Medical Software

How to Write a Risk Management Plan for Your Medical Practice

Published by in Medical Software

The difference between a funny mistake and an unfunny one is kind of the like the difference between major and minor surgery. If it’s my surgery, it’s major. If it’s yours, well then it’s no big deal.

Medical mistakes range from the benign (accidentally writing “The lab test indicated abnormal lover function” on a chart) to the positively unnerving (accidentally removing the wrong testicle).

risk management plan

‘Anyway, to make a long story short, the medical examiner who performed your autopsy was fired.’

But when mistakes happen in your medical practice, you’re probably not laughing. The risks you need to manage are real.

To avoid hurting patients and devastating your bottom line you need a plan. I’d like to offer some guidelines and advice for writing a risk management plan for your medical practice.

The ECRI Institute defines a risk management plan as “a formal, written risk management and patient safety program” as well as “an overarching, conceptual framework that guides the development of a program for risk management and patient safety initiatives and activities.”

So how do you write one of these? We’ll begin with a list of the types of risks you face as a medical care provider.

Medical practice risks

Risks to patient safety

The University of Scranton used recent Centers for Disease Control (CDC) research as an example of smart risk management. The research showed that keeping a urinary catheter in too long is the biggest risk factor for catheter-associated urinary tract infections. Implementing a risk management plan that included an instruction to regularly check catheters decreased patient risk for participating Healthcare Delivery Organizations (HDOs).

Medical error risks

These are the risks that grab the headlines. Joe Kiani founder of the Patient Safety Movement Foundation estimates that 200,000 people in the United States die every year from preventable medical errors.

Potential non-compliance

The costs of non-compliance with existing and future mandatory federal regulations and legislation can be quite high.

Questions to ask

While many risks are similar across HDOs, your level of risk will vary and you’ll also have some unique vulnerabilities and liabilities. To assess your unique liabilities it can be helpful to answer the following questions. Writing down these answers is step one to creating an accurate risk profile for your organization.

What could go wrong?

This is a comprehensive list of all the potential adverse events and all the ways your organization could screw up to cause them. Focus on potential ways you could compromise patient safety, make medical errors, or fail to comply with requirements.

Failure mode and effects analysis: A proactive method for evaluating a process to identify where and how it might fail and for assessing the relative impact of different failures in order to identify the parts of the process that are most in need of improvement.

What’s the likelihood?

Maybe this is an ordered list, or maybe you rate each potentiality on a scale of one to ten. However you want to do it, you need to assign each risk a score in terms of likelihood so you can focus on preventing the errors most likely to occur.

How crippling will it be?

After assigning each potential mistake or failure a likelihood, assign it a catastrophic score. Maybe one is a minor inconvenience, “The lab test indicated abnormal lover function.” And ten is a major lawsuit (wrong testicle).

What can we do to prevent this from happening?

An ounce of prevention is worth a pound of cure. Some things simply cannot be avoided. Others are pretty easy to mitigate. For example, if you order a test, is anyone checking to be sure the test was run, the results are in, and the patient knows the results? Similarly, is anyone following up when patients miss important appointments? These simple changes can avoid a lot of patient harm. Figure out which is which and plan accordingly.

What can we do to make this less catastrophic?

Since you can’t prevent every screwup, what can you do to reduce the cost of screwing up?

Who is responsible for what?

If everyone owns it, no one owns it. Make sure someone owns it if you want it to get done.

How to format your risk management plan

Your risk management plan needs to be accessible to management, counsel, contractors, consultants, caregivers, and third parties like Institutional Review Boards (IRBs) for organizations running clinical studies.

To get buy-in, you may want to run your plan by your organization’s board of directors for approval and then bring staff on board.


Implement regular, specific training program

Making sure patients understand how to take their medicine and why they need to do it can go a long way toward increasing medication adherence. Do physicians know how to do comprehension checks?

In Secrets of the Best-Run Practices, author Judy Capko emphasizes what she calls “commonsense risk management.” The first part of commonsense risk management, Capko argues, is putting effort toward making sure physicians have a good relationship with their patients. After all, “People are more than a little reluctant to sue their friends or people they really like, regardless of the nature of the suit,” Capko writes.

Create a culture of accountability

ERCI recommends organizations establish cultures that implement evidence-based best practices, learn from past mistakes, and provide constructive feedback instead of just offering blame and punishment. You want to encourage staff members to communicate about risks with each other and with management, not be afraid of punishment.

providing counseling services for those working with patients, and conducting competency assessments.

Keep up to date on the research

More sleep for residents makes patients safer, right? Giving residents in teaching hospitals more time to sleep actually compromised patient safety in a JAMA Internal Medicine study. Assumptions, by nature, are difficult to spot. That’s why you need to make surveying recent research part of your risk management agenda.

Keep up to date on regulations

Someone on your team needs to stay familiar with regulations and directives from organizations including the Department of Health and Human Services, Food and Drug Administration (FDA), and American Society for Healthcare Risk Management (ASHRM) to make sure your organization is compliant.

Websites like Healthcare Dive, Healthcare IT News, and Fierce Healthcare IT are good sources for announcements and concise summaries of upcoming and recently-enacted regulatory changes.

Consider hiring help

You might want to consider hiring a qualified healthcare risk manager to further minimize unnecessary exposure. They can help you develop and implement risk management plans and assess and monitor existing ones. For example, a risk manager can help you answer questions like “What’s the likelihood of each screwup?” and “How crippling will this adverse event be?” more accurately. That’s because a risk manager has access to industry data. Knowing how often organizations like your experience X, Y, or Z and what it cost them makes for much better predictions than you can make with access to your organization’s data alone.

A risk manager can also handle claims management, which encompasses tasks like identifying which adverse events are likely to become claims before they do, investigating adverse events and notifying your defense counsel and/or liability insurance company reps of potential lawsuits. They can also assist defense counsel by setting up depositions, providing relevant information, and helping to implement alternative dispute-resolution tactics.


According to Capko, fewer than 10% of medical practices have a risk management plan written down anywhere. “Remember the old adage,” Capko writes. “If it isn’t written down, it didn’t happen.” Don’t be the 90%. Write down your plan.

I’d highly recommend checking out her book, especially chapter 6.

Does your medical practice have a written risk management plan? Why or why not? Let me know in the comments.

Looking for Medical Practice Management software? Check out Capterra's list of the best Medical Practice Management software solutions.

About the Author

Cathy Reisenwitz

Cathy Reisenwitz

Cathy Reisenwitz is a former Capterra analyst.


No comments yet. Be the first!

Comment on this article:

Comment Guidelines:
All comments are moderated before publication and must meet our guidelines. Comments must be substantive, professional, and avoid self promotion. Moderators use discretion when approving comments.

For example, comments may not:
• Contain personal information like phone numbers or email addresses
• Be self-promotional or link to other websites
• Contain hateful or disparaging language
• Use fake names or spam content
Your privacy is important to us. Check out our Privacy Policy.