The elimination of all risk inside your facility would be impossible. Reducing risk can have a large impact on your workflow processes and finances and there must be a certain balance between reducing risk and keeping your facility productive. This is where Acceptable Risk comes into the equation.
An acceptable risk policy helps strike a balance between safety and efficiency. It can also be used to bring a common sense variable into your risk analysis.
To develop an acceptable risk policy you have to raise the question: At what point does this risk become acceptable? In order to answer this question you have to return to your data and reports. When performing the risk analysis there needs to be an established financial cost to measure the impact of the worst case scenario.
Lets say you’re developing an acceptable risk policy on the use of iPads in your facility. What is the worst case scenario? Now I haven’t performed an actual risk assessment on this, but I could imagine a worst case scenario looking something like this:
Someone was storing patient information on their iPad and then accidentally forgot it in the lunch room. When they return to the lunchroom, the iPad is missing. Patient data then gets leaked out, which leads to the facility having to make a public statement saying they were responsible for a data breach. The facility also gets fined by the Federal Government and has to undergo additional audits in the future. The data breach is recorded and publicized in the media and results in lost revenue for the organization as a whole.
In order to determine what an acceptable level of risk is, we need to calculate the financial cost of that scenario. How much money will the facility lose if that scenario happens?
Once you understand the impact of the situation, then you need to understand the likelihood of that event occurring. What are the odds of that scenario occurring?
With theses pieces of data you will be able to get a better understanding of the level of risk you are facing. When building your treatment scenarios, you need to identify those variables on each options.
Treatment Option A: Worst Case Scenario, Likelihood of Worst Case Scenario Happening
Treatment Option B: Worst Case Scenario, Likelihood of Worst Case Scenario Happening
Treatment Option C: Worst Case Scenario, Likelihood of Worst Case Scenario Happening
Once you have the data in front of you, you will be able to see a much clearer picture of which treatment option will reduce the risk the most.
Of course, complete risk elimination might not be completely effective for your facility. You also need to take your costs into consideration as well.
Is the cost of the solution more than the worst case scenario? If your worst case scenario is $10,000 loss and your solution is $15,000, you won’t be forming a good business argument when you take this project to your supervisor.
The ultimate goal is to reduce risk to acceptable level, but at the same time building a treatment option that creates the most value for the organization.
