Systematic implementation of clinical risk management in a large university hospital: the impact of risk managers
For health care systems in recent years, patient safety has increasingly become a priority issue. National and international strategies have been considered to attempt to overcome the most prominent hazards while patients are receiving health care. Thereby, clinical risk management (CRM) plays a dominant role in enabling the identification, analysis, and management of potential risks. CRM implementation into routine procedures within complex hospital organizations is challenging, as in the past, organizational change strategies using a top-down approach have often failed. Therefore, one of our main objectives was to educate a certain number of risk managers in facilitating CRM using a bottom-up approach.
To achieve our primary purpose, five project strands were developed, and consequently followed, introducing CRM: corporate governance, risk management (RM) training, CRM process, information, and involvement. The core part of the CRM process involved the education of risk managers within each organizational unit. To account for the size of the existing organization, we assumed that a minimum of 1 % of the workforce had to be trained in RM to disseminate the continuous improvement of quality and safety. Following a roll-out plan, CRM was introduced in each unit and potential risks were identified.
Alongside the changes in the corporate governance, a hospital-wide CRM process was introduced resulting in 158 trained risk managers correlating to 2.0 % of the total workforce. Currently, risk managers are present in every unit and have identified 360 operational risks. Among those, 176 risks were scored as strategic and clustered together into top risks. Effective meeting structures and opportunities to share information and knowledge were introduced. Thus far, 31 units have been externally audited in CRM.
The CRM approach is unique with respect to its dimension; members of all health care professions were trained to be able to identify potential risks. A network of risk managers supported the centrally coordinated CRM process. There is a strong commitment among management, academia, clinicians, and administration to foster cooperation. The introduction of CRM led to a visible shift with regard to patient safety culture throughout the entire organization. Still, there is a long way to go to keep people engaged in CRM and work on national and international patient safety initiatives to continuously decrease potential hazards.
KeywordsRisk management Training/education Design for safety
Systematische Einführung vom Klinischen Risikomanagement in einem Universitätsklinikum: Bedeutung von Risikomanagern
Das Thema Patientensicherheit hat in den letzten Jahren im Gesundheitswesen zunehmend an Bedeutung gewonnen. Nationale und internationale Strategien wurden entwickelt, um die häufigsten Risiken, die während des Behandlungsprozesses auftreten können, bestmöglich zu vermeiden. In diesem Kontext nimmt das Klinische Risikomanagement (KR) eine wichtige Rolle ein, um Risiken zu identifizieren, zu analysieren und zu bearbeiten. Die Implementierung des KR in bestehende Routineprozesse innerhalb eines komplex organisierten Krankenhauses ist jedoch eine Herausforderung, da organisatorische Veränderungen mit einem Top-down Ansatz in der Vergangenheit oft nicht funktionierten. Unser Ziel war es daher, eine gewisse Anzahl an Risikomanagern auszubilden, um das Thema KR im Bottom-up Ansatz aufzubauen.
Um das primäre Ziel der Implementierung des KR zu erreichen, wurden fünf Stoßrichtungen entwickelt und konsequent verfolgt: Unternehmensführung, Risikomanagement-Training, Prozess KR, Information und Beteiligung. Einen großen Anteil am Prozess KR nahm die Ausbildung von Risikomanagern in jeder Organisationseinheit ein. Die Größe des Krankenhauses berücksichtigend, war die Ausbildung von zumindest 1 % der Mitarbeiter im KR vorgesehen, um das Thema wie auch die Verbesserungsmaßnahmen in Bezug auf Qualität und Sicherheit angemessen zu verbreiten. Gemäß Roll-out-Plan wurde das KR in jeder Organisationseinheit eingeführt und Risiken wurden identifiziert.
Neben Änderungen in der Unternehmensführung wurde ein krankenhausweiter KR-Prozess mit insgesamt 158 ausgebildeten Risikomanagern eingeführt, dies entspricht 2,0 % der Mitarbeiter. Risikomanager sind auf allen Organisationseinheiten vorhanden und identifizierten insgesamt 360 operative Risiken. Davon wurden 176 Risiken als strategische Risiken bewertet und zu Top-Risiken gruppiert. Zusätzlich wurden neue Meeting-Strukturen und Möglichkeiten zum Informationsaustausch eingeführt. Bislang wurden 31 Organisationseinheiten im KR extern auditiert.
Der eingeführte KR-Prozess ist einzigartig in seiner Ausprägung, Mitarbeiter aus allen Berufsgruppen wurden ausgebildet und identifizierten potentielle Risiken. Ein Netzwerk von Risikomanagern unterstützt den zentral gesteuerten KR-Prozess. Die kollegiale Führung, die Medizinische Universität, die Mitarbeiter der Kliniken und das Management unterstützen das KR. Im Krankenhaus führte der KR-Prozess zu spürbaren Veränderungen hinsichtlich der Patientensicherheitskultur. In den kommenden Jahren konzentrieren wir uns darauf, die Mitarbeiter auch weiterhin im KR einzubinden, um nationale und internationale Patientensicherheitsinitiativen umzusetzen.
SchlüsselwörterRisikomanagement Training/Ausbildung Sicherheitsdesign
Within nuclear, oil, and aerospace industries, there exists a long tradition of risk management (RM) to ensure safe environments and products . In health care systems, clinical risk management (CRM) is a specific form of RM focusing on clinical processes directly and indirectly related to the patient . CRM is process based and enables the creation of patient safety strategies. The importance of CRM in enhancing patient safety has been recognized for many years and has increasingly become a priority issue for European policy makers since the early 2000s [2, 3, 4, 5, 6, 7]. However, despite several patient safety initiatives and tools that can all be seen as elements of CRM, there is a lack of knowledge concerning the systematic implementation of CRM in large university hospitals .
The University Hospital Graz is the second largest in Austria and offers hospital treatment for more than 400,000 outpatients and 88,000 inpatients per year. As a central university hospital, we take care of more than 1,000,000 people in the south of Austria. To cater for this, the university hospital consists of 20 departments with 43 divisions, 10 intensive care units with 135 beds, 58 nursing wards with 1381 beds, 44 operating theaters, and 16 outpatient clinics.
The traditional overall governance structure in an Austrian university hospital is two dimensional. There is one management board for aspects of teaching and research, and there is a separate management board for all aspects of clinical care. To reach their objectives, both legal entities follow defined strategies principally stipulated either by the federal department responsible for medical universities or by the provincial department responsible for governing health care services. In 2009, both legal entities exchanged their aims, resulting in a hospital- and university-wide goal of implementing comprehensive CRM to continuously improve the accountability for safe environments in two complex organizations. Thereby, the primary challenge in developing CRM in a university hospital with a tripartite mission originates from the interaction of structures and processes with respect to quality governance at two board levels while coordinating strategic patient safety initiatives.
Next to the complex organization, the University Hospital Graz primarily runs a non-insurance principle with regard to patient claims. In the past, it was calculated that expenses for insurance are even higher than yearly liability costs for court judgments or arbitrations. If claims come up, compensations are paid out of appropriated earnings of the provider. However, this strategic-based system drives the interest of the legal entity to implement a CRM-driven process having safe procedures in place.
In the past, succeeding in improving CRM and patient safety was based on the emphasis of two determinants: (i) demand for safety through external channels such as judicial, market, and professional, and (ii) appropriate organizational responses depending on internal factors such as leadership, governance, and professional culture .
Taking the external factors into consideration, in 2009, the European Commission (EC) released a council recommendation on patient safety . The EC estimated that in member states, between 8 and 12 % of patients admitted to hospital suffer from adverse events while receiving health care. The EC suggested implementing national strategies to ensure patient safety. In line with the European Union, in 2013, the Austrian Federal Ministry of Health published a nationwide strategy on patient safety for the years 2013–2016 .
With regard to organizational responses, Battles and Lilford  and Eisenberg  identified three stages necessary to embed a strong patient safety culture, namely, (i) identify risks and hazards that have the potential to cause health care-associated injury or harm; (ii) design, implement, and evaluate patient safety practices that eliminate hazards, reduce the risks of injury to patients, and create a positive safety culture; and (iii) maintain vigilance to ensure that a safe environment is sustained and patient safety culture remains in place. This induces a two-dimensional approach, namely a “top down” leading to standardized processes and “bottom up” to develop a patient safety culture .
Recently, the Austrian Standards Institute issued comprehensive guidelines for embedding RM in organizations and systems [13, 14, 15, 16, 17, 18]. With these guidelines, qualification for risk managers, methodologies for efficient risk assessment, and guidance for emergency and crisis management were put in place. In addition, ISO/DIS 31000 norm, principles, and guidelines for RM was released .
The preconditions for implementing CRM in our university hospital have been good, as currently, quality management systems such as ISO 9001 and the European Foundation for Quality Management (EFQM) are in place within both organizations. In addition, the medical university has been awarded for “Human Resources for Excellence in Research (HR Excellence in Research),” and the entire higher education sector has been certified according to the Austrian Agency for Quality Assurance. These quality initiatives are supported by quality managers within each department and controlled by third-party bodies that together push us toward continuous improvement.
However, the attempt to integrate CRM might be a different type of task entirely, as the term quality management tends to evoke positive associations, whereas RM elicits negative connotations [20, 21]. Moreover, in the past, organizational change strategies in a top-down approach have often failed . To overcome fears associated with RM, it is essential to reduce prejudices as well as to create a no-blame culture. Therefore, for a safety culture to work, it must involve everyone to ensure an open-minded and constructive value toward excellence [22, 23]. With the support of a critical mass, RM may then start to take on a life of its own and drive itself ahead . It was for this reason that we considered implementing a centrally coordinated, standardized CRM process meant to educate risk managers within each department using an interdisciplinary approach to support the process from the bottom-up. The resulting goal should be for CRM and patient safety to become a main focus within our complex organization.
The aim of this study is to report on the development of a hospital-tailored CRM process and its subsequent systematic implementation. Three main initiatives will be taken:
The education and support of risk managers using safety-relevant information and risk tools. Risk managers are present throughout the organization and utilize their acquired skills as part of their daily work routine.
The implementation of CRM incorporating academic, clinical, and administrative services.
The improvement of clinical leadership through engagement in the CRM process and the identification of potential risks by risk managers.
To our knowledge, this is the first report of its type describing in detail the implementation of RM according to available standards and its attempt to implement CRM in a large university hospital.
We emphasized that the introduction of CRM into daily routine procedures can be considered successful if (i) risk managers are available in all departments; (ii) risks are identified through a bottom-up approach; and (iii) CRM was externally audited. To achieve our main purposes, five project strands were followed within our organization (Fig. 1).
It was determined that CRM becomes a strategic undertaking within corporate governance defined by good acceptance of change. Consequently, board members from both legal entities signed a project agreement and committed the top-down approach to implement CRM by using a bottom-up approach. Pertinent processes were explored to identify and share key RM strategies within both legal entities. According to the non-insurance principle, it was decided that in case of an implemented RM process, the university hospital will waive compensation.
Milestones were carefully considered over a period of 5 years (Table 1). Alongside the milestone plan, one of the key elements implementing sustainable CRM was the allocation of resources.
Milestone plan to integrate clinical risk management into daily routine procedures
1) Project agreement between board members of both organizations to implement clinical risk management into daily routine procedures
2) Clinical risk management process
2a) Develop a clinical risk management process according to existing guidelines and standards
Available: April 2011
2b) Create an information and communication plan
Available: April 2011
3) Roll-out plan
3) Educate risk managers to support the implementation of clinical risk management and define high-risk areas
Available: May 2011
4) External audits
4) Clinical risk management process is implemented and externally audited according to roll-out plan
Available: March 2012 to December 2014
5) Top risks
5) Risks are identified and strategies to reduce risks are initiated
Available: December 2012; December 2013; December 2014
Taking the large scale of our organization into consideration, we assumed that according to the square root of 7828 employees, a minimum of 1.1 % of the workforce should be committed to and educated in RM to support CRM . It was generally acknowledged that clinical staff would be best placed to identify, analyze, and manage patient-related risks; therefore, one of our primary objectives was to educate clinical employees on the front line . With respect to the focus of work within a particular department, we aimed to educate a team of physicians, nurses, medical technical assistants, and administrative professionals. It was the goal that within each unit, a RM team should be available.
In Austria, several providers offer RM training, and it was agreed that Austrian Standards, which provide national RM standards, should also provide the training. RM trainings at Austrian Standards were open to all academic, clinical, and administrative employees and lasted for 6 days. Essential contents of the instruction included
introduction to CRM and overview of standards,
CRM and its application,
case examples and scenario analysis,
legal regulations, liability law, and behavior in the event of an error,
RM in the field of medical devices,
experiences of learning and reporting systems,
introduction to process management,
overview of error possibilities and effect analysis,
failure mode and effects analysis (FMEA), scenario analysis, London protocol, route cause analysis, and Ishikawa, and
emergency and crisis management.
A CRM process based on all available standards and literature had to be drawn up. Clearly documented guidelines and templates were required to facilitate the CRM process and had to be developed. The main requirement for making the CRM process work was ensuring the availability of risk managers within each organizational unit. The implementation of risk managers was first initiated in a pilot unit to test run the CRM process. Thereafter, we followed a roll-out plan starting with high-risk areas such as surgical units, intensive care, and obstetrics. According to the CRM process, educated risk managers should identify and analyze risks using tools such as FMEA or scenario analysis. Retrospective analysis takes sources such as complaints, errors, and survey results into account. Risk analyses have to be approved by risk owners and board members. To monitor progress, the CRM process will be internally audited in each organizational unit according to an audit schedule. The CRM process will be supported for approximately 1 year until the external audit takes place. Thereafter, the CRM process will be transferred into daily routine.
Communicating risks may not have been an easy task in the past; therefore, we worked on building an open-minded environment as the basis for success. We adapted the Framework for Spread to our needs and focused on communication and knowledge management . We identified meeting structures to facilitate the sharing of information on best practices, reporting, and feedback mechanisms.
With respect to CRM and a patient safety culture to work, health care professionals must be involved. When risks are identified and new improvement initiatives are introduced, employees should be able to see the results fast to ensure that they remain motivated and committed to the initiatives . Therefore, we had three fundamental expectations for achieving a particular involvement:
It is well known that for learning and reporting systems to function in daily routines, health care workers need an open, fair, and non-punitive environment . By means of the engagement in CRM in past years, the implementation of a learning and reporting system (critical incident reporting system (CIRS)) was scheduled a reasonable amount of time after the introduction of CRM.
Publish the so-called safety alerts to inform employees about anonymized errors while still taking reasonable measures into account.
Involve employees in supporting safety initiatives originating from local- and nationwide strategies.
In 2009, to best support CRM, a decision was taken to combine RM and quality management into one department to ensure the optimum use of resources.
The Department of Quality Management was re-organized and renamed the Department of Quality and Risk Management, and two additional trained risk managers were dedicated to it. The first issue, designing a CRM framework, was finalized in September 2009 and externally audited by a third-party body within an EFQM initiative. The CRM framework addressed strategic objectives, including
establishing a CRM process,
educating risk managers,
communicating with and continuously updating employees,
third-party auditing of the CRM process, and
implementing a learning and reporting system (CIRS).
We also aimed to build improvement capability from the inside out to ensure the consistent collaboration of employees and leaders. For this reason, expectations regarding CRM were articulated in the existing quality policy. Academic, clinical, and administrative leaders’ expectations were identified and offered a comprehensive, open-minded, and constructive revision. The new quality and risk policy was released with the following objectives:
to ensure that quality and RM are strategic undertakings,
to establish and maintain quality-enhancing infrastructure,
to focus on error prevention, and
to plan and drive continuous improvement.
Leaders were committed to the CRM process and its implementation in each unit. To best support them in their coming functions, roles and responsibilities of leaders, staff, and the quality and RM committee were clearly defined. A roll-out plan for the entire organization was released (Table 2) and strictly followed. To date, all milestones have been reached, and no deviations are anticipated for the future.
Clinical risk management roll-out plan with numbers (n) of educated risk managers
Department of Quality and Risk management
Piloting unit: Division of Nuclear Medicine Radiology
Department of Anesthesiology and Intensive Care Medicine (three divisions)
Department of Obstetrics and Gynecology (two divisions)
Department of Environment and Engineering including Medical Devices Security
Department of Clinical Medical Nutrition Therapy
Clinical Institute of Medical and Chemical Laboratory Diagnostics
Department of Orthopedic Surgery
Department of Neurosurgery
Department of Dermatology and Venereology
Department of Surgery (six divisions)
Department of Ophthalmology
Department of Pediatrics and Adolescent Medicine (five divisions)
Department of Pediatrics and Adolescent Surgery (two divisions)
Department of Neurology with (two divisions)
Department of Therapeutic Radiology and Oncology
Department of Trauma Surgery
Department of Internal Medicine (nine divisions)
Department of Otorhinolaryngology (three divisions)
Department of Radiology (five divisions)
Department of Psychiatry
Department of Blood Group Serology and Transfusion Medicine
Department of Urology
Department of Dentistry and Maxillofacial Surgery (four divisions)
Management board and further non-clinical units
Financial resources for external RM training as well as human resources to provide central guidance and follow-up throughout the CRM process were allocated. Potential risk managers were identified after individual “kick-off” meetings within each department within the professional groups of physicians, nurses, medical–technical assistants, and administrative staff with patient-related concerns. Professional groups such as documentation secretaries and trainees were not considered for RM training in this project.
All clinical and relevant non-clinical units established risk managers, and the minimum goal of 1.1 % of the overall workforce being trained was exceeded and resulted in a total of 2.0 % of 7828 employees. High-risk areas were allocated a higher number of risk managers. A total of 158 certified risk managers (61 nurses, 61 physicians, 20 medical technical assistants, and 16 administrators) were trained (Table 3). These numbers correspond to 4.5 % of the professional group of physicians, 2.6 % of nurses, 2.7 % of medical technical assistants, and 0.9 % of administrative staff.
Risk managers since 2009 with regard to their profession
Number of employees
Educated risk managers
Number or risk managers (%)
Risks covered a broad spectrum including clinical, financial, and legal aspects. Risks were assigned a score based on the combination of the likelihood of the risk and the consequences should the risk occur. An overview of measurements of the likelihood and consequences of risk were presented in a risk matrix. Identified risks were centrally documented in an RM software (R2C_risk to chance; Schleupen AG). Currently, 360 risks with more than 2000 measures for improvement have been identified. Among those, 176 risks were centrally scored as strategic and clustered into the so-called top risks (Fig. 2). To counteract top risks, the Department of Quality and Risk Management supported the implementation of well-known safety tools.
Still, risk analyses are ongoing, and we expect approximately 500 operational risks by the end of 2014. Due to the huge number of identified potential improvements, operational risks with their follow-up measures were decentralized, whereas strategic risks remain centrally managed.
From 2009 to 2011, the CRM process (Table 4), including an information and communication plan, was issued. Prior to its first use, the CRM process was audited by an external expert to attest to its practicability and compliance with national and international standards. Pursuant to the roll-out plan and the strict procedures laid down in the CRM process, 31 organizational units (departments and divisions) passed the external audit. Further organizational units will finalize their external audits throughout 2014. According to the audit plan, the following tasks were assessed:
Clinical risk management (CRM) process
1.Kick-off meeting in a unit
• Provide general information on the goals of CRM to leaders within the department/division
• Commitment of risk owners to supporting the emphasis of CRM within their units
• Determine the time frame of the implementation in a department/division
• Appoint interested staff for the CRM training
2.Clinical risk managent training
• Training of physicians, nurses, and medical technical assistants, where appropriate, within clinical units
• Train experts within non-clinical units
• Identify individual risks together with risk owners and department for quality and risk management
• Analyze risks using standardized approaches and assess risks
• Risk owners and the members of the executive board approve risk analysis
• Manage risks to reduce or eliminate them
• Document risks in the software (R2C_risk to chance®; Schleupen AG) to enable follow-up
• Inform all employees of identified risks and opportunities and communicate measures to be taken
• Evaluate effectiveness of implemented measures and re-evaluate the risks
• Communicate improvements
5.Internal and external audit
• Internal audit according to standards and guidelines
• External audit to confirm CRM standards
6.Transfer into daily routine
• Risk owners and risk managers supports operational and strategic safety issues
• If any, risk owners and risk managers analyze critical incident reports or claims
• In regular intervals, risk owners and risk managers keep staff informed
• Regular meetings between risk owners, risk managers, and members of department of quality and risk management to evaluate risk analyses until completion
commitment of the management,
management of resources,
implementation of RM into daily routine, and
The implementation of CRM within a unit was externally audited approximately 1 year after the kick-off meeting. It was not the goal to have every risk reduced or eliminated by that time; instead, the approach was to ensure that
CRM was known within the organizational unit,
participation was recognizable,
risks were identified,
priorities were set, and
work on it had begun.
From an organizational point of view, various approaches helped us to disseminate information within the network of risk managers and staff (Table 5). Meeting structures within a particular unit ensured that risk managers and risk owners dealt with their operational and strategic risks. In monthly or bimonthly meetings, risk analyses were discussed and addressed until measures were implemented. Risk treatment plans were recorded in the RM software, and in the event that measures were overdue, the responsible unit received an electronic note. Risk owners and risk managers were also encouraged to regularly inform their employees in meetings about success stories and future tasks.
Clinical risk management (CRM) information plan
Type of document
Quality and risk policy
Manual for risk owners
Job description for risk managers
Risk assessment (failure mode and effects analysis, scenario analysis, London protocol, route cause analysis, and Ishikawa)
CRM checklist for internal audits
Audit program (overview of internal and external audits)
Manual for crisis management
Waiver of recourse claims
Critical incident reporting system—manual
Patient safety alerts
Critical incident reports
Quality and risk management forum for risk managers
Quality and risk management committee
Annual open-access “Risk management Conference”
Annual risk management report
Jour fixe Department of Quality and Risk Management with
Risk owners and risk managers
Monthly or bimonthly
Executive board and board of directors
To approach organization-wide awareness of CRM initiatives, new communication tools were introduced to manage the sharing of knowledge. These have been as follows:
an electronic newsletter for quality and RM,
the hospital journal covering patient safety success stories, which is sent home to all employees, and
in public annual conferences, sharing knowledge with internal and external experts.
The corporate governance facilitated the necessary environment for RM. Leaders, risk managers, and employees supported the implementation of CRM, which due to the size of the university hospital is an evolving work in progress. With regard to the dissemination of safety concerns, CIRS was introduced in a pilot unit in 2012. Transparent procedures with respect to actions and communication of critical reports quickly led to hospital-wide acceptance in 2013. Within a half-year period, more than 60 critical incidents were reported, analyzed, and managed. Furthermore, if an incident report or error showed potential for improvement, patient safety alerts, including measures to be taken, were published as means to spread information within our organization. In the meantime, six patient safety alerts have been distributed to caution employees.
Although CRM is not new within the health care system [25, 26, 27, 28], there remains, however, a lack of knowledge concerning CRM implementation into routine procedures within complex hospital organizations. In health care systems, it has always been the task to avoid errors and have safe procedures in place. In the past 2 decades, a certain amount of progress has been made, and more patient safety initiatives have started around the world [29, 30, 31, 32, 33]. It is obvious that in health care systems, a variety of managerial tools, practices, and traditional methodologies are available to attract patient safety issues. “How to manage risks to patient safety and quality in European health care” was the latest topic in the Hope Exchange Programme 2013. During the evaluation meeting of 20 participating countries, it emerged that many European hospitals have developed multiple patient safety strategies with different RM initiatives . Positive reports are available on safety initiatives such as the World Health Organization surgical safety checklist; however, it is still not self-evident that even tools demonstrating evidence-based benefits will be accepted and used appropriately . Reason for that could be low knowledge in CRM within an organization, which results in weak participation and compliance of employees . Therefore, a systematic approach and common understanding on CRM and patient safety within an organization and their employees are required.
In recent years, RM and quality improvement functions often operated independently ; therefore, within our organization, one of the key elements in ensuring that RM topics are addressed in a coordinated manner was combining RM and quality improvement functions into one department. In addition, the alliance between both areas resulted in one common strategy on patient safety within two legal entities. This facilitated a homogeneous university hospital- and university-wide CRM standard with appropriate tools for all units and reduced duplication of effort, thus optimizing the use of available resources.
The CRM process is based on existing quality management elements as well as recently published strategies, standards, and guidelines. However, if one of the key elements for the existence of a successful safety culture, such as personnel’s attitudes or unified thoughts and behaviors within an organization, is missing, CRM might fail in routine . Therefore, engagement of leadership was crucial, as much of the action in patient safety flows from decisions made by leaders of the hospital . The management boards set clear goals for RM throughout corporate governance and emphasized the importance of RM . The non-insurance principle, and with it, the linkage of implemented RM and waiving of compensation, had been a further stimulus to leaders and employees and resulted in concerted efforts on RM implementation. The existence of yearly defined RM objectives assisted the process by ensuring that hospital leaders were accountable for creating and maintaining a culture of safety and quality .
To succeed in CRM and to achieve a sustained safety culture, Briner et al.  highlighted the most important elements. Among them, a systematic approach to clinical risk, education, and staff participation are needed. We considered these topics from the beginning and concentrated on ensuring the comprehensive involvement of employees. We focused on RM training and identifying system failures using a bottom-up approach [29, 39]. Members of all health professions were trained with a particular focus on well-known RM tools. Through the trainings, risk managers gained an understanding of and competence in supporting patient safety issues. With respect to fostering team spirit, an interdisciplinary RM team where appropriate was implemented into each organizational unit that gained the ability to develop and promote patient safety within their environment. With respect to human resources, the introduction of training and implementation of CRM in a unit followed a specific roll-out plan over a certain period throughout both organizations. This enabled the continuous assistance of risk managers and risk owners during the RM process by the Department of Quality and Risk Management.
Hints were available on the number of risk managers needed to facilitate CRM and patient safety ; however, so far, it was not proven in routine. One of our main goals of educating a certain percentage of the workforce was achieved within 5 years. Taking into consideration that risk managers received no incentives for taking part in CRM, the willingness of participation exceeded our expectations and resulted in an even higher percentage of trained workforces. However, in daily routine, we realized that occasionally risk managers were not able to spend appropriate time for the new topic or dropped out. On the contrary, over the years, already trained risk managers changed to our university hospital and were encouraged to support CRM.
Since CRM implementation, risk managers have identified 360 operational risks; however, in scrutinizing them carefully, 10 top risks for the whole organization stood out. Not surprisingly, the overview of top risks demonstrates homogeneity with already known safety issues in the literature [6, 9, 10, 40, 41, 42]. However, one of the greatest values of our tailored CRM process is that risks were identified through a bottom-up approach prospectively and retrospectively . This is essential to an organizational change strategy, as the implementation of top-down change has often failed in the past . Based on the number of identified risks, for the future, there has to be a realistic mix between managing the resulting action plans to minimize re-occurrence in a centralized or decentralized approach according to the categorization of the risk and with respect to available human resources.
As previously stated, effective communication is crucial; thus, following the RM training, the focus was to spread information and knowledge to involve everyone in CRM. Thereby, in recent years, we paid attention to maintaining an open-minded and no-blame culture. This helped us to share and exchange information and knowledge between staff and organizational units as well as to address outside perspectives. In regular micro-system meetings, individual conditions for improvement were discussed between risk managers, employees, and risk owners and were centrally guided. This unified approach ensured that measures already identified somewhere else as well as lessons learned could be shared. In a macro-system approach, numerous communication procedures were introduced to inform employees and the public about patient safety standards, risks, and safety measures already in place. At a strategic level, the commitment of the organization boards in recent years to creating a no-blame system has led to the CIRS being introduced and continues to provide feedback to employees with the aim of improving care delivery.
Finally, taking the council and Austrian recommendations on general patient safety issues into consideration, CRM has already become a central topic within our organization. Within 5 years of commencing this untiring efforts, CRM has become strategic, self-evident, system based, and less crisis orientated, and delivers its greatest value both to the organization and the patients it serves . We believe that to succeed in implementing CRM, it is essential to educate a critical mass of workforce in RM so as to gain support through a bottom-up approach. The risk manager-driven introduction of CRM can provide a practical guidance to support others in the health care system in implementing CRM, and with it, a broad understanding for upcoming patient safety initiatives.
CRM, and with it, patient safety, has become a priority topic within the University Hospital Graz. Our strategy was to facilitate CRM through organizational development and training in a combined top-down and bottom-up approach . With respect to its dimension with 158 trained risk managers operating using a cascade approach within the organization, this CRM approach is unique. Considering all current results together, we are convinced that the tailored CRM process and its use of risk managers have enabled a common understanding of all aspects of patient safety. The active involvement of the management boards, senior managers, and employees within the designed CRM process led us to conclude that CRM is widely accepted. CRM has facilitated awareness, transparency, and involvement in patient safety topics within both organizations. In all, 31 external audits led us to believe that the CRM process, as it has been currently tailored, fits readily into existing hospital routine procedures.
Overall, we strived to create a network and social system where it is natural to talk about risks, errors, and patient safety in general. The progress and experiences we have had so far will support all other units in finalizing their CRM implementation. Nonetheless, it is important to emphasize that in an organization with the tripartite mission of teaching, research, and clinical care, the implementation of CRM in terms of patient safety has to follow a systematic approach with appropriate tools to succeed.
As next steps to keep CRM in place and further enhance patient safety culture, we will follow the outlined goals and focus on the following strategies: (i) continue to encourage people involved in the process, (ii) continue to work on the risk portfolio and proactively identify latent failures before a serious adverse event occurs, and (iii) react to previous incidents to minimize errors in the future .
The authors wish to express their gratitude to the entire organization and their employees for supporting CRM and patient safety initiatives. They also would like to thank Hilary Watkins (National Health Service, United Kingdom) for her support during the Hope Exchange Programme and the Hope Agora Meeting in 2013.
There was no funding.
Conflict of interest
The authors have no competing interests.
- 1.Reason J. Managing the risks of organizational accidents. Aldershot: Ashgate; 1997.Google Scholar
- 2.Briner M, Kessler O, Pfeiffer Y, et al. Assessing hospitals’ clinical risk management: development of a monitoring instrument. BMC Health Serv Res. 2010;10:337. doi:10.1186/1472-6963-10-337.Google Scholar
- 3.Ginsburg LR, Tregunno D, Norton PG, et al. Not another safety culture survey: using the Canadian patient safety climate survey (CAN-PSCS) to measure provider perceptions of PSC across health settings. BMJ Qual Saf. 2014;23(2):162–70. doi:10.1136/bmjqs-2013-002220.Google Scholar
- 4.Kohn LT, Corrigan J, Donaldson MS. To err is human: building a safer health system. Washington, DC: National Academy Press; 1999.Google Scholar
- 6.Report on Hope Agora. Patient safety in practice: how to manage risks to patient safety and quality in European health care. Hope—European Hospital and Healthcare Federation. The Hague. 11–12 June 2013. http://www.hope.be/05eventsandpublications/docpublications/94_patient_safety/94_HOPE_Publication-Patient-Safety_December_2013.pdf. Accessed 2 Jan. 2014.
- 9.The Council of the European Union. Council Recommendation of 9 June 2009 on patient safety, including the prevention and control of healthcare associated infections. Off J Eur Union. 2009/C 151/01.Google Scholar
- 10.Federal Ministry for Health. Nationwide patient safety strategy for Austria 2013–2016. Commissioned by the Federal Ministry of Health, Vienna, March 2013.Google Scholar
- 11.Eisenberg JM. Medical error is an epidemic. A presentation of the National Summit on medical errors and patient safety research. Washington, DC: The Quality Interagency Coordination Task Force (QuIC); September 2001.Google Scholar
- 13.ONR. Risk management for organizations and systems: terms and basics. ONR 49000. Vienna: Austrian Standards; 2008.Google Scholar
- 14.ONR. Risk management for organizations and systems: risk management. ONR 49001. Vienna: Austrian Standards; 2008.Google Scholar
- 15.ONR. Risk management for organizations and systems: part 1—guideline for embedding the risk management in the management system. ONR 49002-1. Vienna: Austrian Standards; 2008.Google Scholar
- 16.ONR. Risk management for organizations and systems: part 2—guideline for methodologies in risk assessment. ONR 49002-2. Vienna: Austrian Standards; 2008.Google Scholar
- 17.ONR. Risk management for organizations and systems: part 3—guideline for emergency, crisis and business continuity management. ONR 49002-3. Vienna: Austrian Standards; 2008.Google Scholar
- 18.ONR. Risk management for organizations and systems: requirements for the qualification of the risk manager. ONR 49003. Vienna: Austrian Standards; 2008.Google Scholar
- 19.European Committee for Standardization. Risk management: principles and guidelines (ISO 13000:2009). European Committee for Standardization; 2009.Google Scholar
- 24.James BC. Perspective on safety: in conversation with…Brent C. James. AHRQ 2014. http://webmm.ahrq.gov/perspective.aspx?perspectiveID=97. Accessed 18 Jan. 2014.
- 25.Hunter New England Health. Risk Management Framework. Hunter New England Health, NSW Health; 2007 http://www.hnehealth.nsw.gov.au/__data/assets/pdf_file/0019/34390/HNEH_Policy0502_RiskManagementFramework.pdf. Accessed 8 Oct 2014..
- 26.Massoud MR, Nielsen GA, Nolan K, et al. A framework to spread: from local improvements to system-wide change. IHI Innovation Series white paper. Cambridge: Institute for Healthcare Improvement; 2006. http://www.ihi.org/resources/Pages/IHIWhitePapers/AFrameworkforSpreadWhitePaper.aspx. Accessed 8 Oct 2014. .
- 27.Ministerio de Sanidad y Consumo. Best practice benchmarking: risk management and clinical governance reorganization policies in the hospital setting. Executive summary. Madrid: Ministerio de Sanidad y Consumo; 2008.Google Scholar
- 30.Patient safety first: service improvement campaign. http://www.patientsafetyfirst.nhs.uk. Accessed 2 Jan. 2014.
- 31.High 5s 2013 Update. https://www.high5s.org/pub/Main/WebHome/HIGH_5s_PROJECT.pdf. Accessed 2 Jan. 2014.
- 32.Joint Action for Patient Safety. PASQ—European Union Network for Patient Safety and Quality Care. http://www.pasq.eu. Accessed 2 Jan. 2014.
- 33.Crema M, Verbano C. Guidelines for overcoming hospital managerial challenges: a systematic literature review. Ther Clin Risk Manag. 2013;9:427–41. doi:10.2147/TCRM.S54178.Google Scholar
- 35.ECRI Institute. Risk management, quality improvement, and patient safety (executive summary). Risk and quality management strategies 4; Healthcare risk control. Vol. 2. ECRI Institute; 2009. pp. 1–15. https://www.ecri.org/documents/secure/risk_quality_patient_safety.pdf.
- 36.International Atomic Energy Agency. Basic safety principles for nuclear power plants. Safety series no. 75-INSAG-3. Vienna: International Atomic Energy Agency; 1999.Google Scholar
- 37.Wachter RM. Patient safety at ten: unmistakable progress, troubling gaps. Health Aff (Millwood). 2010;29(1):165–73. doi:10.1377/hlthaff.2009.0785.Google Scholar
- 38.Dixon-Woods M, Baker R, Charles K, et al. Culture and behaiviour in the English National Health Services: overview of lessons from a large multimethod study. BMJ Qual Saf. 2014;23(2):106–15. doi:10.1136/bmjqs-2013-001947.Google Scholar
- 39.Lawton R, McEachan RR, Giles SJ, et al. Development of an evidence-based framework of factors contributing to patient safety incidents in hospital settings: a systemic review. BMJ Qual Saf. 2012;21(5):369–80. doi:10.1136/bmjqs-2011-000443.Google Scholar