Preparing for the Unexpected: Identifying and Assessing Risks in Community Health Programs

Welcome to the CHM Micro-Credential podcast! I'm your host, Dr. Tami Moser. In today's episode, we're diving into the first part of a two-part series on risk assessment in community health program planning. We'll explore how to identify potential risks across various domains and use tools like the Hazard Vulnerability Analysis (HVA) to prioritize these risks. From clinical to operational, financial to environmental, we'll cover it all and provide actionable steps to help ensure the safety, continuity, and effectiveness of your health programs. Grab your HVA Excel workbook and join us as we unpack the critical foundations for resilient and sustainable community health initiatives. Stay tuned!

Tami Moser [00:00:02]:
Welcome to the Community Health Management podcast. I'm your host, doctor Tami Moser. And today, we're starting a 2 part series on a critical aspect of program planning, and that's risk episode, we'll focus on identifying potential risks across various domains and conducting a hazard vulnerability analysis, which there is an Excel spreadsheet tool for that that will be up in the additional resources from Kaiser Permanente. And you may already have one from the county because we use the same hazard vulnerability assessment and emergency planning in Oklahoma. So you may have seen it or a variation of it. Our follow-up episode will be on developing strategies for risk mitigation. So let's begin by understanding why risk assessment is crucial in community health program design. Effective risk management can one protect patient safety, safeguard program assets and resources, ensure continuity of services, maintain stakeholder trust, and comply with regulatory requirements.

Tami Moser [00:01:14]:
Now let's explore the key domains of risk and community health programs. And none of these will be new to most of you, but thinking about them in this context may be. So first, there's the clinical risks, and these include medical errors, adverse events, and quality of care issues. These are things you already deal with in your daily organizational health environments. However, now we're looking at it from the perspective of designing and considering how your design of the program, the processes, the policies would impact medical errors, adverse events, and quality of care issues. And what happens if one of those do occur? You need policies for that as well for your program, and then there needs to be training on that. So that kinda gives you the perspective of, you know, what you do with these when you identify them. The second is operational risks.

Tami Moser [00:02:07]:
Think staffing shortages, equipment failures, or supply chain disruptions. Those are not uncommon things to occur and there are many others, but those are some of the top 3, if you will, of operational risks when you're generalizing across different kind of health systems. There's financial risks. You could overrun your budget. Right? So you're spending more than you've budgeted. There could be funding cuts and that could impact the program either design or the programming altogether or unexpected expenses. Remember, we talked about having a 10 to 15% cushion built in so that that can help with any kind of unexpected expenses so that it will not throw your whole budget off. There's legal and regulatory risks.

Tami Moser [00:02:58]:
This covers compliance issues, malpractice claims, changes in health care laws that need to be adapted to be compliant, And then reputational risks, you've got negative publicity or loss of community trust. Those are two examples of reputational risks. Then there are environmental risks. These are natural disasters. Pandemics, or local environmental hazards would belong in this category. For those of us in Oklahoma, Texas, Kansas, this includes things like wildfires and tornadoes and heavy straight wind damage and hail. So those environmental risks, some of them will have more of an impact on your programming, some less. In other words, the risk is lower or higher, but identifying them is important.

Tami Moser [00:03:49]:
And then last is technological risks. Data breaches, system failures, or cybersecurity threats are increasingly important to actually think about and try to plan for. Both trying to mitigate it ever occurring, so trying to find a way to block it, but also if it occurs, having a response policy in place for it. So to systematically identify risks in each of these domains, considering using some of these methods. 1st, brainstorming sessions with your teams with just these broad categories and these beginner lists can help you brainstorm a much larger grouping of items, the HBA Excel workbook. Make sure you look at the bottom at the tabs because those tabs represent different categories of risk. And then when you open the tab, you'll see a long list. Some of those are gonna have no impact on you at all.

Tami Moser [00:04:47]:
You're not worried about a volcano in the middle of Oklahoma, so you don't need that on your list. But one of the nice things about the HVA tool from Kaiser Permanente is even if you're not going to actually use the spreadsheet because some of the formulas in there sometimes are a little wonky, and it can be simpler than that. Or Kaiser Permanente has advanced worksheets that they can they use in their quality department. But it's the list. Right? It's they're pretty comprehensive lists on each of those worksheets in the workbook, and that can also kinda trigger brainstorming surrounding those. Reviewing incident reports and near misses. So what do you know has already happened in your facility that might also happen in your program? If you're reevaluating a program, this is also something where you would go, okay. What kind of incident reports have we had? What kind of near misses? And this really highlights the need to collect the data on near misses.

Tami Moser [00:05:44]:
Oftentimes, there is a view that if it's caught and it doesn't actually so in other words, it's an internal error. You catch it before the patient ever knows it occurs. If the patient knows it happened, that's an external error. So if it's an internal error, that's often what will be categorized as near misses. And the attitude sometimes is, well, our system worked because we caught that error before it left the system and became external, and the patient knew about it. That is true to a certain extent. However, that's also a signal that there's something wrong with your processes. In other words, the error the goal is that the error never happens at all.

Tami Moser [00:06:25]:
So what allowed that in your process to occur? And there's also a real, I don't know. I guess it's just human nature. Right? Where we tend toward wanting to blame a person for an event occurring, a near miss or an actual incident. And the truth is a lot of things had to line up for that person to make that mistake. So maybe you have problems in training. They weren't well trained. They didn't know or fill in the blank. There can be a lot of things here.

Tami Moser [00:06:59]:
But what it all leads to is all near misses should be captured in terms of the information. There shouldn't be penalties to capturing. It should actually just go into your decision making system where now you can look at your process as a whole to find where that happened to stop it from actually becoming an external error at some later point. So those near misses are signals. That was a side rant for me, but it highlights the need to collect it because in this, you designing these programs, you also wanna look at, okay, our organization is gonna be supplying or creating, managing, staffing this service and or this program as a whole. Therefore, the incidents and near misses in your facility should also be something that you should be concerned about because the same people are gonna be involved and the same processes may be used. And those processes become the more concerning thing. 3rd is to analyze data from similar programs or communities.

Tami Moser [00:08:08]:
The next is to conduct some stakeholder interviews, especially those stakeholders that are within the community that you're planning for. Right? And ask them about areas of risk that they would be concerned about. You might be surprised at what they come up with as someone who's external to your system. And then perform regular audits and assessments. You wanna make sure that you're evaluating. Are things working the way we wanted them to? So, you know, we're kind of full circle back over to implementation and looking at and assessing and evaluating what's going on. Now let's talk a little bit more about the hazard vulnerability analysis or HVA tool. And HVA helps you prioritize risks based on their likelihood and potential impact, and it can be fairly simple.

Tami Moser [00:08:56]:
This does not have to get overly complicated. First, we list all potential hazards or risks. So that's where the HVA Excel workbook can be very useful because it's got those lists of, different types of hazards. And just to kind of streamline, I think I'm gonna what I'm gonna do is I'll just put that in a document for you guys to be able to pop up and use as a work as a list starting list. And then I also have the HVA tool. So for those of you who want to try to use the tool or you already have that tool that you use internally, either of those will work, or you can use the lists I'm gonna provide and then go through this exercise we're gonna talk about right here. And that's enough to give you what you need in terms of a ranked list of risks you're concerned about. So once you have your list of potential hazards and risks that are relevant to wherever your service is being offered or this program is being offered.

Tami Moser [00:10:00]:
You're going to look at each risk and assign it a score. Usually, it's 1 to 3. You just need to decide how you wanna handle the number numbers. For instance, you're gonna be looking at probability of occurrence from low to high. So you could have no probability or low to no probability. 2 could be maybe, you know, mid level probability, and then high would be 3. So if you use the numbers where you're going from low to high as low number to high number, then you just need to be consistent when you're doing that. Right? So you can kind of think about that as you go through here.

Tami Moser [00:10:44]:
You're gonna multiply these scores to get a total risk score and rank the risks based on their total score. So let's walk through an example. Imagine you're assessing the risk of a data breach, and so you decide probability would be a 2 at moderate. And the severity, if it happened because of the damage to patient safety and the risk, legal risk, would be 3 because that's the severity. Right? The severity of the impact is at a 3. And then you've got how prepared are we for this? And so we go, we don't have a robust cybersecurity measures in place. Therefore, I would say our preparedness is 1 at low. So score 1 to 3, probability of occurrence, severity of impact, and preparedness.

Tami Moser [00:11:31]:
How ready are we to handle it? So in this example, our total risk score is 2 times 3 times 1 equals 6. And you do this for all identified risks and then rank them. Right? So the higher the number, the more concerned you would be about it in this example because, you know, that's how this is gonna work. But you would do this for each identified risk, and then this helps you prioritize. And that allows you then to move into the ability to create a management plan for these items. Now let's address some common challenges in risk assessment. 1st is overlooking low probability high impact events. So and I would say the one thing that pops into my mind immediately is a pandemic.

Tami Moser [00:12:17]:
Low probability, high impact if it occurs. And so we often overlook those things because people have an attitude of it can't happen to us. It won't happen here And that's just not true. Anything can happen anywhere other than I don't expect a volcano in Oklahoma. But, most of the other risks we can think about, there would be some level of probability it could occur and we tend to just go, oh, we don't need to worry about that. But when you're looking at events like a low probability event that would have a a really high negative impact, you wanna pay attention to those and have some policies in place to start working with if something were to happen. The second is focusing too much on past events and missing emerging risks. So there is this tendency not to see the risks that are gonna develop from something, that we don't forecast risks that we've never had to face before well.

Tami Moser [00:13:20]:
And so we tend to just reflect back on what's happened in the past, and that's the only thing we need to worry about in the future. That's kind of a having blinders on, in that instance, and you need to kinda break away from that and look at what could happen that has never happened here before. Underestimating the interconnectedness of risks and that if one thing happens another. And so I'll use a weather example for this. So if we think about hurricanes, that is also wrapped into the risk of tornadoes. So you can get both, and then with hurricanes, one of the massive things is wind and flooding. Right? The surge. So you kind of get this interconnectedness, which then leads to power outages and, some of these other identified risks we could line out.

Tami Moser [00:14:12]:
So we have a hurricane, and then we have this whole set of interconnected risks that can happen. Even looting. Right? So you've, understanding that there is connection and those connections do matter and can impact what's happening becomes really vitally important. And then there's a failure to involve frontline staff in the assessment process. You know, often we fail to remember that those on the front line see more, know more, hear more than we do when we're removed from that, and the farther removed we are the less likely we are to actually understand what's happening on the front line. So it's important to actually talk to people that are on that front line and will be doing the work that you need them to do or are doing the work of your program to find out how things are going and what they see as risks that need to be addressed. Or they're a really good source also to go back to those low probability but high impact events that could come out of nowhere or emerging risks. They'll see those more likely far before you will.

Tami Moser [00:15:23]:
At least certain types of risks they'll see far before you will. So here's your action item for this podcast. You're gonna conduct a preliminary risk assessment for your community health program. You'll identify at least 3 risks in each of the domains we've discussed and the domains that you'll see on, my list. So just take each domain and that list and identify at least 3 risks for each one. And then perform a basic HVA to prioritize them. So go through the the numbering for those three things. And then next, we'll talk about mitigation strategies and how to mitigate risks you identify.

Tami Moser [00:16:07]:
So thank you for tuning in to community health management podcast. Remember, effective assessment is the foundation of a resilient and sustainable program. Until next time, this is doctor Tami Moser encouraging you to stay proactive in identifying and understanding the risks in your community health endeavors.