Skip to main content

An Introduction to Risk Management for EMS


This is the first in a series of articles for EMS managers from MONOC Mobile Health Services. MONOC is New Jersey's largest provider of EMS and medical transportation and its first CAAS-accredited agency. The goal of this series is to provide insight and solutions for the different managerial and operational challenges facing the EMS leaders of tomorrow. For more, see

There is risk in everything we do. There is risk in ambulance operations, both 9-1-1 and nonemergency services, each having their own peculiarities. The goal of any risk management program is to reduce an agency's exposure to risk and provide a safe environment for its employees, visitors and patients. The results of a well-functioning risk management plan should be a reduction in hazards that add to the bottom-line costs of doing business and protection of the physical and financial assets of the organization.

The five steps to any risk management process are:

  • Identifying the risk;
  • Quantifying the risk potential;
  • Prioritizing the risk;
  • Implementing controls and mitigation strategies;
  • Evaluating and revising the process.

One of the first steps in risk management is to identify the risks faced, also know as exposures. The simplest way to do this is to make a list of potential problems in each section of the company. Include all departments--billing, operations, communications and administration. Examine incident reports and quality assurance audits. Talk with your insurance carriers, as they have developed a risk profile for you and used the data to determine your rates.

Risk assessment takes into account two dimensions: the probability of an occurrence (frequency) and its impact on the work environment and employees (severity). In other words, how often can it happen, and how bad can it be? To consider these questions, utilize the following scales:

Frequency: How often will it happen?

  • Very often: A near-certainty to occur;
  • Often: May occur regularly or periodically;
  • Not often: Rare, or unlikely to occur;
  • Almost never: Zero or near-zero probability.

Severity: What happens if it happens?

  • Catastrophe: Death or permanently disabling injury or loss of work facility;
  • Serious consequences: Severe debilitating injury or interruption of operations;
  • Moderate impact: Significant injury or illness requiring more than first aid;
  • Minor impact: bNo injury, lost work time or interruption of work.

Construct a simple table like Table 1 and enter each risk into the appropriate section. Focus first on those categorized as high frequency/high severity, as these will have the greatest financial impact on your agency. Typically, you will find motor vehicle collisions, worker's comp cases, stretcher drops, patient injuries and lawsuits in this section.

Once issues have been identified, the risk manager, in conjunction with the rest of the management team, needs to develop mitigation strategies. These can include both pre- and post-loss activities. Pre-loss strategies include development of protocols that will define the system's standard of care by detailing things like how operations are to be conducted. This may include driving standards, dispatch protocols, hiring practices and clinical competency standards. Operations and clinical departments should attempt to track infectious-exposure reports, incident reports, customer complaints, protocol violations, medication errors, near-miss events and equipment malfunctions. Work to identify trends and patterns to predict future occurrences. As an example, there may be several complaints from crew members that the safety devices on the angiocatheters do not lock closed, resulting in potential needlestick exposures.

Controlling Risk

There are several methods for controlling risk, each having its own strengths.

In exposure avoidance, we choose not to engage in a particular activity. For instance, a system may choose not to have specially trained EMS providers for tactical response. This may reduce the likelihood of exposure to particular risks (e.g., gunfire, exposure to violent criminals), but it may also cause problems within a community relying on that service. In many cases, you may not be able to avoid the exposure; therefore, you must attempt to control the risk through other strategies.

Segregation of loss exposures involves structuring your activities and resources in such a way so that if an incident occurs, it does not affect the entire organization. An example would be using multiple vendors for medication supplies or fleet services. It could also include storing supplies at individual posts in addition to a centralized warehouse.

Risk transfer essentially entails getting someone else to do it for you. You may look, for example, at having another agency function as your PSAP, and thus assume the liability for call screening. You may also transfer the financial liability for an activity you wish to retain through the purchase of insurance from a third party.

Another option is risk retention, which is deciding how much risk you want to assume. Will you go self-insured and be responsible for first dollar on all losses, but still purchase insurance for excess coverage? Many agencies are becoming self-insured for auto accidents and worker's compensation.

After an Event

Once an event has occurred, there are things that need to be done immediately to lessen the impact on the organization and prevent future occurrences.

First, initiate an investigation. Take statements from involved employees and obtain copies of call reports, incident reports, police reports and all recordings (e.g., dispatch tapes from involved agencies, medical control recordings), photographs and video. Gather copies of current SOPs, memos and policies that pertain to the incident. Get quality assurance records, but check with your legal counsel as to how to maintain confidentiality, particularly if you anticipate being named in a lawsuit. Keep these files in a secure area. The purpose of the internal investigation is to identify what part of the process failed and propose new methods for prevention.

As an example, say a crew drops a patient while unloading them from the ambulance. The crew should notify the supervisor; secure an RMA (assuming the patient does not complain of additional injury); notify the receiving facility of the event; and document the name of the person accepting the report. The stretcher should be taken out of service and evaluated by a qualified technician. A manager should follow up with patient to ensure there are no additional complaints.

Other Resources

While many systems do not have the resources for a full-time risk manager, this should not limit the implementation of risk reduction techniques. Risk management principles can and should be practiced by every member of the organization.

Other resources include your insurance company--it has an interest in helping your agency reduce its losses. It will also have volumes of historical and comparative data. You can also benchmark yourself against the Bureau of Labor Statistics database, which is available at Another readily available resource is the National Fire Protection Association. The NFPA has developed standards for establishing a risk management plan. Two documents worth obtaining are NFPA 1500: Standard on Fire Department Occupational Safety and Health Program and NFPA 1521: Standard for Fire Department Safety Officer.

The American Society for Healthcare Risk Management offers a certification program that covers the entire spectrum of risk management in the healthcare setting. Lastly, do not forget the Occupational Safety & Health Administration. OSHA offers a tremendous amount of resources, including downloadable training programs, e-tools and templates.

Peter I. Dworsky, MPH, EMT-P, CCEMT-P, is the director of special operations and safety and risk management for MONOC Mobile Health Services in New Jersey, where he is responsible for injury-prevention programs, disaster preparedness and emergency management, and grant writing. He has been involved in many aspects of EMS and emergency management since 1985. For more information, e-mail Peter.Dworsky@MONOC.ORG.

Back to Top