Risk Management
Service:
Risk Management
Subject:
Risk and Safety Theory
Setting:
IRM and Risk Register
Type:
Risk Notes
Overview of Issue
Once risks have been identified and assessed in terms of likelihood and impact (i.e. harm or loss), the focus turns to the most important question – is there a need for further action in order to bring the risk down to an acceptable level? If an informed decision is made that a specific risk is not at a tolerable level and that existing controls are not adequate, then additional or alternative mitigation plans should be developed and accountability for their implementation assigned. The following diagram outlines the steps in risk identification, risk assessment, and risk management. The red arrow indicates the focus of this Risk Note.
Refer to related Risk Notes for details:
- Risk – Concepts and Misconceptions, Risk Assessment, Risk Management and IRM/ERM.
Key Points
- The most important question in risk management is whether there is a need for further action in managing a risk.
- Risk mitigation includes interventions that decrease the likelihood of a risk and those that decrease the impact of a risk should it occur.
- Early warning/detection interventions that focus on decreasing impact/harm to patients are key in healthcare.
Things to Consider
Generic risk management strategies
- There are a number of generic risk management options, which may or may not be appropriate in a particular circumstance including:
- Avoid risk – deciding not to start or continue with the activity that gives rise to the risk;
- Transfer risk – sharing the risk with another party (e.g. contracts and insurance);
- Mitigate risk – implementation of controls to decrease likelihood or impact of risk;
- Accept risk – informed decision/cost benefit analysis to keep as is.
Two sides to mitigating risk
- “Left-sided” interventions focus on prevention; on reducing the likelihood or probability that a risk could be realized.
- “Right-sided” interventions focus on containment or resiliency; on reducing the consequence or impact of a risk should it be realized.
- Containment strategies are key in healthcare, particularly in patient safety; these include early warning/detection systems of patient deterioration.
- Organizations should look to established best practices for prevention or containment, or consider implementing a quality improvement project to work towards a solution.
- Allocation of resources should take into account funding constraints, opportunity costs, and tradeoffs with other risks.
- Not all risks can be eliminated in an affordable way. Organizations have to carefully weigh how much time and effort they are prepared to put into mitigating a particular risk (Graham, 2008).
Advanced strategies for managing risks in healthcare
- Vincent and Amalberti (2016) describe five optimization and risk management categories of interventions which focus on both leftside prevention and right-side containment. The categories and sample interventions are summarized below:
- 1. Best practice standards
- Interventions to reduce specific harms (e.g. infections, falls);
- Targeted process reliability/improvements (e.g. checklists, bundles).
- 2. Systems and process improvement
- Staff interventions (e.g. training and feedback on performance);
- Task interventions (e.g. standardization, simplification, automation, design);
- Team interventions (e.g. handovers, role/ leadership clarity, unit-based);
- Working conditions (e.g. environmental/ physical space);
- Organizational interventions (e.g. staffing levels, coordination roles).
- 3. Risk control
- Placing limits or restrictions on services/ production in the interests of safety (e.g. temporarily or permanently restricting services, defining “no-go” conditions, prioritizing safety standards and reducing work/flow in other areas to compensate).
- 4. Monitoring, adaptation and response
- Safety culture improvements;
- Emergency response systems, team briefings.
- 5. Risk mitigation
- Rapid response systems, support for patients and staff;
- Insurance, legal protections, proactive media response.
Audit and follow-up
- For highly rated/ranked risks, current risk mitigation strategies should be evaluated. This could include an assessment of whether existing controls are still appropriate, if they are still appropriate and, if they are being consistently applied.
- Audits of mitigation strategies for highly rated/ ranked risks should be carried out on a periodic basis.
- Risk mitigation plans could not only include new control strategies but initiatives to improve compliance with existing controls as well (e.g. hand hygiene practices or ventilator associated pneumonia bundles).
REFERENCES
- NHS - National Patient Safety Agency. (2007). Healthcare risks assessment made easy.
- Graham A. (2008). Integrated risk management implementation guide. Queens University School of Policy Studies.
- Vincent C, Amalberti R. (2016). Safer healthcare: Strategies for the real world. Springer International Publishing.