The following is an opinion piece written by Steve Treece (pictured), CFIRM, head of corporate risk, corporate portfolio office, NHS Digital and chair of the IRM Health Special Interest Group offering his views on the risk landscape for 2019. The views expressed within the article are not necessarily those of Corporate Risk and Insurance.
Brexit looms ever larger on the horizon, with continuing uncertainty about the terms under which the United Kingdom will leave the EU and potentially when this will happen. This makes planning for the consequences of Brexit for any organization more difficult but emphasizes the importance of risk management and contingency planning for a range of outcomes. In the health sector this planning needs to consider the entire supply chain, to ensure the continuing supply of essential medicines and other critical items. Other significant sources of Brexit related risks are likely to include retention of key workforce (and supplier) skills and the likelihood of increased costs of imports, whatever the terms of exit.
There is, however, a risk (if you will pardon the pun) that a focus on Brexit risks will blind us to other risks, which may coincide with or indeed exacerbate Brexit impacts. As a significant example, the continuing threats of cyberattacks, where we must continue to learn the lessons of the Wannacry ransomware attack of 2017, which caused significant disruption to the health sector, even though not directly aimed at the sector. The risks of data loss and a subsequent erosion of public trust in data sharing (which is an issue across the private and public sector spectrum) is also a major area of concern.
The health sector remains exposed to risks of ever-increasing demand, workforce shortfalls and the adequacy of funding (and the deployment of any additional funding). These are coupled with the need to transform and modernize services, including through the better use of data and technology in the improvement of care and whether there is sufficient capacity and capability to manage all of these risks simultaneously. I will be promoting the uptake of the new IRM certificate in digital risk management, in my own organization and, more widely, to contribute to managing these transformational risks.