Research studies

Risk Management in Healthcare: A review article

Prepared by the researcher – 

Mohamed Fathi Abdel Aal – M.Sc. Biochemistry, ZagazigUniversity,Egypt

 Haytham A. Ali – Associate professor of Biochemistry, Biochemistry Department, Faculty of Science, University of Jeddah, Jeddah, KSA. – Assistant professor of Biochemistry, Biochemistry Department, Faculty of Vet. Med. Zagazig University, Egypt.

Democratic Arab Center

Journal of Afro-Asian Studies : Sixth issue – July 2020

A Periodical International Journal published by the “Democratic Arab Center” Germany – Berlin. The journal deals with the field of Afro-Asian strategic, political and economic studies

Nationales ISSN-Zentrum für Deutschland
ISSN 2628-6475
Journal of Afro-Asian Studies
 :To download the pdf version of the research papers, please visit the following link


It is recognised that Hospitals are increasingly complex organizations conducting with a critical and risky business that affects human lives. More than ever before, hospitals are bound to cope with a lot of risks ranging from financial to clinical and other hazards. Hospital management should to be cognizant of these risks. Enterprise risk management approach as an intrinsic framework of healthcare organizations encourages to assess and address risks identified in the organizations to ascertain the probability of occurrence, the degree of impact to scope, cost, and quality. The process of prioritization is done in accordance with the risk assessment findings. The objective of risk management can direct healthcare organisations in order to proactively reduce the probability and impact of identified risks to a satisfactory level by establishing a culture founded upon assessment and prevention of errors and maximize value protection. Risk management is a major responsibility of all managers and employees and must be included in the structure and processes to support continuous quality improvement


The health care industry relies on quality measurements and risk management activities. The risk cannot be avoided and exists in every human condition. Risk refers to uncertainties surrounding outcomes and future events. Risk is defined as an opportunity to loss or a probability of injury, loss of liability resulting from vulnerabilities that can be avoided through preventive actions (WHO, 2014). It is measured in consequences and probability terms. The heart of risk is uncertainty as you may not be sure if an event is likely to happen or not. Also, you may be unsure of its consequences would be if it did happen. Likelihood – the probability of an event to occur, and consequence – the impact / outcome of the event, are the two components that characterise the magnitude of the hazard.

Historically, studying the effect of error in medicine by patient safety researchers have adopted impact-based on definitions of medical error and its alternative conditions, limiting their focus to patients experiencing adverse outcomes or harm resulting from medical care (Thomas et al., 1999; Brennan et al., 1991). Possibly, this originate from principle of medical practice dating back to Hippocrates, “primum non nocere”, which translates to “First, do no cause harm” (Veatch, 1989; Nightingale, 1863).

In addition, the manner in which patient safety has been defined enhances an outcome-based approach to define medical error. Patient safety: avoidance, prevention and improvement of adverse events or harms caused by the health care process (NPSF, 2005; Kohn, Corrigan,& Donaldson, 2000).Moser (1956) mentioned that in the first studies of patient safety in the 1950s, medical errors were largely regarded as “disease of medical progress” and dismissed as “the price we pay for modern diagnosis and treatment”.

Modern medicine has done much in the medical fields led to complex forms of care processes. This results in a lot of chances for improving care, but also increases the dangers of adverse events and harm to the patient. The risks associated with patient care cannot be fully eliminated, clinical risk management plays a critical role in empowering hospitals to encourage patient safety(Vincent, 2006).According to WHO estimation in developed countries, 1 in 10 patients is susceptible to harm during hospital care (WHO,2014). As reported by the AHRQ National Health disparities 2013, the harm rate related to hospital stay in the United States is 25.1 per 100 admissions (WHO, 2014).

According to Chubb Healthcare, the challenges faced by hospitals in the United States because of the overall increase in the frequency of claims and the increase in larger awards in many states without cap on the magnitude of awards resulted in: (i) A renewed awareness about patient safety and medication errors; (ii) availability of insurance decline (iii) higher financial risks, (iv) premiums increase, (v) more selective by insurers (Singh & Ghatala, 2012).

Risk management activities have been introduced into the healthcare industry in response to increased costs of malpractice insurance. As of the 1970s, the risk management function consisted primarily of quality assurance nurses who report incidents and attend acute care hospitals, but there has been no proactive activity to prevent control activities (Kuhn&Youngberg, 2002).

Risk management is defined as the methodological process for identifying, evaluating and addressing potential and actual risks (Stoneburner, Goguen, &Feringa, 2002). One of the key elements of an effective risk management program is having sufficient scope to cover all potential sources of risk.

Hindsight bias happens when researchers work backwards from their knowledge of the event outcome. This linear analysis makes the road to failure seem as though it should have been expected or anticipated, although this is not the case. This determination is often made without any assessment of the systems or processes that may have contributed to the error (Biais& Weber, 2009).

Risk Management program:

Risk management can be useful in the following contexts (Alam,2016)

  1. Enterprise Risk Management (ERM): Organizational Risk Management from top to bottom including financial and business viability.
  2. Patient care
  3. Medical staff (ex: credentials, privilege, job description, staff insurance, training, medical coverage)
  4. Non-medical staff (ex: job description, training, medical coverage)
  5. Financial (budget preparation, cost analysis, insurance coverage)
  6. Managerial /Administrative (ex: Job Description, Delegation of tasks)
  7. Project risk management (ex: scope of service, time frame, cost, human resources, operational, procedural, technical, law and regulations)
  8. Facility management and safety (ex: building safety, Hazardous Materials Management (HAZMAT), internal and external emergencies, fire safety, maintenance plan for medical equipment and maintenance plan for the utility system).

The goal of risk management in health care is: (ACHS, 2013).

  1. Reduce the likelihood of potential events that have adverse consequences on consumers / patients, employees and organisation
  2. Reduce the risk of death, injury and / or illness to consumers / patients, employees.
  3. Encourage consumer / patient outcomes
  4. Efficient management of resources
  5. Legislative compliance Support to ensure organizational development.

The objectives of the risk management program are:

1) Develop systems to manage the reporting of adverse events, near misses, and potentially unsafe conditions. The incident reporting process is designed to achieve the following tasks: (Runciman, Edmonds,& Pradhan,2002)

  1. Risk Identification.
  2. Set the risk values.
  3. Expectation loss.
  4. Decision making upon objective steps to minimise the consequence on the patient and the hospital.

Reporting responsibilities include internal reports and external reports to regulatory, governmental or voluntary agencies. This includes establishing of the risk management policy and event reporting policies and procedures that should specify (ACHS, 2013):

Who: should report, communicate, and take action

What: should be reported by employees, managers, executives, and committees

When: Risk should be reported and when information is distributed to physicians, staff, executive committees and governance / board of directors

Where: information storage, communication

How: Tools and processes are used – for example risk assessment, risk registers, and any risk removal from the current risk register.

Table 1: Good incident report elements (VHIMS, 2011)

Element Question to describe the incident
Who Ø  Who is reporting the incident?

Ø  Who is involved?

What Ø  What occurred? (Including details)

Ø  What are the incident characteristics?

Ø  What are the initial actions you have taken?

Ø  What is the severity rating of the incident (ISR) at the time of reporting?


When Ø  When did the incident happen?
Where Ø  Where did the incident happen?
How and why Ø  Why and how did the incident happen? What are the contributing factors?

2) Assuring the data collection and analysis to monitor risks which may lead to serious adverse events

The incident monitor system includes the following: (ACHS, 2013)

  • Confidentiality
  • All staff Involvement
  • A just culture (No Blame / No Shame)
  • All employees’ education and training
  • Mechanisms to decrease staff fear of punishment
  • Easy-to-use report forms that record detailed information regarding the incident
  • Incidents investigation by involved employees and managers
  • Capture the lessons learned and communicate them
  • Widely discussing incidents and learning from information
  • Implement system for benchmarking and Compare information with other organizations
  • Take action to avoid reoccurrence and improve ways to prevent adverse events
  • Integrating with the Organization’s risk management system
  • Evaluation.

Incident monitoring helps organizations to identify specific areas of interest and develop interventions. The implementation of Incident Successfully monitoring by health units was followed by individual employees’morale improvement (Runciman, Edmonds,& Pradhan, 2002). However, incidents are often under- reported.

Risk management structure:

  1. Scope and main tasks

The multi-disciplinary risk management program (RM) includes physicians and clinical support staff in all care areas, allied health professions, administrators, managers and others.

Operational risks may include :(Tita&Simpson, 2017)

 Clinical risk: These are risks associated with the provision of high-quality patient-centered care services.

 Non-clinical risks: These are the risks related to the environment in which patient care occur, including the use of facilities by employees, patients, contractors and visitors.

Table 2: Examples of clinical and non-clinical risks (ACHS, 2013)

Clinical risk: Non-clinical examples
·        Medication errors

·        Effectively selection and use of clinical indicators

·        Morbidity and mortality meeting for discussion on reviewing

·        Clinical auditing

·        Screening of clinical incident reporting and adverse events.

·        Medical Records Review

·        Medical Emergency reviews

·        Strategies of Medication Management for improving drug adherence

·        Patient risk assessment (ex: patient fall, pressure ulcer, VTE).

·        Peer review and peer supervision

·        The use of complaints and feedback from patients and employees in effective way to improve the service.

·        Clinical Studies, Evidence, literature and clinical research.



·        Financial risks, reputational risks, information governance risks,

·        Effective collection and use of relevant indicators of the organisation

·         Audits

·        Monitor the differences in the budget

·        Reports of project activity

·        Procurement and product evaluation

·        Minimization schemes to reduce risks of fraud

·        Risk assessment and hazard identification

·        Lost time injury frequency rate/reports

·        Strategies for managing political change

·        Safety strategies in the workplace

·        Financial Management Strategies

·        Emergency and disaster planning

·        Redundancy i.e duplication of function of system

·        Infrastructure and information technology capabilities and data entry

·        Manpower Planning

·         Credentials and privileges for all physicians

·        Strategies for recruitment and retention

·        Staff education and training programs

·        Review and develop staff performance

·        Maintenance and replacement schedules for equipment.

·        Review of external contracts.




Table 3: Quality and Risk Management Overlap (ACHS, 2013)

Risk Management


Overlapping Functions Quality Improvement

Ø  Accreditation compliance

Ø  Claims management

Ø  Consumer / patient relations and disclosure

Ø  Contract / policy review

Ø  Corporate and regulatory compliance

Ø  Mandatory event reporting

Ø  Risk identification, e.g. near-miss and adverse event reporting

Ø  Risk control, e.g. loss prevention and loss reduction

Ø  Risk financing

Ø  Safety and security

Ø  Workers compensation



Ø  Accreditation issues

Ø  Analysis of adverse and sentinel events and trends

Ø  Board reports

Ø  Consumer / patient complaint handling

Ø  Consumer / patient education

Ø  Feedback to staff and healthcare providers

Ø  Proactive risk assessments

Ø  Public reporting of quality data

Ø  Provider credentialing

Ø  Root-cause analysis

Ø  Staff education and training

Ø  Strategic planning



Ø  Accreditation coordination

Ø  Audits / benchmarking / clinical indicators etc.

Ø  Best practice / clinical guidelines

Ø  Consumer / patient satisfaction

Ø  Improvement projects

Ø  Peer review

Ø  Provider performance and competency

Ø  Quality methodology

Ø  Quality of care reviews

Ø  Utilization / resource /case management



Table 4: Risk Management Process (AS/NZS 4360:1999)

Establish the context


Ø  Identify the activity

Ø  What are the goals and objectives?


Risk identification


Ø  What can occur?

Ø  How can it occur?


Risk assessment




Evaluation and Ranking


Ø  How could risks happen?

Ø  What would be the impact if they did?

Ø  How could they be minimised?



Evaluate options for risk reduction

o   Determine costs of actions to reduce risks

o   Identify procedures, which reduce the overall cost of risk

o   Comparison of costs versus benefits


Risk Treatment


•         Avoidance: stop providing services likely to generate risk

•         Reduce: Limit or control the likelihood and consequences of occurrence

•         Transfer: shift risk to another party to bear or participate in risks, through contracts, partnerships, joint ventures, etc.

•         Acceptance: Some risks may be small and acceptable.



Monitor and review


Monitor risk impact

•         Review outcome of action

•         Has the priority of risk changed?



Communicate and Consult


Who needs to know, internal/external?


Figure 1: Risk Management Framework


Establish Context


Identify Risks



Evaluate Risks


Treat risks




Periodic Review &Continuous Improvement

Step 1 – Select context

Objectives: To identify the goals and objectives for risk identification and management (Department of Health WA, 2016).

Identify, assess and document potential risks. Mapping of the following should be considered: social framework of risk management (what are your stakeholders exposed to?)  Identification of stakeholder objectives (do you want to ensure minimum financial effect, program effect, etc.); what are available resources to alleviate Effects of risk? What structures do we have to face with expected scenarios that can happen?

Context helps to identify the essentials and constraints of effective risk management within the organization (ACHS, 2013). Intensive care unit (ICU), (ER), ER (emergency room), blood transfusion services, CCU (coronary care unit), medication management including drug administration are areas of high-priority for risk management related to patient care (Alam, 2016).

Step 2 – Identify the risks

Objectives: To identify all risks related to reaching the objectives identified in Step 1.

Clinical risk Identification needs staff to understand of the following elements: (Department of Health WA, 2016)

Table 5: Clinical risk Identification

The chief cause of the clinical risk that has the potential to result in injury. •e.g. main cause: similar/look-alike & sound alike medications (LASA) dispensed from a hospital’s pharmacy


The incident that could occur if the risk is not treated and the effect on the organisation or its stakeholders (internal or external).


•e.g. risk of improper  medication being given to patient
what and why the presence of the clinical risk or hazard of the event Happening •e.g. medications shortage, lack of inspection processes


Identification of the potential clinical risk outcome on the organization or its stakeholders.


•e.g. clinical incident where the patient is injured  from being given a wrong medication
When and where the clinical risk or hazard can happen. •e.g. during medication dispensing or administration of the medication

Figure 2: Possible methods of identifying clinical risks (Alam, 2016; Department of Health WA, 2016 ACHS,2013)

Categorisation of risk (Carroll, R, 2009)

Risk areas or domains, are simply a method used to segregate similar risks into manageable groups.

Table 6:Risk Categories

Operational / Clinical Risks related to business operationsbecause of insufficient or failed internal processes, medical malpractice that affect patient safety.
Financial / Business Continuity Risks such as capital structure, credit and interest rate variation, exchange foreign currency and accounts receivables. These are risks that affect the profitability, cash position, access to capital, or external financial ratings through business relationships or the timing and recording of income and cost of operations
Strategic / Reputation Risks of Brand, reputation and advertising, and business strategic risks. Failure to adapt to changing environment, changing customer priorities, comparative risk, clinical literatures.
Legal / Regulatory including risks arising from product liability, management liability, non-compliance with laws, standards, rules and regulations, and intellectual property matters.



Technological / Projects An area of ​​moreimprovement in healthcare, including the risks associated with the assumption of new systems and tecnology (eg computerised physcian order entry (CPOE), barcoding, electronic medical record (EMR),image archiving and communication system (PACS) , Robots, simulation, etc.).


Natural Disaster / Hazard Risks caused by physical  loss or impairment of assets, including risks arising from earthquakes, windstorms, floods, fires, etc. Traditionally insured risks associated with natural risks and business problems.




Step 3 – Analyse & Evaluate  risks

Objectives: To determine the outcome of any controls and evaluate its risk rating (Department of Health WA, 2016).

Table 7: Consequences assessment (HSE, 2008)

Consequence Score (1) (2) (3) (4) (5)
Domain /Impact Negligible/insignificant Minor Moderate Major Extreme/catastrophic
 Operational /clinical /type of Injury Adverse event leading to minor injury not requiring first aid. No impaired functions Minor injury or illness, first aid treatment required < 3 days absence or < 3 days extended hospital stay Impaired psychosocial functioning greater than 3 days less than one month Significant injury requiring medical treatment e.g. Fracture and/or counselling. Agency reportable, e.g. HSA, Gardaí (violent and aggressive acts). >3 Days absence or 3-8 Days extended hospital Stay Impaired functions greater than one month less than six months Major injuries/long term incapacity or disability (loss of limb) requiring medical treatment and/or counselling Impaired functions

greater than six months

Incident leading to death or major permanent incapacity. Event which impacts on large number of patients or members of the public. Permanent impairment of functions or  incapacity.
Service User Experience Reduced quality of service user experience related to inadequate provision of information Unsatisfactory service user experience related to less than optimal treatment and/or inadequate information, not being to talked to & treated as an equal; or not being treated with honesty, dignity & respect – readily resolvable Unsatisfactory service user experience related to less than optimal treatment resulting in short term effects (less than 1 week) Unsatisfactory service user experience related to poor treatment resulting in long term effects Totally unsatisfactory service user outcome resulting in long term effects, or extremely poor experience of care provision
Legal/regulatory  /Compliance with Standards (Statutory, Clinical, Professional & Management) Minor non compliance with internal standards. Small number of minor issues requiring improvement Single failure to meet internal standards or follow protocol. Minor recommendations which can be easily addressed by hospital management Repeated failure to meet internal standards or follow protocols. Important recommendations that can be addressed with an appropriate management action plan. Repeated failure to meet external standards. Failure to meet national norms and standards / Regulations (e.g. Mental Health, Child Care Act etc). Critical report or substantial number of significant findings and/or lack of adherence to regulations. Gross failure to meet external standards Repeated failure to meet national norms and standards / regulations. Severely critical report with possible major reputational or financial implications.
Objectives/Technological Projects Insignificant cost increase

Barely noticeable reduction in scope, quality or schedule.

<5% over budget. Delay in scheduled activities.

Minor reduction in scope, quality or schedule.

10% over budget. Some delay in scheduled activities.

Reduction in scope or quality of project; project objectives or schedule.

10-25% over budget. Significant project over – run.

Major delay in scheduled activities. Failure to meet secondary objectives

>25% over budget.Major delay in scheduled activities. Inability to meet primary project objectives. Reputation of the organisation seriously damaged.
Financial Business Continuity Interruption in a service which does not impact on the overall delivery of service user care or the ability to continue to provide service.

Improvement actions required

Short term disruption to service with minor impact on service/ user care. Some disruption in service with unacceptable impact on overall service user care. Temporary loss of ability to provide service Sustained loss of service which has serious impact on overall delivery of service user care or service requiring  major contingency plans being involved Permanent loss of core service or facility. Disruption to facility leading to significant ‘knock on’ effect
Strategic/Adverse publicity/ Reputation Rumors, no media coverage. No public concerns voiced. Little effect on staff morale. No review/investigation necessary. Local media coverage – short term. Some public concern. Minor effect on staff morale / public attitudes. Internal review necessary. Local media – adverse publicity. Significant effect on staff morale & public perception of the organisation. Public calls (at local level) for specific remedial actions. Comprehensive review/investigation necessary. National media/ adverse publicity, less than 3 days. News stories & features in national papers. Local media – long term adverse publicity. Public confidence in the organisation undermined. HSE use of resources questioned. Minister may make comment. Possible questions in the Dáil. Public calls (at national level) for specific remedial actions to be taken possible HSE review/investigation National/International media/ adverse publicity, > than 3 days. Editorial follows days of news stories & features in National papers. Public confidence in the organisation undermined. HSE use of resources questioned. CEO’s performance questioned. Calls for individual HSE officials to be sanctioned. Taoiseach/Minister forced to comment or intervene. Questions in the Dail. Public calls (at national level) for specific remedial actions to be taken. Court action. Public (independent) Inquiry.
Environment/Natural Disaster/Hazard Negligible effect.

Nuisance Release.

Minor effect of the facility. Limited  hindrance of hospital services.

On site release contained by organisation.

Moderate effect of the facility. May affect some hospital services

On site release contained by organisation.

Release affecting minimal off-site area requiring external assistance (civil defense, fire brigade, radiation, protection service etc.) Toxic release affecting offsite with detrimental effect requiring outside assistance.

Many hospital services are curtailed detrimental effect requiring external assistance

Table 8: Probability of Occurrence or Likelihood Score (Department of Health WA, 2016)

Clinical Corporate
Level Likelihood Descriptor Per Separations/ Occasions of Service



Likelihood Code “C” (Clinical)

% Chance during life of project or financial year for budget risk


Likelihood Code “%” (% Chance)

Time Scale for ongoing non-project activities or exposures


Likelihood Code “T” (Time)

1 Rare 1 in 100,000 or more Up to 5% Once in more than 10 years
2 Unlikely 1 in 10,000 6% – 30% Once in 5 – 10 years
3 Possible 1 in 1,000 31% – 60% Once in 3 – 5 years
4 Likely 1 in 100 61% – 90% Once in 1 – 3 years
5 Very Likely 1 or more in 10 Over 90% More than once a year
  • Identify the type of risk that might affect your department/ service
  • Calculate the risk score by multiplying the two scores (probability X consequences)

Table 9: Risk Score Calculation

Department / service……………………………………………………..
Type of Risk (1)

Probability of Occurrence or Likelihood Score


Consequence Score


Risk Score


Table 10: Mapping the Total Risks (HSE,2008)

  Total Risk Score  
  1 2 3 4 5  
  2 4 6 8 10  
  3 6 9 12 15  
  4 8 12 16 20  
  5 10 15 20 25  


Green (1-3)

Low Risk

Blue (4-6)

Medium Risk

Yellow (7-14)

High Risk

Red (15-25)

Extreme Risk

Table 11: risk management action plan


Low risk Acceptable and Manage by routine procedures
Medium risk Tolerable and Manage by particular monitoring procedures or auditing systems.
High risk


This is serious and must be closely addressed. Action Plans should be prepared for the Extreme and High Risks

Prepare action plans to reduce the probability and consequences of the extreme risks with a score of 15-25. Then move down the risk levels to the high risk with a score of 7-14.


Extreme risk


Extreme risk Risk mitigation measures Responsibility Completion date
High risk Risk mitigation measures Responsibility Completion date


Evaluate the risks

Objectives: To assess the action required by the level of risk specified in step 3, including evaluation whether management should be developed and / or risk could be escalated. Risk prioritization involves comparing the level of risk present during the analysis stage with pre-defined risk criteria and establishing a prioritised risks list for additional action (Department of Health WA, 2016).Risk registers are a tool that can be used to help prioritise risks and allocate resources appropriately(ACHS, 2013).

Table 12: Example of a risk register (Standards Australia and Standards New Zealand, 2004)



Risk area Risk description Action Severity Probability Risk Rating Eliminate, reduce or tolerate Start date Due date Cost Responsibility
Number (No)


A unparalleled reference number for each identified risk
Risk Area


How or where the risk has been identified


Risk Description


A description of the risks and their potential effect on the organization / persons




The necessary action to manage the task




The degree to which interests of the organization / people could be affected by the risk realization




The probability of the realization of the risk


Risk Rating & Prioritization


Severity x probability
Eliminate, reduce or tolerate


decision-making depending on the identified risk management


Start date / Due date / Cost


Should be reviewed regularly




The authorised person for the risk management


Step 4 – Treat Risks

  1. A) decision must be takenfor the risk to eitherbe:
  2. Avoidance (elimination): includes not doing risky practices, ie, avoiding areas considered unsafe, etc. Avoidance reduces the possibility of loss to zero. For example, the hospital may choose not to provide obstetric services, thus avoiding the risk of a birth trauma. Avoidance strategies also include the removal of hazardous products or completely removal of potentially hazardous situations from the organization or a ban in a regional hospital for obese or heavy smokers (Department of Health WA, 2016; NuPITA, 2010).
  3. Reduction (Mitigation): The various loss control strategies is intended to reduce the potential impacts of certain risks without fully accepting or avoiding them, thus emphasizing the reduction of the severity of losses. Loss reduction treatments include fast incident investigation, disaster continuity drills, emergency management plans, staff equipped with safety kits, emergency numbers must be kept, firefighting equipment, data backup, and equipping building structure with alarm systems and A fire sprinkler system. Also, a facility providing obstetrical services may develop a protocol to save the placenta from births for pathological review. Such pathological results become a defense tool in any subsequent claim against the practitioner. Although this process does not avoid poor outcome, it aims to minimise the potential financial consequences of such incidents on the organization or the practitioner (Carroll, 2009).

Accreditation agencies, such as JCI, have developed formal requirements for clinical loss prevention efforts, such as root causes analysis (RCA) and failure mode and effects analysis (FMEA). Root cause analysis is a systematic process to identify the root causes of problems and approach to respond to them. Once the root cause analysis has been completed, the next step is to develop a quality improvement plan that addresses each identified root cause. Failure mode and effects analysis (FMEA) is a prospective investigation aimed at identifying weaknesses and preventing future failures. FMEA is required annually by JCAHO and focuses on improving risky procedures such as blood transfusion, chemotherapy, and high-risk medications (Senders, 2004).Healthcare failure mode effect analysis (HFMEA) and hazard vulnerability analysis (HVA).

  1. Retention (Budget / Acceptance): Acceptance of loss when it happens. This management strategy includes potential losses associated with certain risks and plans to cover the financial consequences of these losses. (i) risks that cannot be avoided, or transferred(ii) risks where the risk of loss is not significant and the potential consequences are within the institution’s capacity to self-fund; (iii) quantifiable and predictable losses (iv) smaller risks (ex: missing eyeglasses) and that it may not be possible to purchase cost-effective insurance coverage. (Department of Health WA, 2016; Carroll, 2009).
  2. Transfer (insurance or hedging): This can usually be done through another party (ex insurance, outsourcing services, etc). For clinical risks, this may take the form of transferring the entire activity to another hospital or provider. In some cases, clinical risk transfer may not be cost-effective to an external supplier who is less able to treat the risk. In such cases, health care providers must be aware of the hidden costs of risk transfer, for example high contract costs. (Department of Health WA, 2016;NuPITA, 2010).
  3. B) Selectionof the best risk management techniques:

A risk management specialist may choose to employ any available set of risk management techniques to obtain desired results (Carroll, 2009).

  1. C) Implementation of selected technologies:

The implementation process includes both technical risk management decisions to be made by risk management professionals and relevant decisions taken by other managers within the organization to implement selected risk management techniques (Carroll, 2009).

Step 5: Monitor& review and improve the risk management program

The final step in the risk management process is to assess and monitor the effectiveness of the risk management program by assessing the adequacy and appropriateness of the techniques used to identify, analyze and process the risks. The interdisciplinary approach to evaluate the impact of risk management program activities on the various departments in organizations and ensures that additional opportunities to improve the risk management function have been fully studied (Carroll, 2009).

Closing Risk: While there is active management, the risk has an “open” status. With the completion of action and management of risk, after careful deliberation, changing it to either “monitor” or “closed” status. “Monitor” risks are subject to periodic review (Ex six months) to ensure that they remain as “as practicable” as possible. A “closed” status is set for risks that complete all required actions and do not require any further action, and are archived in a “closed record” for audit purposes (Carroll, 2009).

Table 13: Types of outcome measures (Wolff &Bourke, 2002)

Effects Examples
Effects on safety and risks Reducing the frequency or severity of:

·        Fall incidents

·        Pressure ulcer

·        Improper use

·        Medication errors

  • Unplanned re-presentation to department within 48 hours for same condition
  • Unplanned readmission to the hospital for same condition within 28 days of hospital inpatient discharge
  • Return to operating room within 7 days

·        Morbidity and Mortality rate

Effects on incidents reporting and tracking Frequency

·        Categories and severity

·        Enthusiastic to report

·        variation between practitioners(ex nursing staff or physicians)


It is well known that the structure of committee is necessary for the suitable and effective functioning of the risk management program. The Assistant Administrator for Quality management will chair the Committee of Risk Management which should have representatives from the following departments:

  1. Quality Assurance
  2. Blood Bank
  3. Medical Audit.
  4. Infection Control
  5. Safety and Security
  6. Accreditation
  7. Education
  8. Physicians
  9. Nurses
  10. Legal Counsel
  11. Tissue Committee
  12. Professional Liability Committee
  13. Professional Practices Committee
  14. Medical Discipline
  15. Medical—Legal Committee
  16. Antibiotic Use
  17. Therapeutics
  18. Pharmacy
  19. Medical Records
  20. Utilization Review Committee

The purpose of the Risk Management Committee will be to aid the Risk Manager in fulfilling the responsibilities to decrease patient harms, visitors, and staff, and financial loss to the hospital (Singh& Ghatala, 2012).


Active risk management is advanced proactive approach plays a critical role in enabling hospitals to identify, analyze, monitor and manage risks. Risk management is an integrated part of health care that uses a number of disciplines to reduce the likelihood of organizational losses in health care. Proactive risk management allows an organisation to plan today for the worst-case scenario of tomorrow that jeopardize the ability of organization to maintain its mission.


Alam, A.Y. (2016) Steps in the Process of Risk Management in Healthcare. Journal of Epidemiology Preventive Medicine 2(2): 118.Available at

 AS/NZS 4360:1999 – Risk Management. Available at

Biais, B., & Weber, M. (2009). Hindsight bias, risk perception, and investment performance. Management Science, 55, 1018–1029.Available at

 Brennan, T.A., Leape, L.L., Laird, N.M., et al. (1991). Incidence of adverse events and negligence in hospitalized patients: results of the Harvard Medical Practice Study I. NEW ENGLAND JOURNAL of MEDICINE; 324:370-6. Available at

Carroll, R. (2009). Risk management handbook for health care organizations (5th ed.). San Francisco, CA: Jossey Bass Education.

Department of Health (2011), Victorian health incident information system (VHIMS). A guide to completing incident reports. Available at

Department of Health WA. (2016). WA Health Clinical Risk Management Guidelines, A best practice guide.Government of Western Australia.Available at

Health Service Executive (HSE). (2008).Risk Assessment Tool and Guidance (Including guidance on application).Available at

Kohn, L.T., Corrigan, J.M., & Donaldson, M.S. (2000). To err is human: building a safer health system. Washington: National Academy Press. Available at

Kuhn, A.M., & Youngberg, B.J. (2002). The need for risk management to evolve to assure a culture of safety. Quality and Safety in Health Care2002;11:158–62.Available at

Moser, R.H. (1956). Diseases of medical progress. NEW ENGLAND JOURNAL of MEDICINE; 255: 606-14.Available at

 National Patient Safety Foundation (NPSF) (2000). Agenda for research and development in patient safety. Medscape General Medicine. 2000;2(3) .Available at

Nightingale, F. (1863). Notes on hospitals. 3d ed., London: Longman, Green, Longman, Roberts, and Green. Available at

Runciman. W., Edmonds, M. & Pradhan, M.(2002). Setting priorities for patient safety. Quality and Safety in Health Care; 11(3): 224-229.Available at

Senders, J.W. (2004). FMEA and RCA: The mantras of modern risk management. Quality & Safety in Health Care 13:249-250.Available at

Singh, B.,& Ghatala, M.H. (2012). Risk Management in Hospitals. International Journal of Innovation, Management and Technology. 3. 10.7763/IJIMT.2012.V3.266. Available at

 Standards Australia and Standards New Zealand (2004) HB 436:2004, Risk Management Guidelines: Companion to AS/NZS 4360:2004, Sydney, NSW. ISBN 0 7337 5960 2. Available at

Stoneburner, G., Goguen, A., & Feringa, A. (2002), Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30,  .Available at

The Australian Council on Healthcare Standards (ACHS) (2013). Risk Management and Quality Improvement Handbook. EQuIPNational. July 2013.Available at

The New Partners Initiative Technical Assistance (NuPITA) (2010). Developing a Risk Management Plan. Available at

 Thomas, E.J., Studdert, D.M., Burstin, H.R., et al. (1999). Incidence and types of adverse events and negligent care in Utah and Colorado. Medical Care; 38(3): 261-71. Available at

Tita, D., &Simpson, S. (2017). Risk Management Strategy (2016-2019).Kingston hospital NHS Foundation Trust  Version 14 Review Date: January 2017.Available at

Veatch, R.M. (1989). Cross cultural perspectives in medical ethics readings. Boston: Jones and Bartlett Publishers. Available at

Vincent, C. (2006). Patient safety. Edinburgh etc.: Elsevier Churchill Livingstone.

Wolff, A.M., &Bourke, J. (2002). Detecting and reducing adverse events in an Australian rural base hospital emergency department using medical record screening and review. Emergency Medicine Journal 19(1): 35–40.Available at

World Health Organization (2014).10 facts on patient safety. Available from:

5/5 - (3 أصوات)

المركز الديمقراطى العربى

المركز الديمقراطي العربي مؤسسة مستقلة تعمل فى اطار البحث العلمى والتحليلى فى القضايا الاستراتيجية والسياسية والاقتصادية، ويهدف بشكل اساسى الى دراسة القضايا العربية وانماط التفاعل بين الدول العربية حكومات وشعوبا ومنظمات غير حكومية.

مقالات ذات صلة

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *

زر الذهاب إلى الأعلى