ORIMS April 2013 Continuing Steps: SJHC ERM Program
description
Transcript of ORIMS April 2013 Continuing Steps: SJHC ERM Program
ORIMSApril 2013
Continuing Steps: SJHC ERM Program
Objectives:
• Describe SJHC’s journey implementing ERM • Understand why we moved to an ERM approach
• Describe the ERM plan at St. Joseph Health Centre
• Describe the roles of the Board, Senior Leadership and Operational staff in supporting a culture of ERM
• Describe the integration & engagement throughout the organization
• Discuss lessons learned
St. Joseph’s Health Centre at a Glance
• Employing over 3,500 staff • 450 physicians • Beds 390• Emergency department visits = 90,000• Admissions 23,000• Ambulatory care visits 210,000• Births 3,100• Diagnostic Imaging procedures 153,000• Operating Room cases 26,000
Who Are We?
Five clinical program areas:
• Women's, Children's & Family Health
• Surgery and Oncology Services
• Emergency and Critical Care Services
• Medicine, Ambulatory & Seniors Health
• Mental Health & Addictions Services
SJHC Strategy:
So How Dangerous is Healthcare?
Accepted Public Risk
What is Culture in Healthcare?
– Doctor knows best– Litigation– US comparator– 100,000 Lives Campaign / Don Berwick (Ross Baker)– Dr. Google/ Dr. Oz– Personal experience– Legislation & Regulation– Infrastructure: old & new– Workforce– Funding– Public Reporting
– Low Risk Tolerance Industry
What is ERM in Healthcare and Why is it Necessary?:
What?• A structured analytical process that focuses on identifying and
eliminating the financial impact and volatility of a portfolio of risks rather than risk avoidance alone (Risk Management Handbook for Healthcare Organizations – 4th edition).
• Uses a process & systems to assess, evaluate and measure organizational risks, quantify, group into domains, and devise strategies to manage.
Why?• Complexity of health care• Changes in orientation of Boards from understanding of fiduciary
accountability as dollars and cents to full oversight for quality and safety
• Moving from silos to integrated systems
Consequences
• Patient Injury: death, injury, delayed diagnosis, misdiagnosis, extended length of stay, disease transmission, increased wait-times etc.
• Visitor injury• Staff: injury, retention, fraud, workload, morale, breach of trust, etc.• Infrastructure loss: inability to exit safely, property damage, theft,
difficulty accessing services etc.• Financial loss: future cash position, insufficient assets, overspending
etc.• Medical-legal costs/ civil liability• Agreement non-compliance• Accreditation loss• Criminal action• Monetary fines• Legislative/regulatory non-compliance• Loss of reputation/ loss of external partners
Why ERM at SJHC?
• Traditional approach to Risk Management with traditional structure and diffuse accountability
• Board and management frustration
• Alignment to strategy
• Significant increase of Boards and Senior leaders for accountability of quality & patient/staff safety
• Commitment to quality & patient safety as a strategic priority
– An integrated risk management program, that is a continuously proactive and a systematic approach to understand, manage, and communicate risk from an organization-wide perspective.
Integrating Risk Identification
Management ToolImprove governance Actively monitored and reviewedProvides reliable framework for decision-makingIdentifies issues at an early stageReduces surprisesStructures thinking
Example:Risk Identification as a Tool: e-Care lab labeling: tool & requirement,
provides framework of decision-makingRisk Identification as Assessment: Interim CEO: no surprises, can
happen, identifies issue at early stageRisk Identification as a Framework: HR & Risk review: legislation &
regulation, thinking structured based on risk assessment
Enterprise Risk Management Cycle
Communicate:Understanding, accountability,
transparency
Identify:SJHC areas of risk,
risk ratings
Assess and Analyze:Risk assessment and risk calculation
Track & Monitor:Material gaps & action plans,
Internal & external audits
Mitigate:Risk strategies currently in place
Risk Information Gathering:
How Were Areas Identified?
• Organisational priorities: – Mission, Vision & Values, – Strategic Plan (Board and Senior Leadership)
• Categorize based on the risks the organization faces
• High, medium, low risk areas based on the following:• Literature• Medical-legal cases• HIROC• Industry standards• Safety Reports• Safer Healthcare Now!• Accreditation Canada• GTA benchmarks/ experience
• Risk analysis of the Programs and Services in the Health Centre were reviewed and grouped into high, med and low risk areas.
Risk Domains
Patient
Financeearn, raise,
or access capital
Operational core business
(i.e. clinical services)
Human Resources
hiring, termination, & compensation, harassment, unionization etc.
Strategyability to grow and expand
through mergers, joint ventures etc.
Legal & Regulatory
statutory & regulatory compliance
Technologyuse of biomedical
& information technology
Risk: loss potential or exposure, any factor that creates uncertainty and impacts the achievement of outcomes or organizational objectives
Identification Questions
1. What can go wrong?
2. How bad?
3. How often?
4. Is there a need for action?
(HIROC IRM Tool)
Risks are identified to minimize:– Exposure – Frequency – Severity – or Prevent the risk and/or its reoccurrence
Who Participated?
• All specific high risk areas• Focus groups for non-specific areas e.g. Emergency
response• Depending on area front-line staff, managers, educators,
directors, physicians • Interprofessional• Enterprise-wide
Meetings with
Programs
RiskAnalysis
Determination of Monitoring
ActionPlans
Confirm catalogued risk domains and review mitigation strategies (controls).
Conduct detailed risk analysisof domains.
Identify and determine monitoringstrategies.
Prepare and implement action plansto address material gaps.
Status
Methodology Followed
Transitioning from Operational to Enterprise Risk Management
• Roles:– Board of Directors– CEO– Chief of ERM– Senior Leader’s– Manager– Front line staff
• Buy-in– Traditional Risk Manager role– Engaging at all levels (Leadership, staff, patients)
• Reporting– Matrix– Quarterly– Annually
Board of Directors Role at SJHC
At SJHC, the whole Board is responsible for oversight of overall ERMprogram. Oversight of technical aspects delegated to:
- Audit committee: financial viability risks, ICFR- Quality committee: operational risk (patient safety and quality),
business viability, mission and intangible risks- Annual Joint Quality and Audit committee meeting
• Review/monitor ERM progress• Risk position versus risk appetite• Effectiveness of controls and mitigation strategies• Ensure management has implemented an effective process to manage
the strategic, operational and financial risks of the hospital• Holding Leadership accountable for embedding an enterprise risk
management culture• Education and “buy in” at Board level for risk strategy• Review/Approve aggregate and specific risk appetite and related risk
limits• Develop ownership of risk management oversight at Board level.
What is the CEO’s Role?
Ultimate accountability and responsibility for:
• Shaping the culture
• Working with Board and Leadership to determine the risk appetite for the organization
• Ensuring that the leadership understands the “enterprise” part of ERM
• Positioning the Chief of Enterprise Risk Management for success
• Holding leaders accountable for execution
What is the Chief of ERM Role?
• Full member of Senior leadership team
• Accountable and responsible for the operation of the Enterprise Risk Management function
• Supports the development of a culture of Enterprise Risk Management
• Advises organization on new strategies to manage and mitigate risk
What is the Senior Leader’s Role?
• Accountable and responsible for managing risk in their portfolios
• Work with colleagues to ensure that ERM is integrated across the organization
• Work with direct reports to establish culture of ERM
• Oversee the implementation and compliance of policies and procedures within portfolio
• Oversee the implementation of risk reduction and mitigation strategies within portfolio
What is the Manager Role?
• Accountable and responsible for managing risk at the unit level (what risks am I accountable for?)
• Work with colleagues to ensure that ERM is integrated across the organization
• Work with direct reports to establish culture of ERM
• Ensure compliance of policies and procedures at the unit level
• Ensure implementation of risk reduction and mitigation strategies at the unit level
Risk Calculated Risk Score (Pre-mitigation)
Cause/Risk Factors
Impact Mitigated By/ Internal Controls
Legislation/Regulation
Material Gaps
Monitoring Action Plans Calculated Risk (Post Mitigation)
Questions to askWhat is the risk?What can go wrong?What risk areas need to be reviewed?
What happens if we did nothing to mitigate the risk?Pre-mitigation:
How often?
How bad?
What are the risk factors?
What is the impact?
How is safety ensured?
Are we in compliance with policies and regulations?
What trends require immediate attention? Are there any material gaps? What risk events have been escalated?
Are these risks within our risk tolerance and appetite? e.g. what is the frequency, are there financial consequences, are there patient or staff safety consequences?How will the risk be managed/monitored? What are the controls in place to manage the risks?How will the success be measured?
What are the next steps?How will each unit/program/team be accountable for the management of this risk? How do we communicate to be open & transparent with our staff, physicians, patients and families?
What was the impact of our internal controls/ mitigation strategies?What is the impact of our material gaps?Will our action plans meet our needs?Post-mitigation:
How often? How bad?
Acceptable Risk: Asking the Right Questions
Frequency
The number of losses/events/
likelihood.
Often- 5Occurs often, every 1-6 months
Medium5
High10-20
High25-35
High40-50
Possible – 3Likely/known to occur, every 6 months – year
Medium3
Medium6-12
High15-21
High24-30
Rare – 2Could occur, once every 1-10 years
Low2
Medium4-8
Medium10-14
High16-20
Never – 1Could happen, but likely not, once every 10-100 years
Low 1
Low2-4
Medium5-7
Medium8-10
1Insignificant/ Near
Miss/ No HarmNo impact, event did not reach patient or
staff member
2-4Minor
Could have little impact/ effect on organization/patient/ staff
5-7Moderate
Could have a moderate impact/effect/ exposure on organization/ patient/ staff
8-10Major
Could lead to serious risk exposure for the organization/patient/staff
ConsequencesThe severity/amount of a loss/event, focus on actual or potential harm
Sentinel
Risk Calculation
Risk Calculated Risk Score (Pre-mitigation)
Cause/Risk Factors
Impact Internal Control/ Mitigation Strategies
Legislation/Regulation
Material Gaps Monitoring Action Plans Calculated Risk (Post Mitigation)
Labour & Delivery
High
Frequency: Often 5
Consequences: Major 10
Failure to recognize fetal distress
Failure to interpret fetal monitoring
Failure to properly assess newborn
Inability to perform treatment procedure correctly e.g. emergency c-section, IV insertion
Failure to properly administer medication
Lifetime injury or death
Medical malpractice
Increased insurance ratesLoss of reputation
Failure to meet accreditation standards
Difficulty attracting and maintaining staff
EducationStandards of CarePoliciesGuidelinesTechnologySkills DrillsRole descriptions
Public Hospitals Act
Regulated Health Professions Act
Child & Family Services Act
Unit AuditsScorecardPatient Safety ReportsAccreditationAnnual Claims Report
High
Frequency: Rare 2
Consequences: Major 10
Acceptable Risk Example
Quarterly Report
HIGH Residual Risk Report/RISK EVENTS – Q3
Risk Domain
Risk Category
Risk Factors Summary Material Gap (s) AccountabilityRecommendations
&Action Plan
TimelineCalculated
Risk
Operations Clinical Services: Emergency Department
Failure to maintain safe environment for our staff and patients
CompletedApril 2013
HIGHRare 2Major 8
Operations Clinical Services: Emergency Department
Failure to maintain safe environment for our staff and patients
In progressCompleted
HIGHRare 2Major 8
Human Resources
Clinical Services: MASH
Failure to maintain safe environment for our staff and patients
HIGHRare 2Major 10
How to Prioritize Next Steps
• Organisational priorities: Mission, Vision & Values, Strategic Plan (Board and Senior Leadership)
• Numbers vs colours (visual or audit management)• Strategic plan • Corporate compliance requirements• Need for monitoring (audits)• Risk/Sentinel events• Risk Assessment & Action Plans arising• Critical controls and current risk control techniques in place
Learning from our Experience
• The organization must understand what ERM is and is not• Appropriate resources must be committed to ensure success• The Chief must be situated for success• The Board must be educated• The Board Audit Committee, Quality Committee and the full Board must be on
the same page• The CEO, the CFO and the Chief of ERM need to be on the same page – and
the CFO gives up a piece of his/her pie • Health Care Insurance Reciprocal of Canada risk assessment is a valuable tool• Look at the new initiatives and how ERM ties in e.g. QIP• Always refresh and revisit :
– Literature search to ensure evidence informed best practices in ERM– Review scorecard indicators– Assess need for ERM policy– Refine reporting process
• Responding to Legal / Regulatory Changes e.g. Freedom of Information Act• It takes time…..and it never ends………….
QUESTIONS??