A Guide to Risk Management in Healthcare

What Is Risk Management in Healthcare?

Diamond-shaped flammable sign.

Risk management is an ongoing process of proactively evaluating, planning for, and responding to potential loss or negative events that could happen in your place of work. A good risk management plan will help you put processes in place to minimize the chance of something happening, and it will reduce the impact if an event does occur.

In a healthcare setting, risk management is critical to help prevent medical mistakes, errors, and injuries that could either cause someone harm or bring about their death. Ultimately, effective risk management plans can help healthcare professionals:

  • Prevent or reduce the number of patient deaths resulting from medical errors
  • Promote the well-being of patients and staff
  • Avoid or reduce financial loss for the healthcare institution
  • Minimize the number of medical malpractice claims made against staff
  • Increase the level of trust and respect patients have for the facility and its employees

One simple example of mitigating risks within a healthcare setting is to encourage and require every employee to follow proper handwashing procedures before and after all patient interactions. Being diligent about washing and/or sanitizing hands can help reduce the spread of hospital-acquired infections, which not only harm patients but can also lead to financial penalties from government-sponsored insurers like Medicare.

What Is the Purpose of Risk Management in Healthcare Organizations?

Risk management is an essential piece of the puzzle for achieving the following goals:

  • Preventing or reducing the frequency and degree of harm to patients, staff, visitors, and the community.
  • Preventing or reducing the number of patient deaths that directly result from errors.
  • Preventing unnecessary financial losses for your facility and, if they do happen, reducing their impact.
  • Preventing or reducing the number of lawsuits filed against the staff or institution.

One of the first and most essential steps in risk management is to put a formal plan in place to reduce the risk of something happening, as well as one to help your staff properly address and resolve an issue if one occurs. (See the section on "How to Create a Risk Management Plan" in our table of contents.)

The key to creating a successful risk management plan is to tailor it to the specific needs, services, and resources of your practice environment. For example, an outpatient surgery center provides very different services from that of an outpatient PT clinic, and therefore will have a wider set of risks to plan for. For instance, surgery centers will need to plan for numerous surgery complications, while a physical therapy center would not.

When it comes to risk management, one size doesn’t fit all, so you will want to be thoughtful about where your particular practice’s risk can come from.

There are the five essential steps to setting up a risk management plan.

1) Create a formal document with this (suggested) outline.

This document can outline your goals and streamline the structure of your planning. It should include these elements:

  • Name and location of your organization
  • The plan’s purpose
  • The organization’s mission statement
  • The person(s) acting as risk manager(s)
  • Key leaders of the organization
  • The risk
  • The probability of that risk occurring
  • Qualitative assessment of the level of risk
  • Quantitative assessment of your level of risk
  • Person(s) designated for communicating information about possible risks or actual events. (This may be different for each risk.)
  • How information will be communicated. (This may be different for each risk.)
  • Person(s) to whom the info will be told (e.g., staff, leadership, the community, government agencies, etc.). (This may be different for each risk.)

In the “Sample Risk Management Plan” section of this guide, we’ve set up a chart with the following elements. There, we’ll also walk you through the sample outline of what to include in your plan.

Risk Analysis Chart

Risk Probability Qualitative Quantitative First Response Management

2) Identify actual and potential risks.

This will be an opportunity for the risks to be listed, no matter how likely.

3) Analyze each risk.

This is done by evaluating the probability that a negative outcome will take place as a result of the risk.

4) Plan responses to risk.

Consider listing out the set of strategies you want to implement in order to prevent and mitigate risk, as well as contingency plans if something does happen. Strive to review and practice these strategies with your staff on a regular basis (e.g., biweekly, monthly).

5) Manage risk if a loss or adverse event occurs.

This involves establishing a reporting process (i.e. nurse to manager to corporate to federal) for when an event occurs, as well as a plan for managing and controlling the fallout after the fact. It also involves having a reassessment process in place to review the risk after the issue has been resolved.

What Are the Top Risks for Your Healthcare Environment?

Regardless of your job title or what type of license you hold, understanding the basics of healthcare risk management can help reduce your chances of causing harm and lower the likelihood of becoming the target of a medical malpractice case.

It’s important to take some time to assess the risks that are specific to your practice environment. For example, risk can vary widely between ambulatory care and an acute care hospital. While some risks, such as breaches of patient confidentiality, medication errors, and falls, are universal, the likelihood of these occurring is related to the type of practice setting. For example, medication errors occur more commonly in the outpatient setting where there’s more likely to be transitions in care, while patient falls occur more in the acute care and long-term care environments where patients are likely less mobile.

Some things to consider when assessing your level of risk are the types of medical equipment used, the medical procedures that are performed, patient acuity levels, staffing levels, staff credentials and experience, and the different types of medications and treatments administered to your patient population.

Risk in the healthcare environment for both patients and staff is real, costly, and pervasive. Here are some basic healthcare risk statistics and lawsuits related to mismanaged risk to help explain further.

Types of Healthcare Risks

Risk #1: Healthcare Data Breaches

According to the U.S. Department of Health and Human Services (HHS), nearly 400 data breaches occurred between April 1, 2016, and March 16, 2018. Each of these breaches affected 500 or more patients.

Risk #2: Medication Errors

Close to 22,000 vaccination errors occurred from 2000 to 2013, as per the Vaccine Adverse Events Reporting System (VAERS).

Risk #3: Healthcare-Associated Infections (HAIs)

According to the Centers for Disease Control and Prevention (CDC), approximately one in 31 U.S. patients contracts at least one infection in association with his or her hospital care." Here are some additional eye-opening statistics on HAIs from the CDC:

  • HAIs affect about 1.7 million patients per year, at a cost of about $20 billion.
  • HAIs are responsible for almost 99,000 deaths each year in the U.S.

Risk #4: Patient Falls in Hospitals

About 700,000 to 1 million falls occur in U.S. hospitals each year, according to the HHS.

Risk #5: Patient Falls in Long-Term Care (LTC)

Of the 1.6 patients in LTC facilities in the United States, about half (800,000) fall every year in skilled nursing facilities, according to the Agency for Healthcare Research and Quality.

Risk #6: Workplace Violence in Healthcare

According to the Occupational Safety and Health Administration (OSHA), there were between 23,540 and 25,630 workplace assaults per year from 2011 to 2013 — with about 74 percent happening in healthcare and social services settings.

Lawsuits Related to Mismanaged Risk

In a review of nearly 29,000 medical malpractice cases from 2010 to 2011, one out of nine involved medication errors. (CRICO Strategies of Harvard University, 2016)

Furthermore, during an analysis of about 24,000 medical malpractice cases reviewed from 2009 to 2013, communication failures contributed to 7,149 instances (about 30 percent) of harm to a patient, resulting in a total of 1.7 billion of losses. (CRICO Strategies at Harvard University, 2015)

The healthcare environment is full of risk. The facts and stats provided above demonstrate the need for ongoing, comprehensive risk management — no matter the practice environment — to maintain patient and staff safety.


Image courtesy of iStock.com/tzahiV


Last updated on Aug 25, 2021.

Originally published on Aug 15, 2018.

The views expressed in this article are those of the author and do not necessarily reflect those of Berxi™ or Berkshire Hathaway Specialty Insurance Company. This article (subject to change without notice) is for informational purposes only, and does not constitute professional advice.

How we use your email address