Enterprise Risk Management Greg King – VP Finance, HIROC Elizabeth Martin – Director and Audit Committee Chair, Sunnybrook Director, HIROC PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Agenda 1. 2. 3. 4. 5. 6. Who is HIROC What is ERM Top Risks ERM Tools HIROC Claims Sunnybrook’s ERM Experience PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Who is HIROC? • HIROC was founded in 1987 by Ontario hospitals due to liability insurance crises • Expanded across Canada to become the largest underwriter of med/mal in the country • Insures 700 health care organizations • Member-owned, not-for-profit, distributes surplus funds (profits) to member clients (subscribers) PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 3 Canadian Healthcare Liability and Legal Environment 4 ERM-What is it? Provides a common framework for understanding and prioritizing organizational risks NPSA, 2007 5 ERM/IRM Strategies Risk Management Strategies 6 Examples Avoid • Decide not to start or continue with the activity • Terminate a program Remove • Remove underground storage tanks Change Likelihood • Enhanced Policies-use of Oxytocin, Gentamicin, • Training-MOREOB Program Change Consequences • Infection Control: Standardize the definition for an outbreak and implement protocols for reporting and managing an actual or suspected outbreak Share the Risk with Another Party • Insurance • Contract-ex. Snow removal Retain the risk by informed decision • Pathology Labs • Foreign Patients • Deductibles UK / NHS / Mid Staffordshire Inquiry “…it failed to tackle an insidious negative culture involving a tolerance of poor standards and a disengagement from managerial and leadership responsibilities. This failure was in part the consequence of allowing a focus on reaching national access targets, achieving financial balance and seeking foundation trust status to be at the cost of delivering acceptable standards of care.” PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 7 How can a Board add value? •Focus on the future •Understand the strategy-assumptions, impact on the organization •Assess competency of management to execute the strategy •Monitor performance-help identify how it can be improved •Keep abreast of the external environment •Understand the risks PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 8 So… What are some top risks? 9 2010 U.S. Healthcare Enterprise Risk Survey-Top Risks 1. 2. 3. 4. 5. Financial • Payment increases consistently below medical inflation • Unfunded mandates for the provision of services • Increasing capital costs and gaps between needed and available capital Physician relationships-ability to control the direction and level of alignment of physicians and institutions Preparedness for clinical automation: inadequate I.T. requiring investment in more sophisticated systems-ex. Inability to develop a fully operational operational electronic health record. Improving performance in the midst of accelerating regulatory and marketplace change Employee dissatisfaction-ex. Nurses strike, Resignations Source: Assessment of Key Risks for Hospitals and Healthcare Systems – Spring 2010, KPMG LLP PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 10 Australia/New Zealand Framework AS/NZS ISO 31000 Risk Management Framework © 2009 Standards Australia/Standards New Zealand Sample Risk Categories By Function 11 Business Risk Resource Risk Compliance Risk Risks that relate to the delivery of healthcare that include internal and external factors impacting on the operations Risks that relate to the resources used by the organization to accomplish its objectives Risks that originate from the requirement to comply with a regulatory framework, policies, directives or legal agreements Quality Care And Patient Safety Informed Consent, Care Plans Consults, Referrals Human Resources And Staff Relations HR Planning, Competency And Staff Development, Performance Management, Labour Relations Environment, Health And Safety Hazardous Material Handling, Occupational Health And Safety, Infection Control Corporate Governance Strategic Goals And Objectives, Performance Reporting, Culture, Ethics, Org Structure, Partnerships And Alliances Financial Funding Allocation, Planning And Budgeting, Insurance, Financial Management And Reporting, Fraud Legal And Regulatory Medical Staff By-laws, Legislation And Regulations, Contracts And Agreements, Credentialing And Licensing Operations And Business Support Quality And Risk , Supply Chain, Health Information Management, Security, Disaster Management Information, Systems And Technology E Health Strategy, Infrastructure, Access Control, Data Integrity, User Support Policies Clinical Policies, Administrative Policies, Internal Guidelines And External Directives Reputation And Public Image Public Relations, Media Relations, Government Relations, Patient Relations Physical Assets Asset Management, Capital Construction, Equipment Acquisition, Replacement And Maintenance Standards CCHSA Accreditation Standards, Professional Regulatory Bodies And Standards Committees HIROC Integrated Risk Management Approach Analyze claims data 12 ID top ranked risks ID top mitigation strategies Collate into selfassessment program Decrease AEs and claims Risk Assessment Checklist • Top 30 risks • Creates a Checklist of the 10 most impactful mitigation strategies to address each risk. • Subscriber evaluates their processes and policies against these mitigation strategies. 13 RAC Online Tool – Risk Register Report Rank 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 14 Risks Failure to Interpret/Respond to Abnormal Fetal Status Misinterpretation of Laboratory Tests Inadequate Triage Assessment Mismanagement of Induction/Augmentation Medications Failure to Communicate Critical Test Results Failure to Monitor Fetal Status Visitor Falls Failure to Communicate Fetal Status Water Damage Failure to Appreciate Status Changes/Deteriorating Patient Condition Healthcare Acquired Infections Medication Adverse Events Patient Falls Failure to Identify/Monitor Hyperbilirubinemia Inadequate Quality Checks for Contracted/Agency Nursing Staff Abuse of Patients Failure to Provide Adequate Discharge/Follow-up Instructions Equipment Malfunction Failure to Identify/Manage IV Infiltration Employee Fraud Unnecessary/Obsolete Procedures Wrong Patient/Site/Procedure Wrongful Dismissal On-Premises Suicides/Attempts Healthcare Acquired Pressure Ulcers Failure to Pay Benefits/Overtime Retained Foreign Bodies Fire Damage Inadequate Sterility Privacy Breach Inadequate Credentialing and Complaints Management of Privileged Staff Inadequate Management of Look-Backs/Multi-Patient Events Org H Av 90 95 90 95 89 94 100 94 95 75 90 85 100 91 69 85 75 89 78 89 50 100 90 90 90 100 100 95 90 60 100 92 88 95 86 85 88 89 88 79 83 80 94 86 88 88 76 82 75 91 76 91 81 95 84 79 84 88 95 93 94 87 91 83 “Clinical leaders have found the modules very helpful.” “Led to productive discussions within clinical teams; challenged each other regarding certain strateiges.” “Helped us identify areas for improvement.” “Program is streamlined and software is easy to use.” “Helped to re-energize our hospital’s ERM program.” Risk Reference Sheets Includes: • Description of the risk • Claims Statistics- what our data shows • Common themes and case studies • Key mitigation strategies 15 HIROC Top Risks – Acute Care 1. Obstetrics – Failure to interpret/monitor/respond to abnormal fetal status, Mismanagement of Induction/Augumentation Medication (Oxytocin) 2. Diagnosis – Misinterpretation of Laboratory Tests 3. Medical – Inadequate Triage Assessment 4. Diagnosis – Failure to communicate critical test results 5. Visitor Falls/Patient Falls 6. Property-Water Damage – Floods, leaks, ageing infrastructure 7. Medical – Failure to appreciate status changes/deteriorating patient condition 8. Infection Control – Healthcare acquired infections 9. Medical – Medication Adverse Events 10. Administrative-Inadequate Quality Checks for Contracted/Agency Nursing Staff 16 HIROC Top Risks – Chronic Care, Complex Continuing Care and Rehabilitation 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 17 Patient Falls Fiduciary – Employee Fraud Visitor Falls Safety and Security – Abuse of Patients Medication – Failure to perform and/or communicate therapeutic drug monitoring results Medical – Healthcare acquired burns Employment – Wrongful Dismissal Medical – Healthcare acquired pressure ulcers Infection Control – Healthcare acquired infections Administration – Management of client complaints HIROC Top Risks – Nursing Homes, Personal Care Homes and Long Term Care Facilities 1. 2. 3. 4. 5. 6. 7. 8. 9. Patient Falls, Visitor Falls Fiduciary – Employee Fraud Employment – Wrongful Dismissal Medical – Healthcare acquired pressure ulcers Safety and Security – Abuse of Patients Medical-Mismanagement of Restraints Medical-Elopement and Self Harm or Harm to 3rd Parties Property-Water Damage Medical-Failure to appreciate status changes/deteriorating patient condition 10. Medication – Adverse Events 18 HIROC Top Risks – Community Care Access Centres 1. Home Care – Mismanagement of surgical/vascular wounds and retained foreign objects 2. Safety and Security – Abuse of patients 3. Medical – Elopement and self harm and/or harm to third parties 4. Mental Health – On-premises suicides/attempts 5. Medication – Failure to perform and/or communicate therapeutic drug monitoring results 6. Administration – Management of client complaints 7. Medical – Failure to appreciate status changes/deteriorating patient condition 8. Home Care – Inadequate coordination and case management 9. Falls – Patient falls 10. Medical – Healthcare acquired burns 19 What does HIROC’s Claims Data show? 20 HIROC Claim Frequency Medical Treatment Obstetrics 11 PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM HIROC Claim Costs Medical Treatment Obstetrics 12 PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM HIROC Claims Trends-Labour and Delivery • • • • • • • Most adverse events involve multiple factors Failure to monitor fetal status Failure to interpret/respond to abnormal fetal status Failure to turn off oxytocin Charting deficiencies Failure to identify/monitor/respond to hyperbilirubinemia Inadequate, undocumented transfer of care during staff break or shift change • Inexperienced nurses assigned to higher risk maternal patients without adequate support • Communication/Chain of Command Issues-unresolved conflict between practitioners, intimidation, systemic interdisciplinary challenges, non-specific chain of command/escalation protocols 15 PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Emerging Risks/Trends/Class Actions 24 Nosocomial Infections • Formal and co-ordinated Infection Control and Prevention Practices (e.g. Hand washing) are key to managing this risk • Difficulties in identifying and defining what is an “outbreak” and communication and management of an outbreak • E.g.-SARS, C Difficile, Pseudomonas, TB, MRSA Pathology and Lab Issues • Pre-analytic-test ordering, patient identification • Analytic-technical/specimen preparation and interpretation, false positives and false negatives • Post-analytic-report completion, communication of results Sterilization • Effective sterilization of equipment, consistent aseptic techniques in the O.R. and reliable routine practices, such as hand washing are key to managing this risk • Ensure staff responsible for sterilizing instruments are properly certified and routinely check monitoring strips Emerging Risks/Trends/Class Actions 25 Clinical Trials • Primarily larger institutions. Involves international exposure. Treatment of Foreign Patients • Healthcare organizations and physicians should make reasonable efforts when treating non-residents of Canada to ensure a Governing Law and Jurisdiction Agreement is completed before treatment is initiated. Disclosure • CPSI Canadian Disclosure Guidelines: Being Open with Patients and Families underscores the importance of transparency and communicating with patients and family Privacy • Duty to ensure that personal health information in its custody and control is protected against unauthorized use, disclosure, copying, modification, and disposal, and against theft or loss. Cyber Risk • With staff bringing their own devices to work and new care situations such as virtual wards, there is an increased flow of data that makes security a 24-7 priority Cyber-Privacy Breach Examples – Faxers (old technologies die slowly) – Carriers of USB/digital portables – Uploaders (on intranet or even internet) usually inadvertently, often for only short period – Snoopers (facilitated by electronic health record) – Profit-seekers – Cyber Attacks-Heartbleed virus PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Breach of Privacy-Snoopers Jones v. Tsige 2012 ONCA 32 Bank employee accessed colleague’s bank records more than 174 times over 4 years “One who intentionally intrude, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person” Court recognized a new tort – intrusion on seclusion Court awarded damages of $10,000 PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Breach of Privacy –Class Actions Rowlands v. Durham Region Health 2012 ONSC 3948 Court certified a $40 million class action after a public health nurse lost a USB key containing personal and confidential health information of 83,524 patients who received H1N1 flu vaccinations Court approved a settlement whereby each class member would be compensated for demonstrable economic harm as determined by an adjudicator and class counsel were awarded $500,000 for costs & disbursements PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Cyber Risk-Controls Policies and Procedures Training and Education-Educate staff about privacy rules re use & disclosure of personal health information (“PHI”) Safeguard PHI when it is removed from the facility (laptops should be password protected and data should be encrypted) Service Provider Management Risk Assessment Tools Compliance Monitoring/Audits-Ensure a baseline of logging & auditing is in place on all systems & that staff are aware regular audits will occur Reporting PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Dealing with a Privacy Breach Breach Response Protocols Crisis Management Process Promptly report potential claims to your insurer so counsel can assist with management of privacy breach. These can be complex cases with multiple stakeholders! http://www.priv.gc.ca/information/pub/guide_org_e.asp PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Working Together on Class Actions What we do on one case/issue affects the rest Co-ordinating efforts, choosing best fact cases to argue legal issue Sharing our knowledge Pooling our resources Tell us what you are doing, seeing, so we can manage risk, anticipate class action exposure and address before claim issued PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Future Trends-Vicarious Liability Current Status-Ypremian Case-1980: • Hospitals do not control the clinical decisionmaking of physicians and physicians are independent contractors for whom Defendant Hospitals are not vicariously responsible. For that reason there can be no liability on the part of the hospital in respect to their relationship for the Defendant Physicians. • Hospital does not own a duty to ensure the provision of competent medical treatment. PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 32 Future Trends-Vicarious Liability • The physician is often arguably a member, albeit an important one, of a team providing treatment to patients • Public expectations that hospitals will provide total care and make all arrangements are influencing courts in determining the responsibilities of hospitals. If the hospital is to bear more responsibility for the doctor, present systems and organization may have to be reviewed. PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 33 Future Trends-Vicarious Liability GOVERNMENTAL AND INSTITUTIONAL TORT LIABILITY FOR QUALITY OF CARE IN CANADA Lorian Hardcastle Health Law Journal Volume 15 (2007) http://www.hli.ualberta.ca/HealthLawJournals/~/media/hli /Publications/HLJ/HLJ15-10_Hardcastle.pdf PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 34 References/ Further Reading 1. Aabo T, Fraser J, Simkins B. (2005). The rise and evolution of the chief risk officer: enterprise risk management at Hydro One. J App Corp Fin. 17(3):18-31. 2. Accreditation Canada. (2010). Effective organization standards. Qmentum program. 3. Aon. (2010). Global enterprise risk management survey. http://www.rims.org/ERM/Pages/default2.aspx 4. Audit Commission Government of UK http://www.audit-commission.gov.uk 5. Behamdouni G, Millar K. (2010). Implementation of an enterprise risk-management program in a community teaching hospital. Healthcare Quarterly. 13(1): 72-78. 6. Crosby D. (2011). Risk management (and why you stink at it) http://www.rmmagazine.com/2011/09/01risk-assessment-and-why-you-stinkat-it/ 7.ECRI. (2006). Enterprise risk management: an overview. Healthcare Risk Control Risk Analysis, Supplement A. Risk and Quality Management Strategies 22. http://www.ecri.org. 8. Graham A. (2008). Integrated risk management implementation guide. http://post.queensu.ca/~grahama/publications/TEXTPDF.pdf 9. Health Governance Advisory Council. (2009). Final report. Department of Health. Prince Edward Island. http://www.gov.pe.ca/photos/original/health_adv_09.pdf. 10. Hillson D, Hulett D. (2004). Assessing risk probability: alternative approaches. PMI Global Congress Proceedings. http://www.riskdoctor.com/pdf-files/hha0404.pdf. 11. National Patient Safety Agency (NPSA). (2007). Healthcare risk assessment made easy. NHS. UK. http://www.nrls.npsa.nhs.uk/resources/?entryid45=59825&q=0%c2%acrisk%c2%ac&p=3 12. National Patient Safety Agency (NPSA). (2008). A risk matrix for risk managers. NHS. UK. http://www.nrls.npsa.nhs.uk/resources/?entryid45=59833&q=0%c2%acrisk%c2%ac&p=1 13. Protiviti Inc. (2006). Guide to enterprise risk management; frequently asked questions. http://www.knowledgeleader.com/KnowledgeLeader/content.nsf/Web+Content/WhitePapersArticlesGuidetoEnterpriseRiskManagementFreq uentlyAskedQuestions!OpenDocument 14. Rasmussen M. (2007). AS/NZ 4360 – a practical choice over COSO ERM. Forrester Research Inc. http://www.scribd.com/doc/36865656/NZ4360-%E2%80%94-A-Practical-Choice-Over-COSO-ERM 15. Sarnie R. (2010). ERM: Do you know what it means? Risk and Insurance Management Society (RIMS), Inc. http://www.rims.org/Pages/Default.aspx 16. Standards Australia/Standards New Zealand (AS/NZS). (2009). AS/NZS ISO 31000 – Risk management principles and guidelines. http://sherq.org/31000.pdf 17. Treasury Board Secretariat (TBS). (2002). Integrated risk management implementation guide. Government of Canada. http://www.tbssct.gc.ca/pubs_pol/dcgpubs/riskmanagement/guide-eng.asp. PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM 35
© Copyright 2024 ExpyDoc
