Disasters—rarely are they expected, but they do occur. Most of the time, because of the lack of notice, averting a disaster once it has begun is nearly impossible. What is not impossible, however, is going through the discipline of evaluating the potential problems any number of disasters could cause before they strike. This practice is in the realm of risk management—OK I sense the yawns—some sort of management-speak that is often mentioned and discussed at boring meetings, right?
Often, the importance of adopting a risk management assessment does not resonate with a person until he or she is in the midst of a disaster. But disasters—whether a natural disaster, a traumatic life event, or even a freak accident—happen all of the time, and it is best to be prepared. Many of our colleagues, such as those who have graciously contributed to this issue, have been in the unfortunate position of dealing with a disaster.
What are the differences between disaster, peril, hazard, and risk? Risk is the chance or probability of a loss, and peril is a direct cause of loss. If, as in my case, which I share starting on page 48 of this issue, there is a flood from a broken pipe, then the peril is water. A hazard is anything that causes or increases the likelihood of a loss. So, for instance, delaying maintenance on plumbing could increase the likelihood of a leak and water damage.
A physical risk is easy to understand, but other risks that should be considered in any practice or business include those that are legal, financial, and ethical in nature. Legal risks are potential liabilities to the practice and can occur from a variety of sources, medical malpractice being probably the biggest. Financial risks involve financial assets of the organization that could be affected by an untoward event, and these can include loans, accounts receivables, damage claims, fines, penalties, and insurance costs, to name a few. Ethical risks involve damage to the reputation or principles of a practice.
In reality, a great deal of risk evaluation takes place in our heads on a daily basis—you know, those what-if scenarios—and often we subconsciously or consciously develop strategies to avert risk. There are, however, risks that we may never entertain, and a formal methodology, no matter the size of the organization, is worth implementing in order to help identify and quantify the often unforeseen risks that our practices can face.
Consider this relatively simple process of risk evaluation:
Step No. 1: Identify all potential risks in each category (physical, legal, financial, ethical).
Step No. 2: Evaluate the probability of the occurrence on a scale of 1 to 5 (1 = rare, 2 = unlikely, 3 = possible, 4 = likely, and 5 = almost certain).
Step No. 3: Score the impact of the risk, again from 1 to 5 (1 = negligible, 2 = minor, 3 = moderate, 4 = major, 5 = catastrophic).
Step No. 4: Prioritize the risks based on the combined effects of likelihood and impact. If an event is likely and its impact will be devastating, then this is probably critical in terms of category and requires immediate attention.
Step No. 5: Control the risks that you can. This can be accomplished through a variety of mechanisms, including transfer of risk by buying insurance, retaining the risk, or financing the risk by allocating funds in case it happens (clearly for a low-impact risk).
Step No. 6: Monitor and review the plan. This is a final step and is a formal mechanism to assess any control measures put in place to deal with risks and to ensure that the change is for the better. Additionally, a regular review allows identification of additional risks.
If you haven’t undertaken a formal risk evaluation in your practice, I hope that this editorial and the articles in this cover focus, which describe how some of our colleagues have dealt with the devastations they’ve encountered, provoke you to do so. At the very least, put some thought and consideration into adopting some formal mechanism of identifying risks, and, instead of risk management, let’s use better and more positive terminology: risk intelligence.
Sheraz M. Daya, MD, FACP, FACS, FRCS(Ed), FRCOphth
Chief Medical Editor