement. Risk management activities should be coordinated, and they should adhere to the processes and workflows that have been agreed upon.
- Risk management processes should be standardized: While every industry — and even every healthcare organization — is unique, there are standardized frameworks and tools you can select from as a starting point for establishing a customized ERM program. Selecting from frameworks that have already been proven, and then modifying accordingly, will save time and energy when launching a program. Further, supplemental tools like risk registries, risk inventories and risk heat maps don’t discriminate against industries.
Such a shift isn’t as simple as merely adjusting payment or invoicing practices, though. It involves tweaking, and even overhauling a variety of processes and practices that stretch across all eight ERM risk domains. After all, it’s not just a new method for payment. It’s really a new method for care.
That’s why taking the Integrated ERM view of the shift to value-based care — or any other critical healthcare issue — is so important. Managing risk in a vacuum can cause organizations to overlook other critical risks that could be costly, or refrain from taking risks that have a tremendous upside, which could be even more costly.
Healthcare organizations that lack the data, tools, processes and frankly, the mission to take an Integrated ERM approach could face even greater failure in the form of business disruption or financial losses.