Page 1 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10, 06/13 06/15 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc
Key Words: Risk Management; Risk Register
Policy Applies to: All Mercy Hospital staff; CEO and Executive will facilitate compliance for Board of Directors and Credentialed Specialists, Mercy Hospital staff will facilitate compliance for Allied Health Professionals, Contractors, Visitors and patients.
Related Standards AS/NZS ISO 31000 :2009 Risk Management Principles and guidelines EQuIP4 Criterion 2.1.2 Integrated Organisation-wide Risk Management Policy and System Ensure that Corporate and Clinical Risks are Identified, Minimised and Managed NZS 8134:2008: 2.3 Health and Disability Services Standards: Quality and risk management systems Health Quality Safety Commission (HQSC); Reportable Events Policy Jan 2013
Rationale Mercy Hospital strives to minimise and manage the inherent risks involved in providing healthcare services.
Objectives: To identify actual and potential risks associated with all aspects of Mercy Hospitals operation. To prioritise each identified risk using a standardized tool To develop appropriate action plans to manage each risk with the aim of reducing the impact of the risk through minimization, avoidance and / or removal. To ensure a robust system is in place to report, monitor and review each risk
Definitions: Risk: Actual or potential events that separately or collectively result in immediate and subsequent impact on the provision of health services at Mercy Hospital.
Risk Categories: Organisation of risks in the form of a hierarchical scale that identifies each risk and what that level of risk entails Risk at Mercy Hospital will be categorized as one of the following: Clinical; Infra-structure Operational; Corporate governance; Environmental
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 2 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10, 06/13 06/15 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc Risk management: A method of identifying, analysing, evaluating, treating, monitoring and communicating risk associated with an activity, function or process.
Risk Evaluation: Risk evaluation is a process that is used to compare risk analysis results with risk criteria in order to determine whether or not a specified level of risk is acceptable or tolerable. Risk is evaluated at Mercy Hospital using the formula below to allocate a score: Consequence x Likelihood = SAC score (Severity assessment code)
Implementation: In addition to the regular ongoing processes of auditing, active maintenance of the hazard register, legislative compliance and incident reporting, Heads of Departments will be responsible for identifying and managing key operational risks associated with activities and practices within their service. The CEO will hold an Organisational-wide Risk Register. Items on this Register will have been identified as requiring Risk Action Plans and/or will be extreme risks that could affect the viability of the organisation. Risk assessment and management procedures are standardised across Mercy Hospital using the templates attached. Education will be provided for staff to ensure the risk assessment and management procedures are disseminated, discussed and applied consistently via Health & Safety representatives, Incident reports, completion of action plans, feedback from staff and meeting minutes
Evaluation Current Action plans for the Organizational-wide Risk Register will be reviewed at Executive, HOD, Quality and Risk Advisory and Board of Directors Meetings monthly. All other Organizational-wide risks will be reviewed at the date specified on the Register. Incident reports, completion of action plans, feedback via staff, meeting minutes and patient questionnaire all contribute to risk evaluation.
Associated Documents External HB 228.2001 Guidelines for Managing Risk in Healthcare EQuIP Standard 2.1 Quality Improvement and Risk Management, Criteria 2.1.1 and 2.1.2 Policy for the Management of Healthcare Incidents Draft Version 0.7, NZ Health & Disability Sector Safety Improvement Programme
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 3 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10, 06/13 06/15 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc HB:2011, Risk Management-Guidelines on Risk Assessment Techniques. Standards Australia/ Standards New Zealand HQSC Reportable Events Policy
Internal Quality and Risk Advisory Committee Terms of Reference - Hospital Policy and Information Manual Emergency Plan Fire Plan Incident Management Policy Complaints Policy Delegation of Authorities Policy Credentialing Policy In addition: All Policies and processes support risk mitigation at Mercy Hospital
Process: Risk Identification: The following are examples to assist in identifying and categorizing risk:
1. Clinical Patient care Products Infection control Staff Credentialed Specialists 2. Infra-structure Building maintenance Equipment Business continuity Staff Health & Safety (Linked to Hazard Registers) Disaster planning 3. Business Integrity Integrity of financial systems Interruption of IT systems/communication system failure Political environment Security of revenue lines (ACC, DHB contracts, Private insurance, Self funding) Business interruption 4. Corporate governance Legislative compliance Cultural aspects Governance surety
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 4 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10, 06/13 06/15 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc Political environment Mercy Ethos
Use Appendix 1 General Risk Assessment Worksheet to document the risk. Determine the level of risk by using the consequence and likelihood tables (refer Table 1 and 2) to reach a SAC score (Table 3)
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 5 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10, 06/13 06/15 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc
Table 1. Likelihood Table
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 6 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10, 06/13 06/15 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc Table 2. Conseqences Table Next ask what if? and realistically judge what is the worst likely outcome or consequence.
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 7 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10 06/13 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc SAC Score and review:
Severe Major Moderate Minor Minimal Almost certain 1 1 2 3 4 Likely 1 1 2 3 4 Moderate 1 2 2 3 4 Unlikely 1 2 3 4 4 Rare 1 2 3 4 4
Table 4: Review process
SAC1 Almost certain to occur at least once in the next three months
Immediate corrective action required. Review weekly SAC2 Will probably occur at least once in the next 4-12 months
Senior Management attention required. Review monthly SAC3 Expected to occur within the next 1-2 years
Management responsibility must be specified. Review annually SAC4 May occur at some time in the next 2+ years
Manage by routine procedures. Review if system, process or context changes
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 8 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10 06/13 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc Risk Control: Document the Risk Control Rating using Table 5.
This table is a guide not all criteria will necessarily be met for any given rating
Table 5: Risk Control strategies Rating Work Processes Staff Awareness Financial Protection Excellent All key work processes documented and monitored. Regular and comprehensive audit of work processes and legal compliance issues. Actions taken to address risks identified through audit. Mercy Hospital accredited to external standards. Continuous improvement methodologies used. Comprehensive risk reporting at all levels. Staff and Managers provide timely reports of all incidents/risks and take action to prevent recurrence and minimize liability. Actions taken are fully documented and monitored for effectiveness. Staff and Managers work together to address risk issues, using a systems approach. All permanent staff and managers actively managing their specific risks. Comprehensive insurance in place. Very Good Policies, protocols, guidelines in place and compliance is regularly monitored. Actions taken to address issues. Risks are reported, acted upon, and actions fully documented but not monitored for effectiveness in mitigating future risk. Most staff and managers actively managing their specific risks. Comprehensive insurance in place. Good Policies, protocols, procedures, guidelines in place but compliance is monitored on an ad hoc basis. Risks reported and actions taken but not fully documented. Risks managed in an ad hoc fashion. Adequate insurance in place. Adequate Policies, protocols, procedures, guidelines in place but compliance with these is unknown/not monitored. Risks reported and actions taken on serious risks. New staff orientated re risk management. Adequate insurance in place. Unacceptable Some policies, protocols, procedures, guidelines in place, but staff not aware of them. Risks not reported and actions not taken to prevent recurrence in any systematic fashion. Most staff not aware of risk management. Inadequate insurance over or risk uninsured.
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 9 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10 06/13 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc
APPENDIX 1: GENERAL RISK ASSESSMENT WORKSHEET
Ward/Department: Date Assessed:
Description of Task/Activity/Function and Risks Associated
Existing Controls (list controls in place or note where the information can be found (e.g. Work Instructions)
SAC Score (Table 3) 1 2 3 4
Risk Control Rating (Table 5)
Excellent Very Good Good Adequate Unacceptable
Does this involve a Health and Safety hazard? Yes No (if yes forward copy to IC/OH Nurse)
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY Page 10 of 10 Date Issued: Date Last Revised: Next Review Date: Approved By: 03/09 06/10 06/13 Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc RISK ASSESSMENT SUMMARY Action Required
Further Action Required? Yes No Action Completed (see Organizational Wide Risk Register)