top of page

Healthcare Board Risk Concerns

As the business world changes, it's important for businesses to keep up with the risks associated with doing business so they can achieve their goals and objectives. Not only are these risks substantial, but they can have a profound impact on the overall success of the business, its future opportunities, and the way it is perceived by stakeholders. Understanding what risks are being discussed in board rooms and executive suites can help prepare businesses for the risks they will face in 2019.

According to a research report provided by Protiviti and North Carolina State University's ERM Initiative, there are three specific types of risks that can occur:

  • Macroeconomic, which affect growth opportunities for the organization, such as opening additional locations

  • Strategic risks, which affect the validity of the organization's strategy in pursuing growth opportunities, which would require a re-evaluation of the strategy

  • Operational risks, which affect organizational operations in carrying out the company's strategy, which may require adjusting the application of the strategy

When executives and members of the board understand what type of risks they are facing, they can have a better understanding of how to approach the risks in order to protect the interests of the organization and its stakeholders. Within those three categories, here are the specific risks being faced by organizations.

Regulatory scrutiny and regulation changes

In healthcare, new research leads to new policies and regulations in order to provide the highest quality care for patients. As a result, organizations must face the risks that come with regulatory changes and regulatory scrutiny. Specifically, according to a research report provided by Protiviti and North Carolina State University's ERM Initiative, regulatory scrutiny becomes more stringent in order to ensure organizations adhere to regulations while simultaneously reducing regulatory costs and occurrences of fraud. These regulations require compliance, particularly within the framework of the Affordable Care Act, which requires specific regulations be followed for reimbursement. These risks can be interpreted as strategic and operational risks.

Privacy management and information security

As more health organizations shift to digital records and technology, protecting patient data and information may be more challenging. New regulations are being implemented in an effort to keep up with data security in the context of digital records and electronic transmission of information. In order to protect data, health organizations must not only keep up with technology advancements but also implement strong authentication protocols in such a way as to not limit access of information when needed. According to a a research report provided by Protiviti and North Carolina State University's ERM Initiative, this requires a delicate balance between allowing and restricting access. These risks can be interpreted as strategic and operational risks.

Meeting performance expectations

Along with meeting standard performance expectations, organizations are in a position to compete against "born digital" firms. These are firms that have existed since the Internet Age. These firms do not have the same learning curve in order to keep up with advancing technology that other organizations do, which means they are at risk of falling behind in performance expectations. In addition, they must make changes and advancements to keep up with competitors that operate primarily digitally, which keeps the organization competitive so that it is more likely to achieve its goals and objectives. These risks can be interpreted as macroeconomic and operational.

Recruiting and retaining talent and challenges in succession

When organizations are attempting to plan succession, recruiting and retaining talent is a key concern. This is especially true in healthcare, where there is a shortage of qualified physicians and advanced practice nurses in comparison to the public need. As a result, organizations must adopt clear and successful recruitment and retention programs, which include transparency in compensation, flexible work arrangements, and mentoring, to meet talents' needs. These risks can be interpreted as strategic and operational risks. These elements can help assure talent that they will be taken care of successfully throughout their careers, which can encourage them to remain with the organization.

Cyber threats

Finally, as technology becomes more integrated in health care organizations, cyber threats become a greater risk. It is for this reason that data and identity privacy, and data security, are an important aspect of these organizations. As a result, organizations must develop policies and security measures that continue to meet the advancement of cyber threats. This will not only help protect data but keep operations running smoothly when patient data access requires the Internet or other digital components. These risks can be interpreted as macroeconomic and operational risks.

While it may be impossible for health organizations to avoid these risks, understanding why they are occurring and how they can impact the organization can equip decision-makers with the foundation they need to combat them successfully. Within that context, health organizations can stay competitive and successful while managing risks to the advantage of the bottom line of the organization itself.

How are you addressing these risks concerns. I have only highlighted the high level trends but the tactical side to implement the solutions to combat these risks are definitely not an easy task and at times these are multi-year implementations.




  • Grey Facebook Icon
  • Grey Twitter Icon
  • Grey Instagram Icon
bottom of page