CPHRM Exam Preparation Guide

Certified Professional in
Healthcare Risk Management

(CPHRM)
Exam Preparation Guide
For use with the

Risk Management Handbook for Health Care
Organizations and other ASHRM resources
AMERICAN
SOCIETY FOR
ASHRM HEALTHCARE
RISK
MANAGEMENT
safe and trusted healthcare
© 2014
American Society for Healthcare Risk Management of the American Hospital Association
155 N. Wacker Dr.
Chicago, IL 60606
(312) 422-3980
www.ashrm.org
All rights reserved
ASHRM Preparation Guide for the CPHRM Examination i

Certified Professional in
Healthcare Risk Management
CPHRM PREPARATION GUIDE
Lead Author
Joyce Benton, RN, MSA, ARM, CPHRM, LHRM, DFASHRM
Risk Control Director, CNA Healthcare
Authors
Monica C. Berry, BSN, JD, CPHRM, DFASHRM, DSA
Consultant
Douglas J. Borg, MHA, ARM, CPHRM, DFASHRM

Director of Insurance, Duke University Health System
Karen Liptak, BSN, MPA/HCA, CPHRM, CPPS

Vice President, Quality, Safety, Process Improvement Parkland Health and Hospital System Dallas, Texas
Sherrill Peters, BSN, ARM, CPHRM, FASHRM

Director, Risk Management, Community Health Systems
Reviewers
Cyndi Siders, RN, MSN, CPHRM, DFASHRM
Vice President of Consulting Services, Coverys Risk Management
Kathryn E. Townsend, RN, JD, ARM, CPHRM

Risk Management and Patient Safety
Marcia Cooke RN-BC, MSN

Director of Education and Research, ASHRM
For additional resources go to www.ashrm.org
ii ASHRM Preparation Guide for the CPHRM Examination

Table of Contents
Preface ....................................................................................................................................................................... vi
Healthcare Operations Domain

Preparation Objectives ...............................................................................................................................2
Key Terms ....................................................................................................................................................2
I. Enterprise Risk Management (ERM) .....................................................................................7
II. Risk management (ERM) process...........................................................................................9
III. Risk identification ................................................................................................................... 12
IV. Risk management program ................................................................................................... 14
V. Development of the risk management program ............................................................... 15
VI. Key attributes of a risk management program .................................................................. 16
VII. Scope of the risk management program ............................................................................. 16
VIII. Required skills for the successful healthcare risk manager .............................................. 18
IX. Education and professional recognition ............................................................................. 18
X. Areas of expertise .................................................................................................................. 19
XI. Risk management operations ................................................................................................ 19
XII. Organizational Governance .................................................................................................. 20
XIII. Directors and officers liability prevention .......................................................................... 21
XIV. Physician and allied health professionals credentialing .................................................... 21
XV. Risk management's role in performance improvement ................................................... 23
XVI. Policies and procedures ......................................................................................................... 25
XVII. Education ................................................................................................................................ 26
XVIII. Crisis/adverse event management ....................................................................................... 26
XIX. Safety/environment of care program .................................................................................. 27
XX. Hazard Risks ............................................................................................................................ 28
XXI. Technology Risks .................................................................................................................... 31
XXII. Human capital risks ................................................................................................................ 32
XXIII. Absence and productivity management .............................................................................. 34
XXIV. Workers' compensation program ......................................................................................... 37
XXV. Strategic risks ........................................................................................................................... 42
XXVI. Contracts .................................................................................................................................. 42
XXVII. Vendor/Third-party services ................................................................................................ 44
XXVIII. Mergers, acquisitions and divestitures ................................................................................. 44
XXIX. Partnerships, joint ventures and collaborative relationships .......................................... 46
XXX. Advertising liability ................................................................................................................. 48
Review Questions .................................................................................................................................... 50
ASHRNI Preparation Guide for the CPHRM Examination iii

Clinical/Patient Safety Domain
Preparation Objectives .................................................................................................................... 60
Key Terms......................................................................................................................................... 60
I. Looking for Risks in All the Right Places — High Risk Areas...................................... 62
II. Patient Safety.......................................................................................................................... 74
III. Sentinel Event ........................................................................................................................ 86
IV. Root Cause Analysis: RCA .................................................................................................. 87
V. Failure Mode, Effects, and Criticality Analysis (FMECA) ............................................ 88
VI. Patient Safety Challenges ..................................................................................................... 89
VII. Critical Incident Debriefing ................................................................................................. 89
VIII. Patients as Partners in Patient Safety ................................................................................. 90
IX. Patient Safety Challenges ..................................................................................................... 92
X. Patient Safety: Disclosure..................................................................................................... 92
XI. Measuring a Culture of Safety ............................................................................................. 94
Review Questions ............................................................................................................................ 96
Legal and Regulatory Domain

Preparation Objectives .................................................................................................................. 104
Key Terms....................................................................................................................................... 104
I. Statutes, Standards and Regulations ................................................................................. 108
II. Types of Law........................................................................................................................ 108
III. Ethics..................................................................................................................................... 108
IV. Consent ................................................................................................................................. 115
V. Patient Care Regulations and Laws .................................................................................. 119
VI. Data Management Regulations and Laws ....................................................................... 140
VII. Payment Regulations and Laws......................................................................................... 151
VIII. Corporate Compliance ....................................................................................................... 152
IX. Employment Laws and Regulations ................................................................................. 153
X. Workplace Safety ................................................................................................................. 154
XI. Accreditation, Surveying and Licensing Bodies Introduction...................................... 155
XII. Tort Reform ......................................................................................................................... 158
XIII. Case Law ............................................................................................................................... 158
XIV. Peer Review .......................................................................................................................... 158
Review Questions ......................................................................................................................... 159
iv ASHRM Preparation Guide for the CPHRM Examination

Risk Financing Domain
Key Terms ....................................................................................................................................... 166
I. Structure of the risk management process ...................................................................... 168
II. Basics of risk financing ....................................................................................................... 168
III. Distinction between risk control and risk financing ...................................................... 168
IV. Risk financing techniques................................................................................................... 169
V. Insurance contract ............................................................................................................... 171
VI. State regulation of insurance.............................................................................................. 173
VII. Types of insurance .............................................................................................................. 173
VIII. Other insurance considerations and program specifications........................................ 175
IX. Cost of risk (COR) .............................................................................................................. 177
X. Integrated risk financing and integrated healthcare ....................................................... 181
XI. Tax aspects of risk financing ............................................................................................. 181
XII. Actuarial and accounting applications for risk financing .............................................. 182
XIII. Actuarial projections ........................................................................................................... 182
XIV. Requests for proposals (RFP)............................................................................................ 183
Claims and Litigation Domain

Key Terms ....................................................................................................................................... 190
I. Claims Management Program ........................................................................................... 193
II. Claims Management Process ............................................................................................. 193
III. Legal Theories ...................................................................................................................... 199
IV. Exposures of Healthcare Entities ..................................................................................... 199
V. Litigation Management ....................................................................................................... 203
VI. Insurance Companies and Brokers ................................................................................... 204
VII. Lawsuit Process ................................................................................................................... 205
VIII. Claims settlement process .................................................................................................. 206
Acronyms ............................................................................................................................. 211
Key Terms ............................................................................................................................ 215
Additional Practice Question .............................................................................................. 229
ASHRM Preparation Guide for the CPHRM Examination v

PREFACE
This guide was prepared by the American Society for Healthcare Risk Management (ASHRM) for
individuals who plan to take the Certified Professional in Healthcare Risk Management (CPHRM)
examination offered by the American Hospital Association (AHA) Certification Center. Organized
by domains of practice, the CPHRM Exam Preparation Guide builds upon previous editions. It is
intended to serve as an outline for exam preparation as well as a resource for healthcare risk
managers and patient safety professionals.
Guide features
ASHRM's 2014 CPHRM Exam Preparation Guide is organized in a detailed outline format and includes
useful features such as key terms, acronyms, review questions and suggestions for additional resources.
Options for further review

The study guide focuses primarily on the processes and objectives of risk management within the
context of healthcare delivery. Those seeking in-depth study may be interested in ASHRM's
Healthcare Risk Management Certificate Program, Patient Safety Certificate Program or other
educational resources found at www.ashrm.org. Much of this guide's content was adapted from
ASHRM's Risk Management Handbook for Health Care Organizations and other ASHRM resources,
which also are available through www.ashrm.org.
Additional notes
This study guide is not intended as a legal advice source or a professional standards' outline. The
contents are meant to help you further your knowledge, to identify areas you may want to bolster
through reading and education and to generally prepare you for the CPHRM exam. Details about
individual state laws and statutes are beyond the scope of this guide. We recommend you consult with
legal counsel for advice on specific statutes, issues or concerns. To avoid the potential of conflict of
interest, the authors and editors of this guide did not review the material used to develop the actual
examination. Nor did they collaborate with individuals affiliated with the exam preparation process.
AHA Certification Center Tools
Another study tool is the CPHRM Candidate Handbook, which contains:
• Examination eligibility requirements
• The complete content outline for the exam
• Sample test items
• Instructions for applying for the exam
• An exam application
• And provisions for the exam administration process
Download the Candidate Handbook from the AHA Certification Center (AHA-CC) web site at
http://www.aha.org/certifcenter/index.shtml or request it through AMP (Applied
Measurement Professionals, Inc.) at 888-519-9901 or email info@goAMP.com.
You also may purchase AHA's practice test—Self-Assessment Examination (SAE) via AMP. This
online study tool parallels the CPHRM certification examination in format, content and level of
difficulty. See the inside back cover of this guide for details.
For information about the CPHRM certification program, including the exam and certification renewal
process, contact the AHA Certification Center at 312-422-3702 or email certification@aha.org.
Revised 2014
vi ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS
Domain
1
HEALTHCARE OPERATIONS Domain 1
Healthcare Operations Domain
PREPARATION OBJECTIVES
After learning the content in this section, you should be prepared to:
1. Define Enterprise Risk Management (ERM) and the benefits of an ERM program
2. List the five steps in the Enterprise Risk Management decision making process
3. Identify the key components of developing a risk management program, including the
risk management professional's role and responsibilities.
4. Articulate key issues concerning healthcare organization governance
5. Describe the benchmarking and performance improvement attributes that contribute to the
risk management process
6. Discuss physician and allied health professionals credentialing
7. Describe the elements of policy and procedure development
8. List the key steps to crisis management
9. Describe issues related to technology
10. Discuss various aspects of employee and environmental safety
11. Explain workers' compensation from a risk manager's perspective
12. Explain five legal essentials of a contract
13. Describe organizational requirements for vendor/third party services
14. List and explain three elements of a risk management review of an organization's
mergers, acquisitions, and divestitures
15. Create a list of exposures that deal with organizational advertising liability
KEY TERMS
Important terms and definitions relevant to this domain:
Adverse event — Negative or bad result stemming from a diagnostic test, medical treatment or
surgical intervention; an injury resulting from a medical intervention.
Age Discrimination in Employment Act — 29 U.S.C. Section 621 et seq. Federal statute
prohibiting certain types of employment discrimination on the basis of age.
Americans with Disabilities Act — 42 U.S.C. Section 12101 et seq. Federal statute aimed at
prohibiting discrimination against individuals with certain mental and physical disabilities in the
areas of employment and public accommodation.
Assignment — Act of transferring to another all or part of one's property, interest or rights.
Benchmarking — Comparative process used by organizations to collect and measure internal or
external data that may ultimately be used for the purpose of developing, implementing and sustaining
quality improvements.
Breach of contract — Failure, without legal excuse, to perform any promise that forms the whole
or part of a contract. Hindrance by a party regarding the required performance of the rights and
duties identified in the contract.
2 ASHRM Preparation Guide for the CPHRM Examination

Collective bargaining – Collective bargaining consists of negotiations between an employer and a
group of employees so as to determine the conditions of employment. The result of collective
bargaining procedures is a collective agreement. Employees are often represented in bargaining by a
union or other labor organization.
Consideration – In contract law, something of value exchanged for the promised performance of
the other contracting party. Contracts frequently call for monetary consideration to be exchanged
for the promise to provide specified goods or services.
Contract – Agreement, either written or oral, involving an offer, the acceptance of the offer and an
exchange of consideration. Also, an agreement between two or more persons that creates an
obligation to do or not to do a particular thing; a promise or set of promises for the breach of which
the law gives a remedy or the performance of which the law in some way recognizes as a duty.
COSO (Committee of Sponsoring Organizations) – Independent private sector initiative
which studied ERM and has made recommendations on ERM structure and implementation.
Credentialing – Process of verifying and reviewing the education, training, experience, work
history and other qualifications of an applicant for clinical privileges conducted by a healthcare
facility or managed care organization; typically performed for independent contractors such as
physicians and allied health practitioners who are frequently not employed by the credentialing
entity but who are granted specific clinical privileges to practice.
Darling v. Charleston Community Memorial Hospital – Landmark 1965 case that determined
a hospital has the independent duty to ensure that high-quality care is rendered at its facility and is
responsible to screen the competency of its medical staff
Due diligence – Review of an entity targeted for acquisition by the acquiring party to ascertain
pertinent information about its financial and operating history and current status. Corporate staff
are generally held to the legal standard of having performed the review with due diligence before
making a recommendation to the board of directors as to whether to proceed with the acquisition.
Emergency Medical Treatment and Active Labor Act (EMTALA) – 42 U.S.C. Section 1395 et
seq. Federal statute prohibiting the "dumping" of patients presenting to the hospital with an
emergent medical condition or in active labor and limiting a hospital's ability to transfer them to
other facilities. EMTALA specifies when and how a patient may be: 1) refused treatment or 2)
transferred from one hospital to another when the patient is in an unstable medical condition.
Employee Polygraph Protection Act – 29 U.S.C. Section 2001 et seq. Federal statute limiting
most employers' ability to use polygraph testing in applicant screening processes.
Employers' liability – Any of a number of causes of action related to the employment relationship
but falling outside of workers' compensation and employment practices liability insurance coverage,
including dual capacity claims, spousal claims and third-party over claims.
Employment-at-will – Legal doctrine in most jurisdictions that an employer may discharge
an employee for any reason, unless specifically prohibited by law.
Employment practices liability—Any of a number of violations by an employer, based on statute or
common law, giving rise to damages outside of those covered by workers' compensation or similar
statutes, including wrongful termination, discrimination and sexual harassment.
Enterprise Risk Management – ERM in healthcare promotes a comprehensive framework for
making risk management decisions which maximize value protection and creation by managing risk
and uncertainty and their connections to total value.

Equal Employment Opportunity Commission — Federal agency charged with responsibility
for enforcing several federal statutes prohibiting various types of employment discrimination.
Under some statutes, administrative hearing procedures before the EEOC must be exhausted
before an employee has access to the court system.
Essential job functions — Under the Americans with Disabilities Act, those functions of a
particular job that an applicant must be able to perform, either with or without accommodation, in
order to perform the job.
Failure mode effects analysis or Criticality analysis (FMEA or FMECA) — A proactive,
systematic assessment used to identify the steps of a process that may be subject to failure in order to
design measures to wither prevent or control such failures. If a criticality phase is used in this process,
the perceived level of criticality of each type of potential failure is identified, to aid in setting priorities
for establishing control mechanisms.
Family Medical Leave Act — 29 U.S.C. Section 2611 et seq. Federal statute requiring certain
employers to provide a period of unpaid leave to employees meeting specified criteria in order
for them to receive medical treatment or to provide care to designated family members.
Federal Emergency Management Agency (FEMA) — Independent response organization that
was folded into the Department of Homeland Security (DHS) in 2003. The FEMA administrator
reports to the President of the United States.
Hazard —A condition that creates or increases the possibility of loss
Hazard analysis — Process of collecting and evaluating information on hazards associated with
the selected process; purpose is to develop a list of hazards that are of such significance that they
are reasonably likely to cause injury or illness if not effectively controlled.
Hold harmless provision — Contractual clause providing that one party agrees not to pursue a
tort claim for vicarious liability against the other; usually found with indemnification provisions and
are usually mutual.
Incident — Any happening not consistent with the routine operations of the facility or routine care
of a particular patient. Examples: A union strike, a criminal act such as a homicide, or a physical
disaster including hurricanes, bioterrorism threats, etc.
Indemnification provision — A contractual clause in which one party agrees to accept the tort liability
and legal defense of another; usually found with hold harmless provisions and are usually mutual.
Joint and several liability — A form of liability used in civil cases where two or more people are
found liable for damages. The winning plaintiff may collect the entire judgment from any one of the
parties or from any and all the parties, in various amounts until the judgment is fully paid. Under joint
and several liability, a plaintiff may choose to seek full damages from all, some, or any one of the
parties alleged to have committed the injury. In most cases, a defendant who pays damages may seek
reimbursement form nonpaying parties.
The Joint Commission — An independent, not-for-profit organization, The Joint Commission
accredits and certifies more than 20,500 healthcare organizations and programs in the United States.
The Joint Commission sets standards for hospitals and other types of healthcare organizations and
conducts education programs and a survey process to assess organizational compliance.
Joint venture — An undertaking by two or more entities to pursue business or other ventures. In
many jurisdictions, entities cannot form partnerships; hence they are deemed to be joint ventures;
each joint venture may be liable for the debts and obligations of the joint venture.
Lex loci delicti commissi — Law of the place where the tort was committed.

Maximum medical improvement (MMI) – In workers' compensation, the point in which the
injured employee has recovered to the maximum extent medically expected (also called permanent
and stationary or P&S). When an employee reaches MMI, any residual disability, pain, etc. is
expected to be permanent.
National Labor Relations Act – The main body of law governing collective bargaining
explicitly grants employees the right to collectively bargain and join trade unions; originally
enacted by Congress in 1935 under its power to regulate interstate commerce.
National Practitioner Data Bank (NPDB) – The Data Bank is a confidential information
clearinghouse created by Congress with primary goals of improving healthcare quality, protecting
the public, and reducing healthcare fraud and abuse. Federal statutes require that an NPDB report
be made by any entity that pays money on behalf of a practitioner to settle a legal claim asserted
against the practitioner. Reports must also be filed by hospitals that restrict, suspend or terminate a
practitioner's privileges to examine or treat patients at the hospital. The NPDB is prohibited by law
from disclosing information on a specific practitioner, provider, or supplier to a member of the
general public.
Occupational Safety and Health Act/Administration – 29 U.S.C. Section 651 et seq.
Federal statute (and agency created by it) charged with responsibility for promulgating
standards and enforcement mechanisms governing worker safety for most industries.
Occurrence reporting – Unexpected patient medical intervention, intensity of care or healthcare
impairment. Staff is given clear guidelines and specific examples of reportable incidents or events;
e.g., occurrences of missed diagnosis that result in patient injury; surgically related occurrences
such as wrong patient being operated on, the wrong site, the wrong procedure or treatment related
occurrences; falls; medication-related occurrences, etc.
Occurrence screen reports – Systematic review of medical records/cases (either retrospectively or
concurrently conducted) using predetermined screening criteria, conducted to identify cases that may
warrant a closer performance improvement review. Screeners look for deviations from practice,
policy and procedures. Criteria for screens are established in areas that are considered to be high risk,
high frequency or problem prone.
Organizational culture – Set of values, guiding beliefs or ways of thinking shared among members
of an organization.
OSHA General Duty Clause – OSHA's general requirement that employers maintain a safe
work environment. OSHA inspectors may cite the general duty clause whenever an unsafe
workplace condition or work practice is identified, but no specific OSHA regulation applies.
Ostensible agency doctrine – The doctrine sometimes referred to as apparent agency, permits a
finding of liability on a hospital where there is the appearance of an employment relationship with an
independent contractor. In the absence of employer—employee relationship, a managed care
organization (MCO) may still be held vicariously liable for the acts of provider physicians if the
patient had a reasonable belief the physician was the MCO's agent and that this belief was based
upon representations made by the MCO to that effect. Burden is on the plaintiff to prove that he or
she detrimentally relied on the fact that the MCO held the physician out as its agent.
Peer review – Process whereby possible deviations from the standard of patient care are reviewed by
an individual or committee from the same professional discipline to determine whether the standard of
care was met and to make recommendations for improving patient care processes. Most jurisdictions
provide at least a limited protection from discovery in civil actions for peer review activities.
Quality Improvement Organization (QIO) – A group of health quality experts, clinicians, and
consumers organized to improve care delivered to Medicare beneficiaries. QI0s work under the

direction of the Centers for Medicare & Medicaid Services (CMS) to assist Medicare providers with
quality improvement and to review quality concerns for the protection of beneficiaries and the
Medicare Trust Fund. The program, one of the largest federal programs of its kind, consists of a
national network of QIOs throughout each U.S. state, territory, and the District of Columbia.
Right to know — Laws that require employers to provide information, education and/or
treatment to employees regarding hazardous materials to which employees may be exposed during
their employment.
Risk — Chance of loss. "Pure" risk is uncertainty as to whether loss will occur; "speculative" risk is
uncertainty about an event that could produce loss. Pure risk is insurable; speculative risk usually is not.
Risk analysis — Process used by the person/individuals assigned risk management functions to
determine the potential severity of the loss from an identified risk, the probability that the loss will
happen and alternatives for dealing with the risk.
Risk avoidance — Decision not to undertake a particular activity because the risk associated with
the activity is unacceptable. The only risk control technique that completely eliminates the possibility
of loss from a given exposure. This technique reduces the possibility of a loss to zero by the
conscious choice not to engage in or avoid a specific activity or operation.
Risk control — Includes techniques to minimize frequency or severity of accidental losses or to make
losses more predictable; stopping losses from happening or mitigating the loss. Risk control techniques
include avoidance, loss prevention, loss reduction, segregation of loss exposures and contractual
transfers designed to protect an organization from legal obligations to pay for others' losses.
Risk financing — Includes risk management techniques that encompass all the ways of generating
funds to pay for losses that risk control techniques do not entirely stop from happening; techniques
include risk retention and risk transfer.
Risk identification — Process of identifying problems or potential problems that can result in
loss; recognizing the potential for loss.
Risk management — Process of making and carrying out decisions that will assist in prevention of
adverse consequences and minimize the adverse effects of accidental losses upon an organization.
Also, a systematic and scientific approach in the empirical order to identify, evaluate, reduce or
eliminate the possibility of an unfavorable deviation from expectation and, thus, to prevent the loss
of financial assets resulting from injury to patients, visitors, employees, independent medical staff; or
from damage, theft or loss of property belonging to the healthcare entity or persons mentioned. The
definition includes transfer of liability and insurance financing relative to the inability to reduce or
eliminate intolerable deviations. Originally defined by the American Hospital Association as the
"science for the identification, evaluation and treatment of the risk of financial loss," risk
management now also encompasses the evaluation and monitoring of clinical practice to recognize
and prevent patient injury.
Risk treatment strategies — Range of choices available to handle a given risk. Treatment
strategies include two general categories: risk control and risk financing.
Root cause analysis — Multi-disciplinary process of study or analysis that uses a detailed,
structured process to examine factors contributing to a specific outcome (e.g., an adverse event).
A process for identifying the basic or causal factors that underlies variation in performance,
including the occurrence or possible occurrence of a sentinel event.
Telemedicine/telehealth — The use of telecommunications to provide medical information and
services. Also, the provision of healthcare consultation and education using telecommunications

networks to communicate information; medical practice across distance via telecommunications and
interactive video technology (American Medical Association's Council on Medical Education and
Medical Services). The use of electronic information and communications technologies to provide
and support healthcare when distance separates the participants (Institute of Medicine).
U.S. Patriot Act of 2001 — Federal legislation (H.R.3162) that enhances the ability of law
enforcement to deter and detect acts of terrorism, including cyber-intelligence gathering, wiretapping
and other means of gathering needed information from designated privacy records.
Value creation — In Enterprise Risk Management, value creation takes advantage of the
opportunity to add worth and the potential for gain. It is proactive and includes market share,
competition, centers of excellence, financial viability and growth, return on investment, etc.
Value protection — In Enterprise Risk Management, includes preventing loss and harm to
assets, reputation, property and people and is reactive.
Vicarious liability — The imposition of liability on one person for the actionable conduct of
another, based solely on a relationship between the two persons, such as the liability of an employer
for the acts of an employee.
Whistle-blower — Individual, frequently an employee or former employee, who reports unlawful
activity, such as healthcare fraud and abuse or OSHA violations, to the government or an
administrative agency. Some statutes provide for the whistleblower to receive a share of fines levied
against the organization for making the report. Most statutes prohibit retaliatory discharge or other
discriminatory actions against an employee who makes such a report.
Workers' compensation — Program that provides protection to workers who are injured while
engaged in the business of their employer. Statutory limits of coverage are set by each state.
OUTLINE
I. Enterprise Risk Management (ERM)
A. Definition: A framework of activities that assists an organization to identify and manage risk
holistically by considering all forms of risk across the organization.
B. Structured analytical process focuses on identifying and estimating the financial impact
and volatility of a defined portfolio of risks
C. ERM proposes that risks do not exist or behave in isolation but can be identified, grouped and
catalogued in risk domains
D. Premise is that every entity, whether for-profit, not-for-profit or a governmental body, exists to
provide value for stakeholders
E. Provides framework for management to effectively deal with risk and opportunity
F. A comprehensive way of thinking about risk in all areas of an organization
G. Risks can be grouped into domains
I. Operational risks: Arise out of daily operations and includes risk presented by facility's supply
chain, compliance, product recalls, admissions, service lines, clinical operations and changes in
regulations
2. Clinical/patient safety risks: Associated with the delivery (or lack thereof) of care to
residents, patients and other healthcare customers and stakeholders.
3. Strategic risks: Concern business decisions; decisions that affect strategic risks include
pricing, partnerships, marketing, joint ventures, mergers and acquisitions

4. Financial risks: Concern cash-flow management, interest rates, access to capital,
economic instability, taxation and costs of commodities
5. Human capital risks: Comprise risks to the organization's workforce
6. Legal/regulatory risks: Arise from the failure to identify, manage and monitor legal,
regulatory and statutory mandates on a local, state and federal level.
7. Technology risks: Associated with the use of machines, hardware, equipment, devices
and tools but can also include techniques, systems and methods of organization.
8. Hazard risks: Comprise traditionally insurable risks including property, general liability and
products liability
H. ERM definition of risk tends to ignore the mutually exclusive speculative vs. pure classification
scheme in defining risk
I. ERM consists of eight interrelated components (identified by Committee of
Sponsoring Organizations of the Treadway Commission Integrated Framework)
1. Internal environment: Risk and safety culture of the organization, governing body
support, risk tolerance, policies and procedures
2. Objective setting: Strategic objectives
3. Event identification: Identified risks and opportunities within the risk domains of clinical/patient
safety, operations, finance, human capital, legal/regulatory, technology, strategic and hazard risks
4. Risk assessment: Likelihood and impact of identified risks
5. Risk response: Cost benefit analysis of risk response such as avoidance, reduction, sharing
and acceptance
6. Control activities: Policies and procedures to ensure selected risk response is implemented
7. Information and communication: Communication of internal and external data sources
that express risk tolerance, performance metrics and compliance philosophy
8. Monitoring: Assessments of necessary components of the ERM program and their
efficient functioning over time
J. Benefits of an ERM program
1. A strategic, organizational framework for managing risk
2. Understanding relationships (correlations) between risks
3. Efficient and effective treatment of risks
4. Risk prioritization
5. An understanding and assessment of future risks
6. A common risk taxonomy
7. Promotion of transparency
8. Support for board educational initiatives and framework for meeting financial
disclosure requirements
9. Better decision making
10. Allocation of limited resources
11. Success of regulatory and compliance initiatives
12. Formal linkages

II. Risk management (ERM) process
A. Risk management is the process of making and carrying out decisions that will assist in
prevention of adverse consequences and minimize the adverse effects of accidental losses upon
an organization. Making these decisions requires the five steps in the decision process (ARM).
B. Five steps of traditional/Enterprise Risk Management process
1. Identify and analyze loss exposures
2. Examine alternative risk management techniques or treatments
3. Select the best risk management technique or combination of techniques
4. Implement selected techniques
5. Monitor, evaluate and improve the risk management program to identify and
analyze loss exposures
C. Details for each step:
1. Identify problems or potential problems that can result in loss
a) Type of value exposed to loss
b) Potential cause of loss
c) Extent of the projected financial consequence of the loss
d) Classifications of loss exposures:
(1) Property losses: Damaged/destroyed property
(2) Net income losses: Revenues minus expenses for a given accounting period
(3) Liability losses: Another individual or organization brings a claim for alleged
wrongdoing
(4) Personnel losses: Death, disability, retirement, resignation, or
(5) Unemployment of individual with special skills or knowledge that an organization
cannot readily replace
e) Systems for risk identification:
(1) Informal risk identification systems
(2) Claims data
(3) Patient complaints
(4) Standardized surveys and questionnaires
(5) Personal inspections
(6) Committee minutes
(7) Survey reports from accreditation and licensing organizations
(8) Expert reports
(9) Hotline calls
(10) Flowcharts
(11) Referral by staff
(12) Requests for medical records
(13) Policy queries

(14) Clinical indicators
(15) Collaborative relationships with quality, nursing, medical staff, infection
control, security, safety, etc.
f) Formal risk identification systems:
(1) Incident reporting
(2) Sentinel event tracking
(3) Root cause analysis (RCA)
(4) Failure mode, effect and criticality analysis (FMECA)
(5) Occurrence reporting and screening
(6) Device reporting and tracking logs
(7) Security reports
g) Analysis to determine the potential severity of the loss associated with an identified risk,
the probability that such a loss will occur and the frequency of such a loss
(1) Metrics utilized to analyze risks
(2) Risk mapping
a) A graphic depiction of an organization's risks that displays the relationship
between frequency and severity of losses (risk assessment)
b) Provides prioritization scheme for further data collection; also to establish risk
mitigation strategies, define capital allocations and exploit competitive advantages
c) Provides an analysis of the identified risk's impact on the organization
d) Improves the organization's knowledge of its exposure to risk and facilitates
selecting the desired risk control technique
2. Examining alternative risk management techniques or treatments
a) Refers to the range of choices available to the risk manager in handling a given risk
b) Risk control stops losses from happening or mitigating the loss
(1) Risk avoidance eliminates any possibility of loss; only risk treatment that reduces the
probability of loss to zero
(2) Loss prevention
(a) Technique reduces the likelihood of an event or the frequency of the event; proactive
Examples: Preventive maintenance program, education, vaccination program
(3) Loss reduction
(a) Involves various loss control strategies aimed at limiting the potential consequences
of a given risk without totally accepting or avoiding it; reduces severity of those
losses that other risk control techniques do not prevent
Examples: Fire sprinklers, fire extinguishers
(4) Segregation of loss exposures: Involves arranging an organization's activities and
resources, so if a loss occurred, it would not broadly affect the organization
(a) Separation: Distribution of a particular activity or asset over several locations
(b) Duplication: A reserve or substitute is available for alternative use if the
primary source or activity is affected by a loss

(5) Contractual transfer for risk control: Directed at shifting the legal responsibility
from one party to another party; leasing of property and subcontracting activities
are frequent forms of contractual transfer for risk control
(a) Implement a program for control of contractual risk
(b) Review contracts for:
i. Risk exposures
ii. Risk assumptions
iii. Insurance provisions/requirements
iv. Hold harmless clauses
v. Indemnification
vi. Regulatory compliance
(c) Recommend implementing modifications to additions identified as risks
(d) Ensure that a program exists for tracking maintenance and retention of contracts
and leases
(6) Risk financing: All the ways of generating funds for paying losses that occur
(7) Risk retention: Involves assuming the potential losses associated with a given risk and
making plans to cover any financial consequences of such losses:
(a) Current expensing of losses
(b) Unfunded loss reserve: an accounting entry denoting a potential liability to pay for
a loss
(c) Funded loss reserve: a reserve backed by set aside funds within the organization
(d) Borrowing funds to pay for losses
(c) Affiliated, "captive" insurer: A limited-purpose insurance company set up in a
jurisdiction that is favorable to such companies, to provide insurance to entities
that are also the company's owners or affiliates; the most formalized method of
risk retention
(d) Self-insurance trust
(e) Risk retention group
(8) Risk transfer: Shifting the financial risks but not the ultimate legal responsibilities for
those losses to another entity
(a) Insurance: Outside, unaffiliated insurer (e.g., commercial insurance)
(b) Non-insurance transfers: Agreement such as a hold harmless agreement
or indemnification agreement
3. Selecting the best risk management technique or combination of techniques
a) First, forecast the effects the available risk management options are likely to have on
the organization's ability to fulfill its goals
b) Second, define and apply criteria that measure how well each alternative risk arrangement
technique contributes to each organizational objective in cost-effective ways
4. Implementing selected techniques requires attention to the technical risk management
decisions that must be made by the risk management professional and the managerial

decisions that must be made in cooperation with other managers throughout the
organization to implement the chosen techniques
5. Monitoring, evaluating and improving the risk management program is done to gauge and
assess the effectiveness of the techniques employed to identify, analyze and treat risk
a) Reduce and control the number and size of payments of claims
b) Identify the most economical approaches to risk financing
c) Improve quality and safety
d) Quantify cost of risk
e) Quantify tolerance for risk
III. Risk identification

A. Incident reporting
1. Incident reporting is the cornerstone of a healthcare risk management program
2. Incident is defined as any event that is not consistent with the routine care of a particular
patient or an event that is not consistent with the normal operations of a particular
organization, such as a union strike, a criminal act such as a homicide, or a physical disaster
including hurricanes, bioterrorism threats or the onset of mold contamination
3. Occurrence of an incident should trigger a report form
4. Incident should be reported to the risk manager; in some cases, immediate notification might
be warranted
5. Reported incidents should be coded, analyzed and trended
6. Data should be shared with authorized individuals or committees on a "need to know" basis
7. Incident reporting should be implemented in all healthcare settings (e.g., acute care hospitals,
long-term care facilities, home health, ambulatory care, etc.)
B. Content of an incident report
1. Demographic information (name, address, telephone, etc.)
2. Socio-economic data (age, gender, marital status, insurance, etc.)
3. Facility-related information (date, patient identification number, admitting diagnosis, etc.)
4. Description and details of incident (when, where, witnesses, contributing factors, etc.)
C. Staff participation in incident reporting
1. Duty and responsibility of all employees and medical staff
a) In some states, reporting is mandatory; failure to report may cause an action against the
healthcare provider's license
2. Challenges exist for integrated delivery system risk managers if facilities are geographically distant
3. Simplicity of reporting system and access to training of staff is crucial
4. Because employees are often reluctant to report incidents due to the perception that reporting is
admission of negligence, incident reports should not be used for punitive purposes
a) Anonymous reporting is required by several states
5. Training must emphasize the following:
a) Reporting facts alone

b) Preserving confidentiality of report
c) Documenting the incident objectively in the medical record
D. Reasons incidents may not be reported in a conventional passive-reporting system
1. Observer is too busy
2. Staff feels reporting is of little value due to lack of feedback
3. Staff fears disciplinary action
4. Non physicians are often reluctant to file a report concerning a physician
5. Staff concerns of implications regarding personal liability
6. Staff fails to recognize that incident occurred
7. Staff does not understand definition of incident
8. Staff believes that someone else is going to report
E. Effectiveness of the reporting process is enhanced by written policies and procedures
1. Staff should be encouraged to complete reports promptly and completely
2. Preservation of confidentiality should be emphasized because it:
a) Encourages accurate and frequent reporting
b) Ensures factual information and promotes honesty
c) Prevents perception that something "wrong" occurred
d) Supports claims management and defense efforts
e) Provides documentation of the protections sought for incident reports
3. Approaches to preserving confidentiality
a) Reporting process compliant with state/federal peer review provisions or patient
safety reporting, i.e., anonymous reporting
b) Reporting may also be protected under attorney-client
privilege F Occurrence (event) reporting and screening 1. Focused-
occurrence reporting
a) Staff provided guidelines and examples of reportable events
b) Assist in medication error-reduction efforts
c) Can apply in all healthcare settings
d) Reportable events often defined for specific clinical areas
e) Data of particular value to both risk management and performance improvement efforts
f) Methods for enhancing effectiveness of reporting process:
(1) Ensure that departmental and medical staff collaborate in development of
reportable event lists
(2) Streamline reporting system to ensure that process is not overly burdensome
(3) Ensure that results of collected data are shared promptly with departments
and appropriate committees
G. Occurrence screening
1. Uses a defined list of occurrences for which all medical records are screened

2. Screeners look for deviation from practice, policy and procedures
3. Results are prepared for each admission and sent to quality department for assessment
and data collection
4. Process is adaptable to all healthcare settings
5. Although it's primarily a quality process, risk managers must be
involved H. Computerized incident/occurrence tracking
1. Risk management information systems
2. Many commercially available systems
3. Database software can support customized risk identification systems
4. Important elements of computerized system:
a) Data collection breadth and effectiveness
b) Data screening, review and coding
c) Data processing and analysis
d) Report generation and information analysis and feedback
W. Risk management program

A. Risk management program, structure and function vary widely
1. Organizational culture/philosophy
2. Type, size and location of the organization
3. Delivery setting
4. Scope of services and activities
5. Available resource
B. Legislative and regulatory mandates developed in some states require hospitals to implement risk
management programs
1. Risk manager competencies
2. Incident/occurrence reporting and chain of evidence requirements
C. Standards for accreditation increasingly include risk management requirements
D. Risk management program effectiveness can be evaluated using performance (activity) measures,
outcome measure and financial measures
1. Outcome and financial measures should be
a) Rate based
b) Comparative over time
c) Benchmarked (if possible)
d) Graphically expressed
e) Statistically valid (outcome measures)
E. Risk management policy and procedure manuals
1. Used by regulatory and accreditation agencies to establish evidence of compliance
with requirements

2. Used in civil litigation to establish the organization's self—imposed standards
3. Reviewed and updated regularly to ensure compliance with prevailing requirements or practices
4. Staff are trained on new or revised policies and procedures in
a) Claims management
b) Incident/occurrence reporting
c) Insurance requirements
5. Ensure maintenance of modified and revoked policies to allow for establishment of
standards at a given time
V. Development of the risk management program

A. Selecting an appropriate risk management program structure
1. Size
2. Scope of services and activities
3. Available resources
4. Location of the organization to be served
5. Type of facility/organization
6. Reporting structure
B. Level of risk management responsibility considerations
1. Responsibility for all risk management functions can rest with the risk manager
2. Responsibility for risk management activities and services can be distributed to
several managers and/or departments throughout the organization
3. Use of consultants and outsourcing of functions to third parties of certain risk services
C. Key components to getting started
1. Obtain organizational commitment: Acceptance of roles, scope, goals and objectives, as well
as support for the program by various levels of leadership starting with the board
2. Designate a competent, qualified risk manager
3. Write an accurate, comprehensive risk manager job description
4. Write a risk management plan: Include a purpose overview, structure and process of
risk management activities within the organization
5. Incorporate formal involvement by medical staff in the program
6. Develop outcome measures to assess effectiveness of risk management activities that are:
a) Rate based
b) Comparative over time
c) Benchmarked (if possible)
d) Graphically expressed
7. Achieve program acceptance: provide visibility and education on related risk management
topics at orientation and continuing education activities
D. Assessing areas of the organization that need risk management

1. Take an enterprise-wide comprehensive approach
a) Identify areas for assessment: profile organization's current services and
relationships important in identifying the various areas for assessment
b) Identify traditional risk areas such as hazard and operational risk as well as financial and
strategic risk
c) Analyze systems already in place to determine their current effectiveness
d) Determine external needs and demands
e) Review the assessments using a "risk map" if necessary
f) Identify areas of concern and existing management controls
g) Develop a risk management action plan
E. Review all existing insurance polices
F. Review contracts
G. Consider ASHRM's "Self-Assessment Tool for Risk Management Programs & Functions" (CD)
VI. Key attributes of a risk management program

A. Authority
1. Risk manager must maintain sufficient authority and respect to enact the changes in practice,
policy and procedure to fulfill the essential functions of the risk management program
B. Visibility
1. Position should be highly visible in the organization; should be structured to enhance
opportunities for interaction with others through service on appropriate committees,
participation in educational activities and access to organization-wide communications
C. Communication
1. Advise senior management on risk management implications of new business arrangements
D. Coordination
1. Establish both formal and informal mechanisms for the coordination of the risk management
program with other departments and functions
E. Accountability
1. Written job description outlines key responsibilities; comprehensive program addresses the full
scope of risks relating to patient care, medical staff, employees, property, financial and others
VII. Scope of the risk management program

A. Primary purpose is to protect the healthcare organization's assets against loss and
minimize impact of losses when they do occur
B. Scope of program may include risk financing, claims management and loss control across the
entire enterprise in the following areas:
1. Patient care-related risks
a) Confidentiality and HIPAA
b) Advance directives, DNR and medical power of attorney
c) Abuse and neglect

d) Informed consent and implied consent
e) Discrimination
f) Delay of treatment
g) Missed diagnosis
h) Patient valuables
i) EMTALA: Appropriate triage, stabilization and transfer of patients
j) Human subjects: Research/experiments and institutional review boards (IRB)
k) Access to care concerns
I) Competence of patient care staff
m) AMA and elopement
n) Security
2. Medical staff-related risks
a) Peer review and quality improvement activities
b) Confidentiality
c) Credentialing/privileging/disciplinary actions
d) Impairment
e) Billing, business situations and incentives: HHS Office of Inspector General (OIG) fraud
and abuse
f) Gatekeeper obligations under managed care plans
3. Employee-related risks
a) OSHA compliance, hierarchy of controls and record keeping
b) Workers' compensation, TPAs, pre-employment physicals
c) Employment practices
d) EEOC: Discrimination allegations
4. Property-related risks
a) Assets/structures
b) Fire
c) Earthquake
d) Flood
e) Windstorm
f) Boiler and machinery
g) Vehicles
h) Equipment
i) Records retention, including electronic media
5. Financial-related risks
a) Directors and Officers (D&O)
b) Healthcare providers

c) Errors and omissions
d) Business interruption
e) FTC compliance
f) Ostensible agency, vicarious agency
6. Other risks
a) Mergers and acquisitions
b) Vehicle liability (leased/owned)
c) General liability (slips and falls)
d) Helicopter, airplane or helipad liability
e) Hazardous materials and environmental risks
f) Biological waste
g) Volunteers and students
h) Contractors
7. Business continuity issues
a) Essential functions
b) Incident command
c) Mitigation
d) Recovery
VIII. Required skills for the successful healthcare risk manager

A. Ability to identify potential sources of loss faced by the healthcare organization
B. Ability to assess potential economic loss that identified exposures may have on the
healthcare organization
C. Ability to apply loss-control techniques to minimize losses to the healthcare organization
D. Ability to identify and apply appropriate risk financing techniques to the organization's
potential losses
E. Ability to implement and monitor risk management policies and
procedures E Ability to maintain confidentiality
G. Adherence to risk management ethics
H. Adherence to ASHRM's code of conduct
IX. Education and professional recognition

A. Graduate programs in healthcare risk management
B. Continuing education
C. Certification programs
1. CPHRM is the only certification program available specifically for healthcare risk
management professionals
2. Insurance Institute of America offers an Associate in Risk Management (ARM), but it
isn't healthcare specific

3. Chartered Property and Casualty Underwriter (CPCU) of the Professional Association
for Chartered Property Casualty Underwriters
4. Certified Safety Professional (CSP) granted by examination and the Board of Certified
Safety Professionals
5. Certified Risk Manager (CRM) available by written examination from the National Alliance
for Insurance Education and Research
D. Recognition programs
1. ASHRM Fellow (FASHRM) awarded for outstanding achievement
2. ASHRM Distinguished Fellow (DFASHRM) awarded for superior achievement in the profession
3. Criteria for both include a combination of education, leadership, publication experience and
achievement
X. Areas of expertise
A. Clinical and patient safety
1. Represents the largest functional area
2. Encompasses the current state of patient safety and staff awareness with the organization
3. Includes proactive patient safety initiatives
4. Promotes a culture of patient safety through education policy development
and standardization of processes
B. Operations
1. Includes development of an Enterprise Risk Management program for the organization
2. Covers activities associated with managing an Enterprise Risk Management program
3. Encompasses all aspects of risk identification, analysis and risk control
C. Regulatory and accreditation compliance
1. Includes all activities associated with major healthcare regulations
2. Includes all activities associated with compliance of accreditation standards
3. Encompasses ethical situations includes end of life decisions
D. Risk financing
1. Includes all activities associated with financing losses
2. Includes either transferring or retaining the risk
E. Claims management
1. Includes activities associated with managing actual claims, potential claims and/or lawsuits
2. Spans activities from notification, reporting and investigation to resolution
XI. Risk management operations

A. Managing a risk management department
1. Role continues to evolve; critical skills include the ability to communicate well, negotiate
effectively, remain objective and maintain confidentiality
2. Roles and job responsibilities are determined by the characteristics of the organizations
in which they are applied

B. Developing a risk management plan and policy statement
1. Major functional areas include clinical and patient safety, claims management, risk financing,
regulatory and accreditation compliance, risk management operations and bioethics
C. Training and supervising staff
D. Coordinating the risk management committee activities
E. Developing goals
F. Evaluating effectiveness
1. Frequency of evaluation
2. Evaluative metrics
a) Total number of claims
b) Total number of potential compensable events (PCE)
c) Total cost of risks
d) Average defense cost of particular types of claims (i.e., newborn injuries)
XII. Organizational Governance

A. Hospital governance sets the organizational policy that supports risk management by
approving and upholding the mission, vision and operating policies of the organization's
risk management operations
B. Legal duties of healthcare trustees
1. Board has the ultimate legal responsibility for all aspects of the entity's activities and services
2. Board assigns to medical staff "reasonable authority" to ensure professional care to patients
3. Board shall require, consider and act upon reports of medical care evaluation,
utilization review and other matters relating to quality of care
4. Board shall: 1) Direct that all reasonable steps be taken by medical staff to meet all legal
standards and 2) Take all reasonable steps to comply with all laws and regulations
C. Duty of care
1. Duty to act in good faith, as a reasonably prudent person
2. Duty to act in the best interests of the entity
D. Duty of loyalty
1. No competing with the entity
2. No disclosure of confidential information
3. No usurping opportunities for personal financial gain
4. No personal enrichment at the entity's expense
E. Liability of board members
1. Corporate liability of the board
a) Environmental pollution
b) Antitrust/anticompetitive practices
c) Fiscal responsibility (e.g., effective accounting practices)

d) Insuring/protecting assets
e) Medicare fraud and abuse
f) Appropriate use of executive/closed meetings
g) Protection of confidential information
h) Content and circulation of minutes
2. Preparedness for disaster/terrorist threat
3. Credentialing, economic credentialing and peer review/disciplinary actions
F. Volunteer Protection Act of 1997
1. Federal law (Public Law 105-19) protects trustees of tax-exempt entities; provides insurance
G.The risk manager and the board
1. Risk manager supports the board's oversight responsibilities
2. Risk management role in educating the board
a) Offer new-member orientation
b) Periodically present risk management topics to the board
3. Board reporting
a) Enhance the board's understanding of issues
b) Report to the board—or through committee—on significant claims, trends, issues and cost
of risk; Annual report of scope, goals and effectiveness of the risk management program
c) Summarize information in a graphic format that compares data over time
d) Vary content
e) Utilize an executive summary
XIII. Directors and officers liability prevention

A. Determine potential areas of board liability exposure: Discrimination, hazard
management, Sarbanes-Oxley Act (SOX), employment practices and medical staff
B. Assess degree of liability exposure in: Credentialing and privileging (physicians' professional
liability insurance limits and type of policy coverage; objective, non-arbitrary, etc.)
C. Assess D&O coverage limits and whether or not parts A, B and C are appropriate and in place
D. Implement corrective action to minimize liability exposure in high-risk areas or activities:
Revise policies and procedures
E. Exclusions (and segregations) for wrongful acts
XIV. Physician and allied health professionals credentialing

A. Credentialing of providers
1. Federal laws (Medicare Conditions of Participation, CoPs)
2. State laws
3. Accreditation standards (TJC, NCQA, etc.)
4. Web-based applications or programs

B. Documentation of credentialing criteria
1. Bylaws, rules and regulations
2. Policies, procedures and protocols
3. Completion of all requested forms/information, including primary source verification
4. Cautions regarding objective review of the standard of care
5. New opportunities to assist facilities in credentialing process are available on Internet
(e.g., OIG List of Excluded Individuals/Entities at www.hhs.gov/oig)
6. Must be tailored to fit the specific needs of each healthcare organization
7. Strict adherence to a documented credentialing system can protect a facility in credentialing disputes
C. Credentialing of allied health professionals
1. Types include:
a)Physician assistants
b) Nurse practitioners
c) Nurse anesthetists
d) Nurse midwives
e) Other independent licensed professionals defined by facility/state
2. Dependent vs. independent allied health professionals
3. Laws regarding scope of practice under jurisdiction of state law
4. Accreditation standards do not generally address scope of practice issues
5. Identification of clinical services to be provided
6. Develop and enforce a written risk management plan for scope of practice, licensure,
supervision and verification of credentials
D. Potential liabilities related to credentialing
1. Negligent credentialing: Initial application, reappointment and quality of care
a) Doctrine of corporate liability for negligent credentialing, a state law tort theory,
necessitates implementing and maintaining written credentialing policies and procedures
b) Leadership such as the executive committee and the governing body must
provide oversight and input, as well as final approval
2. Economic credentialing: A credentialing, selection or termination action based on economic
considerations
a) Selection due to a physician's effect on the financial success of a facility
b) Termination based on economic reasons such as:
(1) Liability for wrongful de-selection
(2) Inappropriate performance criteria unrelated to clinical competence
3. Corporate liability: Hospital's independent duty to ensure that quality care is rendered at its
facility [Darling v. Charleston Comm. Mem. Hospital, 211 N.E.2d 253 (Ill. 1965)]
4. Breach of patient privacy
a) Disclosure of patient-identifiable information
b) Disclosure of individual providers' quality outcome information

c) Facility must implement and maintain written policies and procedures pertaining
to disclosure
d) State law defines specific patient privacy rights
5. Disability issues
a) Americans with Disabilities Act
(1) Section 504 of the Rehabilitation Act prevents physical or mental discrimination by
any healthcare facility that receives federal funding
6. Breach of "duty to warn" [Reisner v. Regents of the University of Califbrnia,31 Cal. App. 4th
1195, 37 Cal. Rptr. 2d 518(Cal.App.Dist.2 1995)]
7. Information sharing
a) Contractual provisions for the confidentiality of information
b) Obtain appropriate releases
c) All final adverse actions are required to be reported in a timely manner to:
(1) National Practitioner Data Bank
(2) Healthcare Integrity and Protection Data Bank
XV. Risk management's role in performance improvement

A. Can be used in concert with a risk management program to reduce exposures
B. Comparison of traditional risk management steps to a typical performance improvement model
Risk Mana geme nt Performance Improvement
1. Identify, analyze exposure to loss 1. Identify a goal
2. Examine the feasibility of alternative 2. Analyze systems and processes
techniques 3. Plan appropriate action and
3. Select the best technique implementation methods
4. Implement the best technique 4. Monitor performance to sustain
5. Monitor and improve the risk management improvement
program
C. Performance improvement and risk management are data—driven activities

D. Performance improvement, patient safety and risk management program data/reports can
be protected from discovery through:
1. Statutory protections for quality improvement, risk management and/or peer
review a) Federal focus review may remove the protection
2. Utilization of a patient safety organization (PSO)
3. Privilege
E. Performance improvement, patient safety and risk management may employ failure mode,
effect and criticality analysis (FMECA); and root cause analysis (RCA) to describe and quantify
systemic risks and occurrences
F. Engage the performance improvement process and patient safety initiatives to improve risk
management operations and reduce exposures

1. Obtain and monitor outcomes and core measures data that can be used to evaluate risk exposures
a) Patient complaints and/or patient satisfaction
b) Occurrence report data
c) Potential compensable events
d) Compliance data
e) Outcomes of operative and invasive case review
f) Utilization review
g) Blood and blood product utilization
h) Medication use
i) Infection control
j) Environment of care
k) Human resources
1) Restraints
2. Provide thoughtfully researched (preferably peer reviewed) best practices information for
consideration
3. Support "culture of safety" that encourages identification of opportunities for improvement
G. Basic principles:
1. Requires senior management support
2. People do not malfunction, processes do
3. Reducing process variation reduces the potential for error and inefficiency
4. All processes and outcomes must be measurable
5. Problem solving must include multidisciplinary approaches that empower all employees
to participate in the quality improvement process
H. Benchmarking as a quality improvement and risk management tool
1. A comparative process used by organizations to collect and measure internal or external
data that might be used to develop, implement or sustain process improvement
2. Usually part of a larger effort such as a process re-engineering or quality-improvement initiative
3. Can identify problem areas
a) Because benchmarking can be applied to any business process or function, a range of
research techniques may be required, such as informal conversations with customers,
employees or suppliers; exploratory research techniques such as focus groups; or in-
depth market research, quantitative research, surveys, questionnaires, reengineering
analysis, process mapping, quality-control variance reports or financial ratio analysis
4. To identify organizations that are leaders in these areas
a) Look for the best in any industry and in any country; Consult customers, suppliers,
financial analysts, trade associations and magazines to find companies worthy of study
5. Basic steps of benchmarking
a) Build consensus with persuasive communications that emphasize potential benefits
for decision-makers

b) Collect and analyze data
c) Use clearly-defined terms and specify the methods of obtaining, recording and
analyzing the data obtained
(1) Qualitative as well as quantitative analysis may be required
d) Implement and monitor process improvement activities; be prepared to respond to
hidden agendas that become apparent as diverse interests align
6. Potential benchmarking mistakes
a) Confusing benchmarking with participating in a survey
(1) Survey of organizations in a similar industry to yours is not really benchmarking
(2) Such a survey will yield interesting numbers, but benchmarking is the process of
finding out what is behind the numbers (a benchmarking survey may tell you where
you rank but will not help improve position)
b) Thinking there are pre-existing benchmarks to be found
(1) Insist on identifying your own benchmarking partners and finding out from them
what is achievable, and then whether you can achieve a similar level of performance
c) Benchmarking presupposes you are working on an existing process that has been in
operation long enough to have data about effectiveness and resource costs (commencing a
new process, such as a bariatric surgery program, by collecting other organizations'
policies and taking ideas from them, is research, not benchmarking)
d) Not establishing the baseline
(1) Benchmarking assumes you thoroughly know your own process and its level
of performance
e) Not having a code of ethics with partners
(1) Partners should be clear about what you are seeking to learn from them, how
that information will be treated, who will have access to it and its purpose
(2) Ideally have a formal agreement (benchmarking code of practice offered by
the American Productivity and Quality Center provides a useful model)
XVI. Policies and procedures

A. The proper development and maintenance of policies and procedures is a key risk control activity
B. Used as standards for negligence identification
C. Standards of care
1. National
a) Federal laws and regulations
b) ACOG, CDC, OSHA TJC, AMA, AHA
2. State
a) State laws and regulations
3. Local
a) County ordinances
b) Standards of surrounding facilities or practices

4. Facility Level
a) Policies and procedures of the facility
D. General guidelines
1. Must reflect reality
2. Periodic review and update
3. Consistent format
4. Include dates of implementation and all revisions
5. Archive and retain outdated policies
6. Education after implementation and periodically thereafter
XVII. Education
A. An effective risk management program should have a defined education action plan
B. The action plan should address the following areas at orientation and annually
1. Purpose of risk management
2. Components of risk management process
3. Incident reporting process
4. Positive patient relations
5. Applicable federal and state laws
6. Any identified area needing improvement
C. Education strategies
1. Information
a) Warnings and labels
b) Posters
c) Memos
2. Training and education
a) Orientation
b) Annual training
3. Policies and procedures
4. Standardization of processes; order sets
5. Designs to prevent errors; mistake proofing
XVIII. Crisis/adverse event

management A. Management steps
1. Avoid the crisis
2. Management preparation
3. Early recognition
4. Containment
5. Resolution
6. Evaluation; learn from the crisis

B. Crisis management team
1. Education and training
2. Coverage 24/7
3. Support and structure
4. Defined and communicated role
C. Crisis management response
1. Response prioritization
a) Patient and family
b) Staff
c) Organization
2. Media response
a) Set the stage if possible
b) Avoid medical terminology
c) Spokesperson is the face of the organization
d) Be prepared; tell them what you can, when you can
e) Take action
f) Fix the problem
XIX. Safety/environment of care program

A. Safety program history and development
1. Safety programs date back to the 1940s with railroads, mining and shipyards
2. Mandated by federal and state laws
3. Required by private accrediting agencies
B. Benefits of a safety program
1. Controls accidents
2. Reduces injuries to staff and patients
C. Factors that determine type of program:
1. Type and size of the organization
2. Mission, size, range of services
3. Number of employees
4. Accreditations
D. Environment of care program (EOC) in healthcare
1. The environment in which patient care is received and delivered
2. Mission and policy statement
a) Highly visible
b) Overall objective of EOC standards is to define methods/processes for the identification
and management of the inherent safety risks associated with healthcare operations
c) Overall goal is to provide a safe, functional and effective environment for patients, staff and visitors

3. Environment of care committee
a) Membership should be multi-disciplinary including administrative and front-line staff
b) Subcommittees are the workhorse of the safety committee and based on the
Joint Commission primary functions
4. Safety officer
a) Investigate employee injuries
b) Track and trend data
c) Conduct environmental rounds
d) Provide education
5. Joint Commission primary functions
a) Safety and security management: This section addresses risks in the physical environment,
access to security-sensitive areas, product recalls and smoking. The organization must
assure that the buildings and structures used to provide care are constructed, arranged and
maintained to provide a safe environment of patients, staff and others. The organization
has a responsibility to establish and maintain a secure environment.
b) Fire safety: This section addresses risks from fire, smoke, and other products of
combustion; fire response plans; fire drills; management of fire detection, alarm, and
suppression equipment and systems; and measures to implement during construction or
when the Life Safety Code® cannot be met. Drills must be conducted at least once per
shift per quarter in all designated healthcare and residential occupancies.
c) Medical equipment: The organization must assure that medical equipment used in patient
care is safe. A qualified individual such as a clinical or biomedical engineer or other qualified
person must monitor, test, calibrate and maintain medical equipment in accordance with the
manufacturer's recommendations and federal and state laws and regulations
d) Hazardous materials and waste management: The organization must manage hazardous
materials and waste in accordance with federal, state, and local law and regulations.
Risks include hazardous chemicals, radioactive materials, hazardous energy sources,
hazardous medications, and hazardous gases and vapors. The organization must store
and dispose of general waste and medical (bio-hazardous) waste in accordance with
federal, state, and local law and regulation.
e) Utilities management: The organization must assure that essential utilities are provided
and maintained in a safe and effective manner. Essential utility systems include electrical
systems, water and water filtration systems, heating systems, cooling systems, medical
gases, vacuum systems, air handlers, elevators and communication systems.
f) Emergency management and the Life Safety Code® are now located in separate
chapters XX. Hazard Risks

A. Risks attributable to physical loss of assets or a reduction in their value. This domain
traditionally includes insurable risks related to natural hazards and business interruption.
Specific risks can include those related to:
1. Facility management
2. Plant age
3. Parking (lighting, location, security)

4. Valuable
5. Construction and renovation
6. Weather-related events such as earthquakes, windstorms, tornadoes, floods and fires
B. Life Safety Code® (LSC)
1. Purpose: Compilation of fire safety requirements, established by the National Fire
Protection Association (NFPA) and adopted in part by CMS
2. The organization must meet applicable provisions of the NFPA 101 Edition of the Life Safety
Code. (NFPA 101 is a consensus standard widely adopted in the United States. It is
administered, trademarked, copyrighted, and published by the National Fire Protection
Association and, like many NFPA documents, is systematically revised on a three-year cycle.)
3. Statement of Conditions (SOC) must be completed for all buildings that contain housing or
treatment facilities, with the exception of specified "business occupancies" defined in the
code. Completing a SOC, seen by the TJC as an ongoing activity, is an involved,
cumbersome process that must be overseen by someone with an in-depth understanding of
the Life Safety Code® and the organization's buildings. This process is generally a team
effort delegated among the facility's engineers, safety officer, and others.
4. Provisions of the Life Safety Code®
a) Emergency alarm systems
b) Emergency lighting
c) Use of alcohol-based hand cleaners
d) Automatic door-closing devices
e) Exit signs
f) Completion and submission of Basic Building Information (BBI) form that
provides designated patient or resident services
C. Emergency Management
1. The organization must have a plan to address emergencies in accordance with federal, state
and local laws and regulations. Emergency management is the strategic organizational
management processes used to protect critical assets of an organization from hazard risks
that can cause events like disasters or catastrophes (bomb threats, fires, floods, snow
storms, utilities loss of power, loss of communication system, etc.) and to ensure the
continuance of the organization within their planned lifetime.
2. Four steps:
a) Prevention: Establish excellent internal reporting systems
b) Preparation: Develop an effective, comprehensive emergency response plan
c) Implementation/response: Practice the plan so everyone knows the steps and their roles
d) Recovery: Manage the financial, physical and emotional challenges expeditiously
3. Examples of emergency situations:
a) External
(1) Earthquake
(2) Flood
(3) Weather disasters

(4) Landslides
(5) Infectious diseases
(6) War
(7) Mass transit accidents
(8) Structural collapse
(9) Chemical terrorism
b) Internal
(1) Biological terrorism
(2) Bomb threats
(3) Fire
(4) Loss of utilities
(5) Loss of medical gases
(6) Communication system failures
4. Planning and preparation
a) Emergency management planning
(1) Hazard and vulnerability analysis
(2) Incident command system
(3) Emergency operations center
b) Training
(1) Employee support
(2) Drills
c) Participate with local emergency planning councils
d) Seek priority from service providers
e) Review insurance coverage:
(1) Property insurance
(2) Business interruption
(3) Directors' and officers' liability
(4) General, professional and auto liability
(5) Workers' compensation
(6) Aviation
5. Planning and preparation
a) The Joint Commission requires at least two drills annually
b) At least one drill must involve the influx of real or simulated patients
c) Tabletop drill does not fulfill requirement for a biannual drill
d) Each drill should be evaluated with identified concerns addressed appropriately

XXI. Technology Risks
A. Risks typically associated with the use of machines, hardware, equipment, devices and tools, but
can also include techniques, systems and methods of organization. Specific examples include:
1. Risk management information systems (RMIS)
2. Electronic health records (EHR) and meaningful use
3. Social networking
4. Cyber liability
B. Technology in healthcare
1. More sophisticated
a) Pro: Technology will be more efficacious and reliable
b) Con: More errors will likely occur with more complicated equipment in
technology intensive medical specialties
c) Awareness of interfaces with other technology in the system is important
2. Technology advances
a) Electronic medical record
b) Pharmacy robotics
c) IV pumps
d) Bar coding
e) Computerized physician order entry (CPOE)
f) Notebooks
g) Electronic signature
h) Radio frequency identification device (RFID)
i) Robotic arm in OR
j) Computer on wheels
k) Point of care testing
1) Blackberry devices
m) Smart phones
n) Virtual healthcare settings
o) Advanced simulation training
3. Telemedicine: the provision of medical services across distances utilizing the
electronic transmittal of medical information
a) Telemedicine's role in healthcare delivery within in the technology age is critical, but
only one facet of a well-designed healthcare program
b) Telemedicine/telehealth risks:
(1) Practice standards
(2) Financial compliance
(3) Regulatory implications

(4) Lex loci delicti commissi: The state where the injury occurred, or the one with the most
ties to the issues involved, has jurisdiction
(5) Medical malpractice
(6) Data confidentiality and protection
(7) Technical shortfalls
(8) Credentialing
(9) Licensure
4. Risk manager involvement in technology
a) Role, duty and responsibility
b) Fundamental familiarity with technology
c) Involvement in negotiations and decision-making
d) Education for board, medical staff, administration and management
XXII. Human capital risks

A. Risks that refer to the organization's most valuable asset, its workforce, which is an explosive area
of exposure in today's tight labor and economic markets. Included are risks associated with:
1. Employee recruitment, selection, retention, termination and turnover (staffing)
2. Absenteeism
3. On-the-job work related injuries (worker's compensation)
4. Work schedules
5. Fatigue
6. Productivity
7. Compensation of members of the medical and allied health staff
B. Employee at-will doctrine
1. Historically, the employer-employee relationship has been "at will"
a) Absent contract, no fixed term of employment; no minimum length of service
b) Termination by employer for no reason, at any time
c) Employee free to quit, without notice, at any time
2. Erosion of the application has resulted from new statutes and case law
C. Common law exceptions to employment at-will: Wrongful termination in violation of public policy
1. Retaliatory termination (e.g., for refusal to commit an illegal act)
2. Termination for a good cause, for "no reason," but not for a "wrong reason"
3. Constructive discharge, based on intolerable work conditions
D. Federal statutes regarding employment
1. Title VII of the Civil Rights Act of 1964
2. ADA
3. Age Discrimination in Employment Act (ADEA)
4. Sections 1981 and 1983 of the Reconstruction Civil Rights Acts

5. Family and Medical Leave Act of 1993 (FMLA)
6. Equal Pay Act of 1963
7. Military Leave Act (Uniformed Services Employment and Reemployment Rights Act, USERRA)
8. HIPAA
9. OIG Corporate Compliance
10. "Whistle blowers" (qui tam claims; may be sealed pending review by federal agency)
E. Equal Employment Opportunity Commission (EEOC)
1. Federal agency
2. Responsible for receiving and investigating charges of discrimination under Title VII, ADA
and ADEA
F. Management of workplace risk
1. Employment handbook
2. Employee review process
3. Sexual harassment policy
4. Quid pro quo abuse of position of authority by supervisors, executives
5. Hostile work environment: Grounds for employee to quit and to claim constructive discharge
6. Protection against violence in the workplace
7. Hiring guidelines
8. Employee privacy
9. Regulations of wages and working hours
10. Drug and alcohol testing
11. Guidelines for personnel records
12. Employee Polygraph Protection Act of 1988
13. Alternative dispute resolution and arbitration for workplace disputes
14. OSHA
15. National Institute for Occupational Safety and Health (NIOSH)
G. Termination guidelines
1. Voluntary termination
2. Involuntary termination
3. Written employment agreements
4. Collective bargaining agreements
5. Implied employment agreements
6. Potential discrimination claims
a) Insurance coverage for employment related claims
b) National Labor Relations Act and collective bargaining in the healthcare workplace

H. Staffing issues
1. Workplace staffing challenges are associated with liability exposures
a) Staffing levels
b) Need for specific skill sets: nursing, pharmacists, specialty physicians
2. Shortages are affected by:
a) Vacancy rates
b) Turnover
c) Availability in the labor market
3. TIC addresses staffing standards
a) Required staffing patterns
b) Staffing indicators
c) Monitoring of staffing
d) Screening indicators
4. Human resources indicators
a) Nursing care per patient day
b) Use of agency/registry staff
c) Overtime rates
d) Sick time
e) Staff injuries
5. Clinical indicators
a) Adverse drug events
b) Patient/family complaints
c) Injury to patient
d) Length of stay
e) Patient falls
6. Risk management role
a) Provide orientation including chain of command, incident reporting, informed consent,
preservation of evidence
b) Reinforce mission statement and patient safety goals
c) Evaluate staffing patterns and levels
d) Review supplemental staffing contracts (hold harmless and indemnification provisions)
XXIII. Absence and productivity management

A. Overview of human capital risk
1. Key component of Enterprise Risk Management
2. Includes six categories
a) Leadership issues
b) Work processes

c) Employee attraction and selection
d) Absence
e) Employment practices
f) Employment retention
B. The importance of absence
1. Key risk point for healthcare organizations
2. Lack of coordination of managing absence
3. Costs
C. Current trends in absence and productivity management
1. Total health and productivity management and the role of case management
a) Focuses on the impact employee and organizational health have on productivity
b) Goes beyond integrated disability management
c) Specific issues:
(1) Occasional absences
(2) Paid and unpaid leave
(3) Presenteeism: Workers who remain on the job, but are not as productive as usual due
to stress, depression, injury or illness
(4) Salary continuation programs
(5) Wellness programs
(6) Disease management programs
(7) Employee assistance programs
2. Emphasis on work/life balance
D. Overview of absence programs
1. Scheduled and unscheduled absences
2. Incidental absence/sick leave
3. Short-term disability
4. Salary continuation
5. Long-term disability
6. Workers' compensation
8. Paid time off (PTO) program
E. Relationship between absence and productivity
1. Additional staffing
2. Decreased employee morale
3. Poor commitment
4. Increased turnover
F. Productivity challenges in the healthcare industry related to presenteeism

G. Reasons to manage absence
1. Reduced costs
2. Increased employee satisfaction
3. Improved productivity
4. Improved staff morale
5. Organizational alignment
H. Components of an effective absence management program
1. Return to work programs
2. Medical case management
3. Absence reporting
4. Absence tracking
5. Disability prevention
a) Disease management
b) Employee health and wellness programs
c) Safety and accident prevention: Root causes of accidents
d) Employee assistance programs (EAP)
6. Management information
a) Integrated absence management information
b) Vendor partnerships
7. Measuring the costs of absence and productivity
a) Direct costs
b) Indirect costs
c) Disability management costs
I. Assessing the risk
1. Evaluating the organizational culture and how it affects risk
a) Employee surveys
b) Interviews and focus groups
2. Identifying risk points
3. Evaluating potential impact of the absence risks
a) Cost quantification
b) Documentation review
c) Absence cost estimators
d) Absence root cause analyses
e) Claim audits/claims management
f) Pay analyses
g) Absence process reviews
h) Plan/program funding analyses
i) Absence program benchmarking

4. Internal process review: For claim reporting, medical case management and return to work
5. Vendor process review
6. Building the business case to implement changes to mitigate the risks
a) Speak the organization's financial language
b) Establish the cost baseline
c) Establish implementation costs
d) Develop a savings model
e) Offer solutions
f) Process redesigns
g) Policy redesigns
h) Vendor management strategies
i) Claims management strategies
j) Internal communications
k) Return to work programs 1) Safety
and loss prevention strategies m) Disease
management and wellness programs
7. Implementation
a) Organizational support
b) Strategy for success
c) Support of physicians in return to work process
d) Communicate to employees
e) Training
f) Disseminate management reports
g) Measurement
XXIV. Workers' compensation program

A. Overview
1. Provide sure, prompt and reasonable income and medical benefits to work accident victims
2. Provide a single remedy and reduce court delays, costs and workloads arising out of personal
injury litigation
3. Relieve public and private charities of financial drains
4. Eliminate payment of fees to lawyers and witnesses as well as timeconsuming trials and appeals
5. Encourage maximum employer interest in safety and rehabilitation through appropriate
experience rating mechanisms
6. Promote frank study of causes of accidents (rather than concealment)
B. State level
1. Compulsory or elective

2. Compensable injuries
a) Arising out of employment (AOE)
b) In the course of employment (COE)
3. Covered employees: Know state specific definitions
4. Workers' compensation benefits vary from state to state
a) Medical
b) Disability
(1) Temporary total disability
(2) Permanent total disability
(3) Temporary partial disability
(4) Permanent partial disability
c) Rehabilitation
d) Death
C. Risk financing issues
1. Experience rating: A method of adjusting or modifying the employer's premium based
upon the employer's loss history
2. Experience modifier: Employer-specific and measures the employer's loss experience relative
to that of other employers in the same industry, with an experience modifier of 1.0 indicating
the industry average loss experience. A higher-than-average modifier (greater than 1.0)
represents a higher-than-average loss experience and an experience modifier of less than 1.0
represents a lower-than-average loss experience.
3. Commercial insurance programs
4. Residual market coverage: Market coverage for employers that cannot find coverage
in the commercial market
5. Self-insurance programs, including captives, risk retention groups (RRGs)
6. Large deductible programs
D. Contract issues
1. Subrogation: The substitution of one party for another whose debt the party pays, entitling
the paying party to rights, remedies, or securities that would otherwise belong to the debtor
2. Independent contractors
E. Risk control and loss prevention
1. Proactive program; not just reactive
2. Accident prevention plans
3. No retaliation for reporting
4. Violators face disciplinary procedures
5. Accountability
6. Accidents, illnesses and near misses are investigated
7. Feedback on program effectiveness

8. Appropriate equipment
9. Safety orientation and training
E Loss experience information
1. Revised OSHA record-keeping requirements
2. Claims history
3. Accident/illness report analyses
4. Regular reporting of conclusions to the board of directors
G. OSHA bloodborne pathogen considerations
1. Personnel need to be informed of the risks and be familiar with and follow the OSHA
blood-borne pathogens standard
2. Infection can be transmitted from a patient to a staff member or from a staff member to a patient
3. OSHA standard identifies many procedural standards and use of personal protective equipment
H. Federal Needlestick Safety and Prevention Act of 2000
1. Whenever possible, needle-less systems should be provided
2. Safety needle products should always be used in any procedure where they can be
used without adversely affecting clinical care
3. Must indentify, report and trend accidental needle stick injuries, including those that
might occur in the provision of emergency medical services
I. Pre-placement programs (post offer)
1. Drug screening
2. Physical exams
3. Job analyses
J. Post-employment programs
1. Employee assistance programs
2. Employee safety programs
3. Wellness programs
K. Ergonomics
1. Design of work tasks to fit the employee
2. Prevention of cumulative trauma (repetitive motion) disorders
3. Employee focused and management supported
4. Risk management involvement
L. Claims management
1. Proper reserving
2. File handling
3. Litigation management
4. Tracking and trending claims data
M. Reporting process
1. Investigate accident

2. Perform independent medical evaluations
3. Modified duty and return to work
4. Communicate with employee N.
Occupational and environmental risk
1. Risk areas:
a) Workers' compensation payments
b) Employment-related litigation
c) Environmental impairment claims
d) Property damage claims
e) Civil penalties
f) Loss of accreditation
g) Potential criminal actions
2. Regulatory agencies and focuses
a) Department of Labor: OSHA
b) State plans
(1) 34 states as of 2014 https://www.osha.gov/dsg/topics/safetyhealth/states.html
(2) Must be at least as stringent as OSHA regulations
3. OSHA safety standards cover:
a) Asbestos
b) Bloodborne pathogens
c) Cadmium
d) Confined space entry
e) Ergonomics programs
f) Ethylene oxide
g) Formaldehyde
h) Glutaraldehyde
i) Hazard communication standard, a.k.a. Employee's "Right-to-Know Rule"
j) Hazardous waste operations and emergency response (HAZWOPER)
k) Hydrogen peroxide
1) Laboratory standard
m) Lead
n) Lock-out/tag-out standard
o) Mercury
p) Methyl methacrylate
q) Solvents
r) Noise
s) Personal protective equipment

t) Respiratory protection
u) Tuberculosis exposure control (CDC guidelines)
4. Illness exposures not directly addressed by OSHA
a) Electric and magnetic fields
b) Hazardous drugs
c) Indoor air quality
d) Infectious waste handling
e) Laser safety and electrocautery devices
f) Latex sensitivity
g) Molds
h) Video display terminals
i) Waste anesthetic gases
5. Injury exposures not directly addressed by OSHA
a) Compressed gases
b) Flammable liquid/solvent storage
c) Radiation safety
d) Workplace violence
6. TJC issues
a) Safety management
b) Security
c) Hazardous material management
d) Life safety management
e) Emergency preparedness
f) Bioterrorism
g) Equipment management
h) Utilities management
i) Social environment
7. Environmental issues
a) Resource Conservation and Recovery Act of 1976
b) Comprehensive Environmental Response, Compensation and Liability Act of 1980 (CERCLA)
c) Clean Water Act of 1977
d) Clean Air Act of 1963
e) Toxic Substances Control Act (TSCA) of 1976
f) Underground and aboveground storage tanks
g) Asbestos removal
h) Disposal of hazardous waste
i) On-site medical waste incinerators

j) Environmental issues in acquisitions
k) Environmental risk assessments
XXV. Strategic risks

A. Risks that impact the growth of an organization. This domain also includes a broad
spectrum of reputational risks centering on performance expectations related to customer
and community relations.
B. Included are risks associated with:
1. Brand
2. Reputation
3. Competition
4. Failure to adapt to changing times
5. Healthcare reform
6. Customer priorities
7. Managed care relationships / partnerships
8. Conflict of interest
9. Marketing and sales
10. Media relations
11. Mergers and acquisitions
12. Divestitures and joint ventures
13. Affiliations and other business arrangements
14. Vendor/third-party services
15. Contract administration
16. Advertising
XXVI. Contracts
A. A contract is an agreement between two or more persons that creates an obligation to do
or not do a particular thing
B. Contract formation: A bargained-for exchange of promises
1. Offer may be oral or written; some contracts (e.g., land sale) must be in writing
2. Acceptance is clear and unequivocal with regard to intent to accept; not a counter-offer
3. Consideration includes financial commitment or change of legal position
C. Five legal essentials
1. Parties to the contract are competent
2. Contract represents mutual understanding between the parties
3. There is consideration; a bargained-for exchange of legal value exists between the parties
4. Purpose or object of the contract is legal

5. Contract is documented in writing if required for legal enforcement in the state
D. Parties to the contract
E. Performance expectations
1. Use measurable indicators to quantify and qualify the standards for the goods/services
2. Consider federal and state obligations or guidelines
3. TJC standards specify patients should receive the same level of performance for
contracted services that affect patient care services
F Contract terminology: Use of terms should be consistent within the body of the contract
1. Terms and termination: Consider the risks of automatic renewals, termination with or without cause
2. Insurance and indemnification: perhaps the most critical provision for risk management review
a) Consider the possible losses that may arise from the contract performance and specify
the various insurance coverages necessary to pay the claims
b) Ensure that indemnifying parts can satisfy the financial obligations arising from the
indemnification/hold harmless provision
3. Amendments
4. Inspection of books and records
5. Choice of law: It is common, and preferable, to have a provision specifying which state law
will govern the construction and interpretation of the contract
6. Exhibits, schedules and appendices
7. Assignment: Consideration should be given, on a case-by-case basis, as to whether the
contract performance can be assigned to another party
G. Compliance with laws and regulations: Requirements that contracting parties must comply with
applicable laws and regulations (such as having contracted emergency physicians comply with
EMTALA)
H. Alternative dispute resolution: mediation or arbitration of disputes that arise from the terms
and conditions before legal action for breach of contract can be asserted
I. Contractual risk transfer
1. Transferring or assuming financial risk
2. Indemnification or hold-harmless provisions
a) Assign to one or both parties the legal consequences arising from the contract performance
b) Often each party is responsible for its own actions and the indemnifying party
(indemnitor) reimburses the other for losses incurred on behalf of the indemnitor
J. Liability limitations
1. Waiver of subrogation rights: relinquishes insurer's right to recover from the third party; risk
managers should be alert to terms involving workers' compensation carrier's ability to subrogate
2. Insurance requirements
a) Insurance certificates as evidence of coverage
b) Additional insured endorsements
c) Is self-insurance acceptable?
3. Insurer solvency

K. Confidentiality provisions
1. Confidentiality and privacy issues
2. Negligent disclosure
3. Legal counsel for developing sample confidentiality provisions
L. Contract file management
1. Reviewing or filing
2. Insurance certificates and endorsements
3. Tickler system should allow sufficient time to review and negotiate new terms/price prior to
the anniversary/contract effective date
4. Policy and procedure development
a) Who must review?
b) Who may sign contracts?
c) Maintenance of original documents
XXVII. Vendor/Third-party services

A. Services used to augment services and care
1. Personnel services
2. Companion services
3. Hospice
4. Physical, speech, occupational therapy
5. Physician services
6. Plumbing, carpentry, roofing, electrical landscaping
B. Organization requirements for vendor/third-party services
1. Signed contract with proof of current insurance (professional liability, general liability and
workers' compensation) and provisions for confidentiality, indemnification/hold harmless,
terms and termination, description of services, and roles and responsibilities
2. Credentialing and privileging of healthcare professionals
3. Criminal background history check and motor vehicle records check as appropriate
4. Signage, name tags and written documentation indicating independent contractor
5. Independent billing provisions
XXVIII. Mergers, acquisitions and divestitures

A. Overview of types of transactions
1. Merger
2. Consolidation
3. Acquisition
4. Strategic alliance
5. Joint venture

6. Consortium
7. Divestiture
B. Concept of successor liability
1. Stock acquisition: Normally the acquiring company assumes all legal liabilities
2. Asset purchase: Normally there is no transfer of liability
3. Successor liability: The acquiring company can be held liable for the torts of the target
company's previous owners
C. Elements for risk management review
1. Indemnity and insurance provisions
2. Historic claims data
3. Senior management concerns
4. Evaluate exposures to loss:
a) Contractual liability
b) Professional liability
c) Directors' and officers' liability
d) Workers' compensation
e) Property exposures
f) Environmental exposures
g) Excess coverage
h) Fiduciary liability
i) Risk financing program
D. Divestitures
1. Analysis of key variable costs
2. Analysis of impact of the divestiture on remaining insurance program
3. Assistance with data collection for the new owners
E. Due diligence process
1. Objectives
a) Reduce the acquisition purchase price
b) Improve post-acquisition earnings and/or cash flow
c) Improve risk management effectiveness throughout the organization
d) Insulate the organization from unanticipated exposures/costs
2. Key steps
a) Collect the necessary information
b) Analyze the subject organization's exposures to loss
c) Assess its risk financing programs
d) Evaluate its risk management policies and procedures

XXlX. Partnerships, joint ventures and collaborative relationships
A. Overview of the business relationship
1. Partnership
a) Voluntary contract between two or more competent persons
b) Contract is bilateral or reciprocal
c) Mutual participation in the profits
d) Uniform partnership code
e) Jointly and severally liable
2. Joint venture
a) Legal entity engaged in the joint pursuit of a particular transaction for mutual profit
b) Similar to partnerships with respect to parties' rights and responsibilities
c) Relates to a single transaction of a particular kind
d) Likely to be held jointly and severally liable
e) Does not entail a continuing relationship among the parties
3. Collaborative relationship
a) Parties cooperate in an endeavor related to the needs of one or the other or both
b) Scope is more limited than a joint venture
c) Focus on information, skill services or expertise that is valuable for two or more
parties to reach a goal
B. Evaluating potential business partners
1. Due diligence
a) Evaluate pros and cons of the proposed partner and the business structure
b) Facilitate the identification of concerns or opportunities that need to be addressed
prior to consummating the business relationship
2. Site visits
a) Create a foundation for the integration process
b) Allow those who will be working together to get acquainted
c) Allow representatives of the partners to gain an overview of the strategic,
programmatic and operational plans and programs
3. Areas of focus
a) Compliance
(1) Incorporate a compliance assessment
(2) Required by DHHS Office of Inspector General (OIG), CMS and Department
of Justice (DOD
(3) Can be accomplished by legal, financial, compliance or risk
(4) Business arrangements that include significant billing functions should be scrutinized
b) Directors and officer’s coverage
(1) It is imperative that all partners have coverage for their officers and board members

(2) It may be necessary to increase coverage during business development
(3) Carriers should be put on notice of intent to acquire, merge or form a joint venture
or partnership
(4) In the absence of adequate capacity, organization should consider altering terms
of coverage
(5) Partners with insurance should insist on coverage with terms similar if not identical
to their own coverage
c) Document review
(1) Minutes of the board and board committees, executive committees,
finance committees and other governing bodies
(2) Annual audit letter from the accounting firm
(3) Annual legal audit letter or assessment to determine the status of current
litigation, insured and uninsured
(4) Loss runs and complaint logs
(5) Reports from accreditation surveys and licensing bodies
(6) Key contracts (contracted physicians, outsourced services, etc.)
(7) Key policies (EMTALA compliance, sentinel events, etc.)
d) Environmental assessment: evaluate hazards and insurable exposures
e) Errors and omissions or fraud and abuse
(1) Scrutinize business relationships that include billing
(2) Explore current coverage provisions for fraud and abuse, billing irregularities,
and alternatives for future insurance coverage
f) General liability
(1) Determine a source of coverage
(2) Assess the cost of tail insurance
(3) Compare the scope of tail insurance with current coverage
g) Product liability
(1) Involves the sale of products
(2) Product liability provisions of comprehensive general liability should be analyzed
h) Professional liability
(1) Loss experience should be explored to assess alternative for managing prior liabilities
(2) Identify if reserves are adequate for past
liabilities (a) Property coverage
(3) Assess the likely extent of revenue and income loss if damage is caused by fire
or extended perils
(4) Assess the new location for the potential of catastrophic loss
(5) Explore pricing for a freestanding policy should be explored
j) Workers' compensation
(1) Ident ify if reserves are adequate if partners are self -funded
EALTHCARE OPERATIONS Domain 47

(2) Document excess insurance and third party claims administration agreements
(3) Evaluate the run-off provisions of the insurance contract or self-insurance mechanism
k) Report out: Meeting where all disciplines involved share findings
C. Developing the business structure
1. Proposed antitrust guidelines for collaborations among competitors
a) Federal Trade Commission and DOJ guidelines
b) Competitor collaboration: set of one or more agreements between or among competitors
to engage in economic activity and the resulting economic activity
c) Collaborative agreements are subject to two types of analysis
(1) Proposed analysis is applied to agreements that are likely to harm competition and
have no significant competitive benefit
(2) Rule of reason seeks to determine the overall competitive effect of the agreement
2. Insurance coverage
a) Preservation of tax—exempt status
b) Operations closely controlled by the parent
c) Are the new operations closely linked or interconnected to those of the parent?
d) Will a litigation buyout for certain claims or loss portfolio transfer on group claims be
necessary?
e) Breadth of available coverage from insurance must be evaluated
3. Contracting
a) Develop strong relationships with those who will be developing and finalizing the
documents for the new business
b) Identify potential risks being assumed
D. Managing day-to-day operations
1. Requires risk management support
2. Safety protocols should be expanded
3. Management of exposures
300C Advertising liability

A. Trademark and copyright protection: advertisements should be copyrighted
B. Regulatory implications of healthcare advertising practices
1. FTC may take action whenever there is false advertising
2. False advertising might be proven if there is no competent and reliable scientific evidence to
support the claims made
3. Contract and estoppel claims
a) Contract claim arises when one of the parties does not fulfill its part of the agreement
b) Estoppel applies when there would usually not be a contract between two parties, yet one
party relies on information supplied by the other party to determine what each party should
do or not do
C. Liability
1. Quality of care
2. Vicarious liability
3. Ostensible agency
4. Are promises concerning quality "put on paper"?
D. Managing advertising liability exposures
1. Know the standards related to healthcare advertising
2. Know the organization's marketing philosophy
3. Partner with the marketing director
4. Review proposed advertising initiatives
5. Avoid statements about success rates or outcomes
6. Avoid creating ostensible/apparent agency relationships
7. Avoid vicarious liability
8. Avoid representations about high quality
9. Meet the organization's corporate integrity standards
10. Have adequate advertising insurance coverage

REVIEW QUESTIONS
Mark your answers and then compare them with the answers explained below.
1. The ultimate goal of Enterprise Risk Management is to:
A. Map all risks that the organization faces
B. Develop highly-specialized functional silos to manage specific risks
C. Optimize risk financing and mitigation strategies
D. Identify and measure all risks faced by the organization
Answer: C
Answer B is wrong as it is the opposite of the ERM goal to eliminate traditional risk silos.
Answer A sounds good, but risk mapping is only one of several tools used in ERM.
D sounds attractive, but answer C mentions risk financing, which makes it the best answer.
2. For a risk management program to be effective, it needs which of the following?

1. Organizational commitment
2. Visibility and access
3. Physician acceptance or understanding
4. Complete authority
A. 1 and 2 only
B. 1, 2 and 3 only
C. 2, 3 and 4 only
D. All of the above
Answer: B
Complete authority is not a necessary element of a risk management program, so neither C nor D can be the right
answer. Physician acceptance is a necessary element so B must be the right answer.
3. A growing healthcare organization had a risk manager who did not have any staff and reported
to the director of nursing, who reported to the chief operating officer. The risk manager
presented information to the employees, and the information was filtered upward through
senior management. The risk manager knew changes needed to be made due to the growth of
the organization. One additional staff member was added, and a personal computer was
purchased for the department. Although this scenario represents some changes designed to
address the issues related to growth, the major flaw in this organization was:
A. There was no direct involvement of the board in the risk management program
B. Not enough employees were added to the risk management department
C. Not enough computers were added to the risk management department
D. The computer should have included incident tracking software
Answer: A
The correct answer can only be inferred from the information given. It is not possible to tell. The number of
FTEs or the number of computers is correct for the organization or not because no information about the size
or complexity of the organization is given. D is a possibility, but the fact that the risk manager presents
information that is then 'filtered upward" is a clue that answer A is correct.

4. The risk management professional must work closely with the media for which of
the following reasons?
1. To protect a celebrity's identity
2. To protect divulging the truth
3. To protect the confidentiality of a situation
4. To protect the identity of a patient in protective custody
A. 1, 2 and 3 only
B. 2, 3 and 4 only
C. 1, 2 and 4 only
D. 1, 3 and 4 only
Answer: D
Options 1, 3 and 4 all sound feasible but option 2 is clearly not right. Answer
D is correct as it includes all the right answers and leaves 2 out.
5. To have a successful quality improvement process, a risk management program must

have which of the following?
1. An autocratic management style
2. Interactive multidisciplinary teams
3. A mindset that most problems are caused by processes
4. Full support of senior management
A. 1, 2 and 3 only
B. 2, 3 and 4 only
C. 1, 2 and 4 only
D. 1, 3 and 4 only
Answer: B
Certainly option 1, an autocratic management style, is not right. Answers
A, C and D all contain option 1 so only answer B can be right.
6. Ultimately, the accountability for the risk management program belongs to the:
A. Risk manager
B. Chief executive officer
C. Corporate attorney
D. Board
Answer: D
The board (or governing body) has ultimate accountability for both risk management and the quality of care. The others
(A through C) all report to someone else, and although they may be held responsible in some way, the ultimate
responsibility and accountability rests with the board.

7. When a FDA inspector comes to a facility, the risk manager should:
1. Accompany the inspector
2. Not keep a log of the visit
3. Tell no one the inspector is in the facility
4. Ask to see the inspector's credentials
A. 1 and 4 only
B. 2 and 3 only
C. 1, 3 and 4 only
D. All of the above
Answer: A
No correct answer could contain options 2 or 3 as they are wrong. A log of the visit by the FDA should be
kept, and senior management should be notified that an FDA inspector is in the facility. All the answers
contain options 2 and 3 except A; it is the right answer.
8. Generally, an "incident" is defined as:

1. Any happening which is not consistent with the routine delivery of care or operation
of the organization
2. Any adverse event
3. Any adverse event that results in injury to a person
4. Any happening that produces an undesired effect
Answer: A
Adverse event, undesired effect or injury is not required for an incident to occur.
9. It is important to protect the discoverability of incident reports. Which of the following have
significant impact on whether the reports are discoverable?
1. Joint Commission/TIC standards
2. State statutes
3. Federal statutes
4. Case law
A. 2 and 3 only
B. 2 and 4 only
C. 2, 3 and 4 only
D. All of the above
Answer: C
In order to protect the confidentiality of the incident report, several approaches can be taken: provide protection
under state/federal statues regarding quality assurance and/or peer review activities, or provide protection under
the attorney/client privilege, also referred to as work product protection. Local and state case law also affects
discoverability of incident reports. TIC standards would not have impact on whether incident reports are
discoverable.

10. To maintain confidentiality of an incident report:
1. Send the incident report directly to risk management
2. Never make the incident report part of the medical record
3. Never mention the facts of the incident in the medical record
4. Maintain the original in the risk management office and a copy in the originating department
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: A
To maintain confidentiality, the original report should be sent to the risk manager immediately upon
completion. Copies should never be made, and the report must never be made part of the medical record.
The facts of the incident should be included in the medical record.
11. If a practitioner requests a telemedicine consult with another practitioner in a different

state, the consultant:
A. Must possess a valid medical license from his own state since reciprocity is granted in all states
B. Must possess a valid medical license from the requesting physician's state since reciprocity is
not granted in all states
C. May need to possess a valid medical license from the requesting physician's state since reciprocity
varies from state to state
D. Must obtain a temporary license from the requesting physician's state
Answer: C
Reciprocity requires the authorities of each state to negotiate and enter agreements to recognize licenses issued by
the other state without a further review of individual credentials.
12. Which of the following are risk treatment strategies?

1. Risk anticipation
2. Risk avoidance
3. Risk retention
4. Risk transfer
A. 2 and 3 only
B. 1 and 4 only
C. I, 3 and 4 only
D. 2, 3 and 4 only
Answer: D
Risk management treatments refer to the range of choices available to the risk manager in handling a given risk. There
are two major categories that include risk control and risk finance. Risk control strategies include risk avoidance, loss
prevention, loss reduction, segregation of loss exposures and contractual transferfir risk contra Risk financing strategies
include risk retention and risk transfer. Risk anticipation is not a risk management treatment strategy

13. A risk manager should review which of the following information when considering
the effectiveness of an organization's workers' compensation program?
1. Workers' compensation claims history
2. OSHA 300 log
3. Listing of all employees and volunteers
4. Directors and officers of the organization
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: A
Workers' compensation claims history and the OSHA 300 (injury log) specify the frequency, severity, and
amount of injuries an organization sustains, and the claims history identifies the resultant losses due to
injuries. This data would provide quantifiable information to assess program effectiveness.
14. If there is no OSHA standard for a given potential health hazard:

A. OSHA has no authority to govern it
B. OSHA may have the authority to govern it under the general duty clause
C. OSHA does not have authority to govern it, but NIOSH may
D. It is probably not a health concern
Answer: B
OSHA has the authority under the general duty clause to require an employer to furnish each employee
employment and a place of employment that is free from recognized hazards that causes or could cause death
or serious physical harm to employees.
15. Protecting outdoor air intakes can mitigate the risk of terrorists introducing airborne
agents into a facility. Steps to accomplish this include:
1. Relocate intakes to a rooftop or higher up on the building
2. Establish a security zone around the intakes
3. Add lighting and surveillance cameras to monitor the intakes
4. Implement negative ventilation throughout the building
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: C
Applying negative ventilation will not deter a terrorist attack via airborne agents. The agent could be
introduced within the facility and negative pressure would move the agent through the facility before
expelling it and thus exposing the general population to the airborne agent. Protecting the outdoor air
intakes where airborne agents can be introduced into your facility is accomplished by relocating

them, redesigning them to minimize public accessibility (the higher on the building the better), and/or
establishing a security zone around the intakes.
When accompanied by appropriate security surveillance (additional security lighting, surveillance camera and
security patrols), harmful activity is deterred or detected earlier to minimize resulting harm.
16. An original contract should include which of the following elements?

1. The effective date
2. The amendments
3. The insurance requirements
4. The contract terms
A. 1 and 2 only
B. 1 and 4 only
C. 1, 2 and 3 only
D. 1, 3 and 4 only
Answer: D
A contract is an agreement, involving an offer (terms), the acceptance of the offer and an exchange of
consideration. There may or may not be amendments to the agreement (contract).
17. Which of the following clauses is "the voluntary relinquishment by the insurer
or self-insurer of the right to recover from a third party"?
A. Hold harmless clause
B. Indemnification clause
C. Waiver of subrogation rights clause
D. Contractual risk clause
Answer: C
A waiver of subrogation rights relinquishes the insurer's right to recover from a third party.
18. Which of the following is necessary for a contract to exist?

1. The contract represents a "meeting of the minds"
2. There is a consideration of "this for that"
3. The purpose of the contract is a legal one
4. The contract is documented in writing
A. 1 and 2 only
B. 1, 2 and 3 only
C. 1, 3 and 4 only
D. All of the above
Answer: B
A contract is an agreement either written or oral, involving an offer, the acceptance of the offer and an
exchange consideration. The agreement must be legal in order to be enforceable.

19. A health maintenance organization (HMO) advertises itself as the best in the industry
and that its physicians can manage any illness or injury. If a patient uses the HMO
based on these claims and is subsequently injured, the patient might sue the HMO.
Which of the following might be appropriate grounds for such a suit?
1. Breach of contract
2. Vicarious liability
3. Apparent agency
4. Medical malpractice
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 3 only
D. All of the above
Answer: D
Generally a patient's freedom to choose a physician is limited by the HMO. Patients who are injured by an
HMO physician may argue that they would never have been subjected to the injury (medical malpractice) if
the HMO had more carefully screened its providers. In this case, the HMO specifically advertised the
exceptional quality of its physicians.
The courts often look at advertising materials that imply that, in spite of the independent contractor status of
the physician, the physician was held out or represented as an employee. Such an advertisement could lead a
"reasonable" patient to believe the physician was an agent of the HMO and to rely upon this repres entation
when choosing a physician, thereby creating an ostensible or apparent agency r elationship.
A breach of contract occurs when the HMO guaranteed or promised that its physicians could manage any illness or
injury. When the promised result does not occur, the patient has grounds to assert a breach of contract.
20. The due diligence process is a complicated, multi-faceted process undertaken when acquisitions
are being considered. Which of the following are objectives of the due diligence process?
1. Reduce the purchase price
2. Improve post-acquisition earnings
3. Increase the "bank book" value of the company
4. Insulate the organization from unanticipated costs
A. 1 and 2 only
B. 2 and 4 only
C. 1, 2 and 4 only
D. 2, 3 and 4 only
Answer: C
Due diligence is undertaken by the acquiring organization in order to completely assess the risks and
strengths of the company to be acquired. The final offer should be based on findings of the due diligence
findings. Increasing the book value of the company would in all probability increase the asking price and
would not be a goal of the acquiring company.

21. During disasters, either external or internal, staff must not only take care of patients but
also worry about requests from the media. In order to minimize risks associated with such
events; a complete policy for media contact should include which of the following?
1. Contact the corporate attorney
2. Designate a spokesperson
3. Obtain consents from those who are to be photographed or interviewed
4. Provide guidelines about release of information to the media
A. 2, 3 and 4 only
B. 1, 2 and 3 only
C. 1, 3 and 4 only
D. 1, 2 and 4 only
Answer: A
There is no need for the corporate contact person to be an attorney; generally the healthcare spokesperson is
from the public relations or communications departments. T here should be a designated spokesperson that
is familiar with the guidelines regarding what information may be released to the media and has worked
with facility leadership to develop a media disclosure plan.
Having one spokesperson develop a relationship with media contacts can create an effective rapport between the healthcare
facility and the media and supports a professional and consistent message to the public.
Notes

Notes

CLINICAL/PATIENT SAFETY
Domain
ASHRIVI Preparation Guide for the CPHRM Examination 59

Clinical/Patient Safety Domain
1. Identify the clinical areas that provide the greatest risk exposures in healthcare
2. Discuss the importance of having a patient safety infrastructure to support a patient safety program
3. Explain the Just Culture concept and its impact on reporting patient safety events
4. Describe the components of a high reliability organization
5. Summarize the concepts behind the study of human factors engineering
6. State the healthcare entities subject to the national patient safety goals
7. Identify the primary organizations that influence patient safety initiatives in healthcare
8. Discuss the value of patient and family participation in patient safety
9. Summarize the components of a successful disclosure
10. Summarize the concepts of the "Second Victim Phenomenon"
11. Describe steps to implement programs to support healthcare workers involved in serious harm
events
KEY TERMS
Important terms and definitions relevant to this domain
Accountable Care Organizations (ACOs) — Groups of doctors, hospitals, and other healthcare
providers, who come together voluntarily to give coordinated high quality care to their Medicare
patients. The goal of coordinated care is to ensure that patients, especially the chronically ill, get the
right care at the right time, while avoiding unnecessary duplication of services and preventing medical
errors.
Adverse event — Negative or bad result stemming from a diagnostic test, medical treatment or
surgical intervention; an injury resulting from a medical intervention.
Critical incident stress debriefing — A facilitator-led group process conducted soon after a
traumatic event with individuals considered to be under stress from trauma exposure. Source:
https://wwvv.osha.gov/SLTC/emergencypreparedness/guides/critical.html
Data mining — A process that provides the methodology and technology to transform data into
useful information for decision making.
Disclosure — Communication of information regarding results of a diagnostic test, medical treatment
or surgical intervention.
Failure mode effects analysis or criticality analysis (FMEA or FMECA) —A proactive, systematic
assessment used to identify the steps of a process that may be subject to failure in order to design
measures to either prevent or control such failures. If a criticality phase is used in this process, the
perceived level of criticality of each type of potential failure is identified, to aid in setting priorities for
establishing control mechanisms.
Heuristic — Refers to experience-based techniques for problem-solving, learning and discovery that
find a solution which is not guaranteed to be optimal, but good enough for a given set of goals. Where
the exhaustive search is impractical, heuristic methods are used to speed up the process of finding a
satisfactory solution via mental shortcuts to ease the cognitive load of making a decision. Examples of
this method include using "rule of thumb" or "educated guess."

Hospital acquired conditions (HAC) — Section 5001(c) of Deficit Reduction Act of 2005
requires the Secretary of Health and Human Services to identify conditions that are: (a) high cost
or high volume or both, (b) result in the assignment of a case to a DRG that has a higher payment
when present as a secondary diagnosis, and (c) could reasonably have been prevented through the
application of evidence-based guidelines.
High-reliability organizations — Organizations with systems in place that are exceptionally
consistent in accomplishing their goals and avoiding potentially catastrophic errors.
Human factors — The interrelationship between humans, the tools they use and the environment
in which they work.
of a particular patient. Examples: A union strike, a criminal act such as a homicide, or a physical
Latent error — Errors in the design, organization, training or maintenance that lead to operator
errors and whose effects typically lie dormant in the system for lengthy periods of time.
Organizational culture — Set of values, guiding beliefs or ways of thinking shared among
members of an organization.
Ostensible agency doctrine — The doctrine of ostensible agency, sometimes referred to as apparent
agency, permits a finding of liability on an organization where there is the appearance of an employment
relationship with an independent contractor. For example, in the absence of employer-employee relationship,
a managed care organization (MCO) may still be held vicariously liable for the acts of provider physicians if
the patient had a reasonable belief that the physician was the MCO's agent and that this belief was based
upon representations made by the MCO to that effect. The burden is on the plaintiff to prove that he or she
detrimentally relied on the fact that the MCO held the physician out as its agent.
Patient Safety Organization (PSO) — The Patient Safety Act and the Patient Safety Rule
authorize the creation of PSOs to improve quality and safety through the collection and analysis of
aggregated, confidential data on patient safety events. This process enables PSOs to more quickly
identify patterns of failures and develop strategies to eliminate patient safety risks and hazards. The
Act extends confidentiality and privilege protections to eligible information developed by providers
for reporting to a PSO (but not to information developed for other purposes), deliberations and
analyses conducted by either a PSO or a provider in its respective patient safety evaluation system
(PSES) and information developed by a PSO for the conduct of patient safety activities.
Root cause analysis — Multi-disciplinary study or analysis that uses a detailed, structured
process to examine factors contributing to a specific outcome (e.g. an adverse event). Also, a
process for identifying the basic or causal factors that underlies variation in performance,
including the occurrence or possible occurrence of a sentinel event.
Restraint — Any manual method, physical or mechanical device, material, or equipment that
immobilizes or reduces the ability of a patient to move his or her arms, legs, body, or head freely; or
a drug or medication when it is used as a restriction to manage the patient's behavior or restrict
freedom of movement and is not a standard treatment or dosage for the patient's condition. A
restraint does not include devices that involve the physical holding of a patient for the purpose of
conducting routine physical examinations or tests, or to protect the patient from falling out of bed,
or to permit the patient to participate in activities without the risk of physical harm. Source: CMS-42
CFR (Code of Federal Regulations) 482.13(e)
Safety culture — Culture of safety emphasizes blameless reporting, successful systems, knowledge,
respect, confidentiality and trust; a culture that looks at the system, the environment, the knowledge,
the workflow, the tools and other stressors that may affect provider behavior.
CLINICAL/PATIENT SAFETY Domain 61

Seclusion — Involuntary confinement of a patient alone in a room or area from which the patient is
physically prevented from leaving. Seclusion may only be used for the management of violent or self-
destructive behavior. If a patient is free to leave a time out area whenever the patient chooses, this
would not be considered seclusion based on this definition.
Sentinel event — Any unexpected occurrence involving death or serious physical or
psychological injury, or the risk thereof.
Telemedicine/tele-health — The use of telecommunications to provide medical information and
services. Also, the provision of health care consultation and education using telecommunications
The Joint Commission (TJC) — Voluntary nonprofit accreditation body that sets
standards for healthcare organizations and conducts education programs and a survey
process to assess organizational compliance.
OUTLINE
I. Looking for Risks in All the Right Places — High Risk
Areas A. Obstetrics
1. Common risks and areas of concern
a) Failure to identify fetal status
b) Failure to timely perform a cesarean section
c) Administration of oxytocin
d) VBAC (vaginal birth after cesarean)
e) Uterine rupture
f) Massive transfusion protocols
2. Typically the area of highest severity losses that warrants risk management attention and
resources
3. For more than 25 years, obstetrics has been one of the leaders in severity of
professional liability claims
4. American College of Obstetricians and Gynecologists (ACOG), Association of Women's
Health, Obstetric and Neonatal Nurses (AWHONN and American Academy of
Pediatrics (AAP) (provide authoritative guidelines for safe practice)
5. Documented evidence of training and ongoing competency with fetal monitoring strip
interpretation and unit policies/protocols are essential
6. Claims data findings
a) Primary clinical issues in obstetrics claims are a neurologically impaired baby, stillbirth
and/or neonatal death, and shoulder dystocia-related injuries.
b) Hospital-based treatment such as fetal monitoring and oxytocin administration
are significant factors in these types of claims

7. Mean length of time from filing of an obstetrics claim involving neonatal harm to
resolution is four to seven years; some cases may take longer
8. Key components of safety initiatives on obstetrical units
a) Measuring the safety culture on each labor and delivery unit
b) Changing the culture to be more patient safety-oriented
c) Implementing team training programs
d) Standardizing key clinical protocols and physician orders based on professional
standards, guidelines and latest evidence
e) Promoting a common understanding of fetal monitoring and expectations for
interventions when the fetal heart rate (FHR) patterns are non-reassuring through
interdisciplinary education and certification
f) Establishing professional standards for accountability and appropriate follow-up
B. Emergency Department
1. Common risks
a) Medical evaluation and transfers
b) Errors in diagnosis
c) Communication issues
d) Ostensible agency
e) Workplace violence
f) Weapons and contraband
2. Compliance with provisions of Emergency Medical Treatment and Labor Act (EMTALA)
for medical screening examinations, logs, patient transfers, etc.
3. Some of the most common high-dollar failure to diagnosis cases involve myocardial
infarction, chest pain, appendicitis, abdominal conditions or meningitis
4. Communication issues are frequently seen in ED claims as either a central claim or as a
contributing factor
5. Patient/provider communications related to obtaining adequate medical history and
providing understandable discharge instructions are key areas of exposure
6. Ostensible agency (shifting responsibility for independently contracted providers care to the
organization) is a concern in the ED setting
7. ED is an environment of controlled chaos and rapid decision-making susceptible to error
a) Adverse events that lead to malpractice claims occur sporadically, often without pattern
in individual institutions, but aggregate national data are available and instructive
b) While true emergency conditions are limited in number, to prevent poor outcomes and
later litigation, it is imperative for ED physicians to approach all patients as though they
possess an emergent condition
C. Surgical Services
1. Common risks
a) Retained procedural item
b) Misidentification of the patient or the operative site
c) Inadequate preoperative evaluation

2. Standard of care guided by the American College of Surgeons (ACS) and the Association of
Perioperative Registered Nurses (AORN)
3. Informed consent doctrines
4. Safe Medical Devices Act of 1990 applies to many practices in the operating room, such
as implanted devices
5. Physical infrastructure
a)Dedicated elevators
b) Dedicated power sources
c) Dedicated gas and vacuum sources
d) Dedicated air flow system
e) Fire management
6. Techniques to promote accurate site identification to avoid wrong-site surgery emphasized by
The Joint Commission (TJC), World Health Organization (WHO) and Institute of Medicine
(TOM)
7. Infection control practices are a significant patient safety issue affecting operating rooms directly
a) Infection control risk assessment (ICRA)
b) Sterile processing
c) Safety walk-throughs
d) Sterile technique
e) Needle stick/sharp-related injuries
8. Legal theory of res ipsa loquitur ("the thing speaks for itself") is often evident in lawsuits
stemming from retained instrument/sponges
9. Adequate preoperative evaluation
a) Physicians and nursing staff must be clear about what constitutes timely and
adequate preoperative history and physical
b) Pre-operative checks
c) Patient participation
d) Verification checklist
e) Time out
10. External disaster plan
11. Security
a) Traffic control in the OR is important for patient safety
b) An identification process should be in place that prevents unauthorized access to restricted areas
c) Exterior doors should be secured and video surveillance should be used in appropriate areas
12. Reduction of staff-related risk
a) Staff privileges/job descriptions should reflect current technology
b) Contract personnel

c) Communication
d) Vendor-employed equipment representatives
13. Other factors that contribute to surgical errors
a) Unusual equipment or set-up in the surgical suite
b) Staffing problems
c) Distractions
d) Lack of access to pertinent information
e) Failure to require adherence to verification processes
f) Failure to verify and mark the operative site
g) Failure to require a patient assessment
h) Human factors, such as communication breakdowns, novice providers and lack of teamwork
14. Outpatient surgery
a) Common risks
(1) Anesthesia
(2) Failure to properly intubate the patient
(3) Moderate sedation
(4) Patient care responsibilities
(5) Appropriate case selection for outpatient surgery
b) Procedures performed must not exceed the scope of what can be provided or supported in
the outpatient setting (Accreditation Association for Ambulatory Health Care - AAAHC)
'D. Anesthesia
1. American Society of Anesthesiologists (ASA) and the American Association of Nurse
Anesthetists (AANA) prescribe standards of care
2. Biomedical preventive maintenance agreements for anesthesia equipment should be current
and readily available
3. Failure to properly intubate the patient
a) Provider experience
b) Ongoing competency
c) Credentialing
4. Moderate sedation
a) Privileges should be developed and practitioners should be educated on patient selection
criteria, pharmaceutical issues, proper monitoring, necessary equipment, oximetry
monitoring and crash carts
5. Patient care responsibilities
a) State laws governing supervision of certified registered nurse anesthetists (CRNAs)
b) Documented equipment checklist for every anesthesia case
c) Use of and response to alarms

E. Intensive Care Units
1. Common risks
a) Medication administration
b) Use of monitoring alarms
c) Medical management with multiple providers
d) Electronic intensive care unit (eICU)
2. Medication misadministration
a) Volume of medications ordered
b) Computerized physician order entry
c) Limitations on accepting verbal orders
d) High-alert medications
e) Dosage miscalculations
f) Dispensing machine errors
g) Process work-arounds
3. Use of monitoring alarms
a) Proper parameters
b) Effectiveness
4. Medical management involving multiple providers
a) Use of intensivists/tele-intensivists
b) Chain of command
c) Clear communication protocols
5. ICUs are error-prone
a) Complexity of the environment
b) Presence of multiple caregivers
c) High number of interactions among caregivers
d) Technology overload
6. High stress, high complexity and staff diversity of ICU environments can cause distractions,
miscommunications and fatigue leading to mistakes, errors and adverse events
7. Human factor errors
a) Skill-based errors include slips and lapses
b) Rule-based errors are actions that match intentions but do not achieve their intended
outcome due to incorrect application of a rule or inadequacy of the plan
c) Knowledge-based errors are due to knowledge deficits
8. Common ICU adverse events
a) Medication and/or intravenous (IV) errors
b) Events during transport outside the ICU or transfer of care (handoffs)
c) Injuries associated with airways and/or ventilator use

d) Central catheter-related complications
e) Infections (e.g., catheter-related blood stream infections (BSI), ventilator-
associated pneumonias (VAP))
f) Failures to rescue/intervene in a timely/appropriate manner to worsening condition
9. Telemedicine
a) Electronic ICU (eICU): centralized intensivist monitoring critically ill patients in multiple
ICUs or off-site ICUs
F. Pediatrics
1. Common risks
a) Appropriate services and equipment
b) Skill of clinicians
c) Child abuse
d) Patient safety
e) Abduction
2. American Academy of Pediatrics (AAP) provides guidelines for safe practice
3. Pediatric patients are one of the most vulnerable populations cared for by health care
professionals
4. Age-specific competencies of providers are required by TJC, other state and federal agencies,
and non-regulatory associations
5. Facilities find it necessary to transfer pediatric patients to referral centers when they do
not have necessary supplies, equipment or skilled practitioners to care for the patient
6. Child abuse and neglect reporting vary by state; laws have been enacted in every state and
statutes exist in many states with specific reporting requirements comprising sexual, physical
and emotional abuse (healthcare providers are mandatory reporters of child abuse or
suspected child abuse)
7. Patient safety programs focus on techniques to reduce medication errors
a) Dosage calculation
b) Patient weight and body surface area
c) Patient age
d) Allergies
e) Drug interactions
f) Medication dilution/strength
8. Infant/child abduction and patient elopement
a) Abductors more likely to be non-custodial parents or other family members known to
the staff, rather than a stranger
b) Risk managers must work with safety and security, as well as clinical staff, to
determine vulnerabilities and what can be done to minimize or alleviate them
c) Basic issues that should be examined
are (1) Access to and from the facility

(2) Methods to control and secure entrances such as proximity card readers
(3) Video surveillance
(4) Staff and parent/visitor identification
(5) Patient identification band products that alert staff if the patient leaves a designated
area
(6) Specific infant/child abduction policy and procedure that is routinely practiced and
includes follow-up on identified gaps
G. Behavioral Health and Psychiatry
1. Competence and informed consent (right of refusal)
2. Suicide and homicide prevention
3. Outpatient psychiatric environment
4. Freedom from unreasonable restraint/seclusion
a) Physical restraints
b) Chemical restraints
c) Addressed in the CMS Conditions of Participation (CoPs)
5. Psychopharmacology
6. Polypharmacy
7. Electroconvulsive therapy (ECT)
a) Informed consent
b) Clinical assessment
c) Health history and medical clearance
d) Intraprocedure and post-procedure monitoring criteria
e) Management of medical emergencies
f) Documentation
8. Environmental risks
a) Clinical monitoring protocols that address the duty to warn
b) Contraband controls
c) Physical plant controls
d) Visitor controls
9. Elopement prevention
10. Confidentiality of sensitive information
11. Access to behavioral health records
12. Addiction/substance abuse therapies
13. Research and experimental treatments
14. Abuse risks
a) Alleged abuser-abused
(1) Patient-patient
(2) Staff-patient

(3) Visitor-patient
(4) Visitor-staff
b) Types of abuse
(1) Sexual
(2) Physical
(3) Verbal
(4) Emotional
15. Voluntary and involuntary admissions
16. Patient Bill of Rights: Title 42, Chapter 102, Section 9501
17. Complaint/grievance process
18. Professional competence a)
Licensed and unlicensed staff
H. Radiology Services
1. Management and avoidance of contrast media reactions or extravasation
a)Patient screening
b) Technologist's competencies
c) Immediate treatment
2. Failure to diagnose
3. Preliminary and confirmatory readings (over-readings)
4. Radiation exposure
5. MRI safety
6. Anesthesia and monitoring of patients who receive anesthesia
7. Telemedicine
8. Credentialing
9. Medical record documentation
I. Home Health Services
1. Services comprise distinguishing features
a) Care is provided in the home
b) Providers are supervised indirectly
c) No control over the setting in which patient care is provided
d) Cognitive understanding of disease state, home instructions, medications, etc. of
patient/ caregiver has significant impact on patient outcome
e) Strong reliance on patient and caregiver's compliance
f) Use of technology traditionally used in the hospital setting or emergence of new
technology designed for in-home use that requires training or familiarity
g) Unpredictable level of compliance that can be expected from the patient and family
or friends who care for patients on a daily basis
h) Unique workers' compensation exposures such as safety and security of the caregivers

2. Admission criteria are commonly based on:
a) Whether the environment is conducive to compliance with the care plan
b) Whether the necessary support caregivers are available
c) Whether competent staff is available
d) Safety and security of the home environment
e) Admission process
f) Patient referral
g) Medicare entitlement for home health care
h) Denial of admission
i) Informed consent/refusal
3. Termination/withdrawal of home health services
a) Clear objective parameters to continue in home health setting should be reviewed when
patient is admitted
b) Examples of situations involving termination of home health services
(1) Verbal/physical abuse (elder abuse/neglect reporting)
(2) Noncompliance
(3) Unsafe environment
(4) Refusal of visits
4. Confidentiality/privacy
5. Medical equipment
a) Durable medical equipment (DME) may be provided by independent contractor/agency
b) Contract for DME
c) Written procedures for reporting in accordance with Safe Medical Devices Act (SMDA)
d) Document family/patient training, preventative maintenance program and safety checks
6. Medication and infusion therapy
a) Safe medication administration for patients
b) Concerns regarding drug diversions by caregivers
7. Withholding care and other end-of-life issues
a) Hospice services focus on providing care to the terminally ill patient and the patient's family
8. Cultural issues
9. Transporting patients
10. Infectious/hazardous waste management
11. Emergency preparedness
12. Incident identification and reporting
13. Departments of health, departments of children and families, Food and Drug
Administration reporting

14. Medical record documentation
15. Contracts, fraud and abuse concerns
J. Physician's Office Setting
1. Examples of risk management areas of interest
a) Professional staff
(1) Licensure
(2) Training and certification
(3) Locum tenens and agency staff
(4) Anti-kickback issues
b) Safety
(1) Safe environment
(2) Medical devices
(3) Disposal of medical waste
c) Human resources
(1) Employee handbook
(2) Employee proficiency
(3) Training
(a) Orientation
(b) Annual updates
(c) Certifications
d) Clinical
(1) Confidentiality and patient privacy; HIPAA
(2) Infection control
(3) Patient tracking and diagnostic follow-up
2. Health literacy and cultural diversity
3. Examples of insurance coverage needed
a) General liability
b) Professional liability
c) Workers' compensation
d) Business interruption
e) Disability insurance
f) Property insurance
4. Claims data
a) Medical services traditionally provided in an acute care setting are now performed in an
ambulatory care setting; transition brings an increase in the severity and frequency of
professional liability claims
b) Medical events most likely to generate medical professional liability claims

(1) Improper performance
(2) Errors in diagnosis
(3) Failure to supervise or monitor care
(4) Medication errors
(5) Failure to recognize a complication of treatment
(6) Care performed when not indicated or performed when contraindicated
(7) Care not performed
(8) Delay in performance
(9) Failure to instruct or communicate with the patient
c) Physicians continue to have professional liability-related issues associated with key
aspects of primary care; of the thousands of claims against physicians in the Physician
Insurers Association of America (PIAA) Data Sharing Project, many have their origin in
a diagnostic interview, evaluation, consultation or prescription medication
K. Aging Services/Long-term Care (skilled nursing, assisted living, independent living
and continuing care retirement communities)
1. Common risk issues
a) Patients' rights
b) Staffing
c) Abuse
d) Slips and falls
e) Nutrition/hydration
f) Pressure ulcers
g) Elopement
h) Restraints
i) Documentation
j) Background checks on personnel
2. Centers for Medicare and Medicaid Services (CMS) define the Requirements of Participation
that skilled nursing facilities/nursing homes must meet to participate in the Medicare/
Medicaid programs. (TJC does not confer "deemed status")
3. CMS contracts with state agencies to certify that skilled nursing facilities meet the federal standards
4. Facilities must be surveyed for compliance
a) Quality of care
(1) Prevention of pressure ulcers, pain management, facility responses to resident
changes in condition, management of nutrition/hydration problems and prevention
of medication errors
b) Resident rights and facility practices
(1) Prevention of abuse, neglect and mistreatment; use of physical and chemical
restraints, especially use of antipsychotic drugs; resident freedom of choice, advance
directives and informed consent

c) Administration
(1) Injury investigation and reporting requirements, provision of physician
services, supervision of medical care and quality improvement committees
d) Quality of life
(1) Activities or programs to promote the resident's highest practicable level of
physical, mental and psychosocial well being
e) Resident assessment
(1) Functional assessments, establishment of the interdisciplinary plan of care and
timing and management of changes in condition
f) Investigation and reporting obligations
(1) Facility must investigate any injury to a resident and make a report to the facility
administrator within five days; findings must also be forwarded to the state survey agency
5. Results are available on the Online Survey Certification and Reporting Database (OSCAR)
6. Deficiencies identified during survey may lead to CMS imposing sanctions, penalties,
increased monitoring, ban on payment, loss of right to participate in Medicare and Medicaid
7. Office of Inspector General may investigate criminal and civil complaints
8. State surveyors may also conduct an investigation in response to reported risk event/complaint
9. Loss control focus in aging services/long-term care should address:
a) Personnel (number, training, background, competency, appropriate assignments and supervision)
b) Policies and procedures
c) Patient care (routine documentation of assessments, i.e., medical and nursing, and ongoing status)
d) Equipment, medications and supplies
10. Risk management program
a) Areas of risk for aging services/LTC facilities
(1) Slips and falls
(2) Medication errors
(3) Negligent care
(4) Decubitus ulcers
(5) Elopement
(6) Abuse allegations
b) Risk identification and tracking
c) Loss control and prevention
d) Claims management
e) Facility insurance and risk financing
f) Credentialing
g) Facility maintenance and safety issues
h) Employee health
i) Workers' compensation

II. Patient Safety
A. A top national priority as well as a priority for healthcare organizations 1. While
interest in patient safety has been building for some time, media coverage and
consumer attention have prompted stakeholders to renew their focus and allocate additional
resources to support patient safety initiatives
B. Redesign healthcare systems to make errors difficult to commit
C. Create a culture in which the existence of risk is acknowledged
D. Promote injury prevention and patient safety as everyone's responsibility
E. Patient safety infrastructure
1. Empowered patient safety officer/leader
2. Board of directors support
3. Interdisciplinary participation
4. Integration of quality, risk and patient safety
5. Patient safety plan
6. Patient safety committee(s)
7. Structured monitoring and feedback process
8. Accountability
9. Communication with key personnel
10. Actively and publicly promote patient safety
11. Open communication about patient safety initiatives; transparency
12. Language of safety
a) Taxonomy
b) Nomenclature
13. Severity levels
14. Data use, management and oversight
16. Leadership support for transparency and disclosure
17. Patient and family participation and involvement
18. Identify patient safety as a focus in all processes and/or design improvement activities
19. Provide patient safety educational programs
20. Identify patient safety as a priority and support patient safety initiatives
21. Allocate resources for patient safety initiatives
22. Participate in patient safety rounds
23. Request and review organizational monitoring information related to patient safety
24. Monitor leadership's contributions to patient safety
25. Identified department with subject matter expertise

F. Culture of Safety
1. An integrated pattern of individual and organizational behaviors, based upon shared beliefs
and values, that continuously seeks to minimize patient harm that may result from
the processes of care delivery
2. Organization
a) Looks at the system, environment, knowledge, workflow, tools and stressors that
impact provider behavior
b) Encourages reporting of errors and near misses which depends on maintaining trust,
honesty, integrity and open communication with patients and between care providers
c) Recognizes the possibility of barriers
3. David Marx: Culture of Safety — A Proactive, Learning
Culture a) Development of a Culture of Safety
(1) Five Stages of Maturity in a Safety Culture
(a)Pathological: No systems in place to promote a positive safety culture
(b) Reactive: Systems are piecemeal, developed only in response to events or
outside requirements
(c) Calculative: Systematic approach to safety exists but implementation is patchy and
inquiry into events is limited to circumstances surrounding a specific event
(d) Proactive: Comprehensive approach to promoting a positive safety
culture; evidence-based intervention is implanted across the organization
(e) Generative: Creation and maintenance of a positive safety culture are central to mission of
the organization; organization evaluates the effectiveness of interventions and drains every last
drop of learning from failures and successes and takes meaningful actions to improve
G. Just Culture
1. "The single greatest impediment to error prevention in the medical industry is that we punish
people for making mistakes." Dr. Lucian Leape, Professor, Harvard School of Public Health,
Testimony before Congress on Health Care Quality Improvement
2. Just Culture Accountability Model
a) Lucian Leape — "Father of the patient-safety movement"
(1) Introduced the term "just culture" and noted that having a safety culture doesn't mean
there is no role for punishment
(2) Punishment is indicated for willful misconduct, reckless behavior and unjustified,
deliberate violation of rules but not for human error
(3) Described the following types of mental processing errors that humans are prone
to and the factors that make such errors more likely to occur:
(a)Reliance on short-term memory
(b) Interruption during task execution
(c)Poor design of processes and devices
(4) In a just culture accountability model:
(a) Individuals are held accountable for their own professional performance

(b) Leadership acknowledges the unintentional nature of human error
(c) Leadership seeks to learn from mistakes
b) Thomas W. Nolan
(1) Described the frailty of human memory as well as the difficulty humans have with vigilance
c)Researchers agree that design of systems and processes is an important consideration in
creating a safe environment; other important components that must also be designed and
managed in ways that maximize the goal of a safe environment include the following:
(1) Organizational culture of safety
(a) Safety culture looks at the system, the environment, the knowledge, the
workflow, the tools and other stressors that may affect provider behavior
(b) Safety culture encourages reporting of errors and near misses, which depends
upon maintaining trust, honesty, respect, integrity and open communication
among patients and providers
(2) Management buy-in, involvement and commitment in promoting and supporting
patient safety initiatives
(3) Desire to learn from information about safety and accidents in the organization
3. The need for just culture (David Marx, A Just Culture Community)
a) Only 2 to 3 percent of errors reported
b) Most hospitals unaware of the extent of error
c) Healthcare workers would report only what they could not hide
d) Errors, as viewed by hospital workers and the public, are indicators of carelessness
4. Agency for Healthcare Research and Quality (AHRQ) suggestions for just culture
a) Conduct regularly scheduled walk-arounds to learn about staff concerns regarding patient
safety, and include all shifts
b) Conduct monthly staff meetings and include a focus on patient safety
c) Implement open book management and biweekly "huddles"
d) Educate hospital leaders about making error reporting anonymous, easy, convenient and
non-punitive
e) Set up a hotline for reporting errors and develop anonymous reporting forms
f) Involve staff directly in the problem-solving process
g) Charge leadership, from supervisor level to senior leadership, with developing and implementing
an annual action plan, hold them accountable and require periodic progress reports
h) Allocate resources for safety needs identified by staff, i.e., buying safer beds, IV pumps,
and automated medication dispensing systems upgrades.
i) Re-evaluate current disciplinary policies and procedures (involvement with human resources)
j) Empower all medical staff, hospital personnel, patients and families to immediately
intervene whenever they feel the need to protect the patient from harm and prevent a
medical accident without fear of retribution
k) Highlight/congratulate personnel whose contributions have protected a patient or made
a difference

5. A just culture includes leadership rounding
a) Purpose
(1) Demonstrates support for making safety a high priority
(2) Increase awareness of local safety issues for leaders
(3) Educate staff about safety concerns
(4) Identify barriers to safety where leaders can assist in removal
(5) Evens the playing field
b) Follow-up
(1) Record the data
(2) Initiate performance improvement project for gap closure
6. A just culture encourages and supports reporting
a) Helps to prevent future patient harm
b) Provides an indication of human and system performance
c) Guides performance improvement
d) Provides an opportunity to acknowledge the good work done
7. A just culture creates actionable improvement
8. Event and near miss understanding
a) Mature cultures have higher reporting
b) Focus is on near miss and low harm
c) Performs apparent cause analysis
d) Predictability
e) Involvement from many disciplines (residents, nutritionists, nurses, staff physicians)
9. Organizational Trust
a) Management needs to be trusted
b) Management needs to trust staff
c) Staff needs to trust management
H. High-Reliability Organizations
1. Organizations that operate complex systems without mistakes over long periods of time
a) Researchers have identified "high-reliability organizations" in other industries that
function consistently over time with few errors or injuries, despite high levels of
complexity and hazards in their daily operations
(1) Suggested that the concept of high reliability can be applied to healthcare organizations
b) Characteristics of high-reliability organizations
(1) Leadership
(2) Reporting culture: All roles are key in identifying and reporting suspected/known risks
(3) Risk auditing: ongoing monitoring of activities to identify both expected and
unexpected risks

(4) Appropriate reward systems that encourage safety-related behavior
(5) System quality standards: industry leaders who model behaviors that are broadly
recognized hallmarks of quality and safety
(6) Acknowledgment of risk: Information-sharing as a means to acknowledge, demystify
and reduce risk of error; to learn from errors
(7) Trust and transparency
(8) Flexible management models: Processes to promote teamwork and create safety
I. Use of Data in Patient Safety
1. Data trending
2. Analysis of events/data
3. Event categorization: Taxonomy
4. RCA and FMECA tools
5. Reporting events (clinical and non-clinical)
6. Action plan
7. Mining for data
a) Audit tools
(1) Medical records: High risk, chief complaints
(2) Risk audit: High risk exposures (OB, ED, OR)
(3) Claims audits: allegations (misdiagnosis, failure to rescue)
(4) Risk data: Written incident reports, medication events, falls, or surgical events
(5) Patient complaints
(6) Patient satisfaction surveys
(7) Clinical indicators
b) Trigger tools
c) Rapid response team database
d) Work-arounds
(1) Identified by staff
(2) Noted in observations of process
(3) From claims data
e) Near-miss data
f) Safety walk-arounds
g) Infection control
h) Pharmacy data
i) Ambulatory clinics
j) Home health/durable medical equipment (DME)
k) Aging services (SNF) or rehabilitation
1) Radiologic safety

m) Workers' compensation
n) Environmental safety 8.
Deficiencies of patient safety data
a) Confusion about use of the data
b) Lack of agreed-upon taxonomy and failure to use agreed-upon taxonomy
c) Analyzing rare events vs. large segments of data
d) Multiple data streams without defined process on how to view the data
e) No central repository for patient safety data
f) Surveillance bias: The organization can look better or worse than others
(1) When an organization does a thorough job of surveillance, in all likelihood it will find
more and therefore may look worse
J. Taxonomy: Error Index
1. Necessary and important component of patient safety
a) Defines a common language to classify events
b) Provides known way for providers to communicate about specific events
c) Promotes comparison with other organizations
d) Creates a common understanding from which to create action plans and drive
patient safety efforts
2. Example: NCCMERP Index for Categorizing Errors
K. Error and Human Factors: "We can't change the human condition, but we can change
the conditions under which humans work" (Reason, J. T. (1997). Managing the Risks of
Organizational Accidents. Aldershot, Hants, England: Ashgate)
1. Issues that impact human performance
a) Factors that are present before action takes place
(1) Fatigue, stress, boredom
(2) Dehydration, hunger
2. Factors that directly affect decision making
a) Perception
b) Memory
c) Attention
d) Reasoning
e) Judgment
3. Factors that directly permit decision execution
a) Communication
b) Ability to carry out intended action
4. Human factors and fatigue
a) Fatigue can impact an individual's performance and
personality (1) Reduce decision-making ability

(2) Prolong response time
(3) Increase lapses in attention
(4) Negatively affect short-term memory
(5) Lessen ability to multitask
(6) Increase irritability, moodiness, and depression
(7) Decrease ability to communicate
5. Human factors: Mental shortcuts
a) Using biases or what is known as "cognitive dispositions to respond," such as jumping
to conclusions, "hindsight bias'
b) Hindsight bias
(1) Richard Cook, an anesthesiologist, notes that investigations into accidents frequently
stop with identifying the human error made and designating the practitioners as the
"cause" of the event; determination is often made without evaluation of systems or
processes that may have contributed to the error; limited types of investigation can
lead to solutions characterized by hindsight bias, which occurs when the investigators
work backwards from their knowledge of the outcome of the event
c) Seeing what is already expected whether actually there or not
d) Bias toward action vs. non-action
e) Overconfidence bias
f) Sunk costs: Example, A practitioner with a cognitive commitment to a previously made
diagnosis uses the irreversible past diagnostic decision to justify future decisions.
g) Mental shortcuts in diagnostic errors
(1) Mental shortcuts = cognitive bias = heuristics
(2) Diagnostic errors responsible for preventable errors in hospitalized patients
(3) Especially seen in patients with common or more non-definitive symptoms
(4) There are four categories of errors seen in healthcare
Cognitive bias Definition Example
Availability heuristic Diagnosis made based on past Patient incorrectly treated for GI
experiences upset despite presence of cardiac
symptoms
Anchoring heuristic Diagnosis made from initial Initial set of cardiac enzymes
(premature closure) impression although not supported negative so heart attack ruled out
by subsequent data or information when patient had left arm pain
Framing effects Diagnosis unduly influenced by or Known drug addict diagnosed

prejudiced by collateral with overdose rather than stroke
information
Blind obedience Diagnosis made from undue False positive pregnancy test resulted
reliance on lab results in missed appendicitis

6. Human factors that reduce situational awareness
a) Insufficient communication
b) Fatigue/stress
c) Task overload
d) Task underload
e) Group mindset
f) "Press on regardless" philosophy
g) Degraded operating conditions
7. Human factors and cognitive concepts: Theories on accident causation
a) Slips: Tend to occur in situations that are so routine that they have become rote (answering
the door when the phone rings)
b) Lapses: Generally not visible because reflective of a memory failure (leaving out
or forgetting a step in a familiar protocol)
c) Mistakes: Judgment failures that are more subtle and complex than slips; go undetected for
period of time; left to differences of opinion when detected (selection of an antibiotic or
determining cause of death)
(1) Knowledge based — mistake made because of lack of sufficient knowledge,
skill or experience
(2) Rule based — either a good rule applied incorrectly or a bad rule applied
d) Active failures
(1) Highly visible errors with immediate consequences (surgeon removing the wrong leg
or nurse administering the wrong medication)
e) Latent failures
(1) May be hidden for years and generally rooted in organizational culture
(2) Takes the right set of circumstances for the error to become visible or
known (an informal practice of not requiring that look-alike medications be
separated)
8. James Reason's Swiss Cheese Model
a) Illustrates several key findings about errors
b) Errors, especially serious errors, result from multiple system failures
c) System failures occur every day, but built-in defenses and redundancies usually prevent injuries
d) Occasionally, latent failures occur in a tightly coupled sequence that overwhelms the built-
in defenses and redundancies in those systems
e) When this occurs, a catastrophic error occurs, resulting in injury
f) Supports growing notion that actions of individuals involved in error do not either
adequately explain the genesis of error or provide solutions to prevent recurrence
9. Blunt end-sharp end: The anatomy of errors in healthcare
a) David Woods' model of accident causation assumes that the healthcare workers at the
sharp end, where patient care is delivered, are affected by decisions, policies and
regulations made at the blunt end or hospital administration side of the system
(1) Organizational factors: Culture, policies, procedures, regulations
(2) Environmental factors: Equipment, staffing, resources, constraints
(3) Human factors: Clinical competency, communication skills, problem solving / critical
thinking skills
10. Contributing factors of errors
a) Team factors
b) Individual staff factors
c) Task factors
d) Patient factors
e) Work environment factors
f) Organization and management factors
g) Institutional context factors
h) Disruptive and inappropriate behavior
(1) Establish a facility policy and procedure
(a) Apply to employees, patients, families and visitors
(b) Address physical and/or verbal behavior
(c) Define disruptive and inappropriate behavior
(2) Establish a code of conduct that applies to all staff and practitioners
(3) Manage disruptive and inappropriate behaviors
(4) Conduct education around application of policy and procedure
(5) Provide counseling/support for staff involved if needed
11. Education strategies to reduce human errors
a) Information
(1) Warnings and labels
(2) Posters
(3) Memos
b) Training
(1) Annual safety test
(2) Ongoing training
c) Policies and procedures
d) Standardization of processes
(1) Order sets
(2) Checklists
e) Designs to prevent errors: Mistake-proofing
12. Human-error reduction strategies
a) Simplification of tasks and processes
b) Standardization
c) Use of constraints and forcing functions

d) Reduce reliance on memory
e) Reduce reliance on vigilance
f) Use of protocols and checklists
g) Reduce handoffs
h) Reduce need for calculations
i) Avoid or reduce fatigue
j) Heighten awareness of error prevention through communication and
training L. Key Patient Safety Influencers
1. Studies
a) The Institute of Medicine (TOM)
(1) Landmark 1999 report: "To Err is Human: Building a Better Health System"
(2) Health care in the United States is not as safe as it should be and can be. Approximately
44,000 to 98,000 people die each year in hospitals as a result of medical errors
(a) Quantified the frequency of medical error, based on the results of the
Harvard Medical Practice Study in 1984
(b) Evoked much scrutiny and comment
(c) Estimated that reporting of preventable adverse events is understated
(d) Defined medical error "as the failure of a planned action to be completed
as intended, or the use of a wrong plan to achieve an aim"
(e) Supports risk management loss prevention efforts
(f) Supports a collaborative relationship with quality improvement
b) Committee on Quality Health Care in America Project
(1) "Crossing the Quality Chasm: A New Health System for the 21st Century," published
in 2001 by the TOM
(2) Report proposed specific objectives for improving health care delivery based upon
the six aims of safe, effective, patient-centered, timely, efficient and equitable
provision of health care
(3) Biggest challenge is to establish a culture that encourages reporting of events that may
result in actual or potential harm to patients or others; this is also known as a "just culture"
2. National Patient Safety Foundation (NPSF)
a) Independent, non-profit organization
(1) "A central voice for patient safety"
(2) Non-biased influence
(3) Supported by well-known patient safety leaders
(4) Enhances patient safety awareness through
(a) Educational programs for professionals
(b) Research project grants
(c) Awareness campaigns
(d) Supports and encourages patient and family involvement

3. The Leapfrog Group
a) A coalition of Fortune 500 companies concerned about the impact of medical errors
on the employees for whom they purchase healthcare benefits
(1) Minimum requirements for healthcare organizations that wish to compete for their business
(2) Identified hospital quality and safety practices that are the focus of its health care
provider performance comparison and hospital recognition and reward program
based on independent scientific evidence:
(a) Computerized physician order entry (CPOE)
(b) Evidence-based hospital referral
(c) ICU physician staffing
(d) Leapfrog Quality Index: Based on NQF's Safe Practices
4. National Quality Forum (NQF)
a) Private, non-profit organization seeking to improve United States healthcare
b) Developed consensus standards
c) Published set of hospital safe practices aimed at reducing harm to patients
d) Published set of serious reportable events — never events
(1) Of concern to public, healthcare professionals, and providers
(2) Identifiable and measurable
(3) Risk of occurrence is significantly influenced by the policy and procedures of the organization
e) Patient safety taxonomy
5. Agency for Healthcare Research and Quality (AHRQ)
a) Makes patient safety a strategic priority
b) Medical errors are caused by:
(1) Communication problems
(2) Inadequate information flow
(3) Human factor-related problems
(4) Patient-related problems
(5) Patient-related issues
(6) Organizational transfer of knowledge
(7) Staffing patterns/work flow
(8) Technical failures
(9) Inadequate policies and procedures
c) Grant funding available for organizations to study impact of safety practices on error
d) Surveys and patient safety indicators
(1) Patient Safety Culture Survey
(2) Patient safety indicators (PSI) focus on potentially preventable complications
and iatrogenic events for patients treated in hospitals and are measures that
screen for adverse events

(3) Consumer Assessment of Healthcare Providers and Systems (CAHPS): administers the
patient satisfaction survey
6. Patient Safety Quality Improvement Act (PSQIA) of 2005
a) To improve patient safety and reduce the incidence of events that adversely affect patient safety
b) Creates "Patient Safety Organizations" (PSOs)
c) Establishes "Network of Patient Safety Databases" (NPSD)
d) Provides federal confidentiality protections for analyses and reports
e) Completely voluntary
7. CMS — Hospital Acquired Conditions (HACs)
a) CMS to select conditions that are:
(1) High cost, high volume or both
(2) Assigned to higher paying DRG when present as a secondary diagnosis and
could reasonably have been prevented through the application of evidence-based
guidelines
b) Requires hospitals to submit a claims report for discharges that include any of the selected
conditions and to identify if the condition was present on admission (POA)
c) Patient safety indicators: patient outcome related to quality and safety
8. Institute for Healthcare Improvement (IHI)
a) IHI Open School
b) IHI Global Trigger Tools
c) 100K and 5M Lives Campaign
d) WHO Surgical Checklist
e) Linking quality and financial management
9. The Joint Commission: Patient Safety Advisory Group
a) Identifies the National Patient Safety Goals (NPSGs) and makes recommendations to The
Joint Commission
b) May recommend retirement of selected NPSGs to maintain the focus of
accredited organizations on the most critical patient safety issues
c) Reviews draft patient safety suggested actions for potential publication in The
Joint Commission's Sentinel Event Alert patient safety advisory
10. The Joint Commission: National Patient Safety
Goals a) Entities subject to NPSGs:
(1) Ambulatory care and office-based surgery
(2) Assisted living
(3) Behavioral healthcare
(4) Critical access hospital
(5) Disease-specific care
(6) Home care
(7) Hospital
(8) Laboratory
(9) Long-term care
(10) Networks
b) The Joint Commission: National Patient Safety Goals (Review current year goals for the exam.)
(1) Updated annually (www.TJC.org)
(2) Promote specific improvements in patient safety
(3) Highlight problematic areas in healthcare and describe evidence and expert-
based solutions to these problems; goals focus on systemwide solutions
(4) Derived primarily from informal recommendations made in Joint Commission's safety
newsletter, Sentinel Event Alert
(5) Sentinel Event database, which contains de-identified aggregate information on
sentinel events reported to the Joint Commission, is the primary source of
information from which the alerts, as well as the goals, are derived
(6) Retired Goals
(a) Free-flow IV's
(b) Universal Protocols
(c) Alarms
(d) Unapproved use of Abbreviations
(i) U = units
(ii) MSO4
(iii) Leading and trailing 0's
c) Surveying and Scoring of NPSGs
(1) All applicable NPSGs or acceptable alternative approaches must be implemented
for accredited organizations
(2) Surveyors evaluate the actual performance, not just the intent of meeting the NPSGs
(3) NPSGs are scored as either Compliant or Not Compliant.
(4) Failure to comply with a NPSG will result in a "Requirement for Improvement" (RFI)
III. Sentinel Event

A. Must comply with Joint Commission requirements
B. Any unexpected occurrence involving death or serious physical or psychological injury, or
the risk thereof
C. Goals of the sentinel event policy
1. To have a positive impact in improving patient care, treatment, and services and
preventing sentinel events
2. To focus the attention of a hospital that has experienced a sentinel event on understanding
the factors that contributed to the event (such as underlying causes, latent conditions and
active failures in defense systems, or organizational culture), and on changing the hospital's
culture, systems and processes to reduce the probability of such an event in the future
3. To increase the general knowledge about sentinel events, their contributing factors,
and strategies for prevention
4. To maintain the confidence of the public and accredited hospitals in the accreditation process

D. The Joint Commission requests voluntary reporting of sentinel events
1. Must conduct a root-cause analysis (RCA) on all sentinel events
E. The product of the root-cause analysis is an action plan that identifies strategies the
organization intends to implement to reduce the risk of similar events in the future. The plan
should address responsibility for implementation, oversight, pilot testing as appropriate, time
liens, and strategies for measuring the effectiveness of the actions.
F. Critical incident debriefing
G. Subset of sentinel events that is subject to review by the Joint Commission includes
any occurrence that meets any of the following criteria (for hospitals):
1. The event has resulted in an unanticipated death or major permanent loss of function
not related to the natural course of the patient's illness or underlying condition or
2. The event is one of the following (even if the outcome was not death or major permanent loss
of function not related to the natural course of the patient's illness or underlying condition):
a) Suicide of any patient receiving care, treatment and services in a staffed around-the-
clock care setting or within 72 hours of discharge
b) Unanticipated death of a full-term infant
c) Abduction of any individual receiving care, treatment or services
d) Discharge of infant to wrong family
e) Rape, assault (leading to death or permanent loss of function), or homicide of any patient
receiving care, treatment, and services
f) Rape, assault (leading to death or permanent loss of function), or homicide of any staff
member, licensed practitioner, visitor, or vendor while on site at the health care organization
g) Hemolytic transfusion reaction involving major blood group incompatibility (ABO,
Rh, other blood groups)
h) Invasive procedure, including surgery, on the wrong patient, wrong site, or wrong procedure
i) Unintended retention of a foreign object in an individual after surgery or other invasive procedures
j) Severe neonatal hyperbilirubinemia (bilirubin > 30 milligrams/deciliter)
k) Prolonged fluoroscopy with cumulative dose > 1500 rads to a single field, any delivered
to wrong body region, or >25% above the planned radiotherapy dose
W. Root Cause Analysis: RCA

A. Definition
1. A process to identify the most basic causal factor or factors that underlie a variation
in performance, including the occurrence of an adverse sentinel event
2. RCA identifies changes that could be made in the system and processes — through
either redesign or development of new systems or processes — that would improve the
level of performance and reduce the risk of a particular event occurring in the future
B. When to do a root cause analysis?
1. Sentinel events
2. Adverse events
3. Near misses

C. Preparing for a successful RCA
1. Interdisciplinary review that includes those closest to the process
2. Focus on systems and processes rather than individual performance
3. Analysis digs deep until all factors are identified
4. Analysis identifies changes that can be made in systems and processes
D. Former investigation focus
1. Traditional healthcare model
E. Current Focus
1. Investigations should represent varying levels and all departments
involved F Advantages of reporting sentinel events
1. Enables lessons learned to be added to:
a) The Joint Commission's sentinel event database and contributes to general knowledge
of the causes of such events
b) Allows lessons to be learned within the organization
2. Provides for an opportunity to consult with The Joint Commission staff on development
of RCA and action plan
3. Sends a positive, proactive message to the public
4. Promotes transparency
G. Submitting RCA to TJC
1. Submit RCA and action plan to the Joint Commission
a) Organization should consider its comfort level with preserving the reports' confidentiality
(1) May take reports directly to TJC offices in Illinois
(2) May pay for TJC staff to come to the hospital to review reports
(3) May submit a summary of RCA, action plan, relevant policies, etc.
V. Failure Mode, Effects, and Criticality Analysis (FMECA)

A. Method used to identify those risks inherent in care delivery
B. FMECA is a proactive model designed to identify weak points, incidents or events before they occur
1. Different from RCA which is a reactive process and subject to "hindsight bias"
2. Promotes a redesign for safety philosophy
C. The Joint Commission requires hospitals to select at least one high-risk process annually
upon which to conduct a FMECA
D. FMECA Process Steps:
1. Identify project scope
2. Assemble a team
3. Diagram intended and actual process
4. Identify potential failure mode
5. For each failure mode, identify the possible effects

6. Put new process in place
7. Test and implement the redesigned process
8. Identify and implement measures of effectiveness
9. Implement a strategy for maintaining the effectiveness of the redesigned process over
time E. FMECA: Risk Priority Number
1. Likelihood of Occurrence (1-10)
2. Likelihood of Detection (1-10)
3. Severity (1-10)
4. Risk Priority Number = (Occurrence x Detection x Severity)
5. NOTE: 1 = Very likely it WILL be detected 10 = Very likely it WILL NOT be detected -
Source: IHI
VI. Patient Safety Challenges

A. Communication and Teamwork
1. Healthcare is traditionally hierarchical
a) An additional ramification of hierarchy is that it may legitimize intimidating behavior or
lack of assertiveness by frontline staff
2. Personal communication styles of staff
3. Relationship of staffing to medical errors
4. Lack of common language (SBAR, CUS, IPASS)
a) Situational Briefing Model (SBAR: Situation, Background, Assessment, Recommendation)
is a method to ensure proper, consistent and objective communication to help eliminate
communication failures that often exist in healthcare
5. Addressed with other patient safety initiatives
a) Simulation training
b) Rapid Response Teams (RRT)
c) Walk arounds
d) Patient engagement: Participation in committees / RCAs
e) Critical incident debriefing
VII. Critical Incident Debriefing

A. Can occur for any reason
B. Do it when memories are fresh
C. Include the members of the "team"
D. Don't "point fingers"
E. Provide a safe environment of inclusion
E Provides an opportunity for individual, team and organizational learning
G. The greater the specificity, the better

H. What would we do differently next time?
I. What did we do well?
J. What did we learn?
VIII. Patients as Partners in Patient Safety

A. Growing consumer skepticism about the quality and safety of patient care will lead toward
less deferential, more informed, and more demanding patients. If healthcare professionals
want to enlist the help of patients in preventing medical mistakes, new patient-practitioner
relationships must be formed.
B. Create readiness for patients through:
1. Education
2. Healthcare literacy
3. Speak-up campaign
4. Decision-making
5. Disclosure and transparency
6. Fair and "just" culture
7. Teamwork
C. Speak up
1. The Joint Commission (TJC)
D. Patient participation
1. Root Cause Analysis (RCA)
2. Failure Mode, Effects and Criticality Analysis (FMECA)
3. Patient Safety information
E. Rapid Response Team (RRT)
1. Driven by medical profession
2. Driven by patients
F. Key concepts:
1. Communication
2. Education
3. Empowerment
4. Active partnership
5. Patient and family centered
6. Listening
G. Patient rights as partners
1. Important for empowered consumers
2. Foundations for the organization
a) Informed consent
b) Bill of rights

c) Consumer Rights and Responsibilities: 1997 Advisory Committee on
Consumer Protection and Quality
(1) Information disclosure
(2) Choice of providers and plans
(3) Access to emergency services
(4) Participation in treatment decisions
(5) Respect and discrimination provisions
(6) Confidentiality of health information
(7) Complaints and appeals
(8) Consumer responsibilities
3. The new patient
a) Patients have become more educated consumers
b) A new patient focus is needed that addresses
(1) Access
(2) Choice
(3) Affordability
(4) Availability
(5) Timeliness
(6) Satisfaction
(7) Quality
(8) Rights
4. Increasing patient/consumer responsibilities
a) Individuals have legal obligation to exercise caution and refrain from negligent acts
that result in injury to others
b) Individuals have a duty to refrain from negligently exposing themselves to harm
c) Patients are required to assume increased control of their personal healthcare
and to communicate their healthcare needs to their providers
5. New risk challenges/new competencies
a) Caring competence
b) Cultural competence
(1) Culture is composed of the beliefs, values, morals, customs, traditions, knowledge
and habits acquired through living in the community and within society
(2) Addressed in TJC standards
(3) Guidance provided by the U.S. Department of Health and Human Services
(4) Potential for "cultural negligence" claims
c) Educational competence
(1) Internet
(2) Direct-to-consumer advertising

(3)Unlicensed healthcare staff practicing with patient-centered or patient-focused delivery models
(4)Community
(5)Health on the Net Code of Conduct (HONcode) seal
(6)Risk issues regarding
literacy d) Spiritual competence 6.
Risk interventions
a) Safety policies articulating support of the organizational mission and values
b) Posting patient rights
c) Credential staff on matters involving newly-identified competencies
d) Promoting cultural knowledge and competent care
e) Training staff to improve communication and patient education skills
f) Grievance policies and appropriate execution of policies
g) Evaluating patient education and training
h) Addressing diversity through interdisciplinary quality improvement activities
i) Literacy testing on all patient education materials and tools
j) Assessing community needs
IX. Patient Safety Challenges

A. Technology to Improve Patient Safety
1. Electronic health record (EHR)
2. Electronic medical records (EMR)
3. CPOE
4. Bar coding
5. Robotics
6. eICU's
7. Smart pumps
X. Patient Safety: Disclosure

A. Definition: Communication of information regarding results of a diagnostic test, medical
treatment or surgical intervention
B. Purpose: To give patients/families information they need to make further decisions
1. Medical decisions
2. Decisions to pursue legitimate compensation
C. It is not strictly related to medical error, nor necessarily to bad news
D. Some states have requirements for disclosure, both verbal and written
E. Key concepts
1. First obligation always to immediate needs of the patient (stabilization, comfort, care, etc.)
2. Obligation to discern facts from "hearsay"

3. Obligation to come from a place of integrity
4. Obligation to take care of the needs of providers and others involved in the incident
5. Recognize that disclosure is a process that will require multiple discussions, not an "event"
6. Recognize that the purpose of disclosure is not to avert litigation but to respect the integrity
of the patient/caregiver relationship
7. Whatever promises are made during this process must be kept; trust is at stake
8. Maintain close contact with the patient/family during the process; do not put the onus of
responsibility on them to maintain the relationship
F. Reasons to disclose
1. Right thing to do
2. Patients expect it
3. Professional responsibility
4. Earn trust/possibly forgiveness of patient
5. Supports patient safety initiatives
6. Required by TJC for unanticipated outcomes
G. Framing the conversation
1. Acknowledgement that adverse event occurred
2. An explanation as to why it happened
3. Statement that organization taking event seriously and investigating it
4. Statement that organization taking steps to prevent similar event from happening
5. An apology (as appropriate)
H. The Four "R"s of Apology
1. Recognition: Knowing when an apology is in order
2. Regret: Responding empathetically
3. Responsibility: Owning up to what has happened
4. Remedy: Making it right
I. Personnel barriers to disclosure
1. Fear of legal liability
2. Fear of loss of credibility and reputation
3. Fear of loss of licensure
4. Fear of punishment by organization or loss of job
5. Feelings of vulnerability
6. Difficulty in accepting role in error
J. System barriers to disclosure
1. We've always done it this way
2. Hierarchical structure of medicine
3. Profession demands perfection

4. Struggle with accepting even most well trained and competent can make mistakes
5. Conflict of Interest
K. A successful disclosure allows the patient and family
1. To understand what happened
2. To understand the ramifications of the event
3. To have sufficient information to make future decisions (including seeking compensation)
4. To receive an apology from the organization
5. To begin to heal
XI. Measuring a Culture of Safety

A. Methods
1. Survey
2. Rounding
3. Reporting
4. Trust
B. AHRQ: Survey on Patient Safety Culture (hospital example)
1. Communication openness
2. Feedback and communication about error
3. Frequency of events reported
4. Handoffs and transitions
5. Management support for patient safety
6. Non-punitive response to error
7. Organizational learning
8. Overall perceptions of patient safety
9. Staffing
10. Supervisor/manager expectations and actions promoting safety
11. Teamwork across units
12. Teamwork within units
13. Two additional questions
a) Overall grade on patient safety
b) Number of events reported in last 12 months
14. Caring for Caregivers (Second-Victim Phenomenon)
a) Support provided for employees, physicians and licensed independent practitioners (LIPs)
after involvement

C. Use of safety assessments surveys
1. "The delivery of survey results is not the end point in the survey process; it is just the
beginning. Often, the perceived failure of surveys to create lasting change is actually due to
faulty or nonexistent action planning or survey follow up."
2. Pre- and post-safety interventions
3. Utilize results for PI action plan
a) Understand your results
b) Communicate and discuss the results
c) Develop focused action plans
d) Communicate action plans and deliverables
e) Implement action plans
f) Track progress and evaluate impact
g) Share what works
D. Patient safety metrics
1. Involves both reactive and proactive measures
a) Good catches resulting in a practice change
b) Number of FMECAs
c) Number of RCAs resulting in a policy and procedure change
d) Sentinel events with and without disclosure
e) Number of disclosures involving risk management
f) Number of lessons learned from RCA that impacted more than two units
g) Participation in a periodic PS culture survey
h) Number of committees/family councils in which patients/families participate

REVIEW QUESTIONS
1. High-reliability organizations:
A. Provide the greatest diversity of services.
B. Have fewer adverse outcomes.
C. Operate complex systems without mistakes over long periods of time.
D. Offer the most cost-effective healthcare.
Answer. C
Operate complex systems without mistakes over long periods of time.
2. A key characteristic of a high-reliability organization is a reluctance to simplify. This

means that the organization utilizes detailed processes for each key function and strives to
include as many steps as possible to decrease the possibility of errors.
A. True
B. False
Answer. B
False. This key characteristic speaks to a HRO's refusal to accept simple answers or simplistic solutions to
complex problems. The concept does not mean that the organization is reluctant to make its processes as simple as
possible, which is an attribute of patient safety.
3. A Failure mode, effects and criticality analysis (FMECA)) is a process used to investigate
serious adverse events in an effort to identify the active and latent causes of the event.
A. True
B. False
Answer. B
False. This definition as written more closely aligns with a root cause analysis. FMECA's do not require
an adverse event as the basis for conducting the analysis. A FMECA is a proactive patient safety tool that
includes selecting a process, identifying the failure modes, and determining the effects of those failures, then
implementing an improved process.
4. Nurse Johnson was administering medications to the two patients in room 236 using the bar-
coding system. According to the facility's written procedure, the nurse was to administer each
patient's medication separately. She was to scan the medication, then scan the patient's bar
code, check for any error alerts, and then administer the medication if no alerts appeared. The
nurses complained that going out to the medication cart between patients was time-
consuming. To save time, Nurse Johnson habitually scanned the medication and the patient's
bar codes while the medication was being administered. On this day, after giving patient A his
medication, he immediately became severely short of breath, signaling an allergic reaction,
and respiratory support was required. Following an investigation it was determined that Nurse
Johnson had given patient A the medication for patient B and an error alert would have
activated in the bar-coding system. Nurse Johnson's behavior is an example of

A. Human error
B. At-risk behavior
C. Benign neglect
D. Reckless behavior
Answer: D
Reckless behavior. The nurse consciously disregarded the hospital medication administration policy, which was
intended to prevent the type of harm suffered by the patient. Through bypassing critical steps in the policy the nurse
put the patient at risk.
5. Safety culture surveys are intended to assess the organizational and unit-level attitudes
regarding patient safety. Survey results can reveal differences in perception of safety between
types of staff (such as MD and RN) and between departments or teams. They can be used to
identify priorities for improvement and to help create a performance improvement action plan.
A. True
B. False
Answer: A. True
6. Mrs. Cobb was admitted for surgery on her right leg. At the conclusion of the surgery, she
awoke to learn that the wrong leg had been operated upon. An investigation revealed that
the pre-operative nurse had performed the site marking incorrectly and had placed the X-
rays in the OR suite facing backward. The root cause analysis team identified that failure
to have surgeons routinely participate in the site-marking process, with confirmation by
the patient, was a participatory cause of the incident. This failure identified by the root
cause analysis team is an example ofi
A. Latent failure
B. Reckless failure
C. Active failure
D. Supervisory failure
Answer: A
Latent failure. The surgeon's lack of participation was not a reckless or conscious disregard for the patient's
safety, rather it was the routine process used at this facility. The active failures at the point -of-care were the
incorrect site marking and the mistakenly placed X-rays. There are insufficient facts in the narrative to
know whether there was also was a failure of supervision; therefore, answer D would be incorrect.
7. Select the answer that best identifies those organizations that are key influencers in the
field of patient safety:
A. Institute of Medicine (IOM), Agency for Healthcare Research and Quality (AHRQ), Federal
Communications Commission (FCC), Center for Medicare and Medicaid Services (CMS)
B. Leapfrog Group, Institute of Medicine (IOM), Institute for Healthcare Improvement
(IHI), Administration for Children and Families (ACF)
C. National Patient Safety Foundation (NPSF), Institute for Healthcare Improvement
(IHI), Agency for Healthcare Research and Quality (AHRQ), Center for Medicare and
Medicaid Services (CMS)

D. The Joint Commission (TJC), Administration for Children and Families (ACF), Institute of
Medicine (TOM), Institute for Healthcare Improvement (IHI)
Answer: C
National Patient Safety Foundation (NPSF), Institute for Healthcare Improvement (IHI), Ag ency for
Healthcare Research and Quality (AHRQ), Center for Medicare and Medicaid Services (CMS). Although
the FCC and ACF are actual federal agencies, they are not key influencers in patient safety.
8. Taxonomy is a necessary and important aspect of patient safety because:

A. It defines a common language to classify events.
B. It allows organizations to compare themselves to others.
C. It creates a common understanding from which to create action plans and drive patient safety efforts.
D. All of the above
Answer. D
All of the above
9. The Emergency Department is a high risk area for which of the following reasons?
1. Brief patient contact
2. Lack of familiarity with the patient's medical history
3. Use of nurse practitioners and physician's assistants
4. Language and cultural barriers
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
Answer C
Patient assessment is at the root of many ED risk management issues. Use of nurse practitioners and
physicians' assistants would not impede this process; however brief patient con tact, lack of familiarity
with the patient's medical history and language and cultural barriers are involved in provider/patient
communication issues. Because of high volumes, tight time constrains and a need for ED physicians to act
decisively even when hampered by incomplete data, errors are likely to occur.
10. A surgeon performs a hysterectomy on a 25-year-old female due to an abnormal Pap smear result
obtained as an outpatient in the physician's office. The final pathology report on the uterus
states the uterus contains only benign inflammation with no cancerous cells present. The case
is referred to the Obstetrics department, where the actions of the surgeon are discussed at
length. It is concluded that the surgeon acted in good faith based on the incorrect Pap smear
from an independent laboratory. The patient sues the obstetrician and the hospital, and seeks
to obtain copies of the minutes and any other documents related to the Obstetrics department
meeting. Which of the following is true?
A. The risk manager should argue that the documents are for purposes of peer review and
protected under the Health Care Quality Improvement Act
B. The risk manager should argue that attorney-client privilege should apply and not produce the
documents

C. The risk manager should argue that patient-physician privilege should apply and not produce
the documents
D. The risk manager should produce the requested documents since a lawsuit has been filed
Answer. A
Performance improvement and peer review documents are exempt from production in a lawsuit. Medical records must
be produced; but not PI/QI data.
11. Which of the following statements regarding the use of restraints are TRUE?
1. Wrist or vest devices can be considered restraints
2. Locked seclusion is considered a form of physical restraint
3. Medication used to significantly alter a patient's behavior on an emergency basis is considered
a form of chemical restraint
4. Voluntary use by a patient of an unlocked "quiet room" is NOT considered a form of
physical restraint
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer D
Anything used to restrict an individual's behavior, physical or chemical is considered to be a restraint and
appropriate guidelines must be followed. However, placing a patient in an unlocked room so they can
regain composure is not a restraint since they can leave under their own volition.
12. The legal theory res ipsa loquitur would most likely apply to which of the
following scenarios?
A. A unit of blood is given to the wrong patient
B. A tornado damages visitors' vehicles on hospital property
C. A surgical sponge is left in a patient during a cesarean section
D. A visitor slips on an icy sidewalk and fractures her hip
Answer C
Res ipsa loquitur means the thing speaks for itself and is often used in retained -object cases. Leaving surgical
tools is not the intention of any procedure; as such, foreign body retention is obviously a medical error. Once
circumstances supporting res ipsa are established, the theory shifts responsibility for proving the case from the
plaintiff to the defendant, who must then establish a lack of culpability.
13. Behavioral health patients may be at high risk for abuse. Which of the following
statements regarding the risk of abuse of behavioral health patients are true?
1. Pediatric, adolescent, and geriatric behavioral health patients are particularly
vulnerable populations that may be at even greater risk for abuse
2. A crucial abuse prevention strategy is to require that all behavioral health workers undergo
reference checks and criminal background checks before they are allowed to work with patients

3. The organization must have a zero tolerance philosophy regarding any form of abuse
including physical, sexual, and emotional abuse
4. Behavioral health patients may be confused and/or disoriented, and staff should be given
"the benefit of the doubt" and be allowed to continue working while a patient's allegation
of abuse is being investigated
A. 2 and 3 only
B. 2 and 4 only
C. 1, 2 and 3 only
D. 1, 2 and 4 only
Answer: C
Regardless of the degree of confusion or disorientation of the patient, all abuse allegations must be seriously
considered and thoroughly investigated. During the course of the investigation, the staff in question should be
suspended to prevent patient tampering and to reduce potential additional risk to the patient or other
patients, and the staff in question. The investigation results will determine whether the suspension is with or
without pay.
14. A study published in 1999 revealed that approximately 44,000 to 98,000 people die each year in
US hospitals due to preventable medical errors. The entity that directly initiated the study was:
A. The Joint Commission
B. The Centers for Medicare and Medicaid Services
C. The Institute of Medicine
D. The U. S. Congress
Answer. C
"To Err Is Human: Building a Better Health System" is the Institute of Medicine's landmark 1999 report on
medical error.
15. To maintain confidentiality of an incident report:

1. Send the incident report directly to risk management
2. Never make the incident report part of the medical record
3. Never mention the facts of the incident in the medical record
4. Maintain the original in the risk management office and a copy in the originating department
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer A
To maintain confidentiality, the original report should be sent to the risk manager immediately upon
completion. Copies should never he made, and the report must never be made part of the medical record. The
facts of the incident should be included in the medical record.

16. If a practitioner requests a telemedicine consult with another practitioner in a different state,
the consultant:
A. Must possess a valid medical license from his own state since reciprocity is granted in all states
B. Must possess a valid medical license from the requesting physician's state since reciprocity is
not granted in all states
C. May need to possess a valid medical license from the requesting physician's state since reciprocity
varies from state to state
D. Must obtain a temporary license from the requesting physician's state
Answer. C
Reciprocity requires the authorities of each state to negotiate and enter agreements to recognize licenses issued by
the other state without further review of individual credentials.
17. For more than 20 years, which of the following high-risk clinical specialties has led, or
been close to the top of, severity statistics for liability claims?
A. General surgery
B. Obstetrics
C. Neurological surgery
D. Emergency medicine
Answer. B
Claim statistics show that adverse events in obstetrics are generally high severity and are at the top of severity lists.
Whenever there is a bad outcome in the birth of an infant, often the parents look to assign liability to the obstetrician
and/or hospital.
Notes

Notes

LEGAL AND REGULATORY
Domain
LEGAL AND REGULATORY Domain 103

Legal and Regulatory Domain
A. Examine the value of ethics as a cornerstone in the delivery of healthcare

B. Identify ethical considerations in treatment decisions
C. Analyze the purpose and role of an ethics committee
D.Describe the informed consent process and its impact on patient care
E. Summarize key regulations and laws that govern patient care, data management, payment,
employment, and workplace safety in the healthcare environment
F. Discuss accreditation, licensure and surveying bodies and the value of participating
KEY TERMS
Advance directive - Written instructions recognized under law relating to the provision of healthcare when
an individual is incapacitated. Examples include living will and durable power of attorney for healthcare.
Age Discrimination in Employment Act - 29 U.S.C. Section 621 et seq. The federal statute
prohibiting certain types of employment discrimination on the basis of age.
Americans with Disabilities Act - 42 U.S.C. Section 12101 et seq. A federal statute aimed at
Anti-kickback statutes - Medicare-Medicaid Anti-Kickback Statute (42 USC §1320a-7b).
Knowingly and willfully seeking or receiving a bribe, rebate or kickback for a referral for a program,
reimbursable item or service.
"At will" employment - Can be terminated at any time by either party (employee or employer), for
any reason or no reason.
Autonomy - The right to self-govern or self-manage; the capacity to make an informed, uncoerced
decision.
Becomes aware - A facility becomes aware of an event when the clinical personnel employed
or affiliated with a user's facility learn of a potentially reportable event.
Belmont report - Report describing the basic ethical principles on which all biomedical and
behavioral research should be based.
Beneficence - The concept of doing good.
Capabilities - CMS refers to two requirements: 1) physical capabilities and 2) personal capabilities.
◼ Medical facility capabilities: Physical space, equipment, supplies and services the
hospital provides (e.g., surgery, psychiatry, obstetrics, pediatrics).
◼ Staff capabilities: Level of care the personnel of the hospital can provide within the
training and scope of their professional licenses.
Capacity -
• Hospital: Ability of the hospital to accommodate the individual requesting examination or

treatment of the transferred individual; encompasses such things as numbers and availability of
qualified staff, beds and equipment and the hospital's past practices of accommodating additional
patients in excess of its occupancy limits.
◼ Patient: The mental ability to make rational decisions. Case
law - Law based on judicial precedent rather than statutory law.
Civil false claims - Enables lawsuits by government or any individual (qui tam relator) against one
who submits a false claim to the government.
Common law - Used interchangeably with case law.
Common rule (45 CFR 46) - Basic Department of Health and Human Services policy for
protection of human subjects that encompasses the human subject protections followed by all federal
agencies that sponsor research.
Conditions of Participation (CoPs) - Requirements hospitals must meet to participate in
the Medicare and Medicaid programs.
Corporate compliance - As relates to healthcare fraud and abuse, any number of programs and
initiatives undertaken by providers to avoid civil and criminal investigations and charges related to
improper billing procedures, inappropriate referrals, kickbacks and other prohibited activities under
federal statutes such as the Anti-Kickback Act and the Stark I and Stark II amendments to the Medicare
Act. Many healthcare providers have taken corporate compliance programs beyond these specific
legislative and regulatory requirements to encompass broader corporate business ethics concerns.
Covered entities (CEs) - Any healthcare provider who transmits health information in
electronic form in connection with a "standard transaction." Among covered entities are
healthcare providers (hospital, physicians, insurance company, etc.) and health plans (pay for cost
of healthcare), healthcare clearinghouses (furnish bills or pays for healthcare services).
Dedicated emergency department (DED) - Must meet one of the following criteria:
◼ Licensed as an emergency department
◼ Advertises itself as providing emergency care
◼ One-third or more of walk-in patients seen for conditions that are considered
"emergency medical condition" as defined within the statute.
Drive-through deliveries - Childbirth resulting in short postpartum stay as determined by the
managed care organization or other health plan.
Elder abuse - Single or repeated act or lack of appropriate action, occurring within any relationship
where there is an expectation of trust, which causes harm or distress to an elderly person.
Elements of informed consent for research - Include full disclosure of the nature of the
research and the subject's participation, adequate comprehension on the part of the potential
subject and the subject's voluntary choice to participate.
Emergency medical condition (EMC) - Medical condition manifesting itself by acute symptoms
of sufficient severity (including severe pain) such that the absence of immediate medical attention
could reasonably be expected to result in:
◼ Placing the health of the individual in serious jeopardy
◼ Serious impairment to bodily functions
◼ Serious dysfunction of any bodily organ or part Or with
respect to a pregnant woman who is having contractions:

◼ There is inadequate time to effect a safe transfer to another hospital before delivery, or
◼ Transfer may pose a threat to the health or safety of the woman or the unborn child
Note: Regulations define "emergency medical condition" to include psychiatric illness including
alcohol and drug intoxication.
Emergency medical services (EMS) — Provision of services to patients needing immediate care
EMS system — Comprehensive, coordinated arrangement of resources and functions that are
organized to respond in a timely, staged manner to targeted medical emergencies, regardless of cause
or the patient's ability to pay, in order to minimize their physical and emotional impact (National
Association of State EMS Directors and National Association of EMS Physicians definition).
Food and Drug Administration (FDA) — Federal agency whose responsibility to protect the
public health by regulating commerce involving food, drugs, medical devices and the like; is
authorized to gather information regarding the safety of medical devices, including adverse
incidents attributed to use under the Safe Medical Device Act.
Fraud and abuse — Informal term for the various federal statutes and regulations regarding inappropriate
billing, kickbacks, referrals, etc., related to the federal or state Medicare/Medicaid programs.
Futile care — The care that the patient's family demands, but which the clinician has decided
is medically unnecessary.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) - 42 U.S.C. Section 201 et seq.
Amendments to ERISA addressing a variety of healthcare-related issues including fraud and abuse and the
portability of group health insurance benefits as well as mandating specific patient-privacy protections. It is
a federal law that resulted in the promulgation of several regulations including the HIPAA Privacy Rule.
Human subject - A living individual about whom an investigator (professional or student)
conducting research obtains data through intervention or interaction with the individual or
identifiable private information.
Implied consent - Consent to healthcare diagnosis or treatment manifested by action or by a
silence that raises the presumption that an authorization is given.
Informed consent — The legal doctrine that patients generally have a right to be informed
regarding proposed medical and surgical treatments, including anticipated benefits, risks, and
alternatives, and to accept or reject such proposed treatments.
Institutional review board (IRB) — Required for any healthcare institution that receives
federal funding for human research from a department or agency covered by the common rule
or that conducts research that is regulated by the FDA.
Justice — Provide what is owed; treat fairly, fair and just allocation of resources within the
community being served.
Life-sustaining treatment — Any treatment that serves to prolong life without reversing the
medical condition.
Long-term care services — Range of medical and/or social services designed to help people
with disabilities or chronic care needs (Department of Health and Human Services definition).
Medical emergency — Sudden and/or unanticipated medical event that requires immediate assistance.
Medical screening exam (MSE) — Process required to reach with reasonable clinical confidence,
the point at which it can be determined whether a medical emergency does or does not exist applied
in a nondiscriminatory manner (i.e., a different level of care must not exist based on payment status,
race, national origin, etc.).

Med Watch form - Required form filed by facilities required to report events, injuries of patients.
Minimum necessary - Least amount of PHI disclosed to meet the request and
accomplish the intended purpose.
Non-maleficence - Avoiding harm; to not harm intentionally.
Notice of privacy practices (NPP) - Provided by covered entity which delineates how CE routinely uses
and discloses PHI, provides the rights and responsibilities of the patient, to whom the patient may complain.
Office of Civil Rights (OCR) - Office within Department of Health and Human Services
which enforces HIPAA Privacy and Security compliance.
Paternalism - A unilateral and sometimes unreasonable decision by healthcare providers that
implies that they know what is best, regardless of the patient's wishes.
Patient Self Determination Act (42 USC Section 1395 et seq.) - Federal statute requiring certain
healthcare organizations to provide patients with information regarding advance medical directives.
Protected health information (PHI) - Includes information regarding a patient's condition
and provision of payment (past, present, future).
Prudent layperson standard - Request of the individual will be considered to exist if a
prudent layperson observer would believe, based on the individual's appearance or behavior,
that the individual needs examination or treatment for a medical condition.
Regulation - Legislative mandates such as federal and state law; there are others that reflect
regulatory requirements, such as government-sponsored programs (e.g., Medicare).
Research - Activity designed to test a hypothesis, permit conclusions to be drawn and thereby to develop
or contribute to general knowledge; also "a systematic investigation, including research development, testing
and evaluation, designed to develop or contribute to general knowledge" (45 CFR 46.102(d)).
Sarbanes-Oxley Act (SO)Q - Applies to public companies that are required to file periodic
Securities and Exchange Commission (SEC) Reports under Sections 12 or 15(d) of the Security
Exchange Act of 1934 or if the public company has filed a registration statement that has not yet
become effective under the Securities Act of 1933.
Single use devices (SUDs) - Devices reprocessed for reuse originally intended for single use.
Stabilized - With respect to an EMC, that no material deterioration of the condition is likely, within
reasonable medical probability, to result from or occur during the transfer of the individual from a
facility, or, with respect to pregnancy, that the woman has delivered, including the placenta.
Surrogate - One who legally stands in place of another.
Telemedicine / telehealth - The use of telecommunications to provide medical information and
services. Also, the provision of healthcare consultation and education using telecommunication
networks to disseminate information; medical practice across distance via telecommunications and
Vulnerable subjects - Human subjects are considered vulnerable and require special considerations
if there are legitimate concerns about competency to understand information presented to them and
make reasoned or informed choices; populations include children, pregnant women, prisoners, those
with psychiatric, cognitive and developmental disorders and substance abusers.

OUTLINE
I. Statutes, Standards and Regulations
A. Healthcare is one of the most highly regulated industries
1. Mandatory: State and federal law
2. Voluntary: TJC, NCQA, etc.
B. Risk managers need to assist the organization in complying with both mandatory and voluntary
for the following reasons:
1. Reimbursement can be influenced by compliance
2. Policies and procedures must be developed to ensure compliance
3. Reputation of the organization
4. Patient satisfaction
C. Categories of key regulations and laws
1. Patient care
2. Data management
3. Payment
4. Employment
5. Workplace safety
II. Types of Law

A. Statutory law
1. Enacted by congress and approved by the president.
B. Administrative law
1. Regulations and rules developed and implemented by a federal or state agency to provide
direction for carrying out the purposes of the Acts it oversees
C. Case law
1. Judicial interpretation of a statute or established court precedent (also known as common law)
III. Ethics
A. Ethical Basics
1. Ethics center on deliberations and explicit arguments to justify particular actions
2. Created by the collision of:
a) Law
b) Medicine
c) Biotechnology
d) Business
e) Philosophy
f) Religion

3. Focuses on the reasons why an action is considered right or wrong
a) Ethical principles and moral obligations
b) Societal policy
c) Professional guidance (code of ethical behavior vs. clinical ethics)
(1) ASHRM Code of Professional Conduct: available at http://vvww.ashrm.org
Practicing responsibility to the profession
Practicing responsibility to those we serve
Avoiding conflict of interest
(2) AMA's Principles of Medical Ethics: available at www.ama-assn.org
(3) U.S. Agency for International Development
(a) How to interpret the federal policy for the protection of human
subjects of "Common Rule" available at www.usaid.gov
B. Ethical Principles
1. Autonomy
a) Ability to make decisions without undue influence
b) Fundamental basis for informed consent and informed refusal
2. Beneficence
a) To do good and protect from harm
3. Non-maleficence
a) To avoid causing harm or prohibition against cruel treatment
4. Justice
a) Fairness and equal distribution of healthcare, non-discriminatory care
C. Moral Obligations
1. Related to conduct that conforms to accepted customs or conventions of a people
2. Respect patient's privacy and protect confidentiality
3. Communicate honestly about all aspects of the patient's diagnosis, treatment and prognosis
4. Determine whether patient is capable of sharing in decision making
5. Conduct an ethically valid process of informed consent
D. Ethical issues
1. Advance directives: A method to make decisions known to healthcare providers
2. Do-not-resuscitate orders: Physician communication to other healthcare providers
that is typically based upon prior conversation with patient/family
3. Research: Includes identification of risks and benefits, addresses data collection and
protects the subject's rights (including termination of participation)
4. Institutional review boards: Charged with establishing protocols for and oversight of clinical trials
5. Informed consent
E. Patient Self-Determination Act of
1990 1. Overview of the law
a) The law, 42 U.S.C. 1395 cc (a), established the right of competent patients to make

binding, legally enforceable decisions about their healthcare preferences to be
followed should they later become unable to express them
b) Encourages patients to consider the option of preparing an advance directive
c) Requires providers to develop policies and procedures to address a patient's right to refuse
treatment and to execute an advance directive in accordance with individual state laws
d) Encourages patients to consider the option of preparing an advance directive
e) Requires healthcare providers to furnish information about self-determination to their patients
2. Requirements
a) Written policies and procedures
(1) Living wills
(2) Durable power of attorney
b) Notice of Rights to provide information to patients concerning:
(1) Right to make healthcare decisions
(2) Right to accept or refuse care
(3) Right to formulate advance directives
(4) Presented at time of admission for inpatients, at time of enrollment for HMOs,
prior to care for home health agencies
c) Documentation in medical record of advance directive
d) May not require advance directive as precondition to care
e) Compliance policy must be instituted to deal with elements of law and establish a formal
process for investigating and resolving patient grievances
f) Provide education for staff and community on issues concerning advance directives
3. Applies to:
a)Hospitals
b) Nursing homes (SNFs)
c)HMOs participating in Medicare
d) Home care and hospice programs
e)Hospice programs
4. Does not apply to:
a) Free-standing outpatient clinics
b) Private physician offices
5. Recognized under state law; specifics apply to each state's laws
6. Penalties/sanctions
a) Condition of Participation in Medicare and Medicaid programs
b) Appeal process

7. Risk management implications of Patient Self-Determination Act
a) Develop, implement and monitor compliance with policies and procedures that
address each element of the law
b) Familiarity with the specifics of the state's laws, if any, relating to advance directives
c) Keep copies of written materials for later reference
d) Educate staff on encouraging patients to complete an AD and having proper staff
available to answer questions from patient and family
F. Advance Directives
1. Legal document: May include living will and durable power of attorney for healthcare.
2. Completed in advance and when patient has capacity to do so
3. Governed at the state level
4. No uniform document
5. Preferably written, but also can be verbal
6. Can specify what to include and exclude (such as intubation, mechanical ventilation,
antibiotics, blood transfusions, dialysis, artificial nutrition/hydration)
7. Patient can change mind at last minute
G. Do Not Resuscitate
1. Governed at the state level
2. Requires a physician order
3. Documented in the medical record
4. Requires clear policy and procedure
5. Documented education of patient, family and staff
6. Does not require an advance directive as a precondition
7. May be rescinded for surgical interventions
H. Assisted Suicide
1. Rendering of assistance to a person who wants to end his or her life but is not able to do this alone
2. In some states, when a healthcare provider does this, it is considered murder
3. In other states, governments have legalized this procedure; also known as euthanasia
4. Consideration: Does the diagnosis make a difference? Does the amount of pain and
suffering make a difference (quality of life)?
I. Withholding and Withdrawing Treatment
1. Life-sustaining treatment is any treatment that serves to prolong life without reversing
the medical condition
2. Clear policy and procedure that outlines what life-sustaining treatment entails and under
what criteria/parameters withholding/withdrawing of care can occur
3. Examples of such treatment
a)Intubation
b) Mechanical ventilation

c) Renal dialysis
d) Artificial nutrition and hydration
e) Antibiotics
f)Blood and blood products
J. Capacity
1. Mental ability to make a rational decision, which includes the ability to perceive and
appreciate all relevant facts; ability to weigh the risks, benefits, and alternatives; not
necessarily synonymous with "sanity"
2. Patients requirements
a) Able to understand the nature of the situation and the consequences of the decision
b) Of age (varies greatly by state and circumstances)
c) Able to communicate the wishes to the caregiver
d) Normally determined by the physician
e) Presumed unless there is a reason to question
f) May come and go so act as close to the time of capacity as possible
g) Normally not questioned as long as the healthcare providers and the patient's family agree
K. Surrogates of Patients
1. Definition: The individual who is legally authorized to make healthcare decisions on behalf
of a patient who is unable to make or communicate decisions
a) Common law next-of-kin
b) Established in advance directive, such as durable power of attorney for healthcare
c) State-specific
L. Futile Care
1. Quality of life is defined by the patient's values, not by the surrogate or caregiver's
2. Physicians do not have an obligation to deliver care that, in their best judgment, will not
have a reasonable chance of benefiting the patient
3. Physicians are not required to violate their own ethical or religious beliefs
4. Clinical staff may decline only for reasons of "conscience"
5. Do not abandon the patient; arrange transfer
6. Have appropriate policies
7. Be sure decisions are based on medical issues, not age, social status, or be financially driven
8. Avoid court if at all possible
9. Negotiate with the patient, surrogates, and healthcare providers, if necessary
10. Use the Ethics Committee
M. Culturally-Appropriate Care
1. The National Quality Forum
a) Endorsed 45 best practices to deliver culturally appropriate and patient-centered care
(1) Issues addressed

(2) Communication
(3) Community engagement
(4) Workforce training
2. The Joint Commission Requirements to Advance Effective Communication, Cultural
Competence, and Patient-Centered Care
a) Became effective January 1, 2011 with a grace period of 1 year
b) Will be graded in TJC 2012 surveys
c) Incorporates issues such as diversity, language, culture, health literacy into
current standards or draft new requirements
d) Some issues addressed
(1) Effective communication
(2) Equitable treatment
(3) Accommodation of patient's cultural, religious, spiritual needs and beliefs
(4) Non-discrimination in care
(5) Staff training in cultural sensitivity
N. Ethics and the Law
1. Ethical decisions are based on what is best for the common good and, generally, exceed
what is required by law
2. Legal decisions are based on what is mandated by statutes or case law
3. Case Law Examples
a) Karen Ann Quinlan: Matter of Quinlan, 70 N.J. 10, 355 A. 2d 647 (1976)
(1) Ethical issues: Legal vs. medical death; patient wishes
In 1975, for whatever reason, Ms. Quinlan ceased breathing for at least two 15-minute
periods. Subsequently she was found to be in a "chronic persistent vegetative state."
Her father requested that her life support be withdrawn and was refused. He sued for
the right to have her life-support withdrawn, and to be declared legal guardian. He
was adjudicated in the negative. He appealed to the New Jersey Supreme Court and its
decision was in the affirmative granting guardianship. He then had the ventilator
removed, but the gastrostomy tube stayed in place. After the removal of the
ventilator, Ms. Quinlan was transferred to a nursing home where she survived for
approximately 10 years before succumbing to pneumonia.
b) Nancy Cruzan: Cruzan et ux. v. Director, Missouri Department of Health, et al
(1) Ethical issues: Gave constitutional status to the ethical principle of autonomy; clear
and convincing evidence standard introduced
Court's first right to die case. In 1983, Nancy Cruzan was involved in an accident leaving
her in a "persistent vegetative state." She was sustained for several weeks with artificial
feedings via a gastrostomy tube. When her parents attempted to terminate life-support,
state hospital officials refused to do so without court approval. The Missouri Supreme
Court ruled in favor of the state's policy over Ms. Cruzan's right to refuse treatment. The
question before the U.S. Supreme Court was "Did the Due Process Clause of the 14th
Amendment permit Cruzan's parents to refuse lifesustaining treatment on their
vegetative daughter's behalf?" In a 5-4 decision, the court held that,

while individuals enjoy the right to refuse medical treatment under the Due Process
Clause, incompetent persons were not able to exercise such rights. Absent "clear and
convincing evidence" that Ms. Cruzan desired treatment to be withdrawn, the Court
found the State of Missouri's actions designed to preserve human life to be constitutional
because there was no guarantee family members would always act in the best interest of
incompetent patients and, because erroneous decisions to withdraw treatment were
irreversible, the Court upheld the state's heightened evidentiary requirements. Ms.
Cruzan's gastrostomy tube was withdrawn, and she died about 10 days later.
c) Nelly Vega: Stanford Hospital v. Vega, 236 Conn. 646 (1996)
(1) Ethical issues: The state's interests of preservation of life, protection of an
innocent third party, prevention of suicide, maintenance of ethical integrity of the
medical professions; the hospital's interests of preserving life, protecting the ethical
integrity of the healthcare profession; the patient's interest of right of self-
determination, constitutional right to exercise religious freedom.
The Supreme Court of Connecticut held that a hospital's interest in preserving a
patient's life and in protecting the medical profession's ethical integrity were not
sufficient to take precedence over the common law right of self determination of
a Jehovah's Witness to refuse a blood transfusion.
d) Terri Schiavo: Theresa Schindler Schiavo, ex rel. v. Michael Schiavo, as guardian (2005)
(1) Ethical issues: State's interest, patient's interests, spousal vs. parental interests
In 1990, Terri Schiavo collapsed at her home, suffered a cardiac arrest and sustained
permanent loss of brain function. On June 1990, her spouse, Michael, was formally
appointed to serve as legal guardian, because Ms. Schiavo was adjudicated incompetent
by law. This appointment was undisputed. In 1994, her spouse acknowledged the
irreversibility of her condition and imposed a "do not resuscitate" order should Ms.
Schiavo experience another cardiac arrest. Ms. Schiavo's biological family also did not
dispute this. In 1997, Michael elected to initiate an action to withdraw artificial life
support. Her parents opposed this, stating that she displayed special responses, mostly
to her mother, but that these had not been observed or documented. This began lengthy
legal maneuverings by her parents to stop the withdrawal of life support and to try to
remove Michael as his wife's guardian. Various legal challenges and interference by the
Office of the Governor of Florida occurred, however, in March 2005 the feeding tube
was removed for the final time, and Ms. Schiavo was allowed to die.
0. Ethics Committee
1. Basic ethical concepts include autonomy, beneficence, paternalism, non-maleficence, justice
a) Chairperson should be well educated or trained in ethical issues
b) Multidisciplinary including appropriate medical and clinical staff
c) A clerical representative from the religious community should be a member
d) A layperson from the community should be a member
e) Decisions are nonbinding — consultative only
f) The risk manager should:
(1) Be a neutral party during the discussions
(2) Serve as a facilitator
(3) Act as a consultant on legal issues

(4) Develop a systematic approach to obtaining an ethics committee consultation that
addresses both a routine process as well as an ad hoc process
2. Topics for Ethics Committees
a) Abortion and reproductive rights
b) End-of-life or futile care
c) Quality of life
d) Surrogate decision-making
e) Advance directives
f) DNRs
g) Medical resources
h) Staff rights that conflict with patient wishes
i) Specifically designed to screen out hospital with issues
IV. Consent
A. Introduction
1. Consent is an important element of the provider/patient relationship
2. Consent is the act of agreeing to a specific diagnostic test or treatment; it can be
characterized as a contract for agreed upon services
3. Consent is a communication process between provider and patient, not merely
the completion of a form
4. Consent can be characterized as a contract for agreed upon services
5. Consent is practitioner's (individual who is to conduct the proposed test or
treatment) responsibility that is non-delegable
6. Consent presumes that an adult is capable of making treatment choices, as are minors
under defined circumstance
B. Legal sources of influence in the consent process
1. Federal law — Consumer Bill of Rights and Responsibilities published in 1997 reiterates
the fundamental framework of consent
a) Provide easily understood information to patients and opportunity to select among options
b) Discuss all treatment options with a patient in a culturally competent manner,
including the option of no treatment
c) Ensure that patients with disabilities have effective communication with care providers
and the tools for effective communication (e.g., interpreters, communication boards, etc.)
d) Discuss all current treatments a consumer may be undergoing, including
alternative treatments and those that are self-administered
e) Discuss all risks, benefits and consequences to treatment or non-treatment
f) Give patients the opportunity to refuse treatment and to express preferences about future
treatment decisions
g) Discuss the use of advance directives- both living wills and durable powers of attorney
for healthcare with patients and their designated family members

h) Abide by the decisions made by patients and/or their designated representatives
consistent with the informed consent process
i) Give patients opportunity to refuse treatment and express preferences about
future treatment decisions, including advance directives
j) Assure patients that care providers will abide by patient's decisions
2. Other federal laws, regulations and guidance promote the consent process
a) Civil Rights Act of 1964
(1) Bars discrimination on basis of race, background, etc., thereby necessitating
use of interpreters when necessary
(2) Office of Civil Rights monitors compliance
b) Medicare Conditions of Participation (CoPs)
c) Patient Self-Determination Act of 1990 (PSDA)
d) HIPAA
e) EMTALA
f) Americans with Disabilities Act of 1990 (ADA)
3. State law
4. Case law
C. Types of Consent
1. General: Typically seen at time of admission for non-invasive, low-risk or routine
procedures such as blood work
2. Informed: For invasive or high-risk procedures such as surgery, feeding tube
placement or cardiac catheterization
3. Implied consent: For emergency situations such as stabilization of the airway following a
car accident
D. Elements of Consent to Treatment
1. Disclosure of the nature and purpose of the test or treatment
2. Description of the probable risks and benefits
3. Explanation of risks and benefits of alternatives
4. Risks and benefits of foregoing the test or treatment
5. Opportunity for questions and understandable answers taking into consideration the
patient's or surrogates comprehension level
6. Opportunity to make a decision free of coercion and undue influence
E. Legal authorities differ regarding what is "enough" information to disclose in a consent dialogue
1. Patient need: Information that a reasonable person would want to know
2. Medical community: What the caregiver believes patients should be told
3. Essential information should be disclosed to prevent or eliminate misunderstanding or
misinformation, such as:
a) Risk of death, disfigurement, disability or major change in lifestyle
b) Degree of pain, dysfunction or discomfort associated with the test or treatment

c) Time commitment associated with proposed and alternate treatments, including
rehab, physical therapy or long-term medication management
d) Urgency to undergo the test or treatment
e) Consequences of deferring or refusing the test or treatment
F. Exceptions from the General Rules of Consent
1. Emergency treatment
exception a) Basic criteria
(1) Life threatening illness or injury requiring immediate attention
(2) Patient unable to communicate
(3) No time to secure treatment authorization
(4) Limited to care only to extent that it is necessary to rectify the urgent situation
(5) Comprehensive documentation supporting the emergency condition and
fulfillment of the basic criteria
(6) Steps to minimize inappropriate use of emergency exception:
(a) Clinical decision support tools such as clinical pathway or decision trees
for declaring emergency
(b) Staff and physician education
(c) Comprehensive documentation
2. Therapeutic privilege exception
a)To protect the patient from consequential harm arising from disclosure of medical information
b) Criteria for invoking the privilege
(1) Assessment of facts and circumstances
(2) Assessment preferably made by someone not involved in the patient's care
(3) Comprehensive documentation of assessment and decision
3. Compulsory treatment situation
a) Empowers public health officials to test, treat or quarantine individuals with infectious illnesses
G. Importance of an Informed Refusal of Care
1. Patient or recognized decision-maker must have mental capacity
2. Inform patient of consequences of refusal of proposed test or treatment
3. Document discussion with patient or recognized decision-maker
4. Patients and decision-makers have the right to withdraw consent
H. Needs of Specific Patients in the Informed Consent Process
1. Preliminary screening to identify special patients
2. Patients who warrant special
considerations a) Minors
(1) State laws differ
(2) Mature or emancipated minors may consent to treatment related to pregnancy,
sexually transmitted disease, mental health treatment or alcohol abuse treatment

(3) Physician should assess minor to ensure such minor has the appropriate level
of judgment and reasoning skills for medical decision making
b) Mentally disabled or challenged persons, such as those with dementia or psychosis
c) Patients undergoing specific care as may be identified by law
(1) Breast cancer
(2) Sterilization
(3) Blood transfusion
(4) HIV
d) Auditory, speech or visually impaired patients — ADA requires reasonable accommodations
to facilitate the patients understanding, such as use of telephone or amplification devices,
sign language, interpreters for limited English proficiency, etc.
e) Culturally sensitive situations
f) Research patients — Have a specific process and form that must be followed
(1) Addressed in the PSDA
(2) Identify risks and benefits of participating in research
(3) Minimize risks
(4) Perform risk-to-benefit evaluation
(5) Determine intervals of periodic review
(6) Determine mechanisms for monitoring data collection
(7) Protect subject's rights that mandates a process for accepting, rejecting and
terminating participation in research
I. Consent Litigation
1. Despite the presence of laws and controls, consent — or lack of it — remains a persistent
basis for claims in professional liability lawsuits.
2. Consent litigation reflects a breakdown in the provider-patient relationship
3. Risk managers should be familiar with consent-related issues arising from
a) Managed care
b) Compulsory treatment situations
c) Behavioral health settings
d) Minors
e) Ambulatory care
f) Documentation
4. Results of a breakdown in the consent process
a) Battery — care provided absent consent or after consent is withdrawn
b) Unprofessional conduct
c) Negligent consent — Failure to disclose material risks
d) Misrepresentation or deceit — intentional harm
e) Breach of contract — Assertion that care promised was not achieved

f) Corporate liability — "Constructive notice" of flawed consent process
g) Licensure action — Failure to follow applicable consent law or regulations
h) Compliance action — Failure to comply with provisions of Medicare's "patient's rights"
condition of participation
J. Risk Management Approach to Consent or Treatment
a) Ensure disclosure of conflicts of interest
b) Prohibit "gag" clauses
c) Prohibit punitive measures taken against providers or other healthcare workers who
advocate on behalf of the patient
d) Includes criteria for making and documenting an assessment that establishes mental
capacity when appropriate
2. Risk identifiers for reviewing consent-related incidents, claims and patient complaints
3. Education
a) Must recognize state-specific exceptions
b) Educating providers as to their role in this process and its value in facilitating a greater
trust with patients should be emphasized
4. "Family-focused" consent process is encouraged
5. Consent checklist is a tool to facilitate consent process
a) Evaluate ability of patient or decision-maker to participate in the process
b) Confirm patient's understanding of disclosure
c) Confirm patient's understanding of treatment plan
d) Screening questions for continuing care interventions
e) Tool may be customized for different settings
f) Tool may be used as evidence of compliance
6. Documentation: Can be short- or long-form, or detailed notes in the medical record that are
typically driven by organizational policy, procedure and/or practices
V. Patient Care Regulations and Laws

A. CMS develops Conditions of Participation (CoPs) and Conditions for Coverage (CfCs)
1. Healthcare organizations must meet CoPs and CfCs in order to begin and continue
participating in the Medicare and Medicaid programs.
2. These standards are the foundation for improving quality and protecting the health and
safety of beneficiaries.
3. CoPs and CfCs apply to the following healthcare organizations:
a) Ambulatory Surgical Centers
b) Community Mental Health Centers
c) Comprehensive Outpatient Rehabilitation Facilities
d) Critical Access Hospitals

e) End-Stage Renal Disease Facilities
f) Federally Qualified Health Centers
g) Home Health Agencies
h) Hospices
i) Hospitals
j) Hospital Swing Beds
k) Intermediate Care Facilities for Individuals with Intellectual
Disabilities 1) Organ Procurement Organizations
m) Portable X-ray Suppliers
n) Programs for All-Inclusive Care for the Elderly Organizations
o) Clinics, Rehabilitation Agencies, and Public Health Agencies as Providers of Outpatient
Physical Therapy and Speech-Language Pathology Services
p) Psychiatric Hospitals
q) Religious Nonmedical Healthcare Institutions
r) Rural Health Clinics
s)Long-term Care Facilities
t) Transplant Centers
4. CoPs for Hospitals
a) Covers many hospital services and functions such as
(1) Quality assessment and performance improvement, medical staff, nursing, infection
control, surgical services, governing body, patient's rights, medical records,
physical environment, pharmacy, radiology, lab, food services, etc.
b) CoP: Nursing Services
(1) Defines the operational elements of a nursing service that includes the
following mandates:
(a) Staffing and staff supervision
(b) Developing and implementing nursing care plans
(c) Staff competency assessment
(d) Medication administration
(e) Mandatory reporting of blood transfusion reactions, adverse drug reactions, and
medication errors
c) CoP: Infection Control (1)
Requirements include:
(a) Designating an infection control officer
(b) Developing and maintaining a log system
(c) Creating policies and procedures
(d) Delegating responsibility and accountability on hospital leadership
(e) Ensuring that hospital-wide QI and training programs are implemented
(f) Implementing corrective action plans

d) CoP: Surgical Services
(1) Scope of the services:
(a) Staffing
(b) Duties of staff
(c) Surgical privileges
(d) Consistency between quality of inpatient and outpatient surgical services
(2) Delivery of service requirements
(a) Medical history and physical examination
(b) Informed consent form
(c) Post-operative care requirements
(d) Operating room register
(e) Operative report
e) CoP: Patient's Rights Standards
(1) Notice of Rights — patients notified in writing (a)
Complaint and Grievance Process
(2) Exercise of Rights: Patient has the right to participate in medical decision making
(3) Privacy and Safety: Patient has right to privacy and a safe environment
(4) Confidentiality of Medical Records: Reaffirms and strengthens confidentiality of medical
information
(5) Restraint or seclusion: Protocols for use of restraints and seclusion including staff
education mandate
f) CoP: Complaint and Grievances Standards
(1) Standards set by CMS that hospitals must follow to manage complaints and grievances
(2) Standards must ensure:
(a) Families are informed of their rights to present complaints and the mechanism to do so; by
issuing a complaint it does not compromise patient's future access to care
(b) Analysis of complaints and appropriate action is taken to correct the issues
(c) A response is sent to each patient/family which addresses the complaint
g) CoP: Quality Assessment and Performance Improvement Program (1)
Standards
(a) Must develop, implement and maintain effective, ongoing hospital wide, data-driven
quality assessment and performance improvement program
(b) The program must include, but not be limited to, an ongoing program for which there is
measurable evidence that health outcomes will improve and medical errors will be
indentified and reduced.
(c) Must measure, analyze and track quality indicators including adverse patient events and other aspects
of performance that assess processes of care, hospital service and operations
(d) Must take actions aimed at performance improvement, measure success of
interventions and monitor to ensure improvements are sustained

5. Risk Management Implications of Medicare Conditions of Participation
a) Many other CoPs address wide range of healthcare organizations
(1) Hospitals
(2) Home health agencies
(3) Ambulatory surgical centers
(4) Outpatient rehabilitation facilities
(5) Psychiatric hospitals
(6) Home health agencies/hospices
(7) Providers of outpatient services
b) Development of actual means to compliance left up to program participants; consult
with legal counsel for interpretation of CoPs if necessary
c) Complete compliance with CoPs should be monitored on an ongoing
basis B. CMS Hospital Acquired Conditions (HACs)
1. Medicare will not pay a hospital at a higher rate for an inpatient hospital stay if the sole
reason for the enhanced payment is one of the selected HACs and the condition was
acquired during the hospital stay.
2. Enacted due to:
a) High cost and/or high volume
b) Assignment of higher MS-DRG payment (increased reimbursement)
c) Could reasonably have been avoided through evidence based medicine
3. CMS list of HACs include
a) Foreign objects retained after surgery
b) Air embolism
c) Blood incompatibility
d) Stage III and IV pressure ulcers
e) Falls and trauma
(1) Fractures
(2) Dislocations
(3) Intracranial injuries
(4) Crushing injuries
(5) Burns
(6) Other injuries
4. Iatrogenic Pneumothorax with venous catheterization
5. Manifestations of poor glycemic control
6. Catheter-Associated Urinary Tract Infection (CAUTI)
7. Vascular Catheter-Associated Infection

8. Surgical site infection following:
a) Coronary Artery Bypass Graft (CABG) — Mediastinitis
b) Bariatric surgery (gastroenterostomy, gastric bypass, gastric restrictive surgery)
c) Cardiac Implantable Electronic Device (CIED)
d) Orthopedic procedures (spine, neck, shoulder, elbow)
9. Deep Vein Thrombosis (DVT)/Pulmonary Embolism (PE) following:
a) Total knee replacement
b) Hip replacement
C. Healthcare Quality Improvement Act — (HCQIA)
1. Overview of the law
a) To provide protections for all healthcare organizations and individual participants
engaged in formal peer review activities if certain conditions are met
b) Does not necessarily provide added protections over and above state statutes, but
may apply in cases of claims filed under federal antitrust laws
2. Peer review immunity
a) Encourages hospitals, licensing boards, professional societies, group medical
practices, etc. to engage in effective peer review
b) Qualified immunity from liability in civil actions attaches to those engaged in peer
review if the professional review action is taken
(1) To further quality healthcare
(2) After reasonable effort to ascertain the facts
(3) After notice and fair hearing opportunities are afforded the physicians
(4) In the reasonable belief that the action is supported by the facts
3. Physician due process
a) Notice of a proposed professional review action must include
(1) Reason for the review
(2) Time frame within which a physician may request a hearing is not less than 30
days after the date of the notice
(3) Summary of fair hearing rights
b) Physician rights
(1) List of witnesses appearing for the reviewer
(2) Notice of time, place and date of hearing
(3) Representation by counsel
(4) Written record of proceedings
(5) Examination and cross-examination of witnesses
(6) Presentation of relevant evidence
(7) Submission of a written closing statement
(8) Written recommendations/rationale of the reviewer
(9) Written decision/rationale of the healthcare entity

c) Institutional rights
(1) Institution may suspend or restrict privileges for 14 days during which an investigation
may be conducted to determine the need for a professional review action
(2) Institution may summarily suspend privileges, subject to subsequent notice and
hearing, if failure to take such action would jeopardize the health of any individual
4. Established the National Practitioner Data Bank (NPDB)
a) Purpose of NPDB
(1) Collects information on healthcare practitioners related to the professional competence
and conduct of physicians, dentists and other healthcare practitioners
(2) Tracks practitioners who have been defendants in malpractice claims that
have concluded with either a judgment or settlement
(3) Collects information on practitioners with adverse action against their
hospital privileges or their license to practice
(4) Provides conditional immunity from anti-trust suits against healthcare facilities and
their medical staff that participate in peer review, provided that:
(a) Due-process protections were made available to the physician under review, and
(b) The reviewers acted in good faith in furthering quality patient care
b) Entities that must report include
(1) Hospitals and other healthcare providers
(2) Medical and dental licensing boards
(3) Medical malpractice payors, including medical liability carriers, SIRs, trust, captives, RRGs
c) Entities with access to the reported data include
(1) Hospitals
(2) Other healthcare entities with formal peer review
(3) Professional societies with formal peer review
(4) Boards of medical or dental examiners and other healthcare practitioner state
licensing boards
(5) Plaintiff's attorneys of plaintiffs representing themselves (some limitations)
(6) Healthcare practitioners — self query
(7) Researchers (statistical data only)
d) Reporting Requirements
(1) Payments of judgments or settlements made on behalf of specified licensed
practitioners, regardless of the amount in response to written demand — report
within 30 days of the date of payment to NPDB
(2) Hospitals and other healthcare entities: Actions taken which adversely affect
privileges of physicians and dentists or membership on the staff — report within 15
days of adverse action to board of medical examiners
(3) Disciplinary actions taken by State medical and dental boards — licensing board reports
within 30 days

e) Ongoing requirements
(1) Hospitals must request information from NPDB on a new physician, dentist or other
practitioner at the time of initial application
(2) Information on current members must be requested at a minimum of every two years
(3) Failure to report indemnity payments — up to $11,000 fine
(4) Hospitals that do not request information from the NPDB are presumed to know
about the information they would have obtained if they had asked
(5) Failure to report a reportable adverse action waives the hospital's immunity protection
from discovery for three years
f) Information available
(1) Medical malpractice payments
(2) Medicare and Medicaid exclusions
(3) US DEA actions
(4) Adverse actions related to professional competency and conduct
(a) Professional licensing actions
(b) Clinical privilege actions
(c) Professional society membership status
D. The Healthcare Integrity and Protection Data Bank (HIPDB)
1. A clearinghouse for the reporting and disclosure of certain final "adverse actions" taken against
healthcare practitioners, suppliers, and other providers in an effort to combat fraud and abuse.
2. HIPDB contains information regarding:
a) Civil judgments against healthcare providers, suppliers, or practitioners related to
the delivery of a healthcare item or service
b) Federal or state criminal convictions against healthcare providers, suppliers, or practitioners
related to the delivery of a healthcare item or service
c) Actions by federal or state agencies responsible for the licensing and certification
of healthcare providers, suppliers, or practitioners
d) Exclusions of healthcare providers, suppliers, or practitioners from participation in federal
or state healthcare programs
e) Any other adjudicated actions against healthcare providers, suppliers, or practitioners
E. Hospital Value-Based Purchasing Program (HVBP)
1. CMS quality incentive program built on the Hospital Inpatient Quality Reporting (IQR)
measure reporting infrastructure
2. Designed to promote higher quality care for Medicare beneficiaries
3. Rewards facilities with better patient outcomes, processes and experiences instead of
just volume of services and penalties apply if hospital is non-compliant
4. Funded by a 1.25 percent reduction from participating hospitals' base-operating
Diagnosis-Related Group (DRG) payments in FY 2014

5. Three domains:
a) Clinical Process of Care (13 measures)
b) Patient Experience of Care (8 HCAHPS dimensions)
c) Outcome (3 mortality measures)
F. Food and Drug Administration (FDA)
1.,A division of the Department of Health and Human Services
2. Designed to protect public health by regulating commerce that involves food,
drugs (including biologics) and medical devices (including radiation devices)
3. A robust collection of laws that impact the day-to-day delivery of healthcare in a multitude of
ways, such as
a) Record keeping for dispensing narcotics
b) Manufactures of drugs must show evidence of drug safety and provide evidence of
drug effectiveness
c) Initiated tracking of medical devices
d) Required reporting of serious events related to medical devices
4. FDA: Three healthcare divisions
Center for Device and Center for Drug Center for Biologics
Radiological Health: Evaluation Evaluation and Research:
and Research: CDER CBER
CDRH
Responsible for Responsible for oversight
regulating companies that of the development, testing
manufacture, repackage, and marketing of all Responsible for oversight of
re-label, and/or import pharmaceuticals (except the nation's blood supply
medical devices. vitamins and dietary
supplements)
Tracks reports of Includes over the counter, Ensures safety and

adverse events including prescription, biological effectiveness of biological
device malfunctioning therapeutics & generics products
Regulates all radiation- Other products such Includes vaccines, blood

emitting electronic as fluoride toothpaste, and blood products, cells,
devices antiperspirants, dandruff tissues, & gene therapies
shampoos and sunscreens
G. Safe Medical Device Act of 1990

(SMDA) 1. Overview of the law
a) Enacted in 1992
b) Amended in 1993 to require manufacturers to track products that are:
(1) Permanently implantable
(2) Life sustaining or life-supporting and intended to be used outside of device user facilities
c) Administered by the Food & Drug Administration (FDA)

d) The FDA wanted to intensify the act as hospitals initially were either not reporting or
under-reporting serious events, illnesses, injuries or death that were caused by, or
related to, medical devices
e) Requirements of the act
(1) Reporting serious events
(2) Tracking of several implantable devices
f) Facilities that are required to report
(1) Hospitals
(2) Ambulatory surgical facilities
(3) Nursing homes
(4) Home health agencies
(5) Ambulance providers
(6) Rescue squads
(7) Rehabilitation facilities
(8) Psychiatric facilities
(9) All outpatient diagnostic and treatment facilities that are not physicians' offices
g) Facilities exempt from reporting
(1) Offices including physicians, chiropractors, optometrists, nurse practitioners, dental offices
(2) Employee health clinics
(3) Freestanding care units
h) Patient confidentiality protections
(1) Reportable events should be handled under peer review, quality improvement or other
related protection programs
2. Reporting
a)If device has or may have caused or contributed to a death, report to product manufacturer (if
known) and FDA within 10 working days of notice (eMDR Electronic Medical Device Reporting)
b) If device has or may have caused or contributed to a serious injury, report to
product manufacturer only within 10 working days of notice. If the manufacturer is
unknown, report to the FDA (eMDR Electronic Medical Device Reporting)
c)If a facility submitted any eMDR Electronic Medical Device Reporting reports to the
manufacturer or the FDA, the facility must submit a summary to the FDA no later than Jan.1
3. Medical device tracking via FDA Modernization Act of 2002
a) Requires the final distributor (such as a hospital) to collect patient identifying information
for each patient who receives a tracked device and submit this to the manufacturers
b) Includes patient confidentiality provisions
c) Primary tracking especially lies with manufacturer
d) Records are to be maintained as long as the device is in use or in distribution for use
e) List is updated on an ongoing basis at www.fda.gov

4. Product recall drivers
a) Federal agencies
(1) FDA
(2) OSHA
b) Accreditation requirements
(1) The Joint Commission
c) Manufacturing trends: Outsourcing of products
(1) Product quality and safety outside full control of corporation
5. Product Recall Challenges
a) Develop standardized processes to receive and disseminate information about product
recalls, notifications, and safety alerts to appropriate departments and individuals
(1) Accountability — Establish who is responsible
(2) Communication plan
(3) Consider pharmaceuticals
(4) Alerts tracking mechanism
b) Timely management of recall and replacement efforts
c) Establish a claims processing mechanism
H. Emergency Medical Treatment and Labor Act (EMTALA)
a) Part of the Consolidated Omnibus Budget Reconciliation Act of 1986 (COBRA)
b) Enacted in response to practice of "patient dumping," the transfer of uninsured individuals
from one hospital emergency department to another for no reason other than inability to pay
c) Congressional mandate for hospitals and providers to provide a "safety net" for persons seeking
assessment and care for a possible clinical emergency at a Medicare-contracted hospital
d) Applies to:
(1) Hospitals that participate in the Medicare program and have a dedicated
emergency department (DED)
(2) Emergency physicians
(3) On-call physicians
2. Requirements
a) Provide a medical screening examination to determine if an "emergency medical condition"
(EMC) exists
b) If an EMC exists, provide appropriate medical treatment to stabilize the patient, subject to
the availability of resources (capability/capacity)
c) If capability/capacity is not available, provide "appropriate" transfer to facility that
does have capability/capacity to stabilize EMC
d) Participating hospital must accept a patient transfer from another hospital if it has the capability/
capacity to provide stabilizing treatment to patient that the transferring hospital does not have

3. Medical screening examination (MSE)
a) Not an isolated event, but an "ongoing process," per CMS
b) Elements for proper MSE
(1) Log entry with disposition
(2) Triage record
(3) Ongoing recording of vital signs
(4) Oral history
(5) Physical examination
(6) Use of all necessary testing resources to check for EMC
(7) Use of on-call physicians as needed
(8) Discharge or transfer vital signs
(9) Adequate documentation of all of above
c) Must be performed by a "qualified medical person" (QMP)
(1) Hospital determines criteria for QMP; must be outlined in medical staff bylaws
(2) CMS does not require physician to perform MSE; requires QMP to have
sufficient training to make proper decision
(3) American College of Emergency Physicians position: physician
should perform medical screening exam
d) MSE ends when determination is made by QMP that emergency medical
condition does not exist, no longer exists or patient is admitted or transferred
to a higher level of care for further treatment
4. Compliance
a) Hospital expectations
(1) Adopt and enforce policy consistent with EMTALA
(2) Adopt policy outlining which medical personnel are qualified to perform MSE
(3) Post signs informing the public of the hospital's EMTALA obligations
(4) Maintain central log of all patients who present to facility and request
care for an emergency medical condition
(a) Each department that meets the definition of a DED must maintain a log
(b) Log must include notations of patient dispositions
(c) Records of persons transferred to or from the hospital must be kept for
five years from date of transfer
(5) Maintain list of on-call physicians
(a) 24-hour coverage of all specialties not required
(b) Hospitals are responsible to maintain list in manner that "best meet the
needs of hospital patients receiving required EMTALA services"
(c) Make and document efforts to arrange for such coverage
(d) CMS will apply "reasonable standard" rule retrospectively to determine if
on-call coverage was appropriately scheduled given services available at
hospital

(6) Advise patients who refuse treatment of risks of leaving before completing
their screening assessment or treatment
(a) Document efforts
(b) Attempt to have the patient sign a form that confirms the decision to leave
"against medical advice" (AMA)
b) Financial screening of patient is permitted if:
(1) There is no delay in patient receiving MSE or stabilizing medical treatment in order to
inquire about insurance status
(2) Hospital does not attempt to obtain treatment authorization from patient's primary
caregiver or health plan before providing MSE, any needed stabilizing treatment or
arranging for appropriate transfer to higher level of care
(3) Patient is not made to feel pressured or coerced in not staying for treatment
5. EMTALA applies to:
a) Any individual who comes to the emergency department and requests exam and treatment
for a medical condition, or request is made on his/her behalf
b) Any individual, on hospital property other than DED, who requests exam and
treatment for what may be an EMC
(1) Includes individual who would qualify for care under prudent layperson standard
(2) "250-yard rule": hospital campus defined as entire main campus including parking
lot, sidewalk and driveway or hospital departments including buildings owned by the
hospital within 250 yards
6. EMTALA does not apply to:
a) Patients at hospital for scheduled outpatient procedure who are already under medical care
and develop potential emergency conditions
b) Inpatients
c) Hospital off-campus departments (unless that department meets the definition of DED)
d) Ambulances operating under community wide emergency medical service protocols (1)
If ambulance shows up at hospital, regardless of divert status, EMTALA is triggered
e) During national emergency; CMS issues appropriate guidance to hospitals
7. Hospital's EMTALA obligation ends if:
a) It is determined that no EMC exists
b) The EMC is stabilized
c) Patient is admitted to hospital for further treatment
d) Patient is appropriately transferred to hospital that can provide stabilizing treatment
8. Transfers
a) An unstable patient with an EMC may not be discharged or transferred to another facility unless:
(1) Hospital does not have capability/capacity
(2) Physician certifies that benefits of transfer outweigh risks
(3) Patient refuses treatment or requests a transfer

b) Appropriate transfer (CMS definition)
(1) Transferring hospital has provided medical treatment within its capacity to minimize
risk of transfer
(2) Receiving facility has capacity and capability and has agreed to transfer
(3) All patient medical records related to emergency condition available at time of transfer
are sent with patient
(4) Transfer effected through qualified personnel and transportation equipment
(5) Any other requirements as CMS may find necessary in interest of health and safety of
patient transferred
c) Discharge from hospital considered "transfer" under EMTALA
d) Physician must sign transfer form
9. Psychiatric patients
a) Only considered stable once he/she is "protected" and prevented from injuring
himself/herself or others
10. Penalties/sanctions
a) Non-compliance may result in investigation by state licensing authority (SA), state
quality improvement organization (QIO), CMS, the Office of the Inspector General
(OIG) or Office of Civil Rights (OCR)
b) Civil monetary penalties (CMPs) of up to $50,000 per violation for hospital and/or physician(s)
c) Can lead to termination of participation in Medicare program for both hospitals and physicians
d) Hospital has a duty to report violations or inappropriate transfers (e.g., no prior notice
from other hospital, financial "dumps," etc.) to state licensing authority or directly to
CMS within 72 hours — not doing so is, itself, a violation
e) Whistle-blower statute: any facility or individual who retaliates against physicians or
other qualified individuals who refuse to authorize unsafe or inappropriate transfer or
anyone who reports suspected EMTALA violation, can be fined
11. Risk management implications of EMTALA
a) EMTALA violations are too costly not to have policies and procedures established
and education provided and enforced to ensure compliance
b) Staff should be trained/retrained on EMTALA compliance at least annually
c) Staff should be educated to treat presenting patients based on presenting signs
and symptoms to avoid potential EMTALA violations
d) Staff should understand that MCOs cannot deny a patient access to hospital services
but may deny payment for those services
I. Medicare Regulations for Long Term Care Facilities (LTC)
1. Overview of long-term care
a) Care provided in person's home or community, assisted living facilities (ALFs), skilled
nursing facilities (SNFs), continuing care retirement communities (CCRCs), etc.
2. Omnibus Budget Reconciliation Act of 1987 (OBRA)
a) Basis for uniform regulations governing care and assessment of nursing home
residents under Federal Nursing Home Reform Act of 1987

b) Establishes requirements relating to provision of care such as assessing residents, training for
nurse's aides, physician examinations, follow-up visits, level of nursing care, nursing coverage
and the establishment of quality assurance committee that meets regularly, at least quarterly
c) Emphasizes residents' rights, promoting the dignity of residents; residents may file
formal complaints about infractions of any rights
d) As a condition of maintaining Medicare provider agreement, nursing facilities are
required to go through survey and certification process every 9-15 months. Four
areas of focus evaluated in this survey:
(1) Quality of care furnished to residents
(2) Adequacy of written plans of care
(3) Accuracy of residents' assessments
(4) Compliance with residents' rights
e) Enforcement
(1) Empowers the survey agency (state and/or CMS) to impose
sanctions on noncompliant providers
(2) Civil monetary penalties or fines of up to $10,000 per day
(3) Denial of payment for new admissions
(4) Termination from the Medicare and Medicaid programs
(5) New sanctions may be imposed with greater flexibility and speed
(6) Types of deficiencies that trigger an appeal option; not all survey actions can be appealed
3. LTC Requirements
a) Develop initiatives to continually improve and maintain overall level of patient
care (including a special focus on restraint reduction)
b) Reduce the incidence of pressure ulcers and malnutrition
c) Imposes staffing obligations: Nursing coverage, physician examinations and follow-up visits
d) Establish a formal training and certification for nursing assistants
e) Establish and enforce resident's rights
f) Periodic and routine survey and certification process by state agency on behalf of CMS or CMS
4. Risk Management in LTC
a) Industry trends
(1) Increased frequency and severity of claims
(2) Declining or inadequate reimbursement
(3) Chronic staffing shortages
(4) Heightened awareness of medical errors in LTC facilities
b) Increasing awareness and citations for elder abuse violations
c) Regulations vary from state to
state J. Child abuse and neglect 1.
Overview

a) Federal initiatives in 1974 (CAPTA) with amendments in 1996
b) Children and Families Safe Act of 2003 defined child abuse
c) Abuse
(1) Any recent act or failure to act on the part of a parent or caretaker which results in
death, serious physical or emotional harm, sexual abuse or exploitation, or an act
or failure to act which presents an imminent risk of serious harm
(2) Four main categories:
(a) Neglect
(b) Physical abuse
(c) Sexual abuse
(d) Emotional abuse
d) Neglect
(1) Deprivation of adequate food, clothing, shelter or medical care
e) Every state has enacted mandatory reporting requirements relating to suspected child
abuse and neglect, including crime codes
f) Requires healthcare practitioners, teachers and professionals in positions who interact
with children to report suspicions or known abuse or neglect
g) Exceptions to reporting exist but are mainly focused on children who are under treatment
by spiritual means
2. Risk management implications regarding child abuse and neglect
a) Educate staff on symptoms of child abuse and mandatory reporting
b) Requirements under state law
c) Be knowledgeable of your state reporting requirements and elements to report
d) Ensure a policy and procedure for reporting and examinations
exists K. Elder abuse and neglect
1. Types of elder abuse
a) Physical abuse
b) Sexual abuse
c) Psychological or emotional abuse
d) Neglect
(1) Self-neglect: Intentional decision by a competent individual to refuse or fail to
provide him/herself with adequate food, water, clothing, shelter or who engages in
acts to threaten his or her own welfare
e) Financial exploitation
f) Abandonment
g) Abduction by family members
(1) Some states offer immunity provisions protecting those who report from civil liability
2. Consequences of not reporting

(1) Significant penalties up to and induding loss of licensure, allegations of unprofessional conduct
and exposure to civil litigation to the individual and facility who fail to uphold the law
3. Elder abuse and neglect risk management implications
a) Become familiar with mandatory reporting requirements, including permitted statutory
exceptions relating to child, elder and dependent adult abuse and neglect
b) Provide ongoing education to hospital staff and physicians regarding the
reporting obligations under state laws
c) Develop a policy for identification and reporting of elder abuse
d) Review information from National Center on Elder Abuse (www.elderabusecenter.org)
L. The Americans with Disabilities Act (ADA): Title III Nondiscrimination on the Basis of
Disability in Public Accommodations and Commercial Facilities www.usdoj.gov/crt/ada
1. Title III prohibits private entities that provide public accommodations and services from
denying goods, services and programs to people based on their disabilities.
a) Includes the following:
(1) Structural accessibility requirements for private entities
(2) Programmatic access: Reasonable modifications in policies and procedures or practices
when such are necessary to provide same level of goods, services, etc. to disabled as non-
disabled
2. Public accommodations:
a) Must not impose or apply eligibility criteria that screen out or tend to screen out
an individual with a disability or any class of individuals with disabilities
b) May impose legitimate safety requirements that are necessary for safe operation.
c) May not impose a surcharge on a particular individual with a disability or any group
of individuals with disabilities to cover the costs of measures for accommodation
3. Definition of a disability according to ADA
a) A physical or mental impairment that substantially limits one or more of the major life
activities of such individual
4. Examples of physical or mental impairment
a) Anatomical loss affecting one or more of the following body systems
b) Any mental or psychological disorder such as mental retardation, organic brain
syndrome, emotional or mental illness, and specific learning disabilities
c) Includes, but is not limited to orthopedic, visual, speech, and hearing impairments,
cerebral palsy, epilepsy, muscular dystrophy, multiple sclerosis, cancer, heart disease,
diabetes, mental retardation, emotional illness, specific learning disabilities, HIV disease,
tuberculosis, drug addiction, and alcoholism
5. Major life activities
a) Functions such as caring for one's self, performing manual tasks, walking, seeing,
hearing, speaking, breathing, learning, and working
M. Clinical Laboratory Improvement Act (CLIA)
a) Enacted in 1998 by Congress to establish quality standards for clinical laboratories

b) Oversight by CMS CDC (Division of Laboratory System) and FDA
c) Cited reasons for enactment
(1) Misread lab tests
(2) Absence of workload limits for lab technicians
(3) Proliferation of unregulated laboratories
d) Law establishes three categories of covered tests:
(1) Waived complexity
(2) Moderate complexity
(3) High complexity
e) Specifies quality standards
(1) Proficiency testing (PT)
(2) Patient test management
(3) Quality control
(4) Personnel qualifications
(5) Quality assurance for labs performing moderate and high complexity tests
(6) Stringency of standards linked to complexity of tests
f) Labs performing gynecologic cytology testing must ensure each pathologist or cytotechnologist
who participates in screening must annually enroll in CMS-approved cytology PT program
2. Risk management implications of Clinical Laboratory Improvement Act
a) Remain aware of the regulations as they undergo revisions
b) Assure those responsible for lab interpretation are properly enrolled in appropriate
programs N. Human Research Subjects
1. Overview
a) Mandatory strong safeguards for the safety of human subjects in medical
research is a primary obligation for clinical investigators and institutions
b) Ethical principles for current regulations governing human biomedical research
(1) Respect for persons: Recognition of the personal dignity and autonomy of individuals
and special protection of those persons with autonomy (vulnerable subjects)
(2) Beneficence: Involves an obligation to maximize benefits and minimize risks if
harm (non-maleficence)
(3) Justice: Requires a fair distribution of benefits and burdens of research
2. Federal research requirements
a) Respect for autonomy of the research subject
b) Protection of vulnerable populations
c) Absence of coercion
d) Reasonable balance of benefits and burdens of the proposed research for the
individual subject and not for society, at large

3. Responsibility of institutional review boards (IRBs)
a) Reviewing all clinical, translational research conducted at the institution
b) Reviewing minimization of risks to human subjects to the greatest extent possible
c) Reviewing equitable selection of subjects
d) Assuring risks are reasonable in relation to anticipated benefits
e) Assuring risks, benefits and alternative options are clearly communicated to
potential human subjects during the informed consent process
f) Educating the research community on proper conduct of research
g) Assuring privacy and confidentiality of research subjects
4. IRB authority and membership
a) Authority
(1) Prospective review
(2) Monitoring
(3) Require modification of protocols
(4) Approve or disapprove the research
b) Membership
(1) Minimum of five members of diverse backgrounds
(2) Includes one non-affiliated member, one non-researcher, one scientific member
(3) No member may participate in an IRB review of a study with which the IRB
member has a conflict of interest
(a) Member is the investigator
(b) Member has a financial interest
(c) Member has any other interest that may have an adverse impact on the ability to
exercise independent judgment
5. IRB activities
a) Review of application and proposal for DHHS-funded human research
b) Prospective and ongoing review of research activities (non-exempt)
c) Review and approval of research conducted at intervals appropriate to the degree of
risk, but not less than once per year
d) Reporting of adverse events and unexpected risks to human subjects
e) Approval of amendment and modifications to protocols and consent forms
f) Documentation of review of protocols, actions, findings, and attendance in IRB minutes
6. Compliance
a) Oversight by DHHS and Food and Drug Administration (FDA)
b) Scope: Results of research, whether in terms of scientific recognition and/or
financial reward, may never take priority over the research subject
(1) Conduct compliance inspections of institutions engaged in research
(2) Provide oversight of IRB activities

c) Federal oversight activities have increased in recent past
d) Continued emphasis due to increasing public interest in ethical and procedural proprietary
of biomedical research
e) Non-compliance can result in:
(1) Loss of reputation, funding (which may be substantial)
(2) Heightened oversight by federal investigative and/or prosecutorial bodies
7. Common deficiencies identified by DHHS Office for Human Research Protections
(OHRP, www.hhs.gov/ohrp)
a) Consent form deficiencies
(1) Language not understandable to public
(2) Inadequate explanation of benefits
(3) Failure to address all elements of informed consent
(4) Failure to describe all research procedures
b) IRB procedural and process deficiencies
(1) Inadequately written policies and procedures
(2) Improper use of expedited review
(3) Inadequate information available to support risk, benefit determination
(4) Substantive changes to protocol and consent without full IRB review
(5) Failure of documentation of IRB actions
c) Lapsed IRB approval (approval valid for one year)
d) Failure to report unanticipated problems involving risks to subjects, serious and continuing
noncompliance, suspensions and terminations to OHRP
8. Risk management considerations with human research subjects
a) Understand protection rights of human subjects
b) Know confidentiality of human subjects is held to higher level than general patients
c) Understand common deficiencies cited by OHRP and work with responsible persons
to assure compliance with human subject research activities
0. Patient Safety and Quality Improvement Act
a) Law enacted in 2005
b) Medical error: failure of a planned action to be completed as intended or the use of a wrong
plan to achieve an aim, including problems in practice, products, procedures and systems
c) Patient safety organization (PS0): private or public entity or component thereof that
is listed by the Secretary of the Department of Health and Human Services (DHHS)
pursuant to the Act
(1) PSO must be certified and listed by DHHS
d) Patient safety work product (PSWP): any data, reports, memoranda, analyses (such as root
cause analyses) or written or oral statements
(1) Assembled or developed by a provider for reporting to a PSO and are reported to a

PSO; or are developed by a PSO for the conduct of patient safety activities and which
could result in improved patient safety, healthcare quality or healthcare outcomes
(2) Identify or constitute the deliberations or analysis of, or identify the fact of reporting
pursuant to, a patient safety evaluation system
e) Patient safety activities primarily conducted by a PSO
(1) Efforts to improve patient safety and the quality of healthcare delivery
(2) Collection and analysis of patient safety work product
(3) Development and dissemination of information with respect to improving patient safety
(4) Utilization of patient safety work product for the purposes of encouraging a culture of safety
(5) Maintenance of procedures to preserve confidentiality with respect to patient safety
work product
(6) Provision of appropriate security measures with respect to patient safety work product
(7) Utilization of qualified staff
(8) Activities related to the operation of a patient safety evaluation system
f) Patient safety evaluation system (PSES): collection, management or analysis of information
for reporting to or by a patient safety organization
g) Provider: individual or entity licensed or otherwise authorized under state law to provide
healthcare services Examples: hospitals, nursing facilities, home health agencies,
pharmacies, nurse practitioners, physicians' offices, physical or occupational therapists
2. Purpose
a) To provide for improvement of patient safety and reduce incidence of events that adversely
affect patient safety
(1) Establishes framework for creation of national database on medical errors
(2) Designates individual reports as confidential
(3) Grants participating providers protection from being compelled to disclose certain
information
(4) Allows for reporting and subsequent analysis of medical error information
b) Encourages open communication among providers and regulators that could result in
improved safety, healthcare quality and/or healthcare outcomes
3. Agency for Healthcare Research Quality (AHRQ) is responsible for implementing the act
4. Voluntary reporting of errors
a) Act imposes no mandatory reporting provisions
b) Privilege and confidentiality protections provide incentive for providers to participate
c) Protections afforded to patient safety work product reported to a patient safety organization
5. Establishment of PSOs
a) Certified by DHHS secretary
b) Must have policies and procedures in place to perform patient safety issues required by act
c) Must resubmit for certification every three years
d) Provisions for revocation of certification if entity no longer meets certification requirements

6. Creating network of patient safety databases
a) Maintained by DHHS
b) Network capable of accepting aggregating across the network and analyzing
non identifiable PSWP reported by PSOs, providers or other entities
c) Information reported used to analyze trends and patterns of healthcare errors nationally
as well as regionally
d) Error data will be available to the public
7. Enforcement
a) DHHS may assess CMPs for violation of confidentiality and privilege provisions of the act
(1) Up to $10,000 for each act constituting a violation
(2) Six-year statute of limitations
(3) No double penalties (HIPAA, PSQIA)
(4) Private action (civil suit) permitted for adverse employment action against individual
subsequent to report individual has made to provider or PSO
8. Privilege and confidentiality protections
a) Privilege of act preempts federal, state or local law
(1) PSWP not subject to federal, state or local civil or criminal administrative subpoena or
order including disciplinary proceeding against a provider
(2) PSWP not subject to discovery in disciplinary proceeding against a provider
(3) PSWP not admissible as evidence in civil or criminal proceeding including one against
a provider
(4) PSWP not admissible in professional disciplinary proceeding by disciplinary body
pursuant to state law
b) Confidentiality preempts all federal, state or local law but allows application of any law
that is more stringent in confidentiality provisions
c) Exceptions to protections (privilege and confidentiality)
(1) For criminal proceeding only after in careful determination that PSWP is material to
the proceeding and not reasonably available from any other source
(2) During adverse employment action to extent required to provide equitable relief
to aggrieved individual
(3) If authorized by each provider identified in the work product
(4) Voluntary disclosure of non-identifiable PSWP
(5) Eight additional exceptions for confidentiality protection:
(a) To carry out patient safety activities
(b) Non-identifiable PSWP
(c) For research, evaluation or demonstration projects
(d) To FDA for product or activity regulated by FDA
(e) By provider to accrediting body for accrediting purposes
(f) Other, as determined by DHHS secretary

(g) Law enforcement authorities if necessary for criminal law enforcement purposes
(h) If other than a PSO, PSWP does not include assessment of provider's quality of care
(6) PSWP continues to be privileged and confidential even after disclosure; however,
no confidentiality provisions in criminal proceeding
(7) No privilege or confidentiality protections when non-identifiable PSWP is disclosed
9. Whistle-blower protection
a) Includes loss of employment, failure to promote individual, failure to provide employment-
related benefit, adverse decision made in relation to accreditation, certification,
credentialing or licensing of individual
10. PSOs and HIPAA
a) PSOs treated as business associates under HIPAA
b) Patient safety activities of PSOs constitute healthcare operations of provider
11. Risk management implications of Patient Safety and Quality Improvement Act
a) Structure of PSOS and protections they afford, will enable risk managers to have access to
information otherwise unavailable or guarded under attorney client and work product privilege
b) PSOs should demonstrate at least basic competencies of its staff performing
clinical, technical and analytical functions
12. PSOs must accept data in the most efficient way possible, thereby ensuring a reasonable cost
structure
a) Ensure stringent technological and human firewalls to protect information being shared
with a PSO
VI. Data Management Regulations and Laws

A. The Health Insurance Portability and Accountability Act
(HIPAA) 1. Overview of the law
a) Goal: Reduce costs and administrative burdens of healthcare by standardizing electronic
transactions of certain administrative and financial transactions previously carried out on paper
b) Title II "Administrative Simplification" established national standards for
electronic healthcare transactions
c) Covered entity must appoint privacy and security officer
d) Requires providers, health plans and employers to adopt unique health identifiers
for electronic transactions
e) Established national standards for protecting the privacy and security of health information
f) Protects consumers against unauthorized use and disclosure of health information
g) Implemented by the Department of Health and Human Services (DHHS)
h) 17 direct identifiers
(1) Details at http://www.cms.gov/HIPAAGenInfo

2. Elements of the Privacy Rule and the Security Rule
Privacy Rule Security Rule
• Protects privacy and confidentiality of • Builds upon Privacy Rule

individual's health information • Governs PHI only in electronic form
• Governs how covered entities (CE) may use • Safeguards the confidentiality, integrity and
and disclose patient information maintained availability of electronic health information
or transmitted by a CE
• Requires CE to protect confidentiality,
• Imposes restrictions on what information integrity and availability of all electronic
can be disclosed, who may receive the PHI it creates, receives, maintains or
information and permitted uses transmits
• Calls for a security/privacy officer • Protects against reasonable anticipated
• Limits who is authorized to access PHI threats or hazards
• Ensures compliance by members of the
workforce
• Seeks to ensure that only authorized
individuals can access information
• Requires administrative, physical and
technical safeguards
3. State vs. federal protections

a) HIPAA establishes a minimum level for the protection of confidentiality and security
of PHI at the federal level
b) Provides a floor for protecting the confidentiality and security of PHI
c) Preempts any state law that is contrary
d) States with more stringent rules will supersede the federal level
e) When able, entities should conform to federal, state and local laws
4. Direct identifiers
• Name/initials • Medical record numbers • Other identifying numbers

• Street address, city, county, • Health plan ID numbers or characteristics
precinct, ZIP Code • Account numbers • Biometric identifiers,
• All elements of dates including finger and voice
• Certificate/license numbers prints
(except year) directly
• Vehicle identifiers and serial
related to an individual • Full face photos and
numbers, including license
• Ages over 89 comparable images
plate numbers
• Telephone number Device identifiers and serial • Any other unique
numbers identifying number,
• Social Security number
• Web addresses characteristic or code
• Fax number
• Internet IP addresses
• E-mail address

5. Exclusion of PHI
a) Education records (covered by Family Educational Rights and Privacy Act)
b) Employment records (held by CE in its role as employer)
6. Patient rights under the rule
a) Access to PHI
(1) Exclusions
(a) Psychotherapy notes
(b) Notes compiled in anticipation of court proceeding
(c) PHI obtained from source other than health care
(d) PHI that would endanger the life or safety of an individual
(e) PHI created or obtained in the course of a clinical study
(f) Denial of PHI access must be in writing by the CE
b) Requesting corrections and amendments to PHI
(1) Request must be made in writing by patient
(2) CE must respond within 60 days
c) Requesting confidential communications (alternative means or locations)
(1) CE must comply with "reasonable requests"
(2) Requests must be in writing
(3) Denials by CE must be in writing
d) Requesting accounting of disclosures:
(1) Must occur over six-year period
(2) Incidental disclosures and those used for TPO are excluded
e) Requesting restrictions of PHI disclosure:
(1) CE does not have to comply with request
(2) If CE complies, CE is bound by agreement until terminated, except in emergency situations
f) Inspecting and copying PHI
(1) If maintained in designated record set
(2) Request must be in writing
(3) CE must reply within 30 days if has PHI; allowed one 30-day extension
g) Copy of the Notice of Privacy Practices (NPP) from covered entities
h) Right to complain
(1) To the Privacy or security officer of the CE
(2) To Office of Civil Rights (OCR)
(3) Whistle-blower protections
i) Notice of Privacy Practices (NPP)
(1) Is responsibility of CE
(2) Delineates how CE routinely uses and discloses PHI
(3) Details responsibility of CE and patient

(4) Direct treatment providers (hospitals, physicians) must provide to patient on first date
of treatment
(5) Must make "good faith effort" to obtain signature of patient's receipt (one time
signature unless significant changes are made to NPP)
j) Permitted disclosures where authorization is not necessary:
(1) Treatment, payment and/or healthcare operations (TPO)
(2) Quality assurance
(3) Compliance
(4) Business planning and development
(5) Reporting of disease, injury or disability
(6) Child abuse
(7) Reports of abuse, neglect or domestic violence
(8) FDA regulated product reporting requirements
(9) Public health activities
(10) Employers for work related injuries or illnesses
(11) Healthcare oversight activities
(12) Disclosures for judicial or administrative proceedings
(13) Law enforcement purposes
k) As required by law:
(1) Reporting of certain wounds, injuries
(2) Descendants related to criminal activities on the CE premises
(3) To identify and locate a missing person, fugitive, material witness
(4) Emergencies
(5) Organ procurement organizations
(6) Health and safety threats
(7) Government-related disclosures
1) Disclosures where separate authorization is required
(1) Release of psychotherapy notes including drug, alcohol treatment
(2) Research
(3) Marketing
(4) HIV records or labs
m) Business associates
(1) If a CE shares PHI with a business associate, it must enter into an agreement to obtain
"reasonable assurances" that the business associate will protect the PHI in compliance
with the Privacy Rule and Security Rule
n) Security Rule
(1) Administrative safeguards
(a) Implementation of security management process (gap analysis)
(b) Plan to address vulnerabilities

(2) Physical safeguards
(a) CE must employ physical measures as well as policies and procedures to protect
electronic information from natural or unauthorized intrusion
(b) Facility access controls: maintaining integrity of electronic data when operating in
contingency or emergency conditions
(c) Work station uses and security: prevention of unauthorized access, inappropriate use;
may include use of identification badges, etc.
(d) Device and media: control over portable media (CDs, zip drives) and removal of PHI
from obsolete equipment
(3) Technical safeguards
(a) CE must impose access and audit controls, implement policies and procedures to
protect PHI, procedures to authenticate persons or entities seeking access
(4) Security measures to protect against unauthorized access to PHI transmitted in
electronic format
(5) Examples:
(a) Access controls
(b) Audit controls
(c) Integrity
(d) Authentication
(e) Transmission security
(f) Non-compliance implications
(6) Civil monetary penalties (CMP)
(a) Five areas for determining if a CMP may be imposed:
(i) Nature of violation
(ii) Circumstances (including consequences) of violation
(iii) Degree of the CE's culpability
(iv) CE' s history of offenses
(v) CE's financial condition
(vi) Also, CMP may be assessed individually to members of the workforce
(7) No CMP may be imposed if:
(a) CE was unaware of the violation
(b) CE had reasonable cause (not willful neglect) and the CE corrects the problem
within 30 days of discovering the failure
(c) CE is criminally liable for the offense
(8) Civil penalties:
(a) CE may be penalized $100 per violation if CE did not know (and by exercising
reasonable diligence would not have known) that he/she violated HIPAA unless
exceptions apply
(b) For repeated offenses, the CE cannot be penalized more than $25,000 in calendar year

(c) Penalty amounts may change. To obtain the most up-to-date information go to
http://www.hhs.gov/ocr/privacy/index.html
(9) Criminal liability:
(a) Federal act does not provide any private right of action (for filing suit) although
some state laws may exist
(b) CE may be subject to criminal penalties through Department of Justice (as referred
to by OCR)
(c) CE may be held criminally responsible for knowing disclosing or obtaining PHI in
violation of HIPAA statute; fines may be up to$50,000 and one-year imprisonment.
(d) The criminal penalties increase to $100,000 with imprisonment for up to five years
if the wrongful conduct involves false pretenses
(e) Infractions for malicious intent to harm or for personal gain may result in a penalty
of $250,000 and up to 10 years in prison
n) Risk management implications of the Health Insurance Portability and Accountability Act
(1) Support and collaboration with the privacy and security officers
(2) Provide training of workforce on policies and procedures related to HIPAA
Privacy Rule and Security Rule
(3) Establish steps for responding to complaints, requests
(4) Ensure compliance to assure NPP is provided to patient
(5) Create paper trail of documentation
(a) Complaints
(b) Workforce training
(c) Sanctions
(d) Disclosures to business associates
(6) Have broad knowledge base on local, state and federal laws where there may be conflict
(7) Retain all HIPAA records for minimum of six years
B. Health Information Technology for Economic and Clinical Health Act (HITECH)
1. HITECH includes a series of privacy and security provisions that expand the
current requirements under HIPAA's Privacy Rule and strengthens its enforcement
2. Promotes and advances the adoption of health information technology (HIT)
3. HIT is intended to provide rapid, efficient and secure coordination of care and sharing of
information among hospitals, physicians, long term care facilities, home health agencies and
all other authorized users.
4. HITECH — Breach Notification Rule:
a) Creates the right of individuals to be notified by the "covered entity" (CE) within 60
days if there is a breach of their protected health information (PHI)
b) A "breach" is defined as "the unauthorized acquisition, access, use, or disclosure of
[PHI] that compromises the security or privacy of such information, except where an
unauthorized person to whom such information is disclosed would reasonably have
been able to retain such information"

5. Breach Notification — Requirements
a) Notification requirements
(1) Under special circumstances posting on the home page of the covered entity
— or notice in major print or broadcast media
(2) If felt to be urgent due to the possibility of "imminent misuse" of the PHI, notice
by telephone or other method
(3) Written notice to the individual or their next of kin
(4) If the breach is believed to affect more than 500 residents of a state or jurisdiction,
notice must be provided to prominent media within that area, and posting on HHS web
site
6. Notification requirements apply to both providers and their business
associates. C. Medical Record
1. Purpose
a) Primary communication medium for planning, coordinating, and orchestrating patient
care in which private health information about a patient is recorded
b) Primary basis for reimbursement
c) Legal document
d) Defense against negligence claims
2. Medical record content
a) Results of physical examinations
b) Medical history
c) Treatment reports
d) Lab and X-ray reports
e) Physician orders
f) Consultation reports
g) Anesthesia reports
h) Operative reports
i) Signed consent forms
j) Nurses notes
k) Vital sign record
1) Medication administration report
3. Medical record should be:
a)Complete
b) Legible
c)Accurate
4. TJC requires that all facilities treating patients maintain adequate medical records that:
a) Contain sufficient information to identify the patient (may include photographs)
b) Support the diagnosis
c) Justify the treatment
d) Document the course of treatment and results of same
e) Promote continuity of care among healthcare providers
5. The medical record is an important business record that may be accessed by:
a) Physicians
b) Peer review organizations
c) Billing department
d) Health plans
e) Health maintenance organizations (HMO)
f) Healthcare clearinghouses
g) Government agencies
h) Government funded organizations
i) Accreditation bodies
j) Quality review organizations
k) Third-party payors for reimbursement
1) Research professionals
m) Legal counsel
n) Patient/guardian
6. Required entries and signatures/authentication by a healthcare practitioner
a) TIC requires all entries by dated and timed
b) Entries can be authenticated by:
(1) Written signature
(2) Identifiable signature
(3) Electronic signature
(4) Computer key
7. The person responsible for ordering, providing and evaluating the service
performed personally authenticates the record
8. Generally, the person who made the incorrect entry should correct it according to
established policy if correction is necessary
9. Changes should be made by a healthcare professional within their scope of practice, as
defined by their state licensing and certification laws
10. Record retention
a) Federal and state laws apply
b) False Claims Act — An action for a false claim act may not be brought
(1) More than 6 years after the date on which the violation is committed
(2) More than 3 years after the date when facts material to the right of action are known
or reasonably should have been known by the US government official charged with
responsibility to act in the circumstances, but in no event more than 10 years after the
date on which the violation is committed, whichever occurs last

(3) Office of the Inspector General's Model Compliance Guide for Hospitals states that a
hospital compliance program should provide for the implementation of a records system
(4) Record system should establish policies and procedures regarding:
(a) Creation
(b) Distribution
(c) Retention
(d) Storage
(e) Retrieval and access
(f) Destruction
(g) Medical records should be retained as long as there is a medical or administrative
need (most states have specific guidelines)
(h) Statutes and regulations specify the method by which a record may be
destroyed D. Documentation
1. Regulations
a) Federal and state statutes
b) Professional practice standards
c) Specific healthcare facility protocols
d) Third-party payors
e) Accrediting organizations
2. Ownership of medical records
a) Healthcare facility or provider owns the actual record
b) Patient owns the information contained within the record
3. Tampering with medical records
a) Report such activities
b) Risk management involvement
c) Forensic document examination
(1) Electrostatic detection apparatus
(2) Ink analysis
(3) Infrared exams
(4) Identification of date markers
4. Charting and documentation models
5. Documentation challenges
a) Electronic documentation
(1) Copy and paste
(2) Wrong patient record
(3) Navigation challenges
b) Uncooperative or noncompliant patients

c) Objective rather than subjective
d) Legible
e) Correcting errors in the record
f) Patient or family request a medical record correction
g) Hearsay
h) Telephone advice in the physician's office practice
i) Adverse event and incident documentation
j) Pagination
k) When doctors do not
arrive 1) Countersignatures
m) Abbreviations
n) Authentication
6. Risk manager's role
a) Monitor to assess quality of documentation
b) Communicate regularly with the medical records committee/Health Information Services/
Health Information Management Committee
c) Educate the clinical staff
d) Establish steps for responding to complaints and requests including paper trail of steps taken
e) Awareness of non-compliance implications, both civil and criminal at a local, state and
federal levels
f) Work closely with privacy and security officers
g) Retain HIPAA records for minimum of six (6) years
E. Information technologies: challenges for the risk manager
1. HIPAA security regulations
2. New variations of old concerns introduced by new information technologies
3. Electronic medical records
a) Legal requirements
b) Confidentiality
(1) Policy
(2) Vendors and data clearinghouses:
(a) Electronic incident reporting systems
(b) Scanning of medical records
(c) Accessibility and durability
(d) Accuracy and evidentiary concerns
(e) Security:
(i) Data encryption
(ii) Passwords and access codes

(iii) Virus protection and firewalls
(iv) Digital signatures
4. HIPAA minimum necessary information, business associates, etc.
5. Staff education
E Release of confidential information without patient consent
1. Physician/therapist duty to third persons in psychiatric cases ("duty to warn")
2. Records of alcohol and drug abuse patients
3. Medical records containing HIV or AIDS related information
4. Release of patient information to law enforcement agencies
5. Research programs
G. Dissemination of information to internal or external review organizations
1. Medical error reporting
2. Sentinel event reporting
3. FDA reporting
H. Confidentiality of business and other records
1. Incident reports
2. Credentialing files
3. National Practitioner Data Bank (NPDB)
4. Healthcare Integrity and Protection Data Bank (HIPDB)
a) Peer review privilege
b) Attorney-client privilege
I. Electronic mail
J. Social media
1. An undeniable force to be recognized and managed with specific policies, procedures and
strategies for enforcement
2. Its rapid and informal communication style represents liability exposures that are immediate,
costly and not retractable
K. Telemedicine/telehealth
1. The practice of using electronic technology to provide patient care over distance
a) Use of telecommunication technologies, such as Internet or videoconferencing, to bridge
geographic gaps and improve healthcare delivery
b) Provision of clinical care (diagnostics, treatment, follow-up) via telecommunications
c) Provision of healthcare consultations and education through telecommunications networks to
communicate information
d) Medical practice across distance via telecommunications and interactive video technology
e) Computer-based, interactive communication and transmission of images (X-ray films,
pathology slides, scope images, anatomical photographs, patient records, EKGs, vital signs,
pulse oximetry, and fetal monitoring)

2. Forms/utilization
a)Tele pharmacy
b) Robotics in the OR, ER and with rounds
c)eICU
d) Terrorist or similar catastrophic events
e)Workforce shortages
3. Risk exposures and challenges
a)Practice standards
b) Licensure and credentialing
c) Financial and regulatory compliance
d) Legal
e) Medical and hospital professional liability
f) Data integrity, confidentiality and protection
g) Technical
VII. Payment Regulations and Laws

A. Omnibus Budget Reconciliation Act of 1989
1. Better known as Stark I, II, III: Anti self-referral law
2. Purpose of the law is to deter fraud by prohibiting a physician from referring patients
to an entity for a designated health service (DHS) covered by Medicare, if the physician
or a member of his immediate family has a financial relationship with the entity, unless
an exception ("safe harbor") exists
3. Stark
a) Prohibits anyone from submitting a claim or a bill to any person for a service or
item furnished pursuant to a prohibited referral
b) Includes bribes, kickbacks, excessive or unreasonable discounts or rebates, and
profit-sharing agreements
c) Various healthcare services under scrutiny include:
(1) Labs
(2) PT/OT
(3) Radiology and radiation oncology
(4) DMEs
(5) Prosthetics
(6) HHC
B. Recovery Audit Program (RAC — Recovery Audit Contractor)
1. Purpose is to identify and correct Medicare improper payments through the detection
and collection of overpayments and underpayments made on claims of healthcare
services provided to Medicare beneficiaries

2. Claims submitted to Medicare are screened prior to payment and are generally paid without
requesting the supporting medical records. As a result, some claims may be paid inappropriately,
resulting in improper payments. The most prevalent reasons for improper payment are:
a) Items or services that do not meet Medicare's coverage and medical necessity criteria
b) Items that are incorrectly coded
c) Services where the supporting documentation submitted does not support the ordered
service C. Medicare, Medicaid, and SCHIP Extension Act (MMSEA)
1. Requires that liability insurers (including self-insurers), no-fault insurers, and workers'
compensation plans report details of settlements, awards, judgments or other
payments involving Medicare beneficiaries
2. The purpose of reporting is to assist CMS and other insurance plans to properly coordinate
payment of benefits among plans so that claims are paid promptly and correctly
3. What must be reported is the identity of a Medicare beneficiary whose illness,
injury, incident, or accident was at issue to enable an appropriate determination
concerning coordination of benefits, including any applicable recovery claim
VIII. Corporate Compliance

A. Why Have a Corporate Compliance Program?
1. Supports legal/regulatory/accreditation obligations
2. Improves the quality and safety of care
3. Demonstrates a commitment to honesty and integrity in work practices
4. Provides a more accurate view of employee and contractor behavior
5. Identifies and prevents criminal and unethical conduct
6. Implements a means for immediate and appropriate corrective action
B. Corporate Compliance Program Elements
1. Develop and distribute written standards of conduct and policies and procedures
that demonstrate the organization's commitment to compliance
2. Designate a chief compliance officer and an appropriate oversight committee
3. Develop and implement regular and effective employee education programs
4. Implement and maintain an appropriate confidential complaint process
5. Develop a process to respond to allegations
6. Use audits to monitor compliance
7. Investigate and resolve identified problems
C. Corporate Compliance: Office of Inspector General (OIG) responsibility
1. Department of Health & Human Services
2. Oversight of programs funded through the American Recovery and Reinvestment Act of
2009 (Recovery Act)
3. Develops annual work plans focused on gaps within healthcare systems
4. Focused investigations:

a) Individuals and organizations that knowingly and willfully execute schemes to defraud any
HHS program, grant, or contract involving Recovery Act funds; and
b) Facilitate ongoing communications with federal, state, and local law enforcement and
other agencies regarding the use and distribution of HHS Recovery Act funds.
IX. Employment Laws and Regulations

A. Federal Statutes Regarding Employment
1. Fair Labor Standards Act (FLSA)
2. Title WI of the Civil Rights Act of 1964
3. Title I Americans with Disabilities Act (ADA)
4. Age Discrimination in Employment Act (ADEA)
5. Sections 1981 and 1983 of the Reconstruction Civil Rights Acts
7. Equal Pay Act of 1963
8. Uniformed Services Employment and Reemployment Rights Act
9. "Whistle-blower" protection
B. Title VII of Civil Rights Act (Anti-discrimination Law)
1. Prohibits not only intentional discrimination, but also practices that have the effect of
discriminating against individuals because of their race, color, national origin, religion or sex
2. Established the Equal Employment Opportunity Commission (EEOC)
3. Prohibitions include:
a) Sexual harassment: Any act that creates a "hostile work environment"
b) A hostile work environment is a work environment made intolerable to a reasonable
person by the frequency, severity or pervasiveness of objectionable words, actions or other
materials of a sexual nature, or materials that direct hostility at people because of their
ethnicity, race or age. Employees who experience sexual or nonsexual harassment can
claim the discrimination created a hostile work environment.
c) Pregnancy-based discrimination: Pregnancy, childbirth and related medical
conditions must be treated the same as other illnesses and temporary conditions and may
not be used to deny employment opportunities.
C. Title I, Americans with Disabilities Act of 1990 (ADA for employees)
1. Prohibits discrimination in recruitment, hiring, promotions, training, pay, social activities,
and other privileges of employment on the basis of disability in all employment practices
2. To be protected by the ADA, an individual must have a disability or have a relationship
or association with an individual with a disability
a) A disability is defined as a person who has a physical or mental impairment that
substantially limits one or more major life activities; a person who has a history or record of
such an impairment; or a person who is perceived by others as having such an impairment
3. Title I requires employers with 15 or more employees to provide qualified individuals
with disabilities an equal opportunity to benefit from the full range of employment-
related opportunities available to others

4.The law restricts questions that can be asked about an applicant's disability before a job offer is made
5.Employers are required to make reasonable accommodation to the physical or mental
limitations of otherwise qualified individuals with disabilities, unless it results in undue hardship
D. Other federal acts affecting employment discrimination
1. Age Discrimination in Employment Act of 1967 (ADEA) prohibits
employment discrimination against individuals age 40 and older
2. Equal Pay Act of 1964 (EPA) prohibits discrimination on the basis of gender in compensation
for substantially similar work under similar conditions
3. Civil Rights Act of 1991 includes provisions for monetary damages in cases of
intentional discrimination and clarifies provisions regarding disparate impact actions
E. Equal Employment Opportunity Commission (EEOC)
1. Federal agency within the Department of Labor
2. Responsible for receiving and investigating charges of discrimination filed by former, current
or prospective employees under Title VII, ADA, and ADEA
3. EEOC claim must be filed within 180 days of alleged action
a) If negative findings: Employee can bring civil action
b) If positive findings: EEOC brings charges against organization
F. Employee Retirement Income Security Act (ERISA)
1. Establishes a standardization of the administrative functions of employee welfare benefit plans
2. Establishes federal pre-emption of state laws that cover plan benefits from state courts
to federal courts to avoid conflicting regulations among states
3. No pain and suffering damages available to the plaintiff if a claim is preempted by ERISA
4. Some movement seen among states to permit health plans to be sued directly by enrollees
in defiance of ERISA preemption
X. Workplace Safety
A. Occupational Safety and Health Administration (OSHA)
1. The primary regulatory agency in the field of occupational safety and health is OSHA a
federal agency within the United States Department of Labor
2. OSHA has authority to promulgate standards pursuant to the Occupational Safety and
Health Act of 1970 which has a general duty clause
a) The general duty clause requires that each employer furnish to each employee a job and a
workplace that are free from recognized hazards that are causing or are likely to cause death
or serious physical harm to employees
b) OSHA has full regulatory authority to enforce its standards and regulations
3. The purpose is to create workplace safety rules for employers with more than 10
employees except low hazard industries such as finance, retail, insurance, etc.
B. Occupational and Environmental Risk Exposures for Healthcare Facilities
1. Establishes a federal requirement that employers provide a place of employment that is free
from recognized hazards to personal safety and health, such as exposure to toxic chemicals,
excessive noise levels, mechanical dangers, unsanitary conditions, heat or cold stress, etc.

2. Twenty (20) different categories that address the principal health concerns for which OSHA
has developed safety standards
3. Numerous other injuries and illnesses not directly addressed by OSHA
4. Hazard Communication Standards / Employee Right to Know Rule
a) OSHA requires that standards are developed and information is disseminated about
the identities and hazards of chemical to ensure chemical safety in the workplace
b) Material Safety Data Sheets (MSDS)
C. Environmental Protection Agency (EPA)
1. Mission is to protect human health and the environment
2. Leads the nation's environmental science, research, education, and assessment efforts
3. Regulates materials and activities outside of buildings
D. Environmental Issues
1. Underground storage tanks
2. Aboveground storage tanks
3. Asbestos removal
4. Disposal of hazardous waste
5. On-site medical waste incinerators
6. Clean Air Act
7. Clean Water Act
8. Toxic Substance Control Act
9. Hazardous Waste Operations and Emergency Response Standards (HAZWOPER): Applies
to workers who clean up hazardous spills or hazardous material
E. Environmental Issues in Acquisitions
1. Inspection of the property
2. Records review
XI. Accreditation, Surveying and Licensing Bodies Introduction

A. Overview
1. More emphasis on consumer driven healthcare, an increase in payor reimbursement
strategies, demands from an increasing aging population and growing personal responsibility
have increased the development, visibility and vigilance of accreditation licensure and
certifying agencies
2. Some oversight agencies are voluntary while others are mandatory
3. Healthcare organizations must demonstrate intent and willingness to comply with published
standards
4. Healthcare organizations with better outcomes focus on patient safety, safe delivery
and effective and efficient care without compromise of essential elements
B. Mandatory surveying body and activities
1. Mandatory activities may occur
a) Organizational licensure

b) Individual healthcare licensure
c) State requirements
Organization Mandatory Activities

U. S. Department of Health and Human Some agencies under DHHS:
Services (DHHS) • National Institutes of Health (NIH)
www.dhhs.gov • Centers for Disease Control and Prevention
• Principle agency for protecting health of all (CDC)
Americans and providing essential human • Indian Health Services (IHS)
services, especially for the population least • Food and Drug Administration (FDA)
able to help themselves.
• Agency for Healthcare Research and Quality
(AHRQ)
Centers for Medicare and Medicaid Services Some activities under CMS:
(CMS) • Regulation of laboratories
www.cms.gov • Surveys
Oversees payment for healthcare covered by • Certification of nursing homes, hospitals, home
the federal government health agencies, intermediate care facilities
• Most visible certification organization • Development of coverage policies
• May contract with state health departments • Quality of care improvement
to survey healthcare organizations • Purchase of health services for beneficiaries
• Establishes policies for healthcare payment
• Oversees payment to healthcare
organizations
State health departments Some state-level activities:

Oversee healthcare organizations' "right to do Requirements vary by individual state, based
business" on culture
Activities include but are not limited to:
• Regularly scheduled activities
• Conducting independent inspections/
surveys
• Forming "deemed status" relationships with
private accrediting bodies
• Reacting to highly publicized or tragic events
• Credential review and privileging programs
C. Accreditation
1. Importance
a) A reflection of compliance with established norms or standards
b) A reflection or snapshot in time

c) Viewed by the public and payor as a "Seal of Approval"
d) A threshold for contracting for some payors
2. Voluntary accrediting organizations
a) The Joint Commission: TJC
b) Det Norske Veritas: DNV
c) National Committee for Quality Assurance: NCHQ
d) Healthcare Facilities Accreditation Program: HFAP
e) College of American Pathologists: CAP
3. Value of participating
a) Public demands it
b) Participation makes good business sense
c) Leads to improved patient care and safer environment
d) Promotes good discipline
e) Supports transparency
f) Right thing to do
g) May present advantages in marketing and recruiting
D. Risk management implications of accreditation, surveying and oversight
1. Be familiar with all of the organizations responsible for oversight for accreditation,
surveying and oversight
2. Collaborate with others in the facility to assure compliance with established standards
and data outcomes
3. Be familiar with state requirements and have knowledge of where to access published standards
4. Expect additional regulation of healthcare
5. Focus on patient safety, patient rights, governance, product safety, provider qualifications
and fiscal responsibility (payors and providers)
6. Consider future risks of health e-commerce, confidentiality of data, unauthorized access
and disclosure of patient data, provider qualifications and customer satisfaction
E. Non-compliance
1. Failure to meet licensure, accreditation and certification requirements may have an impact
on loss exposure
2. Loss of funding due to violations of regulatory or accrediting standards
3. Public disclosure may potentially jeopardize public image, finances and potential
litigation resulting in a reputational loss
4. Exclusions from CMS may result from non-compliance
5. As fraud and abuse becomes a focal point for the government, both criminal and
civil monetary penalties will be assessed for violations
6. Threat of criminal charges, resulting in prison sentences, will raise concerns that
healthcare programs are appropriately established and directed by governing boards
7. If the CMS uncovers any evidence of non-compliance, other state and federal agencies may be notified

XII. Tort Reform
A. Varies from state to state
1. AMA listing of "In Crisis," "Showing Problem Signs," "Effective Reforms Halting Crisis" and
"Currently OK" states
2. In some states, obstetricians and rural family physicians no longer deliver babies; high-risk
specialists no longer provide trauma care or perform complicated surgical procedures
B. Federal tort reform
1. Various legislation attempts in both House of Representatives and Senate
2. No legislation passed, to date
C. General provisions of tort reform measures
1. Statutory imposition of limits (caps) on general damages awarded in medical malpractice lawsuits
2. Focus on limiting non-economic damages
3. Allowing for periodic payments for future damages
4. Disclosing the existence of "collateral" benefits to juries
D. California's Medical Injury Compensation Reform Act (MICRA)
1. Enacted in 1976
2. Serves as the benchmark for most efforts at tort reform in other states
E. Effect on malpractice insurance
1. Limits on damages and other cost controls encourage insurers to offer professional liability
insurance in areas governed under tort reform statutes
2. High premiums forcing physicians in some areas of the country to retire early, relocate or give
up performing high-risk medical procedures
XIII. Case Law

A. Based on judicial decision and precedent rather than on statutes
B. Case law risk management implications
1. When courts render a decision in the form of a written opinion, the opinion becomes part of
the body of law and should be given the same consideration as statutory law
2. Risk managers should routinely review relevant cases in local and federal jurisdictions
to anticipate any changes that might be required as a result of recent decisions
XIV. Peer Review

A. Overview
1. Process used for checking the work performed by one's equals to ensure it meets specific criteria
2. Promotes patient safety and well-being of patients through ongoing monitoring of
physician performance
3. Hospitals have a direct and independent responsibility to patients to ensure quality of care
provided (Elam v. College Park Hospital)
4. Responsibility vested in organization's board of directors, which delegates
operational elements to medical staff

5. To encourage physician involvement, states have enacted laws that provide protection
from civil liability for individuals who participate in peer review activities
6. Healthcare Quality Improvement Act of 1986 provides protections at federal
level B. Risk management implications of peer review
1. Need for hospitals to establish a thorough and above-board peer review protocol crucial
2. Integrity of peer review process crucial to maintaining privilege of proceedings
3. Records of protected committees must be controlled to enable application of immunity
from discovery in litigation
4. Staff education and adoption of related policies and procedures important to
reserve protections afforded under the law
REVIEW QUESTIONS
Complete the review questions and then compare your answers with those explained below.
A 28-year-old uninsured male patient is received unannounced from a rural acute care hospital. The
patient is fully alert and oriented, but he is cachectic, HIV-positive and has a knife wound to his leg.
His hemoglobin is extremely low. A staff member is directed to start a blood transfusion, but the
staff member refuses. Another staff member attempts to give him a blood transfusion, but the
patient refuses the transfusion. Although aggressive medical care is rendered to the degree possible,
the patient expires 12 hours later.
1. Which of the following statements is true about the staff member who refused to
administer the transfusion?
A. Employee has a right to refuse to perform in a dangerous situation such as an HIV-positive
patient
B. Employee has a right to refuse to perform in a dangerous situation such as an HIV-positive
patient with active, uncontrolled bleeding
C. Employee is protected by the ADA
D. Employee has no right to refuse to administer the transfusion
Answer D
Right to refuse is not based on religious reasons and right to conscience. Caregivers may not abandon the
patient.
2. When the above patient refuses the transfusion, which of the following actions should
be taken?
A. Court order should be sought
B. Transfusion should be administered without the patient's consent since it is a life saving action
C. Care should be provided to the degree possible while respecting the patient's wishes
D. Supportive only measures should be given
Answer: C
The patient's autonomy allows that he can refuse or accept treatment. This is especially true here because the
scenario does not indicate that he is incompetent to make his own decisions; he can do so even to the point of
his own detriment or demise.

3. The committee that generally is charged with oversight of investigative patient research is the:
A. Quality assurance committee
B. Institutional review board
C. Utilization review committee
D. Ethics, or bioethics, committee
Answer. B
It is the responsibility of this committee to identify and minimize risks to the human subjects duri ng
research. Members should determine how the research would be periodically reviewed and monitored
via data collection. They also superintend the subjects' rights of acceptance, rejection or termination
of participation.
4. Which of the following are examples of advance medical directives?

1. Living will
2. Durable power of attorney for health care
3. Physician's do not resuscitate (DNR) order
4. Legal guardianship papers
A. 1 only
B. 1 and 2 only
C. 1, 2 and 3 only
D.All of the above
Answer: B
A physician's DNR order is not done by the patient. It may be ordered in agreement with the patient, but it
is not a separate legal document. A DNR status may be rescinded at any time, if the patient is competent
when making that change. Legal guardianship papers are not considered as an example of an advance
directive.
5. A group of obstetricians and neonatologists submits a proposal for a study on a new drug that
might improve fetal lung maturity and, therefore, the survival of newborn infants. The
proposal is approved by the institutional review board (IRB), and the study commences. Two
months into the study, the physicians decide to alter the drug regimen. Instead of giving the
drug during just the second month of the pregnancy, they want the drug given until the
completion of the first trimester. The IRB has a backlog of proposals, and the investigators
fear their revised proposal will not be evaluated for a few months. The investigators should:
A. Ask the Department of OB-GYN to approve the change
B. Ask the Department of OB-GYN and the Department of Pediatrics to approve the change
C. Consult the ethics committee
D. Suspend the study until they can obtain an opinion from the IRB
Answer. D
If a researcher changes the conditions of the study, the IRB must review the changes to determine if there are any
new risks involved, decide how the change will be monitored, and then approve or disapprove the researcher's
proposed alteration.

6. The Patient Self-Determination Act (PSDA) obligates which of the following
entities to provide their clients with information regarding advance directives?
1. Hospitals
2. Providers of outpatient services
3. Health maintenance organizations (HMOs)
4. Home healthcare services
A. 1 and 2 only
B. 1, 2 and 4 only
C. 1, 3 and 4 only
D. All of the above
Answer: C
As a condition of participation in Medicare and Medicaid programs, obligations are imposed upon
hospitals, hospices, skilled nursing facilities, home health providers, personal care service providers and
managed care organizations; however the PSDA does not apply to providers of outpatient services.
7. Ethics consultations and decision-making done systematically will help to ensure that
ethical principles are met. This approach would include all of the following except:
A. Verification of the facts
B. Documentation of the rationale for the decision
C. Unanimous agreement among the participants
D. Identification for the potential legal and ethical problems that may be involved
Answer C
Unanimous agreement is not required; however, there should be recommendations to the caregivers
providing direct care to the involved individual.
8. The Health Insurance Portability and Accountability Act (HIPAA):

1. Prohibits the flow of individually identified health information for unauthorized purposes
2. Allows individuals to know who is accessing their information
3. Allows individuals the opportunity to obtain corrections to inaccurate or incorrect information
4. Provides for legal recourse against individuals who misuse or mishandle health information
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: D
HIPAA does prohibit the flow of individually identified health information, so the correct answer must
contain option 1. Likewise, HIPAA allows individuals to know who is accessing their health information,
so the correct answer must contain both options 1 and 2. Only answers C and D contain both options 1
and 2, so the correct answer hinges on HIPAA providing for legal recourse against the misuse of health
information. Therefore, the all-inclusive answer, D, is correct.

9. Medical devices may play an essential role in the management of a claim. If a medical
device is involved, which of the following should not be done?
A. Remove the device from service
B. Contact the device's manufacturer to have them test the device
C. Secure all manuals, contracts, and other documents related to the device
D. Determine if the occurrence must be reported to external agencies
Answer B
All of the answer options are correct except B. Giving a device involved in a claim or incident or PCE to a manufacturer
to test should not be done. Tests are indicated use a third party testing agency that specializes in forensic engineering
of medical devices.
10. The Americans with Disabilities Act (ADA) makes it unlawful to discriminate in
employment against a qualified individual with a disability and requires that places of
public accommodation be accessible to disabled persons. Which of the following may
NOT be considered discriminatory under the ADA guidelines?
A. Terminating an employee only because he has a physical or mental impairment that substantially
limits a major life activity
B. Terminating a disabled person unwilling to perform the essential functions of the job with or
without reasonable accommodation
C. Not promoting a disabled person due to his disability
D. Not providing reasonable means of communication for the person that is deaf, blind or non-
English speaking
Answer B
The ADA prohibits discrimination against an individual with a disability who, with or without reasonable
accommodation, can perform the essential functions of the job.
11. Federal or state criminal convictions of healthcare practitioners related to the delivery
of healthcare services must be reported to the:
A. National Practitioner Data Bank
B. Healthcare Integrity and Protection Data Bank
C. The Joint Commission
D. Centers for Medicare and Medicaid Services
Answer. B
The Healthcare Integrity and Protection Data Bank was established by the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) as a clearinghouse for the reporting and disclosure of certain final "adverse
actions" taken against healthcare practitioners, suppliers, and other providers.
12. Under the requirements of the Healthcare Quality Improvement Act, hospitals must query
the national Practitioner Data Bank upon physician appointment and reappointment, but no
less than:
A. Every year
B. Every two years

C. Every three years
D. Every four years
Answer. B
Information on current members of the medical staff must he requested at a minimum of every two years.
13. The False Claims Act prohibits which of the following activities?
1. Presenting a false claim for payment
2. Conspiracy involving federal claims
3. Embezzlement by government contractors
4. Purchase on the black market
A. 1 only
B. 1 and 2 only
C. 1, 2 and 3 only
D. All of the above
Answer. D
The False Claims Act prohibits seven types of activities, which include presenting a false/fraudulent claim for
payment from the government, making or using a false statement to get a claim paid, conspiracy to defraud the
government, embezzlement by government contractors, using a false record or statement to conceal, avoid or
decrease an obligation to pay money or property to the government, false certification of deliveries to the
government, purchase on the black market, and reverse false claims.
14. Under EMTALA, a patient is entitled to:

1. A medical screening examination
2. Free medical treatment
3. Prompt medical treatment
4. All treatment necessary to stabilize any identified emergency medical condition
A. 1 and 2 only
B. 1 and 4 only
C. 1, 2 and 4 only
D. All of the above
Answer B
EMTALA requirements include provision of a medical screening examination to determine i fan
"emergency medical condition" (EMC) exists; i fan EMC exists, provide appropriate medical treatment to
stabilize the patient, subject to the availability of resources (capability/capacity). If capability/capacity is not
available, provide "appropriate" transfer to facility that does have capability/capacity to stabilize EMC.
Participating hospital must accept a patient transfer from another hospital if it has the capability/capacity to
provide stabilizing treatment to patient that the transferring hospital does not have. EMTALA does not remove
the obligation of the patient for payment for services rendered, nor is there a requirement for prompt medical
treatment that should be determined by established triage guidelines.

15. Documentation is the essence of the medical record, and risk managers have a personal
stake in preserving the record and enhancing the quality of the documentation. The rules
that govern documentation come from which of the following sources?
1. Joint Commission
2. State and federal statutes
3. Professional practice standards
4. Insurance companies
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: D
Healthcare is a highly regulated business that requires documentation to support compliance. Rules
governing documentation and medical record management come from several sources, including federal
(CMS), state statutes and state licensure requirements, professional practice standards, specific healthcare
facility protocols, insurance companies, managed care organizations, other third-party organizations, Joint
Commission and textbooks.
16. Which of the following is NOT a type of consent?

A. Informed
B. Implied
C. Practical
D. General
Answer: C
Informed consent is the process between the patient and care provider in which the risks, benefits and
alternatives are explained and discussed. Implied consent occurs when a serious or emergency condition exist
that require immediate treatment/care and the patient is unable to communicate/take part in the
communication process and there is no time to secure an individual with the authority by law to consent to
the treatment/care General consent is used to allow release of personal health information. Practical consent
is a misnomer.

RISK FINANCING
Domain
RISK FINANCING Domain 165

Risk Financing Domain
1. Define risk financing
2. Describe each of the risk financing techniques
3. Differentiate between the different types of insurance
4. Explain the difference between claims-made and occurrence insurance
5. Discuss the cost of risk
6. Compare a soft market and a hard market
KEY TERMS
Important terms and definitions relevant to this domain
Actuary — A person who uses statistics to compute loss probabilities to establish premiums
for insurance companies and self-insurance trusts.
Boiler and machinery coverage — Provides protection for explosion of boilers and other
pressure vessels and accidental damage to equipment.
Business interruption insurance coverage — Insurance coverage typically provided as a part of
a property insurance policy covering the lost revenues and extra operating expenses associated
with a covered loss such as a fire; attempts to replace revenues lost due to covered loss.
Captive — An insurance company established to provide coverage to a sponsoring entity as
opposed to marketing and selling policies commercially to insureds; the sponsoring entity may be
a parent corporation and its related subsidiaries, a professional association or other group.
Certificate of insurance — A standardized form — usually produced by the insurance agent or
broker who arranges the coverage — that officially outlines the specific type of insurance in place,
the insurance carrier, policy period, policy number, etc.
Claims-made coverage — Provides coverage for a claim that occurred after the inception or
retroactive coverage date of the policy and is reported to the insurance company while the policy or
any replacement policy is still in effect.
Cost of risk — Value of all risks, internal and external, faced by an organization in fulfilling its mission.
Deductible — Amount required to be paid by the insured before the insurer will make payment for the
eligible loss as stipulated under the insurance contract; typically erodes the maximum benefit provided.
Direct insurance — A contractual arrangement involving the purchase of insurance by an
insured from an insurer.
Directors and Officers liability — D&O policies contain a two-part wrongful act definition:
◼ Any actual or alleged error or misstatement or misleading statement or act or omission or breach
of duty by directors and officers while acting in their individual or collective capacities
◼ Any matter claimed against them solely by reason of their being directors or officers of the company.
Errors and Omissions insurance: E&O insurance policies provide coverage for negligent advice or
business services provided by an individual or entity not eligible for professional liability insurance
coverage, such as medical billing companies, insurance brokers and managed care organizations.

Fiduciary liability — Insurance coverage policy that can be purchased to cover the alleged breach of
the fiduciary responsibility under common law or ERISA for individuals who exercise management
or administrative responsibilities for employee benefit plans.
First party insurance coverage — Provides coverage for the insured's own property or person so
that the insured will be restored to the same financial position that he or she had prior to the loss.
Fronting — The use of a licensed, admitted insurer to issue an insurance policy on behalf of a self-
insured organization or captive insurer without the intention of transferring any of the risk. The risk
of loss is retained by the self-insured or captive insurer with an indemnity or reinsurance agreement.
However, the fronting company (insurer) assumes a credit risk since it would be required to honor
the obligations imposed by the policy if the self-insurer or captive failed to indemnify the risk.
Fronting arrangements allow captives and self-insurers to comply with financial responsibility laws
imposed by many states that require evidence of coverage written by an admitted insurer, such as for
automobile liability and workers' compensation insurance. Fronting arrangements may also be used
in business contracts with other organizations, such as leases and construction contracts, where
evidence of coverage through an admitted insurer is also required.
General liability insurance — Coverage for liability arising out of the hazards of the premises
and operations.
Guaranteed cost — Also known as "fixed cost" or "first dollar" programs. Insurance
coverage is provided from the first dollar of loss incurred.
Hard market — Insurance industry characterized by escalating premiums, strict underwriting
procedures and limited availability of coverage.
Incurred but not reported (IBNR) — Contains two components:
◼ An estimate to cover further development of paid losses or known claimants
◼ An estimate for the discovery of unknown claimants.
Indemnity — Amount that the insured person is paid for the covered expense.
Insurance — A system by which a risk is transferred to an insurance company, which reimburses
the insured for covered losses and provides for sharing of costs or losses among all insureds.
Limits (policy limits) — In insurance, the maximum the insurer will pay, typically expressed
either per occurrence (occurrence limit) or as an annual aggregate (the maximum insurer will pay
for all claims covered under policy).
Nose — Under a claims-made form, this is the period between an insured's retroactive date and
the current policy period.
Occurrence coverage — Provides coverage for a claim that occurred during the policy
period regardless of when the claim is reported to the insurance company.
Professional liability insurance — Coverage for liability arising from the rendering of services or
of the failure to render professional services.
Reinsurance — Contractual arrangement involving the purchase of insurance by an insurer
from another insurer.
funds to pay for losses that risk control techniques do not entirely stop from happening;
techniques include risk retention and risk transfer.
Risk transfer — Transmission of an organization's risks to an outside party.
Risk retention — Method an organization employs for financing of loss through the retention of the risk.

Self-insured retention (SIR) — The portion of a claim that the insured is required to pay before the
insurer begins to pay. This is similar to a deductible but is frequently funded through a mechanism
such as a self-insurance trust fund and is larger than a deductible. The insured generally manages
claims falling entirely with the SIR (or contracts with a third party to do so) so that the insurer is
involved only if the amount of the claim exceeds or is anticipated to exceed the amount of the
retention. Self-insured retentions are common in hospital professional liability programs.
Soft market — Insurance industry characterized by low premiums, flexible terms and generous capacity.
Stop loss coverage — Provider excess coverage that is usually structured to insure excess claims.
Insurance coverage for healthcare and managed care organizations that have agreed in advance to accept
financial risk for the provision of healthcare services under capitated managed care contracts. Stop loss
policies limit the losses experienced by such entities when utilization of service exceeds estimates.
Tail — An extended reporting period whereby a claims-made policy is essentially converted to
an occurrence policy by extending coverage to all claims that arise from the care rendered during
the policy period regardless of when the claim is reported.
Third-party insurance coverage — Provides coverage to a party other than the insured to make
that person whole for loss or injury covered by the insured; involves three parties.
OUTLINE
I. Structure of the risk management process
A. Identification and analysis of exposures
B. Treatment of exposures
1. Risk control
2. Risk financing
a) Retention
b) Transfer
II. Basics of risk financing

A. Encompasses all ways of generating funds to pay for losses that risk control techniques do
not entirely prevent
B. Designed to obtain funds, at the least possible cost, to restore losses that impact the organization
and assure post-loss financial resource availability
C. An organization should apply at least one risk control and at least one risk financing technique to
each of its significant loss exposures unless exposure avoidance is a practical and safe alternative
D. One risk control technique often may be substituted for another; one risk financing technique
often may be substituted for another
III. Distinction between risk control and risk financing

A. Risk control aims to prevent losses before they occur and reduce the severity of losses after
they occur. Risk financing deals with managing the financial aspects of a loss after it occurs
B. An organization should apply at least one risk control and at least one risk financing technique to
each of its significant loss exposures unless exposure avoidance is a practical and safe alternative
C. One risk control technique may be substituted for another; one risk financing technique may be
substituted for another

IV. Risk financing
techniques A. Risk retention
1. Technique where all or part of the risk is retained by the organization
2. Types of risk retention
a) Current expensing of a loss (use of available cash)
(1) Charging off losses as current expenses without a fund or reserve; paying for losses out
of available cash as they occur
(2) Acceptable for losses that are small in nature and infrequent in occurrence
(3) Example: deductible for various policies (e.g., automobile or property loss)
b) Unfunded loss reserve
(1) Accounting entry that shows a potential liability; segregates a portion of surplus equal
to booked value of retained losses
(2) Examples: uncollectible accounts, loss of revenue for lost items (dentures, eyeglasses,
hearing aids), incurred but not reported claims (could be unfunded or funded)
c) Funded loss reserve
(1) Organization sets aside funds (cash, securities or other liquid assets) for expected losses
(e.g., "earmarked funds")
(2) Examples: reserve for taxes payable at the end of the month, reserve to absorb the cost
of defending claims
d) Borrowed funds
(1) Organization borrows to pay losses
(2) Results in a reduction in its line of credit or ability to borrow for other purposes
(3) Represents a depletion of its own resources to pay its losses and, in time, uses its
own earnings to repay the loan
(4) A means of borrowing time
e) Formal self-insurance techniques
(1) Self-insurance trust
(a) Funding vehicle that is a bank account administered by an independent third party
(trustee)
(b) Funds are designated for the sole and restricted purpose of paying losses
(c) Since it is not an insurance vehicle, it is strictly limited to the funding purposes for
which it was established
(d) Cannot accommodate the risks of third parties (entities outside the parent's
economic family)
(2) Affiliated, captive insurer
(a) Closely held insurance company whose insurance business is primarily supplied by and
controlled by its owners, and the original insureds are the principal beneficiaries
(b) Subsidiary to finance specified types of losses
(c) Generally, the affiliated insurer and the insured "parent" organization are members of
the same "economic family," negating any transfer of risk to an outside entity

(d) Corporation for which the product is the payment of losses and the revenue is
premium payments
(e) Highly formalized type of retention
(f) Types of captives
(i) Single parent
(ii) Group captives
(iii) Fronts
(iv) Rent-a-captive
(g) Important considerations
(i) Domicile selection (on-shore vs. off-shore)
(ii) Criteria for participation
(iii) State insurance requirements
(iv) Board composition/meeting requirements
B. Risk transfer
1. Techniques that seek to transmit a risk or the responsibility for the loss to an outside party
2. Funding the payment of losses from outside the organization after a specified loss
3. Contract or provision of a contract exists
4. Commitment to pay is specified
5. Organization can transfer the financial burden of losses but not necessarily the ultimate
legal responsibility for losses
6. Types of transfer
a) Noninsurance
(1) Contract under which one party, the transferee / indemnitor, agrees to pay money for
specified types of losses for which, in the absence of the contract, the financial burden
would fall on the transferor
(2) Indemnity agreement: One party to a contract agrees to pay another if the latter
suffers a specified type of loss
(3) Hold harmless agreements: a commitment that one contracting party makes to another
to hold the latter harmless from specified types of legal claims that may be brought
against that latter because of activities covered by the contract
b) Insurance
(1) Insured's risk is transferred to an insurance company, which reimburses the insured
for covered losses and provides for sharing of costs or losses among all insureds
(2) Most common type of risk transfer
(3) Contractual relationship that exists when one party (the insurer), for a consideration
(the premium), agrees to reimburse another party (the insured) for losses to a
specified subject (the risk) caused by designated contingencies (hazards or perils)
(4) Insurance policy should never be viewed as a complete transfer of risk
(5) Risk retention groups: alternative method to commercial insurance for risk transfer

C. Key variables to consider in selecting risk retention vs. risk transfer
1. Size and type of organization
2. Financial strength and resources of the organization
3. Type of risk to be treated
4. Organization's risk-taking philosophy
5. Organization's goals and objectives
6. Effectiveness of the risk management and loss control program
7. Effect each technique has on the organization's long-run costs and, therefore, on its
profitability
8. Financial security and solvency of insurance companies
a) Role of state guaranty funds (applicability)
(1) Insurance rating system (e.g., A.M. Best, Standard & Poor's, Moody's)
(2) Financial strength and size
9. Soft vs. hard market
a) Insurance industry is cyclical
b) Considerations
(1) Overall business strategy of the carrier
(2) Historical commitment to the healthcare industry
(3) Carrier's reaction to other pricing cycles
(4) Carrier's loss ratio for similar accounts
(5) Analysis of limits to be purchased
(6) Review of current retentions
(7) Review of current risk and claims management program
D. Typical strategy
1. Combination of risk transfer and retention for professional liability exposures is used
2. Predictable layer of loss is retained
a) State-mandated coverage limits
3. Unpredictable catastrophic loss is transferred
V. Insurance contract
A. Insurance is a legal contract
B. Policy includes four standard elements:
1. Declarations page: Identifies the named insured and describes the property or activity to
be insured a) Components
(1) Policy number
(2) Inception and expiration date
(3) Insured address
(4) Policy limits

(5) Premium
(6) Applicable deductibles
2. Insuring agreement: Provides the language wherein the insurer states its obligations under the
terms of the contract
a) Components
(1) Broad statement, subject to narrowing and limitation later
(2) Conditional promises to pay
3. Conditions: Spells out the many obligations of the insured and the insurer
a) Important conditions
(1) Insured's obligations, such as filing a timely proof of loss, etc.
(2) Insured's obligation to cooperate with the insurer in investigation and settlement of the loss
(3) Insured's obligation to pay the premium in a timely manner
(4) Terms for cancellation or non-renewal
(5) Insurer's right to inspect the premises
(6) Coverage territory
(7) Applicability of deductibles, limits and defense expenses
4. Exclusions: Describes coverage the policy is not intended to
provide C. Direct insurance vs. reinsurance
1. Direct insurance
a) Involves a contractual arrangement involving the purchase of insurance by an
"insured" from an c‘insurer5,
b) Primary insurance is the first layer of coverage, the layer that is prone to loss
c) Excess insurance sits over specific primary insurance to afford additional limits of liability
d) Umbrella liability over several lines of liability coverage
(1) Hospital professional liability
(2) Commercial general liability
(3) Employer's liability
(4) Automobile liability
(5) Aircraft/heliport liability
e) Underlying limit warranties must be verified
2. Reinsurance
a) Involves a contractual arrangement involving the purchase of insurance by an
"insurer" from "another insurer"
b) Risk sharing reduces ultimate loss exposure to a more comfortable level
(1) Stabilizing effect: smoothes the ups and downs of fluctuating loss experience
(2) Increases capacity
(3) Catastrophic protection: protects against the adverse effects of large losses from
natural forces or manmade disasters

D. Terms and conditions of limits of liability
1. Policy limit: Represents the maximum amount the insurer will pay for losses
2. Per occurrence: Applies to a specific loss
3. Aggregate: Applies to all losses within a policy term
4. Defense costs can be included within the policy limit or outside
5. Deductibles or self-insured retentions may apply before the limits
E. Agents and brokers
1. Agent: Generally represents one or more insurance carriers
2. Broker: Generally represents the purchaser
VI. State regulation of insurance

A. License insurers and insurance company representatives
B. Monitor the financial condition and operations of insurance companies
C. Regulate rates
D. Approve policy forms
E. Take consumer complaints
VII. Types of insurance

A. First party (also known as "direct damage coverage")
1. Coverage for the insured's own property or person so that the insured will be restored to the
same financial position that he or she had prior to the loss
2. Examples:
a) Fire/property
b) Business interruption (time element coverage)
c) Boiler and machinery
d) Builder's risk
e) Flood
f) Earthquake
g) Crime and employee dishonesty
h) HMO/capitation stop loss
i) Electronic data processing and media
j) Commercial crime insurance and employee dishonesty
B. Third party (synonym for "liability insurance")
1. Coverage to a party other than the insured to make that person whole for loss or injury
covered by the insured
2. Involves three parties:
a) The one who was harmed (plaintiff/claimant)
b) The insured who caused the harm or damage (defendant)
c) The insurer (commercial carrier or alternative risk financing vehicle)

3. Unlike first-party coverage, the named insured is never a direct recipient of the
payment for the loss responded to by the liability policy
4. Examples:
a) Medical professional liability
b) General liability (premises liability)
c) Umbrella excess liability
d) Employment practice liability
e) Automobile liability
f) Garage/garage keeper's liability
g) Directors and Officers liability (D&O)
h) Errors and Omissions (E&O) liability
i) Environmental impairment liability
j) Fiduciary liability
k) Heliport and non-owned aircraft liability
1) Educational and child care center
m) Employee benefit legal insurance
n) Medical director's liability
o) Contractual liability
p) Utilization management/review liability
q) Violation of privacy (e.g., HIPAA)
C. Health and welfare insurance/social benefits
1. Coverage intended to indemnify the employee by restoring his or her health and
earnings to the level maintained prior to the loss
2. Examples:
a) Dental
b) Health benefits
c) Life
d) Long-term disability
e) Short-term disability
f) Vision
g) Workers' compensation
D. Financial guarantees (surety/bonds)
1. Contract guaranteeing performance
2. Different from traditional concept of insurance in that assets are pledged for full
amount of risk transferred
3. In a surety, one party (surety) agrees to be bound, along with the principal, to a third
party in the same agreement
4. The surety and principal on bond becomes the promisor to a third-party promisee
174 ASHRNI Preparation Guide for the CPHRM Examination

5. The third party would be able to collect the obligation from surety if principal cannot
meet the financial responsibility
6. Examples:
a)Contract bonds
b) Federal surety bonds
c)License and permit bonds (e.g., alcohol bonds)
d) Public official bonds
e)Judicial bonds
f) Nursing home bonds
VIII. Other insurance considerations and program specifications

A. Important to understand standard program before tackling alternative risk financing structures
B. Insurance pricing: includes factors such as exposures, underwriting considerations,
weighting/ rating, and deductible considerations
1. Prospective rating
a) Unlike most industries, an insurance company does not know the cost of its product
until well after it is sold
b) Insurers must price their policies prospectively, making the assumption that the past is
a reasonably accurate predictor of the future
c) In offering insurance, an underwriter looks at a blend of industrywide information and
the characteristics of the particular risk
2. Loss exposure
a)Medical staff
b) Occupied beds
c)Measurable data
(1) ED visits
(2) Outpatient visits
3. Pure premium
a)Investigating costs
b) Defending costs
c)Settling claims
4. Experience rating
a) An insurer will take into consideration an organization's own loss experience if it feels
the data are accurate and credible
b) To achieve the goal of accuracy, an underwriter will request five or 10 years of
experience, recently valued

5. Expense load
a) In addition to collecting enough premium to adjudicate claims, insurers also need to cover
their costs and generate a profit
b) Depending on the type of coverage, the expense loading may be 25-50 percent of the final cost
6. Risk charge
a) Overhead
b) Loss control services
c) Catastrophic loss
7. Retrospective rating
a) Pricing approach that attempts to adjust premiums based on actual loss experience during
the policy term
C. Types of risk financing programs
1. Large deductible
a) Most straight forward method of retaining risk
b) Virtually every type of insurance can be written with a deductible
c) As the deductible increases, credit against the guaranteed cost coverage should also increase
d) Considerations
(1) Risk appetite
(2) Budget ability
(3) Collateral/escrow requirements
(4) Claims handling
2. Self-insurance retention
a) Hard to distinguish between this program and a large deductible in many respects
(1) Both allow the insured a premium credit for accepting the responsibility for
paying claims up to a certain level
(2) Both assume that some risk transfer or insurance excess of the retention will continue
to be purchased
(3) Both approaches may have collateral or escrow requirements
(4) Both may feature stop-loss features
b) State regulations must be reviewed to determine what is required to become a "qualified"
self-insurer
3. Risk retention group
a) An insurance company that provides liability coverage to its members and owners; members
must be "similar or related entities" with respect to the liabilities to which they are exposed
b) Must be licensed as an insurance company in at least one of the 50 states (off-
shore domiciles do not qualify)
c) Types:
(1) Reciprocals
(2) Purchasing groups

D. Coverage types
1. Claims-made coverage
a) Retroactive date: The date defining the beginning of the coverage period for the claims-
made policy; this date is retained on an indefinite basis if one remains with the same carrier
b) Nose: Period of time between an insured's retroactive date and the current policy period
c) To change claims-made carriers
(1) Maintain original retro date (nose coverage)
(2) Buy an extended reporting endorsement (tail coverage) from the existing carrier and
establish a new retro date with the new carrier
(i) Retro date will usually predate the effective date on the policy
(ii) Permits an insured to report claims that are made after a policy period has expired
or has been cancelled, provided the wrongful act giving rise to the claim took place
during the policy term
(iii) Provides coverage for a claim that occurred after the inception or retroactive
coverage date of the policy and is reported to the insurance company while
the policy or any replacement policy is still in effect
2. Occurrence coverage
a) Provides coverage of an insured for incidents that occur while the policy is in
effect, regardless of when:
(1) The incident is reported to the insurer
(2) A claim is filed
b) No need for an insured to obtain an additional policy endorsement or extension when
moving to a new insurer
E. Considerations for whichever program
1. Meeting local regulations
2. Medicare and Medicaid reimbursement
3. Meeting collateral requirements
a) Cash
b) Securities
c) Promissory notes
d) Letters of credit
4. Tax implications
IX. Cost of risk (COR)

A. Development of insurance budgets, the value of an organization's liabilities reported on the
audited financial statements, and the effect of COR in continuing a specific clinical service
are examples of the use and impact that COR can play in managing a healthcare organization

B. COR can be categorized into four main areas
1. Hazard risks
2. Operational risks
3. Financial risks
4. Strategic risks
C. Cost of hazard risks
1. Generally insurable
2. Components
a) Insurance premiums
b) Retained or uninsured losses
c) Internal administrative costs
d) External service and provider costs
e) Sum of the components helps approximate the total COR for a specific exposure
3. Insurance premiums
a) Analyze actual costs of risks being transferred
b) Analyze various services provided by the insurance coverage
c) Typically medical professional liability premiums include a cost component for each of
the following:
(1) Covered damages for lost wages, medical expenses, and pain and suffering of the claimant
(2) Legal and expert witness fees
(3) Pre-judgment interest, cost of surety bonds and other miscellaneous costs
directly associated with a specific claim
(4) Premium taxes and other assessments placed upon the insurer by the state or
other regulatory agency
(5) Broker/agent commission for placement of the coverage
(6) Policy administration services
(7) Premium finance charges
(8) Risk management, education and other loss control services performed by the insurer
(9) Premium assessments or returns due to change in exposures
d) Exclusions must also be evaluated
(1) Are defense costs included in the limit of liability, or are they in addition to the limit?
(2) What is the definition of an occurrence and how does the limit apply to multiple
defendants involved in the same occurrence?
(3) Are limits sufficient to cover all claims?
(4) What is the definition of an insured, and would all potential defendants be covered as
intended?
(5) Will some exposures remain?
e) Premium must be evaluated as to the viability, financial status and coverage terms and conditions

4. Retained or uninsured losses
a) Hazard insurance programs usually require facility to retain:
(1) A portion of the loss
(2) A deductible
(3) A self-insured retention
(4) A quota share percentage of the limit
(5) Another form of risk sharing retention
b) Many losses are uninsured or retained on an unplanned basis because:
(1) Risk is not recognized
(2) Coverage is too limited
(3) Risk was uninsurable
c) Some hazard risks that are not always considered and medical malpractice issues that are
uninsurable include:
(1) Known incidents not reported timely
(2) Loss of use of medical equipment
(3) Losses related to research/experimental treatments
(4) Facility contamination
(5) Managed care exposures not delineated
(6) Excluded occurrences under the policy
(7) Insurer insolvency
(8) Punitive damages
(9) Violations of law
(10) Unplanned or uninsured issues must be considered in establishing the entity's COR
d) Internal administrative costs
(1) Risk management department salaries
(2) Overhead
(3) Information systems
(4) Program or policy services outsourced
(a) Claims handling
(b) Loss prevention
(c) Policy administration
5. Other related activities
a) External services and providers
(1) The use of outside services/providers can have a major impact on COR
(2) Examples
(a) Insurance broker
(b) Defense counsel

(c) Litigation manager
(d) Actuary
D. Cost of operational risks
1. Operational risks are generally defined as losses associated with internal systems and
processes and the people responsible for them
2. Issues to consider
a) Nursing shortage tied to quality of care
b) Physicians doing tests to protect themselves from litigation
E. Cost of financial risks
1. Relates to internal and external factors affecting the financial performance of an institution
2. Examples:
a) Third-party reimbursement
b) Cost of capital
c) Investment performance
d) Price of goods and services
e) Inflation
f) Philanthropy
3. Many financial risks can be mitigated through non-traditional insurance techniques such as
hedging, investment portfolio diversification to protect investments from major swings in
value, and the prudent use of lines of credit to manage an institution's cash flow needs
F. Cost of strategic risks
1. Relates to "big picture" areas of risk such as the quality of senior management
leadership, reputation, market share, the quality of affiliations or product innovation
2. Costs are difficult to measure and typically fall outside the realm of the traditional risk manager
G. COR allocation
1. A fair and equitable allocation system allows management to focus its attention on the
greatest opportunities for improvement and to reduce those allocated costs
2. Key principles
a) Defined purpose that clearly states what the organization wants to achieve
with the allocation system
b) Customize expressly for the organization
c) Communicate appropriately within the organization by senior management
d) Support with necessary staff and systems
e) Base on credible data
f) Maintain on consistent basis from year to year
g) Ensure key institutional leaders and physicians are vested in the process
h) Focus on quality improvement in a positive manner

H. COR and benchmarking
1. Internal benchmark must measure the effect of program changes over time
2. Internal benchmarking can effectively focus attention to those risk areas that can be impacted most
3. External surveys continue to evolve as the demand for benchmarking has increased
4. Surveys range from comparing one industry to another or as specific as comparing an
obstetrics department in one geographical area to another in the same geographical area
5. Well known and used external benchmarking reports
a) Risk Management Foundation of the Harvard Medical Institution
b) Risk and Insurance Management Society
c) Aon-ASHRM Hospital Professional Liability and Physician Liability Benchmark Analysis
6. Regardless of the system, challenges to benchmarking remain
a) Confidentiality of data
b) Inconsistent or incomplete data
c) Willingness to share data
d) Cost as opposed to value received
e) Bias on areas of focus
f) Comparability of benchmarked group
7. Influence of outside factors
X. Integrated risk financing and integrated healthcare

A. Efficiency: Spend more time on risk prevention and mitigation and less time on annual
insurance renewals
B. "Portfolio Effect": Pulling a group or portfolio of risk together
C. Combined purchasing power: Enhance "market clout" by placing as a package
D. Multiyear single limit: Locking up pricing for several years
E. Use of reinsurance
1. Treaty reinsurance: Protects an insurer across its book of business
2. Facultative reinsurance: Arranged on a risk-by-risk basis
XL Tax aspects of risk financing

A. Benefits of insurance to taxpayers
B. Disadvantage of insurance to taxpayers
C. Disadvantage of insurance to tax exempt entities
D. Tax definition of insurance
E. Unrelated party risk approach
F. Brother-sister theory
G. Tax as a factor in captive domicile and form selection

XII. Actuarial and accounting applications for risk financing
A. Expected losses
B. Trends
1. Severity: Generally calculated by measuring the change in average loss costs each year
where average loss costs are the total loss costs divided by the number of claims
2. Frequency: Number of claims divided by the number of exposure units
C. Loss development patterns (paid, reported, incurred)
1. Long tail coverage
2. Loss development triangle
D. Exposure units: Measures the changes in expected loss from year to year due to changes in the
size of the entity or the mix of business
E. Limit adjustment factors
1. Basic limit losses
2. Retained limit losses
E Data credibility
1. Quality
2. Predictability
3. Geographic
G. Confidence levels: Probability that the expected losses will not be exceeded by the actual losses
H. Pure premiums: Expected loss costs per exposure unit
I. Retention levels
1. Specific
2. Aggregate
J. Coverage form
1. Claims-made: Claims reported during the coverage period regardless of when the
incident actually occurred, subject to the retroactive inception date
2. Occurrence: Incidents that occur during the coverage period regardless of when the claim is reported
3. Prior acts: Used in conjunction with claims-made coverage to essentially provide
occurrence coverage by covering any unreported or "incurred but not enough" claims
XIII. Actuarial projections
A. Medicare/Medicaid reimbursement
B. Regulatory requirements
C. Bond covenants
D. Audit support
E. Excess insurers and reinsurers
F. Fiduciary responsibility
G. Actuarial reports 1.
Purpose or scope

2. Distribution and use
3. Reliances and limitations
4. Summary and conclusions
5. Methodology
6. Major assumptions
7. Exhibits and graphs
H. Accounting issues
1. Generally accepted accounting principles
2. American Institute of Certified Public Accountants
XIV. Requests for proposals (RFP)

A. Process utilization
1. Insurance brokerage
a) Selection of organization's insurance broker
b) Evaluate cost and availability of alternate risk financing mechanisms
c) Implementation: direct impact on finances of organization
2. Risk management consulting
3. Outsourcing
4. Legal bill review and auditing
5. Special projects
a) Claim file audits
b) Clinical department audits
c) Regulatory compliance
B. Types of proposals for insurance brokerage
1. Market proposal
a) Specific lines of coverage are assigned to a specific broker who is then assigned to a
market or markets
b) Best used on smaller, easier-to-place coverage lines
c) Compensation is usually paid on a commission basis
2. Conceptual proposal
a) Respondents are asked to offer suggestions on improvements and changes without
going to the insurance market for costs or coverage
b) Beneficial for multiple renewal dates, difficult lines of coverage to place, and
limited markets available to underwrite the risks
c) Broker does not have permission to access the marketplace
3. Interviews
a) Series of interviews as a valid selection methodology
b) Proposal to include questions all respondents will need to address

C. Initial steps in the RFP process for insurance brokerage
1. Identifying and assessing the goals of the RFP process
a) Accurate assessment and understanding of what is to be accomplished through the process
b) What is the desired outcome?
c) What is the current market?
(1) Soft market: Characterized by low premiums, flexible terms and generous capacity
(2) Hard market: Characterized by escalating premiums, strict underwriting procedures
and limited availability of coverage
(3) Usual market cycle is five to seven years, but the previous soft market persisted
from the late 1980s through 2000.
d) How much insurance should be purchased?
(1) Appropriate policy limits
(a) Limits historically purchased
(b) Loss history
(c) Regulatory and legal climate
(d) Exposures created by organization's business strategies
(e) Benchmarking against similar organizations
(2) Policy limits may include or exclude defense costs (preferable to exclude)
(3) Sub-limits may cap the coverage for specific perils
(4) Deductibles and self-insured retentions (SIRs)
(5) "Named peril" vs. "all risks" coverage: Specific, narrow coverage vs. broad, catch-
all type of coverage
2. Establishing a timeline
a) Date the RFP is distributed to potential respondents
b) Date the risk manager will be available to discuss information
c) Date written response is due
d) Timeframe for evaluation of written responses
e) Date respondents will be notified of results of written proposals
f) Date and time set aside for oral presentation
g) Date by which a final decision will be made
h) Date the assignment is to commence
i) Length of the assignment
3. Establishing a broker selection committee
a) Supports and assists the risk manager during the broker selection process
b) Provides an opportunity to obtain a wide variety of opinions
c) Encourages new perspective on insurance
d) Enhances collective support and buy-in among constituents

4. Determining evaluation criteria
a) Established criteria facilitates an objective process
b) Provides a useful guide in reviewing the written materials and oral presentation
c) Does not need to be complicated, lengthy or detailed
D. What to include in the RFP for insurance brokerage
1. Executive summary
a) Annual reports
b) Organizational charts
c) Brief description of operating divisions
d) Financial statements
e) Mission statements
f) Organizational vision
g) Market share evaluation
2. Insurance information
a) Schedules of insurance
b) Declaration pages to policies
(1) Insurance policies
c) Loss runs
d) Coverage specifications
(1) Comprehensive coverage of all major loss exposures, at a cost effective premium
(2) Evaluation of exposures
(3) Application for coverage (underwriting submission to qualified, interested carriers)
(4) Develop a quotation (qualitative issues such as appropriate limits, deductibles, etc.)
(5) Negotiation of coverage terms, services and pricing
e) Named insured
E. What to look for in responses to the RFP for insurance brokerage
1. Technical competence: broker has a competency that the risk management department does
not have
2. Market access and marketing philosophy
a) Skill in marketing the account to company underwriters
b) Broker's marketing philosophy fits with the organization's corporate culture
c) Broker's criteria for placing business with a given market
3. Account team list: Names of team members and their technical expertise and depth of
experience
4. Account services: Evaluate services required or desired to manage account
5. Consulting services
6. References

7. Service contracts: Should be drafted and approved by both parties
8. Compensation
a) Fixed fee
b) Commission
c) Time and expense
d) Retainer fees
e) Bonuses
9. Respondents should show proof of coverage in place while handling the client's
account F. Monitoring results and evaluating services
1. Establish criteria
a) Review what services the outside provider was engaged to perform
b) Agree to service criteria ahead of time
c) Determine if criteria are tied into compensation dollars
d) Set periodic status reports
2. Auditing tools: Performance standards
3. Develop and monitor a timeline
4. Stewardship
a) Stewardship reports are prepared by the broker and given to clients as an evaluative tool or
report card on performance
b) Should not be a marketing brochure for the broker
REVIEW QUESTIONS
1. Imagine you are a hospital risk manager responsible for purchasing and managing the
commercial insurance and the self-insured retention (SIR) fund. You have structured professional
liability coverage with a combination of SIR and commercial insurance. The SIR limits are
$1,000,000 per incident and $3,000,000 yearly aggregate. In addition to the SIR, you have purchased
excess coverage in the amounts of $10,000,000 per incident and $25,000,000 yearly aggregate.
Assume all policies are written on a calendar-year basis, all payouts are in the correct year, and the SIR
fund and the commercial insurance carrier are financially solvent.
Examples: If no claim has been paid during the year, a total of $11,000,000 per incident and
$28,000,000 yearly aggregate are available.
Per Incident Yearly Aggregate
Self-Insured Retention Fund $1,000,000 $3,000,000
Excess Coverage $10,000,000 $25,000,000
Total Available $11 ,000,000 $28,000,000

If the first claim is settled for $1,500,000, the SIR pays the first $1,000,000, and the excess
carrier pays the remaining $500,000.
What is the remaining balance for the year end for the SIR and excess coverage? _______
Answer. This leaves a year-end SIR balance of $2,000,000 and $24,500,000 of excess coverage
for the year. If the next claim is settled for $10,000,000, the SIR pays the first $1,000,000, and the excess
carrier pays the remaining $9,000,000. What is the remaining year-end balance for the SIR and the excess
coverage? Answer: This leaves a year-end SIR balance of $1,000,000 and an excess coverage year-end balance
of $15,500,000.
2. What type of primary malpractice insurance policy is necessary to purchase "tail/prior acts"
coverage when changing carriers?
A. Excess
B. Umbrella
C. Occurrence
D. Claims-made
Answer. D
Claims-made coverage provides coverage for a claim that occurred after the inception or retroactive coverage
date of the policy and is reported to the insurance company while the policy or any replacement policy is still in
effect. A tail essentially converts a claims-made policy to an occurrence policy by extending coverage to all
claims that arise from the care rendered during the policy period regardless of when the claim is reported.
3. The insurance industry is cyclical. It is characterized by periods noted as "hard" and

"soft" markets. Which of the following statements is TRUE?
A. During a hard market, coverage is available and affordable
B. A hard market is characterized by flexible coverage terms
C. During a hard market, coverage may not be available at any cost
D. Hard market cycles last longer than soft market cycles
Answer: C
During a hard market it becomes difficult to place coverage and terms become less favorable. Only answer C is
correct.
4. Which of the following are types of third-party of liability insurance?

1. General liability
2. Fire/property
3. Directors and officers
4. Fiduciary
A. 1 and 2 only
B. 1 and 3 only
C. 1, 3 and 4 only
D. All of the above

Answer: C
If the insurance payment flows to you or your organization, it is first-party insurance. Since liability policies pay for
damage or injury to someone other than you, it is not first-party coverage.
5. A captive insurance company is:

A. A type of reinsurance
B. A form of a self-insurance trust
C. A fronted retention group
D. An insurance company subsidiary that insures the risk of the parent
Answer: D
A captive is an insurance company established to provide insurance coverage to a sponsoring entity as opposed to
marketing and selling policies commercially to insureds. The sponsoring entity may be a parent corporation and
its related subsidiaries, a professional association or other group.
6. An insurance policy contains what four standard elements:

A. Declaration page, broker, S&P rating, exclusions
B. Declaration page, defense costs, deductibles
C. Conditions, exclusions, insured's name only, where invoices are to be sent
D. Declaration page, insuring agreement, conditions, exclusions
Answer: D
A policy containsftur standard elements: declaration page, insuring agreement, conditions and exclusions.
7. A physician has a $1-million policy limit with a $100,000 per-claim deductible. How
much insurance does the insured have?
A. $1,100,000
B. $1,000,000
C. $900,000
D. $800,000
Answer: C
The carrier is responsible to pay the deductible and recoverfrom the insured. The deductible amount is subtracted from
the policy limit resulting in the insurance amount. A letter of credit may be requiredfrom the insured
8. A new claim has been reported to the insurer. The claim occurred on 6/1/2012 and was reported
2/1/2013. The facility has a claims-made policy dated 1/1/2013 — 12/31/2013 with a retroactive date
of 1/1/2003. Assuming the claim is for a covered loss and was not known or reported to the prior
carrier at the time of occurrence, will the carrier accept the claim as being covered under the policy?
A. Yes
B. No
Answer A
Claims-made coverage provides coverage of a claim that occurred after the inception or retroactive coverage date of the
policy and is reported to the insurance company while the policy or any replacement policy is still in effect.

CLAIMS AND LITIGATION
Domain
CLAIMS AND LITIGATION Domain 189

Claims and Litigation Domain
A. Examine the claims management process from the occurrence of the event to claim resolution
B. Distinguish between a claim, a potentially compensable event, and a lawsuit
C. Describe the types of liability
D. Describe the four elements that must exist in order for there to be professional liability
E. Discuss the various exposures for different types of organizations
F Identify factors that may influence whether a claim is covered under an insurance policy
G. State the value of collecting claims data
H. Describe the critical steps in a lawsuit
KEY TERMS
Adverse event — Any injury (undesirable clinical outcome) caused by medical care and not
an underlying disease process.
Adverse outcome — Clinical outcome that, while neither desirable nor necessarily anticipated,
may still have been a known possibility associated with the treatment or procedure.
Alternative Dispute Resolution — A process or system to resolve disputes outside the formal
judicial process.
Negotiation — A voluntary, usually informal, unstructured process. There is no third-party
facilitator, but parties may be represented by legal counsel.
Mediation — A process in which a neutral third party helps the parties reach a mutually-acceptable
agreement.
Arbitration — The hearing and determination of a case in question someone either chosen by
the opposing parties or by a person appointed under statutory authority.
Binding — An agreement that is final and not appealable.
Non-Binding — An agreement is not final until it is entered by the court into the record allowing
the party to continue the civil litigation process.
Answer — A document filed with the court in response to a complaint or petition. Generally the answer
must: 1. Admit that the plaintiffs' allegations are true 2. Deny that the plaintiffs' allegations are true or 3.
State that the defendant does not have information regarding the truth or falsity of the allegations.
Appeal — An action that is taken after the trial of a matter or after a dispositive motion has been
entered in a matter. An appeal may be taken for the purpose of correcting an error made by the trial
court or to obtain a new trial. Also, it is a resort to a higher court to obtain a review of a lower
court's decision and a reversal of the lower court's judgment or granting of a new trial.
Assault — An intentional act that is designed to make the victim fearful and that produces
reasonable apprehension of harm.
190 ASHRiVI Preparation Guide for the CPHRM Examination

Attorney-client privilege — A legal doctrine recognized by both common and statutory
law protecting certain confidential communications between an attorney and his or her
client from discovery in a legal proceeding unless the privilege is waived by the client.
Attorney work product privilege — A legal doctrine recognized by both common and statutory law
protecting the documents generated, theories devised, legal strategies formulated, etc., by an attorney
on behalf of a client from discovery in a legal proceeding unless the privilege is waived by the client.
Battery — In tort law, the intentional causation of harmful or offensive contact with a person
without that person's consent.
Claim — Formal notification that monetary damages are being sought for an alleged injury.
Claims-made coverage — Provides coverage for a claim that occurred after the inception or
retroactive coverage date of the policy and is reported to the insurance company while the
policy or any replacement policy is still in effect.
Claims management — A systemized approach utilized to reduce the financial loss and negative
community image of a healthcare organization in situations where prevention fails and injury occurs.
Complaint/Grievance — A formal or informal written or verbal complaint made to the hospital by
the patient or the patient's representative regarding the patient's care. Medicare/Medicaid Hospital
Conditions of Participation require a formal process for patient notification of their rights and for
response and follow-up with the patient.
Complaint (legal) — One of the initial filings with a court to begin a lawsuit; normally recites
all of the allegations against the defendant and theories upon which the plaintiff seeks to
recover damages (may be called a petition in some jurisdictions).
Damages — Monetary compensation obtained for an injury for which the plaintiff (claimant)
seeks compensation from the defendant (healthcare provider) and may include economic losses,
emotional distress, pain and suffering and disability.
Punitive or Exemplary — Damages sought or awarded to punish or deter a defendant or others
from similar conduct rather than to compensate the injured party. The awarding of punitive
damages generally requires a showing of gross negligence or willful and wanton misconduct. Such
damages are not insurable in some jurisdictions and may be excluded by insurance policies.
Special — Actual damages such as medical expenses related to the injury.
Defamation — Intentional false communication that injuries another's reputation.
Slander — A false and defamatory statement (oral/spoken) made about a person.
Libel — Defamatory language expressed in print, writing, pictures, or symbols intended to
injure another's reputation, business, or means of livelihood.
Depositions — Testimony (under oath) of a witness taken on interrogatories reduced to writing
and used to support or substantiate testimony offered at trial. The deposition is an important phase
of the discovery process. It consists of a question-and-answer session in which the witness is
interrogated under oath, after which the testimony is transcribed.
Discovery — The process in litigation by which each party to the action seeks to learn all the facts that
either 1. Support the plaintiff's cause(s) of action, or 2. Support the defendant's asserted defenses or denials.
Duty to defend — Insurer will defend any claim or suit alleging injury or damage and
seeking damages covered under the policy.
Duty to pay damages — Insurer will pay damages covered under the policy retroactive date.

Event — A happening or occurrence that is not part of the routine care of a particular patient
or the routine operation of the healthcare entity.
Employee Retirement Income Security Act (ERISA) — A federal law that sets minimum
standards for most voluntarily established pension and health plans in private industry to
provide protection for individuals in these plans.
Fraud and abuse — Fraud is an intentional misrepresentation, deception or act of deceit for
the purpose of receiving greater reimbursement. Abuse is reckless disregard or conduct that
goes against and is inconsistent with acceptable business, medical practices, or both, resulting
in greater reimbursement. The terms are generally used together to refer to breach of federal
statutes and regulations regarding inappropriate billing, kickbacks, referrals, related to the
federal or state Medicare and Medicaid programs.
Guardian Ad Litem — A person appointed by the court to represent the interests of a minor
child, an unborn child or a disabled person.
Integrated delivery system — A healthcare system made up of various types of providers, including
hospitals, ambulatory care centers, surgery centers, home health agencies and physician practices, and
frequently a managed care organization, such as an HMO or a preferred provider organization (PPO).
Insured parties — Organization and employees covered by an insurance policy.
Joint and Several Liability — The legal theory whereas a plaintiff can recover the entire adjudicated
damages from any culpable defendant (joint); or they can collect the apportioned amount from each
defendant (several).
Lawsuit — Formal legal action filed in court.
Managed care — The integration of healthcare delivery and financing that includes arrangements
with providers to supply healthcare services to members, criteria for the selection of healthcare
providers, significant financial incentives for members to use providers within the plan, and formal
programs to monitor the amount of care and quality of services.
Moonlighting — Working at another job after hours of a regular job.
Occurrence coverage — An insurance policy for which coverage is provided for claims
that occur during the policy period, regardless of when the claim is made.
Ostensible agency doctrine — The doctrine of ostensible agency, sometimes referred to as apparent
agency, permits a finding of liability on a hospital where there is the appearance of an employment
relationship with an independent contractor. In the absence of an employer-employee relationship, a
managed care organization (MCO) may still be held vicariously liable for the acts of provider physicians
if the patient had a reasonable belief that the physician was the MCO's agent and that this belief was
based upon representations made by the MCO to that effect. The burden is on the plaintiff to prove that
he or she detrimentally relied on the fact that the MCO held the physician out as its agent.
Petition — See entry for complaint.
Potentially compensable event (PCE) — Encompasses any incident in which there is neither an active
claim nor institution of a formal legal action, including those cases in which an unexpected event has
caused injury, the potential for injury or some expression of dissatisfaction or perception of injury.
Respondeat superior — Law doctrine that says an employer is responsible for the acts of
employees if the acts are within the course and scope of their employment.
Reserves — Estimates of the amount ultimately required to settle a claim, or pay a judgment
(indemnity reserve), and to provide for a defense and pay other allocated expenses related
to managing a claim (expense reserve).

psychological injury, or the risk thereof.
Standard of care — In medical malpractice cases, a standard of care is applied to measure the
competence of the professional. The traditional standard for doctors is that they exercise the average
degree of skilled care and diligence exercised by members of the same profession, practicing in the
same or similar locality in light of the present state of medical and surgical science. With increasing
specialization, however, certain courts have disregarded geographical considerations holding that, in
the practice of a board-certified medical or surgical specialty, the standard should be that of a
reasonable specialist practicing medicine or surgery in the same specialty. In a legal proceeding, the
standard against which the defendant's conduct is measured. The defendant is expected to act as an
ordinary, prudent person with similar training and skill would have acted in a similar situation. If the
defendant's conduct falls below this standard, the defendant may be determined to have acted
negligently.
Summons — A notice to the defendants named in a complaint indicating an action has been
filed against them and that they are required to answer by a specific date and at a specific place.
Third-party administrator — An independent organization that contracts to provide
claims management services to a self-insured entity.
Third-party overclaim — A claim by an injured employee against a party other than his or her
employer, such as the manufacturer of a machine involved in the injury, in which the third party
brings in the employer as an additional defendant, such as for failure to properly maintain the
machine. Third-party overclaims fall outside of workers' compensation coverage and are generally
covered by employers' liability policies.
Uninsured parties — Actual or potential codefendants not covered by the organization.
another, based solely on a relationship between the two persons. Indirect or imputed legal
responsibility for the acts of another (e.g., the liability of an employer for the acts of an employee).
Also, a principle for torts and contracts of an agent.
OUTLINE
I. Claims Management Program
A. A systemized approach utilized to reduce the financial loss and negative community
image of a healthcare organization in situations where prevention fails and injury occurs
B. Supported by leadership and board commitment
C. Driven by organizational philosophy and culture
D. Anchored by development of an infrastructure supported by staffing, policies and
procedures, decision authority, program scope and technology
E. Influenced by the organizations chosen risk financing mechanism
1. Self-insurance
2. Commercial insurance coverage
II. Claims Management Process

A. Identification:

1. Process of identifying problems or potential problems that can result in loss; recognizing
the potential for loss
2. Established and specifically defined process that includes points in time in which the
organizational leadership and/or board or board committee receives claims information
a) New claims
b) Open and closed cases
c) Aggregate claims experience
d) High exposure cases
e) Impact on risk financing program
3. Claims data collection system for identifying potential claims and litigation
a) Includes numerous data sources and types of events, including potential
compensable events (PCEs) and sentinel events
b) Part of the data mining process
(1) Information from QI, risk, patient safety, medical records, patient relations
(complaints and grievances), committees, hotline, surveys or reports,
grapevine, incident report, recall notices, etc.
c) Supported by technology
(1) Driven by a taxonomy that supports identification of open and closed
claims (a) Critical for meaningful benchmarking purposes
(2) Configured to generate loss runs
(a) Geared towards specific needs of insurers, underwriters, and brokers
(b) Key link to actuarial evaluation process
B. Investigation:
1. Process of collecting information regarding the facts related to a loss or potential loss situation
including collection of evidence and interviews of witnesses
2. Guidelines for investigating an event
a) Discover and document the facts
(1) Include review of policies and procedures; medical records, lab and imaging
reports; interviews with staff under the direction of counsel; determination of the
insured parties, etc.
b) Secure evidence
(1) Verify that there are document retention policies in place and a process for
"claim/ litigation holds" of medical records, policies, etc.
(2) Equipment believed to have malfunctioned or user error
(a) Complete voluntary and/or mandatory reports to FDA (SMDA)
(b) Sequester equipment (saving/recording device settings); equipment supplies,
including packaging, needles and syringes; maintenance logs; manuals, etc.
c) Determine the applicable standard of care
(1) May include gathering applicable policies or procedures in place at the time of the event

d) Assess the applicable standard of care and legal principles
e) Communicate with appropriate persons
(1) Interview witnesses
(2) Report the event to the insurance carrier as soon as possible; notify senior management
as appropriate, etc.
(3) Informal, preliminary expert (i.e., peer review process)
f) Protect the discovery of investigative material and avoid spoilage
(1) Be aware of statutory provisions and existing case law in the jurisdiction and work
under the direction of legal counsel
C. Documentation checklist:
1. Name and demographic information on insured parties
2. Name and demographic information on actual or potential codefendants
3. Date of incidence and date of notification
4. Insurance information
5. Claimant information
6. Review of medical records
7. Claimant's injuries
8. Current status of case
9. Summaries of interviews
10. Summary of claimant's allegations
11. Summary of facts
12. Copies of applicable policies, procedures and protocols
13. Copies of maintenance records
14. Summaries of expert reviews
15. Evaluation of damages
16. Evaluation of liability
17. Research including standard of care, applicable laws and regulations
18. Information regarding claimant's attorney
D. Analysis and classification:
1. Established process for claims analysis
a) May be supported by a committee
b) Considered independently as well as in the aggregate
c) Fact driven
d) May see evidence of both internal and external influencing factors
2. Claims classification system
a) Supported by technology
b) Driven by risk financing mechanism
c) Required fields (e.g., important dates, location, demographics, etc.)

E. Reporting:
1. All lawsuits, claims and potential compensable events (PCEs) should be reported
to organization's insurance provider(s)
2. Primary layer
a) Commercial insurance
(1) Based upon reporting requirements identified in the insuring agreement to avoid non-
coverage
b) Internal: self-insured retention (SIR) or deductible
(1) The insuring agreement identifies the conditions for reporting
(2) Report to management claims reported to commercial carrier or when institutional
funds are at risk such as a SIR and deductible
(3) Notify public relations if media coverage is anticipated
3. Excess and reinsurers (if applicable)
a) Reporting typically rests with the original insured (1)
Described in the insurance agreement/policy requirements
b) The insurance company may perform an audit to validate the accuracy and completeness
(1) Reporting process
(2) Adequacy and timeliness of reserves
4. Insurance reporting definitions
a) Potentially compensable event
(1) An occurrence for which a claim can be reasonably anticipated, but for which no claim
has yet been asserted
(2) An event for which there are grounds or contributing factors found after investigation,
worthy of compensation being awarded the claimant
b) Claim: Formal notification (generally in writing) that monetary damages are being sought
for an alleged injury. Generally accepted definitions, but some policies may define them
differently. Always check your policy!
c) Lawsuit: Formal legal action filed in court
F. Coverage determination:
1. Questions
a) Is the involved party covered by the
policy? (1) May trigger a duty to defend
b) Is the loss within policy period?
(1) Dates are specified by policy
c) Is the cause of loss covered?
(1) Medical negligence, intentional tort i.e. assault and battery
(2) Duty to pay damages
d) What types and amounts of damages are
covered? (1) Compensatory/punitive

e) Is the location covered?
(1) Activities of the covered individuals are within the scope of their
employment (moonlighting, volunteering, etc.)
(2) Schedule of covered entities or activities
f) What are the policy's exclusions?
(1) Assault and battery
(2) Sexual abuse
(3) Could trigger a reservation of rights letter where party is defended, but only
until it is determined whether or not the loss is covered or a criminal act is
adjudicated or admitted
2. Coverage: Insured or uninsured
a) Insured parties: Organization and employees; additional insureds under the facility's
policy (1) Are there any other insurance coverages that would apply?
b) Uninsured parties: Actual or potential codefendants not covered by the organization
(1) What are the conditions of coverage and does this situation meet the criteria?
(2) What are the coverage types and limits?
(3) Are defense costs included within policy limits?
3. Coverage: types of liability
a) GL — General liability: Hazards in the environment, non-professional judgment
and actions
(1) Slips and falls
(2) Slander (spoken) and libel (written)
(3) Malicious prosecution and false arrest
(4) Assault and battery
(5) Advertising issues
(6) Environmental pollution
b) HPL/PL/PPL — Professional liability/medical malpractice
(1) Professional negligence by act or omission by a healthcare provider in which care
provided deviates from accepted standards of practice in the medical community
and causes injury or death to the patient.
c) EPL — Employment Practices
(1) Non-Discrimination
(a) Civil rights
(b) Age
(c) Disability
(d) Sexual harassment
(e) Whistleblower

G. Liability Determination:
1. Negligence
a) A failure to act as an ordinary prudent person would, action contrary to that of a
reasonable party, or the failure to use such care as a reasonably prudent and careful
person would under similar circumstances; carelessness
b) Elements of negligence (4Ds)
(1) Duty to exercise reasonable care often noted as the "standard of care"
(2) Duty breached
(3) Direct or proximate causation: "injury"
(4) Damages resulted
2. Standard of Care
a) Must be established by expert opinion testimony
b) Exception can be rebuttable presumption of negligence based on:
(1) The negligence is so obvious that it is within the common knowledge of jurors
(2) The cause of the injury is under the exclusive control of the defendant and this type of
accident does not happen without negligence (res ipsa loquitur: "the thing speaks for itself")
(3) Negligence per se: A legal doctrine whereby an act is considered negligent because
it violates a statute or regulation
3. Tort reform
a) Activity on both the federal and state levels
b) Various legislative approaches
(1) Monetary cap on non-economic damages (e.g., $250,000)
(2) Mandatory prior notice of intent to file malpractice action
(3) Limits on percentage allocation of contingent attorneys' fees
(4) Abrogation of joint and several liability
(5) Mandatory alternative dispute resolution (e.g., mediation and arbitration)
(6) "No fault" insurance or state-administered victim's fund
H. Reserving
1. Process of estimating the amount ultimately required to settle a claim or pay a judgment
(indemnity reserve) and to provide for a defense and pay other allocated expenses related
to managing a claim (expense reserve)
2. Depends on numerous factors
a) Venue
b) Plaintiff attorney
c) Joint and several liability
3. An art more than a science, but experience plays a role
4. Critical for the financial soundness of the insurance company or the self-insurance fund
5. Reserve set when exposure and liability can be sufficiently assessed, both initially
and ultimately

6. Reserving can be done by the insurance company, the risk management professional or
an outside claims management service or third-party administrator (TPA)
7. Ensure accurately and timely loss runs are maintained
I. Claims management strategies
1. Defend vs. settle
2. Meritorious vs. frivolous
3. Alternative Dispute Resolution (ADR) — A process designed to resolve disputes in a manner
that avoids the cost, delay, and unpredictability of the traditional adjudicatory process
J. File Management
1. Claim file
a) Correspondence
b) Investigation documentation
c) Medical Records
d) Expert Reports
e) Legal papers
f) Expenses
g) Reserve history
2. Diary
III. Legal Theories

A. Vicarious liability (general category)
1. Imputed liability for acts of another; employer for the acts of negligence or omissions of its
employees
B. Respondeat Superior (specific category)
1. Employer responsible for the acts of their employees if the alleged wrongful act is within
the course and scope of their employment
2. Employee must also have been found liable
C. Ostensible or apparent agency
1. Patient looked to the facility rather than the individual physician for care
2. The institution held out the independent contractor as an employee, i.e., hospital
based physician services
D. Corporate negligence
1. Facility responsible for own acts of negligence in failing to ensure that a proper standard
of care is upheld
2. Facility must have known of a defect in procedures and the defect was substantial factor in
the patient injury
IV. Exposures of Healthcare Entities
A. Exposures of hospitals and medical centers
1. Respondeat superior

a) "Let the master answer for the acts of the servant"
b) An employer is responsible for the acts of employees if the acts are within the course
and scope of their employment
2. Ostensible agency or apparent authority
a) Patient looked to the institution rather than the individual physician for care
b) Institution "held out" the independent contractor or the physician as its employee
c) Physician services provided by contract require careful review for adequate insurance
and indemnification provisions
3. Negligent credentialing liability
4. Negligent failure to protect confidential data or invasion of privacy (HIPAA and HITECH)
B. Exposures of emergency medical services providers
1. Abandonment
2. Assault/battery
3. False imprisonment
4. Invasion of privacy
5. Failure to appropriately treat the medical condition
C. Exposures of primary care in ambulatory settings
1. Professional negligence
a) Failure to satisfy the standard of care, causation, damages
(1) Inadequate history and poor communication
(2) Failure to order diagnostic tests
(3) Failure to refer
2. Informed consent
a) Negligent failure to properly disclose risks, benefits, alternatives, risks of refusal
3. Battery (failure to obtain permission to treat)
4. Abandonment
5. Elder abuse
6. Negligent failure to protect confidential data or invasion of privacy (HIPAA, HITECH)
7. Safety issues (ensuring a safe environment)
8. Infection control
9. Human resource issues
D. Exposures of integrated delivery systems (IDS)
1. Unemployed physicians with hospital privileges are considered to be an
independent contractors
a) Generally, hospital cannot be held vicariously liable for the negligence of independent contractors
2. Development of IDS

a) Arguments are being made that various healthcare entities share some responsibility
for other providers to ensure adequate care is being provided
E. Exposures of managed care organizations (MCO)
1. Employee Retirement Income Security Act of 1974 (ERISA) requires that health plans
and plan sponsors provide members with a summary plan description
2. Parties involved in managed care
a) Patients
b) Providers
c) Provider organizations
d) Payers
e) Health plans
3. Liability theories against managed care organizations
a) Vicarious liability
(1) Imposition of liability on one person for the actionable conduct of another,
based solely on a relationship between the two persons
b) Respondeat superior
(1) Employer is responsible for the acts and omissions of employees in the course,
action and scope of their employment
c) Ostensible agency
(1) Actions of the principal lead the third party to believe that the putative agent
is an agent or employee of the principal
d) Corporate negligence
(1) Negligent selection of member physicians and/or failure to allocate appropriate resources
e) Breach of contract
(1) Failure, without legal excuse, to perform any promise that forms the whole or
part of the contract
f) Bad faith claims
(1) Claims brought forward without any merit
g) Breach of fiduciary duty
(1) Failure to exercise due diligence in overseeing the affairs of the organization
4. Areas of risk
a) Underwriting risk
b) Business risk
(1) Operating risk: Inability to predict and manage medical expenses
(2) Growth risk: Unplanned expenses due to business growth
(3) Provider subcontracting risk: Failure to maintain favorable contracts with
provider network, or experiences of higher costs due to referral patterns.
(4) Personnel risk: Failure to recruit and retain key employees
(5) Information risk: Disruption of information technology and its effect on the organization

c) Litigation risk
(1) Insurance risk: Inability to obtain necessary insurance at reasonable rates
(2) Financial risk: Liquidity risk (cash flow)
(3) Solvency risk: Maintaining sufficient assets to meet ongoing claim payment responsibilities
(4) Affiliate risk: Associated with organization's access to capital based upon the funding
of the parent organization
d) Regulatory risk
(1) Consumer protection, both federal and state
(2) State licensure
(a) All health insurance plans must be licensed in the states in which they offer coverage
(b) Based upon the state, providers may need to be licensed in order to
provide managed care tasks
(3) Minimum capital requirements: Licensing agency requires specific levels of statutory capital
(4) Minimal benefit requirements: MCO may be subjected to minimum health benefit
and expense levels
(5) Government investigations: Subject to governmental reviews, audits and investigations
(CMS, DHHS, Office of Inspector General, state insurance departments)
(6) Anti-kickback laws: No inducements for the purchase of services for which payment
may be made under a federal program
(7) Fraud and abuse: Billing for unnecessary goods/services
(8) Privacy and confidentiality laws: Both federal and state
(9) Government inquiries
(10) Electronic data transaction standards established under HIPAA and HITECH
(11) Collective bargaining: Some states' legislation allows physicians to collectively bargain
with MCOs
(12) Competition and strategic risks
(a) Competition risk: Actions of competitors may negatively impact the
organization's ability to increase its market penetration
(b) Environmental risk: State and federal budget decreases, inflation, unemployment, etc.
(c) Public relations risk: Negative publicity arising out of the management of the plan
5. Controlling third-party loss
a) Four major areas
(1) Due diligence: Legal review of an entity targeted for acquisition by an acquiring party
to obtain financial and operating history along with current status
(2) Patient communication: Clear and defined communication concerning expectations of
patients
(3) Policies and procedures
(4) Risk transfer: Procedure of shifting risk of loss to another party who agrees to
accept the risk

b) Seven steps
(1) Using due diligence and contract analysis to identify critical risk issues
(2) Developing a written plan for provider selection, credentialing and peer review
based on objective performance metrics
(3) Preparing and monitoring written utilization review and quality management plans
(4) Developing a written plan guiding appropriate patient communication
(5) Developing effective billing procedures
(6) Maintaining an ongoing continuing education program for providers
(7) Using insurance and other risk-transfer mechanisms
(a) Use indemnification clauses
(b) Require providers to sign hold-harmless agreements and provide
adequate comprehensive liability coverage
(c) Identify coverage available under the provider organization's current
insurance programs and secure additional coverage if needed
F Exposures of long-term care
1. Example: liability for residents who wander from the facility
2. When a number of residents are injured due to a poorly-operated facility, a class
action lawsuit (e.g., abuse of residents) may result
3. CMS defines the requirements under the federal law for nursing homes (Social Security
Act) to meet the standards for participation in Medicare and Medicaid programs
4. Vulnerable adult statutes
V. Litigation Management
A. Selecting a defense firm
1. Significant experience in litigation
2. Multiple attorneys capable of handling the case
3. No clients preferred over others
4. Billing rates
5. Geographical proximity
6. Current caseload and ability to handle the litigation assigned efficiently and effectively
7. Experience with subject matter
8. Experience with plaintiff counsel chosen to represent the plaintiff
B. Communicating with defense counsel
1. Acknowledgment of assignment immediately after receipt of the case; assignment should
be in the form of a written letter
2. Designation of trial attorney who will work closely with the risk management professional
3. Investigation
4. Discovery
a) Consider litigation management strategies that require prior approval for such
things as expert reviews, necessity of depositions, etc.

5. Medical reviews
6. Cross-claims and/or joinders
a) Require authorization from the risk management professional, who will discuss
with the organization's CEO and/or other designated individual prior to approval
7. Settlements
8. Reporting requirements
9. Deposition summaries
10. Pretrial litigation strategy
C. Controlling legal fees
1. Oversight of legal fees typically the responsibility of the risk management professional or TPA
2. When identifying defense firms to represent the organization, the following issues need
to be discussed and negotiated:
a) Hourly rates
b) Professional services
c) Miscellaneous expenses
d) Billing practices
e) Bill auditing
D. Evaluating defense firm performance
1. Procedural compliance with the agreement set forth in defense counsel instructions
2. Responsiveness and cooperation with the healthcare organization's risk management staff
3. Track record in litigation over the previous year or for a set period of time
4. Billings over the previous year
5. Understanding of underlying medical issues to be able to manage the claim
VI. Insurance Companies and Brokers

A. Delineation of responsibilities
1. Clarify requirements for reporting potentially compensable events (PCEs), claims and lawsuits
2. Determine responsibilities for investigation, negotiation, authority to appoint
counsel, frequency of status reports and settlement authority
B. Duty to defend and reservation of rights
1. Requirement that the insurer will defend any claim or suit alleging bodily injury or
property damage that seeks damages payable under the insurance policy
2. Reservation of rights is a formal notification by the insurer indicating that while the claim is
being investigated and defended, the company is not waiving its rights under the policy
C. Responsibility for reporting to excess insurers and reinsurers
1. All claims that meet the reporting requirements must be reported in a timely manner under
the requirements set forth by the carrier; reporting rests with the original insured
2. Excess or reinsurance company may perform an audit to validate the accuracy
and completeness of the reporting process

VII. Lawsuit Process
A. Public relations strategy
B. Pre-trial procedures
1. Pleadings
a) Summons: A document commanding a defendant to appear and answer before a court
b) Complaint: One of the initial filings with a court to begin a lawsuit. The complaint
normally recites all of the allegations against the defendant and theories on which the
plaintiff seeks to recover damages. May be called a petition in some jurisdictions.
Received via process server.
2. Response
a) Answer
(1) Cross-claims: Suit filed by defendant against plaintiff
(2) Joinders: Additional defendants added to lawsuit
b) Motion to strike: A filing to eliminate a cause of action in the complaint or petition or to
preclude the defendant from mounting a defense based on a certain theory
c) Demurrer: Admission of the truth of the allegations asserted by a plaintiff accompanied by
a request for their dismissal due to legal insufficiency to state a cause of action. This has
largely been replaced in the federal court system and in jurisdictions following the federal
court rules of civil procedure by the motion to dismiss.
3. Discovery
a) Interrogatories
(1) Written questions to be answered in writing and under oath; usually completed by the
risk management professional
(2) Objections may be appropriate but detailed reason for objection may be needed (e.g.,
if unduly burdensome and time consuming)
b) Depositions
(1) Testimony of a witness (deponent), given under oath and out of court; party requesting
the deposition will also give notice to other parties involved in the legal action, so that
they can be present to cross-examine the deponent
c) Subpoenas or subpoenas duces tecum (requiring certain documents be produced with the
witness)
d) Motions (procedural law)
(1) Filing with the court: Requesting the court to perform some function
(2) Motion for summary: A filing that seeks to have a lawsuit decided because there are
no genuine issues of material fact for the jury to decide
(3) Motion in limine: A filing to preclude the admission of certain facts, testimony, items, or
proofs at trial; may be granted on the grounds that the evidence is not relevant, is redundant
or duplicative of other evidence, will unduly arouse or inflame the jury, and so on
C. Trial procedure
1. Substantive and procedural law
a) Procedural law refers to rules developed to conduct the proceedings of the court

b) Substantive law creates, defines and regulates the rights and duties that are to be enforced
2. Parties and witnesses, fact and expert
3. Finder of fact
a) A special verdict when the jury only makes the findings of fact and the court applies
the law to the facts found by the jury
4. Outcomes
a) Jury verdict
b) Settlement
(1) Agreed upon outcome of the case between the parties
c) Directed verdict
(1) Motions are made for directed verdicts when it is believed that the evidence presented
was not relevant and material to the facts of the case; court then rules and determines
the outcome of the case
D. Post-trial procedures
1. Appeal: Action taken after a verdict or decision on a motion has been entered
2. Negotiate a settlement
VIII. Claims settlement process

A. Negotiate with the claimant if not represented by legal counsel
B. Negotiate with the claimant's attorney if represented by legal counsel
C. Settlement agreement
D. Alternative dispute resolution mechanisms
1. Types
a) Negotiation
(1) A voluntary, usually informal, unstructured process. There is no third-party
facilitator, but parties may be represented by legal counsel.
b) Arbitration
(1) Either private, voluntary or court related process with a third party making the decision
c) Mediation
(1) Voluntary process where a third party facilitates negotiations between the parties
2. Advantages over trial
a) More economical
b) Quicker
c) Less hostile
d) More private
3. Reporting of medical professional liability payment
a) National Practitioner Data Bank (NPFB)
b) State licensing agencies

REVIEW QUESTIONS
1. The risk manager is usually expected to report which of the following to the insurer:
A. All events
B. Claims and lawsuits
C. PCEs
D. A and B
E. B and C
Answer: E
Requirements are described in the insuring agreement. Generally, reporting of all events is not required, but the
reporting of claims, lawsuits and PCEs usually is required under the policy provisions for reporting.
2. A 24-year-old patient presents to the emergency department following a MVA with a

complaint of headache. The contracted ED physician orders a CT scan and requests
consultation with Trauma Services. The patient is admitted for observation. Six hours after
admission, the patient arrests, and it is determined she is brain dead from a brain
hemorrhage. Review of the record determines that a bleed was evident on the CT scan and
that there was a delay in evaluating and treating the patient.
In the above scenario, who are the potential defendants?
A. The radiologist and the ED physician
B. The trauma physician
C. The admitting physician
D. All of the involved
physicians Answer D
3. In the above case, are all four elements of negligence present?

A. True
B. False
Answer: A
4. Hospitals may be exposed to liability from all but which of the following:
A. Employees' actions
B. Impaired physician
C. Contracted physician
D. All of the above
Answer. D
Exposures can occur from each of these as a result of respondeat superior, vicarious liability and ostensible
agency.

5. Which is NOT a valid primary reason for selecting a particular defense attorney?
A. Referral from the hospital's board of directors
B. The degree of responsiveness to and cooperation with the risk manager
C. The firm's track record in medical malpractice litigation
D. The firm's compliance with procedures, including litigation guidelines
Answer. A
The firm's ability should be the direct measure of why they should be selected, not just a referral. Merit is
important.
6. Interrogatories may include questions thought to be objectionable by the risk manager.

Which of the following objections, while appropriate, must be accompanied by a detailed
explanation?
A. The interrogatory is not applicable to the case
B. The information being requested is already in the possession of the party requesting it
C. The interrogatory is unduly burdensome and time consuming
D. The information sought is a matter of public record
Answer: C
Although appropriate, further details regarding the reason for objection should be outlined.
7. A 50-year-old school teacher is brought to the hospital to rule out metastatic disease. She has
a history of breast cancer, but chose not to undergo a round of chemotherapy at the time of
her diagnosis four years prior to this admission. During this hospitalization she is given five
doses of an anticoagulant in error. She begins to have seizures, and a CT scan reveals
bleeding in her brain. The physicians, nurses and pharmacists do not discover the error
until it is picked up on a routine pharmacy audit. The patient's family is told of the error,
and the patient dies in the ICU two weeks following the last dose of the anticoagulant.
Autopsy reveals metastatic disease to her brain contributed to her bleeding.
In the above case, the most applicable legal term that the plaintiff might use to establish
a claim against the nurses and pharmacists would be:
A. Res ipsa loquitor
B. Ostensible agency
C. Respondeat superior
D. All of the above
Answer. C
An employer is responsiblefor the acts of employees i fthe acts are within the course and scope of their employment.

8. For the facility's risk management professional, an appropriate strategy for managing the
claim would be which of the following:
A. Try to speak with the family and settle the claim before reporting the matter to the
insurance carrier
B. After speaking with the insurance carrier, do not have any discussions with the family
C. Speak with the family, let them know that you will be reporting the claim to the insurance
carrier, let them know that you wish to keep the lines of communication open
D. Because of the seriousness of the claim, let the family know that their interests would be
best served by seeking legal counsel
Answer: C
9. Once reported to the insurance carrier, reserving will take place. True statements
concerning setting an indemnity reserve are:
1. Only the risk management professional should set reserves within their retention
2. The reserve, once set, can be adjusted
3. Reserving is an art more than a science
A. Only 3
B. All of the above
C. 2 and 3
Answer: C
Reserving of claims may be done by the risk management professional, insurer or TPA.
10. There are several ways for the above claim to come to resolution. An optimal
approach would be:
A. Settlement prior to litigation
B. Litigation prior to any settlement
C. Deny the claim
Answer: A
11. A medical malpractice case has been filed in the above-described situation. You are the risk
management professional. The insurance company has assigned the case to a law firm and
the initial discovery has commenced. Interrogatories have been requested of the defense. The
best person to answer these would be:
A. The nurse who gave the wrong medication.
B. The hospital administrator
C. The risk management professional
Answer: C

12. The risk management professional will assist in the investigation of the
lawsuit in conjunction with defense counsel. Some of the tasks include:
1. Interviewing staff and physicians without counsel present
2. Gathering pertinent medical records, bills, etc.
3. Interviewing the plaintiff's expert witness
4. Being present with counsel for deposition preparation of witnesses
A. 2 and 4
B. 1, 2 and 4
C. All of the above
Answer: A
Communication should be done in the presence of counsel to preserve the attorney -client privilege.
13. In preparing an employee for deposition testimony, the employee should:

A. Review the medical record
B. Go to the library and read about the standard of care relating to the patient's illness
C. Discuss the case with others who have cared for the patient
Answer: A
A deposition is factual testimony (under oath) of a witness used to support or substantiate testimony offered
at trial.
14. The process of legal discovery includes which of the following?

1. Depositions
2. Production of documents
3. Medical examinations by experts
4. Motions
A. All of the above
B. 1 and 4
C. 1, 2 and 3
Answer: C
Discovery is the process in litigation by which each party to the action seeks to learn all the facts that
either support the plaintiff's cause(s) or action or support the defendant's asserted defenses or denials, which
includes 1, 2 and 3. Motions are legal pleadings.

Acronym
AAAASF American Association for Accreditation of Ambulatory Surgery Facilities
AAAHC Accreditation Association for Ambulatory Health Care
AABB American Association of Blood Banks
ACHC Accreditation Commission for Healthcare
AANA American Association of Nurse Anesthetists
ACEP American College of Emergency Physicians
AGOG American College of Obstetricians and Gynecologists
ACR American College of Radiology
ACS American College of Surgeons
ADA American with Disabilities Act
ADEA Age Discrimination in Employment Act
AED Automatic External Defibrillator
AHA American Hospital Association
AHIMA American Health Information Management Association
AHRQ Agency for Healthcare Research and Quality
ALARA As low as reasonably achievable
AOA American Osteopathic Association
AORN Association of periOperative Registered Nurses
APS Adult Protective Services
ARM Associate in Risk Management
ASA American Society of Anesthesiologists
ASCP American Society for Clinical Pathologists
ASHA American Speech-Language- Hearing Association
ASHRM American Society for Healthcare Risk Management
AWOHNN Association of Women's Health, Obstetric, and Neonatal Nurses
BA (BAA) Business Associate (Business Associate Agreements)
CAP College of American Pathologists
CAAS Commission on Accreditation of Ambulance Services
CAMTS Commission on Accreditation of Medical Transport Systems
CAPTA Child Abuse Prevention and Treatment Act of 1974
CARF Commission on Accreditation of Rehabilitation Facilities
CCAC Continuing Care Accreditation Commission
CDC Centers for Disease Control and Prevention
Acronym 211
CE Covered Entity
CEO Chief Executive Officer
CERCLA Comprehensive Environmental Response, Compensation and Liability Act
CFO Chief Financial Officer
CHAP Community Health Accreditation Program
CLIA Clinical Laboratory Improvement Act
CMS Centers for Medicare and Medicaid Services
CMP Civil Monetary Penalties
COBRA Consolidated Omnibus Budget Reconciliation Act
COR Cost of Risk
CoPs Conditions of Participations (Medicare)
CPA Certified Public Accountant
CPCU Chartered Property Casualty Underwriter
CPHQ Certified Professional in Healthcare Quality
CPHRM Certified Professional in Healthcare Risk Management
CPS Child Protective Services
CRNA Certified Registered Nurse Anesthetist
CRO Chief Risk Officer
DFASHR Distinguished Fellow of the American Society for Healthcare Risk Management
HHS Department of Health and Human Services
DME Durable Medical Equipment
DNR Do Not Resuscitate
D&O Directors and Officers(insurance)
DOJ Department of Justice
DOT Department of Transportation
DRS Designated Record Set
EAP Employee Assistance Program
ED Emergency Department
EEOC Equal Employment Opportunity Commission
EMS Emergency Medical Services
EMTALA Emergency Medical Treatment and Labor Act
E&O Errors and Omissions (insurance)
EOC Environment of Care
EPA Environmental Protection Agency
ERISA Employee Retirement Income Security Act
ERM Enterprise Risk Management
FDA Food and Drug Administration

FECA Federal Employees' Compensation Act
FEMA Federal Emergency Management Agency
FMEA Failure Mode and Effects Analysis
FMLA Family Medical Leave Act
FASHRM Fellow of the American Society for Healthcare Risk Management
FPO Facility Privacy Official
FTC Federal Trade Commission
GL General Liability (insurance)
HAZWOPER Hazardous Waste Operations and Emergency Response Standard
HCQIA Health Care Quality Improvement Act
HEICS Hospital Emergency Incident Command System
HEPA High-Efficiency Particulate Air
HIPAA Health Insurance Portability and Accountability Act
HMO Health Maintenance Organization
HIV Human Immunodeficiency Virus
HPL Hospital Professional Liability (insurance)
HRSA Health Resources and Services Administration
HBV or Hep B Hepatitis B virus
ICRA Infection Control Risk Assessment
IDS Integrated Delivery System
IOM Institute of Medicine
IQRS Integrated Querying and Reporting System
IP Internet Protocol or Intellectual Property
IRB Institutional Review Board
JC The Joint Commission
MSD Musculoskeletal Disorder
MSDS Material Safety Data Sheet
MT Medical Technologist
MSQA Mammography Quality Standards Act of 1992
MSQRA Mammography Quality Standards Reauthorization Act of 1998 and 2004
NAHC National Association for Home Care and Hospice
NCQA National Committee for Quality Assurance
NESHAPS National Emission Standard for Hazardous Air Pollutants
NIH National Institutes of Health
NIOSH National Institute for Occupational Safety and Health
NPDB National Practitioner Data Bank
NPP Notice of Privacy Practices
Acronym 213
NRC Nuclear Regulatory Commission
OBRA Omnibus Budget Reconciliation Act of 1987
OCR Office for Civil Rights
OIG Office of the Inspector General of the Department of Defense
OPO Organ Procurement Organization
OPTN Organ Procurement and Transplantation Network
OSCAR Online Survey Certification and Reporting Database
OSHA Occupational Safety and Health Administration
PCA Patient Controlled Analgesia
PHI Protected Health Information
PL Professional Liability
PPE Personal Protective Equipment
PSDA Patient Self-Determination Act
PRO Professional Review Organization
PSO Patient Safety Officer
PT Proficiency Testing
PTO Paid Time Off
RCA Root Cause Analysis
RCRA Resource Conservation and Recovery Act
RFP Request for Proposal
RMIS Risk Management Information System
RN Registered Nurse
RPLU Registered Professional Liability Underwriter
SIR Self-Insured Retention
SMDA Safe Medical Device Act
SNF Skilled Nursing Facility
SUD Single Use Device
TPA Third-party Administrator
TPO Treatment, Payment & Health Care Operations
URAC Utilization Review Accreditation Commission
URL Uniform Resource Locator (also known as Web address)
USERRA Uniformed Services Employment and Reemployment Rights Act
VBAC Vaginal Birth after Cesarean

Key Terms
A
Actuary — A person who uses statistics to compute loss probabilities to establish premiums
for insurance companies and self-insurance trusts.
Advance directive — Lawful written instruction that describes an individual's preferences for
healthcare should he or she become unable to express them later. Examples: living wills, power
of attorney for health care, advance healthcare directive.
Adverse event — Negative or bad result stemming from a diagnostic test, medical treatment
or surgical intervention; an injury resulting from a medical intervention.
Adverse outcome — A clinical outcome that, while neither desirable nor necessarily anticipated,
may still have been a known possibility associated with the treatment or procedure.
Age Discrimination in Employment Act — 29 U.S.C. Section 621 et seq. Federal
statutes prohibiting certain types of employment discrimination on the basis of age
Alternative Dispute Resolution — Processes used to resolve dispute by other means than litigation.
Arbitration: The hearing and determination of a case in controversy by a person either chosen by
the parties in the opposition or by a person appointed under statutory authority.
Mediation: Informal process in which a neutral 3rd party helps the parties reach an
agreement Binding: Final and not appealable
Non-binding: Agreement is not final until entered by the court into the record allowing the party
to continue the civil litigation process.
Americans with Disabilities Act — (42 USC §§ 12101 et seq). 1990 federal statute aimed at
Answer — A document filed with the court in response to a complaint or petition. The answer
must generally admit or deny the allegations are true in whole or in part or state the defendant does
not have information to admit or deny.
Anti-kickback statutes — Medicare-Medicaid Anti-Kickback Statute (42 USC §1320a-7b)
knowingly and willfully seeking or receiving a bribe, rebate or kickback for a referral for a program,
reimbursable item or service
Appeal — An action that is taken after the trial of a matter or after a dispositive motion has been
entered in a matter. An appeal may be taken for the purpose of correcting an error made by the
trial court or to obtain a new trial a resort to a higher court for the purpose of obtaining a review of
a lower court decision and a reversal of the lower court's judgment or granting of a new trial.
Assault — An intentional act that is designed to make the victim fearful and that produces
reasonable apprehension of harm.
Assignment — Act of transferring to another all or part of one's property, interest or rights.
"At will" employment — Can be terminated at any time by either party (employee or employer),
for any reason or no reason.
Attorney-client privilege — A legal doctrine recognized by both common and statutory law
protecting certain confidential communications between an attorney and his or her client from
discovery in a legal proceeding unless the privilege is waived by the client.
Key Terms 215

Attorney work-product privilege — A legal doctrine recognized by both common and statutory law
protecting the documents generated, theories devised, legal strategies formulated, etc., by an attorney
on behalf of a client from discovery in a legal proceeding unless the privilege is waived by the client.
B
Battery — In tort law, the intentional causation of harmful or offensive contact with an
individual's person without that individual's consent.
Becomes aware — A facility becomes aware of an event when the clinical personnel employed
or affiliated with a user's facility learn of a potentially reportable event.
Belmont Report — Statement of basic ethical principles and guidelines for addressing and
resolving ethical problems that surround the conduct of research with human subjects
Benchmarking — Comparative process used by organizations to collect and measure internal or
external data that may ultimately be used for the purpose of developing, implementing and sustaining
quality improvements.
Boiler and machinery coverage — Provides protection for explosion of boilers and other
pressure vessels and accidental damage to equipment.
Breach of contract — Failure, without legal excuse, to perform any promise that forms the whole
or part of a contract Hindrance by a party regarding the required performance of the rights and
duties identified in the contract.
Business interruption insurance coverage — Insurance typically provided as a part of a property
policy covering lost revenues and extra operating expenses associated with a covered loss such as a
fire; attempts to replace revenues lost due to covered loss.
C
Capabilities — CMS refers to two requirements: physical capabilities and personal capabilities.
Medical-facility capabilities: Physical space, equipment, supplies and services the
hospital provides (e.g., surgery, psychiatry, obstetrics, pediatrics).
Staff capabilities: Level of care hospital personnel can provide within the training and scope
of their professional licenses.
Capacity — Ability of the hospital to accommodate the individual requesting examination or
treatment of the transferred individual; encompasses such things as numbers and availability of
qualified staff, beds and equipment and the hospital's past practices of accommodating additional
patients in excess of its occupancy limits.
Captive — An insurance company established to provide coverage to a sponsoring entity as
opposed to marketing and selling policies commercially to insureds; sponsoring entity may be a
parent corporation and its related subsidiaries, a professional association or other group.
Certificate of insurance — A standardized form, usually produced by the insurance agent or
broker who arranges the coverage, which evidences the specific type of insurance in place, the
insurance carrier, policy period, policy number, etc.
Civil false claims — Enables lawsuits by government or any individual (qui tam relator) against
one who submits a false claim to the government
Claim — Formal notification that monetary damages are being sought for an alleged injury.

Claims-made Coverage — An insurance policy covering claims that are made during the policy
period and that occurred since the policy retroactive date. Although policy definitions vary
somewhat, most claims-made insurance policies consider a claim to be made when it is first
reported to the insurance company, subject to certain terms and conditions.
Claims management — A systemized approach to reducing the financial loss and negative
community image of a healthcare organization in situations where prevention fails and injury
occurs.
Collective bargaining — Collective bargaining consists of negotiations between an employer
and a group of employees so as to determine the conditions of employment. The result of
collective bargaining procedures is a collective agreement. Employees are often represented in
bargaining by a union or other labor organization.
Common Rule (45 CFR 46) — Basic Department of Health and Human Services policy for
protection of human subjects that encompasses the human subject protections followed by all
federal agencies that sponsor research.
Complaint — One of the initial filings with a court to begin a lawsuit; normally recites all of the
allegations against the defendant and theories upon which the plaintiff seeks to recover damages
(may be called a petition in some jurisdictions).
Conditions of Participation (CoPs) — Requirements hospitals must meet to participate in
Medicare and Medicaid programs.
Consideration — In contract law, something of value exchanged for the promised performance of
the other contracting party. Contracts frequently call for monetary consideration to be exchanged
for the promise to provide specified goods or services.
Contract — Agreement, either written or oral, involving an offer, the acceptance of the offer and
an exchange of consideration. Also, an agreement between two or more persons that creates an
obligation to do or not to do a particular thing; a promise or set of promises for the breach of
which the law gives a remedy or the performance of which the law in some way recognizes as a
duty.
Corporate compliance — As relates to healthcare fraud and abuse, any of number of programs and
initiatives undertaken by providers to avoid civil and criminal investigations and charges related to
improper billing procedures, inappropriate referrals, kickbacks and other prohibited activities under
federal statutes such as the Anti-Kickback Act and the Stark I and Stark IT amendments to the Medicare
Act. Many healthcare providers have taken corporate compliance program beyond these specific
legislative and regulatory requirements to encompass broader corporate business ethics concerns.
COSO (Committee of Sponsoring Organizations) — Independent private sector initiative
which studied ERM and has made recommendations on ERM structure and implementation.
Cost of Risk — Value of all risks, internal and external, faced by an organization in fulfilling its
mission.
Covered Entities (CEs) — Any healthcare provider who transmits health information in
electronic form in connection with a "standard transaction" Among covered entities are
healthcare providers (hospital, physicians, insurance company, etc.) and health plans (pay for
cost of health care), healthcare clearinghouses (furnish bills or pays for healthcare services).
Credentialing — Process of verifying and reviewing the education, training, experience, work
history and other qualifications of an applicant for clinical privileges conducted by a healthcare
facility or managed care organization; typically performed for independent contractors such as
physicians and allied health practitioners who are frequently not employed by the credentialing
entity but who are granted specific clinical privileges to practice.
Key Terms 217

Critical incident stress debriefing — A facilitator-led group process conducted soon after a
traumatic event with individuals considered under stress from trauma exposure.
Source: https://www.osha.gov/SLTC/emergencypreparedness/guides/critical.html
Punitive or Exemplary: Above actual damages to punish the defendant for willful, malicious
or fraudulent behavior.
Special: Actual damages such as medical expenses related to the injury
D
Darling v. Charleston Community Memorial Hospital — Landmark case that determined a
hospital has the independent duty to ensure high-quality care is rendered at its facility and is
responsible to screen the competency of its medical staff.
Data mining — Data mining provides the methodology and technology to transform data into
useful information for decision making.
Source: Koh, H.C. & Tan, G. (2005). Data mining applications in healthcare. Journal of
Healthcare Information Management, 19(2), p. 64-72)
Damages — Monetary compensation for an injury.
Dedicated emergency department (OED) — Must meet one of the following criteria:
◼ Licensed as an emergency department
◼ Advertises itself as providing emergency care
◼ One-third or more of walk-in patients seen for conditions that are considered
"emergency medical condition" as defined within the statute.
Deductible — Amount required to be paid by the insured before the insurer will make payment for the
eligible loss as stipulated under the insurance contract; typically erodes the maximum benefit provided.
Depositions — Testimony (under oath) of a witness taken upon interrogatories reduced to
writing and used to support or substantiate testimony offered at trial.
Defamation — Intentional false communication that injuries another's
reputation Slander: Oral false and defamatory statements
Libel: Written false and defamatory writing, pictures or signs
Direct insurance — A contractual arrangement involving the purchase of insurance by an
insured from an insurer
Directors' and Officers' Liability — D&O policies contain a two-part wrongful-act definition: 1.
Any actual or alleged error or misstatement or misleading statement or act or omission or breach of
duty by directors and officers while acting in their individual or collective capacities. 2. Any matter
claimed against them solely by reason of their being directors or officers of the company.
Disclosure — Communication of information regarding results of a diagnostic test, medical
treatment or surgical intervention
Discovery — The process in litigation by which each party to the action seeks to learn all the facts that
either 1) Support the plaintiffs cause(s) or action, or 2) Support the defendant's asserted defenses or denials.
Drive-through deliveries — Childbirth resulting in short postpartum stay as determined by
the managed care organization or other health plan.

Due diligence — Review of an entity targeted for acquisition by the acquiring party to ascertain
pertinent information about its financial and operating history and current status Corporate staff are
generally held to the legal standard of having performed the review with due diligence before
making a recommendation to the board of directors as to whether to proceed with the acquisition.
Duty to defend — Insurer will defend any claim or suit alleging injury or damage and
seeking damages covered under the policy.
Duty to pay damages — Insurer will pay damages covered under the policy retroactive date.
E
Elder abuse — Single or repeated act or lack of appropriate action, occurring within any relationship
where there is an expectation of trust, which causes harm or distress to an elderly person.
Elements of informed consent for research — Include full disclosure of the nature of the
research and the subject's participation, adequate comprehension on the part of the potential
subject and the subject's voluntary choice to participate.
Emergency Medical Condition (EMC) — Medical condition manifesting itself by acute symptoms
of sufficient severity (including severe pain) such that the absence of immediate medical attention
could reasonably be expected to result in:
• Placing the health of the individual in serious jeopardy
• Serious impairment to bodily functions
• Serious dysfunction of any bodily organ or part
Or with respect to a pregnant woman who is having contractions:
• There is inadequate time to effect a safe transfer to another hospital before delivery, or
• Transfer may pose a threat to the health or safety of the woman or the unborn child
Note: Regulations define "emergency medical condition" to include psychiatric illness including
alcohol and drug intoxication.
Emergency Medical Services (EMS) — Provision of services to patients needing immediate care
Emergency Medical Treatment and Active Labor Act (EMTALA) — (42 U.S.C. §§ 1395 et
seq.) 1986 federal statute prohibiting the "dumping" of patients presenting to the hospital with an
emergent medical condition or in active labor and limiting a hospital's ability to transfer them to
other facilities. EMTALA specifies when and how a patient may be:
• Refused treatment, or
• Transferred from one hospital to another when in an unstable medical condition
Employee Polygraph Protection Act — (29 U.S.C. §§ 2001 et seq.) Federal statutes limiting
most employers' ability to use polygraph testing in applicant screening processes.
Employee Retirement Income Security Act (ERISA) — A comprehensive regulatory
system for resolving employee benefit disputes.
Employers' liability — Any of a number of causes of action related to the employment
relationship but falling outside of workers' compensation and employment practices liability
insurance coverage, including dual capacity claims, spousal claims and third-party over claims.
Employment-at-will — Legal doctrine in most jurisdictions that an employer may discharge
an employee for any reason, unless specifically prohibited by law.
Key Terms 219

Employment practices liability — Any of a number of violations by an employer, based on statute
or common law, giving rise to damages outside of those covered by workers' compensation or similar
statutes, including wrongful termination, discrimination and sexual harassment.
EMS system — Comprehensive, coordinated arrangement of resources and functions organized
to respond in a timely, staged manner to targeted medical emergencies, regardless of the cause or
the patient's ability to pay, in order to minimize their physical and emotional impact
Source: National Association of State EMS Directors' and National Association of EMS Physicians'
definition
Enterprise risk management — ERM in healthcare promotes a comprehensive framework for
making risk management decisions which maximize value protection and creation by managing risk
and uncertainty and their connections to total value.
Equal Employment Opportunity Commission — Federal agency charged with responsibility
for enforcing several federal statutes prohibiting various types of employment discrimination.
Under some statutes, administrative hearing procedures before the EEOC must be exhausted
before an employee has access to the court system.
Errors and omissions insurance — E&O insurance policies provide coverage for negligent advice or
business services provided by an individual or entity not eligible for professional liability insurance
coverage, such as medical billing companies, insurance brokers and managed care organizations.
Essential job functions — Under the Americans with Disabilities Act, those functions of a particular job that
an applicant must be able to perform, either with or without accommodation, in order to perform the job.
Event — A happening or occurrence that is not part of the routine care of a particular patient or
the routine operation of the healthcare entity.
F
Failure Mode Effects Analysis or Criticality Analysis (FMEA or FMECA) — A proactive,
systematic assessment used to identify the steps of a process that may be subject to failure in order to
design measures to either prevent or control such failures. If a criticality phase is used in this process,
the perceived level of criticality of each type of potential failure is identified, to aid in setting
priorities for establishing control mechanisms.
Family Medical Leave Act — (29 U.S.C. §§ 2611 et seq.) Federal statute requiring certain employers
to provide a period of unpaid leave to employees meeting specified criteria in order for them to
receive medical treatment or to provide care to designated family members.
Federal Emergency Management Agency (FEMA) — Independent response organization that
was folded into the Department of Homeland Security (DHS) in 2003. The FEMA administrator
reports to the President of the United States.
Fiduciary liability — Insurance coverage policy that can be purchased to cover the alleged breach of
the fiduciary responsibility under common law or ERISA for individuals who exercise management
or administrative responsibilities for employee benefit plans.
First party insurance coverage — Provides coverage for the insured's own property or person so
that the insured will be restored to the same financial position that he or she had prior to the loss.
Food and Drug Administration (FDA) — Federal agency responsible for protecting the public
health by regulating commerce involving food, drugs, medical devices and the like; is authorized to
gather information regarding the safety of medical devices, including adverse incidents attributed to
use under the Safe Medical Device Act.

Fraud and abuse — Informal term for the various federal statutes and regulations regarding inappropriate
billing, kickbacks, referrals, etc., related to the federal or state Medicare/Medicaid programs.
Fronting — The use of a licensed, admitted insurer to issue an insurance policy on behalf of a self-
insured organization or captive insurer without the intention of transferring any of the risk. The risk
of loss is retained by the self-insured or captive insurer with an indemnity or reinsurance agreement.
However, the fronting company (insurer) assumes a credit risk since it would be required to honor
the obligations imposed by the policy if the self-insurer or captive failed to indemnify it. Fronting
arrangements allow captives and self-insurers to comply with financial responsibility laws imposed by
many states that require evidence of coverage written by an admitted insurer, such as for automobile
liability and workers compensation insurance. Fronting arrangements may also be used in business
contracts with other organizations, such as leases and construction contracts, where evidence of
coverage through an admitted insurer is also required.
G
Guardian Ad Litem — Appointed by the court in a particular litigation to represent the interests of a
minor or disabled person.
General liability insurance — Coverage for liability arising out of the hazards of the premises and operations
Guaranteed cost — Also known as "fixed cost" or "first dollar" programs, which means
insurance coverage, is provided from the first dollar of loss incurred.
H
Hard market — Insurance industry characterized by escalating premiums, strict underwriting
procedures and limited availability of coverage.
Hazard — A condition that creates or increases the possibility of loss
Hazard analysis — Process of collecting and evaluating information on hazards associated with
the selected process; purpose is to develop a list of hazards that are of such significance that they
are reasonably likely to cause injury or illness if not effectively controlled.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) — (42 U.S.C. §§ 201 et seq.)
Amendments to ERISA addressing a variety of healthcare-related issues including fraud and abuse and the
portability of group health insurance benefits as well as mandating specific patient privacy protections. A
federal law that resulted in the promulgation of several regulations including the HIPAA Privacy Rule.
Heuristic — Experience-based techniques for problem-solving, learning and discovery that find a
solution not guaranteed to be optimal, but good enough for a given set of goals. Where the exhaustive
search is impractical, heuristic methods are used to speed up the process of finding a satisfactory
solution via mental shortcuts to ease the cognitive load of making a decision. Examples of this
method include using "rule of thumb" or "educated guess".
High reliability organizations — Organizations with systems in place that are exceptionally
consistent in accomplishing their goals and avoiding potentially catastrophic errors.
Source: McKeon LM, Oswaks JD, Cunningham PD. Safeguarding patients: complexity science,
high-reliability organizations, and implications for team training in healthcare. Clin Nurse Spec
2006 Nov-Dec; 20(6):298-304; quiz 305-6)
Hold harmless provision — Contractual clause providing that one party agrees not to pursue a tort
claim for vicarious liability against the other; usually found with indemnification provisions and are
usually mutual.
Key Terms 221

Hospital acquired conditions (HAC) — Section 5001(c) of Deficit Reduction Act of 2005 requires
the Secretary to identify conditions that are: (a) High cost or high volume or both, (b) Result in the
assignment of a case to a DRG that has a higher payment when present as a secondary diagnosis, and
(c) Could reasonably have been prevented through the application of evidence-based guidelines.
Source: CMS.gov
Human factors — The interrelationship between humans, the tools they use and the environment
in which they work.
Source: Risk management handbook
Human subject — A living individual about whom an investigator (professional or
student) conducting research obtains data through intervention or interaction with the
individual or identifiable private information.
I
of a particular patient. Examples: a union strike, a criminal act such as a homicide, or a physical
Incurred but not reported (IBNR) — Two components:
◼ An estimate to cover further development of paid losses or known claimants
◼ An estimate for the discovery of unknown claimants
Indemnification provision — A contractual clause in which one party agrees to accept the tort liability
and legal defense of another; usually found with hold harmless provisions and are usually mutual.
Indemnity — Amount that the insured person is paid for the covered expense.
Institutional review board (IRB) — Required for any healthcare institution that receives
federal funding for human research from a department or agency covered by the common rule
or that conducts research that is regulated by the FDA.
Insurance — A system by which a risk is transferred to an insurance company that reimburses
the insured for covered losses and provides for sharing of costs or losses among all insureds.
Insured parties — Organization and employees; other organization has agreed to provide coverage.
Integrated delivery system — A consolidation of a variety of technical, professional and
laboratory services for the purpose of controlling costs
Joint and several liability — Liability in which each liable party is individually responsible for the
entire obligation. Under joint and several liability, a plaintiff may choose to seek full damages from
all, some, or any one of the parties alleged to have committed the injury. In most cases, a
defendant who pays damages may seek reimbursement form nonpaying parties.
Joint Commission — Voluntary nonprofit accreditation body that sets standards for hospitals
and other types of healthcare organizations and conducts education programs and a survey
process to assess organizational compliance.
Joint venture — An undertaking by two or more entities to pursue business or other ventures. In
many jurisdictions, entities cannot form partnerships; hence they are deemed to be joint
ventures; each joint venture may be liable for the debts and obligations of the joint venture.

L
Lawsuit — Formal legal action filed in court.
Latent error — Errors in the design, organization, training or maintenance that lead to operator
errors and whose effects typically lie dormant in the system for lengthy periods of time
Lex loci delicti commissi — "Law of the place where the tort was committed."
Limits (policy limits) — In insurance, the maximum the insurer will pay, typically expressed
either per occurrence (occurrence limit) or as an annual aggregate (the maximum insurer will pay
for all claims covered under policy).
Long-term care services — Range of medical and/or social services designed to help people
with disabilities or chronic care needs (Department of Health and Human Services definition).
M
Maximum medical improvement (MMI) — In workers' compensation, the point in which the injured
employee has recovered to the maximum extent medically expected (also called permanent and stationary,
or P&S). When an employee reaches MMI, any residual disability, pain, etc., is expected to be permanent.
Managed care — Any of a number of organizations that arrange for the provision of, and payment for,
healthcare services with an eye toward reducing costs through managing access to specific providers.
Medical emergency — Sudden and/or unanticipated medical event that requires immediate assistance
Medical screening exam (MSE) — Process required to reach with reasonable clinical confidence,
the point at which it can be determined whether a medicil emergency does or does not exist applied
in a nondiscriminatory manner (i.e., a different level of care must not exist based on payment status,
race, national origin, etc.).
Med Watch form — Required form filed by facilities required to report events, injuries of patients
Minimum necessary — Least amount of PHI disclosed to meet the request and accomplish
the intended purpose.
Moonlighting- working at another job after hours of regular job
N
National Labor Relations Act — The main body of law governing collective bargaining
explicitly grants employees the right to collectively bargain and join trade unions; originally
enacted by Congress in 1935 under its power to regulate interstate commerce.
National Practitioner Data Bank (NPDB) — Maintained by the federal government containing reports
on certain individual practitioners. A report must be made by any entity that pays money on behalf of a
practitioner to settle a legal claim asserted against the practitioner. Reports must also be made by hospitals
that restrict, suspend or terminate a practitioner's privileges to examine or treat patients at the hospital.
Nose — Under a claims-made form, this is the time between an insured's retroactive date and
the current policy period.
Notice of privacy practices (NPP) — Provided by covered entity which delineates how CE
routinely uses and discloses PHI, provides the rights and responsibilities of the patient, to whom the
patient may complain.
Key Terms 223

0
Occupational Safety and Health Act/Administration — 29 U.S.C. Section 651 et seq.
Federal statute (and agency created by it) charged with responsibility for promulgating
standards and enforcement mechanisms governing worker safety for most industries.
Occurrence coverage — Insurance providing coverage for a claim that arises during the policy
period, regardless of when the claim is reported.
Occurrence reporting — Unexpected patient medical intervention, intensity of care or
healthcare impairment Staff is given clear guidelines and specific examples of reportable
incidents or events; e.g., occurrences of missed diagnosis that result in patient injury; surgically
related occurrences such as wrong patient being operate on, the wrong site, the wrong procedure
or treatment related occurrences; falls; medication-related occurrences, etc.
Occurrence screen reports — Systematic review of medical records/cases (either retrospectively or
concurrently conducted) using predetermined screening criteria, conducted to identify cases that may
warrant closer performance improvement review. Screeners look for deviations from practice, policy
and procedures. Criteria for screens are established in areas that are considered to be high risk, high
frequency or problem prone. Unplanned returns to the ED within 72 hours of admission or prior
treatment for a similar condition.
Office of Civil Rights (OCR) — Office within the Department of Health and Human Services
that enforces HIPAA Privacy and Security compliance.
Organizational culture — Set of values, guiding beliefs or ways of thinking shared among
members of an organization.
OSHA General Duty Clause — OSHAs general requirement that employers maintain a safe
work environment. OSHA inspectors may cite the general duty clause whenever an unsafe
workplace condition or work practice is identified, but no specific OSHA regulation applies.
Ostensible agency doctrine — Doctrine sometimes referred to as apparent agency, permits a
finding of liability on a hospital where there is the appearance of an employment relationship with an
independent contractor. In the absence of an employer-employee relationship, a managed care
organization (MCO) may still be held vicariously liable for the acts of provider physicians if the
patient had a reasonable belief the physician was the MCO's agent and that this belief was based
upon representations made by the MCO to that effect. Burden is on the plaintiff to prove that he or
she detrimentally relied on the fact that the MCO held the physician out as its agent.
P
Patient Safety Organization (PSO) — The Patient Safety Act and the Patient Safety Rule authorize
the creation of PSOs to improve quality and safety through the collection and analysis of
aggregated, confidential data on patient safety events. This process enables PSOs to more quickly
identify patterns of failures and develop strategies to eliminate patient safety risks and hazards. The
Act extends confidentiality and privilege protections to eligible information developed by providers
for reporting to a PSO (but not to information developed for other purposes), deliberations and
analyses conducted by either a PSO or a provider in its respective patient safety evaluation system
(PSES) and information developed by a PSO for the conduct of patient safety activities.
Source: http://www.pso.ahrq.gov/legislation

Peer review — Process whereby possible deviations from the standard of patient care are reviewed by
an individual or committee from the same professional discipline to determine whether the standard of
care was met and to make recommendations for improving patient care processes. Most jurisdictions
provide at least a limited protection from discovery in civil actions for peer review activities.
Petition — See entry for complaint
Potentially compensable event (PCE) — Encompasses any incident in which there is neither an
active claim nor institution of a formal legal action, including those cases in which an unexpected event
has caused injury, the potential for injury or some expression of dissatisfaction or perception of injury
Professional liability insurance — Coverage for liability arising from the rendering of or failure
to render professional services
Protected health information (PHI) — Includes information regarding a patient's condition
and provision of payment (past, present, future).
Prudent layperson standard — Request of the individual will be considered to exist if a
prudent layperson observer would believe, based on the individual's appearance or behavior,
that the individual needs examination or treatment for a medical condition.
Q
Quality Improvement Organization (QIO) — Successor name for Pros the Centers for Medicare
and Medicaid Services (CMS). Administers the Peer Review Organization (PRO) program designed to
monitor and improve utilization and quality of care for Medicare beneficiaries. The program consists
of a national network of 53 PROs (also known as Quality Improvement Organizations) responsible
for each U.S. state, territory and the District of Columbia.
R
Regulation — Legislative mandates such as federal and state law; there are others that
reflect regulatory requirements, such as government-sponsored programs (e.g., Medicare).
Reinsurance — Contractual arrangement involving the purchase of insurance by an insurer
from another insurer.
Research — Activity designed to test a hypothesis, permit conclusions to be drawn and thereby to develop
or contribute to general knowledge; also "a systematic investigation, including research development, testing
and evaluation, designed to develop or contribute to general knowledge" (45 CFR 46.102(d)).
Reserves — Estimates of the amount ultimately required to settle a claim or to pay a judgment
(indemnity reserve) and to provide for a defense and pay other allocated expenses related to managing
a claim (expense reserve).
Respondeat superior — Law doctrine that says an employer is responsible for the acts of
employees if the acts are within the course and scope of their employment.
Restraint — Any manual method, physical or mechanical device, material, or equipment that
immobilizes or reduces the ability of a patient to move his or her arms, legs, body, or head freely; or a
drug or medication when it is used as a restriction to manage the patient's behavior or restrict the
patient's freedom of movement and is not a standard treatment or dosage for the patient's condition.
Source: http://wvvw.cms.gov/Medicare/Provider-Enrollment-and-
Certification/ CertificationandComplianc/Downloads/PatientsRights.pdf
Key Terms 225

Right to know — Laws that require employers to provide information, education and/or treatment to
employees regarding hazardous materials to which employees may be exposed during their employment.
Risk — Chance of loss. "Pure" risk is uncertainty as to whether loss will occur; "speculative" risk is
uncertainty about an event that could produce loss. Pure risk is insurable; speculative risk usually is not.
Risk analysis — Process used by the person/individuals assigned risk management functions to
determine the potential severity of the loss from an identified risk, the probability that the loss
will happen and alternatives for dealing with the risk.
Risk avoidance — Decision not to undertake a particular activity because the risk associated with
the activity is unacceptable. The only risk control technique that completely eliminates the possibility
of loss from a given exposure. This technique reduces the possibility of a loss to zero by the
conscious choice not to engage in or avoid a specific activity or operation
Risk control — Includes techniques to minimize frequency or severity of accidental losses or to make
losses more predictable; stopping losses from happening or mitigating the loss. Risk control techniques
include avoidance, loss prevention, loss reduction, segregation of loss exposures and contractual
transfers designed to protect an organization form legal obligations to pay for others' losses.
funds to pay for losses that risk control techniques do not entirely stop from happening; techniques
include risk retention and risk transfer.
Risk identification — Process of identifying problems or potential problems that can result in
loss; recognizing the potential for loss
Risk management — Process of making and carrying out decisions that will assist in prevention
of adverse consequences and minimize the adverse effects of accidental losses upon an
organization. Also, a systematic and scientific approach in the empirical order to identify, evaluate,
reduce or eliminate the possibility of an unfavorable deviation from expectation and, thus, to
prevent the loss of financial assets resulting from injury to patients, visitors, employees,
independent medical staff; or from damage, theft or loss of property belonging to the healthcare
entity or persons mentioned. The definition includes transfer of liability and insurance financing
relative to the inability to reduce or eliminate intolerable deviations. Originally defined by the
American Hospital Association as the "science for the identification, evaluation and treatment of
the risk of financial loss." Risk management now also encompasses the evaluation and monitoring
of clinical practice to recognize and prevent patient injury.
Risk retention — Method an organization employs for financing of loss through the retention of
the risk. Risk transfer — Transmission of an organization's risks to an outside party
Risk treatment strategies — Range of choices available to handle a given risk. Treatment
strategies include two general categories: risk control and risk financing.
Root cause analysis — Multi-disciplinary process of study or analysis that uses a detailed,
structured process to examine factors contributing to a specific outcome (e.g., an adverse event). A
process for identifying the basic or causal factors that underlies variation in performance, including
the occurrence or possible occurrence of a sentinel event.
S
Safety culture — Culture of safety emphasizes blameless reporting, successful systems, knowledge,
respect, confidentiality and trust; a culture that looks at the system, the environment, the knowledge,
the workflow, the tools and other stressors that may have affected provider behavior

Sarbanes-Oxley Act (SOX) — Applies to public companies that are required to file periodic
Securities and Exchange Commission (SEC) Reports under Sections 12 or 15(d) of the Security
Exchange Act of 1934 or if the public company has filed a registration statement that has not yet
become effective under the Securities Act of 1933.
Seclusion — Involuntary confinement of a patient alone in a room or area from which the patient is
physically prevented from leaving. Seclusion may only be used for the management of violent or self-
destructive behavior. If a patient is free to leave a time out area whenever the patient chooses, this
would not be considered seclusion based on this definition.
Source: http://www.cms.gov/Medicare/Provider-Enrollment-and-
Certification/ CertificationandComplianc/Downloads/PatientsRights.pdf
Self-insured retention — The portion of a claim that the insured is required to pay before the insurer
begins to pay. This is similar to a deductible but is frequently funded through a mechanism such as a
self-insurance trust fund and is larger than a deductible. The insured generally manages claims falling
entirely with the SIR (or contracts with a third party to do so) so that the insurer is involved only if the
amount of the claim exceeds or is anticipated to exceed the amount of the retention. Common in
hospital professional liability programs
psychological injury, or the risk thereof
Single use devices (SUDs) — Devices reprocessed for reuse originally intended for single use.
Soft market — Insurance industry characterized by low premiums, flexible terms and generous capacity.
Stabilized — With respect to an EMC, that no material deterioration of the condition is likely,
within reasonable medical probability, to result from or occur during the transfer of the individual
from a facility, or, with respect to pregnancy, that the woman has delivered, including the placenta.
Standard of care — In medical malpractice cases, a standard of care is applied to measure the
competence of the professional. The traditional standard for doctors is that they exercise the average
degree of skilled care and diligence exercised by members of the same profession, practicing in the same
or similar locality in light of the present state of medical and surgical science. With increasing
specialization, however, certain courts have disregarded geographical considerations holding that, in the
practice of a board-certified medical or surgical specialty, the standard should be that of a reasonable
specialist practicing medicine or surgery in the same specialty. In a legal proceeding, the standard against
which the defendant's conduct is measured. The defendant is expected to act as an ordinary, prudent
person with similar training and skill would have acted in a similar situation. If the defendant's conduct
falls below this standard, the defendant may be determined to have acted negligently.
Stop loss coverage — Provider excess coverage that is usually structured to insure excess claims.
Summons — A notice to the defendants named in a complaint indicating an action has been
filed against them and that they are required to answer by a specific date and at a specific place.
T
Tail — An extended reporting period whereby a claims-made policy is essentially converted to
an occurrence policy by extending coverage to all claims that arise from the care rendered during
the policy period regardless of when the claim is reported.
Telemedicine/telehealth — The use of telecommunications to provide medical information and
services Also, the provision of healthcare consultation and education using telecommunications
Key Terms 227

Medical Services). The use of electronic information and communications
Technologies to provide and support healthcare when distance separates the participants (Institute
of Medicine).
Third-party administrator — An independent organization that contracts to provide
claims management services to a self-insured entity
Third party insurance coverage — Provides coverage to a party other than the insured to make
that person whole for loss or injury covered by the insured; involves three parties.
Third-party over claim — A claim by an injured employee against a party other than his or her
employer, such as the manufacturer of a machine involved in the injury, in which the third party brings
in the employer as an additional defendant, such as for failure to properly maintain the machine. Third-
party over claims are a type of claim by an injured worker against his or her employer that fall outside of
workers' compensation coverage and are generally covered by employers' liability policies.
U
Uninsured parties — Actual or potential codefendants not covered by the organization.
U.S. Patriot Act of 2001 — Federal legislation (H.R.3162) that enhances the ability of law
enforcement to deter and detect acts of terrorism, including cyber-intelligence gathering, wire
tapping and other means of gathering needed information from designated privacy records.
Value creation — In enterprise risk management, takes advantage of the opportunity to add
worth and the potential for gain and is proactive. It includes market share, competition, centers of
excellence, financial viability and growth, return on investment, etc.
Value protection — In enterprise risk management, includes preventing loss and harm to
assets, reputation, property and people and is reactive.
another, based solely on a relationship between the two persons, such as the liability of an employer
for the acts of an employee.
Vulnerable subjects — Human subjects are considered vulnerable and require special considerations
if there are legitimate concerns about competency to understand information presented to them and
make reasoned or informed choices; populations include children, pregnant women, prisoners, those
with psychiatric, cognitive and developmental disorders and substance abusers.
Whistle-blower — Individual, frequently an employee or former employee, who reports unlawful

activity, such as healthcare fraud and abuse or OSHA violations, to the government or an
administrative agency. Some statutes provide for the whistleblower to receive a share of fines
levied against the organization for making the report. Most statutes prohibit retaliatory discharge
or other discriminatory actions against an employee who makes such a report.
Workers' compensation — Program that provides protection to workers who are injured while
engaged in the business of their employer. Statutory limits of coverage are set by each state.

Additional Practice Questions
The following practice questions are based on domains of the CPHRM exam. For your
convenience, we have provided a blank answer sheet on page 254. Complete these 100 CPHRM
practice questions, and then compare your responses with the correct answers on page 255. Review
the topics that may have been difficult for you. But, remember that success with review questions
does not automatically predict success with the actual CPHRM exam.
The following questions were developed, in part, from ASHRM's Risk Management Handbook
for Healthcare Organizations.
1. Federal regulations governing the "Protection of Human Subjects" define the relationship
between researcher, the institution's research oversight committee (the Institutional Review
Board — IRB), the sponsoring organization and the research subject. Under these
regulations, in the event that a sponsoring institution desires to initiate a research project but
the IRB disapproves, the sponsoring institution:
A. May initiate the project on its own with the approval of the majority of the institution's board
of directors
B. May obtain the research subject's permission to pursue the project independent of the IRB.
C. May not pursue the research project independently
D. May request special permission to pursue the project from the National Patient Safety Foundation
2. The Healthcare Quality Improvement Act requires the reporting of medical professional
liability payments made on behalf of certain healthcare practitioners to the National
Practitioner Data Bank and the appropriate state licensing board within _ days.
A. 15
B. 30
C. 45
D. 60
3. If The Joint Commission becomes aware of a sentinel event that meets the definition of a
reviewable sentinel event, the organization is required to submit to the Joint Commission
its root cause analysis and action plan, or otherwise provide for Joint Commission
evaluation of its response to the sentinel event under an approved protocol, within calendar
days of the known occurrence of the event.
A.15
B. 30
C. 45
D. 6 0
Additional Practice Questions 229

4. A board policy on hospital preparedness that outlines the hospital's responsibilities and
procedures to be followed in the event of a natural disaster or an incident of terrorism
should do all of the following EXCEPT:
A. Ensure that practitioners act within the scope of their licensure
B. Ensure that sufficient supplies are stockpiled in case of emergency
C. Ensure that only practitioners credentialed by the hospital provide services to patients
D.Ensure that adequate precautions are taken to protect the security of the physical hospital building
5. A risk manager should review which of the following information when considering
the effectiveness of an organization's workers' compensation program?
1. Workers' compensation claims history
2. OSHA 300 Log
3. Listing of all employees and volunteers
4. Directors and officers of the organization
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
6. Employee health programs can be used to manage certain risks. Which of the following is
NOT an integral part of an effective employee health program?
A. Baseline examinations
B. Job descriptions with quantifiable physical-based criteria
C. Mandatory vaccination programs
D.Interaction with injured employees
7. Which of the following should be included in an institution's contract with a vendor

for biomedical equipment?
1. The responsibilities of each party regarding preventative and ongoing maintenance of
the particular biomedical equipment
2. A guarantee of equipment "uptime" or prompt provision of a substitute acceptable to the
facility for biomedical equipment critical to patient care
3. A procedure for the vendor to directly notify the institution regarding identified product
hazards or recalls
4. A contingency plan in the event of an internal disaster
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above

8. Having performed an investigation of a patient's complaint, the patient grievance review
committee determined that the hospital faced a significant liability exposure, turned the
results of the investigation over to their attorney, and then told the risk manager that these
results would not be shared with the patient. The risk manager reminded them that the
patient was, nonetheless, still entitled to the results of the investigation pursuant to:
A. The Healthcare Quality Improvement Act
B. Patient Self-Determination Act
C. Patient's Rights Conditions of Participation
D.Health Insurance Portability and Accountability Act
9. During an operation on an 18-year-old male in a Joint Commission accredited hospital, an

electrocautery device ignites the surgical drapes. Operating room staff quickly extinguishes the
fire. However, the patient suffers second-degree burns to his right thigh. Based on all applicable
state and federal laws and regulations, what is the risk manager's best course of action?
A. Perform a root cause analysis and submit it and the device to the Joint Commission.
B. Secure the device until it can be examined independently.
C. Report the occurrence to the FDA and send the device to the manufacturer for repair.
D.Have the device examined by the hospital's biomedical department then send it to the
hospital's attorney if it is determined to be defective.
10. It is the risk manager's responsibility to report actual or potential claims to the healthcare
organization's insurance provider. Which of the following are generally considered reportable?
1. Lawsuits
2. Claims
3. Potentially compensable events
4. Patient complaints
A. 1 only
B. 1 and 4 only
C. 1, 2 and 3 only
D. All of the above
11. Which of the following statements regarding the use of restraints are TRUE?
1. Wrist or vest devices can be considered restraints
2. Locked seclusion is considered a form of physical restraint
3. Medication used to significantly alter a patient's behavior on an emergency basis is
considered a form of chemical restraint
4. Voluntary use by a patient of an unlocked "quiet room" is NOT considered a form of physical restraint
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
12. The medical record historically has been a tool of risk management. In the event of an
untoward outcome or unusual incident, documentation in the medical record should
include all of the following EXCEPT:
1. A description of the occurrence
2. Comments about the notification of and related care provided by the patient's physician
3. The fact that an incident report was completed
4. The fact that the risk manager was notified
A. 1 only
B. 1 and 2 only
C. 3 and 4 only
D.2, 3 and 4 only
13. One of the risk manager's responsibilities, in concert with the organization's legal counsel,
is to prepare a witness for trial. In that regard, which of the following statements is FALSE?
A. A witness should be prepared to give personal and professional information.
B. A witness should not pause before answering questions.
C. A witness should give brief answers.
D. A witness should tell the truth.
14. The legal theory res ipsa loquitur would most likely apply to which of the following scenarios?
A. A unit of blood is given to the wrong patient
B. A hurricane damages visitors' vehicles on hospital property
C. A surgical instrument is mistakenly left in a patient during a cesarean section
D. A visitor falls on the sidewalk and fractures her hip
15. Which of the following is an example of risk avoidance?

A. Buying insurance so that the insurance company pays for losses
B. Including an indemnification and hold harmless clause in a contract with anesthesiologists
C. Closing a hospital's emergency department
D. Providing in-service education to improve the OB nursing staffs abilities to interpret fetal
heart monitoring
16. Which of the following is NOT part of risk identification and analysis?
A. Generic occurrence screening
B. Transfer of risk through a policy of insurance
C. Patient complaints and grievances
D. Joint Commission survey reports

17. Which is NOT a role of the risk manager when it is determined that a medical record
has been altered?
A. Call the police
B. Conduct an investigation
C. Report the occurrence to external licensing boards as appropriate
D.Preserve the medical record and deter alterations
18. According to HIPAA, which of the following disclosures are permitted without an
individual's authorization and without granting the individual an opportunity to agree or
object to the disclosure?
1. A physician discloses an individual's medical record to a colleague, who is a cardiac surgeon,
for review prior to consultation on that individual's heart condition.
2. A hospital discloses individually identifiable health information to the company that provides
its billing services.
3. A hospital discloses a patient's name and general condition in its facility directory.
4. A nursing home discloses patient health information to an accreditation organization for
the purpose of obtaining accreditation.
A. 1 and 4 only
B. 1, 2 and 4 only
C. 1, 3 and 4 only
D.All of the above
19. The federal "right to know" standard is also known as the:

A. Laboratory information standard
B. Hazard communication standard
C. Health Insurance Portability and Accountability Act
D.National Emissions Standards for Hazardous Air Pollutants
20. The insurance industry is cyclical. It is characterized by periods of time noted as

"hard" and "soft" markets. Which of the following statements is TRUE?
A. During a hard market, coverage is available and affordable
B. A hard market is characterized by flexible coverage terms
C. During a hard market, coverage may not be available at any cost
D.Hard market cycles last longer than soft market cycles

21. A group of obstetricians and neonatologists submits a proposal for a study on a new drug that
might improve fetal lung maturity and, therefore, the survivability of newborn infants. The
proposal is approved by the institutional review board (IRB), and the study commences. Two
months into the study, the physicians decide to alter the drug regimen. Instead of giving the
drug during just the second month of the pregnancy, they want the drug given until the
completion of the first trimester. The IRB has a backlog of proposals, and the investigators
fear their revised proposal would not be evaluated for a few months. The investigators should:
A. Ask the Department of OB/GYN to approve the change
B. Ask the Department of OB/GYN and the Department of Pediatrics to approve the change.
C. Consult the ethics committee
D.Suspend the study until they can obtain an opinion from the IRB
22. The standard of care in a medical malpractice trial is established by:

1. State licensing regulations
2. Standards published by medical professional associations
3. Expert opinion testimony.
4. Quality of care measures defined by voluntary accreditation organizations.
A. 1 and 2 only
B. 3 only
C. 1, 2 and 3 only
D. All of the above
23. Which of the following is true regarding ownership of medical records?

A. All medical records are owned exclusively by the entity that creates them.
B. The patient owns the information, but the healthcare entity owns the record.
C. No one "owns" a medical record, legally speaking.
D.All medical records are owned exclusively by the patient.
24. Changes to the federal EMTALA regulations that became effective in November 2003
include which of the following?
1. All hospitals must have physicians on call 24 hours a day, seven days a week.
2. Physicians are not allowed to schedule elective procedures when they are on call for emergencies.
3. The EMTALA regulations no longer apply to inpatients.
4. The definition of "hospital property" was narrowed.
A. 1 and 2 only
B. 3 and 4 only
C. 1, 2 and 4 only
D. 2, 3 and 4 only
234 ASHRIVI Preparation Guide for the CPHRM Examination

25. All of the following are effective error prevention strategies EXCEPT:
A. Decreasing the number of steps in a process
B. Reducing handoffs during a process
C. Adding multiple double-checks
D. Providing adequate training to "front line" staff
26. Which of the following is NOT a benefit of an external benchmarking project?

A. The benchmarking team will obtain information about the problem solving methods used
by other teams
B. The benchmarking team can use the resources of internal experts to assess and identify the
needed skills and experiences of external experts
C. The benchmarking team may learn otherwise inaccessible information about competitors that
can be used to gain an advantage in the marketplace
D. External benchmarking facilitates comparisons between corporate cultures and may
identify administrative/leadership issues that should be addressed
27. Which of the following statement about reporting a sentinel event is FALSE?
A. Hospitals are required to investigate sentinel events that result in death or serious injury
B. Internal data is always protected under the state's peer review privilege
C. The outside agency that the event is reported to may use this data in generating its report
D. Hospitals are encouraged but not required to self-report these events
28. Which of the following has the responsibility to determine initial emergency response level?
A. The emergency medical technicians responding to the scene
B. The emergency room physician scheduled to receive the patient
C. Dispatch personnel in accordance with policies and procedures approved by the medical director
D. The medical expert at the scene
29. Calculation of retrospective rating premiums typically takes place:

A. At policy expiration and then every three months thereafter
B. Six months after policy expiration and then annually thereafter
C. Twelve months after policy expiration and every two years thereafter
D. Two years after policy expiration and every two years thereafter
30. Which of the following is NOT ground for wrongful termination liability?
A. Violation of state wages and hours statutes
B. Hostile work environment
C. Quid pro quo sexual harassment
D. Discriminatory hiring/discipline based on sexual orientation

31. In the process of determining whether a patient has adequate mental or cognitive capacity to
make healthcare decisions, the physician must determine if the patient is:
1. Able to communicate either verbally or in writing
2. Of age according to state law
3. Able to understand the nature of the situation
4. Able to understand the consequences of the decision
A. 2 and 3 only
B. 2 and 4 only
C. 2, 3 and 4 only
D. All of the above
32. Which of the following criteria are necessary to establish that a healthcare advertisement is
deceptive?
1. The advertisement contains a representation or omission that is likely to mislead a consumer
2. The advertisement is in poor taste.
3. Consumers likely to be misled by the advertisement are "reasonable people,"
representative of the audience targeted by the advertisement.
4. The representation or omission has a real impact on the consumer's choices.
A. 2 and 4 only
B. 1, 3 and 4 only
C. 2, 3 and 4 only
D. All of the above
33. Which of the following should prompt a root cause analysis according to Joint
Commission standards?
1. Surgery performed on the wrong body part
2. Infant abduction
3. Non-hemolytic transfusion reaction
4. Death from a community-acquired infection
A. 1 and 2 only
B. 1, 2 and 3 only
C. 1, 2 and4 only
D. All of the above

For Questions 34-35:
A nursing home resident attempts to wander away from a facility and activates the alarm when he
exits the building via the main entrance. A nurse, who is in her first week of training, turns off the
alarm at the nurse's station. She then goes outside to find the patient. The resident is found and is
returned to the facility. The nurse in training then completes an incident report about the occurrence.
She places a copy in the medical record and sends the original to the risk manager. She also makes an
objective entry about the event in the nurses' notes in the medical record.
34. With regard to the alarm, which of the following is the most accurate statement?
A. The nurse should be disciplined for turning off the alarm before the patient was found.
B. The nurse should not have gone outside since other residents may have been placed in jeopardy.
C. The alarm switch should be relocated to the points of exit so the alarm can be deactivated only
at the location where the alarm was activated.
D. No action is warranted since the system worked the way it was designed.
35. With regard to the incident report, which of the following is the most accurate statement?
A. No incident report was necessary since the resident was not harmed.
B. The nurse should not have copied the incident report and placed it in the medical record.
C. The nurse's note should not have mentioned the event.
D. No action is warranted since the personnel followed policy
36. Interrogatories are:

A. Statements provided by employees while they are being interviewed by the risk manager.
B. Written questions that are answered in writing and under oath.
C. Documents produced in response to a request for production.
D. Live testimony given in person under oath out of court.
37. The doctrine of lex loci delecti commissi implies that

A. The state where the injury occurred, or the one with the most ties to the issues involved,
has jurisdiction.
B. The master must answer for the acts of the servant.
C. The plaintiff has the burden of proof.
D. The board of trustees — as well as the chief executive officer — is responsible for the fiscal
viability of an entity.

38. For some behavioral health patients, remaining in the protected environment of an inpatient
unit is essential to ensuring their safety and the safety of others. Therefore, elopement
prevention is a critical component to the risk control program. Select the following statement
that is NOT an appropriate risk control practice.
A. The clinical managers of behavioral healthcare units that are designed with locked doors are
the only individuals who should carry keys to the doors in order to prevent elopements.
B. Close observation (1:1) and frequently scheduled face-to-face checks by staff are risk
control methods used to prevent elopements.
C. All behavioral health patients should be evaluated for the risk of elopement at the time of
their admission to an inpatient treatment setting and repeated periodically.
D. Strict visitor controls such as requiring visitors to show passes when entering and exiting the
behavioral healthcare unit and staff confirming that elevator doors have been fully closed prior
to unlocking the unit door should be implemented to prevent elopements.
39. Which of the following is NOT a type of consent?

A. Informed
B. Implied
C. Practical
D. General
40. Issues surrounding the disposal of biomedical equipment generally fall into two categories:
1) the sale, donation or abandonment of a healthcare facility's equipment to another entity,
group, or individual; and 2) the acquisition of a piece of biomedical equipment that is being
disposed of by another facility.
Based on the above, which of the following are key risk management considerations?
1. The selling/donating entity could find itself being considered part of the distribution chain,
with a potential for product liability exposure.
2. The capital outlay to acquire the piece of biomedical equipment or the potential income to
the entity if they are the seller.
3. Compliance with FDA-mandated medical device tracking and documentation requirements
that may be associated with the disposal.
4. If the selling/donating entity is a tax exempt organization, it might jeopardize its tax exempt status.
A. 1 and 3 only
B. 2 and 3 only
C. 1, 2 and 3 only
D.All of the above

41. Behavioral health patients may be at high risk for abuse. Which of the following
statements regarding the risk of abuse of behavioral health patients are true?
1. Pediatric, adolescent and geriatric behavioral health patients are particularly
vulnerable populations that may be at even greater risk for abuse.
2. A crucial abuse prevention strategy is to require that all behavioral health workers undergo
reference checks and criminal background checks before they are allowed to work with patients.
3. The organization must have a zero tolerance philosophy regarding any form of abuse
including physical, sexual and emotional abuse.
4. Behavioral health patients may be confused and/or disoriented, and staff should be given
"the benefit of the doubt" and be allowed to continue working while a patient's allegation of
abuse is being investigated.
A. 2 and 3 only
B. 2 and 4 only
C. 1, 2 and 3 only
D. 1, 2 and 4 only
42. A 44-year-old man develops severe chest pain while mowing his lawn. His family calls
911, and he is rushed via ambulance to one of the local hospitals. The emergency room
physician performs a comprehensive workup and discharges the patient with a diagnosis
of costochondritis. He dies that night while asleep in his own bed. The patient's family
files suit against the hospital and the emergency physician, a contracted provider for the
hospital. The most likely legal theory that can be used against the hospital would be:
A. Medical malpractice
B. Res ipsa loquitur
C. Contract liability
D. Ostensible agency
43. Which of the following are advantages of using an alternative dispute resolution
mechanism as compared to going to trial?
1. Better outcome
2. More economical
3. Less hostile
4. Quicker
A. 1 and 2 only
B. 1, 2 and 3 only
C. 2, 3 and 4 only
D. All of the above

44. If a facility is accredited by the Joint Commission, which of the following are important risk
management reasons to review contracts?
1. To assure the Joint Commission standards are met regarding contracted services
2. To evaluate indemnification/hold harmless provisions
3. To apply appropriate state law to the contract provisions
4. To monitor financial performance for the organization
A. 1 only
B. 1 and 2 only
C. 1, 2 and 3 only
D. All of the above
45. Mature or emancipated minors generally can consent to treatment of which of the following?
1. Sexually transmitted disease
2. Pregnancy
3. Alcohol abuse
4. Mental health
A. 1 and 2 only
B. 1, 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
46. The risk manager should be vigilant in assessing the quality of medical record
documentation, looking for opportunities to enhance the value and quality of the medical
record. This can be done in which of the following ways?
1. Participate in general orientation for new employees.
2. Collaborate with Medical Records Department personnel.
3. Review incident patterns and trends for documentation issues and problems throughout the organization.
4. Contact defense counsel whenever there is a violation of a documentation guideline or
standard of practice.
A. 1 and 3 only
B. 3 and 4 only
C. 1, 2 and 3 only
D. All of the above

47. Legal essentials for a valid contract include:
1. A bargained for exchange of legal value between the contracting parties
2. The purpose or object of the contract is legal
3. The contract must be in writing
4. The contract contains risk assumption provisions
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 3 only
D.2 and 4 only
48. The Needle stick Safety and Prevention Act:

A. Pertains to emergency medical services and states that safe needle devices must be used whenever possible.
B. Pertains to emergency medical services but only indicates that universal precautions must be followed.
C. Does not pertain to emergency medical services because emergency responders recognize the risk
they are assuming in emergent situations.
D. Does not pertain to emergency medical services because services are provided out of hospital.
49. Which of the following does NOT pertain to first-party insurance?

A. Automobile liability
B. Fire/property
C. Boiler and machinery
D. Business interruption
50. Which of the following statements about occurrence and claims-made insurance policies is TRUE?
A. Invariably, an "occurrence" policy will cost less than a "claims-made" policy
B. Not all brokers and insurance carriers are able to offer "claims-made" coverage
C. Termination of "claims-made" coverage normally requires purchase of a "tail"
D.An "occurrence" policy always quotes higher deductibles than "claims-made"
51. The Patient Self-Determination Act obligates which of the following entities to provide their
clients with information regarding advance directives?
1. Hospitals
2. Physician's offices
3. Health maintenance organizations (HMOs)
4. Home healthcare services
A. 1 and 2 only
B. 1, 2 and 4 only
C. 1, 3 and 4 only
D.All of the above

52. The most important aspect of claims handling is:
A. The art of reserving adequate funds
B. The initial investigation
C. The skill of the defense attorney
D. The medical record
53. Reserving a claim — that is, identifying what amount of money will be paid out in
indemnity and loss adjustment costs by the time the case is settled or resolved — is more
an art than a science. Therefore:
1. Reserves should reflect only the insurance coverage available.
2. Reserves should be based on all the information available.
3. Reserves should not take into account immunity provisions in either contracts or statutes.
4. Reserves should be changed every 90 days.
A. 2 only
B. 1, 2 and 3 only
C. 2, 3 and 4 only
D. 1, 2 and4 only
54. Behavioral health patients must be assessed for the risk of suicidal ideation or homicidal
acts in order to protect the patient and community. Select the following statement that is
NOT an appropriate risk control practice when managing a patient who is at risk of
suicidal ideation or homicidal acts.
A. When an individual who is at risk of suicide or homicide is placed on close observation (1:
1), the staff member performing the 1:1 duty must always have total visual contact with the
patient including bathroom and grooming activities
B. A staff member performing 1:1 duty should not have other assigned duties.
C. When a body search is determined necessary, it should be conducted by a same-sex
professional staff member and does not require a witness to be present
D. The physical environment must be modified to protect the behavioral health patient from
suicide attempts including the use of "break away" shower rods and showerheads, shatterproof
mirrors and fully enclosed plumbing in the bathrooms.
55. Under EMTALA regulations, the Emergency Department must maintain a roster of
physicians who are available on-call to provide consultation or care for EMTALA
patients. If the hospital cannot provide complete on-call coverage for a particular service
represented by the medical staffi
A. The hospital may be fined up to $50,000.
B. The hospital must make efforts to arrange for such coverage to the best of its ability.
C. The hospital will lose its Medicare certification.
D. The hospital must post information to this effect in each public area.

56. If a state has its own occupational safety and health agency:
A. The federal OSHA regulations pre-empt the state regulations
B. State regulations must conform to the federal regulations
C. State regulations can be less strict than the federal regulations
D. State regulations can be stricter than the federal regulations
57. High-reliability organizations share all of the following characteristics EXCEPT:

A. Easy-to-use reporting systems
B. Early resolution of claims
C. Non-punitive culture
D. Systems for rewarding safety-motivated behaviors
58. A central log must be kept of everyone who comes to the Emergency Department
seeking emergent care. Such logs must also be maintained by departments that:
A. Provide case management services to patients
B. Counsel patients as to the availability of alternative healthcare services within the community
C. Offer non-scheduled primary care services
D. None of the above
59. Most healthcare risk managers gain access to the commercial insurance market by using an
insurance broker or agent. Which of the following statements is FALSE?
A. Agents are insurance professionals who represent the insured.
B. Brokers participate in the evaluation of risk potential.
C. Brokers are independent insurance professionals who represent the insurance buyer
to the insurance company.
D. Brokers are compensated on a commission and/or fee basis.
60. The insurance coverage a hospital purchases may be written on either an occurrence
or claims-made basis. Which of the following statements are TRUE?
1. An occurrence policy covers an insured for incidents that occur while the policy is in
effect, regardless of when the incident is reported to the insurer.
2. A claims-made policy covers an insured for incidents that occur and are reported to the
insurer while the policy is in force.
3. Regardless of which type is purchased, supplemental tail coverage must be purchased, too.
4. For coverage to apply under a claims-made policy, the incident or claim must have occurred
before the retroactive date of the policy.
A. 1 only
B. 1 and 2 only
C. 1, 2 and 3 only
D.All of the above

61. The Patient's Rights Conditions of Participation mandates that a patient placed in a restraint
for behavioral reasons must be seen and assessed by a "licensed independent practitioner":
A. As soon as possible
B. Immediately
C. Within one hour of initiating the restraint
D.Within two hours of initiating the restraint
62. A 12-year-old female is administered an excessive amount of a drug and develops

transient tachycardia that necessitates monitoring in the pediatric intensive care unit for
eight hours. If the preliminary information indicates there is clear liability on the part of
the organization, the most prudent course of action for the risk manager would be to:
A. Complete the investigation but take no further action since the tachycardia was only transient.
B. Review the patient's medical record to determine who, according to HIPAA regulations, is the
appropriate parent or guardian in case the risk manager is approached by the patient's family.
C. Inform the physician who ordered the medication so he can notify his malpractice insurance carrier.
D. Make direct contact with the claimant as soon as is practicable in accordance with
the organization's disclosure of unanticipated outcomes policy.
63. The investigative process is composed of which of the following steps?

1. Discovering the facts
2. Determining the applicable standard of care
3. Assessing the applicable legal principles
4. Reviewing the appropriate HIPAA regulations
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
64. Disasters can strike at anytime, anywhere. Hospitals that are accredited by the Joint
Commission must ensure that they can document they are prepared for such disasters
by doing which of the following?
1. Performing at least four drills a year
2. Evaluating each drill formally
3. Performing no more than two tabletop drills annually
4. Ensuring that drills are conducted no closer than 4 months apart
A. 1 and 2 only
B. 2 and 3 only
C. 2 and 4 only
D. 1 and 3 only

65. In the risk management process, the fourth step is:
A. Monitor and improve the risk management process
B. Identify and analyze the loss exposure
C. Implement the selected technique
D. Consider the alternative risk management techniques
66. If there is no OSHA standard for a given potential health hazard:

A. OSHA has no authority to govern it
B. OSHA may have the authority to govern it under the general duty clause
C. OSHA does not have authority to govern it, but NIOSH may
D. It is probably not a health concern
67. Which of the following is NOT true regarding child abuse and neglect reporting?
A. Child abuse and neglect reporting laws have been enacted in every state in the U.S.
B. Practitioners face possible litigation for failure to act when they have a suspicion of child abuse
C. Practitioners are generally given immunity from liability when reporting in good faith
D. Healthcare practitioners are voluntary reporters of child abuse
68. One of the most important considerations when purchasing property insurance is:
A. Finding a local broker or insurance carrier who knows the geographic area
B. 'Whether "actual cash value" or '"replacement cost" is covered in case of loss
C. Choosing an insurance carrier that also offers other insurance products
D. Whether higher deductibles are available for specific categories of losses
69. Within the Safe Medical Device Act, the Food and Drug Administration (FDA) defined a
reportable event as "information [from any source] that reasonably suggests that a device
has or may have caused or contributed to a death or serious injury." Such events must be
reported to the FDA alone whenever:
1. They involve a serious patient injury
2. They involve a patient death
3. The identity of the manufacturer of the device is unknown
4. The distributor of the device is unknown
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D.All of the above

70. Workers' compensation experience modification factors are defined as:
A. Covered payroll and number of FTEs
B. Covered payroll and covered employees' risk classification
C. Employer's loss experience relative to other industry employers
D. Number of FTEs and employers' loss experience relative to other industry employers
71. Which of the following statements about peer review records is NOT correct?
A. Peer review records are protected from discovery by state statutes.
B. By transferring peer review records to an attorney, they become privileged.
C. Peer review records often contain confidential data about uninvolved patients.
D. Members of peer review committees have statutory immunity from lawsuits.
72. When a potentially compensable event occurs and it is determined that the event might
be a significant one, the original medical records should be:
A. Stored in the risk manager's office
B. Secured in the Medical Records Department with only limited access
C. Sent to the defense attorney with a valid copy maintained securely in the Medical
Records Department
D. Microfiched, microfilmed or digitally recorded immediately
73. Congress, in its Patients' Bill of Rights, directed states to ensure that behavioral health
patients receive the protection and services they require. In order to preclude the possibility of
litigation and control risk, organizations must ensure that the provisions of these rights are
implemented. Select the following statement that does NOT correctly represent the protection
afforded to behavioral health patients.
A. Patients have a right to receive treatment in an environment free from restraint and seclusion.
B. Behavioral health patients must receive initial medical, psychosocial and behavioral health
assessments that are used in the development of specific plans of care with measurable goals
and achievable treatment objectives.
C. A general consent for the release of medical information typically used by other healthcare
services is sufficient when a patient has received treatment for a behavioral health diagnosis
and/or treatment for drug or alcohol abuse.
D. Behavioral health patients have the right to review and/or obtain copies of clinical records; however,
access to behavioral health records by other individuals and organizations is specifically restricted.

74. Protecting outdoor air intakes can mitigate the risk of terrorist acts of introducing
airborne agents into a facility. Steps to accomplish this include:
1. Relocate intakes to a rooftop or higher up on the building
2. Establish a security zone around the intakes
3. Add lighting and surveillance cameras to monitor the intakes
4. Implement negative ventilation throughout the building
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D.All of the above
75. Workers' compensation injuries often can be substantial not only from a medical cost
perspective but also from a productivity standpoint. One of the best ways to reduce workers'
compensation claims related to repetitive motion injuries is to:
A. Perform an ergonomic evaluation
B. Have an appropriate wellness program
C. Enhance on the job training
D.Offer annual physicals
76. A federal law that serves to limit the liability of hospital trustees is the:
A. Healthcare Quality Improvement Act
B. Limited Liability Act
C. Healthcare Not For Profit Corporation Act
D.Volunteer Protection Act
77. The best content and format for a risk manager's report to the board is:
A. A single, comprehensive report that provides as much information as possible on all available data
B. Several separate, comprehensive reports containing all available data
C. A short, easy to read report tracking the organization's risk management trends over
time in a graphic format
D.A short report that contains only the information deemed relevant by the risk manager and the CEO
78. As provided for within the Patient's Rights Conditions of Participation, all patient
deaths associated with the use of restraints must be reported to the:
A. Centers for Medicare and Medicaid Services
B. Office of Civil Rights
C. Food and Drug Administration
D.Office of the Inspector General

79. Which of the following BEST describes workers' compensation coverage?
A. Workers' compensation is a state regulated coverage that provides compensation to
employees for injuries arising out of, and in the course of, their employment. It is a pure
form of no-fault insurance and provides statutory benefits.
B. Workers' compensation provides compensation to employees for injuries arising out of
their employment
C. Workers' compensation is a federally regulated coverage that provides compensation to
employees for injuries arising out of, and in the course of, their employment. It is a pure form
of no-fault insurance and provides statutory benefits.
D. Workers' compensation is a state regulated coverage that provides compensation to
employees for injuries arising out of, and in the course of, their employment. For coverage
to apply, the employer must be found negligent.
80. Which of the following statements is TRUE?

A. Borrowing funds is an efficient means of paying for losses when they become due.
B. Borrowing funds is an inefficient means since it reduces the organization's ability to borrow
funds for more appropriate purchases.
C. The cost of unplanned borrowing typically is less expensive when used to fund operating
expenses instead of long-term capital improvements.
D. There is no significant difference between borrowed funds to pay for losses compared to a
self-insured retention fund.
81. On a steamy summer afternoon, an 86-year-old female is walking toward the entrance of
a physician's private-practice office. There was a light rainfall two hours before. As she
steps from the parking lot to the sidewalk, she slips on the curb. She tears her dress and
stockings. The woman now seeks reimbursement for her damages after hearing that a
portion of the sidewalk near the door was to be replaced the day after she fell. Which of
the following defenses could reasonably be employed to deny this claim?
1. The fall was an act of God since it rained earlier.
2. The sidewalk that was replaced the day after her fall was not the proximate cause of her fall.
3. The damages were minimal so no compensation was warranted.
4. There was no breach of duty.
A. 1 only
B. 1 and 4 only
C. 2 and 4 only
D. All of the above

82. As a claim matures, new information from experts, defense counsel or adjusters may
develop. In that case, which of the following is TRUE?
A. Changing the reserve might be appropriate only under certain conditions.
B. It is acceptable to increase reserves, if appropriate, but they should not be decreased.
C. Step laddering reserves is the best means of addressing new developments.
D. Adjust the reserves frequently to address new developments as well as to account for inflation.
83. Freestanding behavioral health organizations are considered to be those that are not hospital
based and/or not considered to be part of the services offered by an acute care general
hospital or behavioral health inpatient hospital. Which of the following statements regarding
risk control practices in a freestanding behavioral health organization are TRUE?
1. The organization must require formal, written contracts with all independent contractors.
2. The organization must require all independent practitioners to maintain professional
liability insurance in amounts deemed appropriate by the organization and in accordance
with any state requirements and taking into account the local litigation climate.
3. The organization must maintain general liability and premises insurance policies in sufficient amounts.
4. There should be an on-site professional designated to develop the risk control
program and implement risk control activities.
A. 1 and 2 only
B. 2 and 3 only
C. 2, 3 and 4 only
D. All of the above
84. A contract involving professional services should always include minimum amounts
of which of the following coverages?
1. Professional liability
2. Workers' compensation
3. Directors and officer's
4. General liability
A. 1 only
B. 1 and 2 only
C. 1 and 4 only
D. All of the above
85. The report "To Err Is Human" concluded that approximately 44,000 to 98,000 inpatients die
annually as a result of medical errors. This report was originated by:
A. The Institute of Medicine
B. The Joint Commission
C. The Office of the Inspector General
D. The Centers for Medicare and Medicaid Services

86. In July 2001, the Joint Commission created additional Patient Safety Standards that
speak to risk management as a resource for policy-making, not just a data source for
monitoring improvement. These standards require organizations to develop policies
and procedures for which of the following?
1. Proper response to an adverse event
2. Prevention of accidental harm
3. Disclosure of adverse events to patients and families
4. Fiscal accountability
A. 3 only
B. 1 and 3 only
C. 1, 2 and 3 only
D.All of the above
87. To encourage the participation of physicians in the peer review process, federal law
provides protection from civil liability for those who participate in good faith in this
endeavor. The specific federal law that provides such protection is:
A. Health Insurance Portability and Accountability Act
B. Healthcare Quality Improvement Act
C. Medical Staff Conditions of Participation
D. Quality Standards Act
For Questions 88 - 90:

An organization has structured professional liability coverage with a combination of SIR and
commercial insurance. The SIR limits are $2,000,000 per incident and $6,000,000 yearly aggregate.
In addition to the SIR, the organization purchased excess coverage in the amounts of $10,000,000
per incident and $25,000,000 yearly aggregate.
Assume that all the policies are written on a calendar year basis, all payouts are in the correct year,
and the SIR fund and the commercial insurance carrier are financially solvent.
88. If the above organization has not had a claim paid during the year, what amount
would be available for the first claim?
A. $2,000,000
B. $6,000,000
C. $10,000,000
D. $12,000,000

89. If the first claim is settled for $5,500,000, how much will the commercial insurance
company have to pay?
A. $0
B. $2,000,000
C. $3,500,000
D. $5,500,000
90. If the above organization loses three consecutive $2,000,000 cases then loses a case
for $3,000,000, how much money from the SIR will be used to pay the fourth claim?
A. $0
B. $1,000,000
C. $2,000,000
D. $3,000,000
91. A 72-year-old Alzheimer's patient develops acute congestive heart failure. Several invasive
procedures are performed, but the patient dies within 12 hours of admission. His family
files a wrongful death lawsuit naming all the physicians and the hospital as defendants.
At trial, the standard of care in the above case must be determined by:
A. Case law
B. Expert opinion
C. State and federal law
D. Professional standards
92. According to the Healthcare Quality Improvement Act, which of the following require(s)
reporting of the medical professional liability payments to the National Practitioner Data Bank?
1. A verdict against a dentist
2. A verdict against a physician
3. A verdict against a solo physician's practice corporation
4. A verdict against physician group practice corporation
A. 2 only
B. 1, 2 and 3 only
C. 2, 3 and 4 only
D.All of the above
93. A physician has a $2-million policy limit with a $100,000 per claim deductible. How
much total insurance does the insured have?
A. $2,100,000
B. $1,900,000
C. $1,800,000
D. Less than $1,800,000

94. Many organizations are striving to become "highly reliable." Which of the following
characteristics is NOT considered indicative of a highly-reliable organization?
A. Ongoing monitoring of activities
B. A "top down" management style
C. Acknowledgement of risk
D. Appropriate reward systems
95. The Joint Commission has developed numerous patient safety goals. Which of the
following is NOT one of the goals?
A. Improve the accuracy of patient identification
B. Improve the effectiveness of clinical alarm systems
C. Improve safety in the Emergency Department
D. Improve the effectiveness of communication among caregivers
96. The Joint Commission is concerned about workforce shortage and is requiring hospitals to
develop screening criteria for monitoring the problem. Which criteria are acceptable to the
Joint Commission?
1. Number of skin breakdowns
2. Number of adverse drug events
3. Number of patient-related lawsuits
4. Number of nursing care hours per patient day
A. 1 and 2 only
B. 1, 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
97. An employer may decline to hire a disabled applicant otherwise qualified for the job:
A. If the applicant refuses to describe or explain her disability
B. If the applicant might present a safety risk to herself or her co-workers
C. If the applicant cannot explain or demonstrate how she would actually perform her job when asked to do so
D. All of the above
98. Which of the following is regulated by both OSHA and EPA?

A. Glutaraldehyde
B. Nitrous oxide
C. Asbestos
D. Isopropyl alcohol
252 ASHRNI Preparation Guide for the CPHRM Examination

99. Managing a request for insurance proposals is a complicated yet necessary task. With
regard to market proposals and conceptual proposals, which of the following is FALSE?
A. The market method selection process is simpler and more straightforward
B. Pricing all lines of coverage by market assignments is difficult for a program that has
multiple renewal dates
C. The conceptual approach is more objective
D.The conceptual approach allows factors other than cost to be considered
100. HIPAA requires a written agreement for covered entities and business associates in
which of the following situations?
1. A skilled nursing facility transferring patients to a hospital pursuant to a transfer agreement
2. A transcription service providing medical record transcription for a physician's office
3. A hospital contracting for exterior maintenance services
4. A software maintenance company providing services to a hospital's finance functions
A. 1 and 2 only
B. 2 and 4 only
C. 1, 2 and 4 only
D. All of the above

Additional Practice Questions: Answer
Sheet
1. 26. 51. 76.
2. 27. 52. 77.
3. 28. 53. 78.
4. 29. 54. 79.
5. 30. 55. 80.

6. 31. 56. 81.
7. 32. 57. 82.

8. 33. 58. 83.
9. 34. 59. 84.
10. 35. 60. 85.
11. 36. 61. 86.
12. 37. 62. 87.
13. 38. 63. 88.
14. 39. 64. 89.
15. 40. 65. 90.
16. 41. 66. 91.
17. 42. 67. 92.
18. 43. 68. 93.
19. 44. 69. 94.
20. 45. 70. 95.
21. 46. 71. 96.
22. 47. 72. 97.
23. 48. 73. 98.
24. 49. 74. 99.
25. 50. 75. 100.

Additional Practice Questions: Answers
1. C 26. C 51. C 76. D
2. B 27. B 52. B 77. C
3. C 28. A 53. A 78. A
4. C 29. B 54. C 79. A
5. A 30. A 55. B 80. B
6. C 31. C 56. D 81. C
7. C 32. B 57. B 82. A
8. C 33. A 58. C 83. D
9. B 34. C 59. A 84. A
10. C 35. B 60. B 85. A
11. D 36. B 61. C 86. C
12. C 37. A 62. D 87. B
13. B 38. A 63. C 88. D
14. C 39. C 64. C 89. C
15. C 40. A 65. C 90. A
16. B 41. C 66. B 91. B
17. A 42. D 67. D 92. B
18. B 43. C 68. B 93. B
19. B 44. B 69. B 94. B
20. C 45. D 70. C 95. C
21. D 46. C 71. B 96. C
22. B 47. A 72. B 97. C
23. B 48. A 73. C 98. C
24. B 49. A 74. C 99. C
25. C 50. C 75. A 100. B

CPHRM Exam Preparation Guide

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CPHRM Exam Preparation Guide

Hochgeladen von

Copyright:

Verfügbare Formate

Certified Professional in

Healthcare Risk Management

For use with the

safe and trusted healthcare

All rights reserved

ASHRM Preparation Guide for the CPHRM Examination i

Douglas J. Borg, MHA, ARM, CPHRM, DFASHRM

Karen Liptak, BSN, MPA/HCA, CPHRM, CPPS

Sherrill Peters, BSN, ARM, CPHRM, FASHRM

Kathryn E. Townsend, RN, JD, ARM, CPHRM

Marcia Cooke RN-BC, MSN

For additional resources go to www.ashrm.org

ii ASHRM Preparation Guide for the CPHRM Examination

Healthcare Operations Domain

ASHRNI Preparation Guide for the CPHRM Examination iii

Legal and Regulatory Domain

iv ASHRM Preparation Guide for the CPHRM Examination

Claims and Litigation Domain

Acronyms ............................................................................................................................. 211

Key Terms ............................................................................................................................ 215

Additional Practice Question .............................................................................................. 229

ASHRM Preparation Guide for the CPHRM Examination v

Options for further review

vi ASHRM Preparation Guide for the CPHRM Examination

2 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 3

4 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 5

6 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 7

8 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 9

10 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 11

III. Risk identification

12 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 13

W. Risk management program

14 ASHRM Preparation Guide for the CPHRM Examination

V. Development of the risk management program

HEALTHCARE OPERATIONS Domain 15

VI. Key attributes of a risk management program

VII. Scope of the risk management program

16 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 17

VIII. Required skills for the successful healthcare risk manager

IX. Education and professional recognition

18 ASHRM Preparation Guide for the CPHRM Examination

XI. Risk management operations

HEALTHCARE OPERATIONS Domain 19

XII. Organizational Governance

20 ASHRM Preparation Guide for the CPHRM Examination

XIII. Directors and officers liability prevention

XIV. Physician and allied health professionals credentialing

HEALTHCARE OPERATIONS Domain 21

22 ASHRM Preparation Guide for the CPHRM Examination

XV. Risk management's role in performance improvement

C. Performance improvement and risk management are data—driven activities

HEALTHCARE OPERATIONS Domain 23

24 ASHRM Preparation Guide for the CPHRM Examination

XVI. Policies and procedures

HEALTHCARE OPERATIONS Domain 25

XVIII. Crisis/adverse event

26 ASHRM Preparation Guide for the CPHRM Examination