In this case study, research firm GRC 20/20 describes how Winona Health, a LogicManager customer in the healthcare industry, used the software to integrate its enterprise risk management (ERM) and incident management programs in 45 days – winning the 2016 GRC Value Award in Risk Management.
As a large, nonprofit healthcare provider, Winona Health manages more than 3,000 incidents annually and has more than 1,000 employees that need to report or manage these incidents. This customer needed to find a user-friendly risk-based solution that could be implemented quickly, without professional service fees.
If end users found the system difficult to use, the number of incidents reported could decline, which would undermine the efforts of their risk and compliance teams. If the system wasn’t fully up and running within 6 weeks, the time between signing with LogicManager and the end of their contract with a previous incident management solution, then employees would not be able to report incidents, creating huge regulatory and liability concerns.
With LogicManager’s risk-based foundation, Winona Health is better able to identify the root causes of incidents, reduce the number of cases reported, and shorten incident processing time. “Winona Health’s goals demonstrate their program’s maturity and we commend them on their success,” said Steven Minsky, Chief Executive Officer of LogicManager. “By adopting a holistic approach to risk management, Winona Health is better positioned to mitigate risks before they turn into real threats. This will give them the ability to make informed, confident business decisions.”
Winona Health is an independent, community-owned healthcare provider focused on providing high-quality, low-cost healthcare to its community. By leveraging technology, including the use of integrated electronic medical records, this customer has been named repeatedly to Health Network’s list of “Most Wired” hospitals.
Like many other healthcare organizations, Winona Health is required by law to collect a large variety of incidents related to patient and visitor safety, each with its own unique workflows and required fields, from any employee across all areas of the hospital.
Managing over 3,000 incidents in any calendar year was logistically challenging and integrating their current method of incident collection with a board-mandated enterprise risk management program was not feasible given the limitations of their previous incident management software.
The business recognized that separating its incident management program from ERM would significantly dampen the value its program could provide. Incidents were manifestations of risk, and if the business could not track their risk mitigation activities back to their effort on hospital incidents, how would they know which controls were most effective, and where to provide additional resources?
This implementation presented logistical challenges as well. The client had just 45 days between signing their agreement with LogicManager and the end of their contract with the previous incident management solution. Any downtime in employees being able to report patient safety incidents would cause huge regulatory and liability concerns, leaving the risk management group in the dark and unable to follow up on and resolve critical events. Additionally, with over 1,000 employees, all of whom needed to be capable of reporting or managing incidents, any change in systems would require the buy in of business users. If end users found the new software challenging, the number of incidents reported could decline, undermining the efforts of the risk and compliance teams. It was critical to the organization that the new system be configured, and that users were trained appropriately within that 6-week period.