April 23, 2019 – There are many people in the Healthcare world that would tell you, a hospital is the most regulated “industry” in the United States. Quite literally, they are overseen by just about every acronym agency in the US’s employ. As you can image, the regulations pertaining to hospital safety are exponentially more in depth than most. This is not to say working in a hospital is more dangerous than heavy construction, but things go deeper than traditional worker safety.
A hospital safety officer will tell you that most Authorities Having Jurisdiction (AHJs) refer to “safety” as the Environment of Care (EOC). If you were to try to dissect the EOC, than you would end up with many things spilled out in front of you. While these are equally important, for time’s sake we will focus on the three main areas.
Obviously in order to have a safe EOC you have to focus on the people. This includes patients, visitors and the staff working in the facility. Much like in the business world, you need a staff to do the work and you need “clients” to receive the product.
If you want to run an effective hospital than you need a safe building to operate from. It will be strong and built to the most rigorous code according to the AHJ. While there are many new businesses that do not need a building to operate, having a safe building or place of operations is still vital to a business.
Have you ever wondered how a hospital keeps track of all their equipment? I was one of those people who helped oversee all the equipment as well as the equipment safety in the hospital. Think of all the machines from MRI scanners, EKG machines, blood pressure cuffs and many more. Now, add in all the HVAC units, boilers, chillers, cooling towers and fire doors. These comprise the third leg of the EOC and are crucial to running a safe hospital, how would your business operate without safe equipment?
Now that I’ve broken out the three main areas of the EOC, let’s connect the dots as to how hospital safety translates into enterprise risk management. This is just an overview with the high points, as a much larger document would be needed to teach an actual class.
In order to manage risk with your staff you need to have certain things in place correct? Things such as HR policies governing time, attendance, dress code, appropriate behavior, corrective action and things of that nature. You also need to consider what controls are needed to keep your staff safe. Depending on your business, this might be several different things from personal protective equipment, a secure facility to work in, fire alarm systems, and security personal. What about your risk might be losing you good employees?
In effectively managing your people-based risk, you will need to retain good employees to keep your operations successful. Do you have injury protection protocols in place to help staff return to work after a work related injury? Does your company offer any benefit packages such as health insurance, PTO and 401k? What does your safety incentive program look like?
Depending on your business this list could expand. Nevertheless, you should be thinking about how to keep your staff safe in their everyday work environment and how you will retain good employees to cut down on training costs. Then, you can think about things such as Workers’ Compensation and Employee dishonesty insurance to cover you on things you cannot mitigate completely.
What about your clients? How do you keep clients safe if they enter into your facility? What do you do when your product causes them harm at point of use? What happens when a lawsuit settlement is higher than the limits of your insurance? Have you put in quality-control measures to protect not only your client, but also your business in the event something goes wrong? This phrase will be repetitive in risk management. Step one is to remove what risk you can, and step two is to lessen the impact of the risk you cannot control.
Are you looking at stained ceiling tiles above your head right now? Did you have Joe and Bill do your last office renovation without permitting or CAD drawings? How many square feet is your building(s) and do you have a fire sprinkler or detection system? If you were to build a new facility would you use non-combustible materials or cheap frame construction? These questions should be causing you to think deeply about your building. I know what you are thinking, “you are a risk guy in the insurance world”, sell me property policy and move on. In today’s informed society that will not cut it anymore. What if I were to tell you most reputable carriers put standards in place on buildings, before they are willing to insure? There should always be some nonnegotiable items when you are building, purchasing or renovating a building for your business. Depending on your business, the list will change, but you should be constructing something that will last. Moreover, in doing so the insurance coverage you wanted will now be a much better policy, with all the bells and whistles, at a rock bottom rate.
Finally, to the last piece, equipment. Tell me your business is online, you do not have equipment, and I will tell you where you do. What about that laptop you use to conduct your online business, how is it protected? How do you keep your clients information secure from hackers?
You use the cloud? Well I hate to break it to you but the cloud has a server farm out there rotating through the used and stored data on a daily basis. Do you trust your cloud provider to pay your clients back after their identity has been stolen?
That was a lot, and we only discussed a single industry. Image general contractors with light trucks, heavy trucks, field fork lifts, drills, hammers, generators, jack hammers, small track hoes, and more. How are you keeping your equipment safe? Do you have an inventory system? Is mobile equipment tracked via GPS (low-jack for the folks of my generation) and who has access to it? What does your maintenance program look like and how do you remove a piece of equipment that is not operating at full safety specifications?
The simple answer of “I’ll just buy insurance from that insurance guy I read a blog on once” will not cut it anymore. Yes, buy insurance that is a piece of it, but would you want your family member getting an MRI on piece of equipment that has had zero maintenance and is operating on a “run-to-fail” program?
You can buy insurance from anyone, literally almost anyone. Heck, Dave Ramsey is now offering affordable personal insurance and would love for your help with his financial peace. (No harm intended here, I agree with Dave’s philosophy)
So yes, buy insurance but stop using it as your risk mitigation tool! Enterprise risk management is a process to better prepare you, and your business so you can focus on the future, not the what-if’s.
Insurance policies are costly and contain confusing language. While they are necessary and in many cases required for your business, they do not have to be the “necessary evil” most people refer to it as. So let me ask you one last question, are you dealing with a risk manager or an insurance salesman?