I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Talking about risk and statutory compliance without scaring or boring your board

Posted by

If you are a CEO or ED of a healthcare organization, you need to talk to your board about risk.

How do you do it without scaring them or boring them?

You make risk real. You explain real situations that have happened to similar organizations.

Here are a couple of pointers:

Give them a risk architecture: Most board members don’t know the categories of risk that you face. Give them a high level overview or architecture of risk that they can see the 20,000 ft view of risk.  Risks like: (1) Clinical or Patient/Client Safety; (2) Human Resources; (3) Financial; (4) Technological. What other risks form your enterprise risk management program?  Give them the high level summary so they know how to start to categorize risks. Give them an architecture to hang their risk questions and ideas on.

Give them a high level summary of the laws that apply to them: Did you know there are more than 40 laws that apply to health care organizations in Ontario?  Show them the laws that apply in the categories of (1) Clinical; (2) Corporate; (3) Human Resources/Employment; and (4) Building/Facility.

If you have governing legislation specific to your type of facility or service – make sure you highlight that for them.  For example, the Public Hospitals Act or the Long-Term Care Homes Act, 2007 or the Laboratory and Specimen Collection Centre Licensing Act. Heads up: Primary care teams like FHTs do not have an overarching law they need to point to.

Tell them about the 5 Duties: Prioritize risk for your board.  Sure they need to know about ALL the risks – but make sure you tell them about the 5 duties that every health care organization needs to know about and manage:

  1. Duty to remit taxes
  2. Duty to abide by employment standards
  3. Duty to abide by occupational health and safety standards
  4. Duty to respect privacy
  5. Duty to protect the environment

If you do not manage these duties properly, the risks can be devastating to your organization and there can be personal liability for board members. Make sure you are crystal clear on those duties and the potential consequences and then demonstrate to the board that you are responding to those duties and managing those risks.

Give your board members practical tasks: Help your board members by giving them questions to ask you.  In your board training, explain to them how they fulfill their duty to be vigilant.  Explain how they need to come to meetings and read the materials and ask good questions.

Tell stories of other organizations: There is nothing like storytelling to make “fanciful” risks real.  Telling your board members about what has happened to another similar type of health organization helps them understand what can happen. It also communicates to your board that you are up-to-date and knowledgeable about your risk context and then you can share how you are taking steps to avoid such risks on your team.

Tell your board about insurance and other coverage for them: Board members need to be reassured that there is insurance for them too. Once you have explained all the ways things could go horribly wrong, tell them about how you manage their risks so they don’t get too worried.

Let me know if you’d like onsite board risk and statutory compliance training. It’s one of my favourite topics!


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our December program will address harassment in the workplace.
Full details of the 2021 webinar series and registration here.

Free healthcare privacy webinar - ask me anything!
the first Wednesday of every month

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Team Privacy Training Events
November 11, 12, 13, 18, 24, 25, 26, December 4 7

For Primary Care clinics, Hospitals, Community Agencies and Children’s Aid

Kate trains health professionals from many more health care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Free Part X CYFSA privacy webinar - ask me anything!
the second Wednesday of every month

Free webinars - advance registration needed

Whether you're an experienced privacy designate or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Part X CYFSA Privacy Designate training
November 10 and 17

For Privacy Designates in the child welfare sector including children's aid societies and indigenous children's well-being centres

This course focuses on how to implement Part X of the Child Youth and Family Services Act in your organization.
Full details and registration here.

Health Privacy Officer training
April 2021

For Privacy Officers within healthcare organizations - now totally online.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Advanced Health Privacy Officer training
June 2021

For Privacy Officers within healthcare organizations - now totally online

This course focuses on taking theory into practice and we do real life scenarios to build your Privacy Officer skills.
Full details and registration here.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets


RT @choirchoirchoir: We sang the 🇨🇦 anthem at the Grey Cup 3 yrs ago + trended because we upped the BPM’s + actually had a good time with…

05:35 PM Nov 26th


contact details

P.O. Box 97010 Roncesvalles
Toronto Ontario M6R 3B3

(416) 855 9557

.