Professional Documents
Culture Documents
Dynamic approaches to
Healthcare risk management
Two International
H e a l t h c a re R i s k M a n a g e m e n t
Symposia
Apr il 1999
Fe br uar y 2000
S t a n d a r d s
A u s t r a l i a
Dynamic approaches
to healthcare
risk management
Selected proceedings from two symposia sponsored by
Standards Australia International
Sydney, April 1999 and Perth, February 2000 (in conjunction
with the Metropolitan Health Service, Western Australia and the National Health
Service, England
Contents
1 Introduction
Dr Maree Bellamy
35 Controls assurance
Involving the Board
Tim Crowley
43 Risk management
Kevin Knight
iii
Dr Lionel Wilson
iv
Sue Williams
Introduction
Dr Maree Bellamy1
The public demands improved patient safety. There is a concern that the financial
pressures and organizational change in healthcare will decrease doctors' expertise,
increase workload and reduce safety. The nature of training and certification of
practitioners and institutions have also become key issues.
According to James Reason2 the more safety researchers have looked at the sharp end,
the more they have realized that the real story behind accidents depends on the way
that resources, constraints, incentives, and demands produced by the blunt end shape
the environment and influence the behaviour of the people at the sharp end. Changes
in technology, procedures, and organizations, combine with economic pressures to
create new vulnerabilities and forms of failure at the same time that they create new
forms of economic and therapeutic success.
Managers and clinicians need tools and techniques to improve the quality of services
and to reduce risks to patients, staff and organizations. The wisdom of adopting an
integrated management approach, at both corporate and clinical levels, to achieve
continuous improvement and clinical effectiveness is receiving increasing
recognition.
In Britain, greater levels of accountability and a push for improved standards of quality
are being driven by a change in governance requirements. There is a similar emphasis
in the quality management framework released by NSW Health. That document
1. Director of Health, Standards Australia International.
2. James Reason 1997, Managing the risks of organizational accidents.
outlines the Departments wish to see accountability for budget and quality to be
viewed as equal performance indicators of health management. It acknowledges that
health services have a governance responsibility for the quality of care, and identifies
the need for a substantive change, involving redesign of processes and sub-systems to
improve health outcomes. The need for a comprehensive, healthcare risk
management strategy has, therefore, never been greater.
Of particular interest is the recent adoption of the Australian/New Zealand Standard
AS/NZS 4360 Risk management as a central component of the framework for corporate
and clinical governance in the National Health Service in England. The Standard will
initially formed the core of the proposed Non-Clinical, Non-Financial Controls
Assurance Standards. It provides a strategy and system for managing such risks as
infection control, medical equipment, information technology, professional and
product liability, security, waste management, health and safety, emergency
preparedness, environment, contractors, fire, human resources and transport.
The Standard is now being used to address the management of risk related to the
provision of clinical services. Comprehensive clinical risk management strategies have
been shown to deliver improved quality of care and patient satisfaction, more cost
effective use and allocation of resources and increased acceptance of clinical
effectiveness and evidence based practice. Clinical risk modification processes are
dynamic and have evolved in overseas markets, particularly in the USA, over the last
decade. One of the keys has been the early identification of new and emerging risks
through systematic collection and analysis of outcomes data, resulting in improved
clinical outcomes.
Corporate and clinical risk management formed the basis of a series of meetings held
in Australia in 1999 and 2000, where representatives from the United Kingdom, the
USA and New Zealand participated in discussions with local colleagues. Issues
addressed included clinical and corporate governance in healthcare and the links
between risk management, quality assurance and quality improvement. These
proceedings flow from those meetings, and from related projects work commissioned
over the last twelve months.
Risk management in healthcare is poised for growth and innovative development both
nationally and internationally. It gives Standards Australia International great pleasure
and satisfaction to play a pivotal role in improving the safety and standard of healthcare
provision at this time.
Subsequently, the Hampel and Greenbury Committees sought to improve upon the
Cadbury Code. The findings of these committees, together with the original
Cadbury findings, have been consolidated into one Combined Code of Principles of
Good Governance published by the London Stock Exchange. Fundamental to these
principles is the requirement that the board should maintain a sound system of internal control
to safeguard shareholders investment and the companys assets and that the directors should, at
least annually, conduct a review of the effectiveness of the groups system of internal control and
should.report to the shareholders that they have done so. The review should cover all controls,
including financial, operational and compliance controls, and risk management.
The NHS has embraced the principles of good governance through its
complementary Corporate and Clinical Governance initiatives.
1. Director of Finance and Performance, NHS, UK.
2. Executive Director, Trent Region, NHS, UK.
3. Reader, University of Strathclyde, Special Advisor to the NHS Executive, UK.
Corporate governance in the NHS has been a carefully managed three stage process,
which is on-going, involving:
Controls assurance
Controls assurance is a holistic concept based on best governance practice. It is a key
component of the NHS Executives performance management programme. It is a
process designed to provide evidence that NHS organizations are doing their
reasonable best to manage, direct and control themselves so as to meet their
objectives and protect employees, patients, the public and stakeholders against risks of
all kinds. Fundamental to the process is the effective involvement of people and
functions within the organization through application of risk and control selfassessment techniques to ensure objectives are met and risks are properly controlled.
Chief Executives of NHS Trusts and Health Authorities are currently required to
sign, on behalf of the Board, a controls assurance statement in respect of the system of
internal financial control in their Annual Accounts. This requirement is now
extended to organizational controls covering inter alia aspects of non-financial,
non-clinical risk by the production of a suitable controls assurance statement to
accompany the Annual Report from 1999/2000.
At a time when many other management challenges face NHS organizations, one of
the key objectives of the NHS Executives Controls Assurance Team is to ensure that
the task is made less onerous through the development of a comprehensive and
comprehensible control framework comprising key risk management and controls
standards (see Table 1). This framework will be available by October 1999 and will
comprise detailed standards and assessment criteria supported by guidance, training
and benchmarking.
The standards and criteria contained in the control framework are being drawn from
existing statutory and mandatory requirements together with relevant best practice
guidance. The aim to is integrate the many and varied existing requirements within a
common standards framework. NHS organizations that currently meet existing
requirements will have little difficulty in meeting controls assurance demands. Others
who are less advanced will benefit from having the control framework to assist their
efforts in implementing risk management and organizational controls.
Clinical care
The environment
of care
Financial
resources
Clinical
governance
Organizational
controls
Financial controls
Clinical assurances
(Clinical governance report/
Annual report)
Organizational assurances
(Annual report)
Financial assurances
(Annual accounts)
Figure 1
Monitor
Monitor
Identify
Analyse/
evaluate
Avoid
Control
Prevent
Accept
Assume
Fund
Transfer
The principal strength of the EFQM is its reliance not just on structural and process
elements, but also outcomes, i.e. results. With reference to Figure 1 it can be seen that
results, expressed as key performance results (clinical, organizational or financial),
staff satisfaction, patient/referrer/health commissioner satisfaction, and additional
impact on society, are delivered by effective and efficient processes driven by good
human and non-human resources management, suitable policies and strategies and,
above all, effective clinical and managerial leadership.
Using a model such as EFQM it is a straightforward process to self-assessment and
benchmark healthcare organizations against a range of key assessment criteria. In
addition, it is a straightforward process to map more technically detailed management
models (e.g. AS/NZS 4360:1999 Risk managementsee below) onto the wider EFQM
quality model.
Clinical and
managerial
leadership
Human
resources
Staff
satisfaction
Policy and
strategy
Patient/referrer/
Commissioner
satisfaction
Processes
Partnerships
and non-human
resources
Enablers
Improving the efficiency of health care delivery
Key performance
results
(Clinical,
organizational
and financial)
Additional
impact on
society
Results
Improving effectiveness
the culture, processes and structures that are directed towards the effective
management of potential opportunities and adverse effects
Identify risks
Analyse risks
M o ni t o r a nd revi ew
C o mmuni ca t e a nd co nsul t
Evaluate risks
Assess risks
Treat risks
The Standard also contains useful appendices giving illustrative information on the
applications of risk management; steps in developing and implementing a risk
management program; identification of potential stakeholders; sample generic sources
of risk and their areas of impact; examples of risk definition and classification;
examples of quantitative risk expressions; identifying options for risk treatment; and
risk management documentation.
framework for the NHS in England. The meat of the risk management framework
will be contained in new guidelines for managing risk in the NHS which will largely
replace the existing risk management in the NHS publication.d The individual
elements of the risk management process identified in Figure 4 will now be
considered, briefly, in turn.
Context
Fundamental to this mapping process is the establishment of context. From a detailed
consideration of the overall context within which most NHS organizations operate,
three distinct sub-contexts of risk management can be identified:
Financial controls
Organizational controls
Clinical controls
Risk identification
A range of techniques are used by healthcare organizations to identify risks, from
informal brainstorming or interviews to more elaborate risk profiling or facilitated
control and risk self-assessment techniques, including self-assessment against the
key standards outlined in Table 1. A review of the various techniques is being writtenup for inclusion in the forthcoming guidelines for managing risk in the NHS due for
issue by October 1999.
Risk assessment
The analysis and evaluation and ranking of risks is also carded out using a range of
techniques, from simple single attribute rating scales, such as exemplified in AS/
NZS 4360:1999, to more rigorous multi-attribute risk ranking techniques (e.g. see
Figure 5, below). The concept of a risk register, again as exemplified in the Standard,
is promulgated and software has been developed to assist with generating and
maintaining such a register. Further details will be included in the forthcoming
guidelines for managing risk in the NHS.
Risk treatment
It is the treatment of risk that typically proves the most challenging aspect of risk
management in healthcare. Having carried out a full risk profiling exercise on, say, an
average acute NHS Trust with an annual income of A$250300 million, it is not
uncommon to identify many hundreds of required risk treatment options with a
cumulative cost from A$230 million depending on the age and condition of the
facility. Given that financial resources are inevitably scarce, it is usually the case that
robust, defensible investment priorities need to be set across the range of treatments
required. A case study involving the setting of priorities is given below.
Risk management
10
1) Policy system
2)
3)
4)
5)
6)
7)
Financial controls
1)
2)
3)
4)
5)
Control environment
Identification and evaluation of business risk
Information and communication
Control processes
Monitoring
Organizational controls
1)
2)
3)
4)
5)
6)
7)
8)
9)
10)
11)
12)
13)
14)
15)
16)
17)
Clinical controls
(CNST standards)
1)
2)
3)
4)
5)
6)
7)
8)
9)
10)
11)
In developing its own risk management methodologies since 1991, the NHS has paid
particular attention to the development of criteria for evaluating risks and benefits, and
has devised a decision methodology and associated computer software to aid the
setting of priorities for implementing risk treatment options based on risk ranking and
cost-benefit analysis.f, g, h, i
Numerous methods have been devised to assist with investment decision-making in
risk management (e.g. refer to endnotes j and k). The decision analysis method
employed in the NHSs PRIORITY module, forming part of the SAFECODE risk
management software, is based on the Simple Multi-Attribute Rating Technique
(SMART). Because of the simplicity of the responses required by the decision
maker(s) and the manner in which these responses are analysed, SMART has been
widely applied.l The analysis involved is transparent and the method usually results in
an enhanced understanding of the problem, leading to more robust decision making.
In the context of risk management it is desirable to optimize risk treatment options on
the basis of value for money or, expressed another way, cost-benefit. PRIORITY
utilizes a SMART model which trades off the costs and benefits of investing in
competing risk investment opportunities. With reference to Figure 4, costs are
defined in terms of capital and/or revenue expenditure, and principal benefits are
expressed in terms of risk reduction and additional benefits (e.g. quality
improvements). In the model, users can define a maximum of six risk and six
11
benefits attributes. Figure 4 shows the default attributes relating to use of the
model in a healthcare environment. Each attribute is weighted and assigned a value
function' (i.e. various options are defined, each with an associated value, or scoresee
Table 2) and the performance of the proposed risk treatment is measured (i.e. rated)
against each attribute, by selecting the relevant option, to determine the overall
benefit rating. Risk reduction is measured by rating the risk attributes (in terms of
most likely consequences and likelihood) both before and after making the
investment. The risk before minus the risk after is a measure of the risk reduction
potential offered by the investment. The overall benefit rating is calculated by adding
the risk reduction and additional benefits and is expressed as a number between 0 and
100, and the cost per unit benefit (cost/benefit) is calculated by dividing the
equivalent annual cost of the investment by the benefit rating to give a measure of
cost effectiveness.
Benefits
Costs
Capital
Revenue
Additional
benefits
Risk
reduction
Contract
volumes/
activity
Enforcement
action
Property
damage/loss
Clinical
care
Operational
delay
Physical
environment
Staff
requirements
Patient
requirements
Public/
political
perception
Loss of
reputation
Figure 6 shows an example of use of PRIORITY for ranking various risk treatment
options in a hospital. In this instance ranking is by risk rating (RR). Note that the
cumulative year 1 cost column helps identify which investments can be authorized
given budgetary constraints. Proposed investments may also be ranked by risk
reduction potential (RRP either in terms of units of risk reduction, or as a percentage
risk reduction where 100% is equivalent to elimination of the risk), cost per unit risk
reduction (CR a measure of cost effectiveness), or year 1 cost.
Figure 7 shows another example using the same spreadsheet but this time ranked on
cost per unit benefit (CB), where benefit is expresses as the weighted sum of the
risk reduction potential plus all the additional benefits (see Figure 5). Risk treatments
can also be ranked (prioritized) by benefit rating (BR), net present value (NPV),
equivalent annual cost (EAC), and timescale for implementation (TS expressed in
anticipated weeks to implement the risk treatment). The latter ranking option is useful
when approaching an end of year with money to spend!
In UK hospitals, the methodology outlined above is used not just for prioritising
general risk treatments, but for prioritising specific risk areas such as medical
equipment purchase, backlog maintenance plans, audit plans, infection control, etc.
12
Attribute (weight)
value
(score)
1)
2)
3)
4)
5)
6)
7)
8)
9)
None/not applicable
Minor injury/ailment one person
Minor injury/ailment 2 or more people
Serious injury/ailment one person
Serious injury/ailment 2 or more people
Major injury/disease one person
Major injury/disease 2 or more people
Single fatality
Multiple fatalities
0
5
10
40
60
75
85
95
100
1)
2)
3)
4)
5)
6)
7)
None/not applicable
Less than 1000
1000 5000
5000 10000
10000 50000
50000 100000
More than 100000
0
17
33
50
67
83
100
1)
2)
3)
4)
5)
None/not applicable
Letter
Improvement notice
Prohibition notice
Legal action
0
25
50
75
100
1)
2)
3)
4)
5)
6)
7)
None/not applicable
Less than 1000
1000 5000
5000 10000
10000 50000
50000 100000
More than 100000
0
17
33
50
67
83
100
None/not applicable
Minor (hours)
Moderate (days)
Significant (weeks)
Lengthy (more than 1 month)
0
25
50
75
100
8)
9)
10)
11)
12)
1)
2)
3)
4)
5)
None/not applicable
Minor
Moderate
Significant
Major
0
25
50
80
100
1)
2)
3)
4)
5)
Not applicable
Minor improvement
Moderate improvement
Significant improvement
Major improvement
0
25
50
75
100
1)
2)
3)
4)
5)
Not applicable
Minor improvement
Moderate improvement
Significant improvement
Major improvement
0
25
50
75
100
6)
7)
8)
9)
10)
Not applicable
Minor issue
Moderate issue
Significant issue
Major issue
0
25
50
75
100
11)
12)
13)
14)
15)
Not applicable
Minor issue
Moderate issue
Significant issue
Hot potato
0
25
50
75
100
13
14
Conclusions
This paper has summarized developments in corporate and clinical governance,
controls assurance and risk management in the NHS in England. The use of the
European Foundation Quality Model as an over-arching quality improvement model
has been briefly discussed. The latest revision to the Australian/New Zealand Risk
Management Standard, AS/NZS 4360:1999, has been described and some of the work
ongoing in the NHS to map existing risk management activities to the Standard has
been identified. Much work remains to be done to improve governance and risk
management in the NHS. It is planned that the core of the NHSs risk management
approach will be based on AS/NZS 4360:1999. Readers are encouraged to visit the
controls assurance website in http://www.doh.gov.uk.riskman.htm to keep abreast of
developments (NB. this website is currently under construction, but will increasingly
be developed as the focal point for governance, controls assurance and risk
management in the NHS in England).
References
a
SAFECODEA health and safety management tool for the NHSImminent issue to the
NHS in England, EPL(94)34, September 1994.
h Emslie, S. V. 1997, A cost-benefit methodology for setting effective investment priorities for
safety in health care facilities, keynote paper, Northern California Healthcare Safety
Association, 4th Annual Conference, Sacramento, California, 1011 September.
i
Rowe. G., Setting safety prioritiesa social and technical process, Journal of
Occupational Accidents, vol. 12, pp. 3140.
Risk ranking, Health and Safety Executive contract research report CRR131, 1997,
ISBN 0 7176 1344 5.
15
Introduction
The whole question of Governance begs the question of the difference it should make
to basic good management practice. I would suggest that Governance involves
management plus, certainly in the British public services, five other factors. They are
A structured environment
Governance requires a management agenda that provides for a structured assessment
of performance. This makes seat of the pants management less appropriate although
there always needs to be a level of intuitive reaction to circumstances that face the
service.
Defined responsibilities
With the need to be able to give account, comes the requirement for defined
responsibilities that can be audited. In my view this agenda can only be taken forward
successfully if individual officers are completely clear about what is expected of them.
Only then can they give the assurances that governance requires.
Systematic checks
There is the inherent need to provide for a regular scrutiny of the management
environment so that assurances are backed up by knowledge of specific performance
at the time the assurance is given.
Public scrutiny
Within the British and most probably Australian health system, the manager must
assume that any or all of his/her actions will be subjected to public scrutiny. This will
take the form of accountability at public meetings but may often come via media
interest in a particular issue.
Personal accountability
Linked to all the above is the personal accountability of the Chief Executive of the
health body for the overall performance of the organization. As discussed below, this
now extends to accountability for clinical services, even where the CEO is not a
clinician. The British system describes that role as the accountable officer.
17
UK Government
Department of Health
MONEY
Regional Offices
Health Authorities
ACCOUNTABILITY
NHS Trusts
Chief
Executive
primary care
direct services
direct services
18
NHS Trusts employ all their staff directly, including all doctors. They agree
disciplinary procedures and set up local arrangements to monitor quality in all its
manifestations; they are responsible to take action when standards slip. They are
legally independent bodies within a national Government healthcare system and their
legal duty is to do four things:
1) to balance revenue income and expenditure;
2) to live within an External Financing Limit (EFL) for capital expenditure;
3) to make a 6% return on capital assets; and
4) to deliver the clinical quality and governance agendas.
Some dilemmas
Carrying these responsibilities introduces dilemmas for the individual. Some
examples would be:
1) Personal accountability is held for objectives that politicians could stop
happening. An example would be the need to close a facility to contain costs
which a local politician successfully campaigns to keep open leaving the CEO no
other options.
2) A manager attempting to monitor clinical performance can find his freedom to
influence practice obstructed by the argument that doctors must have the clinical
freedom to decide how they wish to treat individual patients.
3) Professional bodies exert pressure to adhere to certain standards without offering
any funding route to achieve those standards. Failure to attain to some standards
thus set could result in the removal of recognition for training and hence the
inability to recruit junior doctors.
4) Politicians priorities may not reflect health priorities, leading to effort and
resources unwisely directed.
5) Seeking someone to hold to account can introduce a name and shame culture.
Good managers need to be careful to resist passing that on within their own
organizations.
6) Most clinical items for which the CEO is held accountableall in many cases
are outside the direct personal competence of the individual. Most CEOs are not
doctors.
In conclusion
Other than in very high profile cases, the general principle of accountability has yet to
be seriously tested in the UK. Will an otherwise competent CEO be removed from
office because of a clinical blunder in a minor specialty that, optimally, should have
19
been prevented? What will be held to be reasonable in terms of mitigation? One of the
reasons I have taken a close personal interest in the Controls Assurance programme in
the UK is because I believe it offers people in my position a defence against an
allegation of incompetence. In any organization problems will occur; the question is
whether that organization can demonstrate that it has dealt responsibly with potential
risk and has taken pragmatic steps where it can to mitigate that risk. The Controls
Assurance agenda in the UK offers that kind of reassurance.
The question for most of us is not will it happen but when will it happen and then,
how well can I defend what I have done and how I have protected the patients under
our care.
20
Introduction
One of the key requirements of the modern health service Board is to be reassured
that systems of control are properly in place so that risk can be seen to be minimized.
Not only is this good management practice but in the British healthcare system it is a
statutory requirement, reference to which has to be made in the formal annual report
of the body concerned. This article describes how one NHS Trust has approached the
question of assuring the Board.
Pri
ANY
SYSTEM
ctic
nci
p
les
Any process can be challenged in three ways; you can examine and deal with the
principles that underpin it, you can change the practices within it or you can look at
the verification process to see whether it works. The CA process chooses the latter
path as, with health systems which tend to be complex, this is the most straightforward
route.
Pra
Verification
1. Chief Executive, Hastings and Rother NHS Trust, UK.
21
In 1995 we were asked to consider trialling a commercial product from, then, Coopers
and Lybrand (now PriceWaterhouseCoopers) called In-Controls (an abbreviation of
internal controls). This had been used in the commercial sector with some success
and the Department of Health wanted to see whether it had a health application. That
pilot ran for a couple of years and it led to us developing our own control methodology
around a database called CONFHRM. The name is simply an acronym of CONtrol
Framework for Hastings and Rother Management. We ran the project out across the
organization during 1998, and are now using it to monitor the whole risk environment
of the Trust. Its prime function, unsurprisingly, is to confirm to the Trust Board that
processes are in place and working. It has a management utility function also however,
that makes it a useful tool for operational people.
22
The CONFHRM database was written in-house in standard computer format and it
has since gone through a number of revisions and updates to meet operational
requirements. We envisage that it will keep evolving permanently. If you wish to see
it, visit our web site at www.harnhst.demon.co.uk and download a demonstration
version.
We held three Trust Board seminars to seek from the members a view of what they
want to be shown in terms of evidence of compliance. That resulted in CA being a
standard agenda item on each of our Board meetings now, with a tenth of the
organization surveyed each monthwe do not meet in August and the December
meeting tends to concentrate on mince pies (a Christmas delicacy here!).
We carried out an extensive communications exercise to explain to all our people what
it was we were doing and why. That formed part of the normal communications
programme within the Trust and the issue sat alongside updates on performance, staff
changes and finance etc.
Now the system is in use live and there is a real buzz around the way it is helping to
structure our work.
We already do that
A comment often made is that health organizations already have systems to check on
things like audit, health and safety, clinical governance etc., so why is another one
needed? We too had such systems, and still do. The point of our CONFHRM
approach is that you can integrate existing systems by cross referencing to them in the
23
When the time comes to mandate managers with responsibilities, it is the senior
manager who must make sure that tasks are do-able and acceptable to the individual
concerned. And finally in this section, it is the senior person who must produce
reports that are meaningful and used by their recipients.
CONFHRM
The database consists of simple fields to capture risk information. It is designed so that
failure to complete key fields will mean that the record is not accepted so
completeness is ensured. It offers the option of creating sub-risks so that managers can
delegate component parts of their own responsibility to subordinates, requiring of
them the same discipline in completing compliance records. Initially I asked that all
entries to the database be made by executive directors who are the accountable officers
for each area. This ensured familiarity with the software and commitment to the
system. Latterly this has been relaxed although a close watch is kept on entries and the
executives, as part of the Steering Group, monitor each other at Group meetings when
the database is projected on to the wall for common critique. The Group also checks
for consistency and in particular vets the priority fields in this regard. The software
24
contains an historic change record that ensures users do not attempt to subvert the
database if a task is not to their liking! It has the capacity to generate routine or bespoke
reports, and, most significantly for us, it is accessible on the Trusts intranet and is
therefore available in real time to all users.
In summary
25
The 1990s was a period of massive change in the management of the National Health
Service and in the way the National Health Service managed its clinical negligence
liabilities.
Prior to 31 December 1989 most claims were dealt with by the Medical Defence
Organizations, the professional bodies to which individual clinicians belong, funded
by membership subscriptions.
Risk management, as with most defence organizations at that time, was largely on an
ad hoc basis and claim volumes were relatively low, but rising towards the end of the
period.
Because of the growth in claim numbers, and the effect of inflation, judicial and
otherwise, on claim values, the funds available to the MDOs were under some
pressure, and a deal was struck with the Department of Health, whereby, in exchange
for a one-off payment for 70 million, the Department of Health would provide an
indemnity against all outstanding claims and all future claims made against the
employees of the National Health Service.
Interestingly, almost all claims prior to 1 January 1990 had been dealt with by two
firms of solicitors, one each being the practice of choice for the two principal Medical
Defence organizations.
With the introduction of NHS indemnity, delivered through Health Authorities and
Regional Health Authorities, the number of legal practices spread so that the
Litigation Authority eventually inherited about one hundred in England alone.
On the 1 April 1991, a further major development occurred with the creation of NHS
Trusts, bodies created expressly to manage individual hospitals or groups of hospitals
in geographical proximity. This was the creation of the so-called Internal Market.
Trusts had a degree of financial independence, which their Boards and management
welcomed, but, in addition, an exposure to financial liabilities, something with which
they were less comfortable.
They did not inherit Health Authority existing liabilities, even if the liabilities arose
from events at the same hospital. Those liabilities remained and remain with the
Health Authority.
For the first time in the history of the National Health Service, Trusts were allowed
to purchase commercial insurance policies. They did this as many trading
organizations do, but there was no market for clinical negligence liability cover.
1. Chief Executive, NHS Litigation Authority, UK.
27
Directors of Finance recognized the potential risk of exposure, even of insolvency, and
sought assistance and guidance from the centre in finding a solution.
Throughout 1993 and 1994 there was considerable debate and consultation under a
Clinical Negligence Working Group, which heard evidence from many and varied
sources, from within and without the public sector. The almost unanimous
conclusion was that a risk pooling arrangement was the optimum solution funded by
member Trusts on a pay-as-you-go basis. This became the Clinical Negligence
Scheme for Trusts (CNST), a voluntary membership scheme to which 98% of Trusts
belong at present.
It was at this point that ideas about risk management began to cohere, not least because
it was at this point that it was first realized that there was an ability to record, manage
and analyse a comprehensive claims database for the first time in the history of the
National Health Service.
Almost everyone who had been consulted about the risk pooling scheme considered
the incorporation of a risk management programme to be an essential component.
Even slowing down the growth in costs, much less reducing it, made risk management
critical.
Further, when invitations to quote for the management of the proposed pool were put
out to tender, all serious contenders came forward with risk management
programmes associated with their bids.
The winning bid was a joint effort, incorporating claims management by the Medical
Protection Society, one of the MDOs mentioned earlier and risk management by
Willis Corroon, now Willis, the insurance brokers.
Partly because the concept was so new to the NHS it was generally agreed that risk
management should begin with the lowest common denominator, that is to say it
should be process driven in respect of basic ancillary activities, rather than focussing
on clinical practice. No doubt there were political influences at play in this decision,
too.
It was, however, always perceived that the initial standards would be progressively
developed, expanded in the light of the accumulating claims database and eventually
move into clinical practice.
The initial standards against which Trusts are assessed by clinically qualified
personnel are:
Standard No. 1
The Board has a written risk management strategy that makes their commitment
to managing clinical risk explicit.
Standard No. 2
An Executive Director of the Board is charged with responsibility for clinical risk
management throughout the Trust
Standard No. 3
The responsibility for management and co-ordination of clinical risk is clear.
Standard No. 4
A Clinical Incident Reporting System is operated in all medical specialities and
clinical support departments.
Standard No. 5
There is a policy for rapid follow-up of major clinical incidents.
28
The introduction of clinical risk pooling and clinical risk management standards within the National Health Service
Standard No. 6
An agreed system of managing complaints is in place.
Standard No. 7
Appropriate information is provided to patients on the risks and benefits of the
proposed treatment or investigation, and the alternatives available, before a signature on a Consent Form is sought.
Standard No. 8
A comprehensive system for the completion, use, storage and retrieval of medical
records is in place. Record-keeping standards are monitored through the clinical
audit process.
Standard No. 9
There is an induction/orientation programme for all new clinical staff.
Standard No. 10
A clinical risk management system is in place.
Standard No. 11
There is a clear documented system for management and communication
throughout the key stages of maternity care.
Standard No. 12
Clinical Care: There are clear procedures for the management of general clinical
care
Standard No. 13
Mental Health and Learning Disabilities: Management of care in Trusts providing Mental Health and Learning Disability Services.
Standard No. 14
Ambulance Service: There are clear procedures for the management of clinical
risk in Trusts providing ambulance services.
Later this year we will be, as it were, getting closer to clinical practice and consulting
on standards relating to:
Oncology
Neonates/Paediatrics
Pathology
Incident Reporting
Training
29
The purpose of Clinical Risk Management is to identify, analyse and set up systems
to contain the consequences of errors and adverse outcomes in medical practice. In
reality it is not possible to eliminate every unintended consequence of professional
practice, but the aim of an effective clinical risk programme, is to prevent avoidable
incidents which may cause harm to patients both physically and emotionally and
which may also result in the payment of damages by the professional provider. When
major errors occur and are publicized by the media, there is an understandable public
and political concern about issues of patient safety and it is instructive to look at
specific examples to see how such disasters may be avoided.
In June 1998, The General Medical Council (the UKs registration body for medical
practitioners) completed the longest (eight months) and most expensive
(>2.2 million or approx or A$5.5 million) disciplinary enquiry ever undertaken. As a
result of the disciplinary enquiry three doctors, one of whom acted purely in a
management capacity, were found guilty of serious professional misconduct and two
were suspended from the medical register. The third doctor, although he did not lose
his registration, was subsequently dismissed from his consultant post. The case against
the doctors arose from a series of disquieting observations that the results of Paediatric
Cardiac Surgery at Bristol Royal Infirmary, a major University centre in the south
west of England, were significantly worse in terms of morbidity and mortality than the
results of other centres. Concerns wee first expressed in 1988 by an anaesthetist who,
new to the unit, noticed that operations took longer than in other centres where he
had worked. In that year the DHSS (Department of Health and social Security)
undertook an audit that was never published but the conclusion was that Bristol
results were significantly worse than elsewhere. There was no inquiry following this
audit but the funding of the unit was increased. The anaesthetist who had made the
original observations remained concerned and between October 1991 and July 1992,
with another colleague, undertook a systematic review of outcomes. In 1992 the Royal
College of Surgeons of England, after an external investigation, unsuccessfully called
for the unit to be dedesignated. In 1994 an expert Cardiac surgeon in a report for the
DOH (Department of Health, successor to the DHSS) recommended that a
particular operation, the switch operation should be stopped and in 1995 a further
report identified the senior of the two surgeons involved as a higher risk surgeon.
This report was rejected by the hospital, which commissioned an internal study. In
1996 the internal report confirmed that two particular operations did not compare
well with the results at other hospitals. By June 1996 a number of parents of children
who had died or suffered morbidity from cardiac surgery had become aware of the
general concerns about the quality of care pro iced to their children and petitioned the
GMC demanding an inquiry. The registration body acquiesced and the inquiry
commenced in October 1997.
1. Independent Medico Legal Services, London, UK.
31
The cases against the three doctors were restricted to a consideration of two particular
operations, the repair of atrio-ventricular septal defects, in which 9 out of 15 patients
died, and switch operations for the congenital defect of transposition of the aorta and
pulmonary arteries in which 20 patients out of 38 died. In all, out of 53 operations, 29
patients died and 4 were brain damaged. The senior surgeon, who was also the medical
director of the hospital, was found guilty of serious professional misconduct on the
basis that he continued to perform operations to correct A-V septal defects despite
concerns expressed by colleagues about his high mortality rate, that he did not seek
retraining or advice and that he acted against the best interests of patients by
permitting his more junior colleague to perform the switch operations, he was struck
off the register. His junior consultant surgical colleague was also found to have failed
to analyse his own performance and to have failed to pay sufficient regard to the
patients best interests. He was found guilty but his name was not removed from the
register. The third doctor, not a surgeon, who was employed as the chief executive of
the hospital was found not to have taken action to stop the operations despite
colleagues concerns. He too was struck off the register. This is believed to be the first
case of a doctor being disciplined by the GMC whose involvement in patient care was
purely in a management capacity.
The case before the GMC was of great interest and concern to a wide range of opinion,
not only the involved witnesses but also the wider public, the profession, the media
and politicians. The GMC recognized the importance of the case by formally revising
its advice to doctors in its booklet Good medical practice. The most important changes in
its advice were to identify the importance of the individual doctors need to recognize
the limit of his own professional competence, the need to keep up to date with
advances in medical practice, the importance of working in teams and, in a complete
about turn of the classical advice not to disparage other doctors, to recognize the need
to protect the interests of patients by reporting concerns about a colleagues conduct
or practice to the employing or regulatory body.
The then Secretary of State for Health in a statement to parliament following the
result of the GMC deliberations announced his intention to hold a public inquiry and
intimated the governments plans:
a) to set up an Institute of Clinical Excellence to set national standards of clinical
care;
b) to require hospital doctors to participate in national external audit; and
c) to enable patients and general practitioners to obtain information on the treatment success rates of local hospitals. He expressed the hope that nothing like it
happens again.
Accessed by Clough Engineering on 07 Sep 2001
Professor Ian Kennedy, Professor of Health Law, Ethics and Policy in the School of
Public Policy at University College, London was appointed Chairman of the Inquiry
with a supporting committee of experts and an advisory group of relevant clinical
experts who have reviewed a proportion of the clinical cases. The remit of the public
inquiry is far wider ranging than the GMCs. The terms of reference state the purpose
to be to inquire into the management of the care of children receiving complex
cardiac surgical services between 1984 and 1995 and relevant related issues, to make
findings as to the adequacy of the services provided, to establish what action was taken
both within and outside the hospital, to deal with concerns raised about the surgery
and to identify any failure to take appropriate action promptly, to reach conclusions
about the events and to make recommendations which could help secure high quality
care across the NHS.
32
The first phase of the inquiry was completed at the end of 1999 and the preliminary
report is expected later in the Spring of 2000 with the final report due in the Autumn
2000. The inquiry is currently in the second phase of a series of seminars on such
topics as performance and leadership with the involvement of a wide range of
distinguished participants from the private and public sectors.
For a full appraisal of the extensive witness and expert evidence it will be necessary to
await the publication of the full report but already some disquieting information is
available which extends the concerns about the cases to matters other than the
individual competence of the doctors involved. Although the remit of the GMC
disciplinary committee is to establish the responsibility and culpability of individual
doctors the findings of the expert panel advising the public inquiry, who were asked
to undertake a detailed analysis of a selection of the nearly 2000 cases being
considered, shows that there were important factors at play other than the individual
competence of two doctors. The panels findings remind us of the importance of a full
root-cause analysis of major mishaps and the need to avoid the appearance of a witchhunt against individuals.
The inquiry panel commissioned clinical experts who worked in multi-disciplinary
teams, to review the cases of 80 children covering a total of 100 procedures of cardiac
surgery selected at random from the nearly 2000 cases undertaken between 1984 and
1995. The sample was deliberately weighted towards younger children undergoing
open-heart surgery and towards those who died.
Initial analysis showed that 50% of the children in the sample received adequate care.
A further 20% received care that was less than adequate but different management
would have made no difference to the outcome. In the remaining 24 cases (30% of the
total) it was concluded that different management might have made or could
reasonably be expected to have made a difference to outcome. In only 9 of the 100
procedures assessed was it considered that different conduct of the surgical procedure
might have or would probably have made a difference to outcome.
While it is important not to ignore the effect of less than optimal competence on the
part of the surgeons it is equally important to recognize the other factors involved
which the experts identified. Aspects of pre-operative care, surgical care and postoperative care were all mentioned as well as problems of communication and
difficulties arising from the way the Bristol service was organize.
All those of us working in the field of risk management would share the Secretary of
States wish that such a disaster would not be repeated but a recent statement of intent
from the President of the United States of America reminds us how difficult it is to
make effective systematic arrangements to ensure the prevention of harm to patients.
The USA has had about a twenty-year head start over the UK and Australasia in the
development of Clinical Risk programmes and yet in a recent New York Times report
an Administration official announced the Presidents intention shortly to order all
hospitals in the Unites States to take steps to reduce medical errors that kill tens of
thousands of people each year andto urge states to require the reporting of such
errors. The announcement follows a report on medical errors by the US National
Academy of Sciences.
Could Bristol have been avoided? Probably, if existing systems had worked well. Will
it happen again? Sadly, in spite of the best efforts of many well-intentioned people,
something similar possibly may occur again but probably not at Bristol where the
details of the distressing events and the complexities and raw emotions of the GMC
and public inquiries are likely to linger long in the memories of the professional and
management staff.
33
References
General Medical Council 1998, Good medical practice, London.
The New York Times, February 22, 2000.
34
Controls assurance
Involving the Board
Tim Crowley1
Background
The National Health Service is at the forefront of good governance in the public
sector. On the firm foundations of Audit Committees, Codes of Conduct, Model
Standing Orders etc., the principle of Boards making public statements on risk and
control has been set in train. Since 1997/98 statements have been made on internal
financial control; the recently issued HSC(99)123 outlines the wider organizational
control statements that take effect from 1999/2000; and the prospect of convergence
with the clinical governance agenda, resulting in an all controls statement has been
signposted.
The overarching initiative behind this work is the Controls Assurance Project which
can be defined as follows: With existing resources, used to best effect, what assurance
can be gained? This is supported by the following project principles:
involving people;
integrating functions;
At its simplest, controls assurance is a process designed to provide evidence that NHS
organizations are doing their reasonable best to manage themselves so as to meet
their objectives and protect patients, staff, the public and other stakeholders against
risks of all kinds. It is a basis for Chief Executives, as accountable officers, to discharge
their responsibilities. Similarly, it will support Sir Alan Langlands, as Accounting
Officer, in the provision of assurances to Parliament and the public.
Essentially, the Project is founded on the principle that assurance is built upon
systems and cultures that involve people. To that end much of the pilot work and
guidance has centred upon techniques to engage wider groups of NHS staff in
understanding and reporting upon risk within their areas of responsibility. Also, there
has been an emphasis on ensuring that there is top down commitment, which should
be initiated through a Board level consideration of key risks.
This chapter sets out one example of that pilot site work. It has been undertaken by
Mersey Internal Audit Agency and provides a practical insight into securing Board
level involvement.
35
An overall approach
Before focusing in upon a specific approach at Board level it may be helpful to step
back and consider the overall assurance cycle. The diagram below seeks to establish
the steps in such a process together with the range of tasks that an organization might
consider to move forward.
Communicate and discuss
assurance reporting
Conduct top level review linked
to objectives
Identify key risks on the basis of
probability and impact
Utilize risk checklists and other
guidance
Take stock and evaluate the
adequacy and effectiveness of
existing controls
Set out actions to manage risk
Conduct self assessment
workshops as part of risk
management
Board assessment
of key risks
and controls
Wider organizational
assessment of
risk and culture
Assurance
statement
Formally consider
output at Board and
Audit Committee
Cross reference to clinical
governance assurances
Monitoring
Establish sub-committee to
monitor the overall process
Define the role of Audit
Utilize model
documentation
Identification of
actions and
responsibilities
If such a process is not already in place a top down diagnosis of key risks and
controls should be conducted. This can be structured in a number of ways
depending on the culture of the organization. An important feature is that results
focus on major risks across the full range of the Trusts/Authoritys objectives
and that consensus is reached. Also, this stage represents an opportunity to take
stock of all existing initiatives and controls to determine where there are gaps
and/or overlaps. Another common element of the process is the profiling of risk
following debate on potential impact and probability of occurrence. This can
then be linked to issues of accountability and monitoring. In overall terms the
process establishes an assurance action plan, which frames up any future work.
All these outputs will usually be generated through a facilitated session that may
use different emphases to arrive at the same outcome.
2) Wider organizational assessment of risk and culture
It is often useful to conduct a wider review of risk and attitudes by targeting lower
levels within the organization. In many Trusts and authorities there is not always
a matching of the Boards perception of risks and the opinions of different groups
of employees. This lack of congruence can be the root cause of subsequent control failures, which go on to take the Board by surprise. Also, certain risks in isolation may seem relatively insignificant but when they are attached to individuals
who feel very negative about the organization, perhaps because of poor training
or inadequate support, those risks become far more critical. Various tools, primarily survey based, have been developed to collect this information.
36
Controls assurance
The Mersey Internal Audit Agency (MIAA) approach follows the principles set out in
the generic process cycle. A range of techniques, that can translate the processes
described, into practical delivery and subsequent action have been developed.
However, for the purposes of this chapter emphasis is being given to the undertaking
of top level self assessment workshops utilizing a quality model (The Business
Excellence Model) rather than explanation of the more routine processes associated
with traditional self assessment workshops.
An important first element of much of MIAAs Controls Assurance work has been the
undertaking of a Top Level Review. The objective of this exercise is to facilitate senior
management in the production of a prioritized risk list that also maps out current
processes to mitigate risk. In summary, this is achieved through a workshop that
utilizes interactive technology. It provides an organization with a top down framing
up of risk that can act as a platform and focus for subsequent work. A key element of
the output is an action plan linking risk to accountability.
The background to developing such an approach has been driven by a range of debates
with Chief Executives, Directors and Audit Committees. The consistent message
from each of these groups has been that any process to address the assurance agenda
must:
recognize and build upon existing risk management and quality activities;
add value;
From that position a process was designed to secure top level commitment through
the conduct of a self assessment exercise with the following characteristics:
The decision to use the Business Excellence Model as a focus stemmed from the
recognition that the terms risk management, controls assurance and control self
assessment were not the common currency of NHS professionals and were unlikely
to engage interest. Quality has been a consistent premise for all healthcare workers and
support staff. Consequently the delivery of assurance through self assessment could
sensibly be presented as integral to the wider quality agenda. In many respects risk and
quality are two sides of the same coin. Quality measures and risk consequences
parallel each other but the focus on quality brings the added dimension of continuous
improvement. This is a very important point because there is a real concern that self
assessment which is centred upon risk generation and prioritization can lead an
organization into risk inertia. Individuals and groups of staff direct their energies to
logging and calibrating risk to the exclusion of the very necessary process of seeing and
taking opportunities. Quality unlocks the tendency to becoming submerged in the
bureaucracy of risk aversion.
Clinical and
managerial
leadership
Human
resources
Staff
satisfaction
Policy and
strategy
Patient/referrer/
Commissioner
satisfaction
Processes
Partnerships
and non-human
resources
Enablers
Improving the efficiency of health care delivery
Key performance
results
(Clinical,
organizational
and financial)
Additional
impact on
society
Results
Improving effectiveness
The nine criteria of the model are linked by the principle that Customer Satisfaction,
People (employee) Satisfaction and Impact on Society are achieved through
Leadership driving Policy & Strategy, People Management, Resources and Processes
leading ultimately to excellence in Business Results.
38
Controls assurance
The process
A top level workshop is conducted usually with 68 Executive Directors and Senior
Managers. The Board and Audit Committee are advised of the process but, generally,
non executives do not participate. The workshop takes 45 hours and prior to
attendance each attendee completes a Controls Assurance Resource Pack. The Pack
asks a series of questions under each of the Business Excellence Model criteria. An
extract from People Management is shown below:
PEOPLE MANAGEMENT
Questions
A.
Are the skills and abilities needed by your Trust known, recorded,
regularly updated and aligned to the business needs?
0
1
2
3
4
5
B.
D. Is the full potential of all people being realised to achieve the Trusts
strategic direction?
0
1
2
3
4
5
E.
F.
Key:
39
Following completion of the questions notes are then made under each section as
follows:
Notes on People Management:-
Strengths Identified
Evidence:-
The completed Resource Packs are then individually and anonymously returned to
MIAA and a consolidated report is prepared which becomes the agenda for the
workshop. The report is structured across each of the Business Excellence criteria and
sets out a graphical response of the group to each of the questions and summarizes the
views on strengths, weaknesses and risks. The facilitator presents the data back to the
group and a structured debate then ensues around diversity and consensus of
attitudes, existence and robustness of evidence etc. Because the Excellence Model
separates the debate into compartments it helps to focus direction. The facilitators
task is to arrive at an agreed list of key risks and then to vote on probability and impact.
Optionfinder technology is used to speed up the voting process. An example of one of
the graphs fed back to the workshop is as follows. The number above the bars
represents the number voting and the horizontal axis reflects 0 = poor and 5 = good
(this was a workshop with a small number in attendance).
40
Controls assurance
Frequency
bus-ex
The facilitator would allow the group to explore the reasons for such voting to
determine whether risk issues were triggered. Once risks have been defined
probability and impact is polled resulting in a graph similar to that below. Each of the
letters represent a risk agreed by the group.
A
D
FCB
4
1
Average
Likelihood
Impact
executive briefing;
commitment to proceed;
results collated;
41
Conclusion
Once the top level work has been delivered the results can then inform and direct
future assurance strategy. One outcome is that it can target workshops that engage a
wider range of staff. MIAA have conducted an extensive range of risk workshops with
multi-disciplinary groups of staff. These have been selected as a result of the top level
assessment. Examples of the work performed and in progress are: communication at
ward level; utilization of agency/bank nursing; staff mix; payroll; non pay expenditure.
All of this work has engaged front line staff in considering risks with substantial
results. The important distinction from other self assessment workshops, however, is
that they connect with a Board led framework and the results can, therefore, be linked
to any assurance statements provided by a Board of Directors. If workshops operate in
a vacuum, tackling isolated issues, they may well produce worthy results but they will
have little value in terms of an assurance agenda or in delivering sustained cultural
change.
42
Risk management
A journey, not a destination
Kevin Knight1
Evidently, part of the situation we need to deal with is common toall peoplethe
desire to avoid unpleasantnessif necessary, by burying our heads in the sand.
To laugh is to risk
To laugh is to risk appearing the fool
To weep is to risk appearing sentimental
To expose feelings is to risk exposing your true self
To reach out to another is to risk involvement
To place your ideas, your dreams before a crowd is to risk their loss
To love is to risk not being loved in return
To live is to risk dying
To hope is to risk despair
To try is to risk failure.
But risks must be taken because the greatest hazard in life is to risk nothing
The person who risks nothing, does nothing, has nothing, and is nothing.
1. Chairman of the ISO Working Group on Risk Management Terminology; Member of the Standards Australia Risk
Management Committee and Risk Management Coordinator of Education Queensland.
43
They may avoid suffering and sorrow but they cannot learn, feel, change, grow,
love, live.
Chained in by their attitudes, they are a slave, they have forfeited their freedom
Only the person who risks is free.
Anonymous
Identify risks
Analyse risks
Evaluate risks
Assess risks
Treat risks
44
Risk management
Identify risks
What
can happen?
How can it happen?
Determine
consequences
Analyse risks
Evaluate risks
Compare against criteria
Set risk priorities
Accept
risks
Assess risks
Yes
No
Treat risks
Identify treatment options
Evaluate treatment options
Select treatment options
Prepare treatment plans
Implement plans
45
Accountability
Supervision
Potential greater
future role of
risk management
Strategic
Strategic
management
management
Executive
management
Decision and control
operational management
Management
Boyd (1997) illustrates the relationship between management, risk management and
corporate governance above. Corporate Governance activities are represented as four
principal components: direction, executive action, supervision and accountability.
The need for risk management to be undertaken at the strategic level of an
organization is highlighted.2
This illustrates the current, and traditional, situation where risk management
techniques are more highly evolved at the operational and tactical levels of an
organization.
Review effectiveness
Accessed by Clough Engineering on 07 Sep 2001
Board review
Management review
Individual team performance
(review and reward)
External audit
Risk management
Action
Underpinned by:
AS/NZS ISO 14000 Environmental management
AS/NZS ISO 9000 Quality management
AS/NZS 4360 Risk management
AS/NZS 3806 Compliance program
AS/NZS 4269 Compliance handling
Change management
Continuous improvement
Service development
Systems development
Risk management
Measurement
Audit
Client feedback
Benchmarking
Management information
Risk management
Implementation
People
Information technology
Process and infrastructure
Policies and procedures
Change and project management
Risk management
2. Boyd, J. 1997, Risk managements role in corporate governance, Corporate Risk, vol. 4, no. 8.
46
Risk management
Plan
Measurement
Quality
Safety
Environment
Other risks
Monitoring
Audit
Client feedback
Benchmarking
Performance measurement
Risk management
Communication
Risk management
Identify needs
Objectives and targets
Define resources
Define strategies
Communication
Implementation
Risk management
Systems development
Define and implement procedures
Define performance measures
Documentation
Communication
Board of directors
Approves policy
Approves risk limits
Approves risk tolerance
Provides oversight
Line managers
Identify risk
Propose risk limits
Control
Report
Executive management
Establishes policy
Establishes risk limits
Establishes risk tolerances
Reports to board
Enforces
47
AS/NZS 4360:1999
The responsibility, authority and the interrelationship of personnel who perform and verify
work affecting risk management shall be defined and documented, particularly for people who
need the organizational freedom and authority to do one or more of the following a) initiate action to prevent or reduce the adverse effects of risk;
b) control further treatment of risks until the level of risk becomes acceptable;
c) identify and record any problems relating to the management of risk;
d) initiate, recommend or provide solutions through designated channels; and
e) verify the implementation of solutions.
2.3.3 Resources
The organization shall identify resource requirements and provide adequate resources,
including the assignment of trained personnel for management, performance of work and
verification activities including internal review.
Stakeholder identification
AS/NZS 4360:1999
4.1.2
Identify the internal and external stakeholders, and consider their objectives, take into
account their perceptions, and establish communication policies with these parties.
48
decision-makers;
regulators and other government organizations that have authority over activities;
politicians (at all levels of government) who may have an electoral or portfolio
interest;
customers;
the media, who are likely stakeholders as well as conduits of information to other
stakeholders; and
Risk management
Throughout the study, the mix of stakeholders may change. New stakeholders may
join and wish to be included in any considerations, while others may drop out,
through no longer being involved in the process. (e.g. when the decision has been
taken to avoid an activity.) Consequently, the stakeholder consultation process should
be continuous and, as such, should be included as an integral part of the risk
management process.
Note that the level of stakeholder concern may change in response to new
information, either because the stakeholder's needs and concerns have been
addressed, or because new information has given rise to new needs, issues and/or
concerns. Note also that it is valid for different stakeholders to have different opinions
and different levels of knowledge regarding a particular issue. Care must be taken to
balance these legitimate interests while avoiding involvement of those who would use
the process as a forum for other purposes.
The purpose of a stakeholder analysis is to provide decision-makers with a
documented profile of stakeholders so as to better understand their needs, issues and/
or concerns. The stakeholder analysis also provides the basis for the development of
messages that decision-makers may wish to deliver to other stakeholders as part of the
communication and consultation process. Note that information captured through
stakeholder analysis may or may not be shared with other stakeholders, depending on
such issues as the uncertainty of the information at the time and/or the need to keep
certain information confidential for the time being.
Understanding stakeholders will assist in the development of marketing and
communication strategies.
49
Perceptions of risk
Perceptions of risk can vary significantly between technical experts, project team
members, decision-makers and stakeholders. For this reason, the need to effectively
communicate the level of risk involved in a treatment plan is essential if an informed,
valid decision is to be made.
Technical experts tend to emphasize factors in terms of the probability of an
occurrence or its likelihood and consequences, while a lay-person tends to emphasize
factors such as:
the degree of personal control that can be exercised over the activity;
Note that lay-persons are less accepting of risks over which they have little or no
control (e.g. public transport versus driving one's own car), where the consequences
are dreaded, or the activity is unfamiliar.
Stakeholder perception of risks may vary due to differences in assumptions,
conceptions, and the needs, issues and/or concerns as they relate to the risk or issue
under discussion. Stakeholders are likely therefore to make judgements of the
acceptability of a risk based on their perception of the risk. Since stakeholders have the
most impact on the decision-making process, it is important that their perceptions of
risks, as well as their perceptions of benefits, be identified, documented and the
underlying reasons for them understood.
Identify risks
AS/NZS 4360:1999
This step seeks to identify the risks to be managed. Comprehensive identification using a wellstructured systematic process is critical, because a potential risk not identified at this stage is
excluded from further analysis. Identification should include all risks whether or not they are
under the control of the organization.
Accessed by Clough Engineering on 07 Sep 2001
This step requires identification of risks which arise from all aspects of the
environment identified in the previous step. Unidentified risks can pose a major
threat to the organization. It is important to ensure that the widest range of risks are
identified.
Risk identification involves examining all sources of risk and the perspective of all
stakeholders, both internal and external. It is important to identify each source so that
the analysis can consider the contribution each makes to the likelihood and the
consequences of the risk. A risk assessment may concentrate on one or many possible
areas of impact relevant to the organization or activity, but a standard methodology
should be applied across all functions.
Valid information is important in identifying risks and in understanding the
likelihood and the consequences of the risk. Although it is not always possible to have
the best, or all information, it should be as relevant, comprehensive, accurate and
50
Risk management
brainstorming;
scenario analysis;
decision trees;
flow charting, system design review, systems analysis, systems engineering techniques, e.g. Hazard and Operability (hazop) studies;
operational modelling.
The purpose of this list is to provide a list of potential exposures that managers might
face. The list is not exhaustive, but it should give managers an indication of exposures
which may effect their business and therefore have to be managed.
Human resource management problems with own staff:
inadequate/inappropriate training;
inappropriate skills mixes;
insufficient technical skills;
cultural/religious conflicts;
criminal activity;
language difficulties;
Equal employment opportunity/anti-discrimination
disputes/litigation;
claims of sexual harassment;
occupational health and safety disputes;
loss of key staff;
industrial disputes;
unfair dismissals/litigation;
badly designed workplaces;
problems with outside contractors;
51
52
Risk management
industrial accidents;
arson;
staff exposure to long-term hazards and pollution;
community exposure to pollution;
attack by deranged persons;
epidemic among staff;
commercial/legal relationships;
socio-economic;
political/legal;
personnel/human behaviour;
53
financial/market;
technology/technical;
business interruption;
property/assets;
security;
natural events;
people;
community;
organizational behaviour;
intangibles.
When, where, why, how are the risks likely to occur, and who might be involved?
54
Risk management
Analyse risk
AS/NZS 4360:1999
The likelihood of events occurring and the magnitude of their consequences, are assessed in
the context of the existing controls. Likelihood and consequences are combined to produce a
level of risk.
The level of risk is defined by the relationship between likelihood and consequence
applicable to the area of risk or program under review.
Qualitative analysis may be used where the level of risk does not justify the time and
resources needed to do a numerical analysis, where the numerical data are inadequate
for a more quantitative analysis, or to perform an initial screening of risks prior to
further, more detailed analysis.
The value of qualitative analysis is enhanced when the determination of risk is shared
across a range of people with varying backgrounds and interests. One person's view
may be different from another's and the contribution of many ideas may improve the
usefulness of the outcome.
A semi-quantitative approach allocates numbers to qualitative word rankings such as
high, medium and low, or to more detailed descriptions for likelihood and
consequence. These rankings are shown against an appropriate numerical scale for
calculating the level of risk. Information can then be processed for analysis using
arithmetic methods.
If using a semi-quantitative approach, it is important not to interpret the results to a
finer level of precision than is actually contained in the initial word rankings. Do not
use the numbers to give an appearance of precision where it does not exist.
The level of risk can be calculated using a quantitative method in situations where the
likelihood of occurrence and the consequences can be quantified. For example, fraud
risk assessments tend to be quantitative. This method is particularly valuable in
providing a ranking of residual risks to identify a prioritized list of action areas.
55
Likelihood
Example 1
Almost certain
Likely
Moderate
Unlikely
Rare
Example 2
Almost certain
Likely
Possible
Moderate
Rare
Very rare
Almost
incredible
Very rare and almost incredible are generally used as risk descriptors in engineering
risk assessment, i.e. flood mitigation or other similar disciplines
Consequences
Example
56
Extreme
The consequences would threaten the survival of not only the programme,
but also the Organization, possibly causing major problems for clients, the
administration of the programme or for a large part of the Public Sector.
Revenue loss greater than x% of total revenue being managed would have
extreme consequences for the Organization both financially and politically.
Very High
Medium
The consequences would not threaten the programme, but would mean
that the administration of the programme could be subject to significant
review or changed ways of operating. Revenue loss greater than z% of total
revenue being managed would have medium consequences for the
Organization both financially and politically.
Risk management
Low
Negligible
Neglibible
Low
Medium
Very high
Extreme
Almost certain
significant
major
high
severe
severe
Likely
moderate
significant
major
high
severe
Moderate
low
moderate
significant
major
high
Unlikely
trivial
low
moderate
significant
major
Rare
trivial
trivial
low
moderate
significant
Level of risk
Example 1
Severe risk
High risk
Major risk
Significant
risk
Moderate risk
Low risk
Trivial risk
57
Example 2
Extreme risk
Severe risk
High risk
Moderate risk
Low risk
Trivial risk
Level
Descriptor
Insignificant
Minor
Moderate
Major
Outstanding
A qualitative opportunity analysis matrix like that in Table E3 of the standard can be
used to determine the level of opportunity. All that need change is the legend, with
the focus of action being on capturing and exploiting the opportunity rather than
avoiding or mitigating the problems.
H = high opportunity; detailed planning required at senior levels to prepare for and
capture the opportunity;
S = significant opportunity; senior management attention needed;
M = moderate opportunity; management responsibility must be specified;
L = low opportunity; manage by routine procedures.
58
Risk management
-H
-S
-S
A
Almost
certain
-H
-H
-S
-S
-M
B
Likely
-H
-H
-S
-M
-L
C
Moderate
-H
-S
-M
-L
-L
D
Unlikely
-S
-S
-M
-L
-L
E
Rare
-5
-4
-3
-2
-1
Likelihood
+1
+2
+3
+4
+5
Minor
Insignificant
Insignificant
Minor
Major
Outstanding
Moderate
-H
Catastrophic
-H
Moderate
POSITIVE CONSEQUENCES
Major
NEGATIVE CONSEQUENCES
Likelihood
Catastrophic
Region
+5
Consequences
59
What are the current controls which mayprevent, detect or lower the consequences of potential or undesirable risks/events?
existing control;
Explanation of the method used, and the definitions of the terms used to analyse
the likelihood and consequences of each risk.
Documentation should fit the need for records in relation to the level of risk.
Evaluate risks
AS/NZS 4360:1999
This step is about deciding whether risks are acceptable or unacceptable. A risk is
called acceptable if it is not going to be treated in step 5. Defining a risk as acceptable
does not imply that the risk is insignificant.
The evaluation should take account of the degree of control over each risk and the cost
impact, benefits and opportunities presented by the risks. Also, the risks borne by
other stakeholders that benefit from the risk should be considered.
Accessed by Clough Engineering on 07 Sep 2001
The significance of the risk and the importance of the policy, program, process or
activity need to be considered in deciding if a risk is acceptable.
60
The level of the risk is so low that specific treatment is not appropriate within
available resources.
The risk is such that there is no treatment available. For example, the risk that a
project might be terminated following a change of government is not within the
control of an organization.
The cost of treatment, including insurance costs, is so manifestly excessive compared to the benefit that acceptance is the only option. This applies particularly
to lower ranked risks.
The opportunities presented outweigh the threats to such a degree that the risk
is justified.
Risk management
One approach is to compare the level of each risk, from the analysis step, against the
level of acceptable risk assessed from Step 1 (Establishing the Context). A review of
the risk criteria from Step 1 may be needed to ensure that criteria have been identified
for all significant risks.
The risks not considered acceptable are those which will be treated in some way.
These are prioritized for subsequent management action as a component of the
organizations action plans.
Interolerable
region
LEVEL
OF
RISK
As
Low
As
Reasonably
Practicable
As
Low
As
Reasonably
Achievable
61
High Risk
Major Risk
Significant
Risk
Moderate Risk
Low Risk
Trivial Risk
62
List acceptable risks with the reasons they are considered acceptable.
Risk management
Treat risks
AS/NZS 4360:1999
This step is about considering options for treating risks which were considered not
acceptable at the previous step. A combination of options may be appropriate in
treating risks:
Evaluated and ranked risk
Risk
acceptable
Yes
Accept
No
Reduce
likelihood
Reduce
consequences
Transfer in full
or in part
Avoid
Monitor and review (clause 4.6)
Identify
treatment
options
Prepare
treatment
plans
Implement
treatment
plans
Reduce
likelihood
Reduce
consequences
Transfer in full
or in part
Part retained
Risk
acceptable
Yes
Avoid
Part transferred
Retain
No
63
Accepting the risk if the likelihood and consequence of that risk is consistent
with the established criteria. (Acceptance, in many instances, may follow the risk
reduction measures identified in Appendix H of the standard.) These criteria
should have established the threshold of what, for the organization, would constitute an unacceptable exposure. The ability of the organization to absorb an incident will, to a large degree, depend on the size and "financial health" of that
organization.
Avoiding the risk by deciding either not to proceed with the activity that contains an unacceptable risk, choosing an alternative more acceptable activity which
meets the objectives and goals of the organization, or choosing an alternative less
risky methodology or process within the activity.
The option of adopting an alternative work practice of lower risk reduces the
consequences and/or likelihood of harm or loss and therefore, is a treatment and
not necessarily avoidance of risk. Avoiding the risk is equivalent to refusing to accept the risk.
Reducing the likelihood or the consequences of the risk, or both. Note that
there is a trade off between the level of risk and the cost of reducing those risks
to an acceptable level. As already stated, the acceptable level should be consistent
with the established risk criteria. (The relationship between risk and the cost to
reduce a particular risk is shown in Figure 5).
Any one of several decision points may be chosen. These include:
Which criterion is considered to be the most acceptable, depends on the circumstances and the established risk context within which the decision has to be made.
With the right scenario, a valid argument can be made for any of the above options.
Where risk reduction is considered both feasible and cost effective, the required
funding will need to be budgeted, with the responsible person ensuring that the
risk reduction measures are carried out to the level determined.
64
Transferring the risk, in full or in part, to another party. From a Public Sector
perspective, this may mean transferring it to the public at large and, in many instances, this may be unacceptable for political, moral or constitutional reasons.
Again, the risk criteria should establish the level of acceptability of risk transfer
in each instance. For example, where goods and/or services are being acquired
from a contractor, and the contractor is in the best position to manage that particular risk, risk transfer would be acceptable.
Risk management
Retention of either residual risks, following completion of risk reduction measures, or of those risks which, for political, moral or constitutional reasons are required to be retained by Public Sector organizations.
Satisfactory
Most cost
effective
Accepted
practice
Best
achievable
Absolute
minimum
Figure 5: The trade-off between level of risk and cost of reducing risk
AS/NZS 4360:1999
Monitoring and review is an essential and integral step in the process for managing
risk. It is necessary to monitor risks, the effectiveness of the plan, strategies and
management system that have been set up to control implementation of the risk
treatments.
Risks need to be monitored periodically to ensure changing circumstances do not alter
the risk priorities. Few risks remain static.
Programs and processes change, as can the political, social and legal environment and
goals of an organization. Accordingly, it is necessary to re-examine the risk context to
ensure the way in which risks are managed remain valid.
65
The principles of risk management are quite general in nature, but their application
depends upon the context and environment from time to time. The process of review
and monitoring ensures that risk management strategies continue to be a vital part of
the organizations business processes. The presence of regular performance
information can assist with identifying likely trends, trouble spots and other changes
which have arisen.
internal audit;
physical inspections;
Key questions
Are the assumptions, including those made in relation to the environment, technology and resources, still valid?
Do the risk treatments comply with legal requirements, government and organizational policies, including access, equity, ethics, accountability?
66
Risk management
Further reading
Standards Australia/Standards New Zealand 1999, AS/NZS 4360:1999 Risk
Management, Standards Australia, Homebush NSW.
Standards Australia 1999, HB 1411999 Risk financing guidelines, Standards Australia,
Homebush NSW.
Standards Australia 1999, HB 1421999 A basic introduction to managing risk using the
Australian and New Zealand Risk Management Standard AS/NZS4360:1999,
Standards Australia, Homebush NSW.
Standards Australia/Standards New Zealand 1999, HB1431999 Guidelines for
managing risk in the Australian and New Zealand Public Sector, Standards
Australia, Homebush NSW.
Canadian Standards Association 1997, CAN/CSA-Q850-1997 Risk management:
guideline for decision-makers.
Japanese Standards Association 1997, JIS/TR-Z0001 Draft Risk Management System
Standard.
British Standards Institute, 99/402 000DC Draft guide to the management of business related
project risks
Institute of Chartered Accountants in England & Wales 1998, Financial reporting of risk
Proposals for a statement of business risk.
Canadian Institute of Chartered Accountants 1995, Guidance for directorsGovernance
processes for control
1998, Guidance for directorsThe Millennium Bug.
1998, Learning about risk: Choices, connections and competencies.
Bannister, J. 1997, How to manage risk, LLP London, 2nd edn, ISBN 1 85978 060 1.
Bernstein, P. L. 1997, Against the gods: The remarkable story of risk, ISBN 0-471-12104-5.
Boyd, J. 1997, Risk managements role in corporate governance, Corporate Risk,
vol. 4, no. 8.
Department of Administrative Services/Purchasing Australia 1996, Managing risk in
procurementA handbook.
1997, Applying risk management techniques to complex procurement.
67
Professional associations
The Association of Risk and Insurance Managers of Australasia
PO Box 1263
CROWS NEST NSW 2065
Internet address: http://www.arima.com.au
E-mail address: arima@s054.aone.net.au
The Australian Institute of Risk Management
PO Box 6079
NORTH SYDNEY NSW 2060
Internet address: http://www/airm.org.au
E-mail address: airm@BlueSky.com.au
68
Introduction
Today I am talking to you about the need for effective, dynamic governance in
healthcare: what is good governance and why we need it. It is not a speech about
Clinical Risk Management (CRM). However, the two are inherently related. For
CRM to truly work one must start with the right framework. Good governance sets
the right framework for good CRM.
Governance is an issue of increasing importance across all aspects of the public sector,
not just health. It will become even more significant as competition between public
and private providers proceeds. We must ask ourselves what is the optimum
governance for public agencies. Work in this area is occurring in all jurisdictions.
Both the question of governance and the expectations of Government have been paid
relatively little attention over recent years, particularly as we have emphasized the
arms-length nature of relations between the Victorian Department of Human
Services and public providers. It is now time to take a more mature approach and,
while clearly defining respective roles and responsibilities, move to a more
constructive strategic partnership approach. This involves recognizing that networks
and other public hospitals are public businesses. We must ensure that our expectations
are clear.
As the purchaser of public hospital services, and as the representative of the owner of
those services (the community), the Government encourages Boards to constantly
seek to improve their performance. This is essential if Boards are to ensure that the
corporate body for which they have ultimate responsibility is successful in meeting its
objectives.
69
Duties of directors
What is the function of a Board of directors of a public hospital? In general terms, each
Board is responsible for overseeing the operations of the services which it governs.
Section 40D of the Victorian Health Services Act 1988 outlines the functions of the
Boards of metropolitan healthcare networks in more detail. The following details
were included in the Act in 1995, when the networks were established:
developing plans, strategies and budgets to ensure the provision of health services
and long term financial viability of the network; and
monitoring the performance of the network and the chief executive officer.
act in good faith to meet the objectives of the hospital in accordance with the
powers of the Board and the hospital;
There are two other levels of accountability that also apply to Boards of public
hospitals. These stem from the peculiar nature of such hospitals as bodies which are
created under statute to carry out public purposes, and which are also funded by
Government. As such, directors of Boards of public hospitals are:
first, as the holders of a public office, accountable for the overall performance of
the hospital to the Government, which is in turn answerable to the community
for the performance of the public healthcare system;
70
Focus on patients
A Board should therefore concentrate upon improving the health outcomes of the
consumers of the services of the hospital. The hospital must be responsive to the
needs of its customers. This will include striving to deliver health services in a timely
manner which are:
accessible;
co-ordinated;
medically appropriate.
A Board should adopt strategies to ensure that the hospital achieves this set of
objectives.
A hospital will only be able to effectively meet the needs of the community if the
organization as a whole is in a sound position. A healthy organization is a necessary
pre-condition for achieving the corporate purpose. This includes the following
aspects.
First, the financial viability of the organization and the prudent use of public
funds is essential. This includes the cost efficient delivery of care.
Second, as a public body and corporate citizen, the public hospital must act in
accordance with all relevant laws, and its by laws and objects.
Third, the Board must ensure that the public hospital functions well as an
organization. This includes effectively using the skills, commitment and other
strengths of its staff, and recognizing the fundamental importance of preserving
morale. It also includes fostering a climate within the organization that is
conducive to innovation and is responsive to consumers.
These subsidiary goals provide a more comprehensive measure of the health of the
corporation.
71
In summary, the directors of the Board of a public hospital must oversee the direction
of the hospital to ensure that the public hospital is able to, and does, fulfil its purpose
effectively. How can Boards best carry out this role?
As l have already indicated, the Health Services Act currently provides for Boards of
metropolitan healthcare networks to engage in corporate planning, by providing that
the functions of the Board of such a hospital include:
developing plans, strategies and budgets to ensure the provision of health services
by the hospital and the long term financial viability of the hospital.
72
The business plan covers financial and operational planning for a 12 month period. It
can only be prepared in the context of the strategic plan. The development of the
strategic component of the plan is where public hospitals can make great gains in the
future.
A recent innovation is the development of the balanced scorecard approach which is
propounded by Kaplan and Norton. It involves focusing on steps that are necessary to
achieve the corporate purpose. This will be those measures which will influence the
entire management process and organizational behaviour and enable the delivery of
high quality care to patients. It involves identifying and setting priorities, and then
aligning the activities of the organization. This can include the setting of targets and
other indicators to monitor performance.
Assessing performance
Much of the benefit of strategic planning is lost, if the extent to which the organization
has performed is not evaluated. There are various ways to conduct such an evaluation.
For instance, the introduction of annual strategic audits could be considered by
Boards to assess the performance of the organization. Independence is the key aspect
of audits.
Such a process would be analogous to a financial audit; it is a systematic review of the
effectiveness of the public hospital when measured against the purposes, targets and
other measures contained in the plan. For instance, if the plan contains valid and
reliable quality measures, then the extent to which treatment provided at the hospital
is of an adequate standard can be better assessed.
The balanced budget is replaced with the balanced scorecard. The Board is then in
a position to assess the performance of the hospital across the various performance
indicators, both financial and non-financial. This should give the Board the
information necessary for it to alter or maintain strategies and ensure continual
improvement.
This will also give the community, Government and Parliament a much better basis
for considering both the extent to which, and how well, a hospital is fulfilling its
purpose.
73
Carver guides
There is much to be learnt from the very practical approaches adopted in the Carver
guides (1997). The Strategies for Board Leadership focus on the Boards role in
representing owners, developing group responsibility, nurturing diversity, investing
in Board capability, being proactive, obsessing about ends, controlling enough but not
too much, using words wisely, escaping conventional wisdom, and continually
improving the quality of governance.
The 10 strategies for Board leadership outlined in the Carver guides are as follows:
74
ability and eagerness to deal with values, visions, and the long term;
Strategy seven: Control all you should, not all you can
The Board should clearly be in charge. The organization should definitely be Boarddriven, not management-driven. The Board bears the burden of owners trust, and
that trust demands that the Board fulfil its role of power. There is no choice; the Board
must control the organization. Yet controlling the organization need not mean
controlling every single aspect of it. The Board should control only as much as it needs
to control to fulfil its obligation to its trust.
Strategy eight: Use words wisely
When a Boards verbal product is voluminous, there is no way Board members can
fully embrace it. It is far better that a Board generate few words after much thought
than many words after little thought. Avoid duplication.
Strategy nine: Dont be shackled by convention
A Board must continually overcome regressive pressures from the expectations people
generally have of Boards, the requirements fostered by funders and authorities, and
even the well-intended advice of experts. The challenge to Boards is to take advantage
of accumulated knowledge yet reframe the wisdom so that it contributes to better
governance within a conceptually useful model.
Strategy ten: Perpetually redefine governance quality
The definition of quality never stands still. What constitutes quality governance grows
as we do, yet always remains a little beyond our grasp. All members must participate
in the discipline and productivity of the group. All members must be willing to
challenge and urge each other on to big dreams, lucid values and fidelity to their
75
All people working in healthcare have a responsibility for quality and to practice in a
safe and ethical way. However, in recognition that safety and quality are systems
issues, Boards of Management should be accountable for performance. The
monitoring of safety and quality should not be intended to identify individuals and
apportion blame. The adoption of a systemic approach with top level accountability
should provide for freer exchange of information and learning through experience.
Mechanisms for ownership of quality and safety need to be actively pursued and
agreed indicators of performance regularly monitored and reported. The effectiveness
of such approaches will be dependant upon the preparedness of Boards of
Management and Administrators to adapt to change, which needs to be promoted and
facilitated through appropriate education strategies.
The UK
Leading by example, the UK, in the pursuit of quality, have completely overhauled the
NHS internal market to develop a framework for delivering a first class service.
76
The consultation document A first class service: Quality in the new NHS, sets out a
formidable agenda for change. An agenda which concentrates on what really
mattersimproving quality standards, efficiency, openness and accountability. The
UK Government has set out a 10 year modernization programme which will help the
NHS meet the challenges of the next century.
The US
The US has also moved to address the need for greater quality in healthcare.
In September 1996, the President created the Advisory Commission on Consumer
Protection and Quality in the Healthcare Industry. Its mission was to advise the
President on changes occurring in the healthcare system and recommend such
measures as may be necessary to promote and assure healthcare quality and value, and
protect consumers and workers in the healthcare system. The Commission issued its
final report in March 1998, entitled Quality first: Better healthcare for all Americans,
recommending steps to provide a national commitment to improving healthcare
quality.
Conclusion
In conclusion, directors who fully appreciate their role and adopt techniques designed
to improve the performance of the Board will be able to provide the best service to the
community. They will be better placed to make sound decisions and to put strategies
in place to ensure the viability of the hospital and to maintain and improve its
consumer focus. From the Departments perspective, clarification and ongoing
education about the roles and responsibilities of Board members is therefore of great
significance.
However, Boards do not develop strategies in a vacuum. Government is accountable
to the community for the operation of the public healthcare system and therefore
plays a crucial role in the planning to ensure that services are accessible.
References
Audit Office of New South Wales 1997, Performance audit report: corporate governance.
Carver, J. 1997, Carver guide: Strategies for board leadership, Jossey-Bass Publishers,
San Francisco.
National Expert Advisory Group on Safety and Quality in Australian Health Care
1998, Commitment to quality enhancement: Interim report, Commonwealth Department of
Health and Aged Care, Australia.
77
National Health Service 1997, A first class service: Quality in the new NHS, White Paper,
UK. (Internet site: http://www.doh.gov.uk/newnhs/quality.htm)
78
Clinical governance
Hospital Boards have traditionally concentrated on the higher level administration
and finance aspects of governance. They have not had systematic control of clinical
governance, a term used to describe:
The framework through which health organizations are accountable for
continuously improving the quality of their services and safeguarding high
standards of care by creating an environment in which excellence in clinical care
will flourish.4
This is the description which the New South Wales Health Department has adopted
in its recently released framework for health delivery Framework for managing the quality
of health services in NSW one part of an approach by the New South Wales Health
Department which embraces systems of both corporate and clinical governance. The
framework establishes a system intended to enable the monitoring, managing and
continual improvement of quality in the provision of health services. It imposes a great
deal of additional responsibility on CEOs of area health services, however, the
ultimate accountability will now lie with Area Health Boards.
The framework defines key elements of clinical governance as:
A recognition and acceptance by Boards and health service management that they
have a responsibility for the quality of care delivered by the service and that this
accountability is shared with the clinicians providing this care:
The framework also mandates the components for clinical governance in area health
services. It establishes Area Quality Councils which are Board committees whose role
includes the provision of formal linkages and reporting lines to stakeholders including
1.
2.
3.
4.
5.
79
health ministers take steps to specify performance standards in safety and quality
for Boards of management and senior managers of healthcare organizations; and
In other states, requirements for involvement by Boards in clinical quality vary, but
increasingly there is a mandated level of involvement in clinical governance systems
that carries the potential for liability on the part of hospital Boards and their members
as a result of litigation arising from adverse events. Issues such as safety, effectiveness
and appropriateness of care, competence of providers of care and even access to
services are all areas in which hospital Board members could, in certain circumstances,
be held to be among those liable for an adverse event.
a Board should meet as often as it deems necessary to carry out its functions
properly;
a director may not rely on the judgment of others where there is notice of
mismanagement or if the director knows or should know of facts which would
place a prudent person on guard; and
6. National Expert Advisory Group on Safety and Quality in Australian Health Care 1998, Commitment to quality
enhancement, p. 11.
7. Daniels (trading as Deloitte Haskins & Sells) v. AWA Ltd (1995) 16 ASCR 607.
80
Public healthcare services in Victoria, New South Wales and Queensland are not
subject to the Corporations Law so that the improved standards of corporate
governance now imposed on company directors conceivably do not apply. Instead, the
responsibilities of hospital Board members are established by common law.
There are very few recent cases concerning directors duties of entities which are
exempt from the Corporations Law, therefore, older cases must be relied upon when
interpreting the common law. It is tempting to conclude from those older cases that
the duty of care imposed on hospital Board members is significantly less than that
currently imposed by the courts on company directors under the Corporations Law
as in Daniels v. AWA Limited. Yet, these duties are entirely consistent with the
expectations expressed in the various healthcare quality frameworks and because the
common law is a dynamic instrument, which is continually reinterpreted in the light
of contemporary attitudes and values, judges could reinterpret the common law to
impose standards on hospital Board members which reflect contemporary approaches
to directors duties.
Furthermore, if the duty of hospital Board members is less than that of company
directors, governments may decide to change the law to ensure that the administration
of public hospitals is on a par with the management of companies.
Clinical governance programs require health services to meet a standard of care and
responsibility which is analogous to that of company Boards. It is therefore
appropriate that health services consider the following issues:
81
Introduction
This paper will consider the impact of clinical claims and their management on the
development of arrangements for risk management in the NHS. It will describe, in
brief, the management of litigation within the NHS dealing with the role and function
of the NHS Litigation Authority and the impact on risk management of the Clinical
Negligence Scheme for Trusts. The paper will also reflect on recent changes in Civil
Law in England which have lead to greater opportunity for partnership between
clinical claims and clinical risk management through the development and
implementation of a Pre-Action protocol for the Management of Clinical Disputes.
The NHS like other developed health care providers is experiencing unprecedented
growth with the number and range of claims of clinical negligence brought against it.
The rise of consumerism, and its associated patient empowerment, whilst of huge
value to many patients, through putting them in charge of their health and choice of
treatment has for the service providers brought with it a much greater chance of
patients questioning care and seeking answers and explanations. In the NHS we are
experiencing greatly increased numbers of both formal complaints and patients who
begin the process of litigation.
Since the introduction of Crown Indemnity in 1990 under NHS arrangements it is
the NHS Trusts and Health Authorities that are vicariously responsible for the acts
and omissions of their staff. The cost of defending and settling is a direct cost to the
NHS budget, taping both Trust and Health Authority budgets and central pooled
funds held by the NHS Litigation Authority (see below). Medical defence
organization protection is only relevant to clinical staff working in the private sector,
i.e. consultants and others who work in NHS hospitals and have their own private
practice and all general practitioners in the NHS who work in a self employed
capacity
As a move to manage the increasing legal burden on the hospital and ambulance
services in 1995 the NHS Litigation Authority (NHSLA) was established as a special
health authority. The NHSLA is charged with the overall management of clinical
claims against Trusts. It established two schemes: the Existing Liabilities Scheme
(ELS) covered all cases with a date of incident prior to 1 April 95 and a second optional
pay as you go scheme the Clinical Negligence Scheme for Trusts (CNST) which
1. Clinical Risk and Medico Legal Manager, North West London Hospitals NHS Trust, Northwick Park and St Marks
Hospitals, UK; Chairman ALARM (Association of Litigation and Risk Management), UK.
83
provided financial pooling for claims with an incident date after 1 April 1995. The
CNST operates as a mutual in-year pooling scheme, Trusts pay agreed annual
contributions calculated on size and case mix and in return the direct financial
exposure above the Trusts chosen excess is reduced, the scheme contributing 80% of
the costs, from the pool, the Trust being liable for 20% of costs above excess, to a
current maximum of 108 000. With cases involving permanent brain damage
(e.g. anaesthetic accidents, and brain damaged babies) settling for upwards of
2-3 million there are obvious financial advantages of scheme membership.
2. K. Walshe & M. Dineen 1998, Clinical risk management: Making a difference? NHS Confederation.
84
11) (Obstetric units only) There is a clear documented system for the management and
communication throughout the key stages of maternity care.
The survey, which was NHS wide was conducted between January and May 1998.
The researchers found by 1998 of those Trusts responding (44% of all NHS Trusts):
99% responding had a named member of the Trust Board with lead responsibility for
risk issues; 75% had explicitly mentioned risk plans in their current annual business
plan, and 96% had some form of risk management committee. 85% of Trusts had
someone with day-to-day responsibility for risk management issues, and these
Clinical Risk Managers came from a variety of backgrounds with wide ranging
previous experiences. This survey revealed that that when a risk manager was in post
in most cases (89%) the role was combined with other responsibilities (e.g. claim
management, complaints management, or health and safety management). Many post
holders (72%) hold a clinical qualification (nurse or paramedic), but just (10%) hold
any qualification in risk management. This largely reflects the newness of the
speciality within the health service and the still very limited health care related training
or qualifications. One can hope that this will change markedly in the next few years.
The researchers concluded that whilst the NHS had seen a rapid growth in the
establishment of systems and post holders with risk responsibilities to date little
evidence is available as to the effectiveness of this effort, and resource allocation. With
the emergence of a more co-ordinated approach to governance there will hopefully be
an increase in evidence of effectiveness.
85
Following the Protocol at the pre-action stage is now a requirement for all new clinical
negligence claims. The detail of the legal process is not of direct relevance to this paper
however the introductory section of the Protocol has very clear relevance in this
context. The Protocol sets out good practice commitments both for claimants and
defendants these are reproduced in figures 2 and 3.
If one looks at these good practice commitments for defendants then one will see that
for the English Trust not only do we have directives from the NHSE, under their
requirements for Governance but in addition there are now clear expectations
damaged patients thorough their legal advisors and indeed from the Judiciary that
efforts will be made by health care providers to establish incident reporting systems,
to learn from clinical mistakes and that a climate openness and sharing both within the
organization and with patients and advisors will be created such that effective risk
management will operate in tandem with effective and just claims management. In
time the effect of these changes should be the reduction in repeat claims which so
characterises the claims profile both of individual institutions and indeed across the
NHS.
86
establish efficient and effective methods for recording and storing patient records
advise patients of serious adverse outcomes and provide explanation, apology and
compensation of appropriate
source: Pre-action protocol for the resolution of clinical disputes, Lord Chancellors Department, April 1999
report any concerns and dissatisfactions to health care provider as early as possible
source: Pre-action protocol for the resolution of clinical disputes, Lord Chancellors Department, April 1999
Conclusion
The NHS has seen unprecedented changes in arrangements for the management of
clinical claims in the past four years, both through the establishment of a Special
Health Authority, the NHSLA with responsibility for management of claims and
through the climate of change and the new protocols and court rules that have been
brought in as part of a radical shake up of legal management of civil actions following
Lord Woolfs report. With the frameworks that these changes offer individual health
institutions the climate is not set for effective governance in respect of poor clinical
outcomes and claims arising from these.
Under effective governance health care institutions need not only to react to
individual claims but to examine the reasons behind the claim, the full circumstance
of the event s leading up to the alleged damage and to risk manage or treat those
elements of process that require change, be it resources, training, changes in protocols
or the realization that protocols and custom and practice do not match.
The impact in time will it is hoped be a greater openness between health care
institutions and damaged patients, offering swift resolution to disputes, both in
financial terms and with reassurances of steps being taken to prevent recurrence. The
new approach will in time bring in more and more health professionals, hopefully
spreading the word about being risk aware in practice and ultimately one can hope
for a reduction in the number of adverse events that could give rise to claims.
Drawing together claims and risk management in the ways described above one step
towards a health care system that through governance offers patients safety and
reassurance and staff a more safe and secure environment in which to exercise their
skills.
87
Self assessment, in its various forms, is at the heart of the Controls Assurance project
currently being implemented by the National Health Service in England. Self
assessment unites the tools available to NHS entities accountable for carrying out and
complying with the Controls Assurance initiatives. This paper will discuss a specific
type of self assessment, which one might historically call classical or workteam-based
control self assessment. This is the self assessment method originated by Paul Makosz
and his colleagues at Gulf Canada Resources, Ltd, in the 1980s that has as its core
process interactive workshops with natural work teams.
We will briefly examine each part of the CSA definition, the steps in the workshop
process, and the analysis and reporting of workshop results. First it may be helpful to
look at the concept of organizational control and its dynamic relationship to risk,
opportunity and learning.
1. Vice President, Healthcare Services, PDK Control Consulting International Ltd, Calgary, Canada.
89
Risks
Successes
Opportunity
Strengths
CHAOS
PARALYSIS
an organizations failure to maintain the capacity to identify and exploit opportunities may be a fundamental risk to its success;
failure to identify a significant opportunity may become a risk if it results in existing objectives not being met or changed; and
Graphically we might portray the relationships among control, risk and opportunity
by adapting Abraham Maslows pyramid. On the individual level, the below the line
90
concerns for food, shelter and physical safety represent risks to be managed. The
above the line levels of association, self-esteem, and the process of self-actualization
represent opportunities to be seized. Control encompasses all levels of the pyramid,
from the more fearful, foundational concerns for physical safety to the higher
opportunities that can be seized when fundamental concerns are met.
In the relationship between the individual and the organization, it is worthwhile to
note that employees may be less likely or able to help an organization seize its
opportunities when they lack job security, i.e., when the employees fundamental risks
are not being well managed. Here individual risk is a factor in organizational risk, and
the individual is less likely to help the organization, seen as a living organism, in
adapting Maslows words againthe process of actualizing ones potentialities
SA
ort
un
ity
Self
asteem
Association
pp
ko
Ris
C
O
N
T
R
O
L
Physical safety
Food, shelter
On the organizational level, CSA workshops address both risk and opportunity, and
the level of assessment and action may be individual, departmental, divisional or
corporate. It becomes helpful to think of organizations and living entities that are
capable of learning, identifying risk, and responding to challenges by engaging its cells
and organs intelligently.
The CSA process directly supports de Geus first three characteristics (and indirectly
supports the fourth through its overall support of risk and opportunity management).
In a control self-assessment methodology, we are focusing on the living interaction
within natural work-teams. In a sense, we are treating the organization as a living
organism that can grow, learn, and adaptthe sensitivity to the environment
capabilities emphasized by de Geus first characteristic of long-lived companies. CSA
provides a communication mechanism that the living organization can use to
identify and mitigate risks and to recognize and build upon strengths.
A system of CSA workshops at multiple levels of the organization functions as part of
a living organizations nervous system. Workshops conducted systematically
throughout the organization, and repeated periodically over time, with results rolled
up from local or departmental to divisional to corporate levels, allow communication,
analysis and action to take place broadly or with an in-depth focus as in appropriate in
each case. These workshops serve not only as a mechanism to enhance learning and
adaptation but, at the same time, as a vehicle to improve communication throughout
the organization.
Enhanced communication throughout the organizationwhen carried out in a
positive, constructive manner according to the foundational principles of CSA
(discussed below)can augment cohesion and identity throughout the organization,
thereby strengthening the corporate persona and the sense of community.
Extending the biological metaphor further, the workshops also serve as part of the
living organizations immune system. Internal detection of risk is like an immune
system function in that issues that would become critical matters can be early
identified and mitigated. But the immune system analogy is not complete. CSA
provides a highly effective and interactive tool for not only identifying and mitigating
risk but also for tapping into the knowledge present at every cell of the organization
and enlisting that knowledge and expertise, in a team setting, in identifying new
opportunities, building upon strengths, and perceiving opportunity within issues and
risks for creative problem solving.
Control self-assessment is inclusive, not intrusive. Rather than beating the patients
immune system into submission with drugs until it accepts the donor organ, Starzl
realized, the trick is to convince both the bodys defense mechanism and the new
organ that the intruder is really SELF, a recognized member of the host body. (Dr.
Thomas Starzl, first liver transplant surgeon, quoted in Time magazine). New ideas,
surfaced in CSA, are regarded as self, not things to be squashed or stifled as may
occur in corporations who do not subscribe to the type of affirming, supportive
foundational principles upon which CSA rests.
Accessed by Clough Engineering on 07 Sep 2001
92
His work was foundational to the development of the principles of the learning
organization, later articulated by Peter Senge. Senge, author of The Learning
Organisation, has observed that:
It is no longer sufficient to have one person learning for the organization, a Ford,
a Sloan or a Watson. Its just not possible any longer to figure it out from the top,
and have everyone following the orders of the grand strategist. The
organizations that will truly excel in the future will be the organizations that
discover how to tap peoples commitment and capacity to learn at all levels of an
organization.
Following COSO, the Cadbury report was issued in the United Kingdom, drawing
reference to the COSO framework and highlighting the importance of a broader
understanding of business controls for UK corporations. The Cadbury report has
been further modified by Hampel (1997) and in particular by Turnbull (1999), which
93
Purpose
knowing what to do
Learning
Commitment
to do it better
wanting to do it
Action
Commitment
wanting to do it
Figure 3: CoCo
The CICA Criteria of Control Board, as noted above, defines organizational control
as: those elements of an organization (including its resources, systems, culture,
structure and tasks) that, taken together, support people in the achievement of the
organizations objectives. Within the CoCo model, control is seen as a cycle
comprised of four major groups of interrelated elements:
94
At the time Treadway was issued in 1987, Paul Makosz and his colleagues at Gulf
Canada Resources Ltd in Calgary, Alberta, were conducting the first CSA sessions,
using limited organizational control models existing before COSO.
Bruce McCuaig, my predecessor at Gulf Canada Resources, originated the CSA
idea. He had been studying Watergate-related issues at the parent company, Gulf
Corp. About the same time, a serious management fraud had been discovered in
a Gulf Canada subsidiary, although the internal auditors had been there only
recently. Bruce kept asking, Whats the point of auditing the little things if the
culture is wrong-headed? Gulf was going through some team productivity
exercises at the time, so Bruce wanted to teach teams about internal control and
have them self-assess their position. The rest is history.
Paul Makosz
Paul and his colleagues soon moved away from teaching employees about internal
control to learning from them what real control and risk were. When the first
exposure draft of CoCo was issued in the early 1990s, Paul and his colleagues
immediately adopted its almost biological cycle approach into the CSA workshops.
Organisation
this?
Department
95
96
trust;
open communication;
respect;
CSA beliefs
Several concomitant beliefs also inform and underpin the workshop process:
lower risk;
faster improvement;
all through greater identification and utilization of opportunities and
resources.
The series of figures 69 illustrate the general approach of how one may use a series
of workshops conducted across a company to identify major corporate issues and
risks, assess their impact, and then drill down with other activities (which could
include focused workshops) to address the issues in detail.
97
In many ways the ideal approach is to apply CSA workshops across the company with
every work team, or at least with representative teams from each department. Short of
that goal, however, CSA may be effectively used with a smaller number of top down
workshops of management teams to assess key issues from the management level.
Also, one may conduct a series of workshops with functional teams representing key
transdepartmental processes that cross several company levels or departments.
Workshop structure
Workshops are conducted with teams of 8 to 12 people and two facilitators. Each
workshop lasts for five to seven hours and includes three parts.
In the first part, a local situation analysis, participants individually identify the major
obstacles and the major assets their team has in attempting to accomplish their
objectives. This identification is done through an interactive brainstorming session
using post-it notes. Team members vote on the relative significance of the issues and
define the consequences and any necessary remedial action. Voting is conducted
anonymously through either manual or electronic voting technology. Discussion is
captured on a computer and projected onto a large screen so all participants can see
and validate the workshop document as it is developed live by the team.
98
In the second part, the team members answer a series of specific questions. The
questions are generally drawn from CoCo or COSO and cover all aspects of what a
team needs to address in attempting to achieve objectives at any level. Other models
like Baldridge or the European Foundation for Quality Model (EFQM) may be used,
and the EFQM is gaining recognition in the NHS. The team assess itself on each of
the points using anonymous voting technology (manual or electronic), and then
discusses what is working well, what is not working well, and what they can do to
improve the situation.
The wording of each question has been developed and tested over many years and
hundreds of workshops and is adaptable to different cultural, corporate and industry
environments. When electronic voting technology is used, the results of the voting
appear instantaneously on screen, revealing the teams self assessment on each point
and serving to launch the discussion. (See figures 10 and 11.) (Use of the electronic
keypads is also genuinely fun for the participants.) Discussion in the second part is
integrated with issues raised in the opening brainstorming session.
Strongly agree
7
4
1
Strongly disagree
PDK Consulting International Ltd
Votes 6
5
4
3
2
1
0
3
Disagree
Agree
PDK Consulting International Ltd
99
In the workshops, team members take accountability for developing action plans and
improving the operations for which they are responsible. Areas can be compared
graphically across teams (figures 12 and 13) so that best practices are readily
identifiable and sharing of those practices across teams is encouraged. In figure 12 we
see a team that has outperformed the organization in all areas except in resources. This
team, an actual case, was a very successful team, critical to the organization. However,
their success had led to arrogance, or a perception of arrogance, that interfered with
their receiving help from other teams in the company. CSA workshops identified the
risk and rectified this situation, preventing the deterioration or loss of a critical team.
In figure 13 we also see several instances one team falling below or rising above other
teams in the company. Here they may be practices that can be shared with a lower
assessing team to help them rise, and a team rising above all others may have identified
a best practice that can be communicated to the rest of the organization. A team can
also compare against itself over time, using both the line and radial graphs, noting
areas of change as action plans are carried out and the team develops.
A global picture emerges when workshops are conducted and aggregated across an
organization. Top management can see in one graph (figure 13 or 14) the current
strengths and weaknesses of the organization. Some may be the result of recent events,
others are deeply rooted cultural issues. A few are solitary issues. For example, in
figures 13 and 14 we see teams across the company noting disaster recovery as a major
100
Team objectives
Resolve conflict
Vision
Acceptable risk
Risk assessment
Benchmarks
Planning/risk
Overall capability
Quality
Job fits
Congruent objective
Skills
Meet objectives
Resource planning
Adequate resources
Effective structure
Effective structure
Estimate resources
Resources
Enough resources
101
Aligned objective
Accurate info
Recovery plans
Setting objective
Helpful systems
Secure info
Common object
Accessible info
nd
sio
iti
bl e
pta r isk
e
c
f
Ac el o
lev
mp
on
sure
Vi
Re
co
so
al
l ve
rn
Mea
ts
co
nf
ge
te
Co
TM
lic
an
e ch
Co
m
ob pat
j e c i bl
tiv e
es
Purpose
A
obj ligne
ect d
i ve s
ctiv
Ex
ge ns
en
all ptio
Ch sum
as
Se
o b je c t t in g
t iv e s
E f fe
C o nt in uo us t
im p rove m en
Learning
Co m m on
ob jec tiv es
are
valu
pr
ac
tic
es
asse
Risk
ssm
ent
ce
r man
Pe r f o t a r g e t s
R es ul ts an al
ys is
M ee t ob jec tiv es
7
Te a m sk
il ls
ate
Adequ ces
resour
r e s p oR o le s a n d
n s ib il
it ie s
Emp
owe
E f fe
red
cts
on
oth
er s
En
j oy
wo
M
rk
Te
an
am
ag
n
em
ew
en
s
tn
ew
s
ills
sk
te
in
te
Ac ces sib le
inf orm ati on
io n
H e lp fu
in fo r m l
at
Sa
i n f fe g u
or ard
ma
tio
n
Sec
info ure
rm
atio
n
Accu
infor r ate
mati
on
Ad
eq
ua
Jo
Accessed by Clough Engineering on 07 Sep 2001
e
Va l u
th e
E q u it y in la c e
wo r k p
Val ues and eth ics
ar ticu late d
Capability
ip
sh le
er p
ad xam
ce
Le e
an s
d
r m ar
rfo nd
y
Pe s t a
tar
ne ion
Mo at
s
en
n
mp
itio
co
ogn
Rec
liefs
d be
s an
n
M is s io
r- r
el
at
rk
wo
nt s
e
i
c
y
E f fi c e s s e
ilit
pro
ab
p
a
ll c
ty
er a
ali
Ov
qu
e
at
qu
e
Ad
es
ate
E s t i mu r c e
o
s
e
r
Commitment
102
risk. In this instance, everyone knew that the company, highly dependent on
computer mainframes, had not taken appropriate steps to develop a business
contingency plan. As a result of the CSA workshops, this issue that everybody knew
about was finally addressed and disaster recovery was outsourced.
Most issues, however, are interrelated and often we find that a narrow emphasis on
preferred cultural strengths has led to the emergence of symptomatic weaknesses
elsewhere.
The results
The results of any workshop are immediately visible. The team and their management
have undergone a comprehensive discovery of their own effectiveness. For most
teams this leads to immediate team actions taken to address specific issues which are
within their sphere of influence. For most teams and managers, the effect is uplifting
and enjoyable because, although problems are revealed, at last the issues have been
acknowledged and the team discovers it does have resources and help to deal with
them.
The best time to get commitment to address these problems is at the moment when
their significance is first recognized. When management and grass roots discover the
problem simultaneously in a workshop through their own observations (not those of
a third party), action tends to be taken immediately.
An organizational picture
In addition to immediate action by the team participating in the workshop, however,
there can also be results of long-term significance for the entire organization. When
workshops are conducted across an organization, the numerical and analytical data
from the workshops can be accumulated in a database based on the comprehensive
organizational model. This can be used to develop a global analysis of team
effectiveness at multiple levels throughout the entire organization.
Areas where teams are consistently more effective can be researched to identify and
provide answers to other areas. Major organizational risks surface very quickly and can
be addressed by management before the problems become widespread and critical.
Teams and managers have benchmarks to compare with their own previous ratings as
well as those of other teams. Experience shows that no team is at the top or bottom in
every category, and the best usage of the data is in finding enlightened approaches to
problem solving and identification of opportunities.
Conclusion
CSA gets at the essence of managing risks, at what gets in the way of getting the job
done (Makosz). By applying a comprehensive organizational model and tapping the
knowledge of the people doing the work, it can assess both strengths and obstacles/
risks across an organization and aid in early detection of major risk. When the CSA
principles are followed and the beliefs are honoured, the CSA workshop process itself
can enhance team empowerment, communication and accountability and can serve as
a learning mechanism and a self-repairing mechanism for teams and companies, and
a potent tool to help achieve future goals.
103
References
CICA Criteria of Control Board 1995, Guidance on control, Canadian Institute of
Chartered Accountants, Toronto.
CICA Criteria of Control Board 1998, Learning about risk: Choices, connections and
competencies, Canadian Institute of Chartered Accountants, Toronto.
De Geus, Arie 1997, The living company: Habits for survival in a turbulent business
environment, Longview Publishing Limited and Harvard Business School Press,
Boston.
Makosz, Paul 1997, Serious about CSA, CSA Sentinel, The Institute of Internal
Auditors, Florida, no. 1.
Maslow, Abraham 1971, The farther reaches of human nature, Viking Press, New York.
Senge, Peter 1990, The fifth discipline: The art and practice of the learning organization,
Currency Doubleday, New York.
104
A proactive, ongoing process of identifying and assessing risk, with the objective of
improved prevention, control and containment of all types of risk.
Risk management definition
105
effect on the risk to the patient undertaking care. For example, the quality of staff
employed, the availability and efficacy of resources, and the standards and policies by
which care is given will all affect the overall risk picture.
Evidence-based
practice
Improvements
in practice
Care paths
PATIENT
Credentialling/
privileging
OHS
Policies/procedures/
standards
Contracts
management
Resources
PATIENT
CONTINUUM OF CARE
Variances
Outcomes
Adverse
elements
Risk
indicators
Complaints
Medical record
review
Risk management
in a
healthcare setting
HRRI
As shown in the diagram, this data can assist in completing a feedback loop by
prompting discussions about lessons that can be learned, which can trigger ideas for
improving the delivery of care.
A clinical risk management program considers both the inputs and outputs of care in
a systematic way. Most importantly, it seeks to implement system-based changes to
improve practice.
This process links clinical risk management to quality improvement. In fact, risk
management is a key component of any quality improvement program.
Risk management is definable, measurable and tangible to staff, which assists them in
learning from their own clinical experience how they can improve the quality of care
they seek to deliver.
A clinical risk management program not only assists in the reduction of clinical risk,
improved patient outcomes and improved safety, but also minimizes the financial,
business and insurable risk within a healthcare organization.
106
Too many errors, too many claims, untoward publicity or costly legal battles can be
disastrous to the financial well-being of an organization. The cost of re-work,
unplanned returns to the operating room or unplanned time spent in ICU can create
undesirable business risks for an organization that a well-planned risk management
program may have prevented.
Reference
Walshe, K. & Dineen, M. 1998, Clinical risk management: Making a difference?, NHS
Confederation.
107
Introduction
Process, not people, make a system breakdown is one of the foundations of contemporary
Japanese car industry management theory.
Evidence in health care suggests that this maxim may be valid in health care, too. We
know that when serious events in health care are reviewed, the causes are due to one
of; system, people or equipment.
In a presentation to the European Healthcare Management Association Conference in
Dublin in 1998, Professor John Ovretveit noted that error in health care was due to
system failure, equipment failure or human failure.2
By far the most common of these is system failure or breakdown.
If we accept this premise, as we look to ways of improving quality and managing risk
in health care, then we need to consider a system-based approach rather than the
traditional method of finding the bad apple. In his paper, Professor Ovretveit further
demonstrated that, while system based errors are cited as contributing to 85% of
overall adverse events, only 2% of resources are actually expended in dealing with
those system issues. In contrast, the more typical 98% of resources spent in dealing
with people based issues, which account for less than 15% of errors. This mismatch of
investigative resources with probable cause may help to explain why significant
inroads into preventing or reducing adverse events and improved patient outcomes
has not been more successful.
The Medical Director of HRRIs US parent company, MMI Companies Inc., USA,
Dr Eric Knox, wrote recently,
the paradox that administrators try to cut costs but clinicians make the decisions
which incur most costs in the system, at the same time, clinicians try to improve
quality, most of which is determined by the systems and organizational structures
put in place by administrators.3
1. Risk Management Consultant, HRRI, Melbourne, Australia. This article reprinted with the permission of HRRI.
2. J. Ovretveit 1998, proceedings from European Healthcare Management Association, Dublin.
3. MMI Companies Inc., 1999, Market-driven healthcare systems: Creating solutions to the challenges of transformation, USA.
109
Clinical pathways
Clinical pathways are an effective risk management tool as they support a planned,
systematic, controlled environment of care. They are a tool to decrease variability in
outcomes, provide reproducible results and contribute to quality management.
Clinical pathways also contribute to overall quality and risk management because
they:
Variances from the intended plan of care highlight risk potential and assist in
identifying practices that may contribute to untoward events. Importantly, variances
reflect an individuals response to care. They also reflect an individual clinicians
response to a patients needs. Variances are a useful prompt to ensure that potential adverse
events are recognizid early and managed effectively.
Variances reflect the reality of care delivered. Unfortunately, many facilities that utilizi
clinical pathways do not review the variances that are recorded. This is disappointing.
Particularly because facilities are missing such an opportunity if they do not review
their variance and consider the patterns that emerge.
Just as the Quality Improvement cycle is effective because it is a cycle (figure 1)
Figure 1: Quality improvement cycle
Plan
Act
Do
Check
so, too, the pathways paradigm can be similarly described (figure 2).
Figure 2: Pathways cycle
Accessed by Clough Engineering on 07 Sep 2001
Pathway
Writing
Change in
Practice
Collecting
Cases
Variance
Analysis
The optimal value of clinical pathways comes in completing the quality cycle, learning
the lessons and making the change.
110
Role of clinical pathways and variance analysis in risk management and quality improvement
Consumers and purchasers of care can also benefit from better understanding of
quality of care that a health care facility can provide when a limited amount of variance
data is shared with them.
For example, the percentage of patients comfortable on the evening of their operation,
mobility expectations following a total hip joint replacement and other important
outcome targets.
Variance analysis
Variance analysis needs to be done promptly to maintain the momentum of clinical
pathway development. Much good work done in developing pathways is often lost
when projects run out of steam. One of the most common reasons for this loss of
momentum is a lack of variance data that feeds back to staff about how they have
achieved against their stated aims.
Variance analysis considers the factors behind outcomes and variances. In this way,
staff are encouraged to be more thoughtful around local factors and also to consider
what system-based factors may be at play in the overall care delivery system. For
example: What are the reasons for delay in discharge? What might be the cause of low
HO in a certain group? What assessments were not done to acute mental health
patients on admission?
At this time, additional data can be considered. This might include incident,
complaint or clinical indicator data pertinent to the clinical area. This data plus the
variance can then be discussed in a learning environment so that staff see this as an
opportunity to see what it is telling the clinicians in a broader way about the
effectiveness of their care. In this way, the process becomes a powerful clinical risk
management tool.
Variance analysis assists in making clinical risk management and quality improvement
more meaningful and relevant to staff. Staff can then go and review areas of particular
interest and broaden its relevance beyond the clinical area.
Benefits of variance analysis do not simply apply to clinical staff. Management can
start to understand and measure the effect of their policies and decisions on patient
care and outcomes. Staff can be assured that when LOS targets are defined or reduced,
it will be the regular review of variance that will ensure that quality is not lost because
of potentially conflicting financial or non-clinical targets.
Planning and development of care can be more fine-tuned to reflect a known risk than
a theoretical notion of reality. Resources such as education can be more accurately
targeted to areas known to be common or known to be of concern as a result of review
of variances. Contracts can be written with improved knowledge of what a facility can
actually deliver and progressive dialogue can take place between the facility and payer
to optimizi care for the patient. Effective quality improvement and risk management
comes from a process of clarifying the care to be delivered and a process of reviewing
and learning from the outcomes and results of that care.
111
Summary
This article is a brief account of what is meant by credentialling and what hospitals
have to do to make credentialling and effective rather than a token exercise.
Credentialling as a key element in reducing the risk of litigation for hospitals and the
doctors who work in them is stressed. The article provides a history of this initiative
in Australia and describes the context in which many hospitals find themselves from
time to time. The relationship between appointing doctors and credentialling them is
discussed and emphasis is placed on the structured process that is essential if
difficulties, including legal difficulties are to be avoided. A brief account of the various
methods used in credentialling is given.
History
The New South Wales Branch of the Australian Medical Association developed,
de novo, a system for credentialling hospital medical staff in the early 1970s. This was
in response to a series of events involving medical practitioners undertaking work in
hospitals that was far beyond their training, experience and competence. The
outcomes were disastrous and led to wide public outrage. The AMA found to its
surprise that credentialling of medical staff had been an intrinsic part of hospital
practice in North America for most of this Century. For a range of reasons,
credentialling of medical staff, as designed by the AMA, was never implemented
1. Lecturer in Quality Management, Member of Faculty School of Health System Sciences, La Trobe University,
Melbourne, Australia.
113
Definition
Credentialling or the delineation of clinical privileges is the process whereby the
medical staff itself, on behalf of the Board, determines precisely what any individual
medical practitioner can or cannot do in the hospital at any one point in time.
upgrading (when new training has been completed during the yearly cycle);
and
Context
114
because a proper process was not followed, the practitioner wins the ensuing legal
battle even though a curtailment of some of his/her clinical activities would have been
in the best interests of patient care. The hospital is, as a result, left with a worse
situation than the one in which it started. A properly conducted credentialling process
can avoid such problems.
While most doctors determine their own capacity to conduct procedures and other
clinical activity with great responsibility, a small number, like any other member of
the community may become psychotic, alcoholic, or suffer any number of disabling
diseases. The doctor under such circumstances who was perfectly competent some
months previously, may suddenly become quite dangerous, without in any way
recognizing this fact.
A very much smaller percentage of medical staff, it seems, has an inborn inability to
recognize their own lack of competence. In the absence of an effective credentialling
program, dealing with this group in any hospital, public or private can probably be a
hospital administration's greatest nightmare.
A systematic process
The credentialling and appointment processes must be formal and carefully
structured. Legal protection for all concerned depends on a routine process that is
formalized and carefully documented. Such a process for appointments already exists
in most large hospitals, but in many small public hospitals and many private hospitals
it does not. Given the traditional open nature of many private hospitals where medical
staff establishments generally do not apply, it becomes of even greater importance to
ensure that the appointment process is successful in fulfilling its proper function of
carefully screening those practitioners permitted to work in the hospital.
Credentialling of medical staff depends heavily on other key elements of a quality
management program if it is to be effective, successful and, above all, credible. The
administrative process to ensure a smooth and efficient operation must be in place
before any effort is made to commence credentialling. This administrative process is
part of the organizational structure so essential for a quality management program.2
2. L. L. Wilson & P. G. Goldschmidt 1995, Quality management in healthcare, McGraw-Hill, Sydney, pp. 457535.
115
Further, the capacity to reduce or limit a provider's privileges depends, in turn, on the
capacity to measure a provider's performance. Assessing the quality of a provider's care
and being able to measure the provider's performance is an essential prerequisite to
effective credentialling. To be able to fairly, and, in a way that can withstand legal
challenge, reduce a doctor's privileges, demands an objective measure of his/her
performance. The process of structured quality review or its manual equivalent must
be in place. Failure to have these other elements of a quality management program in
places will mean that the credentialling process, often established only after
considerable negotiation and discussion with medical staff, becomes discredited
before it even commences.3
From time to time, a need to change, amend or develop new policies, will become
necessary. Such changes can originate from the Medical Staff Council, the Credentials
Committee, the Medical Appointments Advisory Committee or the Board of
Directors. In all cases, however, the Board of Directors must approve any policy
change.
3. L. L. Wilson & P. G. Goldschmidt 1995, Quality management in healthcare, McGraw-Hill, Sydney, pp. 589-631.
116
Timing of credentialling
Credentialling aims to ensure that all activity in the hospital is carried out within limits
of the doctor's training, competence and experience. For most medical practitioners
an annual credentialling process is purely perfunctory, in that most doctors limit their
practices instinctively. However, for legal and other reasons it is essential that all staff
are routinely submitted to the same formal process annually.
Where complaints arise, or evidence of incompetence appears, or unsuitable
procedures are carried out, and documented, objective evidence of a less than
acceptable standard of care can be demonstrated, a special review of privileges may be
considered necessary.
All medical practitioners wishing to practice at the hospital shall make application to
the manager, setting out their qualifications, training and experience. In addition they
must define the details of the clinical activity which they wish to perform.
This application for granting of clinical privileges will be made annually, and will as
described above be combined, initially, with an application for appointment and every
three years with the application for reappointment.
Emergencies
In cases of life threatening emergencies and no other medical assistance is available,
regardless of privileges granted, any medical practitioner is expected to do whatever he
or she considers to be necessary to save life. In such a situation, however, the
practitioner involved must be able to demonstrate subsequently that no other more
qualified medical practitioner could have been called upon under the circumstances.
There are a number of methods for delineating a doctor's clinical privileges, however,
in the case of procedures, one method has clear advantages over the others. This
method consists of the granting of privileges for the precise procedures any doctor
wishes to perform and all procedures should be included in this process.
For all procedural disciplines, quintessentially surgeons, and for those procedural
activities carried out by the cognitive disciplines, a detailed listing of those procedures
which the practitioner wishes to be permitted to carry out in the hospital is the only
effective method of delineating clinical privileges. When appropriate, applicants
should be prepared to demonstrate competence to a designated member of the
medical staff.
118
Conclusion
Effective credentialling of medical staff is a large and complex issue that can be dealt
with only superficially in an article such as this. Increasingly, it is becoming realized,
some 20 years after the Australian Medical Association first developed the concept,
that credentialling of medical staff is one of the key elements necessary to minimize
hospitals and hospital doctors risk of litigation. Even in North America, where
credentialling of medical staff has been an intrinsic element in hospital practice for
most of this Century, there is a recognized need to render credentialling more robust.4
4. S. Weagly 1996, Making the case for robust provider credentialling, Health Care Innovations, May/June, pp. 2939.
119
Introduction
The quality of care provided in the NSW health system is of vital interest to many
groups and individuals, including consumers, policy makers, clinicians, and
managers. In recent times, there has been an increasing recognition both of the
progress made in system-wide quality improvement, and of the concerted effort
needed to improve quality of care further.
The development of an overarching, coherent framework for managing the quality of
healthcare in a systematic way in New South Wales was recommended by the NSW
Ministerial Advisory Committee on Quality in Health Care in the committees first
report to the NSW Minister for Health in 1997. The framework described in this
document was developed following wide consultation and has been endorsed for state
wide implementation by NSW Health. The Framework consists of an Area Health
Service wide committee structure, a performance frame and reporting frame, the
development and operation of which are supported by a robust set of principles for
monitoring and managing the quality of health services, as represented in Figure 1.
Clinical governance
The Framework for Managing the Quality of Health Services in NSW is the means
by which clinical governance is to be introduced in NSW. The key elements of clinical
governance are:
recognition and acceptance by Boards and Health Service management that they
have a responsibility for the quality of care delivered by the service and that this
accountability is shared with the clinicians providing this care;
Area Health Services will have the discretion to implement the Framework in the
manner most suited to the environment, people and needs identified in that Area.
However, to enable coordination and consistency of the Framework, certain elements
1. Project Manager, Private Health Care Branch, NSW Health Department.
121
The framework
The Framework for Managing the Quality of Health Services in NSW:
provides explicit accountability for the quality of healthcare with a systemic orientation;
provides an organizational focus for quality activities and reporting, while recognizing the essential role played by healthcare professionals and healthcare teams
in quality improvement;
is aimed at the level of the NSW Area Health Services but is applicable also at the
facility or service level and in the private sector;
establishes a means by which lessons learned can be shared with other parts of
the health system;
provides a stable framework for the necessary ongoing development and maturing of quality indicators and processes;
Performance
frame
Committee
structure
Reporting
frame
Figure 1
122
Quality health
services
The principles
As a quality healthcare service the NSW health system embraces the following
principles:
the health consumer as the primary focus of any model of healthcare quality
management;
the Area Health Service Board accepting responsibility for the quality of the
healthcare provided to the consumers of its services;
an Area Health Service Executive taking responsibility for creating and maintaining a structure and policies for managing the quality of healthcare;
those practising within the system taking responsibility for the standard of their
own practice and sharing responsibility for creating and maintaining a system
which provides safe, high quality healthcare;
health treatment and care being based on the best available evidence with Area
Health Services facilitating and monitoring the application and evaluation of best
practice;
a systematic and system-wide approach to continuous improvement of the quality of care delivered;
a robust advisory and reporting structure designed to promote the quality improvement of health services and to provide regular information to the Area
Health Service Board on the quality of services provided;
an emphasis on preventing adverse outcomes through simplifying and improving the processes of care;
the quality of healthcare being measured systematically with a focus on the minimization of inappropriate variation in practice;
123
APPROPRIATENESS of care: It is essential that the interventions that are performed for the treatment of a particular condition are selected based on the likelihood that the intervention will produce the desired outcome. Appropriateness
of healthcare is about using evidence to do the right thing to the right person,
in a timely fashion.
Opportunities must be provided for health consumers to participate collaboratively with health organizations and service providers in health service planning,
delivery, monitoring and evaluation at all levels in a dynamic and responsive way.
Consumer participation will enhance the level of acceptability of services, that is
the degree to which a service meets or exceeds the expectations of informed consumers.
ACCESS to services: Area Health Services should offer equitable access to health
services on the basis of patient need, irrespective of geography, socio-economic
group, ethnicity, age or sex.
EFFICIENCY of service provision: Health services must ensure that resources are
utilized to gain value for money. This can be achieved both by focussing on
minimizing the cost of production of services and by the allocation of resources
to provide the greatest benefit to consumers.
124
continuity of care;
Minister
Area
Health Service
Board
Area
Quality
Council
Consumer
groups
Divisions of
General
Practice
Health
service 1
QHCC
Health
service 2
QHCC
Health
service 3
QHCC
Health
service 4
QHCC
Health
service 4
QHCC
Clinicians
and
Managers
Clinicians
and
Managers
Clinicians
and
Managers
Clinicians
and
Managers
Clinicians
and
Managers
Figure 2
125
A change in culture
The development of structures for managing the quality of care in NSW is not a
difficult task. However, if the governance of clinical care in NSW is to result in
improved outcomes for health consumers, far more than structural change is
required. A change in the culture of healthcare delivery and management is essential.
Such a culture change will mean:
improved communication;
The essence of clinical practice is continually striving to provide the best care so as to
improve the health of individual consumers and the population. Clinicians, both
through their decisions regarding the care to be provided and the provision of that
care, are essential participants in ensuring the quality of healthcare.
The Framework for Managing the Quality of Health Services in NSW provides an
overarching, coherent framework for managing the quality of healthcare in NSW.
The application of the framework at the clinical level cannot succeed without the
active involvement of clinicians.
This framework provides the opportunity for cliniciansboth internal and external
to health facilitiesto inform and to become involved in shaping the system in which
their patients are treated. It identifies a valuable, practical starting point in a process
which will be continually evaluated and, with the benefit of experience and continued
consultation, will be further developed and improved.
Quality is everyones responsibility.
Quality in health is doing the right thing, the first time, in the right way, at the right
time.
126
It has long been recognized that medical care itself has the potential to cause harm.
However, general acknowledgement that much iatrogenic injury may be due to
preventable human error or system failure appears to have been slow in coming.
Factors contributing to this late recognition include difficulties in accessing medical
records (compounded by the tort system and fear of litigation), difficulties in
attributing problems to healthcare management rather than disease processes, and a
general reluctance to openly acknowledge and record system failures and human
errors when patients have been harmed. Objective information about the relative risks
and benefits of diagnostic and therapeutic options is often not available, and, where it
is, ways of conveying this to patients, so that they can make properly informed
decisions, are not well developed.
Healthcare is a risky business. Simply being a patient in an acute care hospital in
Australia carries, on average, a 200-fold greater risk of dying from the care process than
being in traffic, and a 2000-fold greater risk than working in the chemical industry.
127
healthcare as a complex system, of human error and system failure, of issues such as
privacy, consent, litigation, risk-benefit ratios and evidence-based medicine, and of
the human and economic costs of things that go wrong.
Second, the risks need to be identified. There are only three ways in which we can find
out what happened when things go wrong: those that are involved either in delivering
or receiving healthcare can report details; trained reviewers can extract information
from medical and other records; and teams of people can be employed to undertake
additional observations or measurements. This last option is too expensive to be used
"across the board", and must be reserved for studying specific problems identified by
one of the first two more generally applicable methods.
Identify risks
Analyse risks
Evaluate risks
Assess risks
Treat risks
128
medical and other records. The Australian Institute of Health and Welfare collates
information about morbidity and mortality from the various State collections of ICD
(International Classification of Disease) codes generated at the time of patient
separation, and from the Australian Bureau of Statistics Register of Deaths, and may,
in the near future, be able to link these with PBS and MBS data. However, the primary
emphasis in these collections has been on the underlying disease rather than
complications and co-morbidities, and they are currently not reliable or effective for
collecting information about most types of iatrogenic injury. It is proposed to
progressively improve the capture of iatrogenic injury information using these
established processes.
Standard methods for extracting information specifically about iatrogenic injury using
retrospective medical record review were developed in the Californian medical
litigation crisis in the early 1970s, were used for the Harvard Medical Practice study
in the 1980s and, in the 1990s, for the Quality in Australian Healthcare (QAHCS) and
Utah-Colorado studies. Re-analysis of the data in the latter two studies has indicated
that at least 10% of admissions are associated with a potentially preventable adverse
event, and that such adverse events are associated with as many as 50 000 permanent
disabilities and 14 000 deaths each year in Australia.
A collaborative project is underway with the Harvard School of Public Health to
refine the definitions and methodology used and a new streamlined software-based
process has been developedthe Australian Medical Record Analysis System
(AMRAS). It is proposed that a randomized sample of all hospitals be studied each
year and that strata of hospitals in each state be compared between jurisdictions and
over time with respect to a composite indicator, representing a basket of adverse
events, analogous to the consumer price index.
Third, it is necessary to collate and analyse the risks. Up until 1995, none of the
available systems had the capacity to do this. A Generic Occurrence Classification
(GOC) was therefore developed specifically for things that go wrong in healthcare. It
comprises a multi-axial framework into which all iatrogenic events may be classified
and is designed to elicit their salient features, place them in context and record their
contributing factors, be these system- or human-based. The GOC can be used to
classify incidents or events identified by incident reporting, medical record review,
complaints, morbidity and mortality studies, medico-legal files and coronial
recommendations. An expanded version of the GOC (GOC+) will have been
completed by the year 2000; this will have been built from over 50 000 incidents and
events from all of these sources. It will be made up of over 20 000 categories in a new
structure designed to facilitate flexible, comprehensive, cost-efficient reporting and
data analysis.
The mechanisms exist, therefore, to have a single repository for all things which go
wrong in healthcare in Australia. Data from the QAHCS has already shown why State
and national databases are necessary; first, even in large teaching hospitals most types
of adverse events occur so infrequently that they cannot be prospectively tracked or
sufficiently characterized at a local level to devise remedial strategies; and second,
having data from all available sources in a common repository allows the strengths of
each data source to be exploited. AMRAS will provide information about the
frequency and, with further work, the costs of adverse events, allowing evidencebased priorities to be set and progress to be tracked. AIMS provides vital
complementary information, as it elicits the underlying human-error and systembased causes of incidents which are not provided in the medical record. These details
are essential to obtain the information necessary for devising effective corrective
strategies. AIMS+ is being set up so as to provide both an easy-to-use tool to manage
129
risk and improve quality and safety at a local level, as well as to capture details about
the nature and underlying causes of the majority of events which, individually, occur
too infrequently to be characterized at a local level. AIMS+ also has built-in quality
assurance mechanisms so as to allow comparisons of patterns over time and between
healthcare units and jurisdictions.
Fourth, once problems have been identified and characterized, they must be
addressed - this involves coming up with cost- and risk-effective corrective strategies
which can be implemented in the context of Australian healthcare. The ways of
identifying problems and the types of responses at personal, local, and national levels
must be understood, together with the roles of the various existing means for effecting
change such as regulatory mechanisms for drugs, devices and procedures and
accreditation, recertification, credentialing, informed consent and registration.
However, as the manner in which these currently operate has been shown to be
associated with the current rate of adverse events and rapidly escalating litigation costs
(a one thousand-fold increase over 20 years for some specialties), it is clear that a new,
integrated more effective and responsive approach is required for dealing with these
problems.
The discipline of anaesthesia has taken such an approach and has demonstrated that,
once problems have been properly characterized, system-wide changes can be devised
and implemented which can be shown to be effective. AIMS-Anaesthesia was started
in 1988, ten national think-tanks and consensus conferences have been held, some
50 discussion papers have been produced, and major changes have been instituted and
supported by the profession. The mortality attributable to anaesthesia fell five-fold
between the mid-1980s, before comprehensive national data were available about
what was going wrong, and the mid-1990s, by when a number of corrective strategies
had been put into place across both the public and private systems.
The scope and cost of the problem of iatrogenic injury across the whole of the
healthcare system was revealed by the QAHCS in 1995. It has taken 4 years and
$2 million to develop and trial the tools for characterizing the adverse events making
up this problem; this process is now nearly complete.
By the end of the year 2000 the top 1000 events will have been identified by
combining data from medical record review, incident monitoring and other sources
of information. The new integrated approach which is proposed comprises
characterizing the nature of these problems, estimating their prevalence and cost
Australia-wide, identifying and choosing corrective strategies, evaluating them and
proving their worth in the Australian context, and, finally, implementing them
throughout the system. This will require substantial investment and a concerted,
nationally co-ordinated effort.
A start has been made with two national meetings addressing issues which have been
shown to be important across the whole spectrum of healthcarenosocomial
infection, adverse drug events, thromboembolism, informed consent and falls.
National multi-disciplinary working parties have been set up to develop proposals for
multi-centre studies to be undertaken. It is vital, although the work will have to be
carried out at a local level, that there be both State and National co-ordination of
research in this area, as, to date, many small, often poorly designed projects have
consumed the available resources without producing results which are sufficiently
convincing to be applied across the system.
The establishment of a National Council for Safety and Quality in Health Care and
of a National Institute for Clinical Studies provides the opportunity for these activities
to be co-ordinated. It is proposed that a National Iatrogenic Injury Surveillance Unit,
analogous to the National Injury Surveillance Unit, be established as a Collaborating
130
Unit of the Australian Institute of Health and Welfare, to co-ordinate the ongoing
collation and analysis of information at a national level.
Healthcare is undergoing enormous change and as new systems and procedures
evolve, new problems will emerge and will need to be dealt with. Mechanisms must
be put into place to rapidly identify and characterize these problems, and processes
must be refined for identifying corrective strategies, demonstrating their cost- and
risk-effectiveness in the context of Australian healthcare, and then implementing
them.
It is vital that all stakeholders (including government, the professions, healthcare
administrators, industry and consumers) be involved at all stages of these processes
and that mechanisms for ongoing, effective consultation and communication be
provided at local, State and Commonwealth levels.
Australia is the first country in the world to be able to set evidence-based priorities for
addressing the very substantial problem of preventable iatrogenic injury. Appropriate
tools, suitable for application at a national level, have been developed to allow
benchmarking and to fund the necessary systemic changes. National bodies have been
established for co-ordinating the efforts of all with interest and expertise in this area.
A pro-active approach of investing in long term gains, such as has been taken in areas
such as road and industrial safety, must replace the current ineffective local reactions
to individual problems.
The challenge now is to apply what we have learnt and developed both to the existing
problems that have been identified and to the new ones which are emerging all the
time.
Debate can continue indefinitely about the theoretical relative merits and demerits of
various approaches. The fact is that the methods that have been used to identify and
deal with the problems that cause deaths in road accidents and in anaesthesia are not
perfect. However, by applying them death rates have been dramatically reduced in
both of these areas. The overall impact of iatrogenic injury in human and economic
terms is too great to address only selected areas which are amenable to traditional
research methods. We must act now using existing data and methods, whilst
continuing to strive to develop new scientifically rigorous population-based research
methods with the aim of ensuring that iatrogenic injury will not be allowed to exact
in the future as great a toll on society as it has so far.
131
Despite the best efforts of many healthcare organizations the historic information
poverty of healthcare systems outside the US means that our efforts to manage clinical
risk are hampered by a lack of reliable, robust, local clinical risk data to support
decision making and priority setting. Proxy data from the US or other non-native
sources is of considerable value and in many cases supports the first hand experience
of clinicians and risk managers.
However it lacks the authority of locally collected data without which local support
for the conclusions drawn is difficult to win. Where good data exists it is often in
isolated islands within organizations, only rarely across whole organizations and
hardly at all shared between organizations to provide reliable benchmarks. Regulatory
issues concerning data protection in many territories limit the scope of data sharing
and the relative newness of many dedicated risk information systems means that
databases are often small and lack the vital longitudinal (time) component.
Accepting that we will have to work within these limitations, at least for the time
being, how can we capitalize on the learning opportunity provided by single clinical
incidents while ensuring the best possible outcome for all the directly affected parties
(patient, relatives, staff, etc.) and the wider group of stakeholders (all patients, all staff,
management, Trustees/Board members, funders/insurers)?
1. Managing Director, HRRI, London, UK. This article reprinted with the permission of HRRI.
133
Corporate
culture
Management
decisions and
organizational
processes
Local
climate
Situation
task
Error-producing
conditions
Errors
Violation-producing
conditions
Violations
Defence
barriers
Statisitical
failures in
defences
Accidents
Incidents
Latent failures in defences
Figure 1: Organizational Accident Causation Model
(After J Reason, 1994)
The model is best understood if read right to left starting with the incident in question
and a recognition that most incident investigations focus on the event, the time, the
place, the people, the technology and the outcome without enough emphasis on the
situation and rarely any consideration of climatic and cultural issues.
Defences
If we are to see beyond these narrow considerations we have to start with the fact that
there are many more incidents than there are bad outcomes and many near misses go
unrecognized or at least unreported. The difference is accounted for by the existence
of multiple defences, formal and informal, which tend to prevent bad outcomes.
Formal defences include procedures and protocols designed to pro-actively manage
risk.
134
From this question we can describe the local climatic factors which are a precondition of erroneous or rule breaking behaviour.
With these issues in mind HRRI felt that it was important to validate the Reason
model for healthcare application and in 1998 and 1999 Dr Sally Taylor-Adams, HRRI
Lecturer in Clinical Risk at the Clinical Risk Unit (CRU) of the Department of
Psychology, University College London, undertook such a project. The findings were
that the specifics of healthcare actually allow the model to be somewhat streamlined.
In conjunction with the UKs Association of Litigation and Risk Managers the CRU
have produced a general purpose toolkit for clinical incident investigation A Protocol
for the Investigation and Analysis of Clinical Incidents, Royal Society of Medicine Press,
September 1999. This has been successfully applied to several specific incidents and
enhanced with the development of templates for high-risk clinical specialities.
Training in the application of the toolkit can be provided by HRRI.
Dr Taylor-Adams approach focuses on four issues which are key to the incidents
investigated:
active failures
latent failures
failures of defences
135
Recognizing and cataloguing these factors at each step of the model gives us a rigorous
and repeatable method, the results of which can be compared from incident to
incident, within or between organizations. While this obviously has the potential to
produce a body of knowledge over time, we have to hope that, for any one
organization, the relative infrequency of adverse outcomes warranting investigation
would make this too inefficient as a means of collecting risk data. It would also mean
that our risk database would be biased towards incidents with adverse outcomes, to the
exclusion of near misses, which are a plentiful source of learning opportunities.
The nature of the findings is also significant and the pilots undertaken by Dr TaylorAdams and subsequent applications by HRRI have strongly affirmed that individual
error or rule breaking constitutes 15% or less of the causal factors while 85% are
organizational factors. The most common of these organizational factors are:
communication
documentation
openness of culture
The solution is to use the findings of the incident investigation to create a template to
help us take that deeper look. Using the summary findings of the incident review and
a statistically appropriate, random sample of clinical notes, can we find evidence of the
same causal factors in the care of other patients, whether or not it lead to an adverse
outcome?
The selection of notes within or beyond the clinical speciality of the original incident
is a matter of judgement, but should be guided by:
136
the breadth of the causal factors (which are unlikely to be narrowly confined to
the clinical speciality)
A detailed report on the prevalence (or otherwise) of the factors and the number of
potential incidents and unrecognized near misses, supported with appropriate
statistical analysis, is key to setting the right priorities and securing the necessary
resources to make a real difference.
Incident report
Investigation
Active failures
Specify
Latent failures
person
Performance
task
influencing factors
speciality
Failures in defences
department
organization
Individual factors
Organizational failures
Incident
Risk management
report
Incidence and co-incidence of:
Active failures
Latent failures
Performance influencing factors
Failures in defences
Proposals regarding:
Critical defences
Potential for further incidents
Statistical predictions and cost
consequences
Priorities and action plan
Resource requirements and budget
Design
Sample
Chart review
Chart
review
template
Clinical
records
137
The Wimmera clinical risk management program began at the Wimmera Base
Hospital in June 1989 and in 1994, the West Victorian Division of General Practices
Inter Hospital Peer Review Program commenced. Both programs began with a
modified version of adverse event screening developed in the United States. The
model involved retrospective screening of medical records using eight general patient
outcome criteria and subsequent medical review if records are screened positive.
Active and passive methods are used to monitor the quality of clinical activity on a
daily basis. Methods included: inpatient and emergency department adverse
occurrence screening and review, clinical incident reporting, general practitioner
adverse occurrence reporting and clinical indicator monitoring. Each organization
utilizes a combination of methods which is dependant on local need and resource
availability.
Data from these sources are reviewed and analysed to determine if an adverse event
has occurred. Adverse events detected are then analysed to determine if the event was
caused by healthcare management or was a natural consequence of the patients
condition or disease process. The possible causes of adverse events are determined and
recommended actions to improve clinical care are made to both clinicians and
administrative staff. The effect of actions taken is automatically evaluated by
continuously monitoring ongoing clinical activity.
In addition, adverse events occurring at other hospitals that have been highlighted by
coronial inquests, insurers, statutory bodies and media are analysed using the same
process.
The programs based in the Wimmera have developed effective and efficient methods
of managing clinical risk and created a valuable source of data about organizational and
regional adverse events.
Clinical risk management strategies have previously focused on litigation
management. This model offers a unique opportunity to proactively manage clinical
risk within a quality system as part of day to day hospital activity.
The model is patient focused and based on continuous improvement in the delivery
of safe service. It assumes that an organization that is highly educated in professional
practice, technical skills and system management, will maximize opportunities to
learn from errors and that the focus of quality of activities will be on systems analysis
and improvement rather than individual deficiencies. The conceptual framework of
the model is transferable to other hospitals.
139
Clinical activity
Active
In-patient program
Emergency Department APO program
Screening/reporting
Passive
Clinical incident monitoring
General practitioner APO feedback
Clinical pathway/variance analysis
Clinical review
Adverse event
Issues raised by
Individual patient risk assessment
Empirical analysis
Coroner reports
Media reports
Consultative committees
Patient satisfaction/complaints
Clinical indicators
APSF National database
Medical/nursing journals
Insurers
Detect risk
Analyse risk
probability
consequences
rate risk
Prioritise risk
Accept risk
(Aim to eliminate
or reduce risk)
Minor changes
(monitor)
System changes
Evaluate/monitor
140
Depending on where you sit, healthcare standards are either at their height or the
depth of their popularity. On one hand, healthcare leaders everywhere recognize that
agreed standards are essential to consistent, systematic, and measurable performance.
On the other hand, the healthcare community has absolutely no tolerance for
ill-conceived, unrealistic standards that waste time and money and deliver no evidence
of anything.
The most significant healthcare standards in the United States are those required by
the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) to
achieve accreditation, which is critical for receiving reimbursement from the federal
Medicare program. Starting in 1994, the JCAHO introduced new standards and a new
audit verification process that intended to transform accreditation from a reactive,
one-off, punitive, tick-box exercise that took place once every three years to a process
of continuous improvement in which the standards influenced organizational
behaviour, improved quality, reduced risk, and performance against the standards was
measured over time.
Unfortunately, most hospital executives still saw, and see, the JCAHO process as an
event they just need to get through to ensure that 5070% of their income stream is
intact; they have no desire for accreditation to dictate their organization's daily life.
However, many of their line managers began treating the JCAHO process as the
single event that validated their professional existence. Therein lies a problem.
For example, one of the largest healthcare organizations in the U.S. found that many
of their hospitals who scored the highest against the standards (e.g. 95% or higher) also
had the highest levels of adverse patient incidents, complaints, and claims. When the
corporate office went in to sort out the problem, the managers believed they had
already been validated by the JCAHO and simply would not deal with real-life risk
management problems. As a result, that organization's corporate leaders now perceive
accreditation to be a barrier to successfully protecting patients.
Where did this go wrong? Did the standards fail to deliver? Was it the healthcare
organizations fault? Their managers? The JCAHOs? Or was it a combination of
factors that produced the perception that accreditation had failed this particular
organization? Although anecdotal, hindsight being 20/20, it was likely that all of the
components of accreditation, not just the standards, had some sort of design flaw.
141
The NHS views Controls Assurance and risk management as a proactive system of
management to protect the assets of the organization. Those assets are patients, staff,
technology, physical infrastructure, finances, and reputation. Thus, the Controls
Assurance standards had to be written to help reveal risk for those who assess against
them. If the standards fail to highlight potential risks to their users, they will have
failed in their purpose.
For example, an assessment against a health and safety standard may have found that
an organization was 80% compliance with a given requirement. Quality would care
about that 80%, while risk cares about the 20% because it represents a potential risk.
It's not about compliance, its about what non-compliance represents: risk.
Had the NHS embraced quality or BPR as its management theory, the standards
would have been written, and the initiative constructed, in a different way.
142
More contemporary thinking is that the best way to ensure continuous attention is
paid to standards, and that credible judgements of compliance are made, is to convert
to a self-assessment model. This is happening in various parts of the world, such as in
U.S. regulatory schemes and in the NHS Controls Assurance Project.
By stating that self-assessment is the primary means of auditing compliance, the role
of auditors (internal or external) will change dramatically, as will the relationship
between the organization that is self-assessing and the auditors who are verifying that
the self-assessment was done accurately, properly, and honestly. In the NHS, it was
critical that the standards be written for self-assessors, not auditors.
There are issues related to a self-assessment model. For instance, auditing and
enforcement has always been a cat-and-mouse game, so many users ignore standards
because their likelihood of getting caught was low. Thus, many users of standards
believe that self-assessment means self-incrimination, and poor results from a selfassessment could get them fired.
If the airline industry serves as any barometer, their pilots and staff are given immunity
and are actually rewarded for not identifying problems, and they can be fired for not
reporting problems. Similar comfort and measures must be given to self-assessors
who are being asked to disclose shortcomings.
143
Beware of psycholinguistics
One of the more interesting new fields of study is psycholinguistics, which looks at
the power of words and how they influence behaviour based on the psychology of
perception. As we transition from the Information Age to the Knowledge Age, united
by the Internet, the ability of words to positively or negatively influence perception
and behaviour will be profound. Standards are a good example of this.
Any group writing standards must appreciate that the users of the standards should
have little confusion over what the standards is asking for, especially if self-assessment
is being utilized. Again, poorly strung together words could send users down the
wrong path altogether, and they'll lose faith in the standards.
In addition, it must be decided whether and to what extent standards should be
prescriptive. In theory, the best way for a standard-setter, such as the NHS, to get what
they want is to be very prescriptivetell users exactly what you want and set targets.
But in practice, users ultimately reject prescriptive standards because they are too
confining, considered not universally applicable, and become outdated fairly quickly
as practice changes in the field.
For Controls Assurance, it was decided that the requirements (individual criterion
within the 17 standards) should be non-prescriptive but very clear in what they are
asking self-assessors to make a judgement against. The substance needed to help make
judgements is captured in the guidance. That is, if you make standards or criterion
non-prescriptive, you must provide users with substantive guidance to help them
make good judgements. Conversely, if you provide prescriptive standards, the
guidance is not as important.
The other point of consideration is whether standards should be input or output
standards. An input standard is something like Suitable arrangements are in place for
the proper disposal of waste, according to policy. This is an input standard because it
is concerned with the arrangements to dispose of waste, not the actual disposal of
waste. This standard would be very difficult to self-assess against and verify through
audit, and it doesn't appear to have anything to do with risk.
144
If one desired benefit of the standards is measured performance against them, especially through self-assessment, provide an information platform (e.g. software)
when the standards are launched.
If standards are expected to remain relevant, ensure that there is a dedicated entity to monitor and modify them as needed to reflect changing practice.
If standards are expected to address real issues and not lofty processes, be sure to
have indicators which are directly related to the standards.
If standards are expected to slowly reduce risk and improve quality over time, as
in the NHS, be sure there is a reactive mechanism to acute problems to ensure
that stakeholders aren't seen as fiddling with lofty standards as Rome burns.
In summary, the proliferation of standards in healthcare has a great deal to offer the
industry at a time when it greatly needs help, providing the standards are done the
right way for the right reasons at the right time. If not, they could be an expensive and
potentially harmful distraction for busy healthcare providers.
145
Introduction
In August 1998, the Metropolitan Health Service Board appointed a risk management
coordinator to develop a strategic risk management plan for the Metropolitan Health
Service in Western Australia. In the first instance, research was undertaken to identify
existing risk management systems within the Australian health industry. As no
strategic risk management plan was identified, a project was therefore initiated to
develop a comprehensive plan to assist the Metropolitan Health Service to achieve its
objectives. This paper briefly discusses some of the key learnings from the risk
management project.
A systematic and inclusive risk management process that is fully integrated into
all phases of program design, implementation and evaluation is not only a means
of maximizing program effectiveness but also a very good defence against public
and parliamentary censures.
Les Scott, MHR, 1995
147
have no assurance that clinical consultants or visiting medical practitioners consistently meet clinical policies, guidelines or pathways, where they exist;
The Quality in Australian Health Care Study (QAHCS), published in 1995, found
that 16.6% of hospital admissions were associated with an adverse event and that 51%
of these were potentially preventable. The National adverse event rate (based on 3.6M
separations) may be estimated at 304 776 per year, 5 861 per week or 837 per day
(13.7% of which result in permanent disability and 4.9% in death). Although the
QAHCS has been criticized, even if adverse events were halved, the findings should
prompt immediate risk management treatment.
Comparisons between the number of claims being filed and the number of
preventable adverse events depict that the current claims lodged represent less than
one half of one percent of the potential medico/legal exposure. The Medical Defence
Union (MDU) Report (1998) stated that in NSW the average cost of settling claims
increased by 250% between 1992 and 1997 and there had been an increase of 200% in
the number of indemnity files opened at their offices between 19901997. The
Australian Patient Safety Foundation (APSF) has established that the direct medical
costs of adverse events exceed 2 billion dollars annually and that current medicolegal
exposures directly cost a further 400 million dollars annually (or 5% and 1%
respectively of health budgets). An upward trend in medicolegal claims would
severely impact upon the capacity of the health services to provide core services and
may increase by up to 500% within the next six years.
148
Systemic failures
Risk is inherent in everything we do whether it is riding a bicycle, managing a
project, dealing with clients, determining work priorities, purchasing new
systems and equipment, taking decisions about the future or deciding not to take
any action at all. We manage risks continuously, sometimes consciously and
sometimes without realizing it, but rarely systematically. The need to manage risk
systemically applies to all organizations and to all functions and activities within
an organization. It should be recognized as being of fundamental importance by
all public sector managers and staff.
Guidelines for managing risk in the Australian and New Zealand public sector HB143: 1999
Systemic failures are repeated within the government health industry without
modification to practices and procedures. Systems must be designed to reduce the
likelihood of failures occurring. The aim of developing an integrated management
system is to provide a comprehensive response to AS/NZS 4360:1999 that adds value
to health services and hospitals and is not an administrative liability. The Interim
Report of the National Expert Advisory Group on Safety and Quality in Australian
Health Care (28 April 1998) recommended That further work be undertaken within
all jurisdictions on adapting and applying systematic, organization-wide approaches to
quality improvement within Australian healthcare organizations. The Implementing
Safety and Quality Enhancement in Health Care Report (July 1999) from the
National Expert Advisory Group recommended that health services in Australia seek
to improve the development and implementation of risk management strategies
within their organization.
Substantial resources are leached daily from operational budgets by exposures that
disrupt the working environment, increase operating costs and reduce efficiency.
Typically resources are allocated to reactive indicators with little commitment or
attention afforded to proactive management. This focus must shift to achieve longterm sustainable improvement as shown below:
Proactive Indicators
Reactive Indicators
Workers Compensation
Adverse events
Medicolegal claims
Equipment failure
Investigative audits
Complaints
Public outrage/ministerials
Process failure
Systemic failure
149
Aim
Develop and implement an integrated management system to assist the Metropolitan
Health Service to meet its objectives.
Objectives
150
ensure that management and employees are accountable for risk management
through individual and team based performance management objectives;
151
Plan has been developed to provide an efficient and simplified resource management
tool for boards and managers.
The Register integrates hazard registers, business continuity plans, continuous
improvement action plans, complaints and can track corrective actions from audits,
surveys, incidents, adverse events and claims (diagrammatic representation attached as
Annex Four). The Register provides substantial resource savings by collating all risks
and opportunities for improvement on a prioritized and cost benefited oversight tool.
Incident management
A meaningful facilitywide system that identifies and initiates response to adverse
patient occurrences is the backbone of an effective risk management program. It
is essential that the risk manager work on the design and implementation of an
effective data-gathering system.
Risk management handbook for healthcare organizations, 2nd edn.
Gazetted as a Commonwealth Quality Activity to ensure that information provided by clinicians can not be used in litigation against organizations or clinicians
and to encourage participation.
Based on accepted industry models for complex system failures and human error.
152
Cost benefits
An integrated management system is a cost effective, long-term investment that will
provide recurrent savings in efficiency as well as mitigate future medico/legal and
workers compensation exposures. The Foley Report of 1987 (Commonwealth
Review of Quality within Australian Industry), concluded that up to 25% of
operational budgets within the manufacturing industry were absorbed by waste. The
service industry revealed that up to 40% of budgets were absorbed by waste, 85% of
which could be attributed to system failures. More recent surveys show that
corporations that have implemented comprehensive management systems have
minimized the types of waste identified within the Foley Report.
The QAHCS showed that 16.6% of admissions were associated with adverse events
and that 51% of these were deemed potentially preventable. Comparisons between the
number of preventable adverse events and the number of claims filed show that health
services are experiencing less than one half of one percent of their potential medico/
legal exposure. Insurance costs are increasing in line with the alarming rise in both
workers compensation and medicolegal claims. The latter of which, if left untreated,
may increase by up to 500% within the next 6 years. The APSF has estimated that over
6% of the health budgets ($2.4 billion of $43 billion each year) is wasted on direct
medical and medico/legal costs of adverse events. The cost to resource the five-year
Risk Management Plan represents a small percentage of annual health budgets (less
than one tenth of 1% of a single budget). Risk Management provides objective and
evidence based recommendations which, if applied systematically can maximize
opportunities and minimize exposures within the health industry.
Conclusions
Note:
Additional information in regards to the Metropolitan Health Service Risk Strategy
can be obtained on the following website address: http://www/health.wa.gov.au/warm
153
Annex One
Clinical governance
Integration opportunities
154
Corporate governance
Annex Two
1) Management commitment to, and leadership of, the total risk management
function.
2) The establishment of a Clinical Governance framework to include the formal application of the risk management process to clinical practices.
3) Employee participation and consultation in risk management processes.
4) Formal mechanisms to measure the effectiveness of risk management strategies,
plans and processes against industry best practice.
5) A mechanism should be in place for all incidents to be immediately reported, categorized by their potential consequences and investigated to determine system
failures, without assigning blame.
6) Preventive maintenance risk management processes must be applied to the management of facilities, amenities and equipment.
7) Management systems must be in place that provide safe practices, premises and
equipment in the working environment. Systems of work must be designed to
reduce the likelihood of human error occurring.
8) Risk Management processes must be applied to contract management especially
when acquiring, expanding or outsourcing services, equipment or facilities.
Contracts must be reviewed and written to ensure that only reasonable risks are
accepted and that those risks are transferred to and accepted by the insurance underwriter
9) Safe systems of work must be in place to protect patients, visitors and staff.
10) The establishment and implementation of emergency preparedness, emergency
response and contingency plans.
155
Annex Three
1) Management Commitment
Professional, Public, Product Liability
Human Resources
2) Clinical Management
Medicines Management
3) Medicines Management
3) Employee Participation
4) Incident and Information Management
Records Management
8)
9)
10)
11)
12)
13)
8) Contract Management
9) Security
15) Security
Infection Control
Catering and Food Hygiene
Transport
Environmental Management
Waste Management
Health & Safety
Notes:
1) The National Health Service (NHS) has developed financial and clinical
standards. The Standards listed above are the NHS Organizational Risk
Management Standards.
2) The Metropolitan Health Service Management System is integrated therefore
Risk Management, Occupational Safety and Health and Quality Improvement
are seamless throughout all of the 10 Standards and 61 Elements.
156
Annex Four
Confined spaces
Hazardous substances
Ministerials/complaints
Hazards
Surveys, inspections,
assessments and audits
Mishap investigations
Contingency plans
and disaster recovery
Equipment purchase/
modification
Preventive maintenance
Critical processes
and critical equipment
Adverse events
Coronial inquiries
Medical record
and file reviews
Risk assessment
cost benefit analysis
Project management
Medicolegal claims
157
Annex Five
The risk management process is objective because it brings a scientific approach to the
making of risk management decisions, requiring the compilation and analysis of data
as the basis for decisions reached.
The risk management handbook for healthcare organisations, 2nd edn.
This Risk Management Plan has been developed to address the deficiencies and risks
facing the Board, which were highlighted in the above references. A five-year
implementation Gantt chart was developed in January 1999 and lists milestones, tasks,
resources and time-lines and is attached at Annex 1. The Gantt Chart has not been
updated since January. A list of Definitions is attached to assist the Board at Annex 2.
Am
Develop and implement an integrated risk management system to assist the MHS to
meet its objectives.
Objectives
ensure that management and employees are accountable for risk management
through individual and team based performance management objectives;
Key tasks
The five-year Risk Management Implementation Plan (Gantt Chart) contains a
comprehensive list of key tasks. Although not complete, some of the key tasks are
listed below under the relevant risk management objectives:
158
establish the risk management structure for the MHS detailing the relationship
between the Board, the CEO, the Audit Committee, the Clinical Advisory
Committee, the Risk Management Support Team, Hospitals and Health
Services;
review, adapt and pilot the Australian Incident Monitoring System identify the
contributing factors and collate the corrective actions of all non-conformances;
link the contributing factors and corrective actions from incidents and adverse
events to the Risk Register and Action Plan;
develop and implement the adverse event review process and standard. Review
past adverse events to identify contributing factors and system failures (case
notes, coronial inquiries, incidents, complaints and claims). Review contributing
factors and system failures to determine corrective actions. Link failures and
corrective actions to the Risk Register/Action Plan. Develop and conduct
workshops to minimize adverse events. Review and implement the Stewart/
SCGH Medico/Legal Database to determine the liability (probability factor) of
outstanding claims.
insert risk management into annual performance reviews, job descriptions and
recruitment selection criteria;
develop reporting mechanisms from the Board to the CEO and from the CEO
to CEs/GMs;
make risk management a priority agenda item at all Board and executive
meetings;
ensure that the executive committees regularly review hospital and health service
risk registers;
develop and insert risk management objectives and performance indicators into
strategic and business plans;
minimize the potential for motions going to the Board without supporting
evidence;
ensure the all Board members are conversant with and fully understand the
consequences of proposed motions. Ensure that Chairs of sub-committees
provide a clear statement of cause and effect (to affected sub-committees), prior
to minutes and motions being forwarded to the Board;
160
develop and implement the Informed Consent Process and Standard. Conduct
Informed Consent Workshops;
develop a process and standard to apply Health Technology Assessment Principles (evidence based recommendations). Link this process with the Risk Register/Action Plan, develop and conduct Health Technology Assessment
Workshops;
establish a process and standard for reviewing contracts to ensure that only
reasonable risks are accepted and that those risks are transferred to and accepted
by RiskCover;
develop clinical (patient care) standards that redefine and coordinate core
services;
develop and implement evidence based care through clinical based guidelines;
develop and implement risk management, occupational safety and health, quality
and environmental baselines and checklists to measure the performance of
hospitals and health services;
develop risk management tools to identify, analyse, evaluate, monitor risks and
to communicate and consult those risks with stakeholders.
develop and conduct interactive workshops to monitor and improve team based
clinical services.
identify processes and practices that are best practice and nominate authors to
develop elements of the Standards. Allocate adequate resources to organizations
that participate in the development of the Standards and acknowledge the
authors;
161
2 Leadership
Change management
Building commitment/influencing behaviour
Building business teams
Code of ethics/conduct
3 Human resources
Performance management
Public sector standards in human resources management
Recruitment, selection and appointment
Criminal records screening/pre-employment medicals
Key staff continuity/recruitment program/job description forms
Visiting medical practitioners (VMP)/consultant agreements
Individual accountabilities and responsibilities
Corporate credentialling
Transfer/secondment
Performance management
Redeployment
Termination
Discipline
Temporary deployment
Grievance resolution
Staff satisfactionreward/retain
Industrial relations
Equal employment opportunity/working conditions/equal access policies
Workplace agreements, awards/enterprise bargaining agreements
Diversity of employment policy/prevention of harassment policies
Flexible work practices policies
Employee assistance policy
Alcohol and other drugs policy
Industrial disputes and resolution
Human resource information system (HRIS)
4 Financial management
Financial ledgers (Oracle 10.7/HCARe)
Patient management
Charts of accounts
Trendstar costing
Accounting policy and manual
Budget program
Reporting
Monitoring providers
5 Legal services and public relations
Legal guide for public health hospitals
Public image/public expectations
Political considerations
Public/media relations
Freedom of information
162
163
5 Professional development
Staff development programs
Professional mentors and buddy program
Infection control
National mental health standards (NMHS)
Aged Care Standards and Accreditation Agency (ACSAA)
Community Health Accreditation Standards Program (CHASP)
Australian Council on Healthcare Standards (ACHS)
Clinical risk management
Informed consent
Australian Incident Monitoring System (AIMS)
Training needs analysis
Inductions and orientations
Controls assurance
Management oversight risk tree analysis
Failure modes effects analysis/energy barrier target analysis
Operational readiness/critical systems analysis
Risk leadership/healthcare risk management
Risk management standards
Informed consent
Healthcare and project risk management
Mishap investigation
Self-assessment checklists and baselines
Hazard/hazardous substances management
Manual handling train the trainer/office ergonomics
Aggression and stress management
Purchase and modification control
Maintenance and contract management
Food safety and hygiene
6 Representatives and committees
164
Evaluate alternatives
Implement treatments
1 Manual handling
Patient handling
Identification, assessment and control
Competency based training
Work capacity assessments
Ambulance transfers
Non-patient handling
Storage and stacking
Work area design/office ergonomics
2 Hazardous substances/dangerous goods/ppec
3 Infection control
4 Confined spaces
5 Indoor air quality, thermal, lighting and radiation
6 Noise and vibration
7 Working at heights
8 Travel and driver safety
9 Food safety and hygiene
166
10 Environmental management
Environmental Plan
Waste Management
3 Security
168
Annex Six
Glossary of terms
Adverse event is any event or circumstance leading to unintended harm or
suffering which results in admission to hospital, prolonged hospital stay, significant
disability at discharge or death.
A complaint is considered to have been made when a patient or client of a
healthcare facility, or his or her agent, lodges a complaint about an iatrogenic problem
Controls assurance is a process designed to provide evidence that the NHS in total
and in its constituent parts is doing its reasonable best to manage, direct and control
itself so as to meet is objectives in an optimal fashion and also to protect itself, its
employees, patients and stakeholders safety and interests against risks of all kinds.
Incident is any unplanned event or circumstance resulting in, or having a potential
for injury, ill health, complaint, damages or loss.
Management system the organizational structure, procedures, processes and
resources needed to implement objectives and monitor performance.
Mishap is anything that causes actual or potential loss to an organization. A mishap
can involve systems, quality, reputation, equipment or personnel.
Mishap investigation is a structured process to identify the root causes of mishaps,
for the purposes of appropriately managing exposures.
Negligent adverse event is an adverse event in which it is considered that there is
evidence in the medical record of significant harm, of causation of that harm by a
problem with the healthcare process, and of a failure of duty of care.
Risk the chance of something happening that will have an impact upon objectives. It
is measured in the terms of consequences and likelihood.
Risk assessment the overall process of risk analysis and risk evaluation.
Risk management the culture, processes and structures which come together to
optimize the management of potential opportunities and adverse effects.
Risk treatment is the selection and implementation of appropriate options for
dealing with risk.
169
Annex Seven
References
MHSB, Risk management overview report 1998, September.
MHSB, Risk management progress report 1999, January.
MHSB, Risk management report 1999, January.
MHSB, Risk management plan 1999, January.
170
ISBN 0-7337-3352-2
S t a n d a r d s
A u s t r a l i a