Management of Risks in the Health Care Industry - Essay Example

?Management of Risks in the Health Care Industry Introduction In the field of health care, there are a number of risks that are inherent in the system. These risks might be health related, as health care professionals may commit some kind of malpractice with regards to their patients, or the patients might suffer some kind of infection that is carried in a hospital. Or there might be other kinds of risks, such as the risk that a health care employee might be embezzling from a hospital, or there are risks involved in services which provided in a third world country (civil unrest might cause a bombing of a hospital, for instance). These risks can be mitigated in a number of different ways. Every health organization needs a system of risk management – they need to be able to identify the risks, quantify the risks, prioritise the risks, then mitigate and manage these risks. Management needs to be able to delegate risk management to experts, because management tends to try to do too much. They need analysts who can help them with this, and these analysts need to be within the management flow. At the individual level, management needs to be able to coach, mentor and motivate; at the group level, the management needs to be able to build teams and resolve conflicts; and at the organizational level, the management must be able to build culture. Building culture is important, because if an organization has a culture of risk management, then this organization will be ahead of the curve on risk management – this means that risk management permeates every aspect of the organization. Because organizations themselves can have risks, as opposed to personal risks, and this is where the very organization encourages risky processes either inadvertently or on purpose. The role of the manager might be to encourage the culture of the organization to adopt risk management, provide support for risk management practices which identify weaknesses and resolve them, or to mentor the individuals to lessen the individual risks regarding risk management. This paper will explore these aspects of risk management. What Is Risk Management? The first part of the risk management process, according to Carter et al. (1994) is the identification of the risks. The identification process of risks may be approached by a combination of methods, including intuitive management; using department experts; using standard questionnaires and checklists; using expert computer-based systems; using structured interviews; through brainstorming sessions; or using outside specialists/consultants. The second process is risk quantification, and this means that the impact and probability of a each risk is estimated for each risk. After that, the estimate is quantified by using a spreadsheet which estimates timescales and costs. The next process is risk prioritising and filtering,which means that the important risks are recognized and controlled, and risks are prioritized according to whether they care a Category 1 risk (cost effect only); Category 2 risk (contingency plans and costs affected); or Category 3 risk (programme contingency and cost affected). The Category three risks are the higher priority, and the risks are prioritized from there. The fourth part of risk management is the processing and presentation of risk data, and this means the risk data is put through the spreadsheet with different variables. After the risks are identified, quantified, prioritized, and presented, the next four steps identified by Carter et al. (1994) are focused upon mitigating and managing these risks. Mitigating strategies include avoiding the risk altogether by removing the cause of the risk; transferring the risk, which means that the risk is passed to somebody capable of handling that particular risk; reduction of the risk, which would consist of investing in insurance or some other up-front investment; management of the risk, which means that the risk is managed continuously until it is managed out; and contingency, in which funds are produced for the risks which are of low likelihood and impact, or have not been revealed. The next step after that is risk monitoring, reporting and control, which necessitates the use of a risk register, which is carried out by the risk manager. A risk audit is the step after his, which ensures that proper procedures are being followed to manage the risk. The final step is the project completion, which means that the risk manager assesses the project after completion, and assesses the adequacy of the risk management. Role of Management in Minimizing and Managing Risks One of the problems that many managers have, according to Mintzberg (1990), is that they try to do too much – they take on too much work, they encourage interruption, they respond quickly to every stimulus, they avoid abstractions, they do everything abruptly, and they make decisions in small increments. Mintzberg (1990) advises that managers slow down and give serious attention to issues that require this kind of attention. They need to step back and look at the broader picture. Managers might have their own models, but they need to supplement their models with models of specialists – such as supplementing their management model with a specialized risk management model, when it comes to handling risks. He recommends that managers use analysts who are in the mainstream of the manager’s information flow. He also recommends using a management scientist to reduce the manager’s workload and improve the manager’s decision-making ability (Mintzberg, 1971). In other words, Mintzberg (1990) highly recommends that managers delegate risk management to experts, or at least supplement risk management models and risk management reports, to add into their own repertoire. He further states that leadership takes place on three different levels – individual, group and organizational. At the individual level, the manager’s job is to mentor, coach and motivate; at the group level, they guilt teams and resolve conflicts; at the organizational level, the manager’s job is to build culture (Mintzberg, 1998). Addressing Human and Organizational Factors There are human and organizational factors that goes into risk. One of the human factors is leaving out necessary task steps, and Reason (1994) states that this is the single most common human error type. Omissions may be more common in some kinds of tasks than in others. For instance, if a particular task has a great amount of informational loading, and there are more demands put upon the short-term memory by the task, then that task is more likely to have an omission. If there are procedural steps which are not related to one another, than one is likely to be left out. If there are two steps which are required to achieve a goal, and these two steps are similar, one is likely to be omitted. If there is an unexpected interruption, the steps after this interruption are prone to be omitted. If there is a task that is a planned departure from regular procedure, there will likely be an omission. And if there are weak, noisey or ambiguous signals which are triggering an action, these actions are likely to be omitted (Reason, 2002). While the human sources of risk management are such that risks may happen at a more discrete level, there also may be a more system-wide breakdown that would mean that the organization itself is at risk because the organization itself is what has failed. Reason (2004) state that, with health care, there might be what he terms an “organizational accident,” and this accident might occur because there are contributing factors that come from different levels throughout the organization. He states that such organizational accident may be the result of an active failure, which means that there are unsafe acts “on the part of those in direct contact with the system that create weaknesses or absences in or among the protective layers” (Reason, 2004, p. ii29). In other words, with organizational risks, there is an overall failure of the workplace, even though the error themselves usually are caused by human error (Reason, 2004). Strategic Risk Management and Operational Risk Management One of the components of strategic thinking, which would underpin strategic risk management, is that of insight formation, which consists of a combination of analysis and intuition (Mintzberg, 1998). Brown (2008) states that strategic risk management requires integrating the risk management across the entire organization. Walter (2010) states that strategic risk management means that risk management is built into the very culture of the organization itself. Operational risk management is another type of risk management. Pezier (2002) states the core of the operational risk management is the culture of the organization in question – organizations might run into trouble and operational accidents more when the culture is such that individualism is encouraged over cooperation and the staff and the managers are too busy with their immediate tasks to take a look at what is happening around them. On the other hand, in organizations where cooperation and communication is encouraged and the managers are encouraged to look beyond their immediate tasks and see the big picture. Operational risks result from the failure of the operation itself – when there is a breakdown in internal regulations of the policies and laws within the organization itself (Ana-Cornelia, 2002). Walter (2010) states that, with operational risk management, there are different levels of maturity that an organization can adopt, with regards to risk management. There is ad hoc, which means that the risk management is reactive and is not considered to be core to the business; fragmented, which means that each of the business units practice some type of risk management, and each of these units function independently from one another; comprehensive, which means that the entire organization practices risk management, risk management is a necessary function, and the risk management encompasses all risk types; integrated, which means that risks are treated as a portfolio and the risk management is aggregated across risk types and business units with dependencies; and strategic, which means that risk management is built into the culture and the decision making, which means that the company can seize opportunity because it has a special ability to exploit risks (Walter, 2010). Model of Management (James Reason) There are three planes of risk management, according to James Reason (1998), one of which focuses upon culture. By achieving a safe culture, one can reduce the level of risk in the organization. He references safety cultures, which means that the organization’s safety culture evolves gradually, in response to past events, local conditions, the mood of the workforce and the character of the leadership. Some organizations, in their culture, may pursue the wrong kind of excellence or pursue goals which carry with them serious safety penalties. Organizations who pursue a safety culture means either the organization is about safety (the members’ values and beliefs, the essence of culture, is aligned with safety) or the organization has structures, practices, controls and policies which enhance safety. In this way of implementing risk management, the risk management is embedded in the culture, which means that the people in the organization have the same values and beliefs regarding safety, and that there are procedures in place which encourage safety, throughout the organization. Reason (2000) focuses upon another way of implementing risk management and this has to focus upon training. This is assuming that there are two different kinds of risks – human and organizational. For the human risks, training is one way to manage the risks. This means that the resources of the risk management are put towards making the individuals who are in the organization less fallible and wayward, which means better training for the individual. Reason (2000) states that this type of risk management is not as desirable as a system-wide kind of risk management, in which the person, the team, the task, the workplace and the institution are all targeted as a whole. Therefore support is another way of approaching risk management. Reason (1998) states that there must be support from the management team to identify known defensive gaps, because if there is a defensive weakness, and management ignores this, then this contributes to a poor safety culture. Ignoring these known deficiencies has been the cause of many a disaster – everything from the collapse of Barings Bank to the Challenger space disaster can be blamed on management ignoring defensive weaknesses. For instance, with the collapse of Barings Bank, the bank didn’t balance its books, which should have been a high priority, particularly because the London management already noticed that there were tens of millions of pounds that were unaccounted for in the Singapore trading office. Yet, this wasn’t done because there was not enough alarm about it, and there was always something more pressing that the bank was focusing on (Reason, 1998). Therefore, this is another plane that needs to be investigated – support for noticing the deficiencies and support for proactively dealing with these deficiencies. 7 S Framework Since there are many different causes of risk management, from the individual causes to the organizational one, there should be a coherent strategy on the part of the organization that addresses these concerns. The seven Ss are 1) shared value – this relates to the culture of the organization, which means that the organization stands for and believes in safety and risk management; 2) strategy – the firm allocates resources to reach identified goals regarding risk management; 3) structure – the organization’s units relate to one another in a certain way (centralized, decentralized, matrix, network, holding) – and this means that the risk management is affected by how the organization is structured; 4) system – procedures, processes and routines which are in place by the organization, and these procedures, processes and routines are how the organization manages the risks; 5) staff – this relates to the human side of risk management, and this refers to the personnel in the firm. Each of these personnel needs to have proper training regarding risk management; 6) style – how key managers behave in achieving the organization’s goals regarding risk management. The key managers set the tone for the entire organization, or at least the teams that the managers lead, so risk management should be optimally practiced by these key managers; and 7) skill – the distinctive capabilities of personnel or of the organization as a whole. This relates to risk management because the capabilities of the personnel and the organization should be geared towards optimal risk management (Rasiel & Friga, 2002). Conclusion A firm’s strategy should be focused upon risk management. It is one of the most important aspect of delivering health care. If a management approaches risk management using the 7s system, then this organization would be able to implement a sound practice that ensures that risk management is one of the top level concerns of that particular organization. The shared value of the organization needs to be that risk management is important, and the strategy should reflect this. The units of the organization should be synchronized with one another, so that the overall structure of the organization is such that risk management is a part of everything that the organization does, the structure facilitates this. The procedures, the processes and the routines of the organization should reflect that good risk management is one of the most important procedures that the organization observes. The key managers need to adopt important risk management processes, and must be able to disseminate these processes to the members that manager is supervising. And the skill of the organization should be geared towards risk management, in that the organization, as a whole, should develop the necessary skills for recognizing and mitigating harms. While there is some indication that risks are individual, in that an individual is likely to make a mistake that will harm a patient, there is also an indication that many errors are systemic – this means that the organization, as a whole, does not provide the type of support and training, the infrastructure, that would help prevent these mistakes in the first place. Therefore, treating risk management as something that is on the individual level is not as effective as treating risk management as something that is practiced on every level of an organization. Bibliography Ana-Cornelia, O. (2002) Operational risk management. Constanta Maritime University’s Annals, vol. 18, pp. 335-347. Brown, A. (2008) Strategic risk management. Available at: www.alexsbrown.com Mintzberg, H. (1971) Managerial work: Analysis from observation. Management Science, vol. 18, no. 2, pp. B97-B110. Mintzberg, H. (1990) The manager’s job: Folklore and Fact. Harvard Business Review (March-April), pp. 163-178. Mintzberg, H. (1998) Covert leadership: Notes on managing professionals. Harvard Business Review (Nov.-Dec.), pp. 140-148. Mintzberg, H. (1998) Strategy Safari: A Guided Tour Through the Wilds of Strategic Management. New York: The Free Press. Pezier, J. (2002) Operational risk management. ISMA Discussion Papers in Finance 2002-21. Online. Rasiel, E. & Friga, P. (2002) The McKinsey Mind: Understanding and Implementing the Problem-Solving Tools and Management Techniques. New York: Elsevier. Reason, J. (1994) Understanding adverse event: Human factors. Quality Safe Health Care, vol. 4, pp. 80-89. Reason, J. (1998) Achieving a safe culture: Theory and practice. Work and Stress, vol. 12, no. 3, pp. 293-306. Reason, J. (2000) Human errors: Models and management. British Medical Journal, vol. 320, no. 7237, pp. 768-770. Reason, J. (2002) Combating omission errors through task analysis and good reminders. Quality Safe Health Care, vol. 11, pp. 40-44. Reason, J. (2004) Beyond the organizational accident: The need for “error wisdom” on the frontline. Quality Safe Health Care, vol. 13, pp. 28-33. Walter, K. (2010) Operational risk management. 2010 Seminar on Current Issues in Life Assurance. Online. Read More