Risk assessment

Risk assessment is formed of three steps. The first step is to identify the hazards (what may go wrong?). Second, to know what are the consequences of this risk and how often could this risk happen. Third, involves a decision regarding the need for further action to be taken against the specific risk based on quantitative or a qualitative description.

  1. Hazard Identification (What may go wrong?)
 

There are several methods that can be used in identifying hazardous clinical processes that carry high risk to patient safety (see table below).  Once a process is identified, it is mapped and broken down into its component steps. In doing so, the events that may lead to patient harm (hazards) can be further identified and related to each step.

   
 
Hazard identification


Adverse event reporting
Complaints and law suits
Medical records review
Observation of practice (work space and procedures performed)
Mortality and morbidity meetings
Patient and health care staff interviews
Patient safety organizations

     
  2. Risk analysis (How serious and how often?)
 

Risk analysis is the estimation of the risk associated with the identified hazard. Each step of the chosen process is analyzed by answering the following three questions. First, what are the consequences of the event if it happens and second how often is it expected to recur and third how easily can it be detected?


In answering the first question the next consequence table can be used.

     
  Consequence Rating
 

 Descriptor

Impact

5 – Catastrophic

Death
Continued ongoing long-term effects at time of discharge
Many > 50: Vaccination error

4 – Major

Permanent injury
Increase in length of hospital stay by > 15 days
Moderate  16 – 50: Lost specimens

3 – Moderate

Semi-permanent injury
Increase in length of hospital stay by 4-15 days
Small  3 – 15

2 – Minor

Short term injury
Increase in length of hospital stay by 1-3 days
1 – 2

1 – Insignificant

No injury
No increase in hospital stay
N/A

     
 

Other factors can be taken into account and integrated into the consequence table such as cost of the risk, impact on the service, impact on the organization,  etc.


In answering the second question the following likelihood table can be used.

     
  Likelihood Rating
 

 Descriptor

 Description

5 – Certain

Will undoubtedly happen / recur
Expected to occur at least daily
>50 percent

4 – Likely

Will probably happen / recur
Expected to occur at least weekly
10-50 percent

3 – Possible

Might happen or recur occasionally 
Expected to occur at least monthly
1-10 percent

2 – Unlikely

Do not expect it to happen / recur but it is a possible it may do so 
Expected to occur at least annually
0.1-1 percent

1 – Rare

This will probably never happen / recur
Not expected to occur for years
<0.1 percent

     
 

In answering the third question the following detection table can be used.

 

 Descriptor

 Description

5 – Remote

Detection not possible at any point in the system
0-5 percent

4 – Low

Error rarely detected before reaching patient
6-39 percent

3 – Moderate

Error infrequently detected before reaching patient
40-74 percent

2 – High

Error frequently detected before reaching patient
75-94 percent

1 - Very high

Error will almost always be detected 
95-100 percent

     
  3. Risk evaluation (Do we need to do something?)
 

Risk evaluation considers the evidence presented through the previous step (risk analysis) and a decision is taken either to take action to control the risk if considered high enough or no action if the risk is considered low.  In addition, risk evaluation can help safety teams prioritize a set of risks that have been identified thus facilitating the selection of the most significant ones for their treatment (risk control). There are two methods that can be used for risk evaluation

   
  Risk Matrix


A risk matrix will plot risk consequence against risk likelihood to reach an estimate or grade for the risk. Each institution should decide on the level (grade) at which the risk is considered unacceptable and that necessary measures are needed. Furthermore, such a matrix can aid in deciding what management level should be involved in the risk control and how rapid should the response be.

The following risk table can be used to help reach a decision:
 
 

Consequence

Likelihood

1
Insignificant

2
Minor

3
Moderate

4
Major

5
Catastrophic

5  - Certain

5

10

15

20

25

4  - Likely

4

8

12

16

20

3  - Possible

3

6

9

12

15

2  - Unlikely

2

4

6

8

10

1  - Rare

1

2

3

4

5

           

Risk

Low

Moderate

High

Extreme

 

 

1-3

4-6

8-12

15-25

 
     
 

Criticality Index 
The Criticality Index (CI) also known as the Risk Priority Number (RPN) is a numerical grading of the risk and can be used in prioritizing risks prior to the selection of the most significant ones for control. The CI can be calculated using the following formula:


CI =  L X C X D

    where L: likelihood
      C: Consequence
      D: Detectability

Framework for risk management


Basically risk management is composed of two consecutive steps; risk assessment followed by risk control. The following figure illustrates the various components of risk management.

fram

Integral to the framework is risk documentation, communication and review. The output of risk assessment and recommended controls are usually documented in a risk register. Risk communication is the sharing of information about risk between those involved in the program and all parties involved in patient care. Parties are expected to communicate at all stages of the program but essential is the communication of the risk management output as shown by the solid arrow in the framework which is facilitated by the risk register.. To ensure that the risk management program output is leading to an equivalent or acceptable increase in patient safety level a risk review process (re-risk assessment) of related adverse events is necessary which is then documented in the risk register for better monitoring. If such audit finds that the risk is still high a reconsideration of the risk control measures becomes essential and if that does not lead to risk reduction the risk assessment process might need to be re-initiated.

Introduction

Definitions


Risk management is the identification, assessment, and prioritization of risk followed by corrective action to minimize or control the probability of its occurrence in the future.
In risk management the term "risk" is used to mean simply the probability of something, usually harmful, happening while the term hazard means the event, or source, or situation that caused the harm.

Why conduct risk management?


The benefits of integrating risk management into clinical practice are many such as:

  1. Helps in creating a safety culture
  2. Improves patient safety
  3. Improves understanding and communication within healthcare team
  4. Improves quality of care
  5. Reduces complaints
  6. Helps in accreditation and revalidation
How to guarantee a successful risk management program?


The following issues are vital to settle before attempting to introduce a risk management program:

  1. Leadership commitment
  2. Patient safety culture
  3. Active incident reporting system
  4. Adequate resources (human and financial) to support the program
  5. Audit system to ensure that the program is delivering its intended output


When is risk management useful?

  1. When introducing a new process
  2. When redesigning an already ongoing process
  3. Evaluating the safety of an ongoing process
Approaches to risk management


Risk is part of everyone’s daily life. Clinical practice is no different and is full of risks to both patients and their carers. Traditionally risk management was reactive in its approach; waiting for the harm to happen then seeing how to prevent it from happening again. Nowadays, a more proactive approach is required where hazards are identified and the risk of harm anticipated and measures taken to prevent it or lesson its effects.