Operational risk assessments include recognizing hazards, vulnerabilities and potential points of failure within operational processes, equipment and infrastructure.

Image by Getty Images

At the center of every health care facility lies an intricate web of potential risks — each thread representing a challenge to the seamless delivery of patient care. Health facilities professionals are guardians of a sacred trust, tasked with navigating a landscape where resource scarcity, shrinking budgets and an ever-expanding backlog of deferred maintenance threaten to compromise the very essence of their mission. Yet, in this complex obstacle course of operational hurdles lies an opportunity not just to respond but to innovate and embrace what could be best described as a nontraditional approach to problem-solving.

The journey of health care facilities management is one of constant evolution, where the challenge is not merely to mitigate risks but to foresee and shape the future by providing an unparalleled patient care experience at the highest possible value through strategic foresight. Operational risk scoring emerges as a beacon of hope, guiding health care professionals through the fog of uncertainty and, in some cases, inexperience. It calls individuals to embrace a culture of continuous improvement, where assessing risk seamlessly integrates into day-to-day behaviors and ultimately becomes ingrained within the industry’s culture.

Understanding risk

Imagine a world where every decision and every action taken within the walls of health care facilities is informed by a deep understanding of operational risk. This is not a distant utopia but a tangible reality within a facilities professional’s grasp. Operational risk assessment is a compass, enabling professionals to navigate the waters of health care facilities management with confidence and precision.

Related Article

Embracing operational risk scoring

At its core, operational risk management in health care is proactive. It involves a meticulous analysis of potential threats to safety, security, operations and compliance. Through identifying, assessing and prioritizing these risks, health care facilities professionals can tailor strategies to address the most pressing challenges, ensuring resources are directed where they are needed most. This process, while methodical, should not be misconstrued as a cold, mechanical exercise. On the contrary, it is a dynamic, evolving practice that reflects a commitment to patient care and a relentless pursuit of operational optimization.

The implementation of operational risk scoring can feel awkward at first. It demands a willingness to question the status quo, look beyond the immediate horizon and envision what health care should be. The journey is not without its challenges. The landscape of health care facilities management is filled with potential pitfalls — from competing regulatory hurdles to the intricacies of asset management. Yet, it is precisely within these challenges that the greatest opportunities for innovation and improvement lie.

The approach to operational risk management is not one of passive observation but active engagement. Tomorrow’s health care professionals are not merely reacting to risks as they arise but anticipating them, preparing for them and, when possible, preventing them. This requires a level of vigilance and dedication that goes beyond the ordinary. It demands a culture of optimization, where every member of the health care team, from the facility manager to the frontline staff, is empowered and equipped to identify and address potential risks. 

The power of operational risk scoring extends beyond the confines of regulatory compliance. It is a tool for strategic alignment, ensuring that every aspect of operations is in harmony with the overarching mission to provide safe, effective and compassionate care. By integrating principles of operational risk management, individuals can move from a reactive to a proactive stance, from symptom fighting (e.g., firefighting) to problem solving (e.g., fire prevention).

As health care facilities professionals stand on the threshold of a new era in facilities management, they are reminded of the weight of the responsibilities and the potential of the collective efforts. Operational risk scoring is not just a methodology but a philosophy — a declaration of commitment to optimization, safety and the unwavering pursuit of a better tomorrow. Operational risk assessments in health care facilities typically involve:

  • Identifying potential risks. Recognizing hazards, vulnerabilities and potential points of failure within operational processes, equipment and infrastructure.
  • Assessing the likelihood and severity of risks. Evaluating the probability of various risks occurring and the potential impact they may have on patients, staff, visitors and the facility’s operations.
  • Prioritizing risks. Determining which risks pose the greatest threat and require immediate attention and mitigation efforts.
  • Developing risk mitigation strategies. Implementing measures to reduce, control or eliminate identified risks. This may involve implementing safety protocols, enhancing equipment maintenance procedures, providing staff training or implementing technology solutions.
  • Monitoring and reassessing risks. Continuously monitoring operational activities and processes to identify new risks or changes in existing risks. Regular reassessment ensures that risk mitigation strategies remain effective and relevant.

Overall, an operational risk assessment is a proactive approach to managing risks in health care facilities, aiming to ensure the safety, reliability and regulatory compliance of operations while minimizing potential disruptions and adverse events. However, despite the straightforward nature of assessing operational risk, health care professionals can often overcomplicate the process, leading to confusion and unnecessary complexity.

To put this into context, consider the experiences of an individual on their daily commute to work. Numerous potential risks and obvious corresponding mitigation measures quickly come to mind. First, there is the risk of vehicle breakdown, which encompasses potential mechanical failures like a flat tire, engine overheating or brake failure. 

To mitigate such risks, regular vehicle maintenance practices, such as performing routine inspection, testing and maintenance like oil changes, tire rotations and brake inspections, are essential to minimize the likelihood of unexpected failures. In the case of a flat tire, for instance, the vehicle is equipped with a spare or N+1 redundancy. 

Additionally, traffic accidents present another significant risk, with factors such as speeding, distracted driving or adverse weather conditions contributing to collisions with other vehicles or stationary objects. Operating a motor vehicle appropriately by adhering to traffic laws, wearing a seat belt, driving appropriately for the road conditions and using turn signals are crucial mitigation strategies for reducing the risk of accidents.

Mitigation limitations

Much like day-to-day operations, risk is continuously being evaluated and mitigation measures are being put into action without thought. When this occurs, risk mitigation becomes a part of the culture. Risk mitigation involves identifying, assessing and implementing measures to reduce or control potential risks to an acceptable level. However, it’s not always feasible or practical to mitigate all risks for several reasons:

Related Resource

Asset Risk Managment Tool

  • Resource limitations. Organizations have finite resources, including time, money and staffing. Allocating resources to mitigate every possible risk is impractical and unsustainable. Therefore, organizations must prioritize risks based on their likelihood and potential impact, focusing on those that pose the greatest threat to achieving objectives or preserving safety.
  • Uncertainty and complexity. Some risks are inherently uncertain or complex, making them difficult to identify, assess or mitigate effectively. For example, emerging risks related to technological advances may present challenges in developing appropriate mitigation strategies due to their unpredictable nature or lack of historical data.
  • Cost-benefit analysis. Mitigating certain risks may result in significant costs or trade-offs that outweigh the potential benefits. Conducting a cost-benefit analysis helps organizations determine whether the expense of mitigation measures is justified relative to the perceived risk reduction. In some cases, accepting and operationalizing certain risks may be more economical than attempting to mitigate them fully.
  • Residual risk. Even after implementing mitigation measures, residual risk — the remaining level of risk that cannot be eliminated entirely — may still exist. Issues such as human error, environmental factors or unforeseen circumstances can contribute to residual risk, necessitating ongoing monitoring and adjustment of mitigation strategies.
  • Risk tolerance. Every organization has its own risk tolerance or threshold for accepting certain levels of risk in pursuit of its objectives. Mitigating all risks to zero may not align with the organization’s risk appetite or strategic goals. Instead, organizations must strike a balance between risk mitigation efforts and the potential impact on performance, innovation or competitiveness.

While risk mitigation is essential for safeguarding against potential threats, it’s not feasible or practical to eliminate all risks entirely. Organizations must adopt a pragmatic approach to risk management, focusing on prioritized risks, optimizing available resources effectively and accepting a certain level of residual risk in alignment with their objectives and risk tolerance. 

This involves identifying, evaluating and prioritizing risks associated with various operational activities and processes, with the overarching aim of anticipating and mitigating threats to safety, security, efficiency and compliance. Over the years, a multitude of programs and methodologies have emerged to operationalize risk management, each tailored to address specific types of hazards and activities.

One such example is the implementation of permitting procedures for activities such as hot work, lockout/tagout (LOTO) and above-ceiling work. These initiatives offer a methodical framework for identifying, evaluating and mitigating known risks associated with specific tasks. For instance, hot work permits ensure meticulous precautions are taken to prevent fires or explosions during welding or cutting operations, while LOTO procedures safeguard against accidental equipment startups during maintenance. In each of these examples, the risk is well documented, and nationally recognized programs have been developed to provide standardized process steps that staff as well as vendor-provided services have the discipline and accountability to follow consistently.

Furthermore, specific permitting processes, such as the infection control risk assessment (ICRA), pre-construction risk assessment (PCRA) and water ICRA utilize a sliding scale of risk assessment. This approach allows health care facilities to tailor mitigation measures based on the specific location, scope and duration of the activity. For example, activities involving dust generation near a bone marrow transplant unit will have stricter controls compared to routine maintenance tasks in a nonpatient care area.

Among the array of strategies for operationalizing risk management, the asset risk management system (ARMS) stands out as a tailored approach for health care facilities. ARMS methodically categorizes assets, devises risk assessment models and evaluates program eligibility based on risk scores. Implementation of ARMS ensures uniform risk management practices, thereby fortifying safety protocols and effectively mitigating risks across a spectrum of operational endeavors.

Integral to the fabric of risk management endeavors are annual assessments such as the hazard vulnerability analysis. These assessments gauge risks based on parameters such as probability and severity, steering the formulation of emergency response plans and personnel training initiatives. Rigorous drills and exercises validate the efficacy of these plans, ensuring preparedness for unforeseen contingencies.

In essence, effective risk management demands a comprehensive understanding of protocols and regulations, coupled with proactive measures to address potential vulnerabilities. By adopting a strategic approach informed by standards and best practices, health care facilities can enhance resilience and ensure the continuity of critical services, even in the face of unforeseen challenges.

Understanding the rationale behind certain risk management practices is crucial for their effective implementation. For example, protocols such as running emergency generators for a minimum of 30 minutes with a load of at least 30% or monitoring stack temperatures serve to ensure the reliability and readiness of emergency power systems. Diesel generator sets play a critical role in ensuring uninterrupted power supply during emergencies. However, operating diesel engines at low load levels for extended periods can lead to various issues, including engine wet stacking and internal glazing. Regular testing, such as load bank testing, helps improve the generator’s operating capacity and responsiveness during power outages.

Similarly, requirements such as monthly testing of electric fire pumps play a crucial role in validating the functionality and reliability of fire suppression systems. Testing electric fire pumps for a minimum of 10 minutes serves multiple purposes. First, it allows the motor windings to cool down adequately, mitigating the risk of premature wear and ensuring sustained operational efficiency. Additionally, this testing regimen helps identify any potential issues or malfunctions early on, enabling prompt maintenance and preventing system failures during critical situations.

When navigating the maze of operational risk management, particularly in health care settings, a multifaceted approach is essential. From identifying vulnerabilities within utility systems to aligning operational strategies with organizational goals, health care facilities encounter an array of challenges. However, within these challenges lie opportunities for innovation and improvement. 

By embracing resources such as those available through the American Society for Health Care Engineering (ashe.org/topics/risk-management) and leveraging insights from industry literature, health care facilities managers can develop robust risk assessment frameworks tailored to their unique needs. 

Regulatory requirements such as ICRA, PCRA and interim life safety measures add layers of complexity, requiring meticulous attention to detail. Moreover, the interconnected nature of utility systems necessitates a top-down approach to identify single points of failure and ensure redundancy — a critical aspect highlighted by the National Fire Protection Association’s NFPA 99, Health Care Facilities Code, risk categories and the International Organization for Standardization’s ISO 31000 guidelines.

Not a luxury

In a world where every decision counts, proactive risk management is not a luxury but a necessity. By embracing operational risk scoring as a strategic ally, health care facilities can navigate the complex landscape of regulatory compliance, safeguard organizational missions and, most importantly, enhance patient care.

Ryan Schramm, CHFM, CHC, SASHE, is senior systems manager for facilities operations at Banner Health, Phoenix. He can be reached at ryan.schramm@bannerhealth.com.