Sponsored Content by Riskonnect

Risk Data Integration Elevates Healthcare ERM

A truly integrated healthcare risk management platform will improve provider organization efforts to practice effective Enterprise Risk Management (ERM).
By: | April 18, 2017 • 6 min read

Healthcare risk management starts with patient safety. No other industry holds responsibility over people’s quality of life quite like healthcare, where mistakes hold dire consequences for patients, families, providers and organizations.

But there are many more risks to consider beyond this critical area.

Governance and compliance risk, emergency preparedness and business continuity, vendor and supply chain risk and strategic risks don’t exist in isolation. They are all interconnected, and many can impact patient safety.

“Patient safety is the traditional entry point for risk management in healthcare,” said Jay Lechtman, Senior Director, Market Development & Strategy, Riskonnect, “but you also need to look at the whole picture to understand how your risks are connected.”

“Just as healthcare provider organizations adopted lean six sigma from manufacturing, safety checklists from aviation, and high-reliability organizations from nuclear energy and defense, they are now adopting enterprise risk management from other industries — such as financial services — as a best practice.”

But ERM doesn’t necessarily place risks in context, and can still be fragmented. To ensure a more holistic approach, risk managers need to practice it as integrated risk management.

What is Integrated Risk Management?

Senior Director, Market Development & Strategy

Integrated risk management calls for risk managers to see the connections between different areas of risk and find solutions that mitigate the total exposure.

In a primer for member boards and trustees, the American Society of Healthcare Risk Management (ASHRM) explains that organizations can start with an enterprise risk management approach and then make comparisons among its risks to see how they interact with one another and what cumulative impact they have on the organization.

“That elevated view of risk is integrated risk management,” Lechtman said. AHSRM has been making efforts since 2014 to educate healthcare organizations on integrated risk management and provide tools to develop the approach.

And most if not all of these efforts come back to improving patient safety.

Pharmaceutical supply chain risk, for example, has often been involved with potentially dangerous medication errors.

“Medication errors are a commonly reported patient safety event, and drug shortages have frequently been identified as a causal or contributory factor in these errors,” Lechtman said. “It’s not a surprising fact. Clinicians unfamiliar with new drugs and their prescription and administration protocols are more likely to make mistakes.”

Yet, identifying drug shortages as a factor in isolation requires lengthy investigations, root cause analyses and enough data aggregation to see clear trends.  Somewhere there is a disconnect between supply chain risk management and downstream clinical risk management. Fragmented ERM fails to take into account how vendor risks can directly impact patients.

Now, external resources – like the FDA’s Drug Shortages Database – help healthcare providers monitor and manage this issue, but Lechtman argues that effective integrated risk management could have helped the solve the problem internally.

“In integrated risk management, the pharmacy supply chain risk could be identified and mitigated much faster, with protocols put in place to train staff on use of identified alternative medications to reduce unfamiliarity and error,” Lechtman said.

Crisis management and business continuity offer another example. New Conditions of Participation for Medicare that go into effect later this year will require healthcare providers to improve emergency preparedness, which includes having business continuity plans. Patient safety is again a critical factor in planning for transportation and use of backup supplies and facilities in the event of an emergency.

Nearly all hospitals and health systems report trying to implement ERM at some level of their organization. But, even if they want to integrate it, they have lacked the technology to enable the vision.

“Legacy vendors focus on patient safety, claims and risk management specifically designed for healthcare. They don’t support broader risk management, governance and compliance risk that healthcare organizations sorely need,” he said.

Achieving True Integration

Other industries, where patient safety isn’t a consideration, have been working towards an integrated approach for years. The financial services sector, for example, has been implementing Governance Risk and Compliance (GRC) solutions for much longer due to its exposure to regulatory and compliance risk. The healthcare industry’s late arrival to ERM gives it a unique opportunity to learn from others’ mistakes and “leapfrog” over other sectors, Lechtman said.

“Just as much of the developed world skipped building expensive wired communications infrastructure in favor of cell phones, healthcare has the opportunity to leapfrog into true integrated risk management and avoid the pitfalls of a fragmented, siloed ERM approach,” he said.

However, “it’s hard to succeed in integrated risk management when information systems can’t handle it,” Lechtman said.

The ideal integrated risk management solutions for healthcare need to excel at helping provider organizations identify and manage their unique hazard risks — like patient safety — while seamlessly scaling to other insurable and strategic risks types that healthcare shares with other industries. And, of course, they need to be able to secure sensitive healthcare data and support healthcare privacy compliance.

Seeing is Believing

Riskonnect’s Integrated Risk Management Solutions™ check all the boxes. Scalable on a single platform, the system can handle everything from patient safety, patient relations, claims and litigation management, peer review, accreditation and HIPAA compliance, employee safety and health, governance risk, reputation risk, reimbursement risk, vendor and supply chain risk, business continuity management and strategic risk.

“We’ve taken lessons from other industries, and we’ve incorporated that into our healthcare approach so that, instead of providing another limited point solution, we can do everything for healthcare risk and do it well,” Lechtman said.

Riskonnect backs up its technology with a combination of clinical healthcare experience and risk management expertise is that is necessary for risk managers to draw the connections between patient safety and other risk areas.

“If you can make the connection from other risk areas back to patient safety, you can improve that critical risk area faster and more effectively. “Limited and siloed patient safety systems just can’t do that.”

Riskonnect’s Integrated Risk Management Solutions™ can house and allow access to data and workflows connected to all risks. The solutions provide all the functions that a risk manager or claims professional might need, from notifications to determination of compensability through to follow-ups, and everything in between.

The description alone is compelling, but nothing compares to actually experiencing everything the system can do on a day-to-day basis.

“Seeing really is believing,” said Lechtman. “People are blown away when they see what true integrated risk management can accomplish.”

For more information on Riskonnect Healthcare, visit: https://riskonnect.com/integrated-risk-management-solutions/healthcare/

For more information on Riskonnect Integrated Risk Management Solutions, visit: https://riskonnect.com/integrated-risk-management-solutions/

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Riskonnect. The editorial staff of Risk & Insurance had no role in its preparation.




Riskonnect is the only global provider of Integrated Risk Management technology solutions. Built on the world’s leading cloud platform, Riskonnect finally allows you to break down the silos and unite your entire organization.

Risk Report: Hospitality

Bridging the Protection Gap

When travelers stay home, hospitality companies recoup lost income through customized, data-defined policies.
By: | October 12, 2017 • 9 min read

In the wake of a hurricane, earthquake, pandemic, terror attack, or any event that causes carnage on a grand scale, affected areas usually are subject to a large “protection gap” – the difference between insured loss and total economic loss. Depending on the type of damage, the gap can be enormous, leaving companies and communities scrambling to obtain the funds needed for a quick recovery.

Advertisement




RMS estimates that Hurricane Harvey’s rampage through Texas could cause as much as $90 billion in total economic damage. The modeling firm also stated that “[National Flood Insurance Program] penetration rates are as low as 20 percent in the Houston area, and thus most of the losses will be uninsured.”

In addition to uninsured losses from physical damage, many businesses in unaffected surrounding areas will suffer non-physical contingent business interruption losses. The hospitality industry is particularly susceptible to this exposure, and its losses often fall into the protection gap.

Natural catastrophes and other major events that compromise travelers’ safety have prolonged impacts on tourism and hospitality. Even if they suffer no physical damage, any hotel or resort will lose business as travelers avoid the area.

“The hospitality industry is reliant on people moving freely. If people don’t feel safe, they won’t travel. And that cuts off the lifeblood of the industry,” said Christian Ryan, U.S. Hospitality and Gaming Practice Leader, Marsh.

Christian Ryan
U.S. Hospitality and Gaming Practice Leader, Marsh

“People are going away from the devastation, not toward it,” said Evan Glassman, president and CEO, New Paradigm Underwriters.

Drops in revenue resulting from decreased occupancy and average daily room rate can sometimes be difficult to trace back to a major event when a hotel suffered no physical harm. Traditional business interruption policies require physical damage as a coverage condition. Even contingent business interruption coverages might only kick in if a hotel’s direct suppliers were taken offline by physical damage.

If everyone remains untouched and intact, though, it’s near impossible to demonstrate how much of a business downturn was caused by the hurricane three states away.

“Hospitality companies are concerned that their traditional insurance policies only cover business interruption resulting from physical damage,” said Bob Nusslein, head of Innovative Risk Solutions for the Americas, Swiss Re Corporate Solutions.

“These companies have large uninsured exposure from events which do not cause physical damage to their assets, yet result in reduced income.”

Power of Parametrics

Parametric insurance is designed specifically to bridge the protection gap and address historically uninsured or underinsured risks.

Parametric coverage is defined and triggered by the characteristics of an event, rather than characteristics of the loss. Triggers are custom-built based on an insured’s unique location and exposures, as well as their budget and risk tolerance.

“Triggers typically include a combination of the occurrence of a given event and a reduction in occupancy rates or RevPar for the specific hotel assets,” Nusslein said. Though sometimes the parameters of an event — like measures of storm intensity — are enough to trigger a payout on their own.

For hurricane coverage, for example, one policy trigger might be the designation of a Category 3-5 storm within a 100-mile radius of the location. Another trigger might be a 20 percent drop in RevPAR, or revenue per available room. If both parameters are met, a pre-determined payout amount would be administered. No investigations or claims adjustment necessary.

Advertisement




The same type of coverage could apply in less severe situations where traditional insurance just doesn’t respond. Event or entertainment companies, for example, often operate at the whim of Mother Nature. While they may not be forced to cancel a production due to inclement weather, they will nevertheless take a hit to the bottom line if fewer patrons show up.

Christian Phillips, focus group leader for Beazley’s Weatherguard parametric products, said that as little as a quarter- to a half-inch of rain over a four- to five-hour period is enough to prevent people from coming to an event, or to leave early.

“That’s a persistent rainfall that will wear down people’s patience,” he said.

“A rule of thumb for parametric weather coverage, if you’re looking to protect loss of revenue when your event has not actually been cancelled, you will probably lose up to 20 to 30 percent of your revenue in bad weather. That depends on the client and the type of event, but that’s the standard we’ve realized from historical claims data.”

The industry is now drawing on data to establish these rules of thumb for more serious losses sustained by hospitality companies after major events.

“Until recently the insurance industry has not created products to address these non-physical damage business interruption exposures. The industry is now collaborating with big data companies to access data, which in turn, allows us to structure new products,” Nusslein said.

Data-Driven Triggers

Insurers source data from weather organizations that track temperature, rainfall, wind speeds and snowfall, among other perils, by the hour and sometimes by the minute. Parametric triggers are determined based on historical storm data, which indicates how likely a given location is to be hit.

“We try to get a minimum of 30 years of hourly data for those perils for a given location,” Phillips said.

“Global weather is changing, though, so we focus particularly on the last five to 10 years. From that we can build a policy that fits the exposure that we see in the data, and we use the data to price it correctly.”

New Paradigm Underwriters collects their own wind speed data via a network of anemometers that stretch from Corpus Christi, Texas, all the way to Massachusetts, and works with modeling firms like RMS to gather additional underwriting information.

The hospitality industry is reliant on people moving freely. If people don’t feel safe, they won’t travel. And that cuts off the lifeblood of the industry.– Christian Ryan, U.S. Hospitality and Gaming Practice Leader, Marsh

While severe weather is the most common event of concern, parametric cover can also apply to terrorism and pandemic risks.

“We offer a terror attack quote on every one of our event policies because everyone asks for it,” said Beazley’s Phillips.

Advertisement




“We didn’t do it 10 years ago, but that’s the world we live in today.”

An attack could lead to civil unrest, fire or any number of things outside an insured’s control. It would likely disrupt travel over a wide geographic region.

“A terrorist event could cause wide area devastation and loss of attraction, which results in lost income for hospitality companies,” Nusslein said.

Disease outbreaks also dampen travel and tourism. Zika, which was most common in South America and the Caribbean, still prevented people from traveling to south Florida.

“Occupancy went down significantly in that region,” Marsh’s Ryan said.

“If there is a pandemic across the U.S., a parametric coverage would make sense. All travel within and inbound to the U.S. would go down, and parametric policies could protect hotel revenues in non-impacted areas. Official statements from the CDC such as evacuation orders or warnings could qualify as a trigger.”

Less data exists around terror attacks and pandemics than for weather, though hotels are taking steps to collect information around their exposure.

“It’s hard to quantify how an infectious disease outbreak will impact business, but we and clients are using big data to track travel patterns,” Ryan said.

Hospitality Metrics

Any data collected has to be verified, or “cleaned.”

“We only deal with entities that will clean the data so we know the historical data we’re getting is accurate,” Phillips said.

“There are mountains of data out there, but it’s unusable if it’s not clean.”

Parametric underwriters also tap into the insured’s historical data around occupancy and room rates to estimate the losses it may suffer from decreased revenue.

Bob Nusslein, head of Innovative Risk Solutions for the Americas, Swiss Re Corporate Solutions.

“The hospitality industry uses two key metrics to measure loss of business income. These include occupancy rate and revenue per available room, or RevPAR. These are the traditional measurements of business health,” Swiss Re’s Nusslein said.  RevPAR is calculated by multiplying a hotel’s average daily room rate (ADR) by its occupancy rate.

“The hotel industry has been contributing its data on occupancy, RevPAR, room supply and demand, and historical data on geographical and seasonal trends to independent data aggregators for many years. It has done an exceptional job of aggregating business data to measure performance downturns from routine economic fluctuations and from major ‘Black Swan’ events, like the 9/11 terrorist attacks, the 2008 financial crisis or the 2009 SARS epidemic.”

Claims history can also provide an understanding of how much revenue a hotel or an event company has lost in the past due to any type of business interruption. Business performance metrics combined with claims data determine an appropriate payout amount.

Like coverage triggers, payouts from parametric policies are specifically defined and pre-determined based on data and statistical evidence.

This is the key benefit of parametric coverage: triggers are hit, payment is made. With minimal or no adjustment process, claims are paid quickly, enabling insureds to begin recovery immediately.

Applying Parametric Payments

For hotels with no physical damage, but significant drops in occupancy and revenue, funds from a parametric policy can help bridge the income gap until business picks up again, covering expenses related to regular maintenance, utilities and marketing.

Because payment is not tied to a specific type or level of loss, it can be applied wherever insureds need it, so long as it doesn’t advance them to a better financial position than they enjoyed prior to the loss.

Advertisement




Parametric policies can be designed to fill in where an insured has not yet met their deductible on a separate traditional policy. Or it could function as excess coverage. Or it could cover exposures excluded by other policies, or for which there is no insurance option at all. Completely bespoke, parametric coverages are a function of each client’s individual exposures, risk tolerance and budget.

“Parametric insurance enables underwriting of risks that are outside tolerance levels from a traditional standpoint,” NPU’s Glassman said.

The non-physical business interruption risks faced by the hospitality industry match that description pretty closely.

“Hotels are a good fit for parametric insurance because they have a guaranteed loss from a business income standpoint when there is a major storm coming,” Glassman said.

While only a handful of carriers currently offer a form of parametric coverage, the abundance of available data and advancement in data collection and analytical tools will likely fuel its popularity.

Companies can maximize the benefits of parametric coverages by building them as supplements to traditional business interruption or event cancellation policies. Both New Paradigm Underwriters and Beazley either work with other property insurers or create hybrid products in-house to combine the best of both worlds and assemble a comprehensive risk transfer solution. &

Katie Siegel is an associate editor at Risk & Insurance®. She can be reached at [email protected]