Little Fires Everywhere: Can Health Care Organizations Prepare for Future Risk Without Getting Burned? | Deloitte US has been saved
Limited functionality available
By Steve Burrill, vice chairman, US health care leader, Deloitte LLP
Risk leaders—whether working at a health plan or a multi-hospital health system—often see themselves as part of a fire brigade that must run from department to department stomping out flames. While these leaders are typically able to stay ahead of their day-to-day crises, it can leave them with little time to prepare for the bigger industry-wide emergencies that are building on the horizon.
In my meetings with C-suite executives, it became clear that risks and opportunities are at the top of their minds, but these priorities tend to be short-term. Many of these leaders are focused on helping their organizations overcome immediate challenges related to interoperability or ensuring compliance under the Merit-based Incentive Payment System (MIPS) for Medicare. All the while, they might also be working closely with the rest of the C-suite to maintain margins and achieve scale to stay competitive. The ability to overcome these short-term issues could be the difference between surviving or being swallowed up by a competitor. But organizations that successfully navigate the short-term challenges will likely need to pivot quickly to take on more complex and longer-term issues related to risk. Those who wait risk falling behind the early movers.
The Deloitte Center for Health Solutions recently surveyed chief financial officers (CFOs) from health plans and health systems to get a sense of how they are navigating the increasingly complex risk landscape. We also interviewed risk leaders, including chief risk officers and leaders from the risk functions (e.g., compliance, legal, and internal audit).
We asked CFO respondents to first rate the risks they face today on a scale of one-10, then we asked them to predict where those risks might rank three years from now. In each of the 16 risk categories we identified, health organizations expect each category of risk will be more of a priority three years from now. By 2022, nearly 80 percent of surveyed CFOs anticipate that technology and digital transformation—including artificial intelligence (AI), cognitive computing, and other emerging technologies—will be their biggest risk priority. Consumer engagement is seen as the top risk priority today among 58 percent of respondents, and nearly 70 percent of them expect it to be a top priority in three years. Risk leaders generally are aligned with these priorities and are focused on topics that support consumer engagement, such as privacy and cyber security.
While most risk leaders said they felt prepared to deal with their highest priority risks, many of them noted that their departments are thinly staffed. They also acknowledged that they tend to devote significant time to crisis management—investigating potential HIPAA breaches, patient/member complaints, and patient safety issues. Most surveyed CFOs said they are either only moderately or not prepared in:
Preparing for a new era of risk
Health care organizations have historically relied on prevention and limitations on access to help mitigate risks—particularly when dealing with patient records and personal devices. But this strategy might be ineffective as technologies become more advanced and more prevalent. While emerging technologies can lead to more efficient processes, improve clinical decision-making, and make it easier to engage with consumers, a minority of CFOs said their organizations are using these technologies to improve their responses to risk. Among our survey respondents, just 38 percent said they are using data analytics and other technologies to identify risks. While 30 percent of respondents are using AI or other technologies to identify risks, 45 percent expect to do so in the next three years. However, 25 percent of respondents have no such plans.
Here are three realities health care organizations should consider as they prepare for some of the new risks on the horizon:
CFOs and risk leaders from health plans and health systems face many of the same issues, which are becoming increasingly intertwined as convergence continues and interoperability becomes more of a focus in the industry. Risks are no longer standalone issues…they tend to all be connected to each other. The systems and resources that health care organizations rely on today might not be able to take on new, more complicated risks in the future—even though these opportunities are critical for the enterprise’s success. The leaders who oversee the risk function must continue to tend to the day-to-day fires, but they could get burned if they aren’t also able to prepare for the technology-related risks that might be four or five years down the road.
Steve, a partner with Deloitte LLP, is the vice chairman and national sector leader for Deloitte’s Health Care practice. He leads a multi-disciplinary team who serves clients through consulting, advisory, audit, and tax services. Steve also leads the overall strategic direction and market eminence of the health care sector, including client-facing leaders’ development and succession, business development efforts, and cross-functional go-to-market strategies. With more than 33 years of experience, Steve has served clients across the health care spectrum–complex large systems, academic medical centers, children’s hospitals, and single location entities–and has led large transformational projects involving acute care hospitals, ambulatory operations, clinics, and physician practices.