Topics on this page:

How to Get a Job in Healthcare Risk Management


Ask a risk manager what they do, and they might describe their day-to-day as “a juggling act.” As the point person for sensitive patient information, legal and financial protocol, and risk management training, healthcare risk managers constantly keep track of a variety of delicate moving pieces.

Simply put, the goal of healthcare risk managers is to mitigate risk — or errors — as well as control and manage any incidents once they occur. They’re responsible for critical tasks like managing claims against their organization, communicating with legal counsel, and analyzing valuable risk management data. Without risk managers, hospitals and other healthcare facilities may find it difficult to meet industry standards or develop important protocols for safety and efficiency.

The healthcare industry has been transitioning to a culture of proactivity, using ever-developing risk prevention technology to identify risks before they happen. As a result, there will be more and more careers in risk management. According to the Bureau of Labor Statistics’ 2018 Occupational Outlook Handbook, employment in a healthcare risk manager’s field is projected to expand by 20 percent over a 10-year period, from 2016-2026.

Knowing how to secure risk management jobs can set you on a path to a successful career. Read on to find out exactly what a risk manager is, what they do for their organizations, and how and where you can find one of these all-important positions in healthcare.

What Is a Healthcare Risk Manager? What Do They Do?

Risk managers work to minimize damages whenever incidents occur. They use analytical tools to identify potential risks. Then they use that information to prioritize the preventive response. It’s the risk manager’s job to figure out what precautionary measures to take and then put them into action to avoid catastrophe. In healthcare, a risk manager’s job is to limit injury to patients, staff, visitors, and the organization itself.

How Do Healthcare Risk Managers Perform Risk Assessments?

The New England Journal of Medicine organized a list of nine essential steps for performing risk management in a healthcare setting.

1) Identify the risk.

This includes anticipating events before they happen. Managers use data to engage their teams to predict potential threats and work to avoid them outright. For example, research from the Centers for Disease Control and Prevention showed just how much prolonged catheter use contributes to urinary tract infections. A risk manager would use that information to develop a plan to require healthcare professionals to more regularly evaluate a patient’s catheter use to decrease the potential risk.

2) Prioritize the threat.

Risk managers do this by scoring and ranking risks by their likelihood and possible impact to the organization. At that point, they can determine which potential risks should be dealt with ahead of others, designating resources and staff to those showing the most detrimental impact. The NEJM points to risk matrices and heat maps as a means for quantifying possible risks.

3) Investigate “sentinel events.”

These are events that are unanticipated and result in death or serious injury to a patient. The risk manager investigates the event immediately and establishes a protocol to implement corrective action.

4) Report events to oversight bodies.

Certain types of incidents — like those involving patient deaths, workplace injuries, or medication errors — are required to be reported to specific federal, state, and other entities overseeing healthcare operations.

5) Encourage reporting of near-miss incidents.

Staff should feel supported to report events that could’ve easily gotten out of hand and ended differently than they did. Doing so enables a risk manager to develop best practices to prevent a more drastic outcome in future situations.

6) Use “outside-the-box” thinking to identify latent failures.

The only way to uncover a latent failure is to thoroughly investigate and analyze. A latent failure isn’t the obvious cause of an error — it’s one that’s hidden within the current systems. For example, administering the wrong drug is an obvious error, but placing a similar-looking and more dangerous drug directly next to the correct medication is a latent failure that could cause a more serious error. Experience as a risk manager can add to your ability to pinpoint a cause that might not stand out to others.

7) Investigate incidents using analysis models.

Several accident analysis models that have proven effective in healthcare risk management include the Sharp and Blunt End Evaluation of Clinical Errors model, the Failure Mode and Effects Analysis, and the Root Cause Analysis. These models help determine the cause and effect of the errors that were made.

8) Use a good risk management information system (RMIS).

An RMIS includes tools to help managers document adverse events, track potential risks, and make comparisons with other organizations in the industry to identify trends. There are various RMIS platforms on the market, including Origami Risk and LogicManager.

9) Properly manage the facility’s risk financing.

Loss and damages from adverse events can add up to a lot of money. It’s the risk manager’s job to transfer those damages to insurance policies and other means of mitigating losses.

Healthcare has taken accountability a step further with Enterprise Risk Management, which is a framework that helps healthcare professionals make decisions. The American Society for Healthcare Risk Management (ASHRM) says it developed ERM practices to address a “paradigm shift” in the healthcare industry that comes with “new care delivery and payment models.” The society is urging healthcare organizations to incorporate ERM into their day-to-day activity.

“When successfully implemented, ERM can provide the board with the information it needs to appropriately oversee and reduce risk for the organization and its stakeholders,” the ASHRM says.

The ASHRM has established a framework for following the ERM’s guiding principles (see below). Anyone hoping to become a risk manager in healthcare should enjoy challenging work, be ready to continually learn and put this framework into action.

Image of the enterprise risk management (ERM) framework for making risk decisions, courtesy of the American Society for Healthcare Risk Management

Image via American Society for Healthcare Risk Management (ASHRM)

These principles are meant to establish a “risk-aware” culture by following these four steps:

  1. Identify risk to decrease unpredictability.
  2. Evaluate risk to better recognize when one might occur.
  3. Assess risk to better understand known and/or potential problems.
  4. Respond to risk in a way that mitigates it or eliminates it all together.

How Much Do Risk Management Jobs Pay?

A certified professional in healthcare risk management makes an average of $87,000 per year, according to, with a five-out-of-five-star job satisfaction rating. However, Payscale also notes that a more senior role in risk management with a title of “healthcare risk management director” could earn you an average of about $100,093 a year.

These numbers are, of course, dependent on things like your location (positions in metro areas or larger cities usually pay more), the number of years you’ve spent in the field, and your education or certifications.

Do Risk Managers Get Medical Liability Insurance?

Although a risk manager’s job is to prevent lawsuits, there have been instances in which the risk manager was sued along with their employer. If working for a medical facility, you will want to ask about your insurance coverage, limits of liability — and then determine if you need your own liability policy.

What Education and Certifications Do You Need to Be a Risk Manager?

The BLS says that managers in the medical or healthcare field have typically earned a Bachelor’s degree in healthcare management or administration. Depending on the level of seniority in the position to which you’re applying, the organization may require you to have a master’s degree.

As you might gather by the title and level of responsibilities, a risk manager is already a senior-level position, which means you may need to start in a more junior position and work your way up. Fields that offer a good career path to applying to be a risk manager might include:

  • Risk analysis
  • Secretarial (in healthcare)
  • Nursing (RN)
  • Pharmaceuticals
  • Biometrics
  • Health law

Organizations like the Professional Association of Healthcare Office Management or the American Hospital Association offer certifications to advance your experience in healthcare risk management. You can take courses through the AHA to earn a Certified Professional in Healthcare Risk Management certification.

To be eligible to take the CPHRM exam for this certification, you must either fulfill an education in healthcare or have experience in risk management. Requirements include:

  • Educational experience:
    • Bachelor’s degree or higher from an accredited college/university, plus five years’ experience in the healthcare industry
    • Associate degree, plus seven years in a healthcare setting
    • High school diploma, plus nine years in a healthcare setting
  • Risk management experience:
    • Within the last three years, 3,000 hours of work or at least 50 percent of full-time job duties dedicated to healthcare risk management

Where Do You Find Risk Management Jobs?

Healthcare risk management jobs can be found within organizations like hospitals, hospice, long-term care, doctor’s offices, the pharmaceutical industry (including pharmacies, pharmaceutical research, and pharmaceutical companies), government agencies, urgent care centers, health insurance carriers, as well as a wide variety of other healthcare facilities. lists top healthcare risk management employers as HCA Inc., Legacy Health Systems, LifePoint Hospitals Inc., and the U.S. Veterans Administration. Check these employers directly, or browse through job listings in this list of resources — and good luck!

Healthcare Risk Management Job Resources

Image courtesy of Yalanskyi

Last updated on Jan 08, 2024.

Originally published on Dec 11, 2018.

The views expressed in this article are those of the author and do not necessarily reflect those of Berxi™ or Berkshire Hathaway Specialty Insurance Company. This article (subject to change without notice) is for informational purposes only, and does not constitute professional advice.

How we use your email address