Apollo Medical Centre

Risk Management Plan 2015

The Apollo Medical Centre Risk Management Plan is aligned with the NZ
Standard for Accident and Medical Clinics NZS 8151:2004 and the Australia and
New Zealand Standard AS/NZS ISO 31000:2009

Background and Definition:

Risk Management involves achieving an appropriate balance between realizing

opportunities and minimizing adverse impacts within an organisation.

The Apollo Medical Centre Risk Management Plan involves aligning our
organisational culture and business plan with the process of risk management.
The process of risk management is defined as a logical and systematic
application of management policies, procedures and practices to the activities of
consulting, establishing context, identifying, analyzing, evaluating, treating,
monitoring, reviewing and communicating the risks in a way that will enable
Apollo Medical Centre to minimize losses and maximize gains.

A continuing cycle of review of the organisation’s policies, procedures and quality

improvement systems enables Apollo Medical Centre to maintain and exceed the
agreed quality standards of performance of both accreditation standards on an
on-going basis.

Risk Management Framework

The risk management framework is defined as a set of components that provide

the foundations and organisational arrangements for designing, implementing,
monitoring, reviewing, and continuously improving risk management throughout
the organisation. Fig. 1 below outlines the relationship between the components
of risk management, principles framework and process.

H:\Policy and Procedure Manual\Section V - Quality & 1 -

Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

H:\Policy and Procedure Manual\Section V - Quality & 2 -

Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

Risk Management Process

The risk management process involves the following elements:

• Communicate and consult
• Establish the context
• Assess risks
• Identify risks
• Analyse risks
• Evaluate risks
• Treat risks
• Monitor and review

Communication and consultation

Internal
The organizational structure of Apollo Medical Centre is led by the Board of
Directors. The General Manager manages the organisation.

Below this level operates a management team of key personnel. The

management team includes managers representing the doctors, nurses,
reception, and administration staff. The General Manager oversees the
performance of the management team and is responsible for implementation of
the quality and risk management systems within the organisation through
designated personnel.

The management team are involved in all aspects of operational management.

Management meetings are held on a fortnightly basis, and this forum is where all
aspects of the operation of the organisation is discussed and communicated.
Feedback, issues and concerns are raised, discussed and action plans
formulated. Implementation is overseen by the General Manager and managers.
Policy and procedures are reviewed and revised at this point.

Communication throughout the organisation is performed through several

mediums. Primarily staff meetings, staff newsletters, staff bulletin boards,
telephone, email (intranet and internet), and written documents.

All policy and procedures are documented and held on a common electronic file
accessible to all staff. Master copies are managed and maintained by the Quality
Administrator in conjunction with the General Manager and the management
team.

External
As an active member of the wider communities in which the organisation
operates, several mediums are again used to initiate, receive and maintain
H:\Policy and Procedure Manual\Section V - Quality & 3 -
Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

communication with our external stakeholders. These include participatory

membership of pivotal organisations – both governmental, community and health
organisations, use of electronic mediums, and involvement in community events.

Apollo Medical Centre recognizes the importance and involvement of its external
and internal stakeholders to the organisation and values the contribution they
make. Feedback and input into the quality and risk management processes are
encouraged at all stages.

Context

Apollo Medical Centre is a large, suburban, integrated family health centre

operating in Albany, North Shore City and is an active participant in all health-
based activities for the North Shore region. The current government’s primary
health care model is capitation based funding through our Primary Health
Organisation which includes fees for service for non-enrolled patients. The scope
of Apollo Medical Centre operation is to work within all governmental legislative
requirements and Standards within the health industry.

The organisation recognizes that operating within the health industry is fraught
with risk. Apollo Medical Centre is committed to risk management as an integral
part of the management throughout the organisation, and as such will work
towards identifying, analyzing, evaluating and treating all levels of risk by
reduction or elimination.

Risk Identification

Five major areas of risk have been identified for the organisation. These are:

• Business
• Clinical
• Human resource
• Quality assurance
• Operational including Occupational Health and Safety

1. Business risk includes financial management, strategic and operational

management, market influences and competition, and legislative compliance.

2. Clinical risk includes any aspects of the management of patient care.

3. Human resource risk includes staff recruitment and retention, competency and
maintaining safe workloads.

4. Quality assurance risk includes meeting and/or exceeding the Standard for
Accident and Medical Clinics and RNZCGP Cornerstone standard
H:\Policy and Procedure Manual\Section V - Quality & 4 -
Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

5. Operational risk includes all aspects of the general day to day running of the
business, including occupational health and safety risk which covers all aspects
of maintaining and operating within a safe working environment.

The listed group of risks all influence and affect Apollo Medical Centre’s
business and strategic objectives as outlined in the Strategic Plan. At any point,
these risks can adversely affect the organisations ability to achieve successful
outcomes of these strategies. Thus continual monitoring and management of risk
is essential for the viability of the organisation.

It is an expectation that all staff at Apollo Medical Centre contribute the

identification of risk through the Incident Reporting Process. Once a risk has
been identified, the process of risk management can be implemented.

Risk analysis

The identified risks require analysis to determine the level of risk. This is
achieved by determining consequence and probability of risk.

The five groups of risk identified have been determined as critical in terms of their
consequence to the organisation. The probability of these risks occurring is
reduced through careful control and management. Known risk is measured
against set criteria to determine the level of risk and an action plan implemented
once the acceptable levels has been breached.

Risk evaluation

The objective of risk evaluation is to make decisions based on the outcomes of

risk analysis, about which risks need treatment and their priorities. Risk is scored
against the Severity Assessment Code: Appendix 1

Apollo Medical Centre’s strengths and weaknesses, opportunities and threats are
taken into consideration at this point. The benefits to the organisation should
always exceed the risk to the organisation.

Risk treatment

Risk treatment options include:

• Avoidance
• Reduction
• Minimization
• Change the probability
H:\Policy and Procedure Manual\Section V - Quality & 5 -
Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

• Change the consequence

• Transfer

Risk options may be considered in isolation or in combination. Factors affecting

the option of treatment may include:

• The cost of implementation

• Benefits received by implementation
• Legal compliance
• Perception of value to stakeholders
• Presence of residual risk

Risk monitoring and review

To maintain continuous improvement, risks should be regularly monitored

throughout the risk management process. Review documentation should be
incorporated into the Apollo Medical Centre performance management and
reporting system.

Implementation

1. Business risk

The business plan outlines the strategic direction of the organisation for the
following twelve months. Risk is analysed and determined from quantitative data.
Financial reports and key performance indicators provide an accurate view of the
organisation’s performance over the period.

All aspects of strategic and operational management are examined and

reviewed. Areas of increased risk are identified and action plans devised to
initiate reduction or elimination of risk. ICIB insures against financial, operational
and management risk.

The Board of Directors perform this monitoring process on a monthly basis at

board meetings.

2. Clinical risk

Professional standards
Professional standards, training and detailed protocols provide benchmark
standards of conduct and patient care. All clinical staff are required to hold
current practicing certificates which indicate they have reached and maintain the
H:\Policy and Procedure Manual\Section V - Quality & 6 -
Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

national standards of clinical competency. Professional practice is implemented

by following documented protocols, policies and procedure guidelines. These are
reviewed annually by the Management team to ensure they remain relevant and
current. Clinical performance is monitored by the appropriate clinical managers.

Professional bodies – e.g. Medical Protection Society, NZNO and insurance

companies indemnify all clinical staff against professional malpractice. All staff
are required to hold current indemnity policies.

Staff training
To further enhance the staffs skills and abilities, ongoing training plans are
provided for all staff and their participation is required. Managers and team
leaders ensure all requirements in compliance and participation in training for all
staff are met. The Medical Directors oversee medical staff training, the Nurse
Manager oversees nursing staff training, the Finance & Administration Manager
in conjunction with the Reception Co-ordinator oversee reception staff training
and the Finance and Administration Manager in conjunction with the
Administration Co-ordinator oversee administration staff training.

Annual performance reviews are performed on the staff by the Managers/Team

Leaders. Performance reviews monitor and assess current clinical competencies,
participation in training and/or any deficits in skills and abilities that require
remedial training.

Patient complaints and feedback

To further reduce risk, a robust patient complaints system provides a method of
monitoring any perceived risk of patient mismanagement, professional
incompetency or misconduct. The Patient Complaint Management Policy details
the management of complaints.

Bi-monthly patient satisfaction surveys are conducted to provide valuable

feedback as to the performance of the organisation to meet consumer needs.

On-going feedback from patients is gained through the complaints systems plus
in-house feedback forms provided to patients.

The staff are involved in community projects, associations etc. These also
provide valuable feedback to determine the performance of the organisation to
meet community needs.

Practice Management System

The electronic practice management system – MedTech 32, provides a secure
and accurate method of storing patient information. Access to clinical files is
H:\Policy and Procedure Manual\Section V - Quality & 7 -
Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

available to all clinical staff via a password system. Non-clinical staff have
restricted access to clinical information. The PMS can be audited to ensure
security levels are not breached. Backup of the PMS is performed remotely every
night, and the backup file is stored in a secure off-site facility to prevent loss of
patient files and information.

3. Human Resource Management

Professional standards and staff training are outlined as per clinical risk. Staff
performance is monitored by the appropriate manager/team leader.

Retention and recruitment

Most human resource management functions are conducted by the management
team, overseen by the Practice Management Advisor. The General Manager
provides support where appropriate. Medical staff are rostered by the Medical
Administrator - HR. Nursing and reception staff are rostered by their Team
leaders. Active recruitment and retention methods maintain staffing levels across
all shifts. Casual staff are used in conjunction with part-time permanent staff to
ensure all shifts are adequately staffed should permanent staff require leave.

Staffing levels
Staff workloads are monitored to ensure the staff operate within safe staffing
levels. Triage and an staff workload policy provide mechanisms to manage
patients through the Centre to ensure safe staff working levels and doctor/patient
ratio’s are maintained at all times. Should the staff workload policy be
implemented more than four times in one month, staffing levels are to be
reviewed overall.

4. Quality assurance

The quality management plan outlines the organisation’s commitment to the

Standards for Accident and Medical Clinics. (NZS 8151:2004) and RNZCGP
Cornerstone accreditation standards.

An internal audit is performed annually to monitor the quality control process and
ensure all systems, policies, procedures and protocols are updated and remain
current. Any incidents or policies requiring amendment etc are brought to
monthly management meetings for revision and resolution.

An external audit is performed every three years by authorized audit agency DAA
Group to maintain accreditation and ensure the Standard of Accident and
Medical Clinics have been met and maintained.

H:\Policy and Procedure Manual\Section V - Quality & 8 -

Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

An external audit is performed every three years by authorized audit agency

HDANZ to ensure the RNZCGP Cornerstone accreditation standards have been
met and maintained.

5. (a) Occupational Health and Safety

The Health and Safety in Employment Act 1992 provide guidelines for staff and
employers to follow in relation to providing a safe place of work.

Policies and procedures outline safe working practices and risk management
processes, which include hazard identification, and minimization and/or
elimination.

The Health and Safety officer administers the Health and Safety programme
including the health and safety induction of all new staff. Annual and monthly
audits are conducted where appropriate. Monthly reporting of incidents and
accidents to the management team enables a continual review of health and
safety risk management.

(b) Operational Risk

Operational risk is managed by minimization through robust management

practices as well as a risk transfer strategy. Risk is transferred by multiple
policies with ICIB NZ Ltd.

Insurance policies include:

• Public liability, statutory liability, employers liability, management liability,
business interruption, and material damage

6. Risk Assessment

The Severity Assessment Code will be used to assess all risks. See
Appendix 1 for more details

Likelihood Consequence Serious Major Moderate Minor Minimal


Frequent 1 1 2 3 3
Likely 1 1 2 3 4
Possible 1 2 2 3 4
Unlikely 1 2 3 4 4
Rare 2 3 3 4 4

H:\Policy and Procedure Manual\Section V - Quality & 9 -

Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015
 Apollo Medical Centre

Severity Assessment Code Required Action

1 Extreme Sentinel Event  Commence Root Cause Analysis

Risk
2 High Serious Incident  Formal follow-up Complete
Risk incident form teamleader to notify Clinical Director
and General Manager
3 Medium Reportable incident- Quality Improvement
risk opportunity Complete incident form forward to Team
leader
4 Low risk Quality Improvement Opportunity

H:\Policy and Procedure Manual\Section V - Quality & 10 -

Risk Management\Risk Management\Risk
Management Plan 2015.doc
Revised December 2015