Healthcare providers navigate multiple risks, cautious but empowered

Emerging from the pandemic and its lingering effects, healthcare providers face a host of new and ongoing challenges. The industry is undergoing a $1 trillion revenue shift away from traditional payers/providers, with new entrants disrupting traditional business models to meet changing consumer expectations. Staff turnover, burnout and vacancies are widespread. Demand for personalized services, new treatments, virtual care and removal of access barriers (transportation, language, income) continues. Patient trust is an ongoing concern.

Providers also face a range of macroeconomic and other external risks. Inflation, high labor costs and supply-chain bottlenecks are ongoing. Cyber healthcare risks are evolving and exploiting new technology and devices used on provider networks. Fraud tactics, too, are evolving in tandem. Regulatory changes continue on many policy fronts: privacy, ESG, employee safety, Medicare, Medicaid, patient billing, 340B, among others. Stakeholders — from patients and employees to communities and investors — are themselves scrutinizing provider operations and governance and exerting pressure.

Amid these daunting challenges, however, lies opportunity. With the right approach, coordination and tools, providers can mitigate these risks and emerge stronger to deliver better value to their many stakeholders.

To understand more about how the three lines can manage the top risks, see our full report.

Download full report

The risk nexus: Where mitigation impact gets amplified

With many of these risks intersecting, mitigation actions in one area can have a compounding effect on resilience elsewhere. Mitigation of fraud risks, for example, has the potential to help you reduce risk in other areas such as cyber, margin, new entrants, pharmacy and trust.

Explore the mitigation relationships map below.

A coordinated approach to risk management

Without common standards that allow for better coordination across the three lines and across risk functions, providers struggle to align, plan and execute mitigation activities. Instead of strategic, enterprise-wide risk management, you end up with reactive risk management silos often working at cross purposes. The result can include misalignment, conflicting assessments, gaps, duplication of effort, higher costs and unreliable data.

How can your three lines collaborate better to stave off these healthcare risks? Start by adopting a strategic, principles-based approach to risk management. That means establishing common standards (e.g., risk taxonomy, risk appetite, risk assessment methodology, testing and monitoring approach, governance and oversight) and a single, integrated data model that supports those standards.

Contact us

Tiffany Gallagher

Principal, Health Industries, Cyber, Risk & Regulatory Leader, PwC US


Dave Merriam

Partner, Health Services, Cyber, Risk & Regulatory Sector Leader, PwC US


Audra Hulme

Director, Health Industries, Cyber, Risk & Regulatory, PwC US


Follow us