Close Server: KOPWWW05 | Not logged in

Risk Management

The concept of risk management grew out of the medical malpractice crisis of the mid-1970s. As a result, hospital departments were formed in an effort to decrease liability exposures, integrate risk reduction strategies and ultimately create a risk-free environment.

Risk management professionals have varied backgrounds. In the early 1980s, many risk managers came from an insurance background, but due to an increase in clinical risk and malpractice cases, risk management professionals were sought from clinical areas. The use of registered nurses and other healthcare professionals allowed cases to be reviewed and created the opportunity to improve practice deviations and create standard processes.

During the mid-1980s, in response to increasing medical malpractice premiums and another malpractice crisis, many risk management departments began looking at new areas of liability exposure resulting from new technologies and healthcare expansion.

This article will demonstrate the risk management techniques used since the 1980s, considering changes based on the Institute of Medicine's 1999 report, To Err Is Human, as well as supplemental reports and the establishment of patient safety organizations in 2001-02.

To begin, one first must understand the basic concepts of risk management.

Steps in Risk Management

Risk management is the systematic approach to the prevention of loss, referring directly to financial loss. There are four key steps involved: risk identification, risk analysis, risk control and risk financing.

Risk identification - Risk identification includes developing processes to identify areas within a professional practice area that have a potential to cause patient harm. This often includes an incident/event/occurrence reporting system aimed at identifying and reporting potentially adverse patient outcomes, unexpected outcomes of treatment, events that have actually caused a patient injury or have a potential to do so, and patient complaints. This information is then reviewed and analyzed to identify any trends that, if addressed, may lead to loss prevention.

Risk analysis - Risk analysis involves not only the review of occurrence screening data, but also any loss data to identify trends before a patient injury occurs. This analysis includes evaluation of the specific practice involved to determine, for example, if a policy or procedure needs to be changed to prevent a repeat occurrence of the event. An important aspect of risk analysis includes education. Education of healthcare providers regarding identified trends and prevention strategies is the ultimate goal of risk management.

Risk control - Risk control is concerned with handling of actual losses that occur. Professional losses arise from instances of professional malpractice or, as it is commonly referred to, negligence. Negligence is defined as "the breach of the standard of care of what a reasonable person would do in the same set of circumstances having the same requisite skills and knowledge."

Four elements must be proved to have a successful malpractice action:


 breach of duty;

 causation; and


Duty is the standard of care owed to a patient that is created by virtue of the provider-patient relationship.

Breach of duty occurs when the provider does not adhere to the applicable standard of care when providing care to the patient. To determine the standard of care owed and whether it was breached, you must look to applicable policies and procedures, professional practice standards, job descriptions or guidelines established by a national specialty organization such as the Association of periOperative Registered Nurses, Emergency Nurses Association or American Association of Critical-Care Nurses. These are reviewed to determine the minimum standard of care.

Causation refers to the proximate cause of the injury and that the injury sustained was directly related to the breach of duty. This is the most difficult element to prove in a malpractice action because a patient sustaining an injury does not necessarily indicate a breach in the standard of care. The patient must prove that if not for the healthcare provider's actions, the patient probably would not have sustained the injury. This causal connection usually is established by an expert witness.

Damages is the fourth element and involves not only physical damages, such as medical bills and lost wages, but also emotional damages, such as pain and suffering and loss of consortium claims.

Risk financing - The last key step to risk management is risk financing. This involves transfer of the risk to an insurance company. As a professional, you should be cognizant of the malpractice insurance your employer provides for you or the coverage you need to secure on your own to cover your professional activities. Each state has different established limits of coverage.

When evaluating coverage, be aware there are two types of coverage forms: occurrence and claims-made. An occurrence-based policy provides coverage for any actions that arise as long as the event occurred when the policy was in force, whereas a claims-made policy provides coverage only for events that are reported during the policy period.

More simply, occurrence coverage provides long-term coverage, while claims-made coverage only provides coverage on a year-to-year basis. If you purchase claims-made coverage and switch insurers, you should investigate the securing of prior-acts coverage or tail coverage to prevent any gaps in insurance coverage, should a claim arise.

To apply the risk management principles described here, you must be aware of the liability exposure areas involving your specific area of clinical practice.

Evolution of Patient Safety

Now that you understand the main elements of risk management, we will take you on a further journey into the evolution of patient safety.

Following the Institute of Medicine's To Err Is Human report, which estimated 98,000 Americans died annually in hospitals due to medical errors, change was deemed necessary. New patient safety processes were discussed. Disclosure and process or systems issues became centers of attention in an effort to shift the focus to faulty processes or systems, rather than placing blame on individuals involved in medical errors.

In response to this evolution, many organizations were afforded opportunities to expand their risk management program to include patient safety, while others dissolved their risk management departments and launched patient safety departments. Risk management's role evolved to ensure any new patient activities were evaluated prior to initiation to ensure appropriate policy formation.

With these new initiatives, risk management was viewed as being an integral member of the healthcare team. Risk management always has looked at the welfare of the patient, developing key strategies to decrease liability exposures as well as decrease the number of malpractice claims for the institution. Having developed these early relationships helped strengthen the emerging patient safety programs.

Early on, risk management analysis showed that focusing on systems rather than individuals was important, and this early focus enhanced the move to solid patient safety programs. Nonpunitive policies and processes were developed and presented. Key patient safety initiatives were reviewed, such as medication safety teams, fall teams and a variety of other clinical teams, with the main focus always being patient safety.

Many Fortune 500 companies began evaluating initiatives to set "golden" safety standards to ensure their employees received high-quality, safe medical care. For example, the Leapfrog Group developed quality indicators as well as safety leaps for hospitals, to ensure the provision of safer healthcare across the continuum.

Legislative Action

In 2003, Pennsylvania passed a law called the Medical Care Availability and Reductions of Error Act. This law required hospitals to develop a specific patient safety plan for their institution with the mandatory establishment of a designated patient safety officer. In addition, a patient safety committee comprising community members and designated healthcare representatives were mandated to review medical events and make appropriate, timely interventions to avoid errors from recurring and make changes that positively affect patients. This affected hospitals, ambulatory surgical centers, as well as midwifery centers.

The act also required the reporting of medical errors to the Patient Safety Authority, an organization overseeing all patient safety reporting data for Pennsylvania. In addition, timely patient disclosure of errors was required as well as written confirmation that the disclosure had taken place within 7 days of substantiation by the patient safety officer that the event occurred.

Everyone's Job

Patient safety is a culture; it's the pulse of an organization. It is not just one individual's job to ensure everything is appropriate. It is the responsibility of all members of the healthcare team - each and every person who works within the walls of the organization.

It is making sure every patient receives appropriate care by competent, trained and qualified individuals. It is making sure the patients are properly identified, receive the correct medications and correct procedures, including timely notification to their physicians when an unexpected event arises. It is ensuring the clinical standards of care and practice are continually evaluated against best practices to assure patients are receiving appropriate care and treatment.

The physical environment also is integral to patient safety. Equipment used in patient care delivery must function properly - alarms must be engaged and work to provide timely notification, such as when a patient experiences a cardiac arrhythmia. Prevention of falls through evaluation of the patient's footwear and room lighting is another example of how providers must be vigilant in protecting the patient from injury. Finally, assisting a lost visitor/patient to an appointment that may be critical to preventing harm is another way all staff can actively enhance patient safety.

Patient safety needs to be the pulse of every organization to ensure that healing, comfort, and care is provided in the safest and most reliable manner for the patients and their families.


Carroll, R. (2004). Risk management handbook for health care organizations (4th ed.). San Francisco: Jossey-Bass.

Commonwealth of Pennsylvania. (2002). Act 13 of 2002: Medical Care Availability and Reduction of Error (Mcare) ACT. Retrieved Oct. 29, 2004 from the World Wide Web:

Youngberg, B.J. (2004). The patient safety handbook. Sudbury, MA: Jones and Bartlett Publishers.

Youngberg, B.J. (1994). The risk manager's desk reference. Gaithersburg, MD: Aspen Publishers.

Fran Miranda is director, risk management and patient safety officer; Georgene Saliba is administrator, risk management, claims management, patient safety; and Rosemary Cerimele, Kristie Lowery and Kelly Riegel-Gross are risk managers, all at Lehigh Valley Hospital and Health Network, Allentown, PA. <% footer %>


Email: *

Email, first name, comment and security code are required fields; all other fields are optional. With the exception of email, any information you provide will be displayed with your comment.

First * Last
Title Field Facility
City State

Comments: *
To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the below image, reload the page to generate a new one.

Enter the security code below: *

Fields marked with an * are required.

View the Latest from ADVANCE


Back to Top

© 2017 Merion Matters

660 American Avenue Suite 300, King of Prussia PA 19406