In this two-part series, you will learn when risk assessments are necessary in daily operations as well as when facing organizational challenges. As a basic tenet in practice, healthcare professionals perform risk assessments every day as they assess patients, identify potential risk and intervene to reduce risk for their patients. In addition, you will learn strategies to know when regulators and accreditors expect risk assessments and tips to reduce your risk appetite.
What is Your Appetite for Risk?
Is your organizations appetite for risk unhealthy, potentially headed down a path of destruction? This course can be corrected with effective risk assessments that include multiple staff members who are integral in the continuum of care.
Healthcare organizations are faced with many challenges. Opioid Crisis, Suicide and Ligature Issues, and Emerging Infectious Diseases (EID) to name a few. Risks are everywhere in our industry. The best way to approach them is through comprehensive risk assessments that produce sustainable mitigation activities. Risk Assessments can be daily activities, such as Medical History & Physicals, Informed Consents and thorough restraint assessments or annual activities such as Infection Prevention Plans and Patient Safety Work Plans. As a former CMS surveyor, a problem I saw often was risk assessments were a one and done activity or I heard statements like ‘the standards and regulations do not directly require them’. This update will provide insight into how the interpretative guidance (IG’s) plays into the Conditions of Participation (CoP’s) and lays the framework for the Joint Commission standards. This inter-connectedness between regulations and standards are what guides organizations to identify what risk assessments must be completed. Before we can begin a risk assessment, we need to understand what level of risk is acceptable to our organization and then evaluate if that level is healthy or an appetite for destruction.
In the field of Risk Management, managers are seeking to implement Enterprise Risk Management (ERM) programs that address regulatory issues, patient care issues, compliance issues and financial issues. All these issues are dealt with in healthcare and carry liability for the organization. The first step in an ERM is for the organization to define what their risk appetite or risk tolerance is. How many patients can be harmed before the harm done becomes unacceptable? How many processes can be allowed to fail? How many resources should be invested to protect a patient regardless of the opportunity for financial payment? There are no correct answers to these questions yet conclusions can be drawn by conducting effective risk assessments using the best information possible.
Does your organization have a healthy risk appetite? Can your organization assume a lot of risk or is it one that cannot bear any risk? To better understand this, we need to understand what a ‘Risk Appetite” is. This is defined as ‘the amount and type of risk that an organization is willing to take in order to meet their strategic objectives.” (1) Risk tolerance is slightly different but has been used interchangeably for some time now. Either term will help an organization determine what they deem acceptable from a harm, variance, and liability perspective. The ultimate goal should be zero harm to patients, staff and visitors. Can we achieve this overnight?
Steps to Reduce Your Risk Appetite
Fostering active engagement with all staff and providers, through risk assessments and through process improvement is the beginning. We may not be able to eliminate all risk, but we can get to a position where we use risk assessments and evidence-based medicine to ensure our processes have removed variation and produce predictable outcomes.
Risk assessments come in a variety of methods. Each one has specific intentions that identify issues, determine actions to reduce risk, and develop mitigation plans that would lead to sustained results over time. Risk assessments are an integral component of ERM’s. “Enterprise risk management in healthcare promotes a comprehensive framework for making risk management decisions which maximize value protection and creation by managing risk, uncertainty and their connections to total value.” (2) Courtemanche & Associates has assessed professional topics that pertain to Quality, Infection Prevention, Compliance, Risk, Emergency Preparedness and Safety managers across healthcare. We have concluded that these professional managers deal with over 245 topics that either need risk assessments conducted, written policies or plans developed, or staff competencies completed. The challenge we all face is that regulations and standards do not speak directly to the need for risk assessments. The standards within the CoP’s do not directly state that risk assessments must be performed. However, in the interpretive guidance there are statements that require written plans, evaluations and policy development. The only way these plans and policies can be developed is to ensure a risk assessment has been completed. Since risk assessment opportunities are not easily recognizable, one must rely on the interpretive guidance for direction just as a surveyor does. The interpretive guidance directs surveyor action, outlines expectations for minimum safety requirements and informs organizations where they should be assessing risk. Refer to the table below for more information on expected risk assessments.
Join us next month for APPETITE FOR DESTRUCTION! Part II: Addressing Today’s Top Issues with Effective Risk Assessments to learn more strategies to incorporate risk assessment in daily operations.
- Institute of Risk Management – 2019 https://www.theirm.org/knowledge-and-resources/thought-leadership/risk-appetite-and-tolerance.aspx
- American Society for Healthcare Risk Management (ASHRM); www.ashrm.org
- State Operations Manual (SOM), Appendix A – Survey Protocol, Regulations and Interpretive Guidelines for Hospitals. December 2018
- Joint Commission – CAMH – HAP 2019
- CMS Language Access Plan tool; https://www.cms.gov/About-CMS/Agency-Information/OMH/Downloads/Language-Access-Plan-508.pdf
- CMS Roadmap to the Opioid Epidemic https://www.cms.gov/About-CMS/Agency-Information/Emergency/Downloads/Opioid-epidemic-roadmap.pdf
Examples of Active Risk Assessments
|Topic||CMS Requirement||The Join Commission Requirement|
|Emergency Management Plan||482.15 (Hospitals) State Operations Manual ‘Z’ updated via QSO transmittal 019-06 All on Feb 1, 2019||M 01.01.01 last updated with effective changes November 2018|
|Employee Health Plan||482.42 – Tags A0747 to A0756 specially in A0749||IC 02.04.01 EP1 through EP9|
|Environment of Care Plans||482.41 – Tags A0700 to A0726 – written plans and maintain evidence||EC 01.01.01 EP 1 to EP9 – written plans|
|Exposure Control Plan||OSHA – 1910.1030(c)(1) and 1910.1030(c)(2)(i) exposure determination||IC 01.04.01; IC 02.03.01 EP2; EC 02.02.01 EP4; LD 04.01.01 EP2|
|Flammable Germicides||482.42(a) – A0749; 482.41(b)(7) – A0714 and S&C-07-11 Jan 12, 2007||EC 02.03.01 EP12|
|High Level Disinfection||482.51(b) – A0951 and 482.42(a) – A0749||IC 02.02.01 EP2 and EC 02.04.03 EP4|
|Infection Prevention & Control Plan||482.42 – A0747||IC 01.03.01 EP 1, 2 and 3; IC 01.04.01 EP 1;|
|Information Security Plan||482.15 (Hospitals) SOM ‘Z’ (Hazard Vulnerability Analysis – All hazard approach); 482.13(c)(1) – A0143; 482.24(b)(3) – A0441; HIPPA (1996)||IM 01.01.01 EP2; IM 02.01.01 EP1; EM 02.01.01 EP12|
|Language Access Plan||Section 504 and Section 508 Amendment to the
Rehabilitation Act of 1973, and Title II and Title III of the Americans with Disabilities Act (1990); 482.13 – A0115
|RI 0101.03 EP 1, 2 and 3|
|Medication Management Plan||482.25 – A489||MM 01.01.03 EP 1, 2 and 3; MM 01.02.01 EP 1, 2 and 3; MM 02.01.01 EP2; MM 03.01.01 EP4; MS 05.01.01 EP4; LD 04.03.13 EP1 through 7|
|Opioid Crisis||482.23(c) – A0405 and A0409; CMS Roadmap to Address the Opioid Epidemic||LD 04.03.13 EP 1 through 7; PC 01.02.07|
|Patient Population Assessment||482.15 EP0006 and EP0007; 482.42 – A0747||EM 02.02.11 EP8; IC 01.03.01: RI 01.07.03|
|Patient Safety Work Plan||482.21 – A0263; 482.21(e) – A0309||LD 04.04.05 EP1|
|Radiation Safety Plan||482.26 – A0528; 482.26(b) – A0535||EC 02.02.01 EP 7; EC 02.01.01 EP14;|
|Suicide / Ligatures Comprehensive Assessment||QSO 18-21 Hospitals (07/20/18); 482.41 – A0700||NPSG 15.01.01|
|Workplace Violence Plan||OSHA Directive CPL 02-01-058, (January 10, 2017).||EC 01.01.01 EP4; LD 04.01.01 EP2|