Quality, Compliance, and Patient Safety: Is Risk Management Still Relevant?

In the last 30 years, new fields have arisen in healthcare. With the introduction of each new concept, the question has been asked, “Is risk management still relevant?”

Quality Initiatives

One of the earliest focal points involved quality of care. A number of versions included quality control, quality assurance, quality improvement, continuous quality improvement, and process improvement. Some observed that quality initiatives would take the place of risk management because improving quality is what healthcare is all about.

What they failed to recognize, however, is that the legal system would continue to require a definition of the standard of care. The standard of care is the minimum legal standard defined by what a reasonably prudent healthcare professional would do in treating a patient. Negligence is failing to meet the minimum standard.

While quality initiatives work to provide the highest quality of care possible, risk management monitors minimum standards throughout an organization. It covers a vast range of issues. Examples include the safety of parking lots, placement of biohazard containers, credentialing physicians and other professionals, care of uninsured patients in the emergency department, facility access by disabled individuals, medication dispensing by non-pharmacists, and clinical standards.

Quality initiatives and risk management programs coexist and, to some extent, overlap. We have learned to use tools from both disciplines. These tools have made healthcare professionals more effective and healthcare environments safer. We strive to continually improve quality while monitoring and tracking all other requirements to make sure we meet minimum standards.

Increasing Compliance

Regulatory compliance is another area of focus. As the proliferation of regulations has increasingly affected healthcare delivery, there were those who thought that regulations would take control. Some said that regulatory compliance would make risk management irrelevant. We have found, however, that regulations do not cover all areas of medicine and that healthcare workers—beyond all regulatory requirements—strive to provide the best care possible. Regulatory compliance has not taken the place of comprehensive risk management programs.

Focusing on Patient Safety

In 1999, a groundbreaking report by the Institute of Medicine riveted healthcare providers and the public and raised awareness about patient safety. Quality initiatives and compliance were taking us in the right direction but not getting us far enough, fast enough. Healthcare needed to take drastic steps to protect patients. Providing high-quality care was not sufficient when the systems for delivering that care were rife with opportunities to make errors and harm patients. Healthcare needed evidence-based solutions that would minimize the opportunities for human error. The patient safety movement became our new and rightful focus.

Answering the Recurring Question

The same question keeps arising: Do we need risk management tools and skills? I believe that the answer is yes. Risk management must interface with and support all of these initiatives.

While we work to improve quality, comply with regulations, and adopt patient safety goals, the standards against which healthcare is measured are constantly changing. We must not only adopt and implement patient safety goals, new regulations, and quality measures, but we must also recognize the changing standards that are becoming the new minimum legal requirement. Failing to properly implement recognized standards means that we risk being found negligent if patients suffer as a result.

Coordinating Resources, Skills, and Tools

Many healthcare problems involve the risk of loss, the potential for substandard staff or clinician performance, and threats to the safety of patients. Cases that involve vaginal birth after cesarean (VBAC) are one example of how the skills in risk management, performance improvement, and patient safety improve patient care and protect healthcare organizations.

In 1999, the American College of Obstetricians and Gynecologists (ACOG) published guidelines on levels of care for a pregnant patient desiring a trial of labor after a previous cesarean section. Medical malpractice insurers identified malpractice claims related to the risks of a ruptured uterus in these patients and presented this information to hospital risk managers. Risk managers recommended compliance with ACOG guidelines because they recognized that the guidelines would be presented as evidence of the standard of care (the minimum legal duty of care). As they have always done, risk managers understood the risk of loss while striving to improve the safety of care delivery.

Process improvement (PI) professionals saw data that revealed the need for quicker response times for emergency cesarean sections to improve outcomes for mothers and their infants. PI professionals began to lobby for changes in care plans and PI measures to improve the quality of care.

Patient safety professionals identified the risk of harm to pregnant patients and their fetuses when ACOG guidelines were not followed. They began to develop safer processes and systems to help providers respond to emergencies.

Each discipline (quality, compliance, patient safety, and risk management) brings a different set of resources, skills, and tools to healthcare organizations. We would do well to recognize the contributions made by each discipline and its value in improving healthcare.

Enterprise risk management expands the effect of “managing risk” into all areas of an organization by protecting the assets and, therefore, the viability of an organization. This is true whether the threat is from weather, theft (of information, equipment, products, or money), harassment, injury, loss of reputation, lack of compliance with regulations, or any other type of risk.


  1. Use tools from each discipline when tackling identified problems.
  2. Organize efforts around problems rather than around disciplines. If standing committees are unable to focus adequate resources on the issues, ad hoc committees can be formed to address specific issues. Examples of issues include:
    1. Inpatient clinical care.
    2. Medication management.
    3. Ambulatory care.
    4. Facility safety.
  3. Include at least one person who has skills in each of the disciplines (risk management, PI, or patient safety, and—when appropriate—compliance).


Healthcare efforts are intended to enhance the quality of care, increase compliance with regulations, reduce liability, and maximize safety for patients, visitors, and staff. No single discipline has the capacity to address all of the requirements placed on healthcare organizations and healthcare professionals.

We continue to encourage risk managers and other healthcare professionals to enhance their abilities in these skill areas for the benefit of patients, co-workers, organizations, and communities. Adopting changes to care standards and coordinating efforts as new initiatives take the stage will reduce liability exposure and lead to even better outcomes.



By Darrell Ranum, JD, CPHRM, Regional Vice President, Department of Patient Safety, The Doctors Company.


The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J9344 10/13


Stay in the know with our monthly newsletter.

Sign up to receive The Doctor’s Practice.

Our e-mail newsletter delivers timely updates across a range of topics each month, including
patient safety, legislative updates, and the latest industry and company news.