I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Talking about risk and statutory compliance without scaring or boring your board

Posted by

If you are a CEO or ED of a healthcare organization, you need to talk to your board about risk.

How do you do it without scaring them or boring them?

You make risk real. You explain real situations that have happened to similar organizations.

Here are a couple of pointers:

Give them a risk architecture: Most board members don’t know the categories of risk that you face. Give them a high level overview or architecture of risk that they can see the 20,000 ft view of risk.  Risks like: (1) Clinical or Patient/Client Safety; (2) Human Resources; (3) Financial; (4) Technological. What other risks form your enterprise risk management program?  Give them the high level summary so they know how to start to categorize risks. Give them an architecture to hang their risk questions and ideas on.

Give them a high level summary of the laws that apply to them: Did you know there are more than 40 laws that apply to health care organizations in Ontario?  Show them the laws that apply in the categories of (1) Clinical; (2) Corporate; (3) Human Resources/Employment; and (4) Building/Facility.

If you have governing legislation specific to your type of facility or service – make sure you highlight that for them.  For example, the Public Hospitals Act or the Long-Term Care Homes Act, 2007 or the Laboratory and Specimen Collection Centre Licensing Act. Heads up: Primary care teams like FHTs do not have an overarching law they need to point to.

Tell them about the 5 Duties: Prioritize risk for your board.  Sure they need to know about ALL the risks – but make sure you tell them about the 5 duties that every health care organization needs to know about and manage:

  1. Duty to remit taxes
  2. Duty to abide by employment standards
  3. Duty to abide by occupational health and safety standards
  4. Duty to respect privacy
  5. Duty to protect the environment

If you do not manage these duties properly, the risks can be devastating to your organization and there can be personal liability for board members. Make sure you are crystal clear on those duties and the potential consequences and then demonstrate to the board that you are responding to those duties and managing those risks.

Give your board members practical tasks: Help your board members by giving them questions to ask you.  In your board training, explain to them how they fulfill their duty to be vigilant.  Explain how they need to come to meetings and read the materials and ask good questions.

Tell stories of other organizations: There is nothing like storytelling to make “fanciful” risks real.  Telling your board members about what has happened to another similar type of health organization helps them understand what can happen. It also communicates to your board that you are up-to-date and knowledgeable about your risk context and then you can share how you are taking steps to avoid such risks on your team.

Tell your board about insurance and other coverage for them: Board members need to be reassured that there is insurance for them too. Once you have explained all the ways things could go horribly wrong, tell them about how you manage their risks so they don’t get too worried.

Let me know if you’d like onsite board risk and statutory compliance training. It’s one of my favourite topics!


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s recent and upcoming events

Free healthcare privacy webinar - ask me anything!
the first Wednesday of every month

Free webinars - advance registration needed

Whether you're an experienced privacy officer or new in the field, pick Kate’s brain for free for an hour, in this live webinar. No charge, but you’ll need to register in advance.

Health Privacy Officer Foundations training
September 14, 21, 28, October 5, 12, 19, 26 2021

For Privacy Officers within healthcare organizations.

This course focuses on how to become a more confident privacy officer and gives you the tools to document your privacy program. Full details and registration here...

Join the Shush: a collective of health privacy officers
Annual membership 2021

For Privacy Officers within healthcare organizations

This is an annual membership program that takes theory into practice and tackles real life scenarios to build Privacy Officer skills.
Full details and registration here.

Primary care webinars: Employment Law Update & Legal Issues for EDs and Board members

Part of Kate’s monthly webinar series.

Our September program will address toxic employees and in October we discuss collaboration agreements.
Full details of the 2021 webinar series and registration here.

Team Privacy Training Events
September 22, 23, 24, 27, 30 October 13, 14, 20, 21

For Primary Care clinics, Hospitals, Community Agencies, Mental Health Teams, Public Health Units, School Boards, Police departments

Kate trains health professionals from many more health care organizations how being privacy-respectful can improve therapeutic relationships. More details...

Part X CYFSA Privacy Designate Course - video course online

For Privacy Designates in the child welfare sector including children's aid societies and indigenous children's well-being centres

We focus on how to implement Part X of the Child Youth and Family Services Act in your organization.
Full details and registration here.

Free summary of all PHIPA IPC decisions

Want to read privacy breach stories to learn how to improve your work? We have summarized all the Information and Privacy Commissioner's health privacy decisions for you Download here...

NEW! Ontario Hospital Association Professional Staff Credentialing Toolkit

2nd Edition is now available for managing physicians, dentists, midwives and nurse practitioners in hospitals Read here...

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

Join The Shush, my community for Privacy Officers in the healthcare sector. Develop knowledge, skills and judgment,… https://t.co/xB1KRZ1Yw5

about 11 hours ago

[NOV 4 – WEBINAR SERIES] Harassment & discrimination -- What to expect at the Human Rights Tribunal Register now:… https://t.co/LNU8wgW7h4

12:00 PM Sep 27th


contact details

P.O. Box 97010 Roncesvalles
Toronto Ontario M6R 3B3

(416) 855 9557

.