The importance of Risk Management
Prevention is better than cure. This applies equally to our health, as it does to managing the complex and varied risks faced in running a healthcare business. The issue for healthcare businesses is often the unknown risks….
“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.” – Donald Rumsfeld
We can assist you in identifying your practice risks and suggesting risk management strategies to put in place. Broadly a business has four options in managing risk:
‘Avoid the risk’
E.g. by not entering into a new business venture, new procedure or contract.
‘Reduce the risk’
E.g. developing a risk management framework to reduce the likelihood of adverse events occurring – and if they do occur, then to minimise the impact on the business.
‘Accept the risk’
E.g. a ‘do nothing’ approach or ‘self-insurance’. This may be appropriate for small risks such as balancing the pretty cash tin (who really cares if its $5 out each month)
‘Transfer the risk’
such as by sharing the risk through a joint venture, or transferring the risk to insurance.
If you want to learn about risk management, google Risk Management standard: AS/NZS ISO 31000:2009.
While it would be nice for a small medical practice to adopt a full risk management framework, the reality for most practices is the Practice Manager is usually acting as the internal Risk Manager and doing so amongst many other responsibilities.
However there are practical risk management strategies every healthcare business can implement in their business. We can be engaged as a risk management consultant to help you set up key documentation and processes. Please contact Chris Mariani from our Sydney office to discuss.
Consider the below question and range of answers. If your practice does not answer something along the lines of Answer C, then you and your practice are potentially breaching Australian privacy laws, at increased risk of civil penalties, patient complaints, legal action, and reputational damage.
2.“We have one somewhere, but I have no idea where it is or when we last looked at it. The practice manager is responsible for privacy”
The third answer above is the right answer from a risk management perspective. Unfortunately, many practices we review aren’t up to the level expected.
We recommend to our clients they:
- Have ‘Privacy’ on their 10 ten risks and actively manage this risk via their Risk Register
- The conduct staff induction and ongoing training
- They conduct annual audits of their privacy risks (for example using a specialist IT security firm to test for weaknesses and report back to management).
- They have an appointed Privacy Officer (as required under law) who takes charge of their privacy obligations.