Blogs

by Matthew A. Thomson and Joan M. Porcaro, RN, BSN, MM, CPHRM, FASHRM

In health care, an effective risk management program is vital for patient safety, regulatory compliance, and financial stability. Creating a Risk Management Committee (RMC) is one of the best ways to achieve this. 

This article explores the merits for having an RMC in a health care organization and how it can contribute to overall organizational success in providing safe and effective care to their patients.

Responsibility & Objectives of the RMC

A Risk Management Committee (RMC) plays a crucial role in overseeing and guiding an organization's risk management strategies¹. The committee should align with the strategic plan to implement key initiatives and support an enterprise risk management philosophy. In the spirit of enterprise risk management, the committee should consider all aspects of the health care organization, not solely clinical risks or risk financing. 

According to ASHRM (American Society for Health Care Risk Management), “a risk management committee is responsible for overseeing the identification, assessment, and mitigation of risks across an entire health care organization, including developing and implementing strategies to reduce potential harm to patients and the organization, ultimately aiming to promote safe and trusted patient care by proactively managing risks through a comprehensive enterprise risk management (ERM) framework.” ⁸

This guide provides an introductory discussion designed to serve as a foundation. It can be expanded into a comprehensive resource tailored to the unique needs of each health care organization. By building on these initial ideas, the risk management professional can provide more detailed and practical advice tailored to the diverse needs and challenges faced by various health care entities.

Depending on organizational committee structure, the RMC may act as a standalone committee with clearly outlined objectives, holding sessions monthly or quarterly. For some organizations, those agenda items may instead be part of a compliance, patient safety, or quality improvement committee structure.

Objectives of the RMC include, but are not limited to:

• Oversight: The committee provides an independent layer of oversight, evaluating the organization's risk management program through the use of risk identification, risk assessment, and continuous patient safety improvements. This includes regular reviews to identify significant or emerging trends and risks and making recommendations to minimize their impact. The RMC may oversee the creation, adjustment, and regulation of policies and procedures for risk management as well. 
• Risk Appetite: The committee defines the organization's risk appetite and ensures that the company maintains a prudent balance between risk and reward in its activities. It assists the board in setting risk strategies, policies, frameworks, and procedures.
• Monitoring: The committee will monitor the risk management program to ensure it meets high standards of quality and integrity. The members will ensure that the organization is transparent in its risk reporting, providing clear and accurate information to stakeholders.
• Oversight of Reviews: The committee oversees formal reviews of the risk management processes. These reviews help identify any weaknesses or areas for improvement, ensuring that the organization's risk management practices remain robust and effective.
• Annual Risk Management Plan: Each year, as developed by the risk management team, the committee reviews and approves the organizational risk management plan. This plan outlines the strategies and actions the organization will take to manage risks effectively over the coming year.
• Accountability: The committee holds the organization accountable for implementing and maintaining effective risk management practices. This includes ensuring that all relevant parties understand their roles and responsibilities in managing risks and that there are clear consequences for failing to adhere to established risk management protocols.

By fulfilling these responsibilities, the committee ensures that the organization's risk management program is both effective and transparent, fostering trust, accountability, and continuous improvement.

Benefits of the RMC

Fostering a Culture of Accountability

Creating an RMC fosters accountability and transparency within the organization while ensuring that risk management is highly visible throughout the organizational hierarchy. By engaging clinical staff, administrators, and board members, it ensures risk management is a multidisciplinary effort inclusive of patient safety, quality, legal, and compliance efforts. This teamwork promotes open communication, ongoing learning, and dedication to quality improvement².

Enhancing Patient Safety

Patient safety is fundamental to health care. An RMC is crucial in identifying, assessing, and reducing risks that could harm patients. By examining incidents and near misses, the committee reviews and approves strategies to prevent recurrence and enhance clinical practices. This approach not only improves patient outcomes but also fosters a culture of safety within the organization⁸.

Ensuring Regulatory Compliance

Health care organizations must follow strict regulations, as non-compliance can lead to citations, fines and reputational harm. An RMC ensures compliance with laws, regulations, and standards by staying informed on regulatory changes and updating policies as needed.

Financial Stability and Risk Mitigation

Managing risks effectively is crucial for the financial stability of a health care organization. By spotting potential risks early, an RMC can take steps to lessen financial losses from issues like malpractice claims, insurance, and operational inefficiencies.

Promoting Organizational Resilience

In the fast-evolving health care sector, organizations need to be adaptable. An RMC helps by constantly assessing risks and preparing for potential disruptions. Be it a health crisis, tech failure, or supply chain problem, their readiness plans ensure effective responses and ongoing care.⁹

Organizational Structure

The risk management committee, once approved by the Board will meet monthly and will report to the Board at least quarterly. The RMC is sanctioned and operates under a board-approved charter³, and the Board undergoes risk management orientation. The program is evaluated annually.

Membership

The composition of the committee should align with the organization's size, structure (such as hospital, physician practice, or ambulatory care), and other established committees within the organization. A risk management committee in a health care setting should consist of a variety of professionals from different departments to ensure an enterprise risk approach to risk identification and management. Representatives should cover critical aspects of the hospital's operations. The following roles are typically recommended.

Core Members⁷:

The organizational structure of a Hospital Risk Management Committee (RMC) typically includes various key roles and responsibilities to ensure effective risk management dependent on the size of the organization.

Here’s a general outline:

1.    Chairperson: Often a senior executive or board member, the chairperson leads the committee, sets agendas, and ensures that meetings are productive and focused on key risk areas.

2.    Risk Management Professional: This individual is responsible for the day-to-day management of the hospital's risk management program and would coordinate risk assessments, incident reporting, and mitigation strategies.

3.    Clinical Representatives: These members, often including physicians, nurses, and other health care providers, bring clinical expertise to the committee. They help identify and address clinical risks and patient safety issues.

4.    Legal Advisor: A legal expert who ensures that the committee’s activities comply with relevant laws and regulations. The advisor would provide guidance on legal risks and help protect the hospital from liability.

5.    Patient Safety/Quality Assurance/Improvement Representative: This representative focuses on integrating risk management with quality improvement initiatives. They help ensure that risk management efforts contribute to overall quality and safety improvements.

6.    Finance Representative: This representative provides insights into the financial implications of risks and helps the committee understand the cost-benefit analysis of risk mitigation strategies.

7.    Human Resources Representative: They address risks related to staffing, employee safety, and compliance with labor laws.

8.    Ad Hoc Members: Depending on the specific risks being addressed, the committee may include other experts or stakeholders on an as-needed basis, such as IT specialists for cybersecurity risks, ethics representation or infection control experts for managing infectious disease risks.

A customized RMC structure geared to the organizational design ensures a comprehensive approach to risk management and would utilize diverse expertise to identify, assess, and mitigate risks effectively.

With a cohesive and multi-disciplinary team, the RMC is well-equipped to evaluate and address diverse risks effectively, spanning areas such as clinical care, patient safety, and financial, legal, and operational issues.

Legal Protections

Hospital Risk Management Committees (RMCs) play a crucial role in ensuring patient safety, regulatory compliance, and financial stability. Here are some key legal protections and considerations for these committees^{5, 6}.

1.    Confidentiality and Privilege: Many states in the U.S. provide legal protections that ensure the confidentiality of RMC proceedings and records. This means that the information discussed and documented in these meetings is often protected from disclosure in legal proceedings.

2.    Regulatory Compliance: RMCs must ensure that the hospital complies with various federal and state regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), which mandates strict guidelines for patient confidentiality.

3.    Liability Protection: By identifying and mitigating risks, RMCs help reduce the hospital's exposure to legal claims and malpractice lawsuits. This proactive approach can prevent costly penalties and legal issues.

4.    Quality Assurance: RMCs are involved in quality assurance programs that aim to improve patient outcomes and prevent incidents. These programs are often protected under state laws that shield quality assurance activities from legal scrutiny.

5.    Accreditation and Standards: Ensuring compliance with accreditation standards (e.g., Joint Commission) is another critical function of RMCs. Meeting these standards helps protect the hospital from legal and financial repercussions.

By fostering a culture of accountability and transparency, RMCs not only enhance patient safety but also protect the hospital from various legal risks.

Committee Agenda

A risk management committee's monthly agenda⁴ should encompass various topics about identifying, assessing, mitigating, and monitoring organizational risks. Agenda items may focus on clinical, operational, financial, community, regulatory, and environmental risks. Although flexibility is necessary, this guide supports the sequencing in an agenda:

• Data Analytics:
  • Key Risk Indicators/Metrics: Review key performance indicators (KPIs) related to patient safety and quality of care, such as infection rates, readmission rates, mortality rates, and surgical complications. Discuss improvement initiatives and corrective actions for areas of concern.
  • Incident and Serious Safety Event Report Briefing: Discussion of recent incidents, including patient safety events, medication errors, falls, and other adverse events. Review trends and significant cases, including the open actions items created in response to root cause analyses (RCA) if applicable.
  • Risk Identification Findings from High-Risk Areas such as OB, Emergency Department, Surgery and Interventional Radiology
  • Trend Reports from the Risk Management Incident System (RMIS)
• Claims Management Update: Review of recent notable claims, lessons learned and improvement initiatives in place.
• Onsite Risk Assessment & Safety Training Initiatives: Review the progress of ongoing risk management and patient safety initiatives, including staff training, policy updates, and technology implementations. Discuss new initiatives that aim to further reduce risks in the hospital/organizations
• Regulatory Compliance Updates: Briefing on changes in regulations that may impact the business.
• Insurance Review:  Review upcoming due dates; considerations for modifications to existing coverages.
• Sub-Committee Reports:
  • Workplace Risk, Employment Practices, Workers’ Compensation
  • Employee Safety and Prevention of Workplace Violence and Aggression
  • Fleet Management
  • Property & Asset Protection
  • Financial & Executive Risk
  • Crisis Planning & Business Continuity
  • RMIS/Data Systems
  • Risk Reduction Initiative Project Teams
  • Cybersecurity and Technology Update
  • Failure Mode Analysis report

Conclusion

A Risk Management Committee (RMC) is a strategic move for any health care organization. The RMC enhances patient safety by systematically identifying and mitigating risks and safeguards the organization's financial stability by addressing potential financial risks early. Additionally, an RMC builds resilience by preparing for disruptions such as health crises or technological failures and promotes accountability by fostering a culture where staff feel encouraged to report incidents and near misses.

References

1. Indian Health Service. (N.D.) Quality Assurance and Risk Management Committee Charter.  Retrieved from: https://www.ihs.gov/ihm/circulars/2019/quality-assurance-risk-management-committee-qarmc-charter/ 
2. McGoran, J. (2015). Advantages and Challenges of Risk Committees.  Risk & Insurance. Retrieved from https://participant.empower-retirement.com/participant/#/login?msg=accu_error&domain=participant.empower-retirement.com 
3. McGoran, J. (2015). Advantages and Challenges of Risk Committees.  Risk & Insurance. Retrieved from https://participant.empower-retirement.com/participant/#/login?msg=accu_error&domain=participant.empower-retirement.com 
4. Eisenstein, L. (2019). Risk Committee Agenda Template. BoardEffect. Retrieved from https://www.boardeffect.com/blog/risk-committee-agenda-template/
5. Hospital Quality Assurance Meetings: Erosion of the Protections
6. What Are the Key Legal Considerations for Hospital?
7. Risk Management Implementation Guide - ECRI
8. The Role of the Chief Risk Office (2006). ERM Monograph. Retrieved from: https://www.ashrm.org/sites/default/files/ashrm/ERMmonograph.pdf  
9. Creating a resilient organization for health care workers during a crisis. (2020). American Medical Association. Retrieved from https://www.ama-assn.org/practice-management/physician-health/creating-resilient-organization-health-care-workers-during

Authors' Biography:

Joan M. Porcaro, RN, BSN, MM, CPHRM, FASHRM

WTW| Willis Towers Watson

Senior Vice President | Risk Services | Healthcare

Joan is a seasoned risk management professional with 30 years as a system director for risk management and patient relations. She also has operational experience in the acute care, critical access, urgent care, physician practice, home health and hospice settings. She has extensive experience working for medical malpractice insurance carriers. Joan is a Certified Professional Risk Manager (CPHRM) through the American Hospital Association and has achieved the designation of FSHRM. She is a frequent author and speaker for many industry communications and events. Joan currently serves on the ASHRM New Member Committee, ASHRM Chapter Leadership and as ASHRM Faculty.

Matthew A. Thomson

WTW| Willis Towers Watson

Director, Senior Principal, Risk & Analytics 

Matt is a national resource specializing in risk management consulting to assist our clients with improving the quality & performance of their risk programs through business process improvement techniques.   He leads our Risk Performance Optimization (RPO) advisory services. Matt has over 30 years of risk management, claims and data management expertise; including having served as Senior Managing Director, Risk Consulting National Practice for Wells Fargo Risk Management Solutions, Corporate & Global Broking Segment.  He has held leadership positions with a national insurer and third-party claims administrator.   Matt’s expertise includes Risk process management techniques and strategic risk consulting, insurance placement & finance processes, property and casualty coverages, complex claims, risk mitigation, RMIS, data systems, TPA programs.