Healthcare RiskControl

VOLUME 2July 2009

5200 Butler Pike, Plymouth Meeting, PA 19462-1298, USA Tel +1 (610) 825-6000 Fax +1 (610) 834-1275 Web www.ecri.org E-mail hrc@ecri.org

Executive SummaryRisk and Quality Management Strategies 4

Key Recommendations Assess current activities in risk management and quality improvement to evaluate their effectiveness in addressing overlap.

Establish a structure to ensure that patient care activities are addressed in a coordinated manner involving risk manage-ment and quality improvement functions.

Seek legal counsel to ensure that the structure for risk manage-ment and quality improvement activities maximizes legal pro-tections granted by state and federal statutes while allowing for the fl ow of information.

Align risk management and quality improvement plans with the strategic goals of the organization.

Educate stakeholders on the role of risk management and quality improvement functions.

Design systems to coordinate and streamline data collection, analy-sis, monitoring, and evaluation.

See page 14 for more Action Recommendations.

Supplementary Material Resource List

Virginia Health System Over-comes Silo Approach to Quality and Risk

For more tools on this topic, see the HRC Members’ Web site at http://www.ecri.org.

Risk Management, Quality Improvement, and Patient Safety

In the past, the risk management and quality improve-ment functions often operated separately in healthcare organizations and individuals responsible for each func-tion had different lines of reporting—an organizational structure that further divided risk management and qual-ity improvement.

Today, risk management and quality improvement efforts in healthcare organizations are rallying behind patient safety and fi nding ways to work together more effectively and effi ciently to ensure that their organiza-tions deliver safe and high-quality patient care.

WHAT HRC FOUND Several initiatives in the last decade have helped to forge and improve an alliance between risk management and quality improvement. These include Joint Commission standards for patient safety, the federal government’s value-based purchasing provisions, and private-sector efforts to enhance healthcare quality. Consequently, some larger organizations are shifting risk management, quality improvement, and patient safety activities to one department or institute. In smaller organizations, the risk manager and quality improvement manager are better coordinating their efforts where they overlap to ensure bet-ter alignment of patient safety initiatives and use of limited resources.

Route To:

Administration Business offi ce/fi nance Chief medical offi cer Corporate compliance

Legal counsel Nursing Patient safety offi cer Quality improvement

Healthcare RiskControl

VOLUME 2July 2009

5200 Butler Pike, Plymouth Meeting, PA 19462-1298, USA Tel +1 (610) 825-6000 Fax +1 (610) 834-1275 Web www.ecri.org E-mail hrc@ecri.org

Risk AnalysisRisk and Quality Management Strategies 4

Risk Management, Quality Improvement, and Patient Safety

Reducing risk and ensuring safety require greater attention to systems that help prevent and mitigate errors.

In 16 words, the above quote from the Institute of Medicine’s (IOM) 2001 report Crossing the Quality Chasm aptly describes the evolving roles of healthcare risk management and quality improvement* in health-care organizations (IOM Crossing). In the past, the two functions often operated separately and individuals responsible for each function had different lines of reporting—an organizational structure that further divided risk management and quality.

Today, as the quote from Crossing the Quality Chasm suggests, risk management and quality improvement efforts in healthcare organi-zations are rallying behind patient safety and fi nding ways to work together more effectively and effi ciently to ensure that their orga-nizations deliver safe and high-quality patient care.

Several initiatives in the last decade have helped to forge the alliance, starting with IOM’s 1999 report To Err Is Human: Building a Safer Health System, which underscored the need for healthcare organizations to monitor and learn from patient safety events (IOM To Err; Hutchinson et al.). Soon to follow was IOM’s 2001 report Crossing the Quality Chasm, which said that healthcare safety and quality will not improve until systems of care are redesigned. “Trying harder will not work. Changing systems of care will,” the report said. (IOM Crossing; Kuhn and Youngberg)

Joint Commission standards for patient safety, fi rst issued in 2001, along with the organization’s sentinel

event policy, spurred organizations to act on IOM’s rec-ommendations and build better alliances between risk management and quality. In the private sector, numer-ous efforts to enhance healthcare quality—including The Leapfrog Group’s public hospital reporting ini-tiatives to assist healthcare purchasers, the National Quality Forum’s list of 30 safe practices for health-care organizations, and the Institute for Healthcare Improvement’s campaigns to reduce avoidable hospital deaths—have required a closer working relationship between quality and risk management to improve

patient safety.

In the public sector, the Centers for Medicare & Medicaid Services’ (CMS) value-based purchasing initiatives have ensured that the combined efforts of risk management and quality have the atten-

tion of hospital leaders. These CMS initiatives include Medicare payment enhancements to hospitals that meet specifi c quality targets as well as provisions to no longer pay the costs of certain preventable hospital-acquired conditions, such as surgical-site infections and pressure ulcers. Hospital leaders recognize that poor-quality care can affect the organization’s bottom line and that failure to integrate risk management and quality efforts can lead to incomplete and ineffective solutions.

Consequently, healthcare organizations are realign-ing their risk management and quality activities. For example, some larger organizations are shifting their risk management, quality, and patient safety functions to one department or institute. Although different indi-viduals may be responsible for each area, they typically report to the same leader in the organizational hier-archy. In smaller organizations, quality improvement and risk managers are better coordinating their efforts

* The terms “quality improvement,” “quality management,” and “per-formance improvement” are used interchangeably in the healthcare literature. This Risk Analysis uses the term “quality improvement.”

Hospital leaders recognize that poor-quality

care can affect the organization’s bottom

line and that failure to integrate risk

management and quality efforts can lead to

incomplete and ineffective solutions.

HEALTHCARE RISK CONTROLRisk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission. JULY 20092

where they overlap to ensure better alignment of patient safety initiatives and use of limited resources.

This Risk Analysis provides the following informa-tion to assist risk managers in realigning their activities with quality improvement with a focus on patient safety:

A brief review of risk management’s and quality improvement’s evolution along separate but parallel tracks

A summary of the forces that have drawn risk man-agement and quality together

A review of risk management and quality improve-ment’s current functions—where they overlap and where they are separate

Suggestions for presenting a business case to senior leadership to align risk management and quality functions

Practical tips for aligning risk management and quality

Sample scenarios of integrated approaches to risk management and quality

HOW HAVE RISK MANAGEMENT AND QUALITY EVOLVED?In a 2007 monograph on the roles of risk manage-ment and quality management, the American Society for Healthcare Risk Management (ASHRM) bluntly describes the “silo mentality” that had developed in the evolution of risk management and quality improve-ment. “Information is too rarely exchanged between risk managers and quality managers, and collaboration is too often minimal or nonexistent,” states ASHRM’s monograph, Different Roles, Same Goal: Risk and Quality Management Partnering for Patient Safety.

In the past, a typical organizational chart might have had risk management reporting to a chief operating offi cer or a legal department and the quality and patient safety activities reporting to a chief medical director. The organization hierarchy did not allow for any over-lap of risk management and quality functions, nor did it allow for sharing of data.

The following hypothetical scenario illustrates the separate but overlapping efforts in an organization with separate reporting structures for risk and quality. Risk management could be examining a particular issue—an increase in emergency department (ED) claims, for example—without knowing that quality improve-ment has begun a process to improve the discharge

process. An analysis of ED claims might suggest to risk management that inadequate communication of discharge instructions at the time of the patient’s dis-charge from the ED is contributing to the increase in claims. Separately, quality improvement’s evaluation might fi nd that printed discharge instructions are out-dated and inconsistently used. If the risk and quality departments are unaware of each other’s fi ndings, their attempts to improve communication between patients and ED staff may result in incomplete strategies. The problems cannot be fully solved without input from everyone involved in the discharge process. (Youngberg and Weber)

This type of segregated structure, with the two functions operating in different silos of the organiza-tion, evolved from quality and risk management’s historical roots.

Risk Management’s TransitionUntil the mid-1970s, risk prevention activities in health-care organizations were decentralized and informal. Safety management focused on the hospital’s physical environment and security, and risk prevention activi-ties related to patient care were generally the domain of nursing. Risk management did not emerge as a distinct profession in healthcare until the mid-1970s, when the number of malpractice claims against physicians and hospitals increased dramatically and settlements and judgments skyrocketed. The result was a lack of afford-able malpractice and hospital liability insurance. In response, healthcare organizations created risk-pooling programs such as hospital-owned captive insurance companies. Many of the new risk fi nancing programs offered reduced premiums to hospitals that practiced risk management because the practice was expected to reduce claims. In 1977, the American Hospital Asso-ciation also encouraged hospitals to implement risk management programs as a solution to malpractice problems, calling risk management the “science for the identifi cation, evaluation, and treatment of the risk of fi nancial loss.”

From its start, risk management’s focus was to protect the fi nancial assets and reputation of the orga-nization (Kuhn and Youngberg). Rather than focusing on the underlying systems’ design faults that contrib-uted to the error, the risk manager would focus on defense of the claim or the lawsuit that might follow. The risk manager accomplished this by documenting the event, meeting with staff involved to learn about

HEALTHCARE RISK CONTROL Risk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.

For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission.JULY 2009 3

the event, and counseling those involved in the incident to refrain from discussing the information with oth-ers. Discussions with patients involved in an adverse event were often “too brief and vague” (Kuhn and Youngberg).

The IOM report To Err Is Human “changed the con-versation” about medical errors by saying that bad systems, not bad people, lead to the majority of errors and injuries in healthcare (Leape and Berwick). The report called for better analysis of errors and near misses in order to design changes into healthcare deliv-ery to prevent errors. “Building safety into processes of care is a more effective way to reduce errors than blam-ing individuals,” the report said (IOM To Err).

Risk management professionals called on their col-leagues to change their focus. Rather than waiting until after an event occurs, “risk management must be integrated into the system and processes of health-care work” (Youngberg). The Joint Commission’s patient safety standards, fi rst effective in 2001, gave organizations an opportunity to realign their focus on patient safety by creating a culture of safety. While Joint Commission standards do not typically drive risk man-agement activities, the patient safety standards, found in the Leadership chapter of the Joint Commission’s hospital accreditation manual, created a template for the central focus of a risk management strategic plan in an organization (Kuhn and Youngberg).

Risk manager of today. ASHRM’s 2006 survey of risk manag-ers found that the role of the risk manager has shifted. The survey results, based on responses from 562 ASHRM members, found that the top four functions performed by risk managers are as follows (Amori et al.):

Risk identifi cation and evaluation (listed as a job function by 92% of respondents)

Loss prevention (75%)

Patient safety (73%)

Education (69%)

When the previous survey was conducted in 1999, patient safety was not even on risk management’s radar; the survey did not list the term as a possible risk management function. The 1999 survey results were based on responses from 381 ASHRM mem-bers. Interestingly, there has been a decrease in the percentage of risk managers reporting loss fi nancing (dropping to 22% in 2006 from 31% in 1999) and insur-ance purchasing (to 22% from 36%) among their risk management functions. The fi ndings are consistent with

risk management’s increasing role in patient safety and proactive stance in preventing patient harm.

Quality Improvement’s TransitionHospitals’ initial quality functions, fi rst called “quality assurance programs,” were applied in the healthcare setting (albeit informally) before risk management func-tions. Hospital committees comprising medical staff leaders and nursing supervisory personnel dealt with quality-of-care, physician, or nursing problems on an individual, ad hoc basis. To meet legal requirements for due process, hospitals began to impose structural requirements on both medical and nursing staff review committees.

By 1980, the Joint Commission established quality assurance standards as a formal, systematic program to measure the care rendered to patients against estab-lished criteria (Martin and Federico). Since then, the Joint Commission has incrementally revised the stan-dards on quality, leading hospitals in the direction of integrated and coordinated hospitalwide efforts to con-tinuously improve performance.

A healthcare organization’s quality manager may be involved in quality improvement activities including the following (NAHQ):

Establishing specifi c quality-related goals to measure the organization’s processes and outcomes

Administering programs that focus on improved out-comes of patient care or healthcare delivery systems

Providing consultative services to departments and services in the organization to assist in achieving reg-ulatory, accreditation, and organizational compliance in quality and performance improvement activities

Identifying opportunities for continuous improvement

Participating in root-cause analyses of events and designing systems to implement improvements

Evaluating customer satisfaction and initiating perfor-mance improvement activities based on the fi ndings

Many of the principles for quality improvement used in healthcare were laid out by quality experts in manufacturing. For example, one model for assessing and improving quality used in healthcare today—called the Plan-Do-Check-Act model or Plan-Do-Study-Act model—was developed by Walter A. Shewhart and W. Edwards Deming to establish quality control mea-sures for manufacturing (Dlugacz et al.).

HEALTHCARE RISK CONTROLRisk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission. JULY 20094

Healthcare organizations’ application of the qual-ity improvement principles originally developed for industry continues today. Concepts currently popular in healthcare quality improvement initiatives, such as lean management—removing unnecessary steps in a process—and Six Sigma—eliminating the root causes of defects and errors in a process, were fi rst developed for manufacturing processes at Toyota and Motorola, respectively.

Quality improvement manager of today. In the years since IOM’s seminal reports To Err Is Human and Crossing the Quality Chasm, hospital activity to improve quality has increased, according to a Health Research and Educa-tional Trust issue brief summarizing a 2006 survey of 470 hospital chief quality offi cers or designated lead quality managers (HRET). The survey, published in the October 2008 issue of Medical Care Research and Review, found that 93% of responding hospitals reported that quality improvement was explicitly declared a prior-ity in the organization’s strategic and/or business plans. Whether the results refl ect all hospitals’ experi-ences is unclear because the survey authors found that the responding facilities tended to embrace qual-ity improvement efforts—as measured by their high performance in publicly reported quality measures on the federal government’s Hospital Compare Web site. (Cohen et al.)

Interestingly, the respondents indicated that their organizations’ commitment to quality improvement was generally made 6 to 10 years before the survey, suggesting that the IOM reports had affected their strat-egies. For example, hospitals reported making quality improvement a strategic priority a median of six years previously, and they reported establishing a board-of-trustees standing committee charged with quality oversight a median of 10 years previously.

Quality managers report that their activities have had a positive impact on their hospitals, with 97% report-ing a positive or very positive impact on patient care outcomes and 86% and 82% reporting a positive or very positive impact on staff member skills and on patient satisfaction, respectively.

The study suggests that the quality manager of today is very involved with nationally prominent quality improvement activities, including several that promote public reporting of hospital-specifi c quality measures. These initiatives include the following:

The Joint Commission’s core performance measure-ment activities, which use standardized performance

measures for specifi ed conditions such as heart attack, heart failure, pregnancy, and pneumonia

The Surgical Care Improvement Project, which improves surgical care through the reduction of post-operative complications such as infection

The Hospital Quality Alliance, which ensures that hospital performance data for more than 20 measures is accessible to the public on the federal government’s Hospital Compare Web site (Although participation is voluntary, hospitals receive a boost in their Medicare payments as a fi nancial incentive for reporting the data and complying with the measures.)

Pay-for-performance initiatives adopted by third-party payers

OVERLAPPING FUNCTIONS IN RISK MANAGEMENT AND QUALITY IMPROVEMENTAs the risk management and quality improvement functions in hospitals focus on patient safety initia-tives, professionals from both fi elds indicate that their activities overlap. For example, the 2006 survey of qual-ity improvement professionals found that more than half the respondents (56%) have responsibility for risk management (Cohen et al.). ASHRM’s 2006 survey of risk managers found that 17% are certifi ed as quality improvement professionals. Additionally, the over-whelming majority of ASHRM survey respondents (95% to 96%) indicate that they communicate with qual-ity management and patient safety functions in their organizations, suggesting their overlapping interest in quality and patient safety topics (Amori et al.).

While the risk management and quality improve-ment functions may vary in organizations, the separate and overlapping functions in a typical organization are depicted in “Figure. Risk Management and Quality Improvement Functions Overlap in Patient Safety.” For example, when a sentinel event—as defi ned by the Joint Commission—is identifi ed through risk manage-ment reporting channels, both quality improvement and risk management will need to be involved. While each department may separately address matters related to the event, they will also share responsibilities. The risk manager will assist with the disclosure of the event to the patient and family and alert the insurance car-rier to a potentially compensable event. Both quality improvement and risk management may be involved in conducting a root-cause analysis of the event and pre-paring an action plan for preventing similar events. The

HEALTHCARE RISK CONTROL Risk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.

For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission.JULY 2009 5

quality manager will prepare a timeline for implement-ing the action plan and suggest metrics for monitoring the plan’s impact on patient outcomes. If the desired change is not achieved, the quality manager will rec-ommend further analysis—involving the risk manager and others—to develop strategies to achieve the desired outcome.

Another issue that quality improvement and risk management may collaborate on is the hospital’s performance in meeting quality indicators. Consider the following scenario. The hospital’s board of trust-ees receives a summary of specifi c quality indicators, including one for central-line-associated bloodstream infections. The hospital’s chief executive offi cer (CEO) notes that the rate of central-line-associated blood-stream infections is higher than rates reported by other hospitals and wants additional information to report to the board. The CEO contacts the quality manager, whose department is overseeing a quality improvement project related to central-line-associated infections. The quality manager reports that the quality improvement

team has found that the infections are occurring in the intensive care unit (ICU), predominantly for emergency central-line insertions. The quality manager enlists the risk management staff’s help in conducting a root-cause analysis of these cases, which are occurring at a rate of about two infections per month. Risk management’s analysis of these cases over the previous six months fi nds that all but one of the hospital’s recommended interventions for reducing central-line infections are followed.

The one intervention that is inconsistently applied during emergency insertions is the use of barrier precautions, such as sterile gloves and masks. These gloves and masks are provided by the central supply department and are sometimes unavailable in the ICU for emergency situations. Based on the fi ndings of risk management’s root-cause analysis, the quality manager recommends to the CEO that the hospital purchase central-line insertion kits that include the necessary barrier precautions for use in the ICU. The CEO autho-rizes the purchase and, at the next trustee meeting,

Figure. Risk Management and Quality Improvement Functions Overlap in Patient Safety

Risk identification (e.g., near-miss and adverse event reporting)

Risk control (e.g., loss prevention and loss reduction)

Risk financing

Claims management

Contract/policy review

Patient relations and disclosure

Safety and security

Corporate and regulatory compliance

Accreditation compliance

Mandatory event reporting

Workers’ Compensation

Bioethics

Quality methodology

Quality measures/indicators/dashboards/core measures, etc.

Benchmarking

Best practices/clinical guidelines

Provider performance and competency

Accreditation coordination

Patient satisfaction

Peer review

Quality-of-care reviews

Improvement projects

Utilization/resource/case management

RISK MANAGEMENT QUALITY IMPROVEMENT

MS09

160

OVERLAPPING FUNCTIONS

Analysis of adverse and sentinel events and trends

Root-cause analysisProactive risk assessments Patient complaint handling

Public reporting of quality dataPatient education

Patient safety initiativesBoard reports

Feedback to providers and staffProvider credentialing

Accreditation issuesStaff education and training

Strategic planning

HEALTHCARE RISK CONTROLRisk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission. JULY 20096

reports that the hospital’s central-line infection rate has improved. The CEO also praises the collaborative effort of the quality improvement and risk management departments.

The Joint Commission’s patient safety standards suggest a framework for overlapping risk and quality activities by requiring that, at least every 18 months, organizations select a high-risk process and conduct a proactive risk assessment of the process to correct pro-cess problems and prevent adverse events. The quality manager will be able to identify high-risk processes based on patient outcomes data, and the risk manager will be able to identify high-risk processes from event report data. Both the risk and quality managers will participate in the proactive risk assessment because they bring their skills in identifying ways in which a process can break down, redesigning the process, and testing the redesign to minimize risk to patients. Once a new process is adopted organizationwide, the quality manager will measure and evaluate the effect that the new process has on patient outcomes and the risk manager will monitor whether the new process reduces adverse events related to the process.

Clearly, the overlap in the functions of risk manage-ment and quality improvement is signifi cant and often occurs in the area of patient safety. The challenge for organizations is to effi ciently harness the overlap to improve patient care. Strategies to ensure the synergy of risk management and quality improvement will require organizations to consider a structure for shared communication and analysis suggested by the Patient Safety and Quality Improvement Act of 2005 (PSQIA) or by their state peer-review protections, to present the business case for their aligned efforts to obtain senior management’s support, and to consider the advice of other organizations that have successfully aligned their risk management, quality, and patient safety activities.

A FRAMEWORK FOR SHARED ACTIVITIESAlthough state peer-review statutes vary, concerns about losing peer-review protections by sharing certain information—such as information related to a physi-cian’s competence—can sometimes create a barrier in the sharing of information between risk management and quality improvement. Consider the 2007 Ohio

Court of Appeals opinion in a malpractice lawsuit involving a physician charged with negligence in diag-nosing and treating the plaintiff’s ovarian cancer. While the documents used to evaluate the competence of the physician were protected under peer-review laws, other information contained in risk management fi les, such as patient complaints about the physician, was not created for peer-review purposes and was not protected from discovery, the court said. (Legg v. Hallet)

In the case, the plaintiff charged the hospital with neg-ligence in credentialing the physician and sought copies of hospital documents, such as the physician’s credential-ing fi le and complaints lodged against the physician, to support her case. While the court agreed that peer-review

material pertaining to the physician’s competence was protected by a legal privilege of confi dentiality, it wrote that “any docu-ments contained in such [risk management] fi les that were not prepared by

or for the use of [the hospital’s] peer review committee are subject to discovery and may be obtained . . . even if the documents were produced or presented during peer review proceedings.” Such concerns about ensuring the protections afforded by their state’s peer-review statutes can make risk and quality departments hesitant about sharing sensitive and protected information.

Therefore, healthcare organizations will want to consider their state privilege statutes in building a framework that allows for more collaboration between risk management and quality improvement. The struc-ture must maximize legal protections granted by the statutes while allowing for the fl ow of information across both functions (ASHRM Different).

One framework to consider is offered by PSQIA, a federal law creating a national system for providers to voluntarily report medical errors, near misses, and other quality and patient safety information to desig-nated organizations—called patient safety organizations (PSOs)—while having assurance that the information will be protected from legal discovery and will remain confi dential. The law enables healthcare organizations to establish a patient safety evaluation system as the mechanism for collecting, managing, and analyzing information to be reported to PSOs. As long as the information is collected with the intent of submission to a PSO, the patient safety evaluation system provides

Strategies to ensure the synergy of risk

management and quality improvement will

require organizations to consider a structure

for shared communication and analysis.

HEALTHCARE RISK CONTROL Risk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.

For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission.JULY 2009 7

a protected environment for candid consideration and analysis of quality and safety information and is fl exible and scalable to meet the needs of individual hospitals. It could serve as the framework for risk management and quality improvement to conduct overlapping activities. Organizations will need to care-fully evaluate the provisions of PSQIA and, with input from legal counsel, determine whether the framework suits some or all of their risk management and quality improvement activities.

There may be some activities—particularly pro-vider credentialing and performance review—that the healthcare organization may not want to perform within the patient safety evaluation system. Once the information collected for the patient safety evaluation system is submitted to the PSO, it cannot be removed. So even though PSQIA permits an organization’s credentialing and disci-plinary proceedings to occur within the patient safety evaluation system, the hospital must consider the ramifi cations of this approach. Should a creden-tialing or disciplinary decision be challenged, a hospital would not be able to use its deliberations in court to defend its actions—unless all identifi ed providers agreed to the disclosure—if the information is protected within the patient safety evaluation system.

BUSINESS CASE FOR RISK AND QUALITY INTERFACEOrganizations that are serious about aligning their risk management and quality improvement functions should present the business case for their coordinated efforts to senior leadership. A business case presents the logic and rationale supporting the decision of an orga-nization to devote resources to a particular effort. For the alignment of risk management and quality improve-ment functions, there are regulatory, fi nancial, and patient safety factors that can be presented as part of the business case. Each should illustrate how the combined efforts of risk and quality can have a positive impact on the organization. Additional factors to consider in building a business case might include customer satis-faction and reduction in costs.

Regulatory and Financial Impact CMS has identifi ed certain hospital-acquired condi-tions—ranging from catheter-associated infections

and pressure ulcers to objects left in the patient after surgery—that are “reasonably preventable” during a Medicare benefi ciary’s hospital stay and for which CMS may refuse payment. In response, organizations are ensuring that stakeholders from all affected depart-ments and units throughout the facility are involved in identifying the risks associated with the rule and in developing effective mitigation strategies. Both the risk and quality managers can contribute to the process. For example, the quality manager can analyze outcomes data and the risk manager can review event report data to assist in identifying the extent to which certain hospital-acquired conditions occur at the particular facility. The quality manager can assist with the adop-tion of evidence-based clinical guidelines that should be followed to prevent certain hospital-acquired conditions

from occurring. Addition-ally, the quality manager can measure the impact that these guidelines and practices have on improv-ing patient outcomes, while the risk manager can monitor their impact in reducing clinical events.

To ensure an effective and coordinated approach to CMS’s payment rules for hospital-acquired conditions, and to minimize the provision’s effect on the hospital’s Medicare payments, both risk management and quality improvement must be involved in the organization’s response to this provision and in the organization’s management of a hospital-acquired condition, should one occur.

Patient Safety Impact Demonstrating patient safety’s impact on the fi nan-cial health of the institution—as well as the safety of patients—will gain senior leaders’ attention. The follow-ing hypothetical scenario, based partly on a case study reported by a community hospital (Engleman), illus-trates the effect that quality and risk management can have in this area.

The risk manager receives a report from a nurse in the pediatric unit that an admission order—which, at this particular facility, is prepared by the ED physicians— contained errors in the prescribed antibiotic dose. The nurse caught the error and clarifi ed the order with the patient’s pediatrician. The nurse notes that this type of error has been caught in the past, requiring that nurses double-check the orders. The pediatricians contacted to

For the alignment of risk management and

quality improvement functions, there are

regulatory, fi nancial, and patient safety

factors that can be presented as part of the

business case.

HEALTHCARE RISK CONTROLRisk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission. JULY 20098

verify the orders have expressed concern about admit-ting their patients to the hospital and are considering directing their patients to other facilities. The quality and risk managers agree that the near miss requires fur-ther investigation.

The risk manager reviews event reports and learns that errors have not reached patients; however, the quality manager’s review of patient records fi nds that other orders for pediatric patients admitted from the ED contain errors.

In a meeting with the ED physicians to review the process of writing admission orders, the risk and quality managers propose the idea of providing specifi c order sets for the admission of children. Acknowledging their lack of expertise in the care of pediatric patients, the ED physicians support the proposal. The quality manager agrees to work with the pediatricians affi liated with the hospital to obtain their input on the order sets. The pediatricians are pleased to learn of the solution to incor-rect admission orders for their patients and welcome the opportunity to provide input on the proposed order sets. They resume admitting their pediatric patients to the hospital. Ongoing monitoring by the risk and qual-ity managers indicates no further reports of near misses of these types of incidents and widespread adoption of the standardized admission orders by the ED physicians. Nursing staff in the pediatric unit report that when the specifi c order sets are used, ED admission orders rarely need clarifi cation with a patient’s pediatrician. The mes-sage that the risk and quality manager can report to senior leaders is that a situation that could have caused a drop in pediatric admissions and a negative effect on the hospital’s bottom line has been averted by their combined efforts and has resulted in improved patient care and increased satisfaction among caregivers—including those in the community who admit their patients to the facility.

LEADERSHIP SUPPORTIn addition to presenting the business case for aligned risk and quality structures, ways to gain leadership’s support for the integrated efforts of risk and quality include the following:

Ensure that the goals of the risk management and quality improvement plans are aligned with the stra-tegic goals of the organization.

Cultivate boards of trustees’ increasing involvement in quality and patient safety matters by presenting concise data summarizing important initiatives.

Commonly reported risk and patient safety measures include patient satisfaction, quality improvement project results, hospital-acquired infection rates, ad-verse events, and medication error rates (Cohen et al.).

Emphasize the importance of aligned risk and quality strategies in creating a high-reliability organization. Such an organization is able to reduce variability in patient care—and, thus, potential errors—through standardization; to take information learned from errors and near misses and provide feedback to staff to improve the delivery of care; and to support lead-ership’s commitment to safety and excellence.

Emphasize that aligned risk and quality structures in the organization will assist leaders in meeting the Joint Commission’s Leadership standards in its hospital accreditation manual, which hold hospital leaders responsible for creating and maintaining a culture of safety and quality.

Alternately, some facilities and their boards of trust-ees are holding CEOs and other senior executives ac countable for meeting patient safety and quality goals by ensuring that some of their pay is tied to goal achievement (ECRI Institute). As these initiatives increase and are extended to employee performance expect ations, the risk management and quality im- provement functions will fi nd widespread support for their patient safety efforts.

SAMPLE APPROACHESThe following are sample approaches to align risk management and quality improvement strategies with a focus on patient safety. The sample approaches are based on case studies published in risk and quality jour-nals; suggested approaches presented by ASHRM in its monograph Different Roles, Same Goal: Risk and Quality Management Partnering for Patient Safety (see “Resource List”); and presentations made at various professional meetings on patient safety. Because each organization is unique, facilities must choose the approaches that work best for them. There is no single, best solution for all organizations. Nevertheless, tips that are recom-mended by those that have gone through the experience of reconfi guring their risk and quality efforts may also apply to organizations that simply need minor tweak-ing of these functions.

Conduct an assessment of current approaches. What systems are currently in place for quality, risk, and patient safety? Who is responsible for these areas? How are the risk

HEALTHCARE RISK CONTROL Risk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.

For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission.JULY 2009 9

and quality functions of the organization perceived by those in the organization? Is coordination among the risk, quality, and patient safety functions reli-able and connected? Does the current system identify areas in need of improvement to ensure safe patient care and reduce the organization’s risk for exposure? ECRI Institute’s INsight™ Assessment Services con-ducts assessments of organizations’ approaches to risk, quality, and patient safety. Some of the sample ques-tions from the assessment are listed in “ECRI Institute Assesses Organizational Approaches to Risk, Quality, and Safety.”

Identify data and information collected by each function and how the flow of information can enhance risk and quality efforts. How can information collected by one department enhance the efforts of other departments? For example, data that might be conveyed from quality improvement to risk management could include physician-specifi c reports, department reports, minutes of peer-review activi-ties involving potential liability issues (precautions must be taken to not jeopardize any legal protections under peer-review statutes), and results from quality improvement projects. Data that might be conveyed from risk management to quality improvement could include information on specifi c claims brought against a particular service or for a particular reason during a specifi ed period of time, event and near-miss report data uncovering problems not identifi ed through other data sources, and safety management data related to preventing injury to patients, visitors, or staff during the performance of clinically related activities.

Realign reporting structures. Ensuring that the risk, quality, and patient safety functions report to the same senior executive in the organization will result in better com-munication of efforts and activities and decreased likelihood of duplicative efforts. An effective organi-zational structure might be set up so that risk, quality, and safety report to a chief quality or performance improvement offi cer. By ensuring that the leader of the department is at the executive level, the organiza-tion’s risk and quality activities will have the attention of its senior leaders. Also, the existence of a dotted-line relationship to the organization’s fi nance and legal departments will help to champion the patient safety, quality, and risk management initiatives in the execu-tive suite (ASHRM Different).

Position departments close to each other. The offi ces of risk, quality, and patient safety functions should be in prox-imity so that managers can facilitate an atmosphere of

sharing and identifi cation of efforts that may require input from staff from the various offi ces. Locating offi ces near each other will also foster more frequent communication among staff involved in risk, quality, and patient safety.

ECRI Institute Assesses Organizational Approaches to Risk, Quality, and SafetyECRI Institute’s INsight™ Assessment Services con-ducts system assessments of an organization’s approach to quality improvement, patient safety, and risk man-agement to identify systematic strategies to improve patient care, increase safety, and reduce risk. The INsight System Assessment for Quality, Risk, and Safety offers a combination of on-site interviews, document reviews, and confi dential Web-based surveys of staff (ranging from frontline caregivers to senior leaders). Based on the fi ndings, ECRI Institute will analyze the system’s processes and provide practical and action-oriented strategies to ensure that the organization’s systems are robust, reliable, linked, and effective.

To evaluate collaboration between risk management and quality improvement, ECRI Institute considers some of the following questions during the assessment process:

• What process is used to ensure that quality initiatives are aligned with strategic goals?

• Do hospital leaders take proactive steps to resolve potential problems?

• What is the perception of the roles of risk manage-ment, patient safety, and quality improvement in the hospital?

• Is there a formal process of gathering and analyzing internal data to identify potential areas of high orga-nizational risk?

• Is peer review conducted when a pattern of poor quality is identifi ed?

• Does an investigation take place when an adverse trend is identifi ed that may affect patient safety?

• How is accountability for recommendations from root-cause analyses assigned?

• How are overlapping issues between risk and quality management handled?

• How is implementation of Joint Commission National Patient Safety Goals monitored?

These types of questions about organizational struc-ture and approaches will also assist organizations with their own assessment of the risk and quality manage-ment functions. Additional information about ECRI Institute’s INsight Assessment Services is available online at http://www.ecri.org/insight.

HEALTHCARE RISK CONTROLRisk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission. JULY 200910

Learn from each other. Risk and quality managers can learn from each other. For example, the organization’s patient safety activities will benefi t from the systematic approach to data collection and analysis typically used by quality improvement professionals. Claims data has been a rich source of information for risk managers who want to focus on certain high-risk areas in an organiza-tion but who fi nd that information from these reporting systems is insuffi cient to bring about change (ASHRM Data). To engage physicians and other caregivers in the organization’s patient safety efforts, data must be pre-sented in a “relevant and credible context” (Martin and Federico). Quality professionals who work with data are familiar with techniques for analysis and presenta-tion of information in fl owcharts, control charts, and Pareto charts. These approaches can be used to present credible, evidence-based recommendations to support change that benefi ts patient safety in an organization.

Conversely, risk managers can provide a unique perspective in assisting quality managers with the public release of hospital-specifi c quality data. For example, risk managers can review the data before the information is posted publicly with an eye toward any possible unintended use of the data, such as by plaintiff attorneys, or any possible negative effect on the organi-zation’s reputation.

Leave egos at the door. Those who have realigned their risk, quality, and patient safety functions have warned that fear of change can be a barrier to integration (Young-berg and Weber). Anticipate confl ict, but identify the strengths that each individual brings to the unifi ed effort. While compromises and open discussion will be necessary and some egos may be bruised, over time, the integrated effort will benefi t from increased innovation, decreased duplication, enhanced quality, and better use of resources (Youngberg and Weber). Recognize, how-ever, that individuals whose personal and professional goals are incompatible with the realigned structure may not weather the transition (Segres).

Approach OneAt small and medium-size community hospitals, the responsibility for risk management, patient safety, and quality improvement may be assigned to one person (Sedwick). Depending on the organization, this person may have additional responsibilities such as infection control and corporate compliance. Since these institu-tions are more likely to be commercially insured, the individual may have less responsibility for some of the risk fi nancing and claims management functions.

Finding opportunities for synergy between risk and qual-ity is, obviously, less of an issue for the individual who wears both these hats. The individual should be visible in the institution and offer his or her expertise in prevent-ing fi nancial loss as well as improving patient care. The professional should proactively look for opportunities to apply risk management and quality improvement skills to resolve system weaknesses and should strive to become the “go to” person for enhancing quality of care, ensuring patient safety, and minimizing losses to the organization. Additionally, the professional can serve as a resource for other nonclinical matters—such as regula-tory directives from federal agencies—that can affect the fi nancial health of the institution and its ability to deliver high-quality care (Patrick).

As an example, imagine that the occurrence screening system identifi es a baby born with a low Apgar score. Because of the clinical nature of the event, while wear-ing the quality improvement hat, the individual would want to investigate the case for evidence of substandard care as well as evidence of individual- or service-specifi c trends or patterns. Performance indexes would be sent to the medical staff offi ce or clinical department director for review. If the investigation reveals patterns of sub-standard care, the professional’s quality improvement skills would be needed to identify, design, implement, and monitor interventions to address the issue. Wearing the risk management hat, the individual would open a fi le on the case as a potentially compensable event and would continue to use his or her risk management skills to investigate the facts surrounding the particular case in anticipation of a possible claim or lawsuit.

As the organization grows, the manager of the one-person risk and quality department may need to add another individual to the department to assist with risk management and quality improvement responsibilities. Consider hiring an individual who can perform both risk management and quality improvement tasks so that each can cover for the other when one is out of the offi ce, on vacation, or managing a critical event (Patrick).

Approach TwoIn medium-size to large hospitals and medical centers, the functions of risk management and quality improve-ment are often separate (Sedwick). At minimum, the two departments should be sharing data on adverse events, peer review, and quality-of-care concerns (ASHRM Different). Additionally, representatives from the two departments should meet on a regular basis to address issues of mutual concern. As outlined in ASHRM’s

HEALTHCARE RISK CONTROL Risk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.

For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission.JULY 2009 11

monograph Different Roles, Same Goal: Risk and Quality Management Partnering for Patient Safety, an excellent starting point for a collaborative model is outlining a pro-cess for responding to adverse and sentinel events. The ASHRM monograph describes one healthcare system’s adverse event policy and outlines the separate and com-bined responsibilities of risk management and quality improvement in responding to an event and developing strategies to prevent recurrence of similar events. These separate and combined responsibilities are illustrated in “Table. Sample Risk Management and Quality Improve-ment Activities in Response to an Adverse Event.”

Approach ThreeSome larger organizations and healthcare systems have established institutes or a department in the organization dedicated to risk, quality, and patient safety (ASHRM Different). Various related functions or activities—all relocated to be near each other in the organization—are assigned to the institute and report to a single leader, who is also a member of the organization’s executive

team. With leadership’s awareness of the institute’s patient safety activities and their impact on quality of care and the organization’s fi nancial health, the institute can infl uence the safety culture of the organization.

The groups in the institute should participate in weekly team meetings to ensure timely communica-tion of important issues of mutual interest (ASHRM Different). Topics covered during these meetings might include the following: accreditation issues; patient complaint data; claims data; sentinel event response and opportunities for process improvements; federal, state, and local regulatory issues; and strategic plan-ning. These meetings—which are separate from quality improvement and risk management committee meet-ings—offer an opportunity for the different groups and their team leaders to recognize common themes and opportunities for collaboration that might otherwise be overlooked. (ASHRM Different). See “Virginia Health System Overcomes Silo Approach to Quality and Risk” for one health system’s experience in realigning its qual-ity and risk functions.

Table. Sample Risk Management and Quality Improvement Activities in Response to an Adverse EventRisk Management Quality Improvement Combined Activities of Risk and QualityThe risk manager is notified immediately upon identification of a possible adverse event. The risk manager ensures that staff involved in the incident submit an event report before the end of their shift.

The quality manager initiates a chart review and establishes a timeline for the review.

Risk management, quality improvement, and other designated individuals and departments begin an investigation within 24 hours of notification regarding the incident.

The risk manager secures the medical record and other documentation associated with the event, as well as any equipment, supplies, and related materials.

The quality manager requests a peer reviewer to examine the medical record.

The risk and quality managers meet with the peer reviewer to discuss findings and their investigation of the event.

The risk manager provides immediate assistance to the individuals involved in the event. As soon as possible, the risk manager notifies the quality improvement manager of the incident so that he or she can coordinate an investigation of the event.

Quality improvement oversees a root-cause analysis if the event meets the definition of a sentinel event or if further analysis is deemed necessary.

The risk and quality managers participate on a review team consisting of a senior leader, the chief of staff, a nurse executive, and others to review the preliminary investigation and determine whether the incident is a sentinel event and requires a root-cause analysis.

If the incident meets the reporting criteria defined by the organization, the state, and/or the Joint Commission, the risk manager notifies an executive leader of the incident.

Quality improvement ensures that risk reduction strategies are identified from the root-cause analysis.

After the root-cause analysis and action plan are completed, quality improvement, in conjunction with risk management, ensures that appropriate interventions are implemented to prevent recurrence of the event.

The administrator-on-call, the risk manager or other designee, and the attending physician coordinate communication about the incident with the patient and family.

Quality improvement develops a plan for monitoring the effectiveness of these strategies.

Risk management is kept informed of all corrective actions taken once the risk reduction strategies from a root-cause analysis are identified and implemented.

Quality improvement monitors the effectiveness of the risk reduction strategies.

Source: American Society for Healthcare Risk Management. Different roles, same goal: risk and quality management partnering for patient safety [online]. 2007 [cited 2009 Mar 4]. Available from Internet: http://www.ashrm.org/ashrm/education/development/monographs/Monograph.07RiskQuality.pdf.

HEALTHCARE RISK CONTROLRisk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission. JULY 200912

A similar model for a combined quality and patient safety institute has been adopted by an Ohio-based not-for-profi t health system with nine acute care hospitals and one rehabilitation hospital, physician group prac-tices, home healthcare, and other services (Nadzam et al.). The institute’s priority is “to create a culture of ‘best practices,’ ensuring its patients optimal, appropriate care in the safest environment.” Departments housed in the institute include accreditation, risk management, data resource management, environmental safety, infec-tion control, outcomes, and quality. The department of quality works with all the departments to monitor, assess, and improve the quality of patient care. Clinical risk management’s role in the institute is to identify situations that put patients at risk and to act to prevent or control those risks (Cleveland Clinic).

While departments such as risk and quality previously worked in silos and sometimes conducted ineffi cient dual investigations of events, risk and quality now coordinate the evaluation of all events. For example, risk management addresses higher-risk events such as sentinel events, and quality improvement manages lower-severity events that lend themselves to trending (Bokar and Matthews). Additionally, risk management conducts root-cause analyses of sentinel events, and qual-ity improvement assumes responsibility for designing an action plan to address the fi ndings from the analysis.

IN CONCLUSIONImproved collaboration between risk management and quality improvement will contribute to an organization’s

One model for an integrated approach to quality improve-ment, risk management, and patient safety is provided by the University of Virginia Health System (Charlottesville, Virginia). In 2005, the system merged its quality and risk management functions and added patient safety to risk management’s responsibilities to emphasize a proactive approach to preventing patient harm. Previously, the departments of quality and risk management reported to separate administrators in the organization, but a sentinel event occurred in 1997 that revealed the need for more coordinated efforts between the two departments. An emerging national focus on patient safety a few years later and the release of the Joint Commission’s patient safety standards helped create the momentum and framework for a new structure for risk and quality at the health system.

With the realigned structure combining the risk, quality, and patient safety functions, the director for each area in the new Department of Quality and Performance Improve-ment reports to the department’s quality and performance improvement administrator—a new position created by the health system. In addition, a part-time medical direc-tor provides guidance on the departments’ efforts. The different groups in the department also relocated in the organization so that they are close to each other. The closer physical arrangement helps promote camaraderie among staff from the various groups.

Regular weekly and monthly meetings, structured to adhere to Virginia’s statutes for peer-review protection, promote better communication and coordination of risk and quality efforts. Staff from the different groups meet monthly with the quality and performance improvement administrator to review activities, and the individual groups hold additional weekly meetings. Individuals assigned to special projects also meet on an ad hoc basis with their teams.

Staff from the risk and quality management groups apply their expertise in various jointly conducted patient safety activities. For example, if a root-cause analysis is needed in response to a particular event, the patient safety/risk management staff will conduct the root-cause analysis and develop an action plan to prevent a similar event from occurring. The quality improvement staff, who previously conducted the root-cause analysis, now provide expertise in developing target dates for implementing the action plan and metrics to measure the effectiveness of the action plan and also assign responsibility for implementa-tion of the plan. A similar approach is used for addressing the Joint Commission’s National Patient Safety Goals in the organization with patient safety/risk management devel-oping an action plan for the goals and quality assisting with facilitation of teamwork and implementation of the action plans.

The collaborative approach used by the realigned department requires new skills from its risk management staff. Individuals in the former risk management structure had to work independently, demonstrate strong clinical skills, conduct investigations, and serve as a resource fol-lowing an adverse event. Risk management and patient safety staff in the realigned structure must demonstrate other skill sets such as an ability to work in teams on collaborative projects, an appreciation for data in commu-nicating safety initiatives, and a focus on the proactive side of clinical risk management in promoting patient safety.

Sources: Segres, Abraham (Director, Patient Safety and Risk Man-agement, University of Virginia Health System). Conversation with: ECRI Institute. 2009 Mar 2; Segres A. Integrating patient safety and risk management: lessons learned. Remarks at: Annual conference and exhibition of the American Society for Healthcare Risk Management; 2007 Oct 10-13; Chicago (IL).

Virginia Health System Overcomes Silo Approach to Quality and Risk

HEALTHCARE RISK CONTROL Risk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.

For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission.JULY 2009 13

American Board of Quality Assurance and Utilization Review Physicians6640 Congress StreetNew Port Richey, FL 34653(727) 569-0190http://www.abqaurp.org

American Hospital AssociationOne North FranklinChicago, IL 60606(312) 422-3000http://www.aha.org

• Quality center [Web site providing information on hos-pital quality improvement activities]. Available from Internet: http://www.ahaqualitycenter.org/ahaqualitycenter/jsp/home.jsp.

American Society for Healthcare Risk ManagementOne North Franklin28th FloorChicago, IL 60606(312) 422-3980http://www.ashrm.org

• Data for safety: turning lessons learned into actionable knowledge [monograph]. 2008.

• Different roles, same goal: risk and quality management partnering for patient safety [monograph]. 2007.

• Modernization of patient safety event reporting: surveil-lance and benchmarking [monograph]. 2008.

• Strategies for success: how to maximize your impact on your organization [monograph]. 2008.

Health Research and Educational TrustOne North Franklin30th FloorChicago, IL 60606(312) 422-2600http://www.hret.org

• Hospital quality improvement activities: a snapshot of the state of the art [issue brief]. 2008.

• Hospital quality improvement activities: issues in staff-ing and training [issue brief]. 2009.

Hospital Quality Alliance(202) 626-2678http://www.hospitalqualityalliance.org

• Public-private collaboration to support sharing of hospi-tal performance data [Web site]. Available from Internet: http://www.hospitalqualityalliance.org.

Institute of Medicine500 Fifth Street NWWashington, DC 20001(202) 334-2352http://www.iom.edu

• Crossing the quality chasm: a new health system for the 21st century [report]. 2001.

• To err is human: building a safer health system [report]. 1999.

Joint CommissionOne Renaissance BoulevardOakbrook Terrace, IL 60181(630) 792-5000http://www.jointcommission.org

• National Patient Safety Goals. Available from Inter-net: http://www.jointcommission.org/PatientSafety/NationalPatientSafetyGoals.

• Patient safety program standard LD.04.04.05. In: Com-prehensive accreditation manual for hospitals. 2009.

• Sentinel event policy and procedures. Available from Internet: http://www.jointcommission.org/SentinelEvents/PolicyandProcedures.

National Association for Healthcare Quality4700 W Lake AvenueGlenview, IL 60025(847) 375-4720http://www.nahq.org

• Standards of practice for healthcare quality profession-als [standards]. 2007.

Pennsylvania Patient Safety AuthorityPO Box 8410Harrisburg, PA 17105-8410(717) 346-0469http://www.patientsafetyauthority.org

• A conversation with patient safety offi cers [report]. 2007.

Additional listings can be found in ECRI Institute’s Healthcare Standards Directory, a comprehensive source of healthcare standards, guidelines, laws, and regulations. The Directory is available from ECRI Institute.

Resource List

success in enhancing patient safety and minimiz-ing patient harm. The organization will realize other benefi ts from this collaboration, such as improved com-munication among groups, less duplication of effort, and better coordination of activities. Whether the coordinated activity is undertaken by one individual, by outlining

coordinated approaches through organizational policy, or by aligning the quality, risk, and patient safety activi-ties in one department, organizations that adopt these approaches will be best positioned to respond to IOM’s call to fi nd system solutions to prevent and mitigate patient harm.

HEALTHCARE RISK CONTROLRisk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission. JULY 200914

ACTION RECOMMENDATIONS Assess current activities in risk management and quality improvement to evaluate effectiveness in addressing overlap.

Establish a structure—for example, through policy, regular meetings, or realignment of the organiza-tional hierarchy—that ensures that patient care activities are addressed in a coordinated manner involving the risk management and quality improve-ment functions.

Seek guidance from legal counsel to ensure that the structure for risk management and quality improve-ment activities maximizes legal protections granted by state and federal statutes while allowing for the fl ow of information across both functions.

Ensure that the risk management and quality improvement plans and efforts are aligned with the strategic goals of the organization.

Educate stakeholders—executive staff, boards of trustees, physicians, caregivers, and others—on the differences between and similarities of risk man-agement and quality improvement and on how the functions are addressed in the organization.

Design systems to coordinate and streamline pro-cesses of data collection, data analysis, monitoring, and evaluation.

References

American Society for Healthcare Risk Management (ASHRM):

Data for safety: turning lessons learned into actionable knowledge [online]. 2008 [cited 2009 Mar 4]. Available from Internet: http://www.ashrm.org/ashrm/education/development/monographs/Mono_ActionKnowledge.pdf.

Different roles, same goal: risk and quality management partnering for patient safety [online]. 2007 [cited 2009 Mar 4]. Available from Internet: http://www.ashrm.org/ashrm/education/development/monographs/Monograph.07RiskQuality.pdf.

Amori G, Hendel T, Popp P. The changing role of the risk manager in a patient safety culture. Remarks at: Annual conference and exhibition of the American Society for Healthcare Risk Management; 2007 Oct 10-13; Chicago (IL).

Bokar V, Matthews J. Remarks at: Partnering for Safety and Quality [Webcast]; 2007 Jun 20; Chicago (IL). Conducted by: American Society for Healthcare Risk Management.

Cleveland Clinic. Quality and Patient Safety Institute [Web site]. [cited 2009 Feb 19]. Cleveland (OH): Cleveland Clinic. Available from Internet: http://my.clevelandclinic.org/about/quality/default.aspx.

Cohen AB, Restuccia JD, Shwartz M, et al. A survey of hospi-tal quality improvement activities. Med Care Res Rev 2008 Oct;65(5):571-95.

Dlugacz YD, Restifo A, Greenwood A. The quality handbook for health care organizations: a manager’s guide to tools and pro-grams. San Francisco (CA): Jossey-Bass; 2004.

ECRI Institute. Incentives for patient safety: holding health-care executives accountable. Risk Manage Rep 2008 Aug;27(4):1, 3-10.

Engleman SG. Small patients, small errors, big impact. Patient Saf Qual Healthc [online] 2009 Jan-Feb [cited 2009 Mar 4]. Available from Internet: http://www.psqh.com/janfeb09/six-sigma.html.

Hospital Research and Educational Trust (HRET). Hospital quality improvement activities: a snapshot of the state of the art [online]. 2008 [cited 2009 Mar 4]. Available from Internet: http://www.hret.org/hret/programs/content/hospitalqiib.pdf.

Hutchinson A, Young TA, Cooper KL, et al. Trends in health-care incident reporting and relationship to safety and quality data in acute hospitals: results from the National Reporting and Learning System. Qual Saf Health Care 2009 Feb;18(1):5-10.

Institute of Medicine (IOM):

Crossing the quality chasm: a new health system for the 21st century. Washington (DC): National Academy of Sciences; 2001.

To err is human: building a safer health system. Washington (DC): National Academy of Sciences; 2000.

Joint Commission. Comprehensive accreditation manual for hos-pitals. Oakbrook Terrace (IL): Joint Commission Resources; 2009.

Kuhn AM, Youngberg BJ. The need for risk management to evolve to assure a culture of safety. Qual Saf Health Care 2002 Jun;11(2):158-62.

Leape LL, Berwick DM. Five years after To Err Is Human: what have we learned? JAMA 2005 May 18;293(19):2384-90.

Legg v. Hallet, No. 07AP-170 (Ohio Ct. App. Dec. 11, 2007).

Martin PB, Federico F. Risk management’s role in performance improvement. Chapter 2, Volume 2. In: Carroll R, ed. Risk management handbook for health care organizations. San Fran-cisco (CA): Jossey-Bass; 2006:23-35.

Nadzam DM, Atkins M, Waggoner DM, et al. Cleveland Clinic health system: a comprehensive framework for a health system patient safety initiative. Qual Manag Health Care 2005 Apr-Jun;14(2):80-90.

National Association for Healthcare Quality (NAHQ). Stan-dards of practice for healthcare quality professionals [online]. 2007 [cited 2009 Mar 20]. Available from Internet: http://www.nahq.org/about/pdfs/codestandards.pdf.

Patrick, Lee (Patient Safety Offi cer and Corporate Director, Risk Management, Good Shepherd Rehabilitation Hospi-tal). Conversation with: ECRI Institute. 2009 Feb 26.

HEALTHCARE RISK CONTROL Risk and Quality Management Strategies 4

©2009 ECRI Institute. May be disseminated, for internal educational purposes solely at the subscribing site.

For broader use of these copyrighted materials, please contact ECRI Institute to obtain proper permission.JULY 2009 15

Sedwick J. The health care risk management professional. Chapter 5, Volume 1. In: Carroll R, ed. Risk management handbook for health care organizations. San Francisco (CA): Jossey-Bass; 2006:115-53.

Segres A. Integrating patient safety and risk management: lessons learned. Remarks at: Annual conference and exhibition of the American Society for Healthcare Risk Management; 2007 Oct 10-13; Chicago (IL).

Youngberg BJ. Meeting the challenges of patient safety through the design of a new risk management process. J Healthc Risk Manag 2001 Fall;21(3):5-11.

Youngberg BJ, Weber DR. Integrating risk management, utili-zation management, and quality management: maximizing benefi t through integration. Chapter 4. In: Youngberg BJ, ed. The risk manager’s desk reference. Gaithersburg (MD): Aspen Publishers Inc.; 1998:27-42.