Risk management in an IPA setting - part I - independent practice association

Physician Executive, May, 1994 by Jonathan Harding

When physicians were seen as "captains of ships," they were responsible for the acts of other health professionals. Hospital risk management strategies have developed over the past 30 years, as courts have found hospitals liable for acts performed in their facilities. As medical care has shifted from the hospital to ambulatory care, some large ambulatory care facilities, such as multispecialty medical groups, have found a need to develop risk management programs of their own. They usually start with the hospital risk management model, although they deal with a different set of patient mishaps and somewhat different diagnoses. The development and growth of new health care delivery organizations, such as HMOs, have led to new legal strategies to extend liability for negligence. This requires a response by these organizations to manage risk.

Traditional Risk Management Functions

Risk management texts describe risk management processes in detail.[5-7] The basic elements of this process include:

* Risk Identification--identifying

areas of operation that put the

organization at risk. Broadly, these

include professional malpractice,

general liability, workers' compensation,

casualty exposure, hazardous

substance exposure, potential

environmental damage, transportation liability, defamation, embezzlement, antitrust, breach of contract, fraud and abuse, securities violations, and others.

* Risk Measurement--use of probability

data and prior loss history

to estimate the potential losses in

each area of risk identified.

* Risk Financing--accruing or

insuring for identified and measured

risks, or determining to pay

losses out of operating income.

* Risk Avoidance-reducing areas

of identified risk by limiting the

business to less risky ventures.

* Risk Control--methods to minimize

losses due to risk that the

business cannot avoid.

Each of these elements applies to IPA- and network-model HMOs. Senior management usually performs the first four elements. In collaboration with legal counsel, managers review business operations for liability risk. Managers estimate the dollar value of this risk and then decide to insure against losses or to self-insure. They may decide to contract for legal services or to develop an internal legal department. In some cases, the organization may forgo certain parts of the business as too risky. For example, a staff-model HMO may decide not to provide perinatal services (and contract for them instead) because the liability risk is not worth the potential operational cost savings.

Once senior management completes this analysis, the organization will still retain some risk. It may insure itself against that risk. Insurance companies vary their premiums according to the degree to which management controls risk. Organizations that decide to self-insure, or to purchase insurance with high deductibles, will retain more risk. Whatever the insurance decision, most organizations have an incentive to control risk.

Risk Control

Risk control is the function most people associate with risk management. There are several types of risk control:

* Risk Transfer--use of contracts or

other means to shift the financial

burden of losses to another party,

such as a supplier or a customer.

* Risk Prevention--policy and procedure

design, system design, and

educational programs to reduce

occurrences that put the organization

at risk.

* Risk Mitigation--a set of decisions

and activities undertaken,

once an adverse event has

occurred, to reduce the probability

of lawsuits.

* Litigation Management--actions,

taken after an allegedly

injured party has filed a lawsuit, to

lessen the financial, emotional,

and public relations impact of legal

claims. The strategies described above apply to any business. An organization that provides health care has a special risk: medical malpractice. Risk managers in health care may be responsible for all areas of risk, including workers' compensation, general liability, and hazardous substance disposal. Or, medical risk managers may limit the scope of their involvement to malpractice liability.

The lines between these categories of risk sometimes blur. For example, an HMO employee may also be a patient, and workers' compensation, general liability, and malpractice risk may arise from a single injury. In IPA-model plans, attempts to exclude a physician may subject the HMO to antitrust actions, but failing to expel a physician can incur the risk of tort and breach of contract claims. The focus of this article is malpractice risk.

Legal Principles of HMO Liability

In IPA- and group-model plans, the HMO contracts with independent providers to deliver care. When medical errors occur, the direct provider, rather than the HMO, is usually responsible. Yet there are several legal principles that have been or could be invoked to impose liability on the HMO.

The law recognizes three type of business relationships that may arise in the IPA setting, with varying degrees of liability--employer/ employee, agency, and independent contractor. The legal relationship between an HMO and a group or IPA physicians will vary with the details of the specific relationship and with the opinions of the court in the specific case.