Healthcare Risk Management

October 19, 2020
A healthcare risk management team discusses issues

Medical risk is embedded in nearly every clinical activity, from routine blood tests to organ transplantation. Risk management aims to reduce opportunities for medical complications and promote quality care across an institution. This also protects the assets, accreditations, and community standing of the healthcare provider. The increasingly complex nature of the U.S. healthcare system, however, brings dynamic, novel considerations to risk management programs, which must evaluate risks from regulatory, ethical, political, financial, and technological perspectives.1-3 

Numerous changes in healthcare delivery have demanded a reevaluation of these programs. The Affordable Care Act, for example, has shifted reimbursement models toward pay-for-performance systems, in which patient outcomes, rather than the volume of services provided, determine how hospitals are reimbursed.1,4 This requires care-providers to exercise constant vigilance to prevent avoidable, even if unexpected, medical errors. Emphasizing risk management not only promises benefits to the patient, but is also crucial to a hospital’s profitability: a Moody’s report shows that patients’ perceptions of the quality of care at an institution have a direct impact on the organization’s ability to raise funds, recruit physicians and nurses, build community relationships, and protect its assets overall.4,6 

The pressure on hospitals to maximize profits has pushed many risk managers to consider factors beyond the traditional elements of clinical risk management (identifying and analyzing medical problems and controlling the financing and claims-processes implicated in their resolution).5,6 However, this form of risk management, which can be conducted on large or small scales, must now be adapted to account for the increasing prominence of technological innovation and the complexity of regulatory compliance.3  

The American Society for Healthcare Risk Management has outlined how an enterprise risk management (ERM) strategy can provide a more holistic approach to tackling the increasingly dynamic risks involved in operating healthcare facilities. The ERM stratifies risks across eight domains, from the more traditional clinical, environmental, and infrastructure-based hazards to the risks associated with financial operations, legal considerations, and regulatory compliance.1-3  

The ERM places a particular focus on using technology and data analytics to mitigate risks.1 Cutting-edge information technology (IT) services have provided multiple benefits to patients and hospitals, making customer service more efficient, increasing the accessibility and transferability of medical records, and offering physicians supports that can reduce medical mishaps. However, IT services are also a major investment for hospitals, accounting for 25 to 35% of their overall capital budget.4 Moreover, they introduce novel cybersecurity risks to healthcare institutions. While electronic medical record systems can optimize patient care, they have also been shown to present new risks due to their cumbersome usability and distortion of physicians’ diagnostic processes in their reliance on diagnostic codes.7 

Risk managers in healthcare settings must consider the harm that may come to both patients and institutions when care delivery is insufficiently optimized. Sometimes, reducing risks for patients is at odds with the financial and regulatory risks institutions can afford to take on. Moreover, it can be difficult to quantify the value of a reduced risk, or measure what adversities did not occur, which makes it challenging to weigh the trade-offs of adopting different risk management plans.3 Overall, however, a key feature of ERM is its focus on the institution as a whole. While uniting a vast number of stakeholders with various interests and areas of expertise can potentially create confounding cross talk, an enterprise-spanning approach to risk management can produce a more inclusive and effective course for future action. 


  1. What is Risk Management in Healthcare? NEJM Catalyst. (2018). 
  1. Enterprise Risk Management: A Framework for Success. American Society for Healthcare Risk Management. (2014). 
  1. Hall, S. Expanding the Role of Healthcare Risk Management. Parker, Smith & Feek. (2017). 
  1. Card, A. et al. A new frontier in healthcare risk management: working to reduce avoidable patient suffering. Journal of Healthcare Risk Management. (2016).  
  1. Card, A. et al. Getting to Zero: Evidence‐based healthcare risk management is key. Journal of Healthcare Risk Management. (2012).  
  1. Spielman, B. & Smith, K. Risk management crucial to success amid changing healthcare landscape. Moody’s Investors Service: Sector In-Depth. (2017). 
  1. Ofri, D. When We Do Harm: A Doctor Confronts Medical Error (Beacon Press, 2020).