Blogs

While Enterprise Risk Management (ERM) has traditionally been a focus for large hospitals and health systems, many ERM strategies can be effectively implemented to manage risk in the physician practice setting. Regardless of the size or structure of the practice, risk managers and organizational leaders bring value through ERM by aligning with the organization’s strategies and goals.

Unlike traditional risk management programs that focus primarily on patient safety issues, an ERM program addresses the full spectrum of risks and brings value to the organization while managing uncertainty.  

An effective ERM program is:

• Designed as a decision-making
  process to recognize, analyze, manage and anticipate risks.
• Designed to mitigate
  the impact of adverse events while improving compliance oversight.
• Responsible for fostering
  a culture and collaboration between business units, departments, divisions and
  disciplines.
• Focused on
  enhancing governance by allowing for a more informed decision-making process, especially
  at the highest levels in the organization.
• Supported from
  the top for the most success.

Prioritizing Risk

By rating and prioritizing risks, focus can be placed on those that pose the greatest threat to the success of the organization’s strategic plan. One method of establishing prioritization is to assign a priority number to each potential risk. This is done by having key stakeholders score each identified risk on two dimensions: the potential impact of the risk (1 the least impact to 5 the highest) and the likelihood of the risk occurring (1 the least likely to 5 the most likely). By multiplying both scores and aggregating the results, the organization can begin to establish a risk prioritization map with scores ranging from 1 to 25. It is important to keep in mind that there is inherent subjectivity in this methodology and that all stakeholders should be included to gain an accurate overview of the organization’s risks and priorities.

Scored Risk Examples

Following are examples of risks identified in an independent, multi-location family practice group. An ERM framework and model were developed and approved by stakeholders. The following risks were identified and prioritized, and mitigation strategies were approved by the risk and compliance committee. Key stakeholders were assigned and held accountable for risk reduction strategies. The committee meets monthly and reports on the status of the ERM plan. A full ERM risk assessment is conducted every three years.

The following risks were identified in this sample practice:

Domain                                   Risk                                                                            Risk Score

Human Capital                        Burnout                                                                       20

Technology                             Telemedicine                                                              20

Finance                                   Merit-based Incentive Payment System (MIPS)       25

Operations                              Missed or Cancelled Appointments                           15

Chaperones during Physical Examinations               15

Human Capital – Burnout

Physician burnout was identified as one of the risks that could impact the success of the practice. Drivers identified:

• Busy
  practice with a push for productivity.
• Aging
  physicians who demand work-life balance.
• Increase
  in patient complaints about “physician disengagement.”

The mitigation strategies include the following key components:

• Distinguishing
  between and appropriately managing inherent and external stress and rewards.         
• Changing in the
  “productivity orientation” of the current practice model.
• Implementing of
  the American Medical Association’s STEPS Forward™ practice improvement
  initiative.

Technology – Telemedicine

The assessment identified previously unknown risks of the rapidly growing telemedicine program.  Drivers identified:

• Implemented
  telemedicine with local nursing home with plans to expand.
• Plan to
  embed telepsychiatry into the practice.
• Lack of
  standard operating procedures.
• Lack
  of confidence in the technology.

Mitigation strategies to manage the program include:

• Performing an assessment
  utilizing a Telemedicine Risk Management Checklist that includes privacy,
  security and patient confidentiality; credentialing; reliability of the
  technology; training; quality management; and more.
• Review of ASHRM
  Whitepaper, “Telemedicine: Risk Management Considerations”
• Selection and
  monitoring of key metrics
• Development of telemedicine
  interactive consult standards and protocols

Finance - Merit-based Incentive Payment System (MIPS)

The group’s executives and partners agreed that the financial stability of the practice was at risk because of changes in reimbursement. The MIPS is one of two payment tracks created under Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). MIPS adjusts payment based on performance in four performance categories: quality, cost, promoting interoperability and improvement activities. Drivers identified:

• New payment
  methodology.
• Unclear financial
  impact on the practice.
• Lack of
  clarity around individual incentives.
• Lack of
  confidence that the group will meet all incentive metrics.

Mitigation strategies include:

• Further
  assessment of compliance with physician quality reporting requirements.
• Actuarial analysis
  and risk modeling to predict the financial impact.
• Affirmation that
  the new EHR meets the requirements for incentives.

Operations – Cancellations/No Shows

An analysis of data for the previous calendar year found the practice was doubling the national average for missed appointments as a result of cancellation or no-shows, resulting in significant financial loss. Missed appointments can potentially affect patient health, access to care, practice workflow and the financial health of the organization. Drivers identified were:

• After-hours calls and urgent
  care/ED visits for the practice’s patients have steadily increased.
• Follow-up processes for missed
  patient appointments are inconsistent.

Mitigation strategies include:

• Optimal use of
  reminders through a combination of calls, text messages and patient portals.
• Education at
  every patient encounter on the importance of complying with appointments and
  how to cancel or reschedule.
• Documenting
  patients’ reasons given for not keeping appointments for review and analysis.
• Working with
  patients to identify their barriers and develop effective solutions.

Operations - Chaperones

Awareness of the practices’ process for the use of chaperones is essential. Chaperones are typically made available with intimate or sensitive exams, patient requests and provider requests. Policies should be based not only on the gender of the patient or provider, or the type of exam. Rather, policies should apply to all regardless of gender, sexual orientation or gender identification. Drivers identified:

• News about
  a provider in a nearby town who was accused of sexually abusing patients
• Patient
  complaint alleging an inappropriate exam
• No
  routine process for use of chaperones

At each visit during which a sensitive exam is planned, the patient should be made aware of the practice’s policy and offered a chaperone, as well as the opportunity to consent or decline.  

Mitigation strategies include:

• Ensuring
  patient awareness of the organization’s chaperone policy and availability of a
  chaperone through verbal communication and signage at strategic locations in
  the office suite.
• Communicating
  the policy through educational materials and “new patient” information.
• Developing
  policies with representatives from clinical staff with input from risk
  management and the organization’s legal counsel.
• When
  developing policies, incorporate guidelines from professional organizations, local
  medical societies and medical professional boards; consider cultural elements.

Enterprise Risk Management Action Plans
Once the organization has identified and prioritized risks, the next step is to assign accountability and mitigation strategies. Every effective risk management program must include governance and reporting structure. It is critical in an ERM program that key decision-makers are included in the communication and sharing of ERM strategies. Keep in mind that a physician group practice, especially one that is independent, may not have a board or ERM committee. Therefore, the governance and structure of the ERM program may be embedded into operations and the overarching responsibility for risk management would be deferred to the executives that make up the leadership team.

Measure Monitor and Evaluate

To have an effective ERM program, the organization must have a methodology to measure and monitor the effectiveness, compliance and sustainability of its mitigation strategies. Each strategy will have its own unique metric. Stakeholders must be held accountable not only for implementing the mitigation strategies but also for selecting appropriate metrics that align with each strategy. Key indicators can be either outcome measures or process measures. In either case, a process must be in place to collect and analyze the data as well as communicate the effectiveness of the strategy.

A physician group practice, whether independent or integrated within a health system, can effectively design ERM strategies and implement ERM principles to protect the group’s assets, but also, to demonstrate a proactive value-added, decision-making process that aligns with the group’s mission, vision and strategic plan. When supported by leadership, an effective ERM program can be effectively implemented to help a physician practice identify, mitigate and anticipate risks across the entire organization.

References

ASHRM Physician Office Risk Management Playbook (2016) Retrieved fromhttps://ams.aha.org/eweb/DynamicPage.aspx?WebCode=ProdDetailAdd&ivd_prc_prd_key=123964ad-2007-4781-8d17-d12184c64785

Maximizing Patient Access and Scheduling - An MGMA Research & Analysis Report, (2017 August). Retrieved from https://www.mgma.com/getattachment/Products/Products/Maximizing-Patient-Access-and-Scheduling/PatientAccessSchedulingResearchReport-INTER_FINAL.PDF.aspx

Russell, Denise Ed; Boisvert, Sue and Borg, Douglas, Assoc. Eds. (2018) ASHRM Whitepaper – Telemedicine: Risk Management Considerations. Retrieved fromhttp://www.ashrm.org/pubs/files/TELEMEDICINE-WHITE-PAPER.pdf?pdf=telemedicine1

Authors

Denise Shope, RN, BSN, MHSA, ARM, CPHRM, DFASHRM, is ASHRM’s 2019 President with more than 25 years of experience in the health care industry. Currently a risk management consultant with RCM&D in Baltimore, she has authored several risk management resources, chaired the ASHRM Enterprise Risk Management Advisory Committee and is ASHRM faculty for the organization’s ERM Certificate program and Health Care Risk Management Certificate program. 

Nancy
Connelly, RN, BA, CPHRM, DFASHRM is a risk management consultant with
RCM&D, an independent insurance advisory firm based in Baltimore, Maryland.
RCM&D provides strategic solutions and consulting for risk management,
insurance and employee benefits. She is the vice chair for the ASHRM Forum Task
Force.