This Health Care Risk Manager Wants the Industry to Look to ERM for Better Business Solutions
My first job out of college was as an emergency room nurse at Johns Hopkins Hospital in Baltimore.
R&I: How did you transition from nursing to a career in risk management?
During my second job, which was on a high-risk obstetrics unit, a couple of my coworkers became involved in a lawsuit. They were really upset, and it didn’t seem like the attorney who was defending the hospital had a lot of empathy for how it felt to be a nurse involved in that situation.
I’d always known I was going to go to graduate school, and I was in the process of figuring out what I wanted to do. It occurred to me that an attorney should have a better understanding of what it’s like to be a health care professional in that position. I could be that attorney. So, I decided to go to law school and have helped to manage risk and provide defense for health care providers ever since.
R&I: What’s been the biggest change in the risk management and insurance industry?
In health care, it’s the complexity of relationships between various health care providers and vendors. The risks have expanded and become more complex, especially with respect to cyber issues.
As we get more dependent on technology and the Internet of Things, some of the vendors we have to work with are very small companies, and they don’t necessarily have the right IT security infrastructure in place, and they definitely don’t have the insurance in place. But we have little negotiating leverage, because these vendors provide services our business partners in the hospital tell us they really need.
It’s a colossal risk for us. We’re not really worried about the routine medical malpractice case anymore; we’re worried about some hackers taking over our IV pumps. The risks have gotten more complicated, and therefore, the coverage we need has become a lot more complicated.
R&I: What are some trends or changes you’re watching specific to health care?
Case severity seems to be going up. Reputational risk is also increasing, thanks to social media. Anybody can get online and make salacious accusations that can go viral in minutes. In the court of public opinion, people are judged before you have a chance to defend yourself. It’s impossible to fully prevent that from happening, and when it does happen, responding to it is challenging.
R&I: What’s the biggest challenge you’ve faced in your career?
Reshaping our program after we had a major leadership change in 2012, when our new CEO came on board. I had a lot of support, so it turned out great. Personally, it’s challenging to keep up with all the change and to make sure that you’re up on the latest trends and the proposed laws and the complexity and interconnectedness of it all.
One of the toughest tasks is keeping your workforce educated on all the risks, because one employee can bring your whole company down in terms of your IT systems or publicizing some event that goes viral. You have to hire the right people, set expectations about behavior and hold people accountable and keep up with things as they change. It’s a little like drinking from a fire hose.
R&I: What role does technology play in your company’s approach to risk management, and how do you think technology will continue to shape the industry?
Tech can be very helpful and also very risky. It has helped us work smarter versus harder in some respects. Incident reporting is one example. The systems are so much better than they used to be; we even have a mobile app for staff to use in the building, so they can very easily and quickly complete an incident report.
That makes a big difference. We also have the ability to mine the electronic medical record for potential unreported events, which we call trigger reporting. We’re also using simulation training to train providers for crisis scenarios.
R&I: Who is your mentor and why?
Since I’ve been here, my boss Mary Anne Hilliard has been a big mentor to me and has been a pioneer in health care risk management and patient safety.
R&I: What advice might you give to students or other aspiring risk managers?
Two points: One, always have a curious mind. Know what you don’t know and don’t be afraid to ask questions. And two, don’t underestimate the importance of relationship building in doing risk management work. To be a successful risk manager, you have to be viewed as a business partner and an enabler of decisions — not the Department of No.
R&I: What are your goals for the next 5 to 10 years of your career?
I would like to be one of the pioneers in solidifying ERM in health care. We’re way behind other industries in terms of our sophistication and implementation of real ERM, and I’d like to be one of the first to get that done in my organization and prove the business case for it. So hopefully 10 to 15 years from now, ERM will be as mature for health care as it is for, say, the financial industry.
R&I: Why is health care lagging in ERM sophistication?
e’ve been very focused on patient safety, and rightly so, but a lot of the things that we’ve done to make care more safe and reliable — those same principles apply to the business aspects, but we haven’t really taken stock on the business and operations side of the house.
R&I: What is the most unusual/interesting place you have ever visited?
Morocco. I was there for vacation; we went to visit our daughter who was doing a semester abroad. I’d never been to Africa. Things there were just so ancient and actually very well-preserved, like Roman ruins. And there was just great food and culture. &
Learn More: Rebecca Cady was one of Risk & Insurance®‘s 2018 Risk All Stars. Read more about the awesome strides Cady’s made in her risk management program.