Sage Journals: Discover world-class research

Abstract

Enterprise risk management (ERM) is essential for enhancing sustainability and operational resilience in Thailand’s private hospitals. This study aims to systematically identify and prioritize key enterprise risks, proposing mitigation strategies to enhance the resilience of the healthcare sector. A 4-phase mixed-methods approach was employed: (1) A 36-item risk inventory was developed based on global ERM frameworks and annual reports from 22 publicly listed Thai hospital companies. (2) A quantitative survey using a 5-point Likert scale was conducted with 48 senior risk and quality management professionals from HA- or A-HA-accredited private hospitals. Content validity was assessed using the Index of Item-Objective Congruence (IOC). (3) In-depth interviews were conducted with 5 ERM healthcare experts to analyze root causes and propose mitigation strategies. (4) A bibliometric analysis of 958 Scopus-indexed articles was conducted to validate global relevance, identify research gaps, and refine the study’s conceptual framework. The transition from the 36 initial risks to the 5 highest-ranked risks—clinical and patient safety, sentinel events, medical personnel shortages, cybersecurity threats, and litigation exposure—was based on quantitative ratings. Key contributing factors included ineffective clinical systems, communication breakdowns, staff turnover, low compensation, and limited cybersecurity literacy. Recommended strategies included proactive risk assessment, workforce planning, fostering a safety culture, ISO/IEC 27001 compliance, and improved provider-patient communication. The bibliometric analysis revealed a growing research focus on ERM in hospitals, with key themes encompassing patient safety, emergency response, organizational resilience, and cybersecurity—aligning with the findings of this study. This study proposes a structured ERM framework that identifies 5 key risks: patient safety, sentinel events, staff shortages, cybersecurity threats, and litigation. Recommendations include enhancing clinical governance, workforce policies, cybersecurity, legal risk management, and total quality management to improve healthcare resilience and sustainability.

Keywords

risk management risk assessment safety management patient safety delivery of health care

This mixed-method study explores enterprise risk management in private hospitals. Five key risks were identified: patient safety incidents, sentinel events, workforce shortages, cybersecurity threats, and litigation. Root causes were examined through qualitative interviews, and strategic mitigation approaches were proposed. The findings aim to strengthen structured risk management frameworks in the private healthcare sector.

Introduction

ERM has become critical in managing risk in complex and high-risk industries such as healthcare. By systematically identifying and mitigating risks, ERM enhances the organization’s performance by directing resources toward uncertainties, linking strategic goals to the organization’s mission, and identifying critical functions through assessment and planning.¹ A basic block of the ERM is the COSO ERM framework, which aligns risk management with strategic and operational processes. It comprises 8 components: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. The American Society for Healthcare Risk Management (ASHRM) further developed this concept and created a healthcare-specific model that addresses operational, clinical, strategic, and financial risks.²

Thailand’s private healthcare sector has also been expanding fast to accommodate the healthcare needs of both local and foreign populations.³ However, this rapid growth presents several challenges, including a lack of healthcare workers, high competition, and market overcrowding. Furthermore, private hospitals are struggling with changing consumer demands and new technologies, as well as competition with large healthcare systems and emerging digital healthcare platforms.^4,5 Beasley et al stress the need for ERM in such a volatile context.⁶ Etges et al⁷ also identified several key healthcare risks, including cybersecurity threats, patient safety events, and human capital management issues. As such, effective healthcare risk management should not only be confined to clinical risks but also encompass financial, legal, ethical, and external risks.⁸ The Healthcare Accreditation Institute of Thailand also argues that effective risk management is critical in protecting patients, staff, and visitors.⁹

However, the implementation of ERM in Thai private hospitals is limited, with a primary focus on clinical risk areas. For instance, a 5-year review at Bangkok Hospital Medical Center, conducted between 2006 and 2010, revealed that risk management was primarily based on reporting adverse events and providing emotional support but without a strategic, future-oriented, and organization-wide ERM plan.¹⁰ Phra Nakhon Si Ayutthaya Hospital’s nursing department improved the safety culture. It decreased some incident types, but the approach did not include a structured root cause analysis and was not fully integrated into strategic planning.¹¹ These can also represent a more general phenomenon, where ERM is underutilized and narrowly focused in non-clinical areas.

Adopting a holistic ERM approach remains rare in Thailand, although the importance of ERM is increasingly recognized. Patient safety risks are the primary concerns for most private hospitals, which are not listed on the Stock Exchange of Thailand.⁹ However, even publicly listed hospitals do not clearly demonstrate risk prioritization strategies.¹² Organizationally, ERM is poorly developed nationally; national risk reporting reflects this. For example, the Healthcare Accreditation Institute’s 2023 Patient Safety Report spotlights medication errors, hospital-acquired infections, and surgical safety concerns as key risks.¹³ However, it offers no structured ranking or reporting of the material non-clinical risks—financial, operational, reputational, regulatory, and strategic threats—that are critical to healthcare organizations’ long-term sustainability.

This challenge of broadening ERM focus beyond clinical risks is not new to Thailand. Hospital risk management in India is still in the developmental stage, and the common issues include cyber threats, employee turnover, and workplace violence. While Indian hospitals focus on clinical risks, such as sentinel events, they struggle to address legal issues, and unstandardized accreditation systems that hinder ERM implementation.¹⁴ Strategic risk management has been utilized in Indonesia, but its application is inconsistent. A review of regional hospitals revealed that insufficient training, lack of leadership, and underdevelopment of IT systems limited the effectiveness of risk identification and control.¹⁵ These situations are similar to those in Thailand, where ERM has not yet been fully integrated. Today, an increasing number of hospitals worldwide are adopting ERM. However, studies show that a systematic approach to identifying and responding to non-clinical risks, such as financial or reputational risks, remains a deficiency, which is crucial for hospitals’ resilience.⁷

Private hospitals should implement an ERM framework integrated into strategic planning and risk governance to overcome these limitations. This will enable organizations to identify and control clinical and non-clinical risks and develop resilience and compatibility with international standards.^16
-18

This study aims to enhance ERM implementation by identifying critical enterprise risks in private hospitals, conducting a root cause analysis of significant risks, and designing effective mitigation plans. By improving risk identification and management, the study aims to enhance the quality of service and patient safety, enabling hospitals to allocate their limited resources more effectively for the sustainable growth of the private healthcare sector in Thailand.

Methods

This study used a mixed-methods approach. The 4-phase sequential design includes the development of a risk inventory through literature analysis, a quantitative survey of healthcare professionals, a qualitative investigation of expert interviews for root cause analysis and mitigation planning, and validation using bibliometric analysis.

Development of Risk Inventory Tools

A comprehensive literature review was conducted on enterprise risk management frameworks, including risk identification approaches from the Committee of Sponsoring Organizations of Treadway (COSO)¹⁶; American Society for Healthcare Risk Management (ASHRM)²; Healthcare Insurance Reciprocal of Canada (HIROC)¹⁷; and National Health Services (NHS).¹⁸ Additionally, annual reports of 22 listed hospital companies in Thailand were analyzed.^12,19
-39 This information was then synthesized to create a risk inventory for healthcare organizations. Five healthcare risk management experts based in Thailand were interviewed to determine the risks that are more local and relevant to the context of the country and its healthcare system. The criteria for selecting these 5 experts were based on knowledge, experience, and practical exposure to enterprise risk management. This category included participants who were either (1) risk management consultants in public or private healthcare organizations in Thailand in the present or (2) academic professionals with certified qualifications in enterprise risk management from recognized risk management organizations.

Quantitative study

A quantitative study was conducted to assess the significance of risk elements. The target population consisted of senior levels of quality and risk management in private hospitals in Bangkok, meeting 2 criteria: being classified as inpatient healthcare and holding HA- or A-HA-accreditation. As of October 1, 2023, 53 hospitals were eligible. The sample size for the study was 53 private hospitals with HA or A-HA certification according to the hospital accreditation program, which was more than the minimum required sample of 48 hospitals, calculated according to Krejcie and Morgan’s formula.⁴⁰ Each hospital provided 1 quality or risk management leader respondent. Informed consent was obtained from all participants prior to the initiation of the study.

The study employed a 5-point Likert scale questionnaire to collect data on 36 risk items across 8 categories. The scores were from 1 to 5, in 0.8 point intervals,⁴¹ with the following interpretations: 5 = Most important, 4 = Very important, 3 = Moderate, 2 = Low importance, 1 = Least important. The questionnaire was developed based on a review of the literature on healthcare risk management and enterprise risk management frameworks.^2,7,16 The initial list of risk items was developed through the risk inventory development process. The content validity was checked using the Index of Item-Objective Congruence (IOC), where 3 risk management experts reviewed the relevance of each item. All items had IOC values higher than the recommended cut-off of 0.5. Since the questionnaire was created to measure the perceptions and evaluations of risk levels by senior quality or risk management executives rather than to measure latent psychological constructs, internal consistency reliability tests such as Cronbach’s alpha were not applicable.^42
-44 The questionnaire follows a formative measurement approach, where each risk item represents an independent dimension rather than an internally consistent scale.^42
-44

Qualitative study

Semi-structured interviews were conducted with 5 healthcare risk management experts who met the criteria for knowledge, experience, and practical application of enterprise risk management. These experts are currently engaged in risk management consultancy services to both the public and private healthcare organizations in the Thai context. Informed consent was obtained from all participants before conducting the interview.

The purpose of the interviews was to determine the causes and control measures of the 5 most critical risks previously identified. All the items in the interview guide were validated using the Index of Item-Objective Congruence (IOC), and all the IOC values were greater than 0.5. The interviews were conducted either face-to-face or via video conferencing, and all interviews were recorded and transcribed verbatim. The data were analyzed using thematic analysis, following the framework proposed by Braun and Clarke.⁴⁵ A manual coding approach was applied, with themes refined through an iterative review process. Thematic content analysis was used to identify the fundamental themes, and the qualitative findings were integrated with the quantitative results to gain a deeper understanding of healthcare risk management practices. Data saturation was achieved in the 5 expert interviews as no new themes or insights were identified, hence suggesting that the sample size was sufficient. This study was conducted following the Consolidated Criteria for Reporting Qualitative Research (COREQ) guidelines.⁴⁶

Validation of Findings Through Bibliometric Analysis

The extraction of bibliometric data from the Scopus database marks the beginning of this study, utilizing targeted keywords such as “Risk Management” and “Hospital” and then narrowing the filters to include only papers relevant to the study’s context and objectives. This paper has been developed using Scopus as the primary data source for this bibliometric analysis due to its broad scope, good record of indexing, and compatibility with other bibliometric software such as VOSviewer and Bibliometrics. This selection is supported by the bibliometric guidelines⁴⁷ already established and previous studies on risk and sustainability,⁴⁸ which have endorsed Scopus as a relevant and appropriate database for identifying research trends and intellectual structure maps across disciplines such as healthcare and risk management.^48,49 When the data is extracted, a comprehensive bibliometric analysis is conducted using tools such as VOSviewer and RStudio to create keyword co-occurrence networks, revealing prevailing research themes and thematic clusters.^50
-52 All these findings are then compared with the results of the study’s previous quantitative and qualitative phases to ensure coherence and analytical consistency. In the final stage, the strategic implications are derived from the bibliometric findings, and recommendations for enhancing ERM practices in private hospitals are proposed.

Results

Development of Risk Inventory Tools

A comprehensive literature review was conducted to identify 36 critical healthcare risk items. Initial risk items were extracted from global frameworks, including COSO,¹⁶ ASHRM,² HIROC,¹⁷ and NHS,¹⁸ and 56 risks were identified from the annual reports of Thai-listed hospital companies, as shown in Table A1 of the appendix.^12,19
-39 Five healthcare risk management experts collaborated to develop a final inventory of 36 key risks, consistent with international frameworks and relevant to the context of Thailand (see Table 1).

Table 1.

Consolidation of Global and Listed Company Risks into 36 Key Risks Categorized into 8 Risk Groups According to the ASHRM Framework.

Risk category	The key risk, merged risk (N = 36)	Risks identified from global literature	Risks identified from 22 listed hospital companies
Human capital risk	1. Medical staff shortages	Talent retention	Medical staff shortages, Dependence on specialized personnel
	2. Inability to retain key medical personnel or executives	Talent retention	Inability to retain key executives, loss of personnel in key positions, high turnover of high-performing personnel
	3. Organizational culture	Organizational culture	-
	4. Organizational conflicts	Conflicts due to organizational hierarchy	-
	5. Occupational health and safety risks for employees	Occupational health and safety, Physical and mental well-being of physicians	Occupational health and safety for employees
Strategic risk	6. Competitive risks	-	Competitive risks healthcare sector, Market competition intensification
	7. Changes in government laws, health policies, or regulations	Political volatility	Changes in government regulations, government health policies, regulatory change, changes in social security policies, healthcare price control, medical pricing government regulation, PDPA compliance management
	8. Investment expansion project risks	Non-compliance with regulations	Investment expansion, Growth implementation lag
	9, Strategic marketing risks	-	Strategic marketing
	10. National economic conditions	Political volatility	National economic exposure
Legal and regulatory risk	11. Exposure to litigation	Non-compliance with regulations	Legal liabilities arising from malpractice, professional ethics violations, litigation, legal conflict exposure, legal actions by service recipients, operational compliance deficits
	12. Failure to comply with laws and regulations	Non-compliance with regulations, environment protection agency	Environmental operational risks, human rights violations, personal data breaches, data privacy violations
	13. Failure to obtain or maintain key quality certifications	Loss of accreditation	Government health policies
	14. Corruption	Fraud committed by a provider	Corruption
Risk category	The key risks, merged risks (N = 36)	Risks identified from global literature	Risks identified from 22 listed hospital companies
Clinical and patient safety risk	15. Clinical and patient safety	Sentinel events	Clinical and patient safety
Clinical and patient safety risk	16. Sentinel events leading to severe harm or death	Sentinel events	Clinical and patient safety
Technology risk	17. Cybersecurity threats	Cyber security	Cybersecurity threats
	18. Medical technology evolution	Limited innovation capacity	Medical technology evolution, medical equipment-related risks, digital disruption vulnerability
	19. Inefficient hospital information systems	Improper electronic medical records	Digital disruption vulnerability
	20. Miscommunication with external media	Miscommunication with external media	Digital disruption vulnerability
	21. Continuity risks in information systems	Limited innovation capacity	IT continuity risks
Hazard risk	22. Spread of emerging infectious diseases	Business disruption due to natural disasters	Emerging disease threats, pandemic disease threats
	23. Climate change impacts	Business disruption due to natural disasters	Environmental carbon impact, climate flooding risks, climate change
	24. Business disruptions due to natural disasters	Business disruption due to natural disasters	Climate flooding risks, fire safety
	25. Disruptions to international travel	Business disruption due to natural disasters	Disruptions to international travel
	26. Terrorist attacks in hospitals	Terrorist attacks	-
Financial risk	27. Corporate governance	Dysfunction corporate governance	Corporate governance risks
	28. Net profit risks	-	Financial structure shifts, net profit risks, net profit volatility
	29. Credit risks	Dependency on health insurance companies	Credit risks, medical payment risks, insurance payment variances, capitation shortfall risks
	30. Inability to meet investors’ expectations on dividend payouts	-	Financial structure shifts, investment return uncertainty
	31. Liquidity risks	-	Liquidity risks
	32. Interest rate fluctuations	Political volatility	Interest rate fluctuation
	33. Exchange rate fluctuations	Political volatility	Exchange rate fluctuation
Operational risk	34. Dependence on suppliers for pharmaceuticals and medical supplies	Supply chain management	Dependence on suppliers
	35. Operational service	-	Operational compliance deficits
	36. Environmental impact of business operations	Environment protection agency	Environmental operational risks, environmental carbon impact

Quantitative Study Results

The study received valid responses from 48 private, meeting the Krejcie and Morgan formula requirements.⁴⁰ The analysis identified the top 5 priority risks, with clinical/patient safety risks being the most important, followed by sentinel events, medical staff shortages, cybersecurity threats, and litigation exposure, respectively, as shown in Table 2.

Table 2.

Prioritization of Enterprise Risks, Ranked by Mean Assessment Level.

No.	Risk item	Risk category	(n = 48)		Level
No.	Risk item	Risk category	Mean	SD	Level
1	Clinical and patient safety risk	Clinical and patient safety	4.40	0.92	Most important
2	Sentinel events leading to severe harm or death	Clinical and patient safety	4.29	1.32	Most important
3	Medical staff shortages	Human capital	4.19	1.00	Very important
3	Cybersecurity threats	Technology	4.19	1.12	Very important
5	Exposure to litigation	Legal and regulatory	4.17	1.15	Very important
6	Continuity risks in information systems	Technology	4.02	1.08	Very important
7	Spread of emerging infectious diseases	Hazard	3.98	1.00	Very important
7	Miscommunication with external media	Technology	3.98	1.18	Very important
9	Failure to comply with laws and regulations	Legal and regulatory	3.96	1.24	Very important
10	Inefficient hospital information systems	Technology	3.92	0.94	Very important
10	Operational service	Operational	3.92	1.09	Very important
12	Corporate governance	Financial	3.90	1.22	Very important
13	Corruption	Legal and regulatory	3.85	1.34	Very important
14	Organizational culture	Human capital	3.83	1.23	Very important
14	Competitive risks	Strategy	3.83	0.86	Very important
14	Inability to retain key medical personnel or executives	Human capital	3.83	0.88	Very important
17	Organizational conflicts	Human capital	3.81	1.12	Very important
17	Net profit risks	Financial	3.81	0.94	Very important
19	National economic conditions	Strategy	3.75	0.91	Very important
20	Occupational health and safety risks for employees	Human capital	3.73	1.14	Very important
21	Credit risks	Financial	3.71	1.01	Very important
22	Strategic marketing risks	Strategy	3.69	0.88	Very important
22	Terrorist attacks in hospitals	Hazard	3.69	1.43	Very important
24	Failure to obtain or maintain key quality certifications	Legal and regulatory	3.67	1.36	Very important
25	Dependence on suppliers for pharmaceuticals and medical supplies	Operational	3.65	1.08	Very important
26	Changes in government laws, health policies, or regulations	Strategy	3.63	0.87	Very important
27	Liquidity risks	Financial	3.60	1.22	Very important
27	Environmental impact of business operations	Operational	3.60	1.33	Very important
29	Investment expansion project risks	Strategy	3.54	1.03	Very important
30	Inability to meet investors’ expectations on dividend payouts	Financial	3.52	1.15	Very important
31	Medical technology evolution	Technology	3.48	0.90	Moderately important
32	Business disruptions due to natural disasters	Hazard	3.44	1.24	Moderately important
33	Disruptions to international travel	Hazard	3.23	1.15	Moderately important
34	Interest rate fluctuations	Financial	3.23	1.17	Moderately important
35	Exchange rate fluctuations	Financial	3.13	1.12	Moderately important
36	Climate change impacts	Hazard	3.04	1.01	Moderately important

Job positions are also found to have a significant relationship with risk assessment (P = .047), more specifically in the identification of the inability to retain key medical personnel or executive risks. Table 3 shows that there is a significant difference between quality directors and risk specialists (P = .037) as well as between risk managers and risk specialists (P = .009).

Table 3.

Analysis of Key Personnel Retention Risks and Position Comparisons.

Position	n	Mean	SD	f	P-value	Comparison with other positions	P-value
Quality directors	7	3.57	0.976	2.871	.047*	Quality managers	.279
						Risk managers	.954
						Risk specialists	.037*
Quality managers	13	4.00	0.408			Quality directors	.279
						Risk managers	.137
						Risk specialists	.189
Risk managers	20	3.55	1.050			Quality directors	.954
						Quality managers	.137
						Risk specialists	.009*
Risk specialists	8	4.50	0.535			quality directors	.037*
						quality managers	.189
						risk managers	.009*

Statistical significance at the 0.05 level.

Qualitative Study Results

Table 4 presents a systematic synthesis of critical enterprise risk threats, their fundamental sources, and strategic ways of avoiding them based on thematic content analysis and in-depth expert consultations within the respective fields.

Table 4.

Thematic Content Analysis of 5 Critical Enterprise Risks, Root Cause Analysis, and Mitigation Strategies.

Risk items	Root cause analysis	Mitigation strategies
1. Clinical and patient safety	- Competency issues: Lack of specific clinical and functional competencies (4/5). - System issues: Ineffective work systems and unclear policies (4/5). - Environment: Unsafe work environments (3/5). - Non-compliance: Poor process compliance and safety culture (3/5).	- Risk identification: Proactive identification via clinical rounds and risk matrix (4/5). - Training: Targeted training to improve competency (3/5). - Leadership and audits: Leadership training and audits for better compliance (3/5). - Safety culture: No blame, No harm (4/5)
2. Sentinel Events	- Assessment: Poor patient assessment and treatment planning (3/5). - Non-adherence: Lack of adherence to protocols (4/5). - Communication: Inadequate team communication (4/5).	- Reporting: Immediate reporting mechanisms for sentinel events (4/5). - System redesign: Redesigning work systems for a better fit with the organization’s capacity (4/5). - Monitoring: Ongoing policy monitoring (3/5).
3. Shortage of medical personnel and specialized professionals	- Workload: High workload and lack of work-life balance (3/5). - Alternatives: Competitive job market (3/5). - Compensation: Inadequate pay and benefits (4/5). - Culture: Poor relationships with supervisors (3/5).	- Compensation: Adjust pay and benefits (4/5). - Workload management: Improve workload management to optimize staffing (3/5). - Staff engagement: Surveys and exit interviews to address dissatisfaction (4/5).
4. Cybersecurity Threats	- Understanding: Lack of user knowledge and understanding (3/5). - Security measures: Inadequate measures (no regular testing, outdated systems) (3/5). - Policy gaps: Poor cybersecurity policies (3/5).	- Testing: Regular penetration testing (3/5). - Compliance: ISO/IEC 27001 compliance (3/5). - Training: Cybersecurity awareness programs (3/5). - Backups: Establish robust data backup systems (3/5).
5. Exposure to litigation	- Communication gaps: Inadequate communication with patients and families (5/5). - Relationship management: Poor management of patient and family relationships (5/5).	- Negotiation teams: Create negotiation teams to resolve issues early (5/5). - Communication training: Staff training for better communication (5/5). - Proactive detection: Identifying legal issues through clinical rounds (4/5).

Clinical and patient safety: Experts also highlighted the shortages of healthcare professionals, ineffective systems, ambiguous policies, and suboptimal team coordination as significant threats to clinical and patient safety. Experts have identified competency issues, system inefficiencies, and environmental hazards as the primary causes of patient safety incidents. The suggested mitigation strategies included proactive risk identification through clinical rounds and risk matrix assessments, as well as targeted competency training. Leadership development programs and regular audits were also implemented to enhance compliance with safety protocols. Finally, the adoption of a safety culture based on the “no blame, no harm” principles was recommended to encourage the reporting of risks and their mitigation in the context of patient safety.

Sentinel events: as identified by experts, are primarily attributed to poor patient assessment, non-adherence to protocols, and inadequate communication among the team. These risks were associated with the incorrect management of critical cases, delayed treatment measures, and adverse impacts on patients. To address these issues, it was suggested that an immediate reporting mechanism be implemented for sentinel events, a system redesign be undertaken to better align with hospital capabilities, and continuous policy monitoring be conducted to improve patient safety and prevent recurrence.

Shortage of medical personnel and specialized professionals: The study identified the following as significant causes of shortages: overloading, lack of work-life balance, and low rewards (both material and non-material) as experienced by healthcare staff. Other factors contributing to workforce retention problems included poor relationships with supervisors and competitive job markets. Solutions such as increasing salaries, better workload planning, and increasing staff morale through periodic employee opinion polls and exit interviews were recommended. Other possible approaches include talent attraction through scholarships and technology-supported workload planning to help mitigate the workforce imbalance.

Cybersecurity threats: The following cybersecurity vulnerabilities were identified: insufficient IT knowledge and understanding among staff, the absence of regular penetration testing, the nonexistence of security measures, and policy gaps in hospital cybersecurity frameworks. The recommended mitigation framework entailed regular penetration testing, compliance with ISO/IEC 27001 standards, ensuring that all staff is trained in cybersecurity, and the development of strong data backup systems to minimize security risks.

Exposure to litigation: Litigation exposure primarily resulted from inadequate communication regarding treatments and outcomes, as well as ineffective grievance handling. The study findings emphasize the importance of establishing effective provider-patient communication protocols, incorporating conflict resolution and negotiation training for clinical and administrative staff, and devoting resources to developing proactive legal departments to allow for early intervention in conflicts related to healthcare delivery.

Table 4 shows the frequency of mentions by experts (5 indicating unanimous mention) for each risk factor, cause, and solution.

Validation of Findings Through Bibliometric Analysis

The study’s primary limitation is that it is based on Thai private hospitals. To increase the generality of the findings, a bibliometric analysis was conducted using the SCOPUS database, and the analysis was performed using Rstudio-bibliometric⁴⁹ and VOSViewer.⁵² Such an approach to text mining has been applied and justified in the healthcare research context⁵¹ and enables an assessment of research collaboration and topic modeling trends.⁵⁰

The designated search term was (TITLE-ABS-KEY(“Risk Management*”) AND TITLE-ABS-KEY(“Hospital”)) AND (EXCLUDE(SUBJAREA, “MEDI”) OR EXCLUDE(SUBJAREA, “VETE”) OR EXCLUDE(SUBJAREA, “DENT”) OR EXCLUDE(SUBJAREA, “CHEM”) OR EXCLUDE(SUBJAREA, “IMMU”) OR EXCLUDE(SUBJAREA, “NURS”) OR EXCLUDE(SUBJAREA, “BIOC”) OR EXCLUDE(SUBJAREA, “PHAR”) OR EXCLUDE(SUBJAREA, “Undefined”)) AND (LIMIT-TO(DOCTYPE, “ar”) OR LIMIT-TO(DOCTYPE, “cp”)). Bibliometric data were extracted based on the article titles using the terms “risk management” and “hospital,” excluding areas such as medicine, dentistry, and pharmacy. This search yielded 958 articles and showed consistent 9.91% growth between 1980 and 2024, as shown in Figure 1.

Figure 1.

Prioritization of enterprise risks by frequency of highest-level assessments.

As shown in Figure 2, the author’s keywords are grouped into 5 clusters, showing that hospital risk management has moved from clinical risk to enterprise risk. Cybersecurity and sustainability, including climate change, are also emerging as new priorities, although patient safety remains essential, reflecting the development of enterprise risk management in healthcare.

Figure 2.

Network clustering of author keyword.

Discussion

The context of private hospitals in Bangkok significantly shapes the implementation of ERM. These hospitals prioritize service quality, legal compliance, and the protection of their reputation—core elements of Enterprise Risk Management (ERM)—in a highly competitive healthcare market driven by domestic demand and medical tourism. Their efforts to achieve national and international accreditations, such as HA, A-HA, and JCI, are evidence of the incorporation of structured risk management systems. Therefore, these hospitals are classified as early adopters and practical examples of the advanced level of ERM in Thailand. Although this study is constrained to this particular group, its findings are generalizable beyond this context. Public and regional hospitals, which face distinct challenges such as limited resources and staffing issues, can also apply the fundamental concepts of ERM, including risk identification, prioritization, and mitigation. Further studies should investigate the suitability of ERM in these contexts.

To support the broader adoption of ERM, 3 policy priorities are recommended: (1) To develop scalable implementation guidelines suitable for a range of institutional capacities, (2) To invest in the training of the workforce for risk-related roles, and (3) To include ERM indicators in the accreditation and licensing frameworks. These measures can enhance the healthcare system’s organizational resilience, safety culture, and compliance. Furthermore, the private hospital model can be considered a potential regional reference model for other Southeast Asian countries wanting to institutionalize ERM in similar resource-constrained health systems. The Thai experience can provide not only national and practical insights but also regional health governance.

In the ERM context, this study revealed that private hospitals in Bangkok face 5 key risks: (1) Clinical and patient safety risks, (2) Sentinel events, (3) Shortages of medical staff, (4) Cybersecurity risks, (5) Litigation exposure. These findings were consistent with previous studies that had identified clinical and patient safety as significant issues in healthcare systems.^7,14 To effectively analyze the root cause of a sentinel event, it is essential to create a blame-free environment. Staffing shortages, a significant challenge, are usually a result of work overload, low wages, and limited career paths. Henderson and Tulloch stressed that increasing wages and improving the work-life balance are essential retention strategies in the Asia Pacific region.⁵³

As digital healthcare becomes more increasingly widespread, cybersecurity has become more of an issue. This, therefore, reiterates the need for routine security audits and staff training as Vilakazi and Adebesin recommended.⁵⁴ It is now standard to apply end-to-end data protection in healthcare environments.⁵⁵ Similarly, litigation risks are increasing due to growing legal and regulatory attention. Contributors to this include poor communication, insufficient documentation, and non-follow-up of the previous studies on the importance of active provider-patient communication and documentation practices.⁵⁶

ERM provides organizations with a framework for managing these numerous, constantly evolving risks. This study finds that a robust safety culture based on effective reporting systems and leadership engagement will further enhance the effectiveness of ERM. This approach concurs with the findings of Binkheder et al, who proposed that a good safety culture enhances risk management performance.⁵⁷

Furthermore, the bibliometric analysis revealed 4 interconnected clusters: (1) Patient safety and quality management, (2) Emergency response and public health, (3) Risk assessment and resilience, and (4) Security-climate challenges. These clusters capture the multifaceted, interconnected nature of today’s healthcare risks across clinical, technological, and environmental domains. High-density network visualization also revealed the complexity of these threats and the need for adaptive risk mitigation at the institutional and systemic levels. The 4 clusters also sustain the study’s strategic directions: Cluster (1) for building up clinical governance and implementing Total Quality Management (TQM); Cluster (2) for enhancing emergency preparedness and public health collaboration; Cluster (3) for managing risk and building resilience through the workforce and data approaches; and Cluster (4) for the importance of cybersecurity and climate adaptation through strong IT infrastructure and sustainable planning. By integrating bibliometric insights with actionable recommendations, the study provides a well-grounded approach to improve enterprise risk management in a more complex healthcare environment.

Limitations

Several limitations of this study need to be considered. First, doubts exist concerning the generalizability of the results obtained from private hospitals in Bangkok. Second, the practical feasibility and implementation of the proposed mitigation strategies require further exploration. Regarding similar recommendations, the existing literature yields a mixed response; however, longitudinal studies are necessary to determine how these strategies perform over time in real-world healthcare settings.

Furthermore, the study was limited to HA- or A-HA-accredited private hospitals, which are likely to have more developed and standardized enterprise risk management practices than their unaccredited peers, including the presence of formal policies, dedicated personnel, and structured frameworks. While this focus ensured that all participating organizations had high expertise and consistency, it may also have introduced a selection bias. The results may not fully reflect the operational realities of non-accredited hospitals, which are often resource-constrained and lack formal risk management systems. This last limitation may limit the generalizability of the results, especially for the smaller or less formalized institutions. However, the study’s findings are relevant and valuable, extending beyond the accredited hospital setting. The comprehensive risk inventory, key risk prioritization, root cause analysis, and strategic mitigation recommendations derived from this study are practical and adaptable to other private healthcare facilities, including those without accreditation. These insights can serve as a starting point for organizations to develop their enterprise risk management systems further, making them more structured, proactive, and integrated to support patient safety, regulatory compliance, workforce sustainability, and resilience.

In addition, since the study specifically targeted senior executives in charge of risk and quality management as key informants, the results will necessarily be informed by the perspectives and experiences of these roles. This may have skewed the results toward certain types of risks, for instance, those that are more likely to affect clinical safety, regulatory compliance, or internal operations. However, this role-based perspective helped enrich the study by providing more specific information on operational-level risk management. Still, it may have been less sensitive to strategic, financial, or technological risks not directly managed by the operational units. However, the contributions of this expert group remain relevant because they are most likely to be involved in creating and implementing risk management frameworks within healthcare organizations. To build on future insights, the research could explore incorporating a more comprehensive group of respondents, such as executives from finance, human resources, or information technology, to gain a more comprehensive organizational view of enterprise risk.

Conclusion

This study introduces a structured ERM framework, identifying 5 critical risks: clinical and patient safety incidents, sentinel events, medical staff shortages, cybersecurity threats, and litigation exposure. The recommendations are based on root cause analyses and expert insights and include enhancing clinical governance, developing more effective workforce policies, improving cybersecurity, managing legal risks, and adopting TQM. Although the findings are specific to accredited hospitals in Bangkok, the recommendations are practical and can be easily generalized to other healthcare contexts. The framework proposed here can help support the delivery of safer, more resilient, and sustainable healthcare operations, providing a foundation for the further adoption of ERM throughout the sector.

Supplemental Material

sj-pdf-1-inq-10.1177_00469580251347132 – Supplemental material for Key Risks and Mitigation Strategies in Enterprise Risk Management for Private Hospitals: A Mixed-Method Study

Supplemental material, sj-pdf-1-inq-10.1177_00469580251347132 for Key Risks and Mitigation Strategies in Enterprise Risk Management for Private Hospitals: A Mixed-Method Study by Anuchit Sermhattakit and Patipan Sae-Lim in INQUIRY: The Journal of Health Care Organization, Provision, and Financing

Footnotes

Appendix

Table A1.

Risk Identified from Global Literature and the Annual Reports of 22 Listed Hospital Companies in Thailand.

Risks identified from global literature (N = 22)	Risks identified from 22 listed hospital companies in Thailand (N = 56)
1. Dysfunction corporate governance 2. Business disruption due to natural disasters 3. Clinical batch claim 4. Conflicts due to organizational hierarchy 5. Cyber security 6. Limited innovation capacity 7. Dependency on health insurance companies 8. Improper electronic medical records 9. Environment protection agency 10. Miscommunication with external media 11. Fraud committed by a provider 12. Political volatility 13. Loss of accreditation 14. Non-compliance with regulations 15. Occupational health and safety 16. Organizational culture 17. Physical and mental well-being of physicians 18. Sentinel events 19. Supply chain management 20. Talent retention 21. Terrorist attacks 22. Unethical conduct	1. Medical staff shortages 2. Inability to retain key executives 3. Loss of personnel in key positions 4. High turnover of high-performing personnel 5. Dependence on specialized personnel 6. Legal liabilities arising from malpractice 7. Professional ethics violations 8. Litigation 9. Legal conflict exposure 10. Legal actions by service recipients 11. Operational compliance deficits 12. Clinical and patient safety 13. Competitive risks within healthcare sector 14. Market competition intensification 15. Strategic marketing 16. Disruptions to international travel 17. Investment expansion 18. Growth implementation lag 19. Financial structure shifts 20. Emerging disease threats 21. Pandemic disease threats 22. Fire safety 23. National economic exposure 24. Corporate governance risks 25. Corruption 26. Environmental operational risks 27. Environmental carbon impact 28. Climate flooding risks 29. Climate change 30. Occupational health and safety for employees 31. Human rights violations 32. Dependence on suppliers 33. Medical technology evolution 34. Medical equipment-related risks 35. Digital disruption vulnerability 36. Changes in government regulations 37. Government health policies 38. Regulatory change 39. Changes in social security policies 40. Healthcare price control 41. Medical pricing government regulation 42. PDPA compliance management 43. Personal data breaches 44. Data privacy violations 45. IT continuity risks 46. Cybersecurity threats 47. Medical payment risks 48. Insurance payment variances 49. Capitation shortfall risks 50. Liquidity risks 51. Credit risks
	52. Interest rate fluctuation53. Exchange rate fluctuation54. Investment return uncertainty55. Net profit risks56. Net profit volatility

Risks identified from global literature (N = 22)

Risks identified from 22 listed hospital companies in Thailand (N = 56)

1. Dysfunction corporate governance
2. Business disruption due to natural disasters
3. Clinical batch claim
4. Conflicts due to organizational hierarchy
5. Cyber security
6. Limited innovation capacity
7. Dependency on health insurance companies
8. Improper electronic medical records
9. Environment protection agency
10. Miscommunication with external media
11. Fraud committed by a provider
12. Political volatility
13. Loss of accreditation
14. Non-compliance with regulations
15. Occupational health and safety
16. Organizational culture
17. Physical and mental well-being of physicians
18. Sentinel events
19. Supply chain management
20. Talent retention
21. Terrorist attacks
22. Unethical conduct

1. Medical staff shortages
2. Inability to retain key executives
3. Loss of personnel in key positions
4. High turnover of high-performing personnel
5. Dependence on specialized personnel
6. Legal liabilities arising from malpractice
7. Professional ethics violations
8. Litigation
9. Legal conflict exposure
10. Legal actions by service recipients
11. Operational compliance deficits
12. Clinical and patient safety
13. Competitive risks within healthcare sector
14. Market competition intensification
15. Strategic marketing
16. Disruptions to international travel
17. Investment expansion
18. Growth implementation lag
19. Financial structure shifts
20. Emerging disease threats
21. Pandemic disease threats
22. Fire safety
23. National economic exposure
24. Corporate governance risks
25. Corruption
26. Environmental operational risks
27. Environmental carbon impact
28. Climate flooding risks
29. Climate change
30. Occupational health and safety for employees
31. Human rights violations
32. Dependence on suppliers
33. Medical technology evolution
34. Medical equipment-related risks
35. Digital disruption vulnerability
36. Changes in government regulations
37. Government health policies
38. Regulatory change
39. Changes in social security policies
40. Healthcare price control
41. Medical pricing government regulation
42. PDPA compliance management
43. Personal data breaches
44. Data privacy violations
45. IT continuity risks
46. Cybersecurity threats
47. Medical payment risks
48. Insurance payment variances
49. Capitation shortfall risks
50. Liquidity risks
51. Credit risks

52. Interest rate fluctuation53. Exchange rate fluctuation54. Investment return uncertainty55. Net profit risks56. Net profit volatility

Acknowledgements

The authors acknowledge all participating private hospitals, the participants, and healthcare risk management experts who contributed to this study.

Abbreviations

ASHRM: American society for healthcare risk management; A-HA: Advanced healthcare accreditation; COSO: Committee of sponsoring of the treadway commission;

ERM: Enterprise risk management; HA: Healthcare accreditation; HIROC: Healthcare insurance reciprocal of Canada; IOC: Item objective congruence; ISO: International Organization for Standardization; IRM: Integrated risk management; IT: Information technology; JCI: Joint Commission International; NHS: National Health Service;

TQM: Total quality management.

ORCID iDs

Anuchit Sermhattakit

Patipan Sae-Lim

Ethical Considerations

This study received approval from the Human Research Ethics Committee of King Mongkut’s University of Technology Thonburi (Approval Number: KMUTT-IRB-COE-2024-038) on 15 January 2024.

Consent to Participate

Informed consent was obtained from all participants before their involvement in the study. Strict measures were taken to ensure the confidentiality and anonymity of the data throughout the study process.

Use of AI

The paper was proofread using an AI-powered tool, Grammarly, for grammar and style enhancement.

Author Contributions

Principal investigator and corresponding author, responsible for study design, data collection and analysis, and manuscript drafting.

Research advisor, responsible for providing guidance on study methodology, validating data analysis, and reviewing the manuscript.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Supplemental Material

Supplemental material for this article is available online.

References

Epetimehin

PFM

Epetimehin

Role of enterprise risk management in health systems development. IOSR J Bus Manag. 2014;16(9):377-384.

ASHRM. Enterprise risk management. Framework Success. 2014; 6:53-73. Accessed October 12, 2023. http://www.ashrm.org/sites/default/files/ashrm/ERM-White-Paper-8-29-14-FINAL.pdf2014

Kasikorn Research Center. Private hospitals in 2023: high costs and intense competition expected to continue pressuring profitability. 2023. Accessed May 10, 2024. www.kasikornresearch.com/th/analysis/k-econ/business/Pages/Private-Hospital-CIS3421-B-06-07-2023.aspx

Ninkitsaranon

Industry trends 2020-2022: private hospital business. 2022. Accessed May 10, 2024. www.krungsri.com/th/research/industry/industry-outlook/services/private-hospitals/io/io-private-hospitals

Kasikorn Research Center. Foreign revenue in 2024 expected to slow down, returning to pre-COVID-19 growth levels. 2023. Accessed May 10, 2024. www.kasikornresearch.com/th/analysis/k-social-media/Pages/Medical-Tourism-CI3442-FB-27-10-2023.aspx

Beasley

Branson

Pagach

Evolving risk landscape: insights from a decade of surveys of executives and risk professionals. J Risk Financ Manag. 2023;16(1):1-15.

Etges

APBDS

Grenon

, et al. Development of an enterprise risk inventory for healthcare. BMC Health Serv Res. 2018;18(1):578-610.

Pascarella

Rossi

Montella

, et al. Risk analysis in healthcare organizations: methodological framework and critical variables. Risk Manag Healthc Policy. 2021;14:2897-2911.

Healthcare Accreditation Institute. Quality risk | safety management. In: Supachutikul

Limpanyalert

Maedsathan

editors. Hospital and healthcare service standards. 5th ed. Nonthaburi: Healthcare Accreditation Institute; 2022: 72–84.

10.

Duangnet

Bangkok Hospital Medical Center’s five-year experience with patient safety and Risk Management, 2006-2010. Bangkok Med J. 2012;4:1-9.

11.

Rungruangwarin

Ployprasert

Bootcheewan

The development of Managing Risk System in Nursing Department of Phra Nakhon Si Ayutthaya Hospital. J Assoc Prev Med Thailand. 2017;7(1):24-29.

12.

Bangkok Dusit Medical Services Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023. Accessed September 4, 2023. investor.bangkokhospital.com/th/downloads/one-report?year=2022

13.

Healthcare Accreditation Institute (Public Organization) & Emergency Care Research Institute. Top 10 Patient Safety Issues in Thailand 2023. Healthcare Accreditation Institute; 2023.

14.

Fidelis

Joseph

Souza

Sankaranarayanan

Agarwal

Development of risk inventory for hospitals in India. J Patient Saf Risk Manag. 2023;28(1):21-30.

15.

Saputro

Suyuthi

Muin

SA.

Implementation of strategic risk management in improving the quality of services. J La Bisecoman. 2023;4(4):225-240.

16.

Hirth

Jr Chesley

. Applying the framework: putting it into context. Durham, NC: American Accounting Association; 2017. Committee of Sponsoring Organizations of the Treadway Commission.

17.

HIROC. HIROC Integrated Risk Management (IRM) Initiative. 2014; October: 1-7. Accessed November 9, 2023. http://www.hiroc.com/resources/risk-notes/integrated-risk-management

18.

National Patient Safety Agency (NPSA). A Risk Matrix for Risk Managers. The National Patient Safety Agency 4-8 Maple. NHS; 2008:1-18.

19.

Chiangmai Ram Medical Business Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 43-48. Accessed September 4, 2023. market.sec.or.th/public/idisc/th/FinancialReport/R562-0000000112

20.

Thonburi Medical Center Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 13-16. Accessed September 4, 2023. market.sec.or.th/public/idisc/th/FinancialReport/ALL-0000000544

21.

Thonburi Healthcare Group Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 44-54. Accessed September 4, 2023. www.thg.co.th/th/investor-relations/downloads/annual-report

22.

Bangkok Chain Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 45-49. Accessed September 4, 2023. www.bangkokchainhospital.com/th/investor-relations/document/annual-reports

23.

Principal Capital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 50-56. Accessed September 4, 2023. www.principalcapital.co.th/investor-shareholder-info

24.

Chularat Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 44-55. Accessed September 4, 2023. investor.chularat.com/th/downloads/yearly-reports

25.

Nonthavej Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 20-24. Accessed September 4, 2023. www.nonthavej.co.th/56-1-One-Report.php

26.

Bumrungrad Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 47-52. Accessed September 4, 2023. investor-th.bumrungrad.com/ar.html

27.

Praram 9 Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 45-51. Accessed September 4, 2023. investor.praram9.com/th/downloads/annual-report-and-form-56-1

28.

Mahachai Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 23-42. Accessed September 4, 2023. www.mahachaihospital.com/th/about/investment

29.

Rajthanee Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 21-24. Accessed September 4, 2023. www.rajthanee.com/th/investor/financial-info/

30.

Ratchaphruek Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 32-42. Accessed September 4, 2023. investor.rph.co.th/th/document/annual-reports

31.

Ramkhamhaeng Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 47-51. Accessed September 4, 2023. investor.ram-hosp.co.th/th/publications-and-download/annual-report-form-56-1

32.

Ladprao General Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 32-41. Accessed September 4, 2023. ladpraohospital.com/th/annual-report/

33.

Wattanapat Hospital Trang Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 49-55. Accessed September 4, 2023. wattanapat.co.th/main-annual-report

34.

Vibhavadi Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 17-21. Accessed September 4, 2023. www.vibhavadi.com/ir-publication-annual-report

35.

Intermedical Care and Lab Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 40-44. Accessed September 4, 2023. market.sec.or.th/public/idisc/th/FinancialReport/R561-0000028788

36.

Aikchol Hospital Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 28-32. Accessed September 4, 2023. ir.aikchol.com/annual-reports/

37.

Sikarin Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 38-41. Accessed September 4, 2023. investor.sikarin.com/th/document/annual-reports

38.

Srivichai Vejvivat Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 39-41. Accessed September 4, 2023. www.vichaivej.com/investor/download-list.php?menu_id=33

39.

Ekachai Medical Care Public Company Limited. Risk management. In: 2022 Annual Report (Form 56-1) One Report. 2023, 33-37. Accessed September 4, 2023. www.ekachaihospital.com/th/ir/ir13/

40.

Krejcie

Morgan

DW.

Determining sample size for research activities. Educ Psychol Meas. 1970;30(3):607-610.

41.

Cohen

Manion

Morrison

, eds. Research Methods in Education. 8th ed. Routledge; 2018.

42.

Streiner

DL.

Starting at the beginning: an introduction to coefficient alpha. J Pers Assess. 2003;80(1):99-103.

43.

Bollen

Lennox

Conventional wisdom on measurement: a structural equation perspective. Psychol Bull. 1991;110(2): 305-314.

44.

Diamantopoulos

Winklhofer

HM.

Index construction with formative indicators: an alternative to scale development. J Mark Res. 2001;38(2):269-277.

45.

Braun

Clarke

Using thematic analysis in psychology. Qual Res Psychol. 2006;3(2):77-101.

46.

Tong

Sainsbury

Craig

Consolidated criteria for reporting qualitative research (COREQ): a 32-item checklist for interviews and focus groups. Int J Qual Health Care. 2007;19(6): 349-357.

47.

Donthu

Kumar

Mukherjee

Pandey

Lim

WM.

How to conduct a bibliometric analysis: an overview and guidelines. J Bus Res. 2021;133:285-296.

48.

Nobanee

Al Hamadi

Abdulaziz

, et al. A bibliometric analysis of sustainability and risk management. Sustainability. 2021;13(6):495.

49.

Zupic

Čater

Bibliometric methods in management and organization. Organ Res Methods. 2015;18(3):429-472.

50.

Aria

Cuccurullo

Bibliometrix: an R-tool for comprehensive science mapping analysis. J Inform. 2017;11(4):959-975.

51.

Bornmann

Mutz

Growth rates of modern science: a bibliometric analysis based on number of publications and cited references. J Assoc Inf Sci Technol. 2015;66(11):2215-2222.

52.

van Eck

Waltman

Software survey: VOSviewer, a computer program for bibliometric mapping. Scientometrics. 2010;84(2):523-538.

53.

Henderson

Tulloch

Incentives for retaining and motivating health workers in Pacific and Asian countries. Hum Resour Health. 2008;6:18-25.

54.

Vilakazi

Adebesin

Systematic literature review on cybersecurity threats to healthcare data and mitigation strategies. EPiC Ser Comput. 2023;93:190-202.

55.

Sendelj

Ognjanovic

Cybersecurity challenges in healthcare. Stud Health Technol Inform. 2022;300:190-202.

56.

Humphrey

Sundberg

Milliren

Graham

Landrigan

CP.

Frequency and nature of communication and handoff failures in medical malpractice claims. J Patient Saf. 2022;18(2):130-137.

57.

Binkheder

Alaska

Albaharnah

, et al. Relationships between patient safety culture and sentinel events among hospitals in Saudi Arabia: national descriptive study. BMC Health Serv Res. 2023;23(1):270-215.

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.14 MB