I’m Kate Dewhirst.

I’m a lawyer who writes about legal issues affecting healthcare in Canada

Kate Dewhirst Health Law - bringing the law to life. Meet Kate (in 13 seconds)

Talking about risk and statutory compliance without scaring or boring your board

Posted by

If you are a CEO or ED of a healthcare organization, you need to talk to your board about risk.

How do you do it without scaring them or boring them?

You make risk real. You explain real situations that have happened to similar organizations.

Here are a couple of pointers:

Give them a risk architecture: Most board members don’t know the categories of risk that you face. Give them a high level overview or architecture of risk that they can see the 20,000 ft view of risk.  Risks like: (1) Clinical or Patient/Client Safety; (2) Human Resources; (3) Financial; (4) Technological. What other risks form your enterprise risk management program?  Give them the high level summary so they know how to start to categorize risks. Give them an architecture to hang their risk questions and ideas on.

Give them a high level summary of the laws that apply to them: Did you know there are more than 40 laws that apply to health care organizations in Ontario?  Show them the laws that apply in the categories of (1) Clinical; (2) Corporate; (3) Human Resources/Employment; and (4) Building/Facility.

If you have governing legislation specific to your type of facility or service – make sure you highlight that for them.  For example, the Public Hospitals Act or the Long-Term Care Homes Act, 2007 or the Laboratory and Specimen Collection Centre Licensing Act. Heads up: Primary care teams like FHTs do not have an overarching law they need to point to.

Tell them about the 5 Duties: Prioritize risk for your board.  Sure they need to know about ALL the risks – but make sure you tell them about the 5 duties that every health care organization needs to know about and manage:

  1. Duty to remit taxes
  2. Duty to abide by employment standards
  3. Duty to abide by occupational health and safety standards
  4. Duty to respect privacy
  5. Duty to protect the environment

If you do not manage these duties properly, the risks can be devastating to your organization and there can be personal liability for board members. Make sure you are crystal clear on those duties and the potential consequences and then demonstrate to the board that you are responding to those duties and managing those risks.

Give your board members practical tasks: Help your board members by giving them questions to ask you.  In your board training, explain to them how they fulfill their duty to be vigilant.  Explain how they need to come to meetings and read the materials and ask good questions.

Tell stories of other organizations: There is nothing like storytelling to make “fanciful” risks real.  Telling your board members about what has happened to another similar type of health organization helps them understand what can happen. It also communicates to your board that you are up-to-date and knowledgeable about your risk context and then you can share how you are taking steps to avoid such risks on your team.

Tell your board about insurance and other coverage for them: Board members need to be reassured that there is insurance for them too. Once you have explained all the ways things could go horribly wrong, tell them about how you manage their risks so they don’t get too worried.

Let me know if you’d like onsite board risk and statutory compliance training. It’s one of my favourite topics!


If you enjoyed this article please share it:


Previous and next posts from Kate:

Some of Kate’s Upcoming events

Team Privacy Training Events

April 19, May 17, June 13

For Primary Care clinics and FHTs

Kate trains health professionals from another three primary care organizations how being privacy-respectful can improve therapeutic relationships. more details...

Where immigration and health law issues collide

April 25, 2018

Presentation to invited Community Health Centre clients

In collaboration with immigration lawyer Jacqueline Swaisland.

2018 Privacy Officer Training

May 8 to June 12, 2018

16 hours live and online training

for Privacy Officers and Privacy Officers-to-be. Live sessions held in Toronto. details and booking...

De-escalation training

May 16, 2018

Training session for a Toronto Family Health Team

In conjunction with leadership coach Christine Burych.

Ask me anything (about health privacy)

12 noon, May 23, 2018

An hour webinar with Kate where you can ask Kate any privacy-related questions you have.

Open to all health Privacy Officers. Register here.

Kate Dewhirst Health Law

Kate says:

My mission is bringing the law to life. I make legal theory understandable, accessible and fun! I’m available and love to work for all organizations in the healthcare sector across Ontario and beyond.

Subscribe to my mailing list and keep up to date with news:

Latest Tweets

A recent Canadian study published in the JAMA found that hospitals have a serious issue when it comes to throwing a… https://t.co/PVINxywro8

about 9 hours ago

What do #FamilyHealth teams need to know about #SocialMedia and the #Law? https://t.co/xRqEcF6d5Y #healthprivacy #FHTs #HealthLaw #employee

about 21 hours ago

[MAY 23] Register now for my “Ask Me Anything” webinar! Do you have privacy questions you want to ask me? This is y… https://t.co/R0bvs5h6JK

02:01 PM Apr 24th

contact details

901 King Street West Suite 400 East Tower
Toronto Ontario M5V 3H5

(416) 855 9557