Risk management in the NHS: governance, finance and clinical risk

Paul Fenn; Tom Egan

doi:10.7861/clinmedicine.12-1-25

Introduction

Health services are inherently risky: their core activities involve a response to unpredictable events where the potential for loss (both financial and non-financial) is high. Moreover, the responses themselves have uncertain consequences when things go wrong, and healthcare providers need to be aware of the risks they face in order to manage them in the interests of both patients and staff. Risk management has been defined as the systematic identification, assessment and evaluation of risk.¹ Used properly in healthcare, it can not only be a process to report incidents, but also minimise the harm that clinical or resourcing errors can cause to patients and staff. From this perspective, the risk manager's remit in the NHS covers a wide range of activities–from the assessment and identification of risks through financial risk-transfer measures to investment in the quality of clinical care and beyond. The practice of risk management has developed and widened considerably in the NHS in the last decade in response to several key reports including An organisation with a memory,² which highlighted the need to learn from clinical error, and Standards for better health, which outlined potential improvements to the quality of care across several dimensions.³

Moreover, risk management can be considered as part of the broader area of clinical governance which is defined by Chandraharan and Arulkumaran as a ‘framework through which NHS organisations are accountable for continuously improving the quality of their services and safeguarding high standards of care by creating an environment in which excellence in clinical care will flourish’.⁴ Risk management encompasses many aspects of clinical governance, from risk reporting (and response to complaints) to audit, guidelines, risk assessments (risk registers) and training.¹ In 2009, the Audit Commission recommended that trusts should ‘review their risk management arrangements–including the way in which risks are reported to the board’ and that the Department of Health as well as Monitor (the regulator of foundation trusts (FTs)) should ‘consider further incentives and sanctions to reward good governance through greater autonomy and take action to address shortfalls where they arise’.⁵

This paper explores this theme–the inter-relationship between good governance, financial incentives and clinical risk management–and provides an overview of recent developments together with some evidence gleaned from views expressed by key decision takers within the NHS. Firstly, rating systems used within the NHS to classify hospitals according to the quality of their risk management activities are reviewed.

Risk ratings in the NHS

NHSLA risk management standards

A risk management programme was introduced by the NHS Litigation Authority (NHSLA) in 1995, although it was 2000 before it was fully implemented. The core of this programme is provided by a range of NHSLA standards and assessments, and it is a requirement of continued membership of the Clinical Negligence Scheme for Trusts (CNST) that hospitals are subject to audit by the NHSLA. A set of risk management standards for each type of healthcare organisation was developed incorporating organisational, clinical, and health and safety risks (www.nhsla.com).

All the NHSLA standards are divided into three ‘levels’. NHS organisations which achieve success at level one in the relevant standards receive a 10% discount on their CNST contributions, with discounts of 20% and 30% available to those passing to levels two and three respectively. Members of the CNST scheme are required to achieve level one compliance and are assessed on an annual basis until this is achieved. Organisations at level one are assessed against the relevant standard(s) once every two years and those at levels two and three at least once in any three-year period, although organisations may request an earlier assessment if they wish to move up a level. The discount earned by members is applied to contributions in the financial year following a successful assessment and is valid for two years. Organisations which fail an assessment are required to be assessed at the level assigned in the following financial year.

Monitor's governance risk ratings

Monitor uses the term governance to describe the effectiveness of an NHS FT's leadership. It uses performance measures, such as whether FTs are meeting national targets and standards (eg a reduction in methicillin-resistant Staphylococcus aureus (MRSA) rates), together with a range of other governance measures such as community representation, appropriate board roles and structures, clinical quality and service performance. Specifically, it requires evidence that boards address and resolve any risks that have been identified. Trusts are rated red (significant breach of terms of authorisation), amber-red (material concerns), amber-green (limited concerns) or green (no concerns).

Monitor's financial risk ratings

When assessing financial risk, Monitor's ratings reflect the likelihood of an actual or potential financial breach of the FT's terms of authorisation. The ratings are based on four criteria: achievement of financial plan, underlying performance, financial efficiency, and liquidity. Financial risk ratings are allocated using a scorecard which compares key financial information across all FTs. A rating of five reflects the lowest level of financial risk and a rating of one the greatest.

If an NHS FT has failed to comply with the terms of its authorisation and this is significant–for example, if it consistently fails to meet required standards of care or is at significant financial risk–Monitor's board may decide to use its statutory powers of intervention. These range from closing a specific service, to removing any or all of the directors or governors and appointing replacements.

The risk manager's perspective

To get a better appreciation of how risk management operates in NHS trusts, the views of nine acute NHS trust risk managers were obtained via exploratory telephone interviews in 2010 and 2011. Eight of the nine trusts selected had recently achieved an increase in their CNST risk management level.

The main findings to emerge from these interviews were as follows:

All trusts which achieved a risk management level increase claimed to have done so as part of a planned strategy–while this was mainly the responsibility of the risk management staff, other stakeholders, such as the board of directors and clinical staff, were also engaged.
The declared motivations for seeking a risk management level increase involved both reputational and financial issues. From a reputational perspective, trusts see patient safety and quality benefits from obtaining higher risk management levels ‘…the push for level two was about reputation and how we looked as a trust’; ‘It was a priority at board level to get to level three … to demonstrate that the trust's safety and quality agenda was in place and was embedded across the trust’. From a financial perspective, as discussed above, the NHSLA provides discounts on a trust's CNST contribution in return for the achievement of higher risk management levels and such discounts act as an incentive, as evidence by one interviewee: ‘there also was the financial incentive–the 10% discount on the premium was substantial and this came at a time when financial pressures were starting to be considered’.
Financial strength is seen as being important in order to obtain risk management level increases. Trusts that are in a position to commit financial resources to assist with an NHSLA assessment typically will do so, and find such investments to be more than justified if a successful outcome is obtained. Making such an investment is not felt to be a prerequisite to obtaining a risk management level increase but there is a general consensus that financially strong trusts are in a better position to do so as they have more resources to enable them to make such financial investments.
Trusts with good governance structures believed that they were more likely to obtain risk management level increases. Eight of the nine trusts had recently increased their risk management level while all had recently acquired FT status. These tended to go hand in hand: one interviewee felt that trusts had to demonstrate good risk management arrangements as part of the process when applying for FT status, while another felt that a positive outcome of acquiring FT status was that it gave trusts a ‘good governance structure which helped when applying for risk management level increases’.
The governance structures in place as a result of acquiring FT status are said to be enhancing the risk management function within trusts. The new structures in FTs include public interest governors, staff governors and representation from the trust board. While such arrangements have taken time to settle down, they now ‘work quite well and both public and staff governors are willing to support quality initiatives such as the patient experience’. From a financial perspective, FTs are also granted financial freedoms such as the ability to raise capital from both the public and private sectors within borrowing limits determined by projected cash flows–this is said to enhance the ability to invest in risk management level improvements.

In summary, the consensus of the views obtained from our interviews with risk managers implied that there are definite relationships between governance structures, financial health and risk management activities–trusts typically have a plethora of external organisations to deal with on an annual basis and improvements made in governance relationships (as evidenced by acquiring FT status) are typically accompanied by improvements in a trust's financial position, and this improved financial health is an enabler to help them improve their risk management practices.

The interdependence between governance, finance and risk management

From the views expressed by hospital risk managers, there would seem to be a strong a priori expectation that hospitals with good governance would perform well in relation to the management of clinical risks. Well run hospitals should have in place the structures to enable sound decisions about the allocation of resources, including those concerned with investment in patient safety measures. Moreover, hospitals with sound finances are expected to be best placed to manage clinical risk well; clearly, concerns about financial risks would be expected to constrain management in pursuing clinical risk management opportunities which require additional resources.

To confirm whether this expectation was borne out by the evidence, the extent to which the ratings described above were correlated with each other were explored. The following tables show the results obtained by comparing the ratings given to 137 foundation hospitals as at 30 June 2011, including the CNST risk management levels as assessed by the NHSLA and current at that date.

Tables 1 and 2 show the relationship between the CNST risk management levels and Monitor's finance and governance risk ratings respectively. Surprisingly, there appears to be little correlation between these, and this is confirmed by the Chi-squared tests reported at the foot of each table. By contrast, Table 3 shows a significant relationship between Monitor's ratings for financial and governance risk. It seems that Monitor's separate assessments of hospitals' exposure to risk is correlated, but bears little relationship to the quality of clinical risk management measures as audited by the NHSLA.

View this table:

Table 1.

CNST levels by finance ratings.

View this table:

Table 2.

CNST levels by governance ratings.

View this table:

Table 3.

Governance ratings by finance ratings.

Part of the explanation for this conundrum may lie with the way that the NHSLA incentivises hospital managers to improve their risk management levels. Discounts of up to 30% on the CNST contributions are available for hospitals assessed at the highest level. This could conceivably lead to mixed consequences: hospitals with good governance and low financial risk may feel that the extra expense involved in acquiring higher standards is justified, but on the other hand hospitals facing financial problems could also feel that the contribution discounts are a way of easing those problems. So the relationship between governance, finance and clinical risk may be a complex one.

To illustrate this, as part of a programme of research funded by the ESRC on public services quality, several studies exploring the link between the financial incentives for improved risk management and the responses by NHS hospitals were recently conducted. In one study, no relationship between the utilisation of diagnostic imaging tests and the risk management level attained was found.⁶ However, in another a positive relationship between higher risk management levels and a lowering of the hospital's MRSA infection rate was found.⁷ It has been speculated that certain types of patient care activity, including the use of diagnostic tests ordered by individual clinicians, may be less responsive to risk management incentives placed at the level of the hospital, whereas others, such as hospital infection control policies, are much more amenable to financial incentives at that level.

Conclusion

In this paper the reasons why good hospital governance and sound finances are expected to be conducive to improved clinical risk management processes and outcomes have been set out. These expectations were shared by those risk managers interviewed in NHS hospitals–they clearly believed that there was a causal connection between their governance structures, the quality of their financial risk management, and the NHSLA's assessment of their clinical risk management standards. In practice, the current evidence from FTs does not bear this out, at least in the strict sense of a correlation between measurements of risk management standards across these categories. Why should this be so? There are a number of possible explanations. The measurement of risk management standards by Monitor and/or the NHSLA may be flawed, or the measurement may be accurate but the expected relationships are not there–they could be based on rhetoric not reality. Alternatively, the notion of risk management is something far more complex than can be captured by a single number for each hospital. Complex organisations can suffer from considerable inefficiencies, not least in terms of communications and internal incentives. Harris addresses such points explicitly to hospitals. He argues that the hospital is ‘two firms in one’: a medical staff and an administration, each with ‘its own objectives, decision variables, and constraints’.⁸ Attempts to incentivise one of these groups to the exclusion of the other may end in failure. This problem is not a new one, but the widening remit of risk management in NHS hospitals does beg the question: whose risk is being managed?

References

↵
1. Cottee C,
2. Harding K
. Risk management in obstetrics. Obstet Gynaecol Reprod Med 2008; 18: 155–62doi:10.1016/j.ogrm.2008.04.003
OpenUrl CrossRef
↵
Department of Health. An organisation with a memory 2000London: DH
↵
Department of Health. National standards, local action. Health and social care standards and planning framework 2005/7002 −− 60<τπ>/.80 Annex 1 2004Leeds: DH
↵
1. Chandraharan E,
2. Arulkumaran S
. Clinical governance. Obstet Gynaecol Repro Med 2007; 17: 222–4doi:10.1016/j.ogrm.2007.05.003
OpenUrl CrossRef
↵
Audit Commission. Taking it on trust: a review of how boards of NHS trusts and foundation trusts get their assurance 2009London: Audit Commission
↵
1. Fenn P,
2. Gray A,
3. Rickman N,
4. et al
. Enterprise liability, risk pooling and diagnostic care. J Pub Admin Res Theory 2010; 20: i225–42doi:10.1093/jopart/muq026
OpenUrl Abstract/FREE Full Text
↵
1. Fenn P,
2. Gray A,
3. Rickman N,
4. Vencappa D,
5. Rivero O
(2011) The impact of risk management standards on patient safety: the determinants of MRSA infections in acute NHS hospitals, 2001–2008, Centre for Risk and Insurance Studies Working Paper.
↵
1. Harris JE
. The internal organisation of hospitals: some economic implications. Bell J Econ 1976; 8: 467–82
OpenUrl