ORIMS April 2013 Continuing Steps: SJHC ERM Program

Objectives: Describe SJHCs journey implementing ERM Understand why we moved to an ERM approach Describe the ERM plan at St. Joseph Health Centre Describe the roles of the Board, Senior Leadership and Operational staff in supporting a culture of ERM Describe the integration & engagement throughout the organization Discuss lessons learned

St. Josephs Health Centre at a Glance Employing over 3,500 staff 450 physicians Beds 390 Emergency department visits = 90,000 Admissions 23,000 Ambulatory care visits 210,000 Births 3,100 Diagnostic Imaging procedures 153,000 Operating Room cases 26,000

Who Are We? Five clinical program areas: Women's, Children's & Family Health Surgery and Oncology Services Emergency and Critical Care Services Medicine, Ambulatory & Seniors Health Mental Health & Addictions Services

SJHC Strategy:

So How Dangerous is Healthcare? Accepted Public Risk

What is Culture in Healthcare? –Doctor knows best –Litigation –US comparator –100,000 Lives Campaign / Don Berwick (Ross Baker) –Dr. Google/ Dr. Oz –Personal experience –Legislation & Regulation –Infrastructure: old & new –Workforce –Funding –Public Reporting –Low Risk Tolerance Industry

What is ERM in Healthcare and Why is it Necessary?: What? A structured analytical process that focuses on identifying and eliminating the financial impact and volatility of a portfolio of risks rather than risk avoidance alone (Risk Management Handbook for Healthcare Organizations – 4 th edition). Uses a process & systems to assess, evaluate and measure organizational risks, quantify, group into domains, and devise strategies to manage. Why? Complexity of health care Changes in orientation of Boards from understanding of fiduciary accountability as dollars and cents to full oversight for quality and safety Moving from silos to integrated systems

Consequences Patient Injury: death, injury, delayed diagnosis, misdiagnosis, extended length of stay, disease transmission, increased wait-times etc. Visitor injury Staff: injury, retention, fraud, workload, morale, breach of trust, etc. Infrastructure loss: inability to exit safely, property damage, theft, difficulty accessing services etc. Financial loss: future cash position, insufficient assets, overspending etc. Medical-legal costs/ civil liability Agreement non-compliance Accreditation loss Criminal action Monetary fines Legislative/regulatory non-compliance Loss of reputation/ loss of external partners

Why ERM at SJHC? Traditional approach to Risk Management with traditional structure and diffuse accountability Board and management frustration Alignment to strategy Significant increase of Boards and Senior leaders for accountability of quality & patient/staff safety Commitment to quality & patient safety as a strategic priority –An integrated risk management program, that is a continuously proactive and a systematic approach to understand, manage, and communicate risk from an organization-wide perspective.

Integrating Risk Identification Management Tool Improve governance Actively monitored and reviewed Provides reliable framework for decision-making Identifies issues at an early stage Reduces surprises Structures thinking Example: Risk Identification as a Tool: e-Care lab labeling: tool & requirement, provides framework of decision-making Risk Identification as Assessment: Interim CEO: no surprises, can happen, identifies issue at early stage Risk Identification as a Framework: HR & Risk review: legislation & regulation, thinking structured based on risk assessment

Enterprise Risk Management Cycle Communicate: Understanding, accountability, transparency Identify: SJHC areas of risk, risk ratings Assess and Analyze: Risk assessment and risk calculation Track & Monitor: Material gaps & action plans, Internal & external audits Mitigate: Risk strategies currently in place

Risk Information Gathering:

How Were Areas Identified? Organisational priorities: –Mission, Vision & Values, –Strategic Plan (Board and Senior Leadership) Categorize based on the risks the organization faces High, medium, low risk areas based on the following: Literature Medical-legal cases HIROC Industry standards Safety Reports Safer Healthcare Now! Accreditation Canada GTA benchmarks/ experience Risk analysis of the Programs and Services in the Health Centre were reviewed and grouped into high, med and low risk areas.

Risk Domains Patient Finance earn, raise, or access capital Operational core business (i.e. clinical services) Human Resources hiring, termination, & compensation, harassment, unionization etc. Strategy ability to grow and expand through mergers, joint ventures etc. Legal & Regulatory statutory & regulatory compliance Technology use of biomedical & information technology Risk: loss potential or exposure, any factor that creates uncertainty and impacts the achievement of outcomes or organizational objectives

Identification Questions 1.What can go wrong? 2.How bad? 3.How often? 4.Is there a need for action? (HIROC IRM Tool) Risks are identified to minimize: – Exposure – Frequency – Severity – or Prevent the risk and/or its reoccurrence

Who Participated? All specific high risk areas Focus groups for non-specific areas e.g. Emergency response Depending on area front-line staff, managers, educators, directors, physicians Interprofessional Enterprise-wide

Meetings with Programs Risk Analysis Determination of Monitoring Action Plans Confirm catalogued risk domains and review mitigation strategies (controls). Conduct detailed risk analysis of domains. Identify and determine monitoring strategies. Prepare and implement action plans to address material gaps. Status Methodology Followed

Transitioning from Operational to Enterprise Risk Management Roles: –Board of Directors –CEO –Chief of ERM –Senior Leaders –Manager –Front line staff Buy-in –Traditional Risk Manager role –Engaging at all levels (Leadership, staff, patients) Reporting –Matrix –Quarterly –Annually

Board of Directors Role at SJHC At SJHC, the whole Board is responsible for oversight of overall ERM program. Oversight of technical aspects delegated to: - Audit committee: financial viability risks, ICFR - Quality committee: operational risk (patient safety and quality), business viability, mission and intangible risks - Annual Joint Quality and Audit committee meeting Review/monitor ERM progress Risk position versus risk appetite Effectiveness of controls and mitigation strategies Ensure management has implemented an effective process to manage the strategic, operational and financial risks of the hospital Holding Leadership accountable for embedding an enterprise risk management culture Education and buy in at Board level for risk strategy Review/Approve aggregate and specific risk appetite and related risk limits Develop ownership of risk management oversight at Board level.

What is the CEOs Role? Ultimate accountability and responsibility for: Shaping the culture Working with Board and Leadership to determine the risk appetite for the organization Ensuring that the leadership understands the enterprise part of ERM Positioning the Chief of Enterprise Risk Management for success Holding leaders accountable for execution

What is the Chief of ERM Role? Full member of Senior leadership team Accountable and responsible for the operation of the Enterprise Risk Management function Supports the development of a culture of Enterprise Risk Management Advises organization on new strategies to manage and mitigate risk

What is the Senior Leaders Role? Accountable and responsible for managing risk in their portfolios Work with colleagues to ensure that ERM is integrated across the organization Work with direct reports to establish culture of ERM Oversee the implementation and compliance of policies and procedures within portfolio Oversee the implementation of risk reduction and mitigation strategies within portfolio

What is the Manager Role? Accountable and responsible for managing risk at the unit level (what risks am I accountable for?) Work with colleagues to ensure that ERM is integrated across the organization Work with direct reports to establish culture of ERM Ensure compliance of policies and procedures at the unit level Ensure implementation of risk reduction and mitigation strategies at the unit level

RiskCalculated Risk Score (Pre-mitigation) Cause/Risk Factors ImpactMitigated By/ Internal Controls Legislation/Reg ulation Material Gaps MonitoringAction PlansCalculated Risk (Post Mitigation) Questions to ask What is the risk? What can go wrong? What risk areas need to be reviewed? What happens if we did nothing to mitigate the risk? Pre- mitigation: How often? How bad? What are the risk factors? What is the impact? How is safety ensured? Are we in compliance with policies and regulations? What trends require immediate attention? Are there any material gaps? What risk events have been escalated? Are these risks within our risk tolerance and appetite? e.g. what is the frequency, are there financial consequences, are there patient or staff safety consequences? How will the risk be managed/monitor ed? What are the controls in place to manage the risks? How will the success be measured? What are the next steps? How will each unit/program/te am be accountable for the management of this risk? How do we communicate to be open & transparent with our staff, physicians, patients and families? What was the impact of our internal controls/ mitigation strategies? What is the impact of our material gaps? Will our action plans meet our needs? Post- mitigation: How often? How bad? Acceptable Risk: Asking the Right Questions

Frequency The number of losses/events/ likelihood. Often- 5 Occurs often, every 1-6 months Medium 5 High High High Possible – 3 Likely/known to occur, every 6 months – year Medium 3 Medium 6-12 High High Rare – 2 Could occur, once every 1-10 years Low 2 Medium 4-8 Medium High Never – 1 Could happen, but likely not, once every years Low 1 Low 2-4 Medium 5-7 Medium Insignificant/ Near Miss/ No Harm No impact, event did not reach patient or staff member 2-4 Minor Could have little impact/ effect on organization/patient/ staff 5-7 Moderate Could have a moderate impact/effect/ exposure on organization/ patient/ staff 8-10 Major Could lead to serious risk exposure for the organization/patient/ staff Consequences The severity/amount of a loss/event, focus on actual or potential harm Sentinel Risk Calculation

RiskCalculated Risk Score (Pre- mitigation) Cause/Risk Factors ImpactInternal Control/ Mitigation Strategies Legislation/ Regulation Material GapsMonitoringAction PlansCalculated Risk (Post Mitigation) Labour & Delivery High Frequency: Often 5 Consequences: Major 10 Failure to recognize fetal distress Failure to interpret fetal monitoring Failure to properly assess newborn Inability to perform treatment procedure correctly e.g. emergency c- section, IV insertion Failure to properly administer medication Lifetime injury or death Medical malpractice Increased insurance rates Loss of reputation Failure to meet accreditation standards Difficulty attracting and maintaining staff Education Standards of Care Policies Guidelines Technology Skills Drills Role descriptions Public Hospitals Act Regulated Health Professions Act Child & Family Services Act Unit Audits Scorecard Patient Safety Reports Accreditation Annual Claims Report High Frequency: Rare 2 Consequences: Major 10 Acceptable Risk Example

Quarterly Report HIGH Residual Risk Report/RISK EVENTS – Q3 Risk Domain Risk Cate gory Risk FactorsSummaryMaterial Gap (s)Accountability Recommendations & Action Plan Timeline Calculated Risk OperationsClinical Services: Emergency Department Failure to maintain safe environment for our staff and patients Completed April 2013 HIGH Rare 2 Major 8 OperationsClinical Services: Emergency Department Failure to maintain safe environment for our staff and patients In progress Completed HIGH Rare 2 Major 8 Human Resources Clinical Services: MASH Failure to maintain safe environment for our staff and patients HIGH Rare 2 Major 10

How to Prioritize Next Steps Organisational priorities: Mission, Vision & Values, Strategic Plan (Board and Senior Leadership) Numbers vs colours (visual or audit management) Strategic plan Corporate compliance requirements Need for monitoring (audits) Risk/Sentinel events Risk Assessment & Action Plans arising Critical controls and current risk control techniques in place

Learning from our Experience The organization must understand what ERM is and is not Appropriate resources must be committed to ensure success The Chief must be situated for success The Board must be educated The Board Audit Committee, Quality Committee and the full Board must be on the same page The CEO, the CFO and the Chief of ERM need to be on the same page – and the CFO gives up a piece of his/her pie Health Care Insurance Reciprocal of Canada risk assessment is a valuable tool Look at the new initiatives and how ERM ties in e.g. QIP Always refresh and revisit : – Literature search to ensure evidence informed best practices in ERM – Review scorecard indicators – Assess need for ERM policy – Refine reporting process Responding to Legal / Regulatory Changes e.g. Freedom of Information Act It takes time…..and it never ends………….

QUESTIONS??