Risk management is a contemporary concept developed to reduce the chances of problems that may lead to litigation. The basic principles of risk management include identifying potential risks; analyzing their likelihood, effects, and costs; considering how they might be controlled or eliminated; and deciding how best to insure against risks that cannot be eliminated. These principles may be applied across the entire range of clinical activities.1

As well as being part of an institutional concern, risk management should also be accounted for in every NP's professional plan. A professional misconduct, criminal conviction, or even litigation over a work issue could jeopardize an NP's career.2

Basics of risk management

Risk management was developed in the United States as a response to lawsuits. The three main principles were:

* to improve claims management-controlling costs by knowing how to gather evidence, when to resist, and when to settle

* to manage the damage patients suffered by recognizing problems as early as possible and addressing them appropriately

* to prevent adverse outcomes that could lead to litigation.3

While many problems arise because of individual mischance, a substantial number occur when there is a lack of clear policies, deficient working practices, poorly defined responsibilities, inadequate communication, and staff working beyond their individual competence levels. A combination of two or more of these factors is called a "systems failure."

Besides patient care, risks can also occur related to buildings and equipment, security, fire, hazardous substances, and waste materials. The individuals who may be harmed and seek damages include patients, visitors, and staff.3

Code of conduct

The American Society for Healthcare Risk Management (ASHRM) enacted a code of professional conduct that addresses the responsibility risk managers have to those they serve. The risk manager's role is to promote the overall quality of life, dignity, safety, and well being of every individual needing healthcare services. In striving to fulfill this responsibility, the risk manager must do the following:

* practice in a nondiscriminatory manner, respecting the dignity of all individuals

* acknowledge that patients and families are partners in healthcare delivery and should be treated fairly and respectfully

* use honest and factual communication with patients and families, colleagues, and others

* share confidential information or protected health information only in circumstances where appropriately authorized or required by law

* investigate and analyze events to find ways to reduce the likelihood of similar injury to others

* create a culture that encourages event reporting

* advocate for patient safety.4

The code of professional conduct also addresses the responsibility the risk manager has to the profession. The code states that, "the risk manager has the responsibility to practice the profession with honesty, fairness, integrity, respect, and good faith". In striving to fulfill this responsibility, the risk manager must do the following:

* avoid behaviors that could harm others and promote behaviors that reflect well on the profession

* identify, acknowledge, and disclose potential conflicts of interest

* comply with all federal, state, and local laws, regulations, and accrediting standards that impact healthcare delivery

* be a leader, conducting oneself in a professional manner that will merit the trust, confidence, and respect of patients, healthcare professionals, and the general public

* maintain and improve professional skills, knowledge, and competence

* promote best practices by advocating risk management research

* participate in activities that support and enhance the credibility and dignity of the healthcare risk management profession

* maintain and respect professional confidences

* uphold the vision and mission of the ASHRM

* uphold the integrity of ASHRM's code of professional conduct by agreeing to abide by all rules of conduct prescribed by the code and by the organization.4

Conflicts of interest

The code of professional conduct also addresses conflicts of interest for risk managers. A conflict exists when the risk manager is called upon to serve in competing interests. Some conflicts of interest, such as transactions with a former employer or dealing with past business associates, may be acceptable as long as the conflict is disclosed to all involved parties. Other conflicts, such as business transactions that benefit the risk manager or her family members at the expense of others are unacceptable even if disclosure to all involved parties is made. In striving to avoid conflicts of interest, the risk manager should exercise good faith in all transactions. Furthermore, the risk manager is to avoid any interests, investments, or activities that conflict or appear to conflict with the interests of the employer or patient and make full disclosure of all facts of any transaction that involves the possible conflict of interest to all parties involved.4

REFERENCES