Risk Management Policy
Content
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 1 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10, 06/13
06/15
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
Key Words: Risk Management; Risk Register
Policy Applies to:
• All Mercy Hospital staff;
• CEO and Executive will facilitate compliance for Board of Directors and Credentialed
Specialists,
• Mercy Hospital staff will facilitate compliance for Allied Health Professionals,
Contractors, Visitors and patients.
Related Standards
• AS/NZS ISO 31000 :2009 Risk Management – Principles and guidelines
• EQuIP4 Criterion 2.1.2 – Integrated Organisation-wide Risk Management Policy and
System Ensure that Corporate and Clinical Risks are Identified, Minimised and
Managed
• NZS 8134:2008: 2.3 Health and Disability Services Standards: Quality and risk
management systems
• Health Quality Safety Commission (HQSC); Reportable Events Policy Jan 2013
Rationale
Mercy Hospital strives to minimise and manage the inherent risks involved in providing
healthcare services.
Objectives:
• To identify actual and potential risks associated with all aspects of Mercy Hospital’s
operation.
• To prioritise each identified risk using a standardized tool
• To develop appropriate action plans to manage each risk with the aim of reducing the
impact of the risk through minimization, avoidance and / or removal.
• To ensure a robust system is in place to report, monitor and review each risk
Definitions:
Risk:
Actual or potential events that separately or collectively result in immediate and subsequent
impact on the provision of health services at Mercy Hospital.
Risk Categories:
Organisation of risks in the form of a hierarchical scale that identifies each risk and what that level
of risk entails
Risk at Mercy Hospital will be categorized as one of the following: Clinical; Infra-structure
Operational; Corporate governance; Environmental
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 2 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10, 06/13
06/15
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
Risk management:
A method of identifying, analysing, evaluating, treating, monitoring and communicating risk
associated with an activity, function or process.
Risk Evaluation:
Risk evaluation is a process that is used to compare risk analysis results with risk criteria in order
to determine whether or not a specified level of risk is acceptable or tolerable. Risk is evaluated at
Mercy Hospital using the formula below to allocate a score:
Consequence x Likelihood = SAC score (Severity assessment code)
Implementation:
• In addition to the regular ongoing processes of auditing, active maintenance of the
hazard register, legislative compliance and incident reporting, Heads of Departments
will be responsible for identifying and managing key operational risks associated
with activities and practices within their service.
• The CEO will hold an Organisational-wide Risk Register. Items on this Register will
have been identified as requiring Risk Action Plans and/or will be extreme risks that
could affect the viability of the organisation.
• Risk assessment and management procedures are standardised across Mercy Hospital
using the templates attached.
• Education will be provided for staff to ensure the risk assessment and management
procedures are disseminated, discussed and applied consistently via Health & Safety
representatives, Incident reports, completion of action plans, feedback from staff and
meeting minutes
Evaluation
• Current Action plans for the Organizational-wide Risk Register will be reviewed
at Executive, HOD, Quality and Risk Advisory and Board of Directors Meetings
monthly.
• All other Organizational-wide risks will be reviewed at the date specified on the
Register.
• Incident reports, completion of action plans, feedback via staff, meeting minutes and
patient questionnaire all contribute to risk evaluation.
Associated Documents
• External
⇒ HB 228.2001 Guidelines for Managing Risk in Healthcare
⇒ EQuIP Standard 2.1 – Quality Improvement and Risk Management, Criteria
2.1.1 and 2.1.2
⇒ Policy for the Management of Healthcare Incidents Draft Version 0.7, NZ
Health & Disability Sector Safety Improvement Programme
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 3 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10, 06/13
06/15
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
⇒ HB:2011, Risk Management-Guidelines on Risk Assessment Techniques.
Standards Australia/ Standards New Zealand
⇒ HQSC Reportable Events Policy
• Internal
⇒ Quality and Risk Advisory Committee Terms of Reference - Hospital Policy
and Information Manual
⇒ Emergency Plan
⇒ Fire Plan
⇒ Incident Management Policy
⇒ Complaints Policy
⇒ Delegation of Authorities Policy
⇒ Credentialing Policy
In addition:
⇒ All Policies and processes support risk mitigation at Mercy Hospital
Process:
Risk Identification:
The following are examples to assist in identifying and categorizing risk:
1. Clinical
• Patient care
• Products
• Infection control
• Staff
• Credentialed Specialists
2. Infra-structure
• Building maintenance
• Equipment
• Business continuity
• Staff Health & Safety (Linked to Hazard Registers)
• Disaster planning
3. Business Integrity
• Integrity of financial systems
• Interruption of IT systems/communication system failure
• Political environment
• Security of revenue lines (ACC, DHB contracts, Private insurance, Self funding)
• Business interruption
4. Corporate governance
• Legislative compliance
• Cultural aspects
• Governance surety
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 4 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10, 06/13
06/15
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
• Political environment
• Mercy Ethos
Use Appendix 1 ‘General Risk Assessment Worksheet’ to document the risk.
Determine the level of risk by using the consequence and likelihood tables (refer Table 1
and 2) to reach a SAC score (Table 3)
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 5 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10, 06/13
06/15
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
Table 1. Likelihood Table
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 6 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10, 06/13
06/15
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk Management Policy.doc
Table 2. Conseqences Table
Next ask “what if?” and realistically judge what is the worst likely outcome or consequence.
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 7 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10
06/13
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
SAC Score and review:
Calculate the SAC score using the formula below:
Table 3: Consequence x Likelihood = SAC score (Severity assessment code)
Likelihood
Severe Major Moderate Minor Minimal
Almost certain 1 1 2 3 4
Likely 1 1 2 3 4
Moderate 1 2 2 3 4
Unlikely 1 2 3 4 4
Rare 1 2 3 4 4
Table 4: Review process
SAC1 Almost certain to occur at least
once in the next three months
Immediate corrective action
required. Review weekly
SAC2 Will probably occur at least once
in the next 4-12 months
Senior Management attention
required. Review monthly
SAC3 Expected to occur within the next
1-2 years
Management responsibility
must be specified. Review
annually
SAC4 May occur at some time in the
next 2+ years
Manage by routine
procedures. Review if
system, process or context
changes
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 8 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10
06/13
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
Risk Control: Document the Risk Control Rating using Table 5.
This table is a guide – not all criteria will necessarily be met for any given rating
Table 5: Risk Control strategies
Rating Work Processes Staff Awareness Financial
Protection
Excellent • All key work processes
documented and monitored.
• Regular and comprehensive
audit of work processes and
legal compliance issues.
• Actions taken to address
risks identified through
audit.
• Mercy Hospital accredited to
external standards.
• Continuous improvement
methodologies used.
• Comprehensive risk reporting at all
levels.
• Staff and Managers provide timely
reports of all incidents/risks and take
action to prevent recurrence and
minimize liability.
• Actions taken are fully documented
and monitored for effectiveness.
• Staff and Managers work together to
address risk issues, using a systems
approach.
• All permanent staff and managers
actively managing their specific risks.
Comprehensive
insurance in
place.
Very Good • Policies, protocols,
guidelines in place and
compliance is regularly
monitored.
• Actions taken to address
issues.
• Risks are reported, acted upon, and
actions fully documented – but not
monitored for effectiveness in
mitigating future risk.
• Most staff and managers actively
managing their specific risks.
Comprehensive
insurance in
place.
Good • Policies, protocols,
procedures, guidelines in
place but compliance is
monitored on an ad hoc
basis.
• Risks reported and actions taken – but
not fully documented.
• Risks managed in an ad hoc fashion.
Adequate
insurance in
place.
Adequate • Policies, protocols,
procedures, guidelines in
place but compliance with
these is unknown/not
monitored.
• Risks reported and actions taken on
serious risks.
• New staff orientated re risk
management.
Adequate
insurance in
place.
Unacceptable • Some policies, protocols,
procedures, guidelines in
place, but staff not aware of
them.
• Risks not reported and actions not
taken to prevent recurrence in any
systematic fashion.
• Most staff not aware of risk
management.
Inadequate
insurance over
or risk
uninsured.
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 9 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10
06/13
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
APPENDIX 1: GENERAL RISK ASSESSMENT WORKSHEET
Ward/Department: Date Assessed:
Description of Task/Activity/Function and Risks Associated
Existing Controls (list controls in place or note where the information can be found (e.g. Work
Instructions)
SAC Score (Table 3)
1 2 3 4
Risk Control Rating (Table 5)
Excellent Very Good Good Adequate Unacceptable
Does this involve a Health and Safety hazard? Yes No (if yes forward copy to IC/OH Nurse)
HOSPITAL POLICY AND INFORMATION MANUAL
RISK MANAGEMENT POLICY
Page 10 of 10
Date Issued:
Date Last Revised:
Next Review Date:
Approved By:
03/09
06/10
06/13
Quality Co-ordinator
F:\Mercy Shared\Policy Manuals\Hospital Policy and Information Manual\Hospital Policies\Risk Management Policy\Risk
Management Policy.doc
RISK ASSESSMENT SUMMARY
Action Required
Further Action Required? Yes No
Action Completed (see Organizational Wide Risk Register)
Assessment Completed By:
Date entered on Risk Register:
