Increasing resident acuity, continuing workforce shortages, looming government staffing mandates, evolving technology, and rising claim values.  This shifting landscape for long-term care providers presents many challenges and managing these risks requires a holistic approach to ensure residents are provided safe and high-quality care.

Assessing risks on a departmental level is not sufficient in today’s environment.  Long-term care providers must adopt overall strategies, or Enterprise Risk Management (ERM) strategies, which include clear documentation and communication protocols, attention to customer service, strong hiring and training practices, leadership oversight and visibility, compliance with admission and discharge practices to ensure caregivers can meet needs, setting realistic expectations for residents and families, taking responsibility for incidents, and building relationships.

What is Enterprise Risk Management?

Enterprise Risk Management (ERM) is simply assessing how risks affect an organization and devising plans on how to approach different risks.  ERM is an organization-wide strategy, both top-down and bottom-up, to identify and prepare for hazards and mitigate operational, financial, compliance, legal, and other risks.  ERM eliminates silos and allows for proactive risk mitigation across an entire enterprise.  This framework helps an organization align objectives with its mission, vision, and core values with a collaborative approach to process improvement.

Key components of Enterprise Risk Management

One approach used for ERM across industries is based on the framework published by The Committee of Sponsoring Organizations (COSO), which considers risk in strategy-setting and in driving performance.  COSO notes ERM is not a “function or department.”  They define the components of ERM as:

• Governance and Culture
• Strategy and Objective-Setting
• Performance
• Review and Revision
• Information, Communication, and Reporting

The American Society for Health Care Risk Management (ASHRM) further defines the risk domains in healthcare, and examples in each, as:

• Operational: adverse event management, credentialing, staffing, documentation, chain of command, internal controls, supply chain, and management oversight.
• Clinical/Patient Safety: following evidence-based practices, medication errors, serious safety events.
• Strategic: brand, reputation, marketing, business affiliations.
• Financial: capital structure, equipment, contracts, regulatory fines, budgets, reimbursement.
• Human Capital: staffing, retention, work-related injuries, productivity, compensation.
• Legal/Regulatory: fraud and abuse, licensure, accreditation, CMS CoPs, liability.
• Technology: electronic health records, financial and billing systems, social media, cybersecurity.
• Hazard: logistics, supply chain, facility management, natural disasters.

How are organizations implementing Enterprise Risk Management?

Successful implementation of an ERM program must involve stakeholders at all levels.  In long-term care organizations this includes, but is not limited to, clinical staff (physicians, therapists, nurses, aides, pharmacists), operational staff (dietary, maintenance, activity), strategic decision-makers (owners, directors), administrative staff (compliance/regulatory/legal, health information management, human resources, marketing/sales), technology staff (in-house IT staff, health information managers, and third-party vendors).

Health care organizations that promote a culture where all team members are comfortable in reporting incidents allow for improved risk mitigation, and ultimately improved quality of care, patient safety, and organizational efficiency.

How can Excelas support Enterprise Risk Management?

Excelas supports our clients’ ERM programs through data abstraction, audits of medical and related records, and record production support.  These audits can reveal gaps in documentation, provide documentation support for claim submissions, and compliance with regulatory requirements.  Excelas’ experienced legal nurse analysts can evaluate your facility’s compliance with your current risk management guidelines as well as provide recommendations for documentation improvement.