Enterprise Risk Management in Healthcare
ASHRM designates eight domains of risk management to promote an ERM approach in healthcare. ASHRM Website
Technology
Source: American Society for Health Care Risk Management
This domain covers machines, hardware, equipment, devices and tools, but can also include techniques, systems and methods of organization. Healthcare has seen an explosion in the use of technology for clinical diagnosis and treatment, training and education, information storage and retrieval, and asset preservation. Examples also include
Risk Management Information Systems (RMIS), Electronic Health Records (EHR) and Meaningful Use, social networking and cyber liability.
Barriers in Patient Data Communication
Technology risk is one of the eight primary risk domains recognized by the American Society of Health Care Risk Management (ASHRM) see above graphic. Specific barriers regarding health infomation exchanges, patient portals, and their associated vendors contribute to the frequency and severity of the presumed risk.
Specific barriers to effective patient data interoperability include:
- Privacy and Data Security Challenges
- Standardization of Policy, Governance, Format, & Methods
- Adoption and Meaningful Participation
- Emerging Technologies
- Regulatory Challenges
Why Mitigating Risk for HIEs and Patient Portals is a Growing Issue
Given the pressing need to decrease waste and inefficiency in healthcare spending, mitigating technology risk is of particular importance. Nevertheless, every risk domain is interconnected and patient data communication issues present barriers in each sector of healthcare risk.
| Strategic | Clinical | Financial | Human Capital | Legal | Technology | Operational | Hazard |
|---|---|---|---|---|---|---|---|
| Disruption and M&A activity with HIE vendors | Possibilty of clinical error in data mismatch | Medium revenue cycle risk with non EMR health IT | Burnout risk from downtime and rollout duplication | Pace of regulation is unpredictable and presents exposure | Listed barriers | Patient delays from IT downtime | Future pandemics / crisis overburdens systems |
| Risk from strategic failures damaging the brand | Medication reconciliation risk from incomplete transmission | Privacy and data security present financial risk from FWA activity | Training challenges present risk of downstream loss | Political shifts cause instability in ACA initiatives | Cyberthreats | Overreliance on automation create risk of gaps in care | Infrastructure risk from outages |
ERM and its Importance for Health Information Exchanges and Patient Portals
Enterprise risk management (ERM) provides a more broad approach than traditional risk management. ERM approaches allow for more cooperative, nimble, and high-reliabilty mitigation strategies. As ERM is further embedded into the fabric of the culture, the frequency of loss exposure should decrease and near-miss reporting can help to avoid sentinel events which skew the measurement of risk preparedness.