Skip Ribbon Commands
Skip to main content

Enterprise Risk Management

Enterprise Risk Management (ERM)


Enterprise Risk Management (ERM) can be described as a discipline, a management approach and a physician organizational process for identifying, managing, controlling, and monitoring all risks to the organization. In healthcare organizations, ERM can best be described as an ongoing business decision-making process instituted and supported by a physician organization’s board of directors, senior management and clinical leadership. ERM recognizes the synergistic effect of risks across the continuum of care, and has as its goals to assist the organization reduce uncertainty and process variability, promote patient safety and maximize the return on investment (ROI) through asset preservation, and the recognition of actionable risk opportunities.

Risk domains, commonly referred to as categories or areas of risk, are utilized in ERM processes. The domain elements can be expanded according to the physician organization’s preference and ERM approach, but the risk domains generally are considered to be operational, financial, human capital, strategic, legal/regulatory, technology and hazard.


ERM must include a systematic approach to analyzing the risks confronting a physician or physician organization. These include: risk identification; risk assessment; risk treatment; selection and implementation; and risk monitoring and improvement. In the ERM environment, additional tools are often utilized in an effort to prioritize the identified risks in the various risk domains, and to more effectively analyze the financial impact to the physician or physician organization, such as risk scoring or risk mapping.

Excerpt from Jay Martus & Peggy Nakamura, Enterprise Risk Management (ERM) Principles & Provider Liability for Physicians & Physician Organizations, Physicians & Physician Organization Law Institute (American Health Lawyers Association Feb. 2010).

Agency Guidance

Enterprise Risk Management offers healthcare organizations a comprehensive, analytical approach that facilitates sound decision-making. Based on a holistic view of a range of risk opportunities, ERM can be used in the selection of new service lines, new equipment, new procedures, and innovative approaches to address staff health and patient wellbeing. Caution must be exercised in “how” ERM data is utilized to make certain that this power array of data is not used in a negative way in potential litigation. Legal counsel has a significant role in ERM, providing important information to inform the decision-making process.

Excerpt from Fay A. Rozovsky, Putting the Patient First: Safety, Quality and Enterprise Risk Management, In-House Counsel Meeting (American Health Lawyers Association June 24, 2007).