Risk Management: 5 steps to a safer hospital

Risk Management: 5 steps to a safer hospital

Obtaining the Level 3 seal of excellence from the National Accreditation Organization (ONA) requires meticulous risk management in hospital management. Administrator with specialization in Quality in Health Services, the Director of Business and Projects of the Interact Ribeirão Preto Unit, Rogério Pontes Andrade, has been monitoring since 2003 the incorporation of concepts applied by hospitals.

In his opinion, the lack of consistent literature favors the theme to cause fear among managers. “I took a long time to address this issue, which I actually started to do in 2008 when, with the brilliant consultant Eduardo Rodrigues, we created the first Risk Management Management Procedure, based on the AS / NZS 4360 standard: 2004 (issued by the institute equivalent to Inmetro of Australia and New Zealand), which inspired ISO 31000 a few years later ”, he explains.

After 10 years of deepening and more than 8 revisions of the Procedure, Rogério Pontes Andrade brings together in this article 5 steps to a safer hospital:

Download now the e-book on Quality Management in hospitals

1) Identify and classify risks

There are two types of risks to be observed: the inherent risks and the acquired risks. The former come from the process itself or from the characteristics of the patient undergoing the procedure. The seconds, however, do not stem from the nature of the process or the person served. Identify them based on evidence and expert opinion.

The acquired risks are the focus of our management. Classify and grade the impacts of each acquired risk identified, so that the care vision is always prioritized, that is, the impact that the risk has on the patient’s health. The grading of the impact is made by estimating the severity and degree of possible damage (or more frequent) in case of realization of the risk in an event. The degree of impact of the risk is the first element to define the position of the risk in the Risk Matrix of each process.

2) Assess the risk factors

There is a common confusion between risk and risk factor, which can make management inoperable. Risk is what you really want to prevent from happening. Something that whenever it occurs will necessarily cause damage, however small it may be. Risk factors are the events or situations that increase the likelihood that the risks will materialize, but not always when they occur, there will be damage. For example, incorrect patient identification (risk factor) increases the chance of having a procedure performed on the wrong patient (risk).

3) Implement control practices

Once the factors that increase the likelihood that the risks will materialize have been identified, all practices that must be adopted by the process to block such risk factors should be listed. Three examples of effective practices:
– daily tasks, such as checking and other routines;
– availability, updating and application of procedures (Standard Operating Procedure, Work Instructions, Manuals, etc.);
– management of risk-related performance indicators.

These control practices should raise the level of safety and quality of the process, because by keeping them in your day-to-day life, you will avoid the occurrence of risk factors and, consequently, the risk itself.

4) Manage incidents, indicators and audits

The occurrence of a risk in an event may involve death, physical or psychological injury. When this occurs, this is a sign that the quality of services may need to be improved. Therefore, hospital structures and care processes must be causing harm to patients.

Managing indicators is to apply a management process that focuses on training. It is valid for both managers and staff, with the aim of using appropriate methodologies and a critical approach.

It is not just a mere management of computer screens, with graphics and numbers. In the words of the renowned statistician William Deming, taken from the book The Deming Method of Management:

“What is not measured is not managed; what is not defined is not measured; what is not understood is not defined; there is no success in what is not managed. ”

Internal audits and performance indicators are the eyes of Quality Management. In the context of Risk Management, a properly trained team must periodically assess adherence to the control practices defined for the process. With this, the calculation of the probability of occurrence of the risk is generated and the risk level is reached through this equation:

Risk Level =
Impact of its occurrence + Probability of its occurrence

5) Incorporate learning into daily practice

With the levels of each risk mapped, a constant process of critical analysis must be established. On this topic, see 5 tips for an efficient evaluation of results.

This dynamic includes some actions, such as:
– review of controls;
– need for improvements;
– application of procedures;
– monitoring of indicators;
– implementation of periodic audits / checks;
– treatment of risk at the strategic level (activity of hospital management).


The greatest humanization initiative that a hospital can adopt is the reduction of risks for its patients. In the view of Rogério Pontes Andrade, the implementation of these 5 steps for a safer hospital has proved to be an important tool for the incorporation of the safety culture in hospitals.

Download now the e-book on Quality Management in hospitals

Interact offers cutting-edge technologies that automate most of the activities mentioned in this article. In the health sector, eight of the largest Brazilian hospitals use Interact software, according to the list prepared by the National Association of Private Hospitals.

Click here and learn more about our Quality Management solution


the content

Subscribe to our newsletter