What You Need to Know about HRO and ERM

February 23, 2022 Fernanda Sobreira and Oi Hua Lee

In recent years, we’ve heard a lot of talk in hospitals and conferences about High Reliability Organizations (HRO) and how it compares to its counterpart, Enterprise Risk Management (ERM). With so many arguments for and against the two management methods, it made us wonder if one was actually better than the other? In this blog, we break HRO and ERM down to uncover which of the two is superior. 

HRO isn’t a new concept, it’s been used for years in other complex and high-risk industries, such as airline and nuclear power enterprises, even amusement parks. At its core, it is a concept that has been widely adopted to avoid catastrophic events for long periods of time. 

When applied in a hospital setting, everyone—from front-line staff to executives—is responsible for safety. This model operates under the assumption that everyone is an expert in their respective roles and can provide valuable support in the relentless pursuit of patient care. Using this model means that everyone feels a level of accountability to ensure they all behave and contribute accordingly. 

HROs are designed to manage risk and deal with hazards and crises effectively. This is achieved by looking for faint signs of impending problems and acting quickly before things are able to get out of hand. In doing so, HROs are able to consistently reduce the number of accidents, despite operating under complex and difficult environments. HRO organizations rely heavily on failure and data analysis in order to build and maintain a culture of safety. 

More commonly used in healthcare organizations is the ERM method. This framework is used to identify, measure and act on a range of potential risks. Under this approach, hospitals consider the effects of a certain event to the organization—positive or negative, big or small. The goal is to rid the organization of variability and uncertainty that can detract from maintaining safe care to its patients. 

In an ERM setting, organizations rely heavily on data to achieve an interactive—opposed to a reactive—approach when it comes to identifying, analysing and managing risk. What’s more, ERMs recognize that risk can occur on any level, which is why it uses the concept of “domains of risk” where the number of domains can vary from organization to organization. In doing so, organizations are able to gain comprehensive insights for strategic planning of patient safety risks as well as business risks. 

So, which should you choose?
When comparing the two methodologies, you’ll likely find a fair share of similarities—for example they both depend heavily on failure and data analysis to make informed decisions for change. After all, they were both designed to achieve more or less the same goals. It seems to us that this isn’t a question of which one is better, but a question of which approach best suits how your organization might prefer to tackle safety. This is an important point to remember, especially when you hear from peers from other organizations that may already be heavily invested in one method and are now touting it up to be the best of the best.

As there are so many similarities, it may actually be worth considering merging the two concepts, allowing the two methods to work together. This would mean including the parts that have been overlooked in each method—highlighting both what has happened and could—and obviously keeping the parts that overlap. It may seem like an extra step now, but when it comes to safety, it seems reasonable to do all that we can. Even if that means casting a wider net by not ignoring either what has or could happen.


Previous Article
Whose Job Is Risk Management?
Whose Job Is Risk Management?

Risk in healthcare is a shared responsibility, from a patients bedside to a seat at the boardroom table.So ...

No More Articles