person point at risk management

7 steps to improve your post-pandemic risk management.

Risk is inherent in everything we do in our practices. While we’ll never eliminate all risk, we can minimise it with effective strategies that inform our practice policies and procedures. The COVID-19 pandemic, in particular, brings more risk potential and as we learn to live with the virus, healthcare practices need to be even more vigilant of their risk mitigation and management strategies.

What is risk?

Put simply, risk is your exposure to uncertain negative outcomes. For example, the possibility of economic or financial loss or gains, physical damage, injury or delay as a consequence of an outcome or an event. Risk is measured in terms of:

  • likelihood of occurrence
  • the severity of the consequence (if it were to occur) and impact on your organisation’s business objectives.

Risk can present opportunities for business growth, too. So, instead of reacting to risk, a proactive planning approach helps you address risks before problems occur, and identify and exploit business opportunities. Here, we will look at seven steps to creating a risk management framework for a post-pandemic world.

But first, assess your practice risks

To set parameters around your risk management, you need to first identify the risks your practice is likely to face.

You may have heard of a SWOT (Strengths, Weaknesses, Opportunities, Threats) business analysis. This looks at internal and external influences on your business, helping you capitalise on your strengths and opportunities, while finding ways to improve your weaknesses or address your threats. Similarly, a PEST (Political, Economic, Socio-cultural and Technological) analysis helps you look at the bigger picture; external business influences. Documenting and regularly reviewing both can help your business better plan for risks and opportunities.

Especially in this post-pandemic world, staying on top of ever-changing regulations and technological developments is crucial to managing practice risk. This is where your policies and procedures play a critical role. And the easier they are to create, share and update, the better. Using an online practice management platform like PracticeHub you can document and centrally store your policies and procedures relating to your identified risks, so all staff can contribute, keeping them current and compliant with healthcare legislation and regulations.

7 steps to creating a risk management framework

Effective risk management involves a whole-of-practice approach to identifying, analysing, treating and monitoring your practice risks. It needs to start from the top down, with leaders setting expectations and accountability around approaches to risk, and fostering an open disclosure, no-blame, risk-aware culture.

To illustrate these seven steps, we’ll use a hypothetical example of a practice administering COVID-19 vaccinations.

Step 1: Establish the context of risk management

Decide on your risk appetite. This is the level and type of risk your business is prepared to take to pursue a goal. A practice running a vaccination clinic would have a low risk appetite for people getting needle stick injuries, so needs to think about what policies and procedures to create around managing this risk. It could create a training policy, educating staff on the processes for use and disposal of sharps. PracticeHub’s inbuilt training modules can help with this task.

Step 2: Identify your risks

Ascertain what risks can occur in your practice – the what, when, where and how. For example, if a practice is increasing the volume of injections it administers, it needs more needles and therefore, tighter processes around safe sharps management. In PracticeHub, you can create a policy and procedure for this, including links to relevant industry regulations and standards, so it’s easy for all staff to access.

Step 3: Analyse the risk

Likelihood: Rating the likelihood of a risk occurring helps you decide which takes priority in your mitigation process.

likelihood rating table

Consequence: Rating the consequence on your practice if a risk did occur helps you plan your response.

consequence rating
risk rating matrix

Step 4: Evaluate the risks

Using your risk matrix, you can easily evaluate each risk against the criteria on the matrix to:

  • review existing risk controls
  • determine residual risk
  • prioritise residual risk

Residual risks are those that remain despite your control measures, and they need to be prioritised. You may decide some risks can be accepted without further action, but they may need to be regularly reviewed.

Step 5: Treat the risk

Referring to your risk matrix also helps you decide how to treat each risk:

  • Extreme – You may choose to terminate the activity
  • High – You may transfer or treat risk – based on likelihood and/or consequence
  • Moderate – Treat risk by reducing likelihood and/or consequence
  • Low – Tolerate risk

In the example of higher volumes of vaccinations, a practice will need more sharps containers, which increases risks around needle safety and disposal. One way to treat this risk is placing signs in areas where sharps are used, with messaging such as: ‘The user of the sharp takes responsibility for its safe management and disposal at point of use.’

Step 6 & 7: Monitor and review the risks / Communicate and consult

Include risk review as a standing item in your team meetings agenda, with an incident reporting protocol. It’s an opportunity to share learnings and actions around better managing future risks.

Documenting these seven steps can form the basis for your practice’s risk register, as a simple spreadsheet, and doing this in PracticeHub means it’s easily accessible for the entire team to contribute to and stay informed.

Understand the link between risk and compliance

Complying with regulations, standards and legislation essentially formalises risk management and reduction. As well as being critical to all businesses, risk management is a mandatory part of accreditation compliance with RACGP Standards for General Practices, 5th Edition, Criterion C3.1: Business operation systems, Indicator C: ‘Our practice has a business risk management system that identifies monitors and mitigates the risk in our practice’.

But compliance is not something you do only when you’re seeking accreditation. It’s an ongoing process, and your policies and procedures are critical to ensuring regular compliance and risk management. Well written policies and procedures will detail the compliance tasks you need to fulfil on a daily, weekly, monthly and annual basis. With PracticeHub, you can set reminders to alert you to upcoming compliance tasks, ensuring you always meet your obligations.

While you can’t cover all bases in managing risk, a sound framework as outlined above can bring you a degree of comfort. And using PracticeHub to create, review and update your risk management policies and procedures, helps everyone in your team be more risk aware, creating a safer practice for your staff and patients.

Discover how PracticeHub enhances your risk management strategies. Phone us on 1300 469 866 or book a meeting with one of our helpful consultants.

Book a meeting


This article is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on its content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this article must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published. © Avant Mutual Group Limited 2024.

To Top