Since 2014, The American Society of Healthcare Risk Management (ASHRM) has rightly been focused on Enterprise Risk Management (ERM) as a necessary evolution for risk management in healthcare and a logical expansion of the role of the traditional healthcare risk manager.
Let’s assume by now that you’ve availed yourself of the organizational readiness assessments that are out there, and that you’ve successfully answered the question “are you ready for ERM?” (if you haven’t, ASHRM has a great one here).
What I haven’t seen, however, is a readiness assessment for ERM technology, to help you determine whether or not you can successfully automate your ERM initiative with risk management or compliance solutions you’re already using, or if you should be considering new technology.
In the interest of saving you time (you’re welcome), I’ll cut to the chase. You can’t successfully automate your ERM initiative with the risk management or compliance solutions you’re already using, and you should be considering new technology.
Unless you’re using a truly-integrated ERM solution.
With most healthcare patient safety and risk management systems, so-called enterprise risk management modules are stand-alone afterthoughts that, at best, allow you to manually enter risks to populate a heat map and risk register. If they are automated, they’re automating only what they know — accreditation, or patient safety and feedback, or claims — and calling it ERM.
And integrating it all? Forget about it. One vendor is even trying to tout it’s “collection of software” as an ERM solution in an era where healthcare provider organizations (HPOs) are trying to fix their fragmented software ecosystems.
Unlike these vendors, with their attempt at a bottom-up approach to healthcare Enterprise Risk Management, traditional ERM or GRC (Governance, Risk & Compliance) systems are attempting the reverse, a top-down (and equally ineffective, in my assessment) effort to layer their software above that splintered landscape of single-risk solutions.
Without effective integration, however, these “solutions” sit in isolation, relying on highly-manual risk assessments to determine risk management performance within the organization.
A truly-integrated solution not only collects and aggregates risk information, it also automates much of the risk control (and assessment) process: day-to-day risk indicators (e.g. percentage of adverse events resulting in claims or litigation, or the percentage of clinicians complying with hand hygiene protocols) can — quite literally — move the needles themselves.
Just as a better event reporting system can free up staff to implement improvements, not simply review and investigate incidents, a better (read integrated) ERM system can free up staff to effectively inform leadership, and can enable leadership to react more quickly and capably to critical risk changes in real time.
“But where can I find a truly integrated, healthcare-relevant ERM solution?” you ask.
Look up. Go ahead. See that logo in the top left corner of your screen?
Happy to help.