Key Risks and Mitigation Strategies in Enterprise Risk Management for Private Hospitals: A Mixed-Method Study

Enterprise risk management (ERM) is essential for enhancing sustainability and operational resilience in Thailand’s private hospitals. This study aims to systematically identify and prioritize key enterprise risks, proposing mitigation strategies to enhance the resilience of the healthcare sector. A 4-phase mixed-methods approach was employed: (1) A 36-item risk inventory was developed based on global ERM frameworks and annual reports from 22 publicly listed Thai hospital companies. (2) A quantitative survey using a 5-point Likert scale was conducted with 48 senior risk and quality management professionals from HA- or A-HA-accredited private hospitals. Content validity was assessed using the Index of Item-Objective Congruence (IOC). (3) In-depth interviews were conducted with 5 ERM healthcare experts to analyze root causes and propose mitigation strategies. (4) A bibliometric analysis of 958 Scopus-indexed articles was conducted to validate global relevance, identify research gaps, and refine the study’s conceptual framework. The transition from the 36 initial risks to the 5 highest-ranked risks— clinical and patient safety, sentinel events, medical personnel shortages, cybersecurity threats, and litigation exposure—was based on quantitative ratings. Key contributing factors included ineffective clinical systems, communication breakdowns, staff turnover, low compensation, and limited cybersecurity literacy. Recommended strategies included proactive risk assessment, workforce planning, fostering a safety culture, ISO/IEC 27001 compliance, and improved provider-patient communication. The bibliometric analysis revealed a growing research focus on ERM in hospitals, with key themes encompassing patient safety, emergency response, organizational resilience, and cybersecurity—aligning with the findings of this study. This study proposes a structured ERM framework that identifies 5 key risks: patient safety, sentinel events, staff shortages, cybersecurity threats, and litigation. Recommendations include enhancing clinical governance, workforce policies, cybersecurity, legal risk management, and total quality management to improve healthcare resilience and sustainability.