In this episode, Danette Slevinski of University Hospital in Newark, NJ and Tim Fournier of Rutgers, discuss the role of enterprise risk management during healthcare change.
Mike Passanante: Hi! This is Mike Passanante. And welcome back to the Hospital Finance Podcast.
Today, I’m joined by Danette Slevinski who is the Chief Compliance Officer for University Hospital in Newark, New Jersey, and Tim Fournier who’s the Senior Vice President and Chief Enterprise Risk Management, Ethics and Compliance Officer for Rutgers. Welcome, both of you, to the show.
Tim Fournier: Thanks, Mike.
Danette Slevinski: Thank you.
Mike: And today, Danette and Tim have joined to talk to us about enterprise risk management. They’re speaking on that here at the HFMA New Jersey Annual Meeting in Atlantic City.
So first, why don’t you tell us what the term “enterprise risk management” means? I think it might mean different things to different people.
Tim: You know, it’s a great question, Mike, because I think you’re right, a lot of times, people think about it as being insurance which is just the traditional risk management, financial risk management; others might think of it more as kind of an add-on or tag-on to compliance activities. I think it’s a lot more than that.
ERM, for me at least, is the process by which we identify, analyze, mitigate, and monitor risks across the entire spectrum of the organizational activity. Some of those are going to be strategic areas. Some of those are going to be financial areas. Some of those are going to be compliance areas of course. But it’s bringing all of those risk identification and analyses activities together so that we identify the opportunity for new opportunities for the organization, as well as for determining how much risk we’re willing to take on in the things that we do.
Danette: And I’d only like to add that to simplify if you were to just want one sentence. It’s really a process by which an organization or a group of professionals can make a decision.
And when you’re thinking about enterprise risk management, you’re looking forward. So you’re looking into the future as opposed to what we typically think of risk management, which is there has been a bad event that has happened, and we are now taking action to address that.
So, ERM is really a lot about looking forward at a process by which we can make good strategic decisions.
Tim: And Danette, you’re painting a great picture. I remember this cartoon from some years ago where it’s two individuals standing at the base of a cliff, and on the top of the cliff, there’s a big boulder sort of teetering on the edge. And the risk identification of course is pointing up and saying, “Hey, there’s a boulder. It’s about to fall.” The risk analysis is then discussing what’s the likelihood of it falling, what will happen to it if it falls down on us.
And then, sadly, I think for many of our organizations, the risk mitigation has been that we just run away when the boulder starts rolling down. What we’re really talking about is finding a way to prop up that boulder, so it doesn’t collapse on the organization.
Mike: And certainly, the key to enterprise risk management is probably the word enterprise, right? So what I’d like to hear from both of you about is why should providers consider deploying an enterprise risk management strategy versus handling risk in silos or pockets around the organization?
Danette: There is absolutely a benefit for each healthcare professional, each organizational professional, to work within their skill set. But when you’re dealing with enterprise risk management, you’re bringing all of those disciplines together and you’re thinking of the entire book of business of the organization.
You’re talking about either decisions that the organization is looking to make or opportunities or risks the organization is looking to be prepared for. And I think, really, the best way to do that is bringing those professionals together. It prevents duplication. It ensures the most robust decisions being made if it’s done efficiently.
Tim: I agree to that. And what I’ve seen in my career working with a lot of different organizations on these things is that, a lot of times, the ERM activity is the first time leadership teams have come together to really think about the issues facing the organization and have a dialogue in a really complex, constructive way.
Mike: And as with any organization, when you try to bring everyone together under one roof to do something, it comes with its own challenges.
Mike: And you’ve both experienced that. Why don’t you tell us a little bit about the challenges of deploying an ERM?
Tim: I think one of the things that comes up first any time I see an organization starting this dialogue is that people come looking at risk only through their operational lens.
You get the patient advocacy folks talking only about the experience. You get billing folks only talking about the financial risks associated with billing and coding. You get facilities people only talking about the needs to update the infrastructure for the hospital.
I think ERM gets all of those perspectives on the table and balances them in different ways. It’s getting to have that institution-wide perspective.
Danette: And I would add to that also thinking about the current healthcare market as well as many other arenas and many other markets. It’s so fast-paced now with so many challenges. It can feel daunting for individuals or for organizations. “How do we stay current? How do we stay relevant?”
And so, there of course are constraints of time, resources, money. Oftentimes, when you think of the group of people we all have together doing enterprise risk management, you add their salaries together in that room, it’s a very expensive meeting.
And so, conveying to those individuals the return on investment of bringing those people together is really critical.
And also teaching your leaders how to prevent duplication, that ERM is its own unique discipline, and dealing with challenges, those are just a few that we faced.
Tim: In that bandwidth, the time piece is so critical. For many of us, I think we say, “I don’t have the time to sit and have this conversation or evaluate risks now.” And what ends up happening is that we end up dealing with the issue once it occurs. The challenge there of course is that it’s more time-consuming and it’s more expensive.
And if you think about the boulder analogy again, once the boulder is rolling down the hill and you’re running away, it’s next to impossible to deal with that.
Mike: So, if you had a blank canvas to start from, and you were going to put together your ideal ERM framework, what should it look like and who should be involved?
Danette: So, really, the first question is: “What is your current organization?” Are you a one-hospital organization? Are you a multi-system diverse facility where you have a medical group, you have maybe an insurance plan, nursing homes, and multiple hospitals? Are you an academic medical center?
So, what is your organization? What are your current resources? And who are going to be the most engaged people who will sit in the room, the people who are able to make decisions, who are engaged, who have buy-in to the process?
So, we really first have to think about what are the unique aspects of your organization.
And how do you pull the right individuals into the room—a meeting that’s too big, more than 15 people, even more than 10, but fewer than five? Who are the right people to have in the room?
Tim: Absolutely! And Mike, back to the question of a little bit before where you were asking, and that’s to focus on the question of why you’re even bothering with the ERM program. If it’s really just about checking the box, then you’re not going to get the value that ERM brings, identifying opportunities to helping you anticipate the challenges with fulfilling those opportunities. You’re not going to be focused on strategic objectives. You’re going to be focused on just the compliance side. And that’s only one of many issues that have to be considered.
Mike: And as you sort of alluded to, each organization handles these things differently. They’re going to approach ERM differently. And they may have different people within the organization that are participating in it, but also leading it. They may have an enterprise risk officer, or they may have another leader within the organization, who is in charge of that committee or that process.
Regardless of who that person is, what is their role? What should they be doing?
Tim: I think the biggest part is really to facilitate those conversations. And that’s a lot harder than it sounds. It’s not just putting people in a room and setting an agenda for a conversation. It’s also pulling out the perspective and the expertise of each of the people sitting in the room through their operational lens, and applying it more broadly.
It also means coming in to those conversations prepared. So if you know you’re going to be talking about the patient experience, you should have some perspective already walking in about what your organization’s experience historically has been, how are patients responding, how was leadership responding, what infrastructure changes have you put in place in the past already, are they working or are they not.
It’s coming in armed with data. It’s bringing the ability to get people to actually talk about the issues that they might not otherwise feel comfortable discussing.
Danette: And I’ll elaborate on that by saying there is the pre-work (so the work before the meeting) and then the work within the meeting.
So, your pre-work, once you have the right individuals identified, meeting with them, interviewing them, getting buy-in from them on what the risk enterprise management process is, helping enable them to do research within their areas. Maybe you have a chief nurse, your chief operating officer, your chief financial officer. Each one of them is going to have a different perspective on the different domains of enterprise risk.
And so, those pre-interviews, both teaching and then sparking each of these experts to think about what they’ll be doing in the meeting. And then, once you’re in the meeting, having the right materials, making sure that the staff are aware of how you’re going to be ranking risk, what does it mean to select a likelihood or an impact of risk, what are the different tools that are going to be used, maybe even providing some articles, some great white papers on a particular topic that you’re talking about, whether it’s patient experience or reimbursement scheme.
So really, a strong facilitator with really strong pre-meeting preparation and in-meeting facilitation.
Tim: And you’re talking about leaders sitting around that table who have pretty strong opinions and strong personalities of their own.
Recently, we were with a group at Rutgers. Of course, our areas of responsibility go beyond just the healthcare side. So I’ll use examples that are not healthcare just to illustrate.
I brought in a group where one individual’s perspective is that the only thing that matters to us is financial sustainability; another giving the perspective that all that matters to us is updating our aging facilities; another came in with a perspective that all that matters is active shooters on the property, public violence issues (and very timely of course right now).
All of those are really important perspectives. But if all of them are your number one priority, you never move forward.
So, to answer your question, again, I think the individual who’s driving this needs to be able to help the leadership team understand how to prioritize and place these things relative to each other in your next year’s tasks.
Mike: Since we’re at a healthcare financial management meeting, let me ask you, how would a provider go about assigning risk to financial risks say around revenue diversification or changes in payer mix.
Danette: So, in terms of preparing to bringing a group together to discuss financial challenges that might be facing a healthcare organization, again, you want to first make sure you have the right people in the room, and also to understand where your organization is and where your organization needs to be.
So, you have organizations that currently have implemented best practices, that are much more prepared for pay-per-performance, that will have a really strong quality metrics, and a lot of great clinical quality and financial integration. And then, you have some organizations that are really still learning about the different types of payer models and the technology needed to capture the information to be successful.
So, I really think that, when you’re bringing those folks in, you first really have to understand what’s the current status of your organization, are there any learning curves that need to be addressed before those discussions about enterprise risk management.
And then, within the meeting, really strongly facilitating discussions about where do we need to be. And even though we’re talking about finance, there could still be clinical, regulatory, quality, and even in some cases physical plant implications that need to be addressed in order to make sure you’re getting the outcome that you’re looking for.
Tim: And one of the hardest parts about that is that nobody really has the crystal ball about what’s going to happen to reimbursement structures in the future. The best way to prepare for that of course is to be up to date on all the changes that are going on, also to be looking at the kinds of contracts that you have for managed payment, I’ll say it that way, with all of your payers, and then be developing the kinds of infrastructures that can address whatever changes might come.
Mike: My last question for you is one of organizational culture because each organization comes to risk and problems associated with risk with their own level of tolerance. Some organization, as you know I’m sure, are much riskier than others; others are sort of “more conservative.”
So, how can an organization assess its own level of risk tolerance and weight that appropriately against very specific risks?
Tim: When you think about organizational culture, at the end of the day, I think there are very few organizations where the leadership team doesn’t want to move the organization forward and very few organizations where, at least at some level, they’re not anticipating or understanding the value that that risk analysis brings to their ability to move the organization forward.
But I think there are some things culturally that get in the way.
A lack of flexibility, people being very focused in their organizational silos I think makes it very difficult to break out of those silos to evaluate risks from an organizational perspective.
Also, I think, culturally, one of the things that I always fear going into these kinds of activities is analysis paralysis, that we start talking so much about a risk event, and we start quantifying it, or attempting to quantify it, in such a detailed, precise way that we lose the meaning. We focus on the trees, not the forest. And the challenge there is that, when we think about data and we’re all focused on the importance of bringing data into our decisions, this is an area where data is critically important, but an overemphasis on the precision of data can be really distracting to the ultimate goal.
Danette: One other aspect of culture that I wanted to focus on was even change that is absolutely necessary to keep an organization relevant and/or to make the best practice, even those really critical changes are hard. Many organizations, many people resist change, even good change.
And so, the challenge for the enterprise risk management leader is to balance this worry about losing the authenticity of your current organization and its current culture, dealing with this resistance to change, and to some extent, the fear of what the future will look like.
So, being able to strongly convey that organizations are continuously going to have to adapt and move forward. It can help steer things forward.
But knowing your culture is also critical too, anticipating what some of the challenges are. Maybe because of the way your organization is transitioning from in-patient care to out-patient care or home care, you know you’re going to have to make some serious workforce changes. Knowing that head on and being able to anticipate that and making sure your chief human resource officer is armed with training programs to help get our staff moved into other positions, anticipating challenges with collective bargaining agreements with labor unions, knowing that is significant because we know cultural change is hard.
Tim: That’s right! in our recent article, Danette had a great idea, a great insight tying the ERM concept to that classic business book of Who Moved My Cheese. We talked a little bit about the characters in that book in the article in the context of ERM. And I think there are very few organizations that are like Scratch and Sniff, the mice who recognized very early that the availability of cheese was going to decline. And so they looked for new opportunities right up front.
I think more of our organizations are like Hem and Haw. Some never recognize that and move into a downward spiral. For those of us who are like Haw, we’re recognizing maybe a little later than Scratch and Sniff—but we’re recognizing—that there are a lot of changes that we have to keep up within healthcare, some that are unlike anything we’ve seen in the last 50 years.
And so, now, we’re really coming to the recognition that we have to sit and analyze those and figure out the direction for the organization.
Culturally, when we talk about culture, that’s such an embedded mindset. All of these different silos that we just talked about are such an embedded mindset in the culture that you also need someone—to go back to your question about the ERM driver—who can help leaders recognize that and help them break out of the mold, if you will.
Mike: Danette and Tim, thank you for a very vibrant discussion around enterprise risk management and for spending some time today with me on the Hospital Finance Podcast.
Danette: Thank you!
Tim: Thanks, Mike.