Start of Main Content

To err is human: Understanding risk management in healthcare   


On April 26, 1986, the worst nuclear accident in history unfolded at the Chornobyl nuclear power station when a reactor exploded during a routine safety test. The accident sent a radioactive cloud into the air that poisoned large swaths of Europe and displaced hundreds of thousands of people in what is now northern Ukraine.

The accident was a product of a flawed reactor design coupled with serious mistakes made by inadequately trained workers. Attempts by Soviet leadership to cover up the catastrophe compounded the health danger. Ultimately, poor decisions, a lack of oversight, and a weak safety culture led to the disaster.

Today, the meltdown at Chornobyl serves as a sobering reminder of how complicated systems can experience devastating outcomes without a strong risk culture in place. Like healthcare organizations, nuclear power plants strive to achieve error-free performance while operating in complex, high-risk environments. The pursuit of nuclear safety, like the pursuit of zero harm in healthcare, requires an ongoing investment in risk management.

But what exactly is risk management in healthcare? Over the next few posts, we’ll take a look at the basics of managing risk in this industry as well as the top risks facing healthcare organizations today. Our first stop on this journey: understanding risk management in healthcare and its evolution over time.

First, what is healthcare risk management?

Risk management in healthcare refers to the systems and processes designed to detect, mitigate, and prevent risks in healthcare organizations. Risks can range from healthcare-associated infections and medical malpractice to data breaches and more.

Failure to manage risk in the healthcare setting can mean the difference between life and death. For example, the U.S. Institute of Medicine found that between 44,000 and 98,000 patients die each year from preventable medical errors. Furthermore, an estimated 400,000 hospitalized patients experience some type of preventable harm annually.

Ineffective risk management can also lead to financial losses—including penalties and fines—and reputational damage. According to our healthcare commercial intelligence, more than 770 hospitals faced Medicare penalties totaling $254 million in 2021 based on their rates of avoidable complications.

By understanding risks and effectively managing them, healthcare organizations can protect human safety, compliance and finances, reputations, and more.

The impact of the malpractice crisis

The widespread adoption of risk management by the U.S. healthcare industry is a response to the rise of medical malpractice lawsuits. Medical malpractice suits appeared in the courts with regularity beginning in the 1800s. However, legal claims for medical malpractice were rare and had little impact on medical practice.

In the 1970s, a changing legal landscape led to a sharp increase in the number of malpractice claims and in the size of awards granted. From 1979 to 1986, the average settlement grew from $5,000 to $330,000. The so-called malpractice crisis caused medical liability insurance premiums to skyrocket. In response, the healthcare industry began to adopt risk management practices designed to reduce the likelihood of medical errors and preventable adverse events.

Today, risk management is an integral part of healthcare delivery in the U.S. Most hospitals and physician groups have established risk management programs, and many states have enacted laws requiring providers to adopt risk management practices. The goal of these programs is to improve patient safety and quality of care while reducing the costs associated with medical errors and adverse events.

A big-picture approach to risk management

Risk management in healthcare has evolved over time as our understanding of risks has increased. With the growing role of healthcare technologies, the rapid pace of medical innovation, and the industry’s changing legal, regulatory, and reimbursement landscape, risk management has become more complex.

In the past, most healthcare risk management activities focused on patient safety and medical liability. However, there are many other types of risks that can have a significant impact on healthcare organizations, such as human capital risks (e.g. staffing shortages), reputational risks (e.g. media coverage of negative incidents), and strategic risks (e.g. competition). Learn more about the implications of M&A on the healthcare industry in this blog post.

As our understanding of risk has grown, so has the need for a more comprehensive approach to managing it. This is where enterprise risk management (ERM) comes in. ERM is often used interchangeably with risk management. However, ERM is a more holistic approach that looks at all types of risks across an organization.

ERM also looks at how these risks interact with each other and how they can be managed effectively at an organizational level. For example, staffing shortages-a human capital risk-also pose patient safety risks, but we’ll dig into that in our next post.

Managing risk across domains through ERM

Enterprise risk management (ERM) is a systematic process that helps healthcare organizations proactively manage risks that could adversely affect patient care—or the organization's ability to meet its strategic objectives. It’s an important tool for healthcare organizations as it helps them to identify and manage both current and future risks. ERM in healthcare encompasses eight risk domains:

  1. Operational
  2. Clinical & patient safety
  3. Strategic
  4. Financial
  5. Human capital
  6. Legal & regulatory
  7. Technological
  8. Environmental & infrastructure-based hazards

An effective risk management strategy will address all these domains to minimize the overall risk exposure of the organization. By taking a proactive approach to identifying and mitigating risks across all domains, healthcare organizations can protect the quality of care they provide, safeguard their financial stability, and ensure compliance with regulatory requirements.

Learn more

This post is the beginning of a two-part series on risk management in healthcare. In our next blog, we'll explore the top risks facing healthcare organizations today.

As you navigate the complex era of change in healthcare, healthcare commercial intelligence can help you stay up to date on trends across the industry. Start a free trial of our platform today to get the latest developments impacting risk management in healthcare.

Nicole Witowski

About the Author

Nicole Witowski

Nicole Witowski is a Senior Content Writer at Definitive Healthcare. She brings more than 10 years of experience writing about the healthcare industry. Her work has been…

Author profile