I’m Kate Dewhirst.

My team and I write about legal issues affecting healthcare in Canada.

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Talking about risk and statutory compliance without scaring or boring your board

Posted by

If you are a CEO or ED of a healthcare organization, you need to talk to your board about risk.

How do you do it without scaring them or boring them?

You make risk real. You explain real situations that have happened to similar organizations.

Here are a couple of pointers:

Give them a risk architecture: Most board members don’t know the categories of risk that you face. Give them a high level overview or architecture of risk that they can see the 20,000 ft view of risk.  Risks like: (1) Clinical or Patient/Client Safety; (2) Human Resources; (3) Financial; (4) Technological. What other risks form your enterprise risk management program?  Give them the high level summary so they know how to start to categorize risks. Give them an architecture to hang their risk questions and ideas on.

Give them a high level summary of the laws that apply to them: Did you know there are more than 40 laws that apply to health care organizations in Ontario?  Show them the laws that apply in the categories of (1) Clinical; (2) Corporate; (3) Human Resources/Employment; and (4) Building/Facility.

If you have governing legislation specific to your type of facility or service – make sure you highlight that for them.  For example, the Public Hospitals Act or the Long-Term Care Homes Act, 2007 or the Laboratory and Specimen Collection Centre Licensing Act. Heads up: Primary care teams like FHTs do not have an overarching law they need to point to.

Tell them about the 5 Duties: Prioritize risk for your board.  Sure they need to know about ALL the risks – but make sure you tell them about the 5 duties that every health care organization needs to know about and manage:

  1. Duty to remit taxes
  2. Duty to abide by employment standards
  3. Duty to abide by occupational health and safety standards
  4. Duty to respect privacy
  5. Duty to protect the environment

If you do not manage these duties properly, the risks can be devastating to your organization and there can be personal liability for board members. Make sure you are crystal clear on those duties and the potential consequences and then demonstrate to the board that you are responding to those duties and managing those risks.

Give your board members practical tasks: Help your board members by giving them questions to ask you.  In your board training, explain to them how they fulfill their duty to be vigilant.  Explain how they need to come to meetings and read the materials and ask good questions.

Tell stories of other organizations: There is nothing like storytelling to make “fanciful” risks real.  Telling your board members about what has happened to another similar type of health organization helps them understand what can happen. It also communicates to your board that you are up-to-date and knowledgeable about your risk context and then you can share how you are taking steps to avoid such risks on your team.

Tell your board about insurance and other coverage for them: Board members need to be reassured that there is insurance for them too. Once you have explained all the ways things could go horribly wrong, tell them about how you manage their risks so they don’t get too worried.

Let me know if you’d like onsite board risk and statutory compliance training. It’s one of my favourite topics!


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Free healthcare privacy webinar - ask me anything!
the first Wednesday of every month

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our 2025 program is now live.
Full details of the 2025 webinar series and registration here.

Mental Health webinars: Legal issues for mental health and addictions agencies and teams
Annual membership 2025

For managers and other leaders from mental health and addictions agencies, hospitals, CMHAs, CHCs, school boards, FHTs and Indigenous health services

This is an annual membership program with monthly webinars.
Full details and registration here.

Health Privacy Officer Foundations training
starts Spring 2025

For Privacy Officers within healthcare organizations.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Join the Shush: a collective of health privacy officers
Annual membership 2025

For Privacy Officers within healthcare organizations

This is an annual membership program that takes theory into practice and tackles real life scenarios to build Privacy Officer skills.
Full details and registration here.

Team Privacy Training Events

For Primary Care clinics, Hospitals, Community Agencies, Mental Health Teams, Public Health Units, School Boards, Police departments

Scheduled to your team's needs for comprehensive or refresher training More details...

Free summary of all PHIPA IPC decisions

Want to read privacy breach stories to learn how to improve your work? We have summarized all the Information and Privacy Commissioner's health privacy decisions for you Download here...

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

  • Our twitter feed is unavailable right now. Follow us on Twitter
  • contact details

    P.O. Box 13024, RPO Bradford Centre
    Bradford, ON, L3Z 2Y5

    (416) 855 9557

    .