Rijnstate was one of the first hospitals to commit to horizontal supervision. You were the project leader of that at Rijnstate. Why did you think it was such an important issue that you were one of the first to start it?
‘As a hospital, we were troubled by the constantly changing laws and regulations, sometimes introduced retroactively. It was difficult to keep adjusting work processes to this. We had to perform extensive retrospective checks to prove that we were working in accordance with the new laws and regulations.’
‘There were also all kinds of requirements from health insurers. We had as many as six health insurers visiting us, who also conducted their own audits. Those audits revealed corrections, and they could go back up to four years. So we didn't really know whether the figures were certain either!’
‘You don't want to know what an administrative hassle it was. And that motivated us to stick our necks out to change that. Together with the Martini Hospital and ZGT, we sat down with Menzis and started a pilot. The NZA was also involved and helped us with an unambiguous interpretation of the laws and regulations.’
‘The basis of the plan was: first time right. Not that we weren't doing it right, but you could see that the cause of an error was not being addressed. A lot was corrected by retrospective checks, but an underlying problem was not addressed. And that had to change, you have to get the processes right at once so that the registration at the beginning of the process is right at once.’
‘In my opinion, we succeeded in doing just that. Almost no errors occur now. We shared the findings from our pilot with other hospitals and merged them with pilots from other insurers and hospitals. That led to a national framework. We now have one representative lead health insurer that comes along with another representative health insurer. There is a framework of standards, an integrated risk management system, and the processes are in place.’
‘We also give people insight. Managers and heads of departments get reports, and we have dashboards for each department. This allows them to see what they are registering things for, where things have gone wrong, or where things are going well. And they can steer themselves on observed errors.’
‘In this process, it was very important that we involved the whole hospital. What do these guidelines and these rules mean? And how are these now properly incorporated into the processes? I tell it very easily now, but this did take five years.’
For this, your risk management and compliance must be well-embedded in your organization. How have you addressed that?
‘By not imposing from above what should be done, but making sure that people themselves start thinking about risks from within their processes. To get them to realize, “Hey, I am running a risk here”, or “This is not right in the regulations”, and open discussions about that. And if they find that unnecessary, then you start the conversation internally, or sometimes even nationally. “Why do you think that's unnecessary?” If we find, for example, that a lot is being registered somewhere, and nobody is doing anything about it, then we ask ourselves: what do we really want to focus on?’
‘The relationship between risk management and objectives is very important. The objectives of Rijnstate and the derived objectives of organizational units are central. Well, the quality of care must, of course, be good; nothing must go wrong for the patient, and you must also not declare more or less than necessary. But we also talk about team goals and individual goals. Then we look at what can go wrong so we don't achieve our goals, what risks we are running, and what measures we should take next. What do we need to achieve those goals?’
‘Of course, the board must have the same vision. Our Board of Directors fortunately has that. As a Board of Directors, they don't want to impose everything either, but it has to come intrinsically from the people. Otherwise, the quality is just not enough. Then it becomes a checklist for us, but that is not the intention. Our employees must find it necessary from their own behavior to think about the risks.’
Can you cite an example from Rijnstate of how people think about risk from their own behavior?
‘I think the AVG and privacy is a good example. Some things you can regulate, such as DPIAs and processor agreements. But when things go wrong in privacy, it always has to do with people's behavior. That something was accidentally sent to the wrong doctor, that confidential data was thrown into an unsecured paper container, or that a laptop is open.’
‘So for the most part, it's behavior change and creating awareness. That's what almost 95% of my work is about. If you want to change behavior in a good way, you shouldn't go auditing as a staff department and say, “I see a piece of paper here; that's not allowed.” You won't achieve anything with that.’
As a result, risk and compliance are no longer prescriptive and coercive, but supportive and helpful.
‘True, we moved away from that prescriptive and that system-oriented. So, we were very far along with our risk management system; it was very well put together. But what happened? A risk inventory had to be made, people went to that meeting and went through the list, and the list ended up back in the drawer. The mindset was, “We're going to do some risk management now”.’
‘Now, risk management is a part of the normal work process. It's in people's behavior. Employees now ask themselves, “I have an objective, and I may or may not achieve it because of these risks.” Then, we talk about that.’
‘You also see all kinds of improvement boards in our organization now. On Monday mornings, they talk together, and they implement scrum methods. The method doesn't matter that much, I think, we're not going to impose that as risk and compliance. And that works, the organization is really working on it now. It's a self-learning organization.’
You are leaving as manager compliance & Risk at Rijnstate. How do you see the future of risk management at Rijnstate?
‘The new approach is part of the whole organization. That is the strength of our approach, also with Horizontal Supervision: everyone is involved.’
‘Risk management is really important in these times of many uncertainties and rapid developments and changes. I have every confidence in the way Rijnstate deals with risk management and the use of opportunities. We're well on track, and now we have to keep it going. We need to ensure that managers in their PDCA cycle will name the three top risks and that the Management Team discusses strategic risks. And we need to make sure it remains a continuous process: risk management is not an isolated process, it is an integral part of daily activities. If you go outside and you see dark clouds, you take an umbrella with you. Not because you think, “I am now going to do risk management”, but simply because it is part of people's regular behavior.’
.svg){kind=logo}
.svg){kind=logo}
.svg){kind=logo}
.svg){kind=logo}
.svg){kind=logo}
.svg){kind=logo}
.svg){kind=logo}
