Managing RISK

Jean B. Ganub, RPh

The man who does things makes many

mistakes, but he never makes the biggest
mistake of all—doing nothing
—Benjamin Franklin

Pharmacy Management: Essentials for all Practice Setting ⁕ Mc Graw Hill Professional
Scenario
Ann has been the most senior technician in the community
pharmacy. There are two other technicians in the pharmacy. Ann
informed Dianne of her intention to undergo a major operation
that required her to be away for about eight weeks. Leave has
already been granted to another technician. The manager did not
arrange for cover. Steve, the pharmacist, was concerned about
the staff shortage, and he raised his concerns with Dianne. She
was not willing to arrange cover, saying, “There is no money in
the budget.” Steve, being the responsible pharmacist, raised the
issue with the area manager, who promised to look into it. During
this period, Steve was not able to complete the prescriptions by
the end of the day. This created a backlog and patients had to
wait for long periods to collect their medications. Repeat
prescriptions from the surgeries could not be filled on time.
Patients who visited the pharmacy were frustrated and complained
to the manager. A large number of patients recalled the
prescriptions and visited nearby pharmacies. Cover was arranged
when Dianne realized that the pharmacy was losing business, but
it was too late. The patients who left never returned.
Risks in our day to day work
Financial risk (the higher the gain, the
greater is the risk )
Risks of injury
Risks associated with their work in
dispensing

Systems and procedures must be in place to

manage effectively the risks associated with
the work
Definitions
Risk: Risk is the measure of the potential inability
to achieve an expected outcome within defined
parameters of safety, cost, schedule, and technical
characteristics. It has two components: the
likelihood of occurrence and the consequence of
failure (for example, wrong advice given to a patient
may have serious consequences).
Risk acceptance: A risk can be accepted when the
benefit outweighs the risk that may occur, which
cannot be avoided or reasonably mitigated with
further action. A General Practitioner (GP) may
weigh the benefits of a treatment against the
possible adverse effects.
Definitions
Risk analysis: Risk analysis is the process of
defining and analyzing the extent, likelihood, and
occurrence of a risk.
Risk attributes: Risk attributes defined in the risk
management plan are the probability, impact, and
time frame within which the risk can be avoided or
mitigated. These attributes provide useful
information to make informed decisions.
Risk classification: Risk classification is the
process of categorizing risks according to (1) the
severity and their consequences and (2) shared
characteristics or relationships.
Definitions
Risk identification: Risk identification is the
process of examining and documenting the risks of
each element of a process or a project that may
impact on the activities in the pharmacy or
workplace.
Risk management: Risk management is an
approach to prevent or mitigate a potential risk
through identification, analysis, mitigation, planning,
and tracking of root causes and their consequences.
Definitions
Risk management planning: Risk management
planning is the process of developing and
documenting an organized, comprehensive, and
interactive strategy for analyzing the root causes of
potential risks, developing plans to prevent or
mitigate risks, performing continuous risk
assessment, and allocating resources.
Type of Risks
Professional risk
 Refer to dispensing errors, wrong advice, failure to detect
prescribing errors
Business risk
 Affect business activities and the profit. Staff shortages may
force the dispensing activities to be stopped until the
problems are resolved. Opening another pharmacy in the
nearby vicinity carries the risk of losing patients to the new
pharmacy.
How do mistakes happen?
Continuous Risk Management
Process
It is a disciplined proactive program that includes:
 A continuous assessment of what could go wrong
by determining the current performance against
the expected performance
 Estimating the likelihood and consequence of
identified risk through analysis
 Planning for risk disposal and handling the risk,
developing mitigation plans, and establishing
monitoring requirements
 Monitoring the effectiveness of the implemented
strategies
 Controlling risk by evaluating monitored data to
verify the effectiveness of mitigation plans
Steps in CRM Process
Step 1: Identify risks. Identify the risks and state them in
terms of conditions and consequences, including the context:
what, where, when, how, and why.
Step 2: Analyze the risks. Evaluate the risk on the basis
probability impact and severity. Determine the time frame
within which actions need to be taken. Classify and group
similar risks and prioritize for action.
Step 3: Plan. Determine the approach (research, accept,
mitigate, or monitor) to deal with the risk. Prepare a detail
plan that includes responsibilities, tasks, goals, time frame,
and budget estimates. Execute the plan.
Step 4: Monitor. Track the activities and organize risk data,
reports, and results. Verify and validate mitigation action.
Step 5: Control. Analyze the data to determine the
effectiveness of the plan. Review, if necessary, to replan or
close the risk. Execute the control plan.
Identification of Risks
Deficiencies in the following 10 key system elements can lead
to risks of making mistakes (Hahn, 2007):
1. Patient information
2. Drug information
3. Dispensing: labeling, application of the label, bagging, and
handing over to the customer
4. Communication issues
5. Storage of drugs, verification of expiry dates, and removing
outdated drugs from the shelf
6. Acquisition of appliances and monitoring their use
7. Working environment
8. Staff training and skills
9. Patient education
10. Risk management
Identification of Risks
Several approaches can be used to identify risks in the
workplace (NASA, 2009; Tague, 2005), such as
 Brainstorming
 Tests and verification
 Pause-and-learn sessions
 Previous analysis of risks
 Historical data
 Lessons learned
 Checklists
 Informal notifications
Risk Analysis
Risk Analysis
Risk Analysis
Risk Analysis
Risk Analysis
Risk Scoring
Risk Index
Accepting Risk
The organization may opt to accept the risk without taking any
action for a variety of reasons:
1. The risk is very low and has no significant impact on the
organization, staff, or patients.
2. No control option is available or not within the control of the
organization. For example, new legislature may impose risks
to some activities.
3. The benefits outweigh the risks. A patient who shows only
skin reaction allergy to penicillin may be prescribed a penicillin
for a life-threatening illness by the GP after taking precautions
to counteract the ill effects of penicillin.
Avoiding, transferring and
mitigating Risk
Avoiding the risk: The organization may decide to take any
action to control an unacceptable risk by using an alternative
methodology in order to implement the same activity, which is
less risky.
Transferring the risk: This implies the transfer of the risk to
a third party for insurance or indemnity cover. The cost of
such a cover depends on the assurance that the organization
can give in terms of a claim being made. The insurer would
require information regarding the nature of the risk, the
controls in place to mitigate the risk, and the claims history so
far.
Mitigating the risk: This process reduces the risk to an
acceptable level. If the risk cannot be eliminated completely, it
is mitigated by substituting the materials or processes or
redefining the policies and procedures.
Action Plan (Planning)
Action Plan (Planning)
Action Plan (Planning)
The action plan should specify the following (Table 5.6):
1. Risk description
2. Impact
3. Current controls in place
4. Effectiveness of current controls
5. Action
6. Person responsible
7. Time frame
8. Completion date
Tracking
 The purpose of the tracking step is to monitor the progress
of the action plan by collecting and analyzing accurate,
timely, and relevant risk information (NASA, 2009
 It is a proactive approach that enables further action to be
taken before a risk becomes a problem. Tracking also
enables the team to close the risk, if it has been effectively
resolved.
 Analysis of risk information is useful to determine whether
(1) additional risk handling options are necessary, (2) risk
handling strategies need updating, or (3) known risks must
be reassessed
Control
During risk control, the following strategies are implemented:
1. Close the risk.
2. Continue as planned.
3. Develop a new or an updated risk mitigation plan.
4. Invoke a contingency plan if the risk has been a problem.
Communication
Communication within the team and with external authorities
is essential for the management of risks in the organization.
The team can provide valuable information on potential risks
and their resolution.
The NPSA (2004) provides guidelines for patient safety in the
document Seven Steps to Patient Safety:
1. Create a safe culture.
2. Lead and support the staff.
3. Integrate risk management activities into daily pharmacy
practices.
4. Encourage reporting of all incidents.
5. Communicate effectively with patients, the public, and the
staff.
6. Promote learning from safety lessons.
7. Assess risks regularly and implement activities to prevent
harm.
Why Do Risk Management
Programs Fail?
Risk management programs fail due to six mistakes (Taleb et
al., 2009):
1. Assuming that extreme events can be predicted.
2. Assuming that studying the past will help us manage risk.
3. Failure to listen to advice on what should not be done.
4. Assuming that risk can be measured in terms of standard
deviation.
5. Failure to appreciate that mathematical equivalence and
psychological equivalence are different.
6. Belief that efficiency and maximizing shareholder value do
not tolerate redundancy.
Revisiting Scenario
In the scenario cited in the chapter, a staff shortage
has been recognized as a problem. However, there
was no attempt to resolve the issue until the
situation became critical. The risk can then be
defined as follows:
When there is a shortage of dispensing staff, it is
likely that the staff working in the dispensary will
encounter a heavy workload, and there is a risk that
the patient will be given (1) wrong medicine, (2)
correct medicine but wrong strength, (3) correct
medicine with a wrong label, (4) wrong brand, or
(5) another person’s medicine.
Revisiting Scenario
The likelihood score is 3 (possible) on the basis of
frequency (might recur occasionally). The
consequence score is 4 (major) on the basis of
significant risk to patients, if unresolved. The risk
rating is thus 12 (high risk) and requires the
attention of the manager (see Table 5.5). The action
plan for managing the risk of shortage of staff in the
dispensary is shown in Table 5.7.
Revisiting Scenario