was successfully added to your cart.


APPETITE FOR DESTRUCTION! Part I: Addressing Today’s Top Issues with Effective Risk Assessments

By March 27, 2019C&A Blog

In this two-part series, you will learn when risk assessments are necessary in daily operations as well as when facing organizational challenges. As a basic tenet in practice, healthcare professionals perform risk assessments every day as they assess patients, identify potential risk and intervene to reduce risk for their patients. In addition, you will learn strategies to know when regulators and accreditors expect risk assessments and tips to reduce your risk appetite.


What is Your Appetite for Risk?

Is your organizations appetite for risk unhealthy, potentially headed down a path of destruction? This course can be corrected with effective risk assessments that include multiple staff members who are integral in the continuum of care.

Healthcare organizations are faced with many challenges. Opioid Crisis, Suicide and Ligature Issues, and Emerging Infectious Diseases (EID) to name a few. Risks are everywhere in our industry. The best way to approach them is through comprehensive risk assessments that produce sustainable mitigation activities. Risk Assessments can be daily activities, such as Medical History & Physicals, Informed Consents and thorough restraint assessments or annual activities such as Infection Prevention Plans and Patient Safety Work Plans. As a former CMS surveyor, a problem I saw often was risk assessments were a one and done activity or I heard statements like ‘the standards and regulations do not directly require them’. This update will provide insight into how the interpretative guidance (IG’s) plays into the Conditions of Participation (CoP’s) and lays the framework for the Joint Commission standards. This inter-connectedness between regulations and standards are what guides organizations to identify what risk assessments must be completed. Before we can begin a risk assessment, we need to understand what level of risk is acceptable to our organization and then evaluate if that level is healthy or an appetite for destruction.

In the field of Risk Management, managers are seeking to implement Enterprise Risk Management (ERM) programs that address regulatory issues, patient care issues, compliance issues and financial issues. All these issues are dealt with in healthcare and carry liability for the organization. The first step in an ERM is for the organization to define what their risk appetite or risk tolerance is. How many patients can be harmed before the harm done becomes unacceptable? How many processes can be allowed to fail? How many resources should be invested to protect a patient regardless of the opportunity for financial payment? There are no correct answers to these questions yet conclusions can be drawn by conducting effective risk assessments using the best information possible.

Does your organization have a healthy risk appetite? Can your organization assume a lot of risk or is it one that cannot bear any risk? To better understand this, we need to understand what a ‘Risk Appetite” is. This is defined as ‘the amount and type of risk that an organization is willing to take in order to meet their strategic objectives.” (1) Risk tolerance is slightly different but has been used interchangeably for some time now. Either term will help an organization determine what they deem acceptable from a harm, variance, and liability perspective. The ultimate goal should be zero harm to patients, staff and visitors. Can we achieve this overnight?


Steps to Reduce Your Risk Appetite

Fostering active engagement with all staff and providers, through risk assessments and through process improvement is the beginning. We may not be able to eliminate all risk, but we can get to a position where we use risk assessments and evidence-based medicine to ensure our processes have removed variation and produce predictable outcomes.

Risk assessments come in a variety of methods. Each one has specific intentions that identify issues, determine actions to reduce risk, and develop mitigation plans that would lead to sustained results over time. Risk assessments are an integral component of ERM’s. “Enterprise risk management in healthcare promotes a comprehensive framework for making risk management decisions which maximize value protection and creation by managing risk, uncertainty and their connections to total value.” (2) Courtemanche & Associates has assessed professional topics that pertain to Quality, Infection Prevention, Compliance, Risk, Emergency Preparedness and Safety managers across healthcare. We have concluded that these professional managers deal with over 245 topics that either need risk assessments conducted, written policies or plans developed, or staff competencies completed. The challenge we all face is that regulations and standards do not speak directly to the need for risk assessments. The standards within the CoP’s do not directly state that risk assessments must be performed. However, in the interpretive guidance there are statements that require written plans, evaluations and policy development. The only way these plans and policies can be developed is to ensure a risk assessment has been completed. Since risk assessment opportunities are not easily recognizable, one must rely on the interpretive guidance for direction just as a surveyor does. The interpretive guidance directs surveyor action, outlines expectations for minimum safety requirements and informs organizations where they should be assessing risk. Refer to the table below for more information on expected risk assessments.

Join us next month for APPETITE FOR DESTRUCTION! Part II: Addressing Today’s Top Issues with Effective Risk Assessments to learn more strategies to incorporate risk assessment in daily operations.



  1. Institute of Risk Management – 2019 https://www.theirm.org/knowledge-and-resources/thought-leadership/risk-appetite-and-tolerance.aspx
  2. American Society for Healthcare Risk Management (ASHRM); www.ashrm.org
  3. State Operations Manual (SOM), Appendix A – Survey Protocol, Regulations and Interpretive Guidelines for Hospitals. December 2018
  4. Joint Commission – CAMH – HAP 2019
  5. CMS Language Access Plan tool; https://www.cms.gov/About-CMS/Agency-Information/OMH/Downloads/Language-Access-Plan-508.pdf
  6. CMS Roadmap to the Opioid Epidemic https://www.cms.gov/About-CMS/Agency-Information/Emergency/Downloads/Opioid-epidemic-roadmap.pdf


Examples of Active Risk Assessments

Topic CMS Requirement The Join Commission Requirement
Emergency Management Plan 482.15 (Hospitals) State Operations Manual ‘Z’ updated via QSO transmittal 019-06 All on Feb 1, 2019 M 01.01.01 last updated with effective changes November 2018
Employee Health Plan 482.42 – Tags A0747 to A0756 specially in A0749 IC 02.04.01 EP1 through EP9
Environment of Care Plans 482.41 – Tags A0700 to A0726 – written plans and maintain evidence EC 01.01.01 EP 1 to EP9 – written plans
Exposure Control Plan OSHA – 1910.1030(c)(1) and 1910.1030(c)(2)(i) exposure determination IC 01.04.01; IC 02.03.01 EP2; EC 02.02.01 EP4; LD 04.01.01 EP2
Flammable Germicides 482.42(a) – A0749; 482.41(b)(7) – A0714 and S&C-07-11 Jan 12, 2007 EC 02.03.01 EP12
High Level Disinfection 482.51(b) – A0951 and 482.42(a) – A0749 IC 02.02.01 EP2 and EC 02.04.03 EP4
Infection Prevention & Control Plan 482.42 – A0747 IC 01.03.01 EP 1, 2 and 3; IC 01.04.01 EP 1;
Information Security Plan 482.15 (Hospitals) SOM ‘Z’ (Hazard Vulnerability Analysis – All hazard approach); 482.13(c)(1) – A0143; 482.24(b)(3) – A0441; HIPPA (1996) IM 01.01.01 EP2; IM 02.01.01 EP1; EM 02.01.01 EP12
Language Access Plan Section 504 and Section 508 Amendment to the
Rehabilitation Act of 1973, and Title II and Title III of the Americans with Disabilities Act (1990); 482.13 – A0115
RI 0101.03 EP 1, 2 and 3
Medication Management Plan 482.25 – A489 MM 01.01.03 EP 1, 2 and 3; MM 01.02.01 EP 1, 2 and 3; MM 02.01.01 EP2; MM 03.01.01 EP4; MS 05.01.01 EP4; LD 04.03.13 EP1 through 7
Opioid Crisis 482.23(c) – A0405 and A0409; CMS Roadmap to Address the Opioid Epidemic LD 04.03.13 EP 1 through 7; PC 01.02.07
Patient Population Assessment 482.15 EP0006 and EP0007; 482.42 – A0747 EM 02.02.11 EP8; IC 01.03.01: RI 01.07.03
Patient Safety Work Plan 482.21 – A0263; 482.21(e) – A0309 LD 04.04.05 EP1
Radiation Safety Plan 482.26 – A0528; 482.26(b) – A0535 EC 02.02.01 EP 7; EC 02.01.01 EP14;
Suicide / Ligatures Comprehensive Assessment QSO 18-21 Hospitals (07/20/18); 482.41 – A0700 NPSG 15.01.01
Workplace Violence Plan OSHA Directive CPL 02-01-058, (January 10, 2017). EC 01.01.01 EP4; LD 04.01.01 EP2


James Ballard

Author James Ballard

More posts by James Ballard