Healthcare institution risk assessments: Concentration on "process'' or "outcome''?

Healthcare institutions currently demonstrate increasing attention to risk analysis and risk management. A particular manifestation for English public sector healthcare providers was a "Controls Assurance'' risk assessment and action planning framework. This required annual, very detailed, reports to central government, spanning 22 major areas from infection control to fire safety. Much of this framework continues into a successor system giving greater local flexibility but "regulated'' via significant external audit. To help establish an analytical approach suitable for the new requirements, we have attempted to dissect out factors strongly influencing risk judgements made for Controls Assurance. Focussing on the "Medical Devices Management'' area, which required a particularly detailed self-assessment against 31 specified criteria, we paid close attention to issues of process (policies and committees) as against outcome (appropriate equipment operated by a trained practitioner). We also reviewed organisational ("system'') issues as against individual and, as far as practicable, subjective risk judgements as against those for which objective evidence could be presented. Our key finding was that criteria yielding poor Controls Assurance (high risk) scores were predominantly outcome orientated. From this we suggest that future analyses should pay explicit attention to the process-outcome balance within the structure of the assessment process.