Integrating business and clinical risks systems key to sustainability and resilience

Today’s health and aged care environment are experiencing problems brewing in
various fronts. Connectivity, integration, convergence are challenging providers to
navigate a world of reduced margins to do much more with much less and further
impacting quality outcomes.

The challenge is in providing quality care within astute business models. The key is in
strengthening risk management and resilience to achieve long term sustainability.

Failings of traditional risk management

Traditional risk management is focused on specific categories of risk (silos) and how
a particular risk might affect one aspect of organisational health (e.g. insurance costs,
accreditation). Identifying clinical risks associated with liability costs and sanctions
very often leads to not considering impact of non-financial risks – e.g. financial and
otherwise, that could also be identified and measured, reputational risks, etc. It also
fails to take into account impact of one risk upon another, thus compounding impact
of potential downside.

For example, literature is replete with human resource issues relating to:
• Workforce fatigue;
• Educational levels of nurses and their effect on patient outcomes;
• Staff intimidation in the area of safe medication practices; and
• The decreasing labour pool.

It is not easy to identify how the impact these issues have on each other. However,
one could see how a decreasing professional labour pool can create a demanding and
stressful work environment that promotes workplace fatigue.

Similarly, events like 9/11, Victorian Bushfires, etc have escalated the focused effort
on emergency management and disaster recovery planning. To be successful, these
efforts have had to adopt enterprise wide risk management.

Risk management –enterprise wide approach

Risk management for health and aged care providers is not a socially or legally
ordained program. It is simply an organised effort to identify, assess and reduce,
where appropriate, risks to patients, visitors, staff, and organisational assets. Risk
management is nothing new, as Shakespeare’s Julius Caesar puts it, “the fault…is not
in our stars, but in ourselves.” Untoward or adverse outcomes tend to yield a broad
spectrum of possible explanations. What steps or programmes have we put in place to
ensure we reduce the incidence of preventable accidents and injuries to minimize the
financial loss to the institution should an accident occur?

It is difficult for those outside the sector to grasp the uniqueness of health and aged
care risk management. Whilst there are some similar elements to risk management in
other industries such as workers’ compensations, fleet safety, workplace safety,
hazard identification and mitigation, the potential severity of a catastrophe injury to a
patient/resident is distinct. Aged care functions 24/7 and poor outcomes can result in
dire consequences, sometimes viability. As a result, traditional risk managers have
placed emphasis on addressing clinical risks. Such narrow approach can be limiting
and might not result in greatest enhancement of safety outcomes for patients/residents.

What about the new challenges posed by continuous advances in medical research and
technology? Although these advances support the goal of improved patient care, they
come with a price tag: new risks. What is the risk that these advancement would
threaten the ethical and moral values of an institution?

Enterprise risk management (‘ERM’) therefore considers a broader approach for

addressing the institution’s health and aged care risks.

With stakeholders demanding greater risk transparency, efforts are increasing to

assess an institution’s myriad of risks and cover them in a strategic risk management
program.

Emerging risk management priorities

From our work with leading organisations, we are witnessing an evolving role for risk
officers who have identified the following three risk management priorities:

• Ensuring that the organisation is in full compliance with regulations;

• Monitoring and identifying emergent risk; and
• Extending risk principles into the wider business strategies.

We are seeing more of a focus on driving integration of compliance, governance and

risk efforts – how can we do less and achieve more?

Scenario planning, sensitivity analysis and forecasting also provide valuable insight
and depth to risk management discussions.

For example, protecting patient confidentiality is often identified as a compliance

risks/legal risks. Scenario planning will open up a whole plethora of discussions and
possibilities. The way information is obtained, stored, retrieved, access, archived,
destroyed and the medium with which it is stored, communicated and transmitted
have points of vulnerabilities.

Trend forecasting also provides key insights on trends and expectations of things to
come.

Risk identification, analysis, management and planning

A systematic approach to risk management in progression or combination will help

achieve effective risk management. Many risk management frameworks are available
for use such as the AS/NZS4360, IS31000 and COSO framework. Whichever you
choose to adopt, the key to achieving effective risk management are founded in the
following key steps:

• Identify the risks to be managed by adopting a comprehensive, well structured and

systematic process. Any risks not identified at this stage are well excluded from
 further analysis. It is therefore important to obtain a holistic and integrated view of
possible risks. Risk identification should not be static snapshots!

Risk-mapping stakeholders/team participants

Legal
OHS Finance

Public
Operations
Relations

Internal
Insurance Audit/
Compliance

Risk
Manager Nursing/
Strategic
Medical

Quality
Environment
Assurance

Planning & Information

Development technology
Human
Security
Resource
Source:
Shirley Liew

• Consider the potential consequences of risk events in terms of their severity Ensure
there is sufficient rigour of the risk analysis in keeping with the context and risk
criteria, the level of uncertainty in the analysis and the needs of decision makers.
Liability Property Business Personnel Financial Operations Strategic
interruption
• Slips and falls • Real -facility • Net income • Employee injury • Price • Productivity • Funding
• Medical • Personal • Extra expenses • Benefits • Credit • Information mechanism
professional • Intellectual • Contingent • Retention • Loss of management • Viability of
• Clinical trials property business profits • Process mergers
interrruption • Regulatory risk • What services or
– sanctions, products to offer
fines, penalties

• Evaluate risks – compare the estimated level of risk with the pre-established
criteria and rank the risks to identify management priorities. Ascertain tolerance
levels and tolerable risks, based on parameters set by the board. Develop a risk
treatment and response plan.

• Treat risks- Upon identifying risks, develop a range of response options for treating
risks, assess these options. Options range from avoiding the risk, in which case you
decide not to proceed with the activity likely to create the risk, change the
probability of occurring to enhance outcomes and reduce probability of losses,
change the consequences of risk, share the risks or retain the risk and make
appropriate provisions for dealing with risk should it arises.

• Given the dynamic context resulting from the constantly changing external and
internal environments, an institution should monitor and review the effectiveness
and performance of its risk management process and changes as well as that of the
risk treatment plans. Intrinsic in the risk treatment plan should be that of effective
controls. By analysing incident reports and understanding the root-causes, risk
managers often able to identify opportunities to strengthen organisational control
designs.

• Last but not least, communicate, communicate, communicate!

Monitoring key risk indicators through routine monitoring of particular parameters,
e.g. cashflow forecasting provides clear indication of not only how well the
organisation is tracking financially but also potential problems pertaining to
operations such as lodgements and claims, payment terms to suppliers, spiralling
areas of costs, etc.

Some examples of key risk indicators associated with non-compliant homes include:

• Total number of claims for a given time

• Total number of potential claims – events that relate to potential patient harm
• Incidences of errors or refunds – may relate to issues pertaining to integrity of
financial and administration process
• Number of patient complaints
• Staff turnover and churn
• Adequacy of staff training and orientation as well as level of ongoing training
• Percentage of new stage over total workforce
• Staff/patient ratios
• Timeliness of management reporting
• Variances to budgets
• Cashflow and liquidity ratio indicators usually provide key insights to viability of
an institution.

Adopt a strategic approach to risk management. Also look at culture and the
importance of risk culture is greatly influenced by leadership from the board. Walking
the talk forms the basis of a successful risk framework

Key business risks

Whilst the above issues relate mainly to patients, some key business risks which are
often ignored has proven critical to ultimate financial risks and hence long term
solvency and viability of the institution.

One example is that of contract management and service level agreements with third
party providers/contractors, e.g. IT, managed care, transaction processing, consultants
and physicians etc. Service failures or interruptions could result in unintended
increases in medical and operating expense that might negatively impact cash flow,
liquidity, financial performance and capital. They might also result in injury or
damage to third parties what might result in expense to the institution.

Some key risks issues relate to provider credentialing, vicarious exposures, apparent
authority and ostensible agency, good faith and fair dealing, provider selection and
compliance.

Other liabilities include board of directors operating a company whilst insolvent.

Boards of directors therefore need to have a clear and unfettered view of cashflow
positions and financial risks.
Revenue risks can arise from the time a resident is registered to the point of billing
with many numerous opportunities for things to go wrong. Demographic information,
charges missing and outdated codes? Knowledge is power and knowing where the
revenue cycle risks empowers organisations to control the threats to financial,
compliance and operating performance.

Advertising risks may pose a legal risk to the institution – e.g. exaggerating qualities
of a product, and when you cannot live up to the claims it makes for itself. Be clear
whether you are adopting a strategy of factual message or opinion message. Factual
messages provide objective, verifiable information to the consumer. Certain facts
about the facility may determine consumer preference in certain cases, e.g. religious
or ethnic affiliation, the cost of the services, hours, etc. Opinion messages try to
influence the consumer to believe that the facility offers a positive subjective
attribute. Advertiser should be able to substantiate claims and types of testimony used.
Languages such as “best care”, “world class facility” ‘first class staff’,
“extraordinary”, “individualised care”, should be avoided.

Benefits of ERM

If avoiding sanctions is not incentive enough, try resilience. Apart from a broad base
approach, ERM provides opportunities to improve efficiencies, streamline compliance
costs and provides management and stakeholders a better view of risks.

This further facilitate improved decision making and creates greater empowerment,
control and monitoring of risks. Understanding and reporting key risks indicators also
helps to improve transparency.

Streamlining of governance, risk and compliance reduces the much loathed

paperwork and effort surrounding accreditation and audits.

Finally, having clear view of risk and an integrated model of risk management
increases flexibility and responsiveness of a provider to respond and be more
opportunistic. This is critical for organisations to be successful and build the
resilience and challenges which abound.

If you require further information, please contact Shirley Liew, +61416287694, sliewsn@hotmail.com
or visit www.shirleyliew.com