Volume 10, Issue 1 /2008 - Outsourcing

Optimal Risk Management in Healthcare


A six point programme

By Maria Ines

Cartes The strong trend towards “economisation” in the German health system is rapidly leading to significant changes in the health sector. At the same time, the legislation governing the German health system (the Social Security Statute Book) imposes the following requirements: the establishment of quality management; participation in external, comparative quality assurance; and, under what is known as KonTraG (an amending act on control and transparency in business), the establishment of a monitoring system to ensure early detection of developments that pose a threat to society. 

On the other hand, the growth of a highexpectation culture and changes in jurisprudence (patient rights) are contributing towards mounting compensation claims, higher payments by insurance providers and a substantial increase in liability premiums. While these developments have economic consequences for healthcare institutions, the damage to corporate reputation caused by compensation claims is becoming an increasingly important issue. For this reason, the insurance industry, specifically the international reinsurance industry, demands that risk management (RM) be used as a management tool to ensure the liability risk in healthcare remains insurable in the longterm. (Klocke 2005).

Furthermore, while treatments and surgical procedures are becoming more and more refined, not all associated work practices are following suit. In the context of the high degree of technologisation and the necessary division of labour in medicine and care, even minor errors in work processes can have disastrous consequences. For this reason, in addition to medical issues, insurance companies expect other considerations, primarily fire protection, issues of a legal, organisational and structural nature and other matters pertinent to liability, to be taken into account to ensure that the liability risk in healthcare remains insurable in the longterm (Gurcke 2006). 

Prerequisites for the viability of hospitals are a good strategy, efficient use of resources and optimal process control. For this reason, management systems such as risk management must be applied in operative, tactical and strategic decision-making.

The Challenge of Risk Management

The challenge of risk management lies in mapping the overall risk as a conglomeration of interconnected individual risks (Brennan et al 1991, Leape 1994, Vincent et al 1998). In so doing, the strategic importance of risk management as a leadership task emerges (Wolf, Runzheimer 2003, Gómez-Arnau et al 2006). In practical terms, this requires the strategic introduction of an efficient and effective risk management process with optimal resource allocation, which contributes to security of outcome. Realising this objective hinges on completing six concrete steps.

Step One: Take a Decision

The decision on the introduction of risk management must be made by management at the highest level. Consultation with the works council, where one exists, and the insurance provider is recommended. Consideration should be given to the advantages and disadvantages of risk management as well as external requirements (statutory and legal). In this context, the aims and objectives of the risk management process must be defined, e.g. the creation of a safety culture, improvements in patient safety, meeting statutory requirements and guaranteeing that staff are protected from third party liability claims.

Step Two: Effect a Change in Culture

It is necessary to bring about a cultural change with regard to communicating and addressing errors. Senior management, in consultation with the works council, must determine and assume responsibility for the general principles and values that will govern how the institution handles errors. The hospital, as an enterprise, must strive to make the transition from a blame culture, through an error culture to a safety culture.

Achieving this goal requires acceptance that errors occur in all walks of life and critical incidents and near misses should be treated as an opportunity for systematic learning (Meilwes 2002).

Step Three : Establish Requirements and Parameters

Implementing risk management requires securing the support of senior management and obtaining the approval of the works council. The aims, objectives and approaches underpinning the strategy must be defined. Before introducing risk management, senior managers must determine the position the process will have in the hospital. This implies that it will be a task for senior management and that accountability, responsibility and resource allocation issues will be clearly defined. Ideally, risk management should be either embedded in or strongly linked to the hospital’s quality management, process management and project management systems. Coordinated communications and cooperation should be maintained with other areas and departments, including legal affairs, administrative audit, disaster prevention, hygiene, finance and environmental services.

In this context, key factors in establishing risk management are the maturity of the hospital and the ability of its management culture to build confidence and lead by example. These factors influence the flow of information among staff, their flexibility and receptiveness towards innovation, including the establishment of a risk management process.
The availability of advanced IT infrastructure facilitates recording, analysis and communication of risk management data.

Step Four : Risk Management – Creating Expertise

One person should be appointed to the role of risk manager. He or she should perform the tasks associated with introducing RM tools and methods. The correct and appropriate expertise depends on the aims and objectives of the RM system in the hospital. A clinical medical or nursing qualification is a prerequisite. Further qualifications in areas such as quality management, process management, project management or risk management and sound knowledge of business management round off the job specifications of a risk manager. Given the confidential nature of the position and its strategic importance, he or she should be directly accountable to the hospital director.

Step Five : Establish an Organisational and Operational Structure

To ensure sustained, effective RM functionality, the responsibilities, communication structures and implementation concept should be defined with the person appointed to the position of risk manager. These depend on the size of the hospital and the RM aims and objectives. In larger hospitals, a central office with decentralised units and an RM task force is the ideal structure, as it allows the hospital to maximise synergy effects and use its resources in the most effective manner.

Step 6 : Utilise Tools and Methods

Every hospital uses a range of tools and methods for risk reduction purposes, although in many cases the approach is not coordinated and is not part of overall hospital strategy. The use of new tools and methods should complement rather than replicate the function of existing instruments used in the risk process. This means the hospital should examine whether effective and efficient tools are already in place for risk identification, analysis, assessment, management, control and reporting. In the event that these are not available, it should introduce new tools. In this regard, it is critical to link these tools to capitalise on synergies. The use of critical incident reporting systems or other reporting mechanisms offers considerable potential to identify risks and errors in a cost-effective manner (Cartes 2006). However, it is important to ensure optimal resource utilisation when managing these issues. In this respect, it is advisable to deal with reports on the basis of risk fields. Moreover, CIRS must be introduced throughout the hospital. Risk constellations can only be considered in a comprehensive, multi-dimensional manner when multiple departments are brought into the process. Further details can be found in an article entitled “Aus Fehlern lernen ” (Learning from Mistakes) by Maria Ines Cartes in the “Niedersächsische Ärzteblatt” 1/08.


As a result of rapid changes in the health sector, new statutory requirements, increased expectations among patients and health insurers and the rising cost of insurance premiums, the implementation of innovative, efficient management tools such as risk management is an imperative in our hospitals. Management and employee representatives must collectively decide to implement risk management if it is to be effective and sustainable and secure the support of staff. A safety culture should be developed to enhance patient and institutional safety. A range of RM tools must be deployed, albeit in a manner consistent with the need to ensure effectiveness and efficiency. To prevent patient harm, it is vital that transparency and trust are established because patient safety and corporate safety go hand in hand.


• Reduces liability risk
• Establishes facts regarding the need for action
• Enhances reputation
• Reduces costs in the medium and long term
• Guarantees liability insurance protection
• Promotes development of a safety culture


• Creates additional workload
• Increases use of resources as RM can not be implemented in a cost-neutral manner. Staff, software and other costs arise at the outset.
• Viewed as “another form to be filled”

Print as PDF
A six point programme By Maria InesCartes The strong trend towards “economisation” in the German health system is rapidly leading to significant changes in

No comment

Please login to leave a comment...

Highlighted Products