Risk - Concepts and Misconceptions

Category
Risk and Safety Theory
Topic
IRM and Risk Register
Type
Risk Notes

Overview of Issue

Effective risk management requires a thorough understanding of risk concepts and misconceptions.

Refer to related Risk Notes:

  • Risk Identification, Risk Assessment, Risk Management and IRM/ERM.

Key Points

  • Risks are a function of likelihood and impact.
  • Clinical risks result from the disease process, treatment, and medical decision making.
  • The most important and strategic risks in healthcare are those that could result in harm to patients.

 

Things to Consider

 

Definition of risk

  • Risk is defined as the possibility of loss or injury (Merriam-Webster, 2017).
  • The terms risk and hazard are not interchangeable. A hazard is a source of potential damage or harm (e.g. water on the floor), while a risk is the potential that harm will occur if exposure to the hazard occurs (e.g. visitor fall).

Two components of risk – likelihood and impact

  • Risks are understood in terms of the (1) likelihood or probability of an event occurring and (2) impact or consequences of the event should it occur; risks can have multiple causes that influence likelihood and multiple types of impacts.
  • The most significant types of impacts in healthcare are patient harm, staff harm, loss of resources/funds, service interruptions or closures, regulatory non-compliance, and reputational harm.
  • Probability is determined as either frequency of occurrence (e.g. once/month, once/year) or possibility of failure (e.g. %) within a defined time period, such as for strategic projects (NHS, 2008).
risk

Patient care risks

  • Understanding and measuring the risk of harm to patients is made more complex given the interplay of disease process risks, treatment risks, and medical decision making/error risks (Amalberti, 2005).
  • Risks related to decision making/medical error include events that shouldn’t happen that do (commission) and events that should happen that don’t (omission).
RISK

Common Misconceptions

Strategic versus operational risk

  • In not-for-profit healthcare organizations, strategic risks are those that pose major threats to achieving an organization’s vision and strategic objectives, particularly related to patient care. (This is in contrast to for-profit organizations where strategic risks typically relate to share price and market share).
  • In healthcare, strategic and operational risks are not mutually exclusive. Strategic risks/strategic crises often arise from key operational service failures that result in significant patient or staff harm, or major loss of resources/services/information (Audit Commission, 2009).

Upside versus downside of risk

  • Risks are sometimes described as “upside” (a potential outcome that is better than expected) or “downside” (an event that could give rise to a loss or injury in the future). However, this unnecessarily complicates the risk management process (Fraser, 2007).
  • Given their overwhelming prevalence and the industry-wide focus on patient safety, healthcare organizations should focus on downside risks. In order to promote organizational mindfulness and maintain a sense of urgency, risks should be described in plain language and as events or failures to be avoided.

Risk appetite or tolerance

  • Risk appetite/tolerance is a concept that originated in the financial sector to assess the willingness of investors to risk funds for a higher return. There is considerable confusion about the use of the term in other settings (Fraser, 2007).
  • It is not possible for healthcare organizations to establish an overarching risk tolerance/appetite statement other than to say the organization is risk averse; particularly related to risks that could lead to patient or staff harm where the only acceptable risk appetite would be zero harm.
  • In practice, tolerance plays out on a risk by risk basis, as organization make decisions on whether there is a need for additional action to address a particular risk.

References

• HIROC. (2017). Taxonomy of healthcare organizational risks.

• Amalberti R, Auroy Y, Berwick D, et al. (2005). Five system barriers to achieving ultrasafe health care. Ann Intern Med. 142:756-764.

• Fraser J, Simkins B. (2007). Ten common misconceptions about enterprise risk management. J Applied Corporate Finance. 19(4):75-81.

• Audit Commission. (2009). Taking it on trust: A review of how boards of NHS trusts and foundation trusts get their assurance.

• NHS - National Patient Safety Agency. (2008). A risk matrix for risk managers.

• Merriam-Webster. (2017). Definition of risk.

Date last reviewed:
This is a resource for quality assurance and risk management purposes only, and is not intended to provide or replace legal or medical advice or reflect standards of care and/or standards of practice of a regulatory body. The information contained in this resource was deemed accurate at the time of publication, however, practices may change without notice.

Partnering to create the safest healthcare system

HIROC is not just a not-for-profit, we are a reciprocal. This means we are governed by our Subscribers – a group of over 800 diverse healthcare organizations across Canada. Together we share learnings and find ways to adapt to the changing nature of the industry.
Learn More
HIROC staff members