The Indian healthcare industry faces risks from rising costs and out-of-pocket expenses, significant staffing shortages and high staff turnover, inadequate and unevenly distributed infrastructure, and a growing burden of non-communicable diseases. Occasional pandemic type diseases also push the industry to the brink on various fronts. Economic challenges include insufficient government spending, strained resources, and increased financial pressure on hospitals from lower insurance reimbursement rates, all exacerbated by a lack of robust preventative care focus and research.

Our Company bears significant responsibility toward the environment, society, and the nation at large in delivering excellent and cost friendly services. While healthcare sector is inherently dynamic, facing heightened volatility, business disruptions, regulatory uncertainties, and rapid changes in technology and treatment methods, the growing percentage of non-communicable or lifestyle diseases and growing urban population puts undue stress on the health infrastructure. Given this landscape, it is imperative for our Company to proactively identify, assess, and mitigate potential risks to ensure continuity, operational stability, and sustainable growth.

Effective risk management is, therefore, an essential component of the Company’s overall governance and management framework. This policy aims to institutionalise a structured and systematic approach to risk identification and mitigation across all levels of the organisation. It ensures that potential threats are managed prudently to protect stakeholders’ interests and uphold the hospital’s mission of delivering precise, high-quality medical care and personalized patient attention.

This Risk Management Policy is formulated in compliance with the provisions of Section 134(3)(n) of the Companies Act, 2013 and reflects the Company’s commitment to maintaining a robust internal control environment and a resilient business model.

Objective & Purpose of Policy

This policy, known as Risk Management Policy, is adopted by the Board of Directors of the Company on 04th April, 2025.

Risk can be defined as the possible threats and challenges that may

  1. Prejudicially affect the going concern status of the Company;
  2. Result in the Company not being able to perform its contractual and statutory obligations towards its Patients, doctors and employees and the stakeholders;
  3. Result in challenges in complying with mandatory healthcare regulations, such as those related to patient care standards, due to resource constraints, leading to potential lapses in critical care delivery, hygiene protocols, or patient safety measures;
  4. Result in difficulty in timely diagnosis and treatment of critical diseases due to lack of advanced medical infrastructure, skilled specialists, or investment in high-end diagnostics and therapeutic equipment;
  5. Result in operational inefficiencies due to lack of process automation in clinical, diagnostic, or administrative functions, as well as inadequate internal financial control systems, leading to financial leakages, audit qualifications, or mismanagement of hospital funds;
  6. Result in the hospital being unable to appoint or retain qualified healthcare professionals and skilled medical staff, particularly specialised in critical areas of clinical and diagnostic services relating to nephrology and urology related prognosis and treatment;
  7. Result in non-compliance with legal prohibitions on unethical medical practices, such as sex determination of the unborn, and other violations under the Pre-Conception and Pre-Natal Diagnostic Techniques (Prohibition of Sex Selection) Act, 1994, which could lead to regulatory penalties and reputational damage;  
  8. Result in non-compliance with mandatory statutory obligations towards employees under applicable labour laws such as the Employees’ Provident Fund & Miscellaneous Provisions Act, 1952, Employees’ State Insurance Act, 1948, Payment of Wages Act, 1936, Payment of Gratuity Act, 1972, and other applicable employment regulations relevant to the hospital sector;
  9. Result in the Company facing regulatory and / or consumer actions against deficiency of services, frauds etc;
  10. Result in violation of Digital Personal Data Protection Act, 2023 in the nature of compromising patient related data and health records;

Classification of Risk:

For the purpose of this policy, the risks that the Company may face can be classified under the following heads:

  1. Market Risk: In the hospital and healthcare sector, market risk primarily arises from increasing competition, rapidly evolving medical technologies, and changing patient expectations. To stay competitive, Hospital must continuously invest in expensive technological upgrades, such as advanced diagnostic and treatment equipment, electronic health records (EHR), and patient management systems. In addition, Hospital should focus on offering cost-effective, high-quality, and patient-centric care, while ensuring efficiency in procurement, operations, and billing processes. These efforts not only enhance the quality of care but also improve operational sustainability and patient trust.
  2. Legal Risk: At the minimum two important aspects will have to be taken into account. Non-compliance with applicable laws—such as those governing clinical standards, bio-medical waste disposal, and patient data confidentiality—can result in serious penalties and reputational damage. Further consumer actions like deficiency of services or staff induced fraud or unfair trade practices can provide a big blow to Company’s reputation. Moreover, all contractual agreements with medical staff, Pharmaceuticals and the medical equipment providers, doctors, and insurers must be legally sound and clearly define roles and responsibilities. Ensuring that all terms are fair, balanced, and regularly reviewed helps minimise the risk of litigation and operational disruption.
  3. Financial Risk: Adequacy and management of capital to support ongoing operations and future growth. Hospital must ensure they have sufficient working capital to pay salaries, procure medical supplies, maintain infrastructure, and invest in essential upgrades. Hospital should also provide for technological upgrades to be on par with market and competition. Overreliance on credit or unplanned diversion of funds can severely impact operations. Financial discipline, cost control, and timely capital infusion are essential. The policy acts to curb these practices, cut cost, seriously look at capital infusion requirement and pump capital at right time to meet business needs and achieve business goals. Monitoring key financial ratios—such as the debt-service coverage ratio, operating margin, and collection efficiency—enables early identification of risks and supports better financial decision-making.
  4. Manpower Risk: Health services squarely depend on qualified doctors, nurses, and support staff. The shortage of skilled professionals—particularly in Tier 2 and Tier 3 cities—can impact the quality of patient care and hospital performance. Staff attrition is also another factor that can dent the healthcare services.
  5. Natural calamities, disasters, acts of violence, terrorism and war: Hospital faces operational risk from natural calamities, disasters, acts of violence, terrorism, and war. As critical healthcare infrastructure, Hospital must be prepared to operate during emergencies such as floods, earthquakes, pandemics, or civil unrest. A robust Disaster Management and Emergency Response Plan, along with backup systems for power, water, and IT, is essential. Regular staff training, emergency drills, and coordination with local authorities and emergency services are necessary to ensure readiness and minimize disruption to patient care during such crises.
    1. Other risk
      1. Macro-economic Risks Including Business Cycles: Hospitals are not immune to macro-economic fluctuations such as inflation, currency instability, recession, or changes in healthcare funding policies. Economic downturns may lead to reduced patient spending, delayed elective procedures, or slowdowns in insurance reimbursements. Similarly, inflation can raise the cost of medical supplies, pharmaceuticals, and equipment, squeezing operating margins. Government policy shifts and changes in public health budgets can also affect hospital revenue streams, especially in institutions that depend on public sector funding. To manage these risks, hospitals must maintain financial prudence, diversify their service portfolio, and develop contingency plans to sustain operations during economic cycles.
      2. Information Technology Risk: As hospitals increasingly adopt digital systems such as Electronic Health Records (EHR), telemedicine, cloud storage, and hospital management software, they become vulnerable to IT risks. These include data breaches, cyberattacks, system outages, and unauthorized access to sensitive patient data. A cybersecurity incident can not only disrupt clinical services but also lead to legal and reputational consequences. To mitigate IT risk, hospitals must implement robust data security protocols, regular system audits, staff training in digital hygiene, and invest in reliable infrastructure with failover capabilities and disaster recovery plans.
      3. Original Equipment Manufacturer (OEM) Product / Platform Risk: Hospitals rely heavily on sophisticated medical equipment and platforms from OEMs (Original Equipment Manufacturers) for diagnostics, surgical procedures, and patient monitoring. Risks arise when these platforms become obsolete, unsupported, or face operational failures. Delays in receiving spare parts, software updates, or technical support can disrupt critical services. Additionally, over-dependence on a single OEM increases operational vulnerability. Hospitals must assess vendor reliability, ensure equipment is under active warranty and support agreements, and maintain backup systems or alternative technologies where feasible.
      4. Environment, Health & Safety (EHS) Risk: Hospitals face significant Environment, Health & Safety (EHS) risks due to the nature of their operations. These include bio-medical waste management, infection control, chemical storage, fire safety, radiation exposure, and occupational hazards to staff. Poor EHS practices can endanger patients, staff, and the public while inviting regulatory penalties and reputational damage. Effective mitigation requires strict compliance with EHS laws, regular training and audits, clear safety protocols, and an active hospital infection control committee. Creating a culture of safety is essential to minimize incidents and ensure regulatory alignment.
      5. Strategic Risks: Strategic risks in hospitals stem from poor decision-making in areas such as expansion, mergers, capital investment, or service diversification. A misaligned strategy can lead to underutilized facilities, unviable projects, or inability to respond to emerging healthcare trends. External factors such as demographic shifts, competitor behaviour, or government regulations can also impact the hospital’s long-term goals. Hospital must align their strategy with evidence-based planning, market research, patient needs, and regulatory trends. Regular reviews of the strategic plan, involving clinical and administrative leadership, can help adapt to changing environments.
      6. Intellectual Property (IP) Risk: Although often overlooked, IP risk is relevant in hospitals involved in research, clinical trials, innovation, or proprietary treatment protocols. Risks include unauthorized use of patented technologies, data misuse in clinical studies, and infringement on trademarks or copyrighted materials. Additionally, partnerships with third-party research institutions or technology providers must be governed by clear IP agreements. Hospitals should establish proper IP governance policies, train research teams, and ensure legal review of collaborations to protect institutional interests and avoid litigation.
      7. Acts of God Risk: Hospitals are particularly vulnerable to “Acts of God” such as earthquakes, floods, pandemics, or severe storms, which can cause extensive damage and disrupt patient care. Such events are often sudden, beyond human control, and can strain medical resources and infrastructure. Hospitals must maintain a comprehensive disaster preparedness and business continuity plan that includes emergency power systems, backup communication, medical stockpiles, evacuation procedures, and coordinated emergency response protocols. Regular risk assessments and simulation drills enhance readiness and resilience in the face of natural disasters.

Policy

This Policy lays down a framework of appropriate risk management and mitigation process commensurate with the scale and nature of business of the Company.  

The Company shall ensure that the risk management framework is implemented and risks identified and the mitigation measures along with the responsibility for effective implementation and monitoring thereof, is undertaken periodically.  

This risk management framework will be periodically reviewed by the Company’s management for adequacy and utility. The actions pertaining to mitigation measures would be monitored on an on-going basis, including the Company’s key risk exposure and effective management in addressing these risks in a timely manner, covering both one-time initiatives and continuous activities such as business continuity planning, disaster recovery planning, and testing.  

While Board is responsible for framing and monitoring of the Risk Management Policy and the Company’s Senior Management shall be responsible for implementation of the risk management framework. 

The Board of Directors shall review various risk faced and assess whether the Company can mitigate those risks by taking adequate steps once in a year or  as and when it is of the opinion that a new risk is faced.