CPHRM Guide 2

.,.:.
_·~···-----'-'-"-
Certified Profession.al in
Healthcare
-
Ris~ Management .
..
~ '
(CPHRM)
Exam Preparation Guide ·
For use with the

Risk Management Handbook fo~ Health Care Org_anizations
and other ASHRM resoun;:es ' '
ASHRM • AMERICAN
SOCIETY FOR
HEALTHCARE
• RISK
MANAGEMENT
safe and trusted healthcare
© 2014
\',
American Society for Healthcare Risk Management of the American Hospital Association ··.
I
155 N. Wacker Dr.

Chicago, IL 60606
. (312) 422-3980
www.ashrm.org
All rights reserved
ASHRM Preparation Guide for the CPHRM Examination i

CPHRM PREPARATION GUIDE
'Lead Author
.I .
Joyce Benton, RN, MSA, ARM, CPHRM, LHRM, DFASHRM
Risk Control Director, CNA Healthcare
. :\
Authors
Monica C. Berry, BSN, JD, CPHRM, DFASHRM, DSA
Consultant
Douglas J. Borg, MHA, ARM, CPHRM, DFASHRM

Director of Insurance, Duke University Health System
Karen Liptak, BSN, MPNHCA, CPHRM, CPPS

Vice President, Quality, Safety, Process Improvement Parkland Health and Hospital System Dallas, Texas
Sherrill Peters, BSN, ARM, CPHRM, FASHRM

Director, ·rusk Management, Community Health Systems
Reviewers
Cyndi Siders, RN, MSN, CPHRM, DFASHRM
Vice President of Consulting Services, Coverys Risk Management
Kathryn E. Townsend, RN, JD, ARM, CPHRM

Risk Management and Patient Safety
Marcia Cooke RN-BC, MSN

Director of Education and Research, ASHRM
\ ..
For additional resources go to www.ashrm.org
ASHRM Preparation Guide for the CPHRM Examination

·' .··· ·-' .:. '. ~·
·,·;.:,·......:.··.--.-·- -~---
Table Qf Contents
Preface.......................................................................... vi
Healthcare Operations Domain
Preparation Objectives................................ ." .... ·................... 2
Key Terms ................................................... ·.............. 2
I. Enterprise Risk Management (ERM) ........................................... 7
II. Risk management (ERM) process ............................................. 9
III. Risk identification ....................................................... 12
IV. Risk management program ................................................ 14
V. D~:velopment of the risk management program ................................. 15
VI. Key attributes of a risk management program .................................. 16
VII. Scope of the risk manageme!lt program ...................................... 16
VIII. Required skills for the succJssful healthcare risk martager ........................ 18
IX. Education and professional recognition ....................................... 18
X. Areas of expertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ............... 19
XI. Risk management operations ............................................... 19
XII. Organizational Governance................................................ 20
XIII. Directors and officers liability prevention .................................... 21
XIV. Physician and allied health professionals credentialing ........................... 21
XV. Risk management's role in performance improvement ........................... 23
XVI. Policies and procedures .................................................. 25
XVII. Education ........................................................... 26
XVIII. Crisis/adverse event management ......................................... 26
XIX. Safety/environment of care program ................... ·..................... 27
XX. Hazard Risks ..................................................... ·...... 28
XXI. Technology Risks ...................................................... 31
(
XXII. Human capital risks .................................................... 32

XXIII. Absence and productivity management ............................. ~....... 34
XXIV. Workers' compensation program ......................................... 37
XXV. Strategic risks ......................................................... 42
XXVI. Contracts .............. , ........ .- ................................... 42
XXVII. Vendor/Third-party services .........................................\ ..
\
A4.
XXVIII. Mergers, acquisitions and divestitures .................................... 44
XXIX. Partnerships, joint ventures and collaborative relationships .................... -46
XXX. Advertising liability. . . . . ................................................ 48
Review Questions ........................................................... 50
ASHRM Preparation Guide for the CPHRM Examination iii

-
Clinical/Patient Safety Domain
Preparation Objectives ........................................................ 60
Key Terms ...................... ·.......................................... 60
· I. Looking for Risks in All the Right Places - High Risk Areas ......................... 62
II. Patient Saf~ty............................................................. 74
\ III. Sentinel Event ........................................................... 86
N. Root Cause Analysis: RCA ................................................ 87
V. Failure Mode, Effects, and Criticality Analysis (FMECA) ......................... 88
VI. Patient Safety Challenges .................................................. 89
vii. Critical Incident Debriefing ............................................... 89
VIII. Patients as Partners in Patient Safety........................................ 90
IX. Patient Safety Challenges' .................................................. 92
X. Patient Safety: Disclosure .................................................. 92
XL Measuring a Culture of Safety .............................................. 94
'
Review Questions ........................................................... 96
Legal and Regulatory Domain

Preparation Objectives ............. : ........................................ 104
Key Terms .................................................... , .......... 104
I. Statutes, Standards and Regulations .......................................... 108
II. Types of Law...................................... ~ ....................108
III. Ethics................................................................. 108
N. Consent .............................................................. 115
'
V. Patient Care Regulations and Laws .......................................... 119
VI. Data Management Regulations and Laws .................................... 140
VII. Payment Regulations and Laws ............................................ 151
VIII. Corporate Compliance ................................................. 152
IX. Employment Laws and Regulations ......................................... 153
X. Workplace Safety........................................................ 154
XI. Accreditation, Surveying and Licensing Bodies Introduction ...................... 155
XII. Tort Reform ................................................. : ........ 158
XIII. Case Law............................................................ 158 -
XIV. Peer Review.......................................................... 158
Review Questions ................................ ~ ......................... 159
iv ASHRM Preparation Guide for the CPHRM Examination

,: _._::~,' \ .:.'-~·.!'. -.. - -·
Risk Financing Domain

Preparation Objectives .................· ..................................... 166
Key Terms ............................................................... 166
I. Structure of the risk management process ...................................... 168 .
II. Basics of risk financing ................................................... 168
III. Distinction between risk control and risk financing ............................. 168
N. Risk financing techniques ................................................ 169
V. Insurance contract ....................................................... 171 •
VI. State regulation of insurance .............................................. 173
VII. Types of insurance ..................................................... 173
VIII. ·other insurance considerations and program specifications ...................... 175
IX. C6st of risk (COR) ...................................................... 177
X. Integrated risk financing and integrated healthcare .............................. 181
XI. Tax aspects of risk financing·: ................. "i . . . . . . . . . . . . . . . . . . . . . . . . . . 181
' '
XII. Actuarial and accounting applications for risk financing ......................... 182
XIII. Actuarial projections .......................................... ·......... 182
XN. Requests for proposals (RFP)..................................•.......... 183
Review Questions ......................................................... 186
Claims and Litigation Domain

Preparation Objectives ...................................................... 190
Key Terms ............................................................... 190
I. Claims Management Program .............................................. 193
II. Claims Management Process ............................................... 193
III. Legal Theories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .................... 199
N. Exposures of Healthcare Entities ..... , ................ ." .................... 199
V. Litigation Management................................................... 203
VI. Insurance Companies and Brokers .......................................... 204
VII. Lawsuit Process ................................................. : ...... 205
VIII. Claims settlement process ......................................... :....... 206
Review Questions ......................................................... 207
Acronyms . .................................................................... .211

\',
Key Terms ...••.•.•.•..••..••...•••..•........•.•.••.••..••.....•..••••.••••. ~ .2l5

. '
I
Additional Practice Question •............••..•••..•.•••.•.•.•.••.•••..••.••••••.••229
ASHRMPreparation Guide for the CPHRM Examination v

!
lnr -.
rI
PREFACE
This guide was prepared by the American Society for Healthcare Risk Management (ASHRM) for.
i~dividuals who plan to take the Certified Professional in Healthcare Risk Management (CPHRM)
examination offered by the American Hospital Association (AHA) Certification Center. Organized
by domains of practice, the CPHRM Exam Preparation Guide builds upon previous editions. It is
irhen~ed to serve as an oudine for exam preparation as well as a resource for healthcare risk managers
and patient safety professionals. ·
Guide features
ASHRM's 2014 CPHRM Exam Preparation Guide is organized in a detailed oudine format and includes
us'eful features such as key terms, acronyms, review questions and suggestions for additional resources.
Options for further review

The study guide focuses primarily on the processes and objectives of risk management within
the context of healthcare delivery. Those seeking in-depth study may be interested in ASHRM's
Healthcare Risk Management Certificate Program, Patient Safety Certificate Program or other
educational resources found at www.ashrm.org. Much of this guide's content was adapted from
ASHRM's Risk Management Handbook for Health Care Organizations and other ASHRM resources,
which also are available through www.ashrm.org.
Additional notes
This study guide is not intended as a legal advice source or a professional standards' oudine. The
contents are meant to help you further your knowledge, to identify areas you may want to bolster
through reading and education and to generally prepare you for the CPHRM exam. Details about
individual state laws and statutes are beyond the scope of this guide. We recommend you consult
with legal counsel for advice on specific statutes, issues or concerns. To avoid the potential of conflict
of interest, the authors and editors of this guide did not review the material used to develop the actual
examination. Nor did they collaborate with individuals affiliated with the exam preparation process.
]I AHA Certification Center Tools

Another study tool is the CPHRM Candidate Handbook, which contains:
,!
• Examination eligibility requiremettts
,,
:i • The complete content oudine for the exam
I
• Sample test items
I' • Instructions for applying for the exam
• An exam application
• And provisions for the exam administration process
• Download the Candidate Handbook from the AHA Certification Center (AHA-CC) web site at
http://www.aha.org/certifcenter/index.shtml or request it through AMP (Applied Measurement
Professionals, Inc.) at 888-519-9901 or email info@goAMP.com.
You also may purchase AH.A:s practice test-Self-Assessment Examination (SAE) via AMP. This online
study tool parallels the CPHRM certification examination in format, content and level of difficulty.
See the inside back cover of this guide for details.
''
For information about the CPHRM certification program, including the exam and certification renewal
I :
process, contact the AHA Certification Center at 312-422-3702 or email certification@aha.org.
Revised 2014
vi ASHRM Preparation Guide for the CPHRM Examination

HEALTH CARE OPERATIONS
Domain
HEALTH CARE OPERATIONS Domain

1
Healthcare Operations Domain
PREPARATION OBJECTIVES
.flfter learning the content in this section, you shou.ld be prepared to:
I
1. Define Enterprise Risk Management (ERM) and the benefits of an ERM program
'f. U~t the five steps in the Enterprise Risk Management decision making process
:\
3. Identify the key components of developing a risk management program, including the risk
management professional's role and responsibilities.
I I
I 4. Articulate key issues concerning healthcare organization governance
i
5. Descr~be the benchmarking and performance improvement attributes that contribute to the risk
I
management process
6. Discuss physician and allied health professionals credentialing
7. Describe the elements ofpolicy and procedure development
8. List the key steps to crisis management
9. Describe issues related to technology
10. Discuss various aspects of employee and environmental safety
11. Explain workers' compensation from a risk manager's perspective
12. Explain five legal essentials of a contract
13. Describe organizational requirements for vendor/third party services
14. List and explain three elements of a risk management review of an organization's mergers,
acquisitions, and divestitl.,lres
15; Create a list of exposures that deal with organizational advertising liability
KEY TERMS
Important terms and definitions,relevant to this domain:
Adverse event- Negative or bad result stemming from a diagnostic test, medical treatment or surgical
intervention; an injury resulting from a medical intervention.
Age Discrimination in Employment Act- 29 U.S.C. Section 621 et seq. Federal statute prohibiting
certain types of employment discrimination on the basis of age.
Americans ~th Disabilities Act- 42 U.S.C. Section 12101 et seq. Federal statute aimed at
prohibiting discrimination against individuals with certain mental and physical disabilities in the
areas of employment and public accommodation.
Assignment- Act of transferring to another all or part of one's property, interest or rights.
Benchmarking- Comparative process used by organizations to collect and measure internal or
external data that may ultimately be used for the purpose of developing, implementing and sustaining
quality improvements.
Breach of contract- Failure, without legal excuse, to perform any promise that forms the whole or
part of a contract. Hindrance by a party regarding the required performance of the rights and duties
identified in the contract.
2 ASHRM Preparation Guide for the CPHRM Examination

Collective bargaining- Collective bargaining consists of negotiations between an employer and
a group of employees so as tb determine the conditions of employment. The result of collective
bargaining procedures is a collective agreement. Employees are often represented in bargaining by a
union or other labor organization.
Consideration- In contract law, something of value exchanged for the promised performance of the
other contracting party. Contracts frequently call for monetary consideration to be exchanged for the
promise to provide specified goods or services. ·
Contract- Agreement, either written or oral, involving an offer, the acceptance of the offer and
an exchange of consideration. Also, an agreement between two or more persons that creates an
obligation to do or not to do a particular thing; a promise or set of promises for the breach of which
the law gives a remedy or the performance of which the law in some way recognizes as a duty.
COSO {Committee of Sponsoring Organizations) -Independent private sector initiative which
studied ERM .~d has made recommendations on ERM structure and implementation.
Credentialing- Process of verifying and reviewing the education, training, experience, work history
and other qualifications of an applicant for clinical privileges conducted by a healthcare facility or
managed care organization; typically performed for independel\t contractors such as physicians and
allied health practitioners who are frequently not employed by the credentialing entity but who are
granted specific clinical privileges to practice.
Darling v. Charleston Community Memorial Hospital- Landmark 1965 case that determined
a hospital has the independent duty to ensure that high-quality care is rendered at its facility and is
responsible to screen the competency of its medical staff.
Due diligence- Review of an entity targeted for acquisition by the acquiring party to ascertain
pertinent information about its financial and operating history and current status. Corporate staff are
generally held to the legal standard of having performed the review with due diligence before making
a recommendation to the board of directors as to whether to proceed with the acquisition.
Emergency Medical Treatment and Active Labor Act {EMTALA)- 42 U.S.C. Section 1395 et seq.
Federal statute prohibiting the "dumping" of patients presenting to the hospital with an emergent
medical condition or in active labor and limiting a hospital's ability to transfer them to other facilities.
EMTALA specifies when and how a patient may be: 1) refused treatment or 2) transferred from one
hospital to another when the patient is in an unstable medical condition.
Employee Polygraph Protection Act- 29 U.S. C. Section 2001 et seq. Federal statute limiting most
employers' ability to use polygraph testing in applicant screening processes.
Employers' liability- Any of a number of causes of action related to the employment relationship
but falling outside of workers' compensation and employment practices liability insurance·. coverage,
including dual capacity claims, spousal claims and third-party over claims. ·
Employment-at-will- Legal doctrine in most jurisdictions that an employer may discharge an
employee for any reason, unless specifically prohibited by law.
Employment practices liability-Any of a number of violations by an employer, based on statUte Of
I .
common law, giving rise to damages outside of those covered by workers' compensation or similar
statutes, including wrongful termination, discrimination and sexual harassment.
Enterprise Risk Management- ERM in healthcare promotes a comprehensive framework for
making risk management decisions which maximize value protection and creation by managing risk
and uncertainty and their connections to total value.
HEALTHCARE OPERATIONS Domain 3

Equal Employment Opportunity Commission- Federal agency charged with responsibility for
enforcing several federal statutes prohibiting various types of employment discrimination. Under
some statutes, administrative hearing procedures before the EEOC must be exhausted before an
,employee has access to the court system.
I -
1
ESsential job functions- Under the Americans with Disabilities Act, those functions of a particular
job that an applicant must be able to perform, either with or without accommodation, in order to
' j:
\perfbrm the job.
:I :\
I Failure mode effects analysis or Criticality analysis (F.MEA or FMECA) -A proactive, systematic
'
assessment used to identify the steps of a process that may be subject to failure in order to design
measures to wither prevent or control such failures. If a criticality phase is used in this process, the
perceived level of criticality of each type of potential failure is identified, to aid in setting priorities for
establishing control mechanisms.
Family Medical Leave Act- 29 U.S. C. Section 2611 et seq. Federal statute requiring certain
employers to provide a period of unpaid leave to employees meeting specified criteria in order for
them to receive medical treatment or to provide care to designated family members.
Federai Emergency Management Agency (FEMA) -Independent response organization that was
folded into the Department of Homeland Security (DHS) in 2003. The FEMA administrator reports
to the President of the United States.
Hazard- A condition that creates or increases the possibility of loss
Hazard analysis - Process of collecting and evaluating information on hazards associated with the
selected process; purpose is to develop a list of hazards that are of such significance that they are
reasonably likely to cause injury or illness if not effectively controlled.
Hold harmless provision- Contractual clause providing that one party agrees not to pursue a tort
claim for vicarious liability against the other; usually found with indemnification provisions and are
usually mutual.
Incident- Any happening not consistent with the routine operations of the facility or routine care of
a particular patient. Examples: A union strike, a criminal act such as a homicide, or a physical disaster
including hurricanes, bioterrorism threats, etc.
Indemn.ification provision- A ~ntractual clause in which one party agrees to accept the tort liability
and legal defense of another; usually found with hold harmless provisions and are usually mutual.
Joint and se'Veralliability- A form of liability used in civil cases where two or more people are
found liable for damages. The winning plaintiff may collect the entire judgment from any one of the
parties or from any and all the parties, in various amounts until the judgment is fully paid. Under
joint and several liability, a plaintiff may choose to seek full damages from all, some, or any one of the
parties alleged to have committed the injury. In most cases, a defendant who pays damages may seek
reimbursement form nonpaying parties.
'
!
The Joint Commission- An independent, not-for-profit organization, The Joint Commission
I
i' accredits and certifies more than 20,500 healthcare organizations and programs in the United States.
I
The Joint Commission sets standards for hospitals and other types ofhealthcare organizations and
I conducts education programs and a survey process to assess organizational compliance.
Joint venture- An undertaking by two or more entities to pursue business or other ventures. In
many jurisdictions, entities cannot form partnerships; hence they are deemed to be joint ventures;
each joint venture may be liable for the debts and obligations of the joint venture.
Lex loci delicti commissi- Law of the place where the tort was committed.
. . ... : .. _-,
Maximum medical improvement (MMI) -In workers' compensation, the point in which the
injured employee has recovered to the maximum extent ·medically expected .(also called permanent
and stationary or P&S). When an employee reaches MMI, any residual disability, pain, etc. is
expected to be permanent.
-"
National Labor Relations Act- The main body of law governing collective bargaining explicitly
grants employees the right to collectively bargain and join trade unions; originally enacted by
Congress in 1935 under its power to regulate interstate commerce.
National Practitioner Data Bank (NPDB) -The Data Bank is a confidential information
clearinghouse created by Congress with primary goals of improving health care quality, protecting
the public, and reducing healthcare fraud and abuse. Federal statutes require that an NPDB report
be made by any entity that pays money on behalf of a practitioner to settle a legal claim asserted
against the pr:actitioner. Reports must also be filed by hospitals that restrict, suspend or terminate
a practitioner;~ privileges to examine or treat patients at the hospital. The NPDB is prohibited by
law from disclosing information on a specific practitioner, provider, or supplier to a member of the
general public.
Occupational Safety and Health Act/~dministration- 29 U.S.C. Section 651 et seq. Federal
statute (and agency created by it) chargeCi with responsibility for promulgating standards and
enforcement mechanisms governing worker safety for most industries.
Occurrence reporting- Unexpected patient medical intervention, intefl;sity of care or healthcare
impairment. Staff is given clear guidelines and specific examples of reportable incidents or events;
e.g., occurrences of missed diagnosis that result in patient injury; surgically related occurrences
such as wrong patient being operated on, the wrong site, the wrong procedure or treatment related
occurrences; falls; medication-related occurrences, etc.
Occurrence screen reports- Systematic review of medical records/cases (either retrospectively or
concurrently conducted) using predetermined screening criteria, conducted to identify cases that may
warrant a closer performance improvement review. Screeners look for deviations from practice, policy
and procedures. Criteria for screens are established in areas that are considered to be high risk, high
frequency or problem prone.
Organizational culture- Set of values, guiding beliefs or ways of ~ng shared among members of
an organization.
OSH.I\ General Duty Clause- OSHA's general requirement that employers maintain a safe work
environment. OSHA inspectors may cite the general duty clause whenever an unsafe workplace
condition or work practice is identified, but no specific OSHA regulation applies.
Ostensible agency doctrine- The doctrine sometimes referred to as apparent agency, permits a
finding of liability on a hospital where there is the appearance of an employment relationship with
an independent contractor. In the absence of employer-employee relationship, a managed care
organization (MCO) may still be held vicariously liable for the acts of provider physicians if the
patient had a reasonable belief the physician was the MCO's agent and that this belief was based upon
representations made by the MCO to that effect. Burden is on the plaintiff to prove that he oF. she,
1
detrimentally relied on the fact that the MCO held the physician out as its agent.
Peer review- Process whereby possible deviations from the standard of patient care are reviewed by an
I
individual or committee from the same professional discipline to determine whether the standard of
care was met and to make recommendations for improving patient care processes. Most jurisdictions
provide at least a limited protection from discovery in civil actions for peer review activities.
Quality Improvement Organization (QIO) -A group of health quality expertS, clinicians, and
consumers organized to improve care delivered to Medicare beneficiaries. QIOs work under the
HEALTH CARE OPERATIONS Domain 5

direction ot the Centers for Medicare & Medicaid Services (CMS) to assist Medicare providers
with quality improvement and to review quality concerns for the protection of beneficiaries and
the Medicare Trust Fund. The program, one of the largest federal programs of its kind, consists of a
national network of QIOs throughout each U.S. state, territory, and the _District of Columbia.
Right to know- Laws that require employers to provide information, education and/ or treatment
to employees regarding hazardous materials to which employees may be exposed during their
e~ployment.
Risk- Chance of loss. "Pure" risk is uncertainty as to whether loss will occur; "speculative" risk is
uncertainty about an event that could produce loss. Pure risk is insurable; speculative risk usually is not.
, Risk analysis- Process used by the person/individuals assigned risk management functions to
. deterrt).ine the potential severity of the loss from an identified risk, the probability that the loss will
happen and alternatives for dealing with the risk.
· Risk avoidance- Decision not to undertake a particular activity because the risk associated with the
activity is unacceptable. The only risk control technique that completely eliminates the possibility of
loss fr.om a given exposure. This technique reduces the possibility of a loss to zero by the conscious
choice not to engage in or avoid a specific activity or operation.
Risk control- Includes techniques to minimize frequency or severity of accidental losses or to make
losses more predictable; stopping losses from happening or mitigating the loss. Risk control techniques
include avoidance, loss prevention, loss reduction, segregation of loss exposures and contractual
transfers designed to protect an organization from legal obligations to pay for others' losses.
Risk financing- Includes risk management techniques that encompass all the ways of generating
funds to pay for losses that risk control techniques do not entirely stop from happening; techniques
include risk retention and risk transfer.
I Lf Risk identification- Process of identifying problems or potential problems that can result in loss;
recognizing the potential for loss.
Risk management- Process of making and carrying out decisions that will assist in prevention of
adverse consequences and minimize the adverse effects of accidental losses upon an organization.
Also, a systematic and scientific approach in the empirical order to identify, evaluate, reduce or
eliminate the possibility of an u:nfavorable deviation from expectation and, thus, to prevent the loss
of financial assets resulting from injury to patients, visitors, employees, independent medical staff,
or from damage, theft or loss of property belonging to the healthcare entity or persons mentioned.
The definition includes transfer of liability and insurance financing relative to the inability to reduce
or eliminate intolerable deviations. Originally defined by the American Hospital Association as the
"science for the identification, evaluation and treatment of the risk of financial loss," risk management
now also encompasses the evaluation and monitoring of clinical practice to recognize and prevent
patient injury.
:I,
i Risk treatment strategies- Range of choices available to handle a given risk. Treatment strategies
include two general categories: risk control and risk financing.
Root cause analysis -Multi-disciplinary process of study or analysis that uses a detailed, structured
process to examine factors contributing to a specific outcome (e.g., an adverse event). A process
for identifying the basic or causal factors that underlies variation in performance, including the
occurrence or possible occurrence of a sentinel event.
Telemedicine/telehealth- The use of telecommunications to provide medical information and
services. Also, the provision of healthcare consultation and educati~n using telecommunications
.. '
- . . _._-... _._.;.·- -·:c- - ,-_,_.-----::--::.·,

networks to communicate information; medical practice across distance via telecommunications and
interactive video technology (American Medical Association's Council on Medical Edu~ation and
Medical Services). The use of electronic information and communications technologies to provide
and suppo·rt healthcare when distance separates the participants (Institute of Medicine).
- -
U.S. Patriot Act o£2001- Federal legislation (H.R.3162) that enhances the ability oflaw
enforcement to deter and detect acts of terrorism, including cyber-intelligence gathering, wiretapping
and other means of gathering needed information from designated privacy records.
Value creation- In Enterprise Risk Management, value creation takes advantage of the opportunity
to add worth and the potential for gain. It is proactive and includes market share, competition,
centers of excellence, financial viability and growth, return on investment, etc.
Value protection- In Enterprise Risk Management, includes preventing loss and harm to assets,
reputation, pr-operty and people and is reactive.
Vicarious liab.ility- The imposition of liability on one person for the actionable conduct of another,
based solely on a relationship between the two persons, such as the liability of an employer for the
acts of an employee.
'Whisde-blower- Individual, frequendy.@ employee or formei.\employee, who reports unlawful
activity, such as healthcare fraud and abuse or OSHA violations, to the government or an
administrative agency. Some statutes provide for the whisdeblower to receive a share of fines levied
against the organization for making the report. Most statutes prohibit retaliatory discharge or other
discriminatory actions against an employee who makes such a report.
Workers' compensation- Program that provides protection to workers who are injured while
engaged in the business of their employer. Statutory limits of coverage are set by each state.
OUTLINE
I. Enterprise Risk Management (ERM)
A Definition: A framework of activities that assists an organization to identify and manage risk
holistically by considering all forms of risk across the organization.
B. Structured analytical process focuses on identifying and estimating·the financial impact and
volatility of a defined portfolio of risks
C. ERM proposes that risks do not exist or behave in isolation but can be identified, grouped and
catalogued in risk domains
D. Premise is that every entity, whether for-profit, not-for-profit or a governmental body, exists to
provide value for stakeholders
E. Provides framework for management to effectively deal with risk and opportunity
F. A comprehensive way of thinking about risk in all areas of an organization
G. Risks can be grouped into domains ,:
.
1. Operational risks: Arise out of daily operations and includes risk presented by facility's \supply
'
chain, compliance, product recalls, admissions, service lines, clinical operations and changes
in regulations
2. Clinical/patient safety risks: Associated with the delivery (or lack thereof) of care to residents,
I
patients and other healthcare customers and stakeholders.
3. Strategic risks: Concern business decisions; decisions that affect strategic risks include pricing,
partnerships, marketing, joint ventures, mergers and acquisitions

~r
I iJ
li
!
4. Financial risks: Concern cash-flow management, interest rates, access to capital, economic
instability, taxation and costs of commodities
5. Human capital risks: Comprise risks to the organization's workforce
6. Legal/ regulatory risks: Arise from the failui:e to identify, manage and monitor legal, regulatory
and statutory mandates on a local, state and federal level.
1
7. Technology risks: Associated with the use of machines, hardware, equipment, devices and
:1 tools but can also include techniques, systems and methods of organization.
8. Hazard risks: Comprise traditionally insurable risks including property, general liability and
products liability
H. ERM definition of risk tends to ignore the mutually exclusive speculative vs. pure classification
scheme in defining risk
I. ERM consists of eight interrelated components (identified by Committee of Sponsoring
Organizations of the Treadway Commission Integrated Framework)
1. Internal environment: Risk and safety culture of the organization, governing body support,
· risk tolerance, policies and procedures
2. Objective setting: Strategic objectives
3. Event identification: Identified risks and opportUnities within the risk domains of clinical/patient
safety, operations, finance, human capital, legal/regulatory; technology, strategic and hazard risks
4. Risk assessment: Likelihood and impact of identified risks
5. Risk response: Cost benefit analysis of risk response such as avoidance, reduction, sharing and
acceptance
6. Control activities: Policies and procedures to ensure selected risk response is implemented
7. Information and communication: Communication of internal and external data sources that
express risk tolerance, performance metrics and compliance philosophy
8. Monitoring: Assessments of necessary components of the ERM program and their efficient
functioning over time
J. Benefits of an ERM program
1. A strategic, organizational framework for managing risk
2. Understanding relationships (correlations) between risks
3. Efficient and effective treatment of risks
4. Risk prioritization
5. An understanding and assessment of future risks
6. A common risk taxonomy
7. Promotion of transparency
I: 8. Support for board educational initiatives and framework for meeting financial disclosure
requirements
9. Better decision making
10. Allocation oflimited resources
11. Success of regulatory and compliance initiatives
12. Formal linkages

I .
: I
II. Risk managemen,t (ERM) process
A. Risk management is the process of making and carrying out decisions that will assist in
prevention of adverse consequences and minimize the adverse effects of accidental losses upon
an organizafion. Making these decisions requires the five steps in the decision process (ARM).
B. Five steps of traditional/Enterprise Risk Management process
1. Identify and analyze loss exposures
2. Examine alternative risk management techniques or treatments
3. Select the best risk management technique or combination of techniques
4. Implement selected techniques
5. Monitor, evaluate and improve the risk management program to identify and analyze loss
exposii.res
C. Details fOr each step:
1. Identify problems or potential problems that can result in loss
a) Type of value exposed to loss \ \
b) Potential cause of loss
c) Extent of the projected financial consequence of the loss
d) Classifications of loss exposures:
(1) Property losses: Damaged/destroyed property
(2) Net income losses: Revenues minus expenses for a given accounting period
(3) Liability losses: Another individual or organization brings a claim for alleged
wrongdoing
(4) Personnel losses: Death, disability, retirement, resignation, or
(5) Unemployment of individual with special skills or knowledge that an organization
cannot readily replace
e) Systems for risk identification:
(1) Informal risk identification systems
(2) Claims data
(3) Patient complaints
(4) Standardized surveys and questionnaires
(5) Personal inspections
(6) Committee minutes
(7) Survey reports from accreditation and licensing organizations
(8) Expert reports
(9) Hotline calls
(10) Flowcharts
(11) Referral by staff
(12) Requests for medical records
(13) Policy queries

r
'I,
I
il
ij
I'
:I
(14) Clinical indicators
,,I
(15) Collaborative relationships with quality, nursing, medical staff, infection control,
security, safety, etc.
f) Formal risk identification systems:
(1) Incident reporting
;
(2) Sentinel event traE:king
:\
(3) Root cause analysis (RCA)
(4) Failure mode, effect and criticality analysis (FMECA)
(5) Occurrence reporting and screening
(6) Device reporting and tracking logs
(7) Security reports
g) Analysis to determine the potential severity of the loss associated with an identified risk,
the probability that such a loss will occur and the frequency of such a loss
(1) Metrics utilized to analyze risks
(2) Risk mapping
a) A graphic depiction of an organization's risks that displays the relationship between
frequency and severity oflosses (risk assessment)
b) Provides prioritization scheme for further data collection; also to establish risk
mitigation strategies, define capital allocations and exploit competitive advantages
c) Provides an analysis of the identified risk's impact on the organization
, I
d) Improves the organization's knowledge of its exposure to risk and facilitates selecting
the desired risk control technique
2. Examining alternative risk management techniques or treatments
a). Refers to the range of choices available to the risk manager in handling a given risk
b) Risk control stops losses from happening or mitigating the loss
(1) Risk avoidance eliminates any possibility ofloss; only risk treatment that reduces the
probability of loss to zero
(2) Loss prevention
(a) Technique reduces the likelihood of an event or the frequency of the event; proactive
Examples: Preventive maintenance program, education, vaccination program
(3) Loss reduction
(a) Involves various loss control strategies aimed at limiting the potential consequences
of a given risk without totally accepting or avoiding it; reduces severity of those
losses that other risk control techniques do not prevent
Examples: Fire sprinklers, fire extinguishers
(4) Segregation of loss exposures: Involves arranging an organization's activities and
resources, so if a loss occurred, it would not broadly affect the organization
(a) Separation: Distribution of a particular activity or asset over several locations
I (b) Duplication: A reserve or substitute is available for alternative use if the primary
source or activity is affected by a loss

···:.:•'.·:c --~ . .:: .. ·:: _ _
.• _ _,_::· .
.. ~
(5) Contractual transfer for risk control: Directed at shifting the legal responsibility
from one party to another party; leasing of property and subcontracting activities are
frequent forms of contractual transfer for risk control
(a) Implement a program for control of contractual risk
(b) Review contracts for:
i. Risk exposures
ii. Risk assumptions
iii. Insurance provisions/requirements
iv. Hold harmless clauses
v. Indemnification
vi. Regulatory compliance
··(c) Recommend implementing modifications to additions identified as risks
(d) Ensure that a program exists for tracking maintenance and retention of contracts
and leases , ',
(6) Risk financing: All the ways of generating funds for paying losses that occur
(7) Risk retention: Involves assuming the potential losses associated with a given risk and
making plans to cover any financial consequences of such losses:
(a) Current expensing of losses
(b) Unfunded loss reserve: an accounting entry denoting a potential liability to pay for
a loss
(c) Funded loss reserve: a reserve backed by set aside funds within the organization
(d) Borrowing funds to pay for losses
(c) Affiliated, "captive" insurer: A limited-purpose insurance company set up in a
jurisdiction that is favorable to such companies, to provide insurance to entities
that are also the company's owners or affiliates; the most formalized method of risk
retention
(d) Self-insurance trust
(e) Risk retention group
(8) Risk transfer: Shifting the financial risks but not the ultimate legal responsibilities for
those losses to another entity -, '
(a) Insurance: Outside, unaffiliated insurer (e.g., commercial insurance)
(b) Non-insurance transfers: Agreement such as a hold harmless agreement or
indemnification agreement
1:
3. Selecting the best risk management technique or combination of techniques ··.I.
a) First, forecast the effects the available risk management options are likely to have on the
organization's ability to fulfill its goals
b) Second, define and apply criteria that measure how well each alternative risk arrangement
technique contributes to each organizational objective in cost-effective ways
4. Implementing selected techniques requires attention to the technical risk management
decisions that must be made by the risk management professional and the managerial

~
jii
decisions that must be made in cooperation with other managers throughout the organization
to implement the chosen techniques
5. Monitoring, evaluating and improving the risk management program is done to gauge and
assess the effectiveness of the techniques employed to identify, analyze and treat risk
a) Reduce and control the number and size of payments of claims
b) Identify the most economical approaches to risk financing
c) Improve quality and safety
d) Quantify cost of risk
e) Quantify tolerance for risk
III. Risk identification

A. Incident reporting
1. Incident reporting is the cornerstone of a healthcare risk management program
2. Incident is defined as any event that is not consistent with the routine care of a particular
patient or an event that is not consistent with the normal operations of a particular
organization, such as a union strike, a criminal act such as a homicide, or a physical disaster
including hurricanes, bioterrorism threats or the onset of mold contamination
3. Occurrence of an incident should trigger a report form
4. Incident should be reported to the risk manager; in some cases, immediate notification might
be warranted
5. Reported incidents should be coded, analyzed and trended
6. Data should be sh~ed with authorized individuals or committees on a "need to know" basis
7. Incident reporting should be implemented in all healthcare settings (e.g., acute care hospitals,
long-term care facilities, home health, ambulatory care, etc.)
B. Content of an incident report
1. Demographic information (name, address, telephone, etc.)
\.
2. Socio-economic data (age, gender, marital status, insurance, etc.)
3. Facility-related informacl.on (date, patient identification number, admitting diagnosis, etc.)
4. Description and details of incident (when, where, witnesses, contributing factors, etc.)
C. Staff participation in incident reporting
1. Duty and responsibility of all employees and medical staff ·
a) In some states, reporting is mandatory; failure to report may cause an action against the
healthcare provider's license
2. Challenges exist for integrated delivery system risk managers if facilities are geographically distant
3. Simplicity of reporting system and access to training of staff is crucial
4. Because employees are often reluctant to report incidents due to the perception that reporting
is admission of negligence, incident reports should not be used for punitive purposes
a) Anonymous reporting is required by several states
5. Training must emphasize the following:
a) Reporting facts alone
L____,_ ·,-:,.• •. ·.·;

.-,---;---:,--:--:;-:
b) Preserving confidentiality of report
c) Documenting the incident objectively in the medical record
D. Reasons incidents may not be reported in a conventional passive-repor#ng system
1. Observer is too busy
2. Staff feels reporting is of little value due to lack of feedback
3. Staff fears disciplinary action
4. Non physicians are often reluctant to file a report concerning a physician
5. Staff concerns of implications regarding personal liability
6. Staff fails to recognize that incident occurred
7. Staff does not understand definition of incident
8. Staff b.~lieves that someone else is going to report
E. Effectiveness of the reporting process is enhanced by written policies and procedures
1. Staff should be encouraged to co.~plete reports promptly and completely
' ~
2. Preservation of confidentiality should be emphasized bec~use it:
a) Encourages accurate and frequent reporting
b) Ensures factual information and promotes honesty
c) Prevents perception that something "wrong" occurred
d) Supports claims management and defense efforts
e) Provides documentation of the protections sought for incident reports
3. Approaches to preserving confidentiality
a) Reporting process compliant with state/federal peer review provisions or patient safety
reporting, i.e., anonymous reporting
b) Reporting may also be protected under attorney-client privilege
F. Occurrence (event) reporting and screening
1. Focused-occurrence reporting
a) Staff provided guidelines and examples of reportable events
b) Assist in medication error-reduction efforts
c) Can apply in all healthcare settings
d) Reportable events often defined for specific clinical areas
e) Data of particular value to both risk management and performance improvement efforts
f) Methods for enhancing effectiveness of reporting process:
1\
(1) Ensure that departmental and medical staff collaborate in development of reportable'
event lists
(2) Streamline reporting system to ensure that process is not overly burdensome
(3) Ensure that results of collected data are shared promptly with departments and
appropriate committees
G. Occurrence screening
1. Uses a defined list of occurrences for which all medical records are screened ·

2. Scre~ners look for deviation from practice, policy and procedures
3. Results are prepared for each admission and sent to quality department for assessment and
data collection
4. Process is adaptable to all healthcare settings
5. Although it's primarily a quality process, risk managers must be involved
1
H. Computerized incident/ occurrence tracking
1. Risk management information systems
2. Many commercially available systems
3. Database software can support customized risk identification systems
4. Important elements of computerized system:
a) Data collection breadth and effectiveness
b) Data screening, review and coding
c) Data processing and analysis
d) Report generation and information analysis and feedback
IY. Risk management program

A Risk management program, structure and,function vary widely
1. Organizational culture/philosophy
2. Type, size and location of the organization
3. Delivery setting
4. Scope of services and activities
5. Available resource
B. Legislative and regulatory mandates developed in some states require hospitals to implement risk
management programs
1. Risk manager competencies
\
2. Incident/occurrence reporting and chain of evidence requirements
C. Standards for accreditation increasingly include risk management requirements
D. Risk management program effectiveness can be evaluated using performance (activity) measures,
outcome measure and financial measures
1. Outcome and financial measures should be
a) Rate based
b) Comparative over time
'i
I c) Benchmarked (if possible)
d) Graphically expressed
e) Statistically valid (outcome measures)
E. Risk management policy and procedure manuals
1. Used by regulatory and accreditation agencies to establish evidence of compliance with
requirements
14 ASHRM Preparation· Guide for the CPHRM Examination

2. Used in civil litigation to establish the organization's self-imposed standards
3. Reviewed and updated regularly to ensure compliance with prevailing requirements or practices
4. Staff are trained op. new or revised policies .and procedures in
a) Claims management
b) Incident/ occurrence reporting
c) Insurance requirements ·
5. Ensure maintenance of modified and revoked policies to allow for establishment of standards
at a given time
V. Development of the risk management program

A. Selecting an appropriate risk management program structure
1. Size .:
2. Scope of services and activities
3. Available resources
4. Location of the organization to be served
5. Type of facility/organization
6. Reporting structure
B. Level of risk management responsibility considerations
1. Responsibility for all risk management functions can rest with the risk manager
2. Responsibility for risk management activities and services can be distributed to several
managers and/or departments throughout the organization
3. Use of consultants and outsourcing of functions to third parties of certain risk services
C. Key components to getting started
1. Obtain organizational commitment: Acceptance of roles, scope, goals and objectives, as well
as support for the program by various levels of leadership starting with the board
2. Designate a competent, qualified risk manager
3. Write an accurate, comprehensive risk manager job description
4. Write a risk management plan: Include a purpose overview, structure and process of risk
management activities within the organization
5. Incorporate formal involvement by medical staff in the program
6. Develop outcome measures to assess effectiveness of risk management activities that are:
a) Rate based
1'.
b) Comparative over time
c) Benchmarked (if possible)
d) Graphically expressed
7. Achieve program acceptance: provide visibility and education on related risk management
topics at orientation and continuing education activities
D. Assessing areas of the organization that need risk management
l.
1. Take an enterprise-wide comprehensive approach
a) Identify areas for assessment: profile or~tion's current services ind relationships
i~portant in identifying the various areas for assessment
b) Identify traditional risk areas such as hazard and operational risk as well as financial and -
strategic risk
c) Analyze systems ·already in place to determine their current effectiveness
d) Determine external needs and demands
e) Review the assessments using a "risk map" if necessary
f) Identify areas of concern and existing management controls
g) Develop a risk management action plan
E. Review all existing insurance polices
F. Review contracts
G. Consider ASHRM's "Self-Assessment Tool for Risk Management Programs & Functions" (CD)
VI. Key attributes of a risk management program

A. Authority
1. Risk manager must maintain sufficient authority and respect to enact the changes in practice,
policy and procedure to fulfill the essential functions of the risk management program
B. Visibility
1. Position should be highly visible in the organization; should be structured to enhance
opportunities for interaction with others through service on appropriate committees,
participation in educational activities and access to organization-wide communications
C. Communication
1. A4vise senior management on risk management implications of new business arrangements
D. Coordination
1. Establish both formal arid informal mechanisms for the coordination of the risk management
program with other departments and functions
E. Accountability
1. Written job description outlines key responsibilities; comprehensive program addresses the full
scope of risks relating to patient care, medical staff, employees, property, financial and others
VII. Scope of the risk management program

A. Primary purpose is to protect the healthcare organization's assets against loss and minimize
impact of losses when they do occur
B. Scope of program may include risk financing, claims management and loss control across the
entire enterprise in the following areas:
1. Patient care-related risks
a) Confidentiality and HIPAA
b) Advance directives, DNR and medical power of attorney
c) Abuse and neglect

d) Informed consent and implied consent
e) Discrimination
f) Delay of treatment
g) Missed diagnosis
h) Patient valuables
i) EMTAIA: Appropriate triage, stabilization and transfer of patients
j) Human subjects: Research/experiments and institutional review boards (IRB)
k) Access to care concerns
1) Competence of patient care staff
m) AMA and elopement
n) Security
2. Medical staff-related risks
a) Peer review and quality improyement activities
... .......
b) Confidentiality
c) Credentialing/privileging/disciplinary actions
d) Impairment
e) Billing, business situations and incentives: HHS Office ofinspector General (OIG) fraud
and abuse
f) Gatekeeper obligations under managed care plans
3. Employee-related risks
a) OSHA compliance, hierarchy of controls and record keeping
b) Workers' compensation, TPAs, pre-employment physicals
c) Employment practices
d) EEOC: Discrimination allegations
4. Property-related risks
a) Assets/structures
b) Fire
c) Earthquake
d) Flood
e) Windstorm
f) Boiler and machinery
\',
g) Vehicles i
h) Equipment
i) Records retention, including electronic media
5. Financial-related risks
a) Directors and Officers (D&O)
b) Healthcare providers

c) Errors and omissions
d) Business interruption
e) FTC compliance
f) Ostensible agency, vicarious agency
6. Other risks
a) Mergers and acquisitions
b) Vehicle liability (leased/owned)
c) General liability (slips and falls)
d) Helicopter, airplane or helipad liability
' e) Hazardous materials and environmental risks
f) Biological waste
g) Volunteers and students
h) Contractors
7. Business continuity issues
a) Essential functions
b) Incident command
c) Mitigation
d) Recovery
VIII. Required skills for the successful healthcare risk manager

A. Ability to identify potential sources of loss faced by the healthcare organization
B. Ability to assess potential economic loss that identified exposures may have on the healthcare
organization
C. Ability to apply loss-control techniques to minimize losses to the healthcare organization
D. Ability to identify and apply appropriate risk financing techniques to the organization's
potential losses
E. Ability to implement and monitor risk management policies and procedures
F. Ability to maintain confidentiality
G. Adherence to risk management ethics
H. Adherence to ASHRM's code of conduct
IX. Education and professional recognition

A. Graduate programs in healthcare risk management
B. Continuing education
C. Certification programs
1. CPHRM is the only certification program available specifically for healthcare risk
management professionals
2. Insurance Institute of America offers an Associate in Risk Management (ARM), but it isn't
healthcare specific .

.· ' ... ,,_..,,., .. , - c~·- - ··•. --------·~'-""""•"'-"-"'"·~-
3. Chartered Property and Casualty Underwriter (CPCU) of the Professional Association for
Chartered Property Casualty Underwriters
4. Certified Safety Professional (CSP) granted by examination and the Board of Certified Safety
Professionals
5. Certified Risk Manager (CRM) available by written examination from the National Alliance
for Insurance Education and Research
D. Recognition programs
1. ASHRM Fellow (FASHRM) awarded for outstanding achievement
2. ASHRM Distinguished Fellow (DFASHRM) awarded for superior achievement in the profession
3. Criteria for both include a combination of education, leadership, publication experience and
achievement
X. Areas of ex}>ertise
A Clinical and patient safety
1. Represents the largest functional.lu-ea
2. Encompasses the current state of patient safety and staff awareness with the organization
3. Includes proactive patient safety initiatives
4. Promotes a culture of patient safety through education policy development and
standardization of processes
B. Operations
1. Includes development of an Enterprise Risk Management program for the organization
2. Covers activities associated with managing an Enterprise Risk Management program
3. Encompasses all aspects of risk identification, analysis and risk control
C. Regulatory and accreditation compliance
1. Includes all activities associated with major healthcare regulations
2. Includes all activities associated.with compliance of accreditation standards
3 . Encompasses ethical situations includes end oflife decisions
D. Risk financing
1. Includes all activities associated with financing losses
2. Includes either transferring or retaining the risk
E. Claims management
1. Includes activities associated with managing actual claims, potential claims and/or lawsuits
2. Spans activities from notification, reporting and investigation to resolution \',
I
XI. Risk management operations

A Managing a risk management department
1. Role continues to evolve; critical skills include the ability to communicate well, negotiate
effectively, remain objective and maintain confidentiality
2. Roles and job responsibilities are determined by the characteristics of the organizations in
which they are applied

---
B. Developing a risk management plan and policy statement

1. Major functional areas include clinical and patient safety, claims management, risk financing,
regulatory and accreditation compliance, risk management operations and bioethics
C. Training and supervising.§taff
D. Coordinating the risk management committee activities
E. Developing goals
i
P. Evaluating effectiveness
1. Frequency of evaluation
2. Evaluative metrics
a) Total number of claims
b) Total number of potential compensable events (PCE)
c) Total cost of risks
d) Average defense cost of particular types of claims (i.e., newborn injuries)
XII. Organizational Governance

A Hospital governance sets the organizational policy that supports risk management by approving
and upholding the mission, vision and operating policies of the organization's risk management
operations
B. Legal duties of healthcare trustees
1. Board has the ultimate legal responsibility for all aspects of the entity's activities and services
2. Board assigns to medical staff "reasonable authority" to ensure professional care to patients
3. Board shall require; consider and act upon reports of medical care evaluation, utilization
review and other matters relating to quality of care
4. Board shall: 1) Direct that all reasonable steps be taken by medical staff to meet all legal
st~dards and 2) Take all reasonable steps to comply with all laws and regulations
C. Duty of care
\
1. Duty to act in good faith, as a reasonably prudent person
2. Duty to act in the best interests of the entity
D. Duty of loyalty
1. No competing with the entity
2. No disclosure of confidential information
3. No usurping opportunities for personal financial gain
4. No personal enrichment at the entity's expense
E. Liability of board members
1. Corporate liability of the board
a) Environmental pollution
b) Antitrust/anticompetitive practices
c) Fiscal responsibility (e.g., effective accounting practices)
~ I

d) Insuring/protecting assets
e) Medicare fraud and abuse
f) Appropriate use of executive/ closed meetings
gfProtection of confidential information
h) Content and circulation of minutes
2. Preparedness for disaster/terrorist threat
3. Credemialing, economic credentialing and peer review/disciplinary actions
F. Volunteer Protection Act of 1997
1. Federal law (Public Law 105-19) protects trustees of tax-exempt entities; provides insurance
G. The riskmanager and the board
1. Risk manager supports the board's oversight responsibilities
2. Risk management role in educating the board
a) Offer new-member orientatio.t:t .
r ·•...
b) Periodically present risk management topics to the board
3. Board reporting
a) Enhance the board's understanding of issues
b) Report to the board-or through committee-on significant claims, trends, issues and cost
of risk; Annual report of scope, goals and effectiveness of the risk management program
c) Summarize information in a graphic format that compares data over time
d) Vary content
e) Utilize an executive summary
XIII. Directors and officers liability prevention

A. Determine potential areas of board liability exposure: Discrimination, hazard management,
Sarbanes-Oxley Act (SOX), employment practices and medical staff
B. Assess degree of liability exposure in: Credentialing and privileging (physicians' professional
liability insurance limits and type of policy coverage; objective, non-arbitrary, etc.)
C. Assess D&O coverage limits and whether or not parts A, B and C are appropriate and in place
D. Implement corrective action to minimize liability exposure in high-risk areas or activities: Revise
policies and procedures
E. Exclusions (and segregations) for wrongful acts
XIv. Physician and allied health professionals credentialing

A. Credentialing of providers
1. Federal laws (Medicare Conditions ofParticipation, CoPs)
2. State laws
3. Accreditation standards (TJC, NCQA, etc.)
4. Web-based applications or programs

B. Docuinentation of credentialing criteria
1. Bylaws, rules and regulations
2. Policies, procedures and protocols
; 3. Completion of all requested forms/information, including primary source verification
I
4. Cautions regarding objective review of the standard of care
5. New opportunities to assist facilities in credentialing process are available on Internet (e.g.,
OIG List of Excluded Individuals/Entities at www.hhs.gov/oig)
6. Must be tailored to fit the specific needs of each healthcare organization
7. Strict adherence to a documented credentialing system can protect a facility in credentialing disputes
c, Credentialing of allied health professionals
i. Types include:
a) Physician assistants
b) Nurse practitioners
c) Nurse anesthetists
d) Nurse midwives
e) Other independent licensed professionals defined by facility/state
2. Dependent vs. independent allied health professionals
3. Laws regarding scope of practice under jurisdiction of state law
4. Accreditation standards do not generally address scope of practice issues
5. Identification of clinical services to be provided
6. Develop and enforce a written risk management plan for scope of practice, licensure,
supervision and verification of credentials
D. Potential liabilities related to credentialing
1. Negligent credentialing: Initial application, reappointment and quality of care
a) Doctrine of corpora-lie liability for negligent credentialing, a state law tort theory,
necessitates implementing and maintaining written credentialing policies and procedures
b) Leadership such as the executive committee and the governing body must provide
oversight and input, as well as final approval
2. Economic credentialing: A credentialing, selection or termination action based on economic
considerations
a) Selection due to a physician's effect on the financial success of a facility
b) Termination based on economic reasons such as:
(1) Liability for wrongful de-selection
(2) Inappropriate performance criteria unrelated to clinical competence
3. Corporate liability: Hospital's independent duty to ensure that quality care is rendered at its
facility [Darling v. Charleston Comm. Mem. Hospital, 211 N.E.2d 253 (Ill. 1965)]
4. Breach of patient privacy
a) Disclosure of patient-identifiable information
b) Disclosure of individual providers' quality outcome information
I
I

_-:.J.~;·,:~ ''
c) Facility must implement and maintain written policies and procedures pertaining to
disclosure
d) State law defines specific patient privacy rights
5. Disability issues
a) Americans with Disabilities Act
(1) Section 504 of the Rehabilitation Act prevents physical or mental discrimination by
any healthcare facility that receives federal funding
6. Breach of"duty to warn'' [Reisner v. Regents ofthe University ofCalifornia,31 CaL App. 4th
1195, 37 CaL Rptr. 2d 518(Cal.App.Dist.2 1995)}
7. Information sh~ing
a) Contractual provisions for the confidentiality of information
b) Obtain appropriate releases
c) All final adverse actions are required to be reported in a timely manner to:
(1) National Practitioner Dat~ Bank
(2) Healthcare Integrity and Protection Data Bank
XV. Risk management's role in performance improvement

A Can be used in concert with a risk management program to reduce exposures
B. Comparison of traditional risk management steps to a typical performance improvement model
Risk 1\Luugc:mcllC Pertornunu:: lmpru\cmcnr
1. Identify; analyze exposure to loss 1. Identify a goal

2. Examine the feasibility of alternative 2. Analyze systems and processes
techniques 3. Plan appropriate action and
3. Select the best technique implementation methods
4. Implement the best technique 4. Monitor performance to sustain
5. Monitor and improve the risk management improvement
program
C. Performance improvement and risk management are data-driven activities

D. Performance improvement, patient safety and risk management program data/reports. can be
protected from discovery through: .
1. Statutory protections for quality improvement, risk management and/or peer review
a) Federal focus review may remove the protection
,.,
2. Utilization of a patient safety organization (PSO) \
3. Privilege
E. Performance improvement, patient safety and risk management may employ failure mode,
effect and criticality analysis (FMECA); and root cause analysis (RCA) to describe and quantifY
systemic risks and occurrences
F. Engage the performance improvement process and patient safety initiatives to improve risk
management operations and reduce exposures

--
~I .
1. Obtain and monitor outcomes and core measures data that can be used to evaluate risk exposures
a) Patient complaints and/or patient satisfaction
b) Occurrence report data
c) Potential compensable events
d) Compliance data
e) Outcomes of operative and invasive case review
f) Utilization review
g) Blood and blood product utilization
h) Medication use
i) Infection control
j) Environment of care
k) Human resources
1) Restraints
2. Provide thoughtfully researched (preferably peer reviewed) best practices information for
consideration
3. Support "culture of safety'' that encourages identification of opportunities for improvement
G. Basic principles:
1. Requires senior management support
2. People do not malfunction, processes do
3. Reducing process variation reduces the potential for error and inefficiency
!
4. All processes and outcomes must be measurable

5. Problem solving must include multidisciplinary approaches that empower all employees to
participate in the quality improvement process
H. Benchmarking as a quality improvement and risk management tool
1. A comparative process u..ed by organizations to collect and measure internal or external data
that might be used to develop, implement or sustain process improvement
2. Usually part of a larger effort such as a process re-engineering or quality-improvement initiative
3. Can identify problem areas
a) Because benchmarking can be applied to any business process or function, a range of
research techniques may be required, such as informal conversations with customers,
employees or suppliers; exploratory research techniques such as focus groups; or in-depth
market research, quantitative research, surveys, questionnaires, reengineering analysis,
process mapping, quality-control variance reports or financial ratio analysis
4. To identify organizations that are leaders in these areas
a) Look for the best in any industry and in any country; Consult customers, suppliers,
financial analysts, trade associations and magazines to find companies worthy of study
5. Basic steps of benchmarking
a) Build consensus with persuasive corrununications that emphasize potential benefits for
decision-makers

b) Collect and analyze data
c) Use dearly-defined terms and specify the methods of obtaining, recording and analyzing
the data obtained
(I) Qualitative as well as quantitative analysis may be required ·'
d) Implement and monitor process improvement activities; be prepared to respond to hidden
agendas that become apparent as diverse interests align
6. Potential benchmarking mistakes
a) Confusing benchmarking with participating in a survey
(1) Survey of organizations in a similar industry to yours is not really benchmarking
(2) Such a survey will yield interesting numbers, b~t benchmarking is the process of
· finding out what is behind the numbers (a benchmarking survey may tell you where
.rou rank but will not help improve position)
b) Thinking there are pre-existing benchmarks to be found
(1) Insist on identifying your ..own benchmarking partners and :finding out from them
what is achievable, and th~n whether you can ach~eve a similar level of performance
c) Benchmarking presupposes you are working on an existing process that has been in
operation long enough to have data about effectiveness and resource costs. (commencing a
new process, such as a bariatric surgery program, by collecting other organizations' policies
and taking ideas from them, is research, not benchmarking)
d) Not establishing the baseline
(1) Benchmarking assumes you thoroughly know your own process and its level of
performance
e) Not having a code of ethics with partners
(1) Partners should be clear about what you are seeking to learn from them, how that
information will be treated, who will have access to it and its purpose
(2) Ideally have a formal agreement (benchmarking code of practice offered by the
American Productivity and Quality Center provides a useful model)
XVI. Policies and procedures

A. The proper development and maintenance of policies and procedures is a key risk control activity
B. Used as standards for negligence identification
C. Standards of care
1. National
a) Federal laws and regulations
1'.
b) ACOG, CDC, OSHA TJC, AMA, AHA i
2. State
a) State laws and regulations
3. Local
a) County ordinances
b) Standards of surrounding facilities or practices

4. Facility Level
a) Policies and procedures of the facility
D. General guidelines
1. Must reflect reality
2. Periodic review and update
:1 3. Consistent format
4. Include dates of implementation and all revisions
5. Archive and retain outdated policies
6. Education after implementation and periodically thereafter
XVII. Education
I,
A. An effective risk management program should have a defined education action plan
B. The action plan should address the following areas at orientation and annually
1. Purpose of risk management
2. Components of risk management process
3. Incident reporting process
4. Positive patient relations
5. Applicable federal and state laws
6. Any identified area needing improvement
I ,
C. Education strategies
1. Information
,,
a) Warnings and labels
b) Posters
c) Memos
2. Training and education\
a) Orientation
b) Annual training
3. Policies and procedures
4. Standardization of processes; order sets
5. Designs to prevent errors; mistake proofing
XVIII. Crisis/adverse event management

A. Management steps
1. Avoid the crisis
2. Management preparation
3. Early recognition
4. Containment
5. Resolution
6. Evaluation; learn from the crisis

B. Crisis management team
1. Education and training
2. Coverage 24/7
3. Support and structure
4. Defined and communicated role
C. Crisis management response
1. Response prioritization
a) Patient and family
b) Staff
c) Organization
2. Media.response
a) Set the stage if possible
b) Avoid medical terminology
>
c) Spokesperson is the face of the organization
d) Be prepared; tell them what you can, when you can
e) Take action
f) Fix the problem
XIX. Safety/environment of care program

A. Safety program history and development
1. Safety programs date back to the 1940s with railroads, mining and shipyards
2. Mandated by federal and state laws
3. Required by private accrediting agencies
B. Benefits of a safety program
1. Controls accidents
2. Reduces injuries to staff and patients
C. Factors that determine type of program:
1. Type and size of the organization
2. Mission, size, range of services
3. Number of employees
4. Accreditations
D. Environment of care program (EOC) in healthcare \',
i
1. The environment in which patient care is received and delivered
2. Mission and policy statement
a) Highly visible
b) Overall objective ofEOC standards is to define methods/processes for the identification
and management of the inherent safety risks associated with healthcare operations
c) Overall goal is to provide a safe, functional and effective environment for patients, staff and visitors

3. Environment of care committee
a) Membership should be multi-disciplinary including administrative and front-line staff
b) Subcommittees are the workhorse of the safety committee and based on the Joint
Commission primary functions
4. Safety officer
a) Investigate employee injuries
b) Track and trend data
c) Conduct environmental rounds
d) Provide education
5. Joint Commission primary functions
a) Safety and security management: This section addresses risks in the physical environment,
access to security-sensitive areas, product recalls and smoking. The organization must
assure that the buildings and structures used to provide care are constructed, arranged and
maintained to provide a safe environment of patients, staff and others. The organization
has a responsibility to establish and maintain a secure environment.
b) Fire safety: This section addresses risks from fire, smoke, and other products of
combustion; fire response plans; fire drills; management of fire detection, alarm, and
suppression equipment and systems; and measures to implement during construction or
when the Life Safety Code"' cannot be met. Drills must be conducted at least once per shift
per quarter in all designated healthcare and residential occupancies.
c) Medical equipment: The organization must assure that medical equipment used in patient
care is safe. A qualified individual such as a clinical or biomedical engineer or other qualified
:i, person must monitor, test, calibrate and maintain medical equipment in accordance with
·I
l the manufacturer's recommendations and federal and state laws and regulations
!
I .I d) Hazardous materials and waste management: The organization must manage hazardous
Ill materials and waste in accordance with federal, state, and local law and regulations. Risks
include hazardous c,hemicals, radioactive materials, hazardous energy sources, hazardous
medications, and h::Zardous gases and vapors. The organization must store and dispose
of general waste and medical (bio-hazardous) waste in accordance with federal, state, and
local law and regulation.
e) Utilities management: The organization must assure that essential utilities are provided
and maintained in a safe and effective manner. Essential utility systems include electrical
systems, water and water filtration systems, heating systems, cooling systems, medical gases,
vacuum systems, air handlers, elevators and communication systems.
f) Emergency management and the Life Safety Code"' are now located in separate chapters
XX. Hazard Risks

A. Risks attributable to physical loss of assets or a reduction in their value. This domain
traditionally includes insurable risks related to natural hazards and business interruption.
Specific risks can include those related to:
' I
1. Facility management
2. Plant age
3. Parking (lighting, location, security)

4. Valuable
5. Construction and renovation
6. Weather-related events such as earthquakes, windstorms, tornadoes, floods and fires
B. Life Safety Code® (LSC)
1. Purpose: Compilation of fire safety requirements, established by die National Fire Protection
Association (NFPA) and adopted in part by CMS
2. The organization must meet applicable provisions of the NFPA 101 Edition of the Life
Safety Code. (NFPA 101 is a consensus standard widely adopted in the United States. It
is administered, trademarked, copyrighted, and published by the National Fire Protection
Association and, like many NFPA documents, is systematically revised on a three-year cycle.)
3. Statement of Conditions (SOC) must be completed for all buildings that contain housing
or treatment facilities, with the exception of specified "business occupancies" defined in the
code. Completing a SOC, seen by the TJC as an ongoing activity, is an involved, cumbersome
process that must be overseen by someone with an in-depth understanding of the Life Safety
Code® and the organization's buil,dings. This process is generally a team effort delegated
among the facility's engineers, safety officer, and others. ',
4. Provisions of the Life Safety Code'"
a) Emergency alarm systems
b) Emergency lighting
c) Use of alcohol-based hand cleaners
d) Automatic door-closing devices
e) Exit signs
f) Completion and submission of Basic Building Information (BBI) form that provides
designated patient or resident services
C. Emergency Management
1. The organization must have a plan to address emergencies in accordance with federal, state
and local laws and regulations. Emergency management is the strategic organizational
management processes used to protect critical assets of an organization from hazard. risks
that can cause events like disasters or catastrophes (bomb threats, fires, floods, snow storms,
utilities loss of power, loss of communication system, etc.) and to ensure the continuance of
the organization within their planned lifetime.
2. Four steps:
a) Prevention: Establish excellent internal reporting systems
b) Preparation: Develop an effective, comprehensive emergency response plan
c) Implementation/response: Practice the plan so everyone knows the steps and their roles
d) Recovery: Manage the financial, physical and e1notional challenges expeditiously '\ '.
3. Examples of emergency situations:
a) External
(1) Earthquake
(2) Flood
(3) Weather disasters
hrrf¥,._, ·
(4) Landslides
(5) Infectious diseases
(6) War
(7) Mass transit accidents
(8) Structural collapse
(9) Chemical terrorism
'.\
b) Internal
(1) Biological terrorism
(2) Bomb threats
(3) Fire
(4) Loss of utUities
(5) Loss of medical gases
(6) Communication system failures
4. Planning and preparation
a) Emergency management planning
(1) Hazard and vulnerabUity analysis
(2) Incident command system
(3) Emergency operations center
b) Training
(1) Employee support
' I
I (2) Drills
I I
c) Participate with local emergency planning councils

d) Seek priority from service providers
e) Review insurance cov;erage:
. '·
(1) Property insurance
(2) Business interruption
(3) Directors' and officers' liability
(4) General, professional and auto liabUity
(5) Workers' compensation
(6) Aviation
5. Planning and preparation
a) The Joint Commission requires at least two drills annually
b) At least one drill must involve the influx of real or simulated patients
c) Tabletop drill does not fulfill requirement for a biannual drill
d) Each drill should be evaluated with identified concerns addressed appropriately

XXI. Technology Risks
A. Risks typically associated with the use of machines, hardware, equipment, devices and tools, but
can also include techniques, systems and methods of organization. Specific examples include:
I. Risk management information systems (R:MIS)
2. Electronic health records (EHR) and meaningful use
3. Social networking
4. Cyber liability
B. Technology in healthcare
I. More sophisticated
a) Pro: Technology will be more efficacious and reliable
b) Con: More errors will likely occur with more complicated equipment in technology
inte~sive medical specialties
c) Awareness of interfaces with other technology in the system is important
2. Technology advances ~-
a) Electronic medical record

b) Pharmacy robotics
c) Npumps
d) Bar coding
e) Computerized physician order entry (CPOE)
f) Notebooks
g) Electronic signature
h) Radio frequency identification device (RFID)
i) Robotic arm in OR
j) Computer on wheels
k) Point of care testing
1) Blackberry devices
m) Smart phones
n) Virtual healthcare settings
o) Advanced simulation training
3. Telemedicine: the provision of medical services across distances utilizing the electronic
transmittal of medical information
a) Telemedicine's role in healthcare delivery within in the technology age is critical, bu~ onl¥
one facet of a well-designed healthcare program \ ·
b) Telemedicine!telehealth risks:
(I) Practice standards
(2) Financial compliance
(3) Regulatory implications

I!'[''
I
(4) Lex loci delicti commissi: The state where the injury occurred, or the one with the most
ties to the issues involved, has jurisdiction
(5) Medical malpractice
(6) Data confidentiality _and protection
(7) Technical shortfalls
(8) Cr:edentialing
(9) Licensure
4. Risk manager involvement in technology
a) Role, duty and responsibility
b) Fundamental familiarity with technology.
c) Involvement in negotiations and decision-making
d) Education for board, medical staff, administration and management
XXII. Human capital risks

A. Risks that refer to the organization's most valuable asset, its workforce, which is an explosive area
of exposure in today's tight labor and economic markets. Included are risks associated with:
1. Employee recruitment, selection, retention, termination and turnover (staffing)
2. Absenteeism
3. On-the-job work related injuries (worker's compensation)
4. Work schedules
5. Fatigue
6. Productivity
7. Compensation of members of the medical and allied health staff
B. Employee at-will doctrine
1. Historically, the employer-employee relationship has been "at will"
-..
a) Absent contract, no fixed term of employment; no minimum length of service
b) Termination by employer for no reason, at any time
c) Employee free to quit, without notice, at any time
2. Erosion of the application has resulted from new statutes and case law
C. Common law exceptions to employment at-will: Wrongful termination in violation of public policy
1. Retaliatory termination (e.g., for refusal to commit an illegal act)
2. Termination for a good cause, for "no reason," but not for a "wrong reason"
3. Constructive discharge, based on intolerable work conditions
D. Federal statutes regarding employment
1. Title VII of the Civil Rights Act of 1964
2.ADA
3. Age Discrimination in Employment Act (ADEA)
4. Sections 1981 and 1983 of the Reconstruction Civil Rights Acts

-·~ •.. ·.·.· · .•) ,: ~,_!;·;•;;_: •... --~;,_.'.~· .. - · - - -
FAir:~+·· . ···
~- ~
5. Family and Medical Leave Act of 1993 (FMLA)

6. Equal Pay Act of 1963
7. Military Leave Act (Uniformed Services Employment and Reemployment Rights Act, USERRA)
8.HIPM
9. OIG Corporate Compliance
10. "Whistle bldwers" (qui tam claims; may be sealed pending review by federal agency)
E. Equal Employment Opportunity Commission (EEOC)
1. Federal agency
2. Responsible for receiving and investigating charges of discrimination under Title VII, ADA
andADEA ..
F. Managem~nt of workplace risk

1. Employment handbook
2. Employee review process
3. Sexual harassment policy
4. Quid pro quo abuse of position of authority by supervisors, executives
5. Hostile work environment: Grounds for employee to quit and to claim constructive discharge
6. Protection against violence in the workplace
7. Hiring guidelines
8. Employee privacy
9. Regulations of wages and working hours
10. Drug and alcohol testing
11. Guidelines for personnel records
12. Employee Polygraph Protection Act of 1988
13. Alternative dispute resolution and arbitration for workplace disputes
14. OSHA
15. National Institute for Occupational Safety and Health (NIOSH)
G. Termination guidelines
1. Voluntary termination
2. Involuntary termination
3. Written employment agreements
4. Collectivebargaining agreements
1:..
5. Implied employment agreements
6. Potential discrimination claims
a) Insurance coverage for employment related claims
b) National Labor Relations Act and collective bargaining in the healthcare workplace
HEALTHCARE OPERATIONS Domain '33

~
, I:
H. Staffing issues
1. Workplace staffing challenges are associated with liability exposures
a) Staffing levels
b) Need for specific skill sets: nursing, pharmacists, specialty physicians
2. Shortages are affected by:
• a) Vacancy rates
:\
b) Turnover
c) Availability in the labor market
3. TJC addresses staffing standards
a) Required staffing patterns
b) Staffing indicators
c) Monitoring of staffing
d) Screening indicators
4. Human resources indicators
a) Nursing care per patient day
b) Use of agency/registry staff
c) Overtime rates
d) Sick time
e) Staff injuries
5. Clinical indicators
a) Adverse drug events
b) Patient/family complaints
c} Injury to patient
d) Length of stay
\._
e) Patient falls
6. Risk management role
a) Provide orientation including chain of command, incident reporting, informed consent,
preservation of evidence
b) Reinforce mission statement and patient safety goals
c) Evaluate staffing patterns and levels
d) Review supplemental staffing contracts (hold harmless and indemnification provisions)
XXIII. Absence and productivity management

A. Overview of human capital risk
1. Key component of Enterprise Risk Management
2. Includes six categories
a) Leadership issues
b) Work processes
II 34 ASHRM Preparation Guide for the CPHRM Examination

: i
. ··:•.;f.• .. . ···.· ...........·.. .
c) Employee attraction and selection

d) Absence
e) Employment practices
f) Employment retention
B. The importance of absence
1. Key risk point for healthcare organizations
2. Lack of coordination of managing absence
3. Costs
C. Current trends in absence and productivity management
1. Total health and productivity management and the role of case management
a) Focuses on the impact employee and organizational health have on productivity
b) Goes beyond integrated disability management
c) Specific issues:
(1) Occasional absences
(2) Paid and unpaid leave
(3) Presenteeism: Workers who remain on the job, but are not as productive as usual due
to stress, depression, injury or illness
(4) Salary continuation programs
(5) Wellness programs
(6) Disease management programs
(7) Employee assistance programs
2. Emphasis on work/life balance
D. Overview of absence programs
1. Scheduled and unscheduled absences
2. Incidental absence/sick leave
3. Short-term disability
4. Salary continuation
5. Long-term disability
6. Workers' compensation
8. Paid time off (PTO) program
E. Relationship between absence and productivity
1. Additional staffing
2. Decreased employee morale
3. Poor commitment
4. Increased turnover
F. Productivity challenges in the healthcare industry related to presenteeism

G. Reasons to manage absence
1. Reduced costs·
2. Increased employee satisfaction
3. Improved productivity
4. Improved staff morale
5. Organizational alignment
~\
H. Components of an effective absence management program

1. Return to work programs
2. Medical case management
3.. Absence reporting
4. Absence tracking
5. Disability prevention
a) Disease management
b) Employee health and wellness programs
c) Safety and accident prevention: Root causes of accidents
d) Employee assistance programs (EAP)
6. Management information
a) Integrated absence management information
b) Vendor partnerships
7. Measuring the costs of absence and productivity
a) Direct costs
b) Indirect costs
c) Disability management costs
I. Assessing the risk
\
1. Evaluating the organizational culture and how it affects risk
a) Employee surveys
b) Interviews and focus groups
2. Identifying risk points
3. Evaluating potential impact of the absence ,risks
a) Cost quantification
b) Documentation review
c) Absence cost estimators
d) Absence root cause analyses
e) Claim audits/claims management
f) Pay analyses
g) Absence process reviews
.''I.
.''
'I h) Plan/program funding analyses
i) Absence program benchmarking
----- ..........
4. Internal process review: For claim reporting, medical case management and return to work
5. Vendor process review
6. Building the business case to implement changes to mitigate the risks
a) Speak the organization's financial language
b) Establish the cost baseline
c) Establish implementation costs
d) Develop a savings model
e) Offer solutions
f) Process redesigns
g) Policy redesigns
h) Vendor management strategies
i) Claims management strategies
j) Internal communications
k) Return to work programs
1) Safety and loss prevention strategies
m) Disease management and wellness programs
7. Implementation
a) Organizational support
b) Strategy for success
c) Support of physicians in return to work process
d) Communicate to employees
e) Training
f) Disseminate management reports
g) Measurement
XXIY. Workers' compensation program

A. Overview
1. Provide sure, prompt and reasonable income and medical benefits to work acciden,t victims
2. Provide a single remedy and reduce court delays, costs and workloads arising out of personal
injury litigation
3. Relieve public and private charities of financial drains
4. Eliminate payment of fees to lawyers and witnesses as well as timeconsuming trials and~:app~s
5. Encourage maximum employer interest in safety and rehabilitation through appropriat~ .
experience rating mechanisms
6. Promote frank study of causes of accidents (rather than concealment)
B. State level
1. Compulsory or elective

2. Compensable injuries
a) Arising out of employment (AOE)
b) In the course ·of employment (COE)
3. Covered employees: Know state specific definitions
4. Workers' compensation benefits vary from state to state
a) Medical
b) Disability
(1) Temporary total disability
(2) Permanent total disability
(3) Temporary partial disability
(4) Permanent partial disability
c) Rehabilitation
I: d) Death
'.
C. Risk financing issues

1. Experience rating: A method of adjusting or modifying the employer's premium based upon .
the employer's loss history ·
2. Experience modifier: Employer-specific and measures the employer's loss experience relative
to that of other employers in the same industry, with an experience modifier of 1.0 indicating
the industry average loss experience. A higher-than-average modifier (greater than 1.0)
. ' represents a higher-than-average loss experience and an experience modifier ofless than 1.0
. '
represents a lower-than-average loss experience.
3. Commercial insurance programs
4. Residual market coverage: Market coverage for employers that cannot find coverage in the
commercial market
5. Self-insurance programs, including captives, risk retention groups (RRGs)
6. Large deductible progrhs
D. Contract issues
1. Subrogation: The substitution of one party for ~other whose debt the party pays, entitling
the paying party to rights, remedies, or securities that would otherwise belong to the debtor
2. Independent contractors
E. Risk control and loss prevention
1. Proactive program; not just reactive
2. Accident prevention plans
3. No retaliation for reporting
4. Violators face disciplinary procedures
5. Accountability
6. Accidents, illnesses and near misses are investigated
·. I 7. Feedback on program effectiveness

! .
• ,J,
8. Appropriate equipment
9. Safety orientation and training
F. Loss experience information
1. Revised OSHA record-keeping requirements
2. Claims history
3. Accident/illness report analyses
4. Regular reporting of conclusions to the board of directors
G. OSHA bloodborne pathogen considerations
1. Personnel need to be informed of the ri~ks and be familiar with and follow the OSHA blood-
borne.pathogei:t.s standard
2. Infecti~n can be transmitted from a patient to a staff member or from a staff member to a patient
3. OSHA standard identifies many procedural standards and use of personal protective equipment
H. Federal Needlestick Safety and Prevention Act of 2000
1. Whenever possible, needle-less sjstems should be provich!d
2. Safety needle products should always be used in any procedure where they can be used
without adversely affecting clinical care
3. Must indentify, report and trend accidental needle stick injuries, including those that might
occur in the provision of emergency medical services
I. Pre-placement programs (post offer)
1. Drug screening
2. Physical exams
3. Job analyses
]. Post-employment programs
1. Employee assistance programs
2. Employee safety programs
3. Wellness programs
K Ergonomics
1. Design of work tasks to fit the employee
2. Prevention of cumulative trauma (repetitive motion) disorders
3. Employee focused and management supported
4. Risk management involvement
L. Claims management
1\
1. Proper reserving ··.
\
2. File handling
3. Litigation management
4. Tracking and trending claims data
M. Reporting process
1. Investigate accident
t ~~~~~ft,> HEALTH CARE OPERATIONS Domain 39
~
i'
2. Perform independent medical evaluations

3. Modified duty and return to work
4. Communicate with employee
N. Occupational and environmental risk
1. Risk areas:
1 a) Workers' compensation payments
(\
b) Employment-related litigation
c) Environmental impairment claims
d) Property damage claims
e) Civil penalties
f) Loss of accreditation
g) Potential criminal actions
. 2. Regulatory agencies and focuses
a) Department of Labor: OSHA
b) State plans
(1) 34 states as of2014 https://www.osha.gov/dsgltopics/safetyhealth/states.html
(2) Must be at least as stringent as OSHA regulations
3. OSHA safety standards cover:
a) Asbestos
b) Bloodborne pathogens
c) Cadmium
d) Confined space entry
I
I I e) Ergonomics programs
i I
i ! f) Ethylene oxide
I I \.
I i g) Formaldehyde
h) Glutaraldehyde
i) Hazard communication standard, a.k.a. Employee's "Right-to-Know Rule"
j) Hazardous waste operations and emergency response (HAZWOPER)
k) Hydrogen peroxide
1) Laboratory standard
!
'! m) Lead
n) Lock-out/tag-out standard
o) Mercury
p) Methyl methacrylate
I i
q) Solvents
r) Noise
s) Personal protective equipment
I 40 ASHRM Preparation Guide for the CPHRM Examination
~-.---c.·,
t) Respiratory protection
u) Tuberculosis exposure control (CDC guidelines)
4. Illness exposures not directly addressed by OSHA
a) Electric and magnetic fields
b) Hazardous drugs
c) Indoor air quality
d) Infectious waste handling
e) Laser safety and electrocautery devices
f) Latex sensitivity
g) Molds
h) Video display terminals
i) Waste anesthetic gases
5. Injury exposures not directly add_ressed by OSHA
,
a) Compressed gases
b) Flammable liquid/solvent storage
c) Radiation safety
d) Workplace violence
6. TJC issues
a) Safety management
b) Security
c) Hazardous material management
d) Life safety management
e) Emergency preparedness
f) Bioterrorism
g) Equipment management
h) Utilities management
i) Social environment
7. Environmental issues
a) Resource Conservation and Recovery Act of 1976
b) Comprehensive Environmental Response, Compensation and Liability Act of 1980 (CERCLA)
c) Clean Water Act of 1977
d) Clean Air Act of 1963
e) Toxic Substances Control Act (TSCA) of 1976
f) Underground and aboveground storage tanks
g) Asbestos removal
h) Disposal of hazardous waste
i) On-site medical waste incinerators

il:·:
j) Environmental issues in acquisitions

k) Environmental risk assessments
XXV. Strategic risks

A Risks that impact the growth of an organization. This domain also includes a broad spectrum of
reputational risks centering on performance expectations related to customer and community
\ relations.
B. Included are risks associated with:
1. Brand
2. Reputation
3; Competition
4. Failure to adapt to changing times
5. Healthcare reform
6. Customer priorities
7. Managed care relationships I partnerships
8. Conflict of interest
9. Marketing and sales
10. Media relations
11. Mergers and acquisitions
.12. Divestitures and joint ventures
13. Affiliations and other business arrangements
14. Vendor/third-party services
15. Contract administration
16. Advertising
XXVI. Contracts
A. A contract is an agreement between two or more persons that creates an obligation to do or not
do a particular thing
B. Contract formation: A bargained-for exchange of promises
1. Offer may be oral or written; some contracts (e.g., land sale) must be in writing
2. Acceptance is clear and unequivocal with regard to intent to accept; not a counter-offer
3. Consideration includes financial commitment or change oflegal position
C. Five legal essentials
1. Parties to the contract are competent
2. Contract represents mutual understanding between the parties
3. There is consideration; a bargained-for exchange oflegal value exists between the parties
4. Purpose or object of the contract is legal
42 ASHRM Preparation Guide for the CPHIUvf Examination

5. Contract is documented in writing if required for legal enforcement in the state
D. Parties to the contract
E. Performance expectations
1. Use measurable indicators to quantify and qualify the standards for the goods/services
2. Consider federal and state obligations or guidelines
3. TJC standaras specify patients should receive the same level of performance for contracted
services that affect patient care services
F. Contract terminology: Use of terms should be consistent within the body of the contract
1. Terms and termination: Consider the risks of automatic renewals, termination with or without cause
2. Insura_nce and indemnification: perhaps the most critical provision for risk management review
a) CoD:sider the possible losses that may arise from the contract performance and specify the
various insurance coverages necessary to pay the claims
b) Ensure that indemnifying parts can satisfy the financial obligations arising from the
indemnification/hold harmles~... provision .'-..
3. Amendments
4. Inspection of books and records
5. Choice oflaw: It is common, and preferable, to have a provision specifying which state law
will govern the construction and interpretation of the contract
6. Exhibits, schedules and appendices
7. Assignment: Consideration should be given, on a case-by-case basis, as to whether the
contract performance can be assigned to another party
G. Compliance with laws and regulations: Requirements that contracting parties must comply with
applicable laws and regulations (such as having contracted emergency physicians comply with
EMTALA)
H. Alternative dispute resolution: mediation or arbitration of disputes that arise from the terms
and conditions before legal action for breach of contract can be asserted
I. Contractual risk transfer
1. Transferring or assuming financial risk
2. Indemnification or hold-harmless provisions
a) Assign to one or both parties the legal consequences arising from the contract performance
b) Often each party is responsible for its own actions and the indemnifying party
(indemnitor) reimburses the other for losses incurred on behalf of the indemnitor
J. Liability limitations
1. Waiver of subrogation rights: relinquishes insurer's right to recover from the third party;l(risk,
managers should be alert to terms involving workers' compensation carrier's ability to subrogate
2. Insurance requirements
a) Insurance certificates as evidence of coverage
b) Additional insured endorsements
c) Is self-insurance acceptable?
.
3. Insurer solvency

K. Confidentiality provisions
1. Confidentiality and privacy issues
2. Negligent disclosure
3. Legal counsel for developing sample corifidentiality provisions-
L. Contract file management
1. Reviewing or filing
2. Insurance certificates and endorsements
3. Tickler system should allow sufficient time to review and negotiate new terms/price prior to
the anniversary/ contract effective date
·. 4. Policy and procedure development
a) Who must review?
b) Who may sign contracts?
c) Maintenance of original documents
XXVII. Vendor/1hird-party services

A. Services used to augment services and care
1. Personnel services
2. Companion services
3. Hospice
4. Physical, speech, occupational therapy
5. Physician services.
6. Plumbing, carpentry, roofing, electrical landscaping
II B. O~ganization requirements for vendor/third-party services
1
11,
I'
I
1. Signed contract with proof of current insurance (professional liability, general liability and
,I, workers' compensatiOf) and provisions for confidentiality, indemnification/hold harmless,
: Ill.,
terms and termination; description of services, and roles and responsibilities
II''
/i:;: 2. Credentialing and privileging of healthcare professionals
'I'.
'lii·i.:
I 3. Criminal background history check and motor vehicle records check as appropriate
'
4. Signage, name tags andwritten documentation indicating independent contractor
5. Independent billing provisions
XXVIII. Mergers, acquisitions and divestitures

A. Overview of types of transactions
1. Merger
2. Consolidation
3. Acquisition
4. Strategic alliance
5. Joint venture

·-'-'-----'=--~~~,·-~·-'- __ ·.ic'•,• .-,-.
6. Consortium
7. Divestiture
B. Concept of successor liability
1. Stock acquisition: N"ormally the acquiring -company assumes all legal liabilities
2. Asset purchase: Normally there is no transfer of liability
3. Successor liability: The acquiring company can be held liable for the torts of the target
company's previous owners
C. Elements for risk management review
1. Indemnity and insurance provisions
2. Histo~ic claims data
3. Senior!llanagement concerns
4. Evaluate exposures to loss:
a) Contractual liability
b) Professional liability
c) Directors' and officers' liability
d) Workers' compensation
e) Property exposures
f) Environmental exposures
g) Excess coverage
h) Fiduciary liability
i) Risk financing program
D. Divestitures
1. Analysis of key variable costs
2. Analysis of impact of the divestiture on remaining insurance program
3. Assistance with data collection for the new owners
E. Due diligence process
1. Objectives
a) Reduce the acquisition purchase price
b) Improve post-acquisition earnings and/or cash flow
c) Improve risk management effectiveness throughout the organization
d) Insulate the organization &om unanticipated exposures/costs
2. Key steps
a) Collect the necessary information
b) Analyze the subject organization's exposures to loss
c) Assess its risk financing programs
d) Evaluate its risk management policies and procedures

XXIX. PartD.erships, joint ventures and collaborative relationships
A. Overview of the business relationship
1. Partnership
• -
a) Voluntary contract betWeen two or more competent persons
b) Contract is bilateral or reciprocal
c) Mutual participation in the profits
d) Uniform partnership code
e) Joindy and severally liable
2. Joint venture
a) Legal entity engaged in the joint pursuit of a particular transaction for mutual profit
b) Similar to partnerships with respect to parties' rights and responsibilities
c) Relates to a single transaction of a particular kind
d) Likely to be held joindy and severally liable
e) Does not entail a continuing relationship among the parties
3. Collaborative relationship
a) Parties cooperate in an endeavor related to the needs of one or the other or both
b) Scope is more limited than a joint venture
c) Focus on information, skill services or expertise that is valuable for two or more parties to
reach a goal
B. Evaluating potential business partners
1. Due diligence
a) Evaluate pros and cons of the proposed partner and the business structure
b) Facilitate the identification of concerns or opportunities that need to be addressed prior to
consummating the business relationship
\._
2. Site visits
a) Create a foundation for the integration process
b) Allow those who will be working together to get acquainted
c) Allow representatives of the partners to gain an overview of the strategic, programmatic
and operational plans and programs
3. Areas of focus
a) Compliance
(1) Incorporate a compliance assessment
(2) Required by DHHS Office oflnspector General (OIG), CMS and Department of
Justice (DOJ)
(3) Can be accomplished by legal, financial, compliance or risk
(4) Business arrangements that include significant billing functions should be scrutinized
b) Directors and officers coverage
(1) It is imperative that all partners have coverage for their officers and board members
------~.---;-~.n-:,'
. .:·.· ·... ::...· ._
(2) It may be necessary to increase coverage during business development

(3) Carriers should be put on notice of intent to acquire, merge or form a joint venture or
partnership
(4) In the absence of adequate capacity, organization should consider altering terms of
coverage
(5) Partners with insurance should insist on coverage with terms similar if not identical to
their own coverage
c) Document review
(1) Minutes of the board and board committees, executive committees, finance
committees and other governing bodies
(2) Annual audit letter from the accounting firm
(3) Annual legal audit letter or assessment to determine the status of current litigation,
insured and uninsured
(4) Loss runs and complaint logs
(5) Reports from accreditatioA surveys and licensing bodies
(6) Key contracts (contracted physicians, outsourced services, etc.)
(7) Key policies (EMTAIA compliance, sentinel events, etc.)
d) Environmental assessment: evaluate hazards and insurable exposures
e) Errors and omissions or fraud and abuse
(1) Scrutinize business relationships that include billing
(2) Explore current coverage provisions for fraud and abuse, billing irregularities, and
alternatives for future insurance coverage
f) General liability
(1) Determine a source of coverage
(2) Assess the cost of tail insurance
(3) Compare the scope of tail insurance with current coverage
g) Product liability
(1) Involves the sale of products
(2) Product liability provisions of comprehensive general liability should be ana,lyzed
h) Professional liability
(1) Loss experience should be explored to assess alternative for managing prior liabilities
(2) Identify if reserves are adequate for past liabilities
(a) Property coverage
i
(3) Assess the likely extent of revenue and income loss if damage is caused by fire or
extended perils
(4) Assess the new location for the potential of catastrophic loss
(5) Explore pricing for a freestanding policy should be explored
j) Workers' compensation
(1) Identify if reserves are adequate if partners are self-funded
.HEALTH CARE OPERATIONS Domain 47

(2) Document excess insurance and third party claims administration agreements
(3) Evaluate the run-off provisions of the insurance contract or self-insurance mechanism
k) Report out: Meeting where all disciplines involved share findings
C. Developing the business structure
1. Proposed antitrust guidelines for collaborations among competitors
a) Federal Trade Comniission and DOJ guidelines
b) Competitor collaboration: set of one or more agreements between or among competitors
to engage in economic activity and the resulting economic activity
c) Collaborative agreements are subject to two types of analysis
(1) Proposed analysis is applied to agreements that are likely to harm competition and
have no signi£.cant competitive benefit
(2) Rule of reason seeks to determine the overall competitive effect of the agreement
2. Insurance coverage
a) Preservation of tax-exempt status
b) Operations closely controlled by the parent
c) Are the new operations closely linked or interconnected to those of the parent?
d) Will a litigation buyout for certain claims or loss portfolio transfer on group claims be
necessary?
e) Breadth of available coverage &om insurance must be evaluated
3. Contracting
a) Develop strong relationships with those who will be developing and finalizing the
documents for the new business
b) Identify potential risks being assumed
D. Managing day-to-day operations
1. Requires risk managem~nt support
'
2. Safety protocols should be expanded
3. Management of exposures
XXX. Advertising liability

A. Trademark and copyright protection: advertisements should be copyrighted
B. Regulatory implications ofhealthcare advertising practices
1. FTC may take action whenever there is false advertising
2. False advertising might be proven if there is no competent and reliable scientific evidence to
support the claims made
3. Contract and estoppel claims
a) Contract claim arises when one of the parties does not fulfill its part of the agreement
b) Estoppel applies when there would usually not be a contract between two parties, yet one
party relies on information supplied by the other party to determine what each party should
do or not do
- ... '.:. ·- ~-~--_,· .....

C. Liability
1. Quality of care
2. Vicarious liability
3. Ostensible agency
4. Are promises concerning quality "put on paper"?
D. Managing advertising liability exposures
1. Know the standards related to healthcare advertising
2. Know the organization's marketing philosophy
3. Partner with th~ marketing director
4. Review proposed advertising initiatives
5. Avoid $tatements about success rates or outcomes
6. Avoid creating ostensible/apparent agency relationships
7. Avoid vicarious li~bility
8. Avoid representations about high quality
9. Meet the organization's corporate integrity standards
10. Have adequate advertising insurance coverage

REVIEW· QUESTIONS
Mark your answe~:s and then compare them with the answers explained below.
1. The ultimate goal of Enterprise Risk Management is to:
A. Map all risks that the organization faces
B. Develop highly-specialized functional silos to manage specific risks
C. Optimize risk financing and mitigation strategies
1
b. Identify and measure all risks faced by the organization

Amwer: C
Answer B is wrong as it is the opposite ofthe ERM goal to eliminate traditional risk silos.
, Amwer A sounds good, but risk mapping is only one ofseveral tools used in ERM.
D sounds attractive, but amwer C mentions risk financing, which makes it the best amwer.
2. For a risk management program to be effective, it needs which of the following?

1. Organizational commitment
2. Visibility and access
3. Physician acceptance or understanding
4. Complete authority
A. 1 and 2 only
B. 1, 2 and 3 only
C. 2, 3 and 4 only
D. All of the above
Amwer:B
Complete authority is not a necessary element ofa risk management program, so neither C norD can be
the right answer. Physician acceptance is a necessary element so B must be the right amwer.
3. A growing healthcare orgat\ization had a risk manager who did not have any staff and
reported to the director of n~sing, who reported to the chief operating officer. The risk
manager presented information to the employees, and the information was filtered upward
through senior management. The risk manager knew changes needed to be made due to the
growth of the organization. One additional staff member was added, and a personal computer
was purchased for the department. Although this scenario represents some changes designed
to address.the issues related to growth, the major flaw in this organization was:
A. There was no direct involvement of the board in the risk management program
B. Not enough employees were added to the risk management department
C. Not enough computers were added to the risk management department
D. The computer should have included incident tracking software
Answer: A
The correct answer can only be inferredfrom the information given. It is not possible to telL The number of
FTEs or the number ofcomputers is correct for the organization or not because no information about the
size or complexity ofthe organization is given. D is a possibility, but the fact that the risk manager presents
information that is then "filtered upward" is a clue that answer A is correct.

4. The risk management professional mU$t work closely with the media for which of the
following reasons?
1. To protect a celebrity's identity
2. To protect divulging the truth
3. To protect the confidentiality of a situation
4. To protect the identity of a patieqt in protective custody
A. 1, 2 and 3 only
. B. 2, 3 and 4 only
C. 1, 2 and 4 only
D. 1, 3 and 4 only
Answer: D
Options 1, 3 and 4 all soundfeasible but option 2 is clearly not right.
Answer D is correct as it includes all the right answers and leaves 2 out.
5. To have a successful quality improvement process, a risk management program must have
which of the following?
1. An autocratic management style
2. Interactive multidisciplinary teams
3. A mindset that most problems are caused by processes
4. Full support of senior management
A. 1, 2 and 3 only
B. 2, 3 and 4 only
C. 1, 2 and 4 only
D. 1, 3 and 4 only
Answer: B
Certainly option 1, an autocratic management style, is not right.
Answers A, C and D all contain option 1 so only answer B can be right.
6. Ultimately, the accountability for the risk management program belongs to the:
A. Risk manager
B. Chief executive officer
C. Corporate attorney
D. Board 1:·,
Answer: D
The board (or governing body) has ultimate accountability for both risk management and the quality ofcar(.
The others ~ through C) all report to someone else, and although they may be held responsible in some wa}
the ultimate responsibility and accountability rests with the board

7. When a FDA inspector comes to a facility, the risk manager should:
1. Accompany the inspector
2. Not keep a log of the visit
3. Tell no one the inspector is in the facility
4. Ask to see the inspector's credentials
I
., A. 1 and 4 only
B. 2 and 3 only
C. 1, 3 and 4 only
P. All of the above
Answer: A
. No correct answer could contain options 2 or 3 as they are wrong. A log ofthe visit by the FDA should be
kept, and senior management should be notified that an FDA inspector is in the facility. All the answers
conta,in options 2 and 3 except A; it is the right answer.
8. Generally, an "incident" is defined as:

1. Any happening which is not consistent with the routine delivery of care or operation of the
organization
2. Any adverse event
3. Any adverse event that results in injury to a person
4. Any happening that produces an undesired effect
Answer: A
Adverse event, undesired effect or injury is not required for an incident to occur.
9. It is important to protect the discoverability of incident reports. Which of the following have
significant impact on whether the reports are discoverable?
1. Joint Commission/TJC stkdards
2. State statutes
3. Federal statutes
4. Case law
A. 2 and 3 only
B. 2 and 4 only
C. 2, 3 and 4 only
D. All of the above
Answer: C
In order to protect the confidentiality ofthe incident report, several approaches can be taken: provide
protection under state/federal statues regarding quality assurance and/or peer review activities, or provide
protection under the attorney/client privilege, also referred to as work product protection. Local and state
case law also affects discoverability ofincident reports. T]C standards would not have impact on whether
incident reports are discoverable.

--:::~ ' :,-.
10. To maintain confidentia.Uty of an incjdent report:

1. Send the incident report directly to risk management
2. Never make the incident report part of the medical record
3. Never mention the facts of the incident in the medical record
4. Maintain th~ original in the risk manage~ent office and a copy in the originating department
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: A
To maintain corzfidentiality, the original report should be sent to the risk manager immediately upon
completion. Copies should never be made, and the report must never be made part ofthe medical record.
The facts ofthe incident should be included in the medical record.
11. If a practitioner requests a telemedicine consult with another practitioner in a different state,
the consultant:
A. Must possess a valid medical license from his own state since reciprocity is granted in all states
B. Must possess a valid medical license from the requesting physician's state since reciprocity is not
granted in all states
C. May need to possess a valid medical license from the requesting physician's state since reciprocity
varies from state to state
D. Must obtain a temporary license from the requesting physician's state
Answer: C
Reciprocity requires the authorities ofeach state to negotiate and enter agreements to recognize ltcenses
issued by the other state without a forther review ofindividual credentials.
12. Which of the following are risk treatment strategies?

1. Risk anticipation
2. Risk avoidance
3. Risk retention
4. Risk transfer
A. 2 and 3 only
B. 1 and 4 only
C. 1, 3 and 4 only
D. 2, 3 and 4 only
Answer: D
Risk management treatments refer to the range ofchoices available to the risk manager in handling a given risk. There
are two major categories that include risk control and risk finance. Risk control strategies include risk avoidance,
loss prevention, loss reduction, segregation ofloss exposures and contractual transferfor risk control Risk financing •
strategies include risk retention and risk transfer. Risk anticipation is not a risk management treatment strategy.

' !'
13. A risk m~ager should review which of the following information when considering the
effectiveness of an organization's workers' compensation program?
1. Workers' compensation claims history
2. OSHA 300 log
3. Listing of all employees and volunteers
\4. Directors and officers of the organization
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: A
Workers' compensation claims history and the OSHA 300 (injury log) specify the frequency, severity, and
amo~nt ofinjuries an organization sustains, and the claims history identifies the resultant losses due to
injuries. This data would provide quantifiable information to assess program effectiveness.
14. H there is no OSHA standard for a given potential health hazard:

A. OSHA has no authority to govern it
B. OSHA may have the authority to govern it under the general duty clause
C. OSHA does not have authority to govern it, but NIOSHmay
D. It is probably not a health concern
Answer: B
OSHA has the authority under the general duty clause to require an employer to furnish each employee
employment and a place ofemployment that is free from recognized hazards that causes or could cause death
or serious.physicalharm to employees.
15. Protecting outdoor air intakes can mitigate the risk of terrorists introducing airborne agents
into a facility. Steps to accomplish this include:
1. Relocate intakes to a rooftop or higher up on the building
2. Establish a security zone around the intakes
3. Add lighting and surveillance cameras to monitor the intakes
4. Implement negative ventilation throughout the building
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: C
Applying negative ventilation will not deter a terrorist attack via airborne agents. The agent could be
introduced within the facility and negative pressure would move the agent through the facility before
expelling it and thus exposing the general population to the airborne agent. Protecting the outdoor
air intakes where airborne agents can be introduced into your facility is accomplished by relocating

them, redesigning them to minimize public accessibility (the higher on the building the better), and/or
establishing a security zone around the intakes.
When accompanied by appropriate security surveillance (additional security lighting, surveillance camera
and security patrols), harmful activity is deterred or detected earlie~ to minimize resulting ~arm.
16. An original contract should include which of the following elements?

1. The effective date
2. The amendments
3. The insurance requirements
4. The contract terms
A. 1 and -2 only
B. 1 and 4 only
C. 1, 2 and 3 only
D. 1, 3 and 4 only
Answer: D
A contract is an agreement, involving an offer (terms), the acceptance ofthe f!§er and an exchange of
consideration. There may or may not be amendments to the agreement {contract).
17. Which of the following clauses is "the voluntary relinquishment by the insurer or self-
insurer of the right to recover from a third party''?
A. Hold harmless clause
B. Indemnification clause
C. Waiver of subrogation rights clause
D. Contractual risk clause
Answer: C
A waiver ofsubrogation rights relinquishes the insurer's right to recover from .a third party.
18. Which of the following is necessary for a contract to exist?

1. The contract represents a "meeting of the minds"
2. There is a consideration of "this for that"
3. The purpose of the contract is a legal one
4. The contract is documented in writing
A. 1 and 2 only
B. 1, 2 and 3 only
C. 1, 3 and 4 only
D. All of the above
Answer: B
A contract is an agreement either written or oral, involving an offer, the acceptance ofthe offer and an
exchange consideration. The agreement must be legal in order to be enforceable.

19. A health maintenance organization (HMO) advertises itself as the best in the industry and
that its physicians can manage any illness or injury. If a patient uses the HMO based on
these claims and is subsequendy injured, the patient might sue the HMO. Which of the
following might be appropriate grounds for such a suit?
1. Breach of contract
2. Vicarious liability
\ 3. Apparent agency
:\
4. Medical malpractice
A. 1 and 2 only
.B. 1 and 3 only
C. 2 and 3 only
D. All of the above
Answer: D
Generally a patient's freedom to choose a physician is limited by the HMO. Patients who are injured by an
HMO physician may argue that they would never have been subjected to the injury (medical malpractice}
ifthe HMO had more carefully screened its providers. In this case, the HMO specifically advertised the
exceptional quality ofits physicians.
The courts often look at advertising materials that imply that, in spite ofthe independent contractor status of
the physician, the physician was held out or represented as an employee. Such an advertisement could lead a
"reasonable" patient to believe the physician was an agent ofthe HMO and to rely upon this representation
when choosing a physician, thereby creating an ostensible or apparent agency relationship.
A breach ofcontract occurs when the HMO guaranteed or promised that its physicians could manage any
illness or injury. When the promised result does not occur, the patient has grounds to assert a breach ofcontract.
20. The due diligence process is a complicated, multi-faceted process undertaken when acquisitions
are being considered. Which of the following are objectives of the due diligence process?
1. Reduce the purchase price
2. Improve post-acquisition (\~nings
3. Increase the "bank bdok'' value of the company
4. Insulate the organization from unanticipated costs
A. 1 and 2 only
B. 2 and 4 only
C. 1, 2 and 4 only
D. 2, 3 and 4 only
Answer: C
Due diligence is undertaken by the acquiring organization in order to completely assess the risks and
strengths ofthe company to be acquired. The final offer should be based on findings ofthe due diligence
findings. Increasing the book value ofthe company would in all probability increase the askingprice and
would not be a goal ofthe acquiring company.

21. During disasters, either external or internal, staff must not only take care of patients but also
worry about· requests from the media. In order to minimize risks associated with such events;
a complete policy for media contact should include which of the following?
1. Contact the corpor~te attorney
2. Designate a spokesperson
3. Obtain consents from those who are to be photographed or interviewed
4. Provide guidelines about r~lease of information to the media
A. 2, 3 and 4 only
B. l, 2 and 3 only
C. 1, 3 ~d 4 only
D. 1, 2 ~d4 only
Answer: A
There is no needfor the corporate contact person to be an attorney; generally the healthcare spokesperson is
from the public relations or communication? departments. There shquld be a designated spokesperson that
is familiar with the guidelines regarding what information may be ;eleased to the media and has worked
with facility leadership to develop a media disclosure plan.
Having one spokesperson develop a relationship with media contacts can create an effective rapport between
the healthcare facility and the media and supports a professional and consistent message to the public.
Notes
I\
i

Notes
I
I,

:.:_·-~'····~· '
CLINICAL/PATIENT S~ETY
Domain
\:
\
ASHRMPreparation Guide for the CPHRM Examination 59

ClinicaUPatient Safety Domain
After learning the content in this section, you should be prepared to:
1. Identify the clinical areas that provide the greatest risk exposures in healthcare
\ 2~ Discuss the importance of having a patient safety infrastructure to support a patient safety program
',\
3. Explain the Just Culture concept and its impact on reporting patient safety events
4. Describe the components of a high reliability organization
5. Summarize the concepts behind the study of human factors engineering
6. Scire the healthcare entities subject to the national patient safety goals
7. Identify the primary organizations that influence patient safety initiatives in healthcare
8. Discuss the value of patient and family participation in patient safety
9. Summarize the components of a successful disclosure
10. Summarize the concepts of the "Second Victim Phenomenon"
11. Describe steps to implement programs to support healthcare workers involved in serious harm events
KEY TERMS
Important terms and definitions relevant to this domain
Accountable Care Organizations (ACOs) - Groups of doctors, hospitals, and other healthcare
providers, who come together voluntarily to give coordinated high quality care to their Medicare
patients. The goal of coordinated care is to ensure that patients, especially the chronic3.lly ill, get the right
care at the right time, while avoiding unnecessary duplication of services and preventfug medical errors.
Adverse .event- Negative or bad result stemming from a diagnostic test, medical treatment or surgical
intervention; an injury resulting from a medical intervention.
Critical incident stress debriefing- A facilitator-led group process conducted soon after a traumatic
event with individuals considered to be under stress from trauma exposure.
Source: https:/ /www.osha.gov/SLTC/ emergencypreparedness/guides/ critical.html
Data mining- A process that provides the methodology and technology to transform data into
useful information for decision making.
Disclosure- Communication of information regarding results of a diagnostic test, medical treatment
or surgical intervention.
Failure mode effects analysis or criticality analysis (FMEA o.t FMECA) -A proactive, systematic
measures to either prevent or control such failures. If a criticality phase is used in this process, the
perceived level of criticality of each type of potential failure is identified, to aid in setting priorities for
establishing control mechanisms.
Heuristic- Refers to experience-based techniques for problem-solving, learning and discovery that
find a solution which is not guaranteed to be optimal, but good enough for a given set of goals.
Where the exhaustive search is impractical, heuristic methods are used to speed up the process of
finding a satisfactory solution via mental shortcuts to ease the cognitive load of making a decision.
Examples of this method include using "rule of thumb" or "educated guess."
····.·~.·:·.· .·-
•- ,.-~ .· ,+,o. L
Hospital acquired conditions (HAC) -Section 5001 (c) of Deficit Reduction Act of 2005 requires
the Secretary of Health and Human Services to identify conditions that are: (a) high cost or
high volume or both, (b) result in the assignment of a case to a DRG that has a higher payment
when present as a secondary diagnosis, and (c) could reasonably have been prevented through the
application of evidence-based guidelines.
High-reliability organizations- Organizations with systems in place that are exceptionally
consistent in accomplishing their goals and avoiding potentially. catastrophic errors.
Human factors- The interrelationship between humans, the tools they use and the environment in
which they work.
a particular patient. Ex;unples: A union strike, a criminal act such as a homicide, or a physical disaster
Latent error --::Errors in the design, organization, training or maintenance that lead to operator errors
and whose effects typically lie dormant in the system for lengthy periods of time.
Organizational culture- Set of values, guiding beliefs or ways of thinking shared among members of
an organization. \
Ostensible agency doctrine - The doctrine of ostensible agency, sometimes referred to as apparent agency,
permits a finding of liability on an organization where there is the appearance of an employment relationship
with an independent contractor. For example, in the absence of employer-employee relationship, a managed
care organization (MCO) may still be held vicariously liable for the aets of provider physicians if the
patient had a reasonable belief that the physician was the MCO's agent and that this belief was based upon
representations made by the MCO to that effect. The burden is on the plaintiff to prove that he or she
Patient Safety Organization (PSO) -The Patient Safety Act and the Patient Safety Rule authorize
the creation of PSOs to improve quality and safety through the collection and analysis of aggregated,
confidential/}ata on patient safety events. This process enables PSOs to more quickly identify
patterns of failures and develop strategies to eliminate patient safety risks and hazards. The Act
extends confidentiality and privilege protections to eligible information developed by providers for
reporting to a PSO (but not to information developed for other purposes), deliberations and analyses
conducted by either a PSO or a provider in its respective patient safety evaluation system (PSES) and
information developed by a PSO for the conduct of patient safety activities.
Root cause analysis- Multi-disciplinary study or analysis that uses a detailed, structured process
to examine factors contributing to a specific outcome (e.g. an adverse event). Also, a process
for identifying the basic or causal factors that underlies variation in performance, including the
occurrence or possible occurrence of a sentinel event.
Restraint- Any manual method, physical or mechanical· device, material, or equipment th~t
immobilizes or reduces the ability of a patient to move his or her arms, legs, body, or head freely;
or a drug or medication when it is used as a restriction to manage the patient's behavior or restrict
freedom of movement and is not a standard treatment or dosage for the patient's condition. A~,
restraint does not include devices that involve the physical holding of a patient for the purpose of
conducting routine physical examinations or tests, or to protect the patient from falling out of bed, or
to permit the patient to participate in activities without the risk of physical harm. Source: CMS-42.
CPR (Code ofFederal Regulations) 482.13(e)
Safety culture- Culture of safety emphasizes blameless reporting, successful systems, knowledge,
respect, confidentiality and trust; a culture that looks at the system, the environment, the knowledge,
the workflow, the tools and other stressors that may affect provider behavior.
CLINICAL/PATIENT SAFETY Domain 61

I.
I
I
Seclusion- lrivoluntary confinement of a patient alone in a room or area from which the patient
is physically prevented from leaving. Seclusion may only be used for the management of violent or
self-destructive behavior. If a patient is free to leave a time out area whenever the patient chooses, this
would not be considered seclusion based on this definition.
~Sentinel event- Any unexpected occurrence involving death or serious physical or psychological
injury, or the risk thereo£
.Telcrmedicine/tele-health -The use of telecommunications to provide medical informadon and
'services. Also, the provision of health care consultation and education using telecommunications
interactive video technology (American Medical Association's Council on Medical Education and
Medical Services). The use of electronic information and communications technologies to provide
and support healthcare when distance separates the participants (Institute of Medicine).
The JoiD.t Commission (TJC)- Voluntary nonprofit accreditation body that sets standards
for healthcare organizations and conducts education programs and a survey process to assess
organizational compliance.
OUTLINE
I. Looking for Risks in All the Right Places - High Risk Areas
A. Obstetrics
1. Common risks and areas of concern
a) Failure to identify fetal status
b) Failure to timely perform a cesarean section
c) Administration of.oxytocin
d) VBAC (vaginal birth after cesarean)
e) Uterine rupture
f) Massive transfusion protocols
i
'',, 2. Typically the area ofhigh~t severity losses that warrants risk management attention and
resources
3. For more than 25 years, obstetrics has been one of the leaders in severity of professional
liability claims
4. American College of Obstetricians and Gynecologists (ACOG), Association ofWomen's
Health, Obstetric and Neonatal Nurses (AWHONN and American Academy of Pediatrics
(AAP) (provide authoritative guidelines for safe practice)
5. Documented evidence of training and ongoing competency with fetal monitoring strip
interpretation and unit policies/protocols are essential
6. Claims data .findings
a) Primary clinical issues in obstetrics claims are a neurologically impaired baby, stillbirth
and/ or neonatal death, and shoulder dystocia-related injuries.
b) Hospital-based treatment such as fetal monitoring and oxytocin administration are
significant factors in these types of claims

.. -.·.-,_.:__~·~
7. Mean length of time from filing of an obstetrics claim involving neonatal harm to resolution
is four to seven years; some cases may take longer .
8. Key components of safety initiatives on obstetrical units
a) Measuring the safety culture on each labor and delivery unit
b) Changing the culture to be more patient safety-oriented
c) Implementing team training programs
d) Standardizing key clinical protocols and physician orders based on professional standards,
guidelines and latest evidence
e) Promoting a common understanding of fetal monitoring and expectations for interventions
when the fet:ll heart rate (FHR) patterns are non-reassuring through interdisciplinary
edu~tion and certification
f) Esta.plishing professional standards for accountability and appropriate follow-up

B. Emergency Department
1. Common risks
a) Medical evaluation and transfe'rs
b) Errors in diagnosis
c) Communication issues
d) Ostensible agency
e) Workplace violence
f) Weapons and contraband
2. Compliance with provisions of Emergency Medical Treatment and Labor Act (EMTALA) for
medical screening examinations, logs, patient transfers, etc.
3. Some of the most common high-dollar failure to diagnosis cases involve myocardial
infarction, chest pain, appendicitis, abdominal conditions or meningitis
4. Communication issues are frequently seen in ED claims as either a central claim or as a
. contributing factor
5. Patient/provider communications related to obtaining adequate medical history and
providing understandable discharge instructions are key areas of exposure
6. Ostensible agency (shifting responsibility for independently contracted providers care to the
organization) is a concern in the ED setting
7. ED is an environment of controlled chaos and rapid decision-making susceptible td.error .
a) Adverse events that lead to malpractice claims occur sporadically, often without pattern in
individual institutions, but aggregate national data are available and instructive
b) While true emergency conditions are limited in number, to prevent poor outcomes ~d
later litigation, it is imperative for ED physicians to approach all patients as though t;hey'
possess an emergent condition
C. Surgical Services
1. Common risks
a) Retained procedural item
~
b) Misidentification of the patient or the operative site
c) Inadequate preoperative evaluation
-~:~:~~-
• • •c CLINICAL/PATIENT SAFETY Domain 63

1,1,
.,. I
I
2. Standard of care guided by the American College of Surgeons (ACS) and the Association of
Perioperative Registered Nurses (AORN)
3. Informed consent doctrines
. 4. Safe Medical Devices Act of 1990 applies to many practices in the operating room, such as
implanted devices
5. Physical infrastructure
I
~~ a) Dedicated elevators
b) Dedicated power sources
c) Dedicated gas and vacuum sources
d) Dedicated air Bow system
e) Fire management
6. Techniques to promote accurate site identification to avoid wrong-site surgery emphasized by
The Joint Commission (TJC), World Health Organization (WHO) and Institute of Medicine
. (IOM)
7. Infection controi practices are a significant patient safety issue affecting operating rooms directly
a) Infection c<;>ntrol risk assessment (ICRA)
b) Sterile processing
c) Safety walk-throughs
d) Sterile technique
e) Needle stick/sharp-related injuries
8. Legal theory of res ipsa loquitur ("the thing speaks for itself") is often evident in lawsuits
stemming from retained instrument/sponges
9. Adequate preoperative evaluation
a). Physicians and nursing staff must be clear about what constitutes timely and adequate
preoperative history and physical
b) Pre-operative checks \
c) Patient participation
d) Verification checklist
e) Time out
10. External disaster plan
11. Security
a) Traffic control in the OR is important for patient safety
b) An identification process should be in place that prevents unauthorized access to restricted areas
c) Exterior doors should be secured and video surveillance should be used in appropriate areas
12. Reduction of staff-related risk
a) Staff privileges/job descriptions should reflect current technology
b) Contract personnel

c) Communication
d) Vendor-employed equipment representatives
13. Other factors that contribute to surgical errors
a) Unusual equipment or set-up in the surgical suite
b) Staffing problems
c) Distractions
d) Lack of access to pertinent information
e) Failure to require adherence to verification processes
f) Failure to verify and mark the operative site
g) Failure to require a patient assessment
h) Human factors, such as communication breakdowns, novice providers and lack of teamwork
14. Outpatient surgery
a) Common risks
(1) Anesthesia
(2) Failure to properly intubate the patient
(3) Moderate sedation
(4) Patient care responsibilities
(5) Appropriate case selection for outpatient surgery
b) Procedures performed must not exceed the scope of what can be provided or supported in
the outpatient setting (Accreditation Association for Ambulatory Health Care- AAAHC)
D. Anesthesia
1. American Society of Anesthesiologists (ASA) and the American Association of Nurse
Anesthetists (AANA) prescribe standards of care
2. Biomedical preventive maintenance agreements for anesthesia equipment should be current
and readily available .
3. Failure to properly intubate the patient
a) Provider experience
b) Ongoing competency
c). Credentialing
4. Moderate sedation
a) Privileges should be developed and practitioners should be educated on patient selection
criteria, pharmaceutical issues, proper monitoring, necessary equipment, oximetry :
1
monitoring and crash carts ·
5. Patient care responsibilities
a) State laws governing supervision of certified registered nurse anesthetists (CRNAs)
b) Documented equipment checklist for every anesthesia case
c) Use of and response to alarms
--,_,_
·~~2~;(
; if#}, CLINICAL/PATIENT SAFETY Domain 65
•
c,;c(i~;~' .
.
'
E. Intensive Care Units
1. Common risks
a) Medication administration
b) Use of monitoring alarms
c) Medical management with multiple providers
d) Electronic intensive care unit (eiCU)
2. Medication misadrninistration
a) Volume of medications ordered
. b) Computerized physician order entry
·c) Limitations on accepting verbal orders
d) High-alert medications
e) Dosage miscalculations
f) Dispensing machine errors
g) Process work-arounds
3. Use of monitoring alarms
a) Proper parameters
b) Effectiveness
4. Medical management involving multiple providers
a) Use of intensivistsltele-intensivists
b) Chain of command
c) Clear communication protocols
5. ICUs are error-prone
a) Complexity of the environment
b) Presence of multiple,.:aregivers
c) High number of interactions among caregivers
d) Technology overload
6. High stress, high complexity and staff diversity ofiCU environments can cause distractions,
miscommunications and fatigue leading to mistakes, errors and adverse events
· 7. Human factor errors
a) Skill-based errors include slips and lapses
b) Rule-based errors are actions that match intentions but do not achieve their intended
outcome due to incorrect application of a rule or inadequacy of the plan
c) Knowledge-based errors are due to knowledge deficits
8. Common ICU adverse events
a) Medication and/ or intravenous (IV) errors
b) Events during transport outside the ICU or transfer of care (handoffs)
c) Injuries associated with airways and/or ventilator use

d) Central catheter-related complications
e) Infections (e.g., catheter-related blood stream infections (BSI), ventilator-associated
pneumonias (VAP))
f) Failures to rescue/intervene in a timely/appropriate manner to worsening condition
9. Telemedicine
a) Electronic ICU (eiCU): centralized intensivist monitoring critically ill patients in multiple
ICUs or off-site ICUs
F. Pediatrics
1. Common risks
a) Appropriate services and equipment
b) Skill of clinicians
c) Child abuse
d) Patient safety
e) Abduction
2. American Academy of Pediatrics (AAP) provides guidelines for safe practice
3. Pediatric patients are one of the most vulnerable populations cared for by health care
professionals
4. Age-specific competencies of providers are required byTJC, other state and federal agencies,
and non-regulatory associations
5. Facilities find it necessary to transfer pediatric patients to referral centers when they do not
have necessary supplies, equipment or skilled practitioners to care for the patient
6. Child abuse and neglect reporting vary by state; laws have been enacted in every state
and statutes exist in many states with specific reporting requirements comprising sexual,
physical and emotional abuse (healthcare providers are mandatory reporters of child abuse or
suspected child abuse)
7. Patient safety programs focus on techniques to reduce medication errors
a) Dosage calculation
b) Patient weight and body surface area
c) Patient age
d) Allergies
e) Drug interactions
f) Medication dilution/strength
8. Infant/child abduction and patient elopement :
- .
1
\
a) Abductors more likely to be non-custodial parents or other family members known to the
staff, rather than a stranger
b) Risk managers must work with safety and security; as well as clinical staff, to determine
vulnerabilities and what can be done to minimize or alleviate them
c) Basic issues that should be examined are
(1) Access to and from the facility

(2) Methods to control and secure entrances such as proximity card readers
(3) Video surveillance
(4) Staff and parent/visitor identification
(5) Patient identification band produ~s that alert staff if the patient leaves a designated area
(6) Specific infant/ child abduction policy and procedure that is routinely practiced and
includes follow-up on identified gaps .
~\
G. Behavioral Health and Psychiatry

1. Competence and informed consent (right of refusal)
2. Suicide and homicide prevention
3. Outpatient psychiatric environment
4. Freedom from unreasonable restraint/seclusion
a) Physical restraints
. b) Chemical restraints
c) Addressed in the CMS Conditions of Participation (CoPs)
5. Psychopharmacology
6. Polypharmacy
7. Electroconvulsive therapy (ECT)
a) Informed consent
b) Clinical assessment
c) Health history and medical clearance
d) Intraprocedure and post-procedure monitoring criteria
e) Management of medical emergencies
f) Documentation
8. Environmental risks
\ ..
a) Clinical monitoring protocols that address the duty to warn
I' ' '
!' '
b) Contraband controls
c) Physical plant controls
d) Visitor controls
9. Elopement prevention
10. Confidentiality of sensitive information
11. Access to behavioral health records
12. Addiction/substance abuse therapies
13. Research and experimental treatments
14. Abuse risks
a) Alleged abuser-abused
(1} Patient-patient
(2) Staff-patient

(3) Visitor-patient
(4) Visitor-staff
b) Types of abuse
(1) Sexual
(2) Physical
(3) Verbal
(4) Emotional
15. Voluntary and involuntary admissions
16. Patient Bill of Rights: Title 42, Chapter 102, Section 9501
17. Complaint/grievance process
18. Profes.$ional competence
a) Licensed and unlicensed staff
H. Radiology Services
, '
1. Management and avoidance of contrast media reactions ~r extravasation
a) Patient screening
b) Technologist's competencies
c) Immediate treatment
2. Failure to diagnose
3. Preliminary and confirmatory readings (over-readings)
4. Radiation exposure
5. MRI safety
6. Anesthesia and monitoring of patients who receive anesthesia
7. Telemedicine
8. Credentialing
9. Medical record documentation
I. Home Health Services
1. Services comprise distinguishing features
a) Care is provided in the home
b) Providers are supervised indirectly
c) No control over the setting in which patient care is provided
d) Cognitive understanding of disease state, home instructions, medications, etc. of paf:ient/
caregiver has significant impact on patient outcome \ '
e) Strong reliance on patient and caregiver's compliance
f) Use of technology traditionally used in the hospital setting or emergence of new
technology designed for in-home use that requires training or familiarity
g) Unpredictable level of compliance that can be expected from the patient and family or
friends who care for patients on a daily basis
h) Unique workers' compensation exposures such as safety and security ofdie caregivers

2. Admission criteria are commonly based on:
a) Whether the environment is conducive to compliance with the care plan
b) "Whether the necessary support caregivers are available
c) Whether competent staff is available
d) Safety and security of the home environment
,, e) Admission process
f) Patient referral
g) Medicare entidement for home health care
h) Denial of admission
· i) Informed consent/ refusal
3. Termination/withdrawal of home health services
a) Clear objective parameters to continue in home health setting should be reviewed when
patient is admitted
b) Examples of situations involving termination of home health services
(1) Verbal/physical abuse (elder abuse/neglect reporting)
(2) Noncompliance
(3) Unsafe environment
(4) Refusal of visits
4. Confidentiality/privacy
5. Medical equipment.
a) Durable medical equipment (DME) may be provided by independent contractor/agency
b) Contract for DME
c). Written procedures for reporting in accordance with Safe Medical Devices Act (SMDA)
d) Document family/ paJ:ient training, preventative maintenance program and safety checks
6. Medication and infusion therapy
a) Safe medication administration for patients
b) Concerns regarding drug diversions by caregivers
7. Withholding care and other end-of-life issues
a) Hospice services focus on providing care to the terminally ill patient and the patient's family
8. Cultural issues
9. Transporting patients
10. Infectious/hazardous waste management
11. Emergency preparedness
12. Incident identification and reporting
13. Departments of health, departments of children and families, Food and Drug
Administration reporting

14. Medicalrecord documentation
15. Contracts, fraud and abuse concerns
J. Physician's Office Setting
1. Exa.rrlples of risk management areas of interest
a) Professional staff
(1) Licensure
(2) Training and certification
(3) Locum tenens and agency staff
(4) Anti-kickback issues
b) Safety
(1) .Safe environment
(2) Medical devices
(3) Disposal of medical waste.
)
c) Human resources
(I) Employee handbook
(2) Employee proficiency
(3) Training
(a) Orientation
(b) Annual updates
(c) Certifications
d) Clinical
(1) Confidentiality and patient privacy; HIPM
(2) Infection control
(3) Patient tracking and diagnostic follow-up
2. Health literacy and cultural diversity
3. Examples of insurance coverage needed
a) General liability
b) Professional liability
c) Workers' compensation
d) Business interruption
e) Disability insurance
fj Property insurance
4. Claims data
a) Medical services traditionally provided in an acute care setting are now performed in an
ambulatory care setting; transition brings an increase in the severity and frequency of
professional liability claims
b) Medical events most likely to generate medical professional liability claims

(1) ·Improper performance
(2) Errors in diagnosis
(3) Failure to supervise or monitor care
(4) Medication errors
(5) Failure to recognize a complication of treatment
(6) Care performed when not indicated or performed when contraindicated
(7) Care not performed
(8) Delay in performance
(9) Failure to instruct or communicate with the patient
·. c) Physicians continue to have professional liability-related issues associated with key
aspects of primary care; of the thousands of claims against physicians in the Physician
Insurers Association of America (PIAA) Data Sharing Project, many have their origin in a
diagnostic interview, evaluation, consultation or prescription medication
K. Aging Services/Long-term Care (skilled nursing, assisted living, independent living and
continuing care retirement communities)
1. Common risk issues
a) Patients' rights
b) Staffing
c) Abuse
d) Slips and falls
e) Nutrition/hydrat;ion
f) Pressure ulcers
g) Elopement
hi Restraints
i) Documentation
j) Background checks on personnel
2. Centers for Medicare and Medicaid Services (CMS) define the Requirements of Participation
that skilled nursing facilities/nursing homes must meet to participate in the Medicare/
Medicaid programs. (TJC does not confer "deemed status")
3. CMS contracts with state agencies to certifY that skilled nursing facilities meet the federal standards
4. Facilities must be surveyed for compliance
a) Quality of care
(1) Prevention of pressure ulcers, pain management, facility responses to resident changes
in condition, management of nutrition/hydration problems and prevention of
medication errors
b) Resident rights and facility practices
(1) Prevention of abuse, neglect and misueatment; use of physical and chemical restraints,
especially use of antipsychotic drugs; resident freedom of choice, advance directives
and informed consent
i·.·j''·
I
!t.
I__-···---·:·:. .J
c) Administration
(1) Injury investigation and reporting requirements, provision of physician services,
supervision of medical care and quality improvement committees
d) Quality oflife
(1) Activities or programs to promote the resident's highest practicable level of physical,
mental and psychosocial well being
e) Resident assessment
(1) Functional assessments, establishment of the interdisciplinary plan of care and timing •
and management of changes in condition
f) Investigation and reporting obligations
(!)"Facility must investigate any injury to a resident and make a report to the facility
~dministrator within five days; findings must also be forwarded to the state survey agency
5. Results are available on the Online Survey Certification and Reporting Database (OSCAR)
6. Deficiencies identified during suryey may lead to CMS imposing sanctions, penalties,
increased monitoring, ban on payment, loss of right to p~ticipate in Medicare and Medicaid
7. Office of Inspector General may investigate criminal and civil complaints
8. State surveyors may also conduct an investigation in response to reported risk event/complaint
9. Loss control focus in aging services/long-term care should address:
a) Personnel (number, training, background, competency, appropriate assignments and supervision)
b) Policies and procedures
c) Patient care (routine documentation of assessments, i.e., medical and nursing, and ongoing status)
d) Equipment, medications and supplies
10. Risk management program
a) Areas of risk for aging services/LTC facilities
(I) Slips and falls
(2) Medication errors
(3) Negligent care
(4) Decubitus ulcers
(5) Elopement
(6) Abuse allegations
b) Risk identification and tracking
c) Loss control and prevention
1:·,
d) Claims management \
e) Facility insurance and risk financing

f) Credentialing
g) Facility maintenance and safety issues
h) Employee health
i) Workers' compensation

IT. Patient Safety
A. A top national priority as well as a priority for healthcare organizations
1. While interest in patient safety has been building for some time, media coverage and
consumer attention have prompted stakeholders to renew their focus and allocate additional
resources to support patient safety initiatives
.
B. Redesign healthcare systems to make .errors difficult to commit
€. Create a culture in which the existence of risk is acknowledged
D. Promote injury prevention and patient safety as everyone's responsibility
E. Patient safety infrastructure
L Empowered patient safety officer/leader
2. Board of directors support
3. Interdisciplinary participation
4. Integration of quality, risk and patient safety
5. Patient safety plan
6. Patient safety committee(s)
7. Structured monitoring and feedback process
8. Accountability
9. Communication with key personnel
10. Actively and publicly promote patient safety
11. Open communication about patient safety initiatives; transparency
12. Language of safety·
a) Taxonomy
b).Nomenclature
13. Severity levels
14. Data use, managemeni'and oversight
16. Leadership support for transparency and disclosure
17. Patient and family participation and involvement
18. Identify patient safety as a focus in all processes and/or design improvement activities
19. Provide patient safety educational programs
20. Identify patient safety as a priority and support patient safety initiatives
21. Allocate resources for patient safety initiatives
22. Participate in patient safety rounds
23. Request and review organizational monitoring information related to patient safety
24. Monitor leadership's contributions to patient safety
25. Identified department with subject matter expertise

r F. Culture of Safety
1. An integrated pattern of individual and organizational behaviors, based upon shared beliefs
and values, that continuously seeks to minimize patient harm that may result from the
processes of care delivery
2. Organization
a) Looks at the system, environment, knowledge, workflow, tools and stressors that impact
providet behavior
b) Encourages reporting of errors .and near misses which depends on maintaining trust,
honesty, integrity and open communication with patients and between care providers
c) Recognizes the possibility of barriers
3. David· Marx: Culture of Safety- A Proactive, Learning Culture
a) Dev:dopment of a Culture of Safety
(1) Five Stages of Maturity in a Safety Culture
{a) Pathological: No syste.rp.s in place to promote a positive safety culture
) '
{b) Reactive: Systems are piecemeal, developed only in response to events or outside
requirements
{c) Calculative: Systematic approach to safety exists but implementation is patchy and
inquiry into events is limited to circumstances surrounding a specific event
(d) Proactive: Comprehensive approach to promoting a positive safety culture;
evidence-based intervention is implanted across the organization
(e) Generative: Creation and maintenance of a positive safety culture are central to mission of
the organization; organization evaluates the effectiveness of interventions and drains every
last drop of learning from failures and successes and takes meaningful actions to improve
G. Just Culture
1. "The single greatest impediment to error prevention in the medical industry is that we punish
people for making mistakes." Dr. Lucian Leape, Professor, Harv~d School ofPublic Health,
Testimony before Congress on Health Care Quality Improvement
2. Just Culture Accountabtlity Model
a) Lucian Leape- "Father of the patient-safety movement"
(1) Introduced the term "just culture" and noted that having a safety culture doesn't mean
there is no role for punishment '
(2) Punishment is indicated for willful misconduct, reckless behavior and unjustified,
deliberate violation of rules but not for human error
(3) Described the following types of mental processing errors that humans are prone to
and the factors that make such errors more likely to occur: \
(a) Reliance on short-term memory
(b) Interruption during task execution
(c) Poor design of processes and devices
(4) In a just culture accountabtlity model:
(a) Individuals are held accountable for their own professional performance

•
(b) Leadership acknowledges the unintentional nature of human error
(c) Leadership seeks to learn from mistakes
b) Thomas W. Nolan
i I
I
(1) Described the frailty of human memory as well as the difficulty humans have with vigilance
c) Researchers agree that design of systems and processes is an important consideration in
creating a safe environment; other important components that must also be designed and
managed in ways that maximize the goal of a safe environment include the following:
(1) Organizational culture of safety
(a) Safety culture looks at the system, the environment, the knowledge, the workflow,
the tools and other stressors that may affect provider behavior
(b) Safety culture encourages reporting of errors and near misses, which depends upon
maintaining trust, honesty, respect, integrity and open communication among
patients and providers
(2) Management buy-in, involvement and commitment in promoting and supporting
patient safety initiatives
(3) Desire to learn from information about safety and accidents in the organization
3. The need for just culture (David Marx, A Just Culture Community)
a) Only 2 to 3 percent of errors reported
b) Most hospitals unaware of the extent of error
c) Healthcare workers would report only what they could not hide
d) Errors, as viewed by hospital workers and the public, are indicators of carelessness
4. Agency for Healthcare Research and Quality (AHRQ) suggestions for just culture
a) Conduct regularly scheduled walk-arounds to learn about staff concerns regarding patient
safety, and include all shifts
. b) Conduct monthly staff meetings and include a focus on patient safety
c) Implement open boo~ management and biweekly "huddles"
d) Educate hospital leaders about making error reporting anonymous, easy, convenient and
non-punitive
e) Set up a hotline for reporting errors and develop anonymous reporting forms
f) Involve staff directly in the problem-solving process
g) Charge leadership, from supervisor level to senior leadership, with developing and implementing
an annual action plan, hold them accountable and require periodic progress reports
h) Allocate resources for safety needs identified by staff, i.e., buying safer beds, N pumps, and
automated medication dispensing systems upgrades.
i) Re-evaluate current disciplinary policies and procedures (involvement with human resources)
j) Empower all medical staff, hospital personnel, patients and families to immediately
intervene whenever they feel the need to protect the patient from harm and prevent a
medical accident without fear of retribution
k) Highlight/congratulate personnel whose contributions have protected a patient or made a
difference
76 ASHRM Preparation Guide for the CPHR!vf Examination

5. A just culture includes leadership rounding
a) Purpose
(1) Demonstrates support for making safety a high priority
(2) Increase awareness of local safety issues for leaders
(3) Educate staff about safety concerns
(4) Identify barriers to safety where leaders can assist in removal
(5) Evens the playing field
b) Follow-up
(1) Record the data
(2)·Initiate performance improvement project for gap closure
6. A just culture encourages and supports reporting
a) Helps to prevent future patient harm
b) Provides an indication of humf.U and system performance
' \
c) Guides performance improvement
d) Provides an opportunity to acknowledge the good work done risks
7. A just culture creates actionable improvement
8. Event and near miss understanding
a) Mature cultures have higher reporting
b) Focus is on near miss and low harm
c) Performs apparent cause analysis
~) Predictability
e) Involvement from many disciplines (residents, nutritionists, nurses, staff physicians)

9. Organizational Trust
a) Management needs to be trusted
b) Management needs to trust staff
c) Staff needs to trust management
H. High-Reliability Organizations
1. Organizations that operate complex syste~s without mistakes over long periods of time
a) Researchers have identified "high-reliability organizations" in other industries that function
consistently over time with few errors or injuries, despite high levels of complexity and
hazards in their daily operations
(1) Suggested that the concept of high reliability can be applied to healthcare or~atiops
I .
b) Characteristics of high-reliability organizations

(1) Leadership
(2) Reporting culture: All roles are key in identifying and reporting suspected/known risks
(3) Risk auditing: ongoing monitoring of activities to identify both expected and
unexpected risks

(4) Appropriate reward systems that encourage safety-related behavior
(5) System quality standards: i.vdustry leaders who model behaviors that are broadly
recognized hallmarks of quality and safety
(6) Acknowledgment of risk: Information-sharing as a means to acknowledge, demystify
and reduce risk of error; to learn from errors
(7) Trust and transparency
(8) Flexible management models: Processes to promote teamwork and create safety
I. Use of Data in Patient Safety
1. Data trending
2. Analysis of events/ data
3. Event categorization: Taxonomy
4. RCA and FMECA tools
5. R~porting events (clinical and non-clinical)
6. Action plan
· 7. Mining for data
a) Audit tools
(1) Medical records: High risk, chief complaints
(2) Risk audit: High risk exposures (OB, ED, OR)
(3) Claims audits: allegations (misdiagnosis, failure to rescue)
(4) Risk data: Written incident reports, medication events, falls, or surgical events
(5) Patient complaints
(6) Patient satisfaction surveys
(7} Clinical indicators
b) Trigger tools
\
c) Rapid response team database
d) Work-arounds
(1) Identified by staff
(2) Noted in observations of process
(3) From claims data
e) Near-miss data
f) Safety walk-arounds
g) Infection control
h) Pharmacy data
i) Ambulatory clinics
j) Home health/durable medical equipment (DME)
k) Aging services (SNF) or rehabtlitation
1) Radiologic safety
78 ASHRM Preparation .Guide for the CPHRM Examination

·0-·-~-·-~ < _;... '
m) Workers' compensation
n) Environmental safety
8. Deficiencies of patient safety data
a) Confusion about use of the data
b) Lack_of agreed-upon taxonomy and failure to use agreed-upon taxonomy
c) Analyzing rare events vs. large segments of data
d) Multiple data streams without defined process on how to view the data
e) No central repository for patient safety data
f) Surveillance bias: The organization can look better or worse than others
(1) When an organization does a thorough job of surveillance, in all likelihood it will find
II?-ore and therefore may look worse
J. Taxonomy: Error Index
1. Necessary and important component of patient safety
a) Defines a common language to ClassifY events
b) Provides known way for providers to communicate about specific events
c) Promotes comparison with other organizations
d) Creates a common understanding &om which to create action plans and drive patient
safety efforts
2. Example: NCCMERP Index for Categorizing Errors
K. Error and Human Factors: "We can't change the human condition, but we can change
the conditions under which humans work'' (Reason, J. T. (1997). Managing the Risks of
Organizational Accidents. Aldershot, Hants, England: Ashgate)
1. Issues that impact human performance
a) Factors that are present before action takes place
(1) Fatigue, stress, boredom
(2) Dehydration, hunger
1. Factors that directly affect decision making
a) Perception
b) Memory
c) Attention
d) Reasoning
e) Judgment
3. Factors that directly permit decision execution
a) Communication
b) Ability to carry out intended action
4. Human factors and fatigue
a) Fatigue can impact an individual's performance and personality
(1) Reduce decision-making ability

1
Jl
l
(2) Prolong response time J
(3) Increase lapses in attention
(4) Negatively affect short-term memory
(5) Lessen ability to multitask
(6) Increase irritability, moodiness, and depression
(7) Decrease ability to communicate
5. Human factors: Mental shortcuts
a) Using biases or what is known as "cognitive dispositions to respond," such as jumping to
conclusions, "hindsight bias'
h) Hindsight bias
(1) Richard Cook, an anesthesiologist, notes that investigations into accidents frequendy
stop with identifying the human error made and designating the practitioners as the
"cause" of the event; determination is often made without evaluation of systems or
processes that may have contributed to the error; limited types of investigation can lead
to solutions characterized by hindsight bias, which occurs when the investigators work
backwards from their knowledge of the outcome of the event
c) Seeing what is already expected whether actually there or not
d) Bias toward action vs. non-action
e) Overconfidence bias
f) Sunk costs: Example, A practitioner with a cognitive commitment to a previously made
diagnosis uses the irreversible past diagnostic decision to justify future decisions.
g) Mental shortcuts in diagnostic errors
(1) Mental shortcuts = cognitive bias =heuristics
(2) Diagnostic errors responsible for preventable errors in hospitalized patients
(3) Especially seen in patients with common or more non-definitive symptoms
(4) There are four categories of errors seen in healthcare
Cogniri\ e bi<ls Oehnirion Eumple
Availability heuristic Diagnosis made based on past Patient incorrecdy treated for GI upset
experiences despite presence of cardiac symptoms
Anchoring heuristic Diagnosis made from initial Initial set of cardiac enzymes
(premature closure) impression although not supported negative so heart attack ruled out
by subsequent data or information when patient had left arm pain
Framing effects Diagnosis unduly influenced Known drug addict diagnosed

by or prejudiced by collateral with overdose rather than stroke
information
Blind obedience Diagnosis made from undue False positive pregnancy test
reliance on lab results resulted in missed appendicitis

6. Human factors that reduce situational awareness
a) Insufficient communication
b) Fatigue/stress
c) Task overload
d) Task underload
e) Group mindset
f) "Press on regardless" philosophy
g) Degraded operating conditions
7. Human factors and cognitive concepts: Theories on accident causation
a) Slips: Tend to occur in situations that are so routine that they have become rote (answering
the 1oor when the phone rings)
b) Lapses: Generally not visible because reflective of a memory failure (leaving out or
forgetting a step in a familiar protocol)
c) Mistakes: Judgment failures diat are more subtle and E;omplex than slips; go undetected for
period of time; left to differences of opinion when detected (selection of an antibiotic or
determining cause of death)
(1) Knowledge based- mistake made because oflack of sufficient knowledge, skill or
experience
(2) Rule based- either a good rule applied incorrectly or a bad rule applied
d) Active failures
(1) Highly visible errors with immediate consequences (surgeon removing the wrong leg or
nurse administering the wrong medication)
e) Latent failures
(1) May be hidden for years and generally rooted in organizational c;:ulture
(2) Takes the right set of circumstances for the error to become visible or known (an
informal practice of not requiring that look-alike medications be separated)
8. James Reason's Swiss Cheese Model
a) Illustrates several key findings about errors
b) Errors, especially serious errors, result from multiple system failures
'
c) System failures occur every day, but built-in defenses and redundancies usually preV-ent injuries
d) Occasionally, latent failures occur in a tightly coupled sequence that overwhelms the built-in
defenses and redundancies in those systems
e) When this occurs, a catastrophic error occurs, resulting in injury
1:·,
f) Supports growing notion that actions of individuals involved in error do not either 1
adequately explain the genesis of error or provide solutions to prevent recurrence

9. Blunt end-sharp end: The anatomy of errors in healthcare
a) David Woods' model of accident causation assumes that the healthcare workers at the
sharp end, where patient care is delivered, are affected by decisions, policies and regulations
made at the blunt end or hospital administration side of the system
(1) Organizational factors: Culture, policies, procedures, regulations

(2) Environmental factors: Equipment, staffing, resources, constraints
(3) Human factors: Clinical competency, communication skills, problem solving I critical
thinking skills
I 0. Contributing factors of errors
a) Team factors
b) Individual staff factors
c) Task factors
d) Patient factors
e) Work environment factors
f) Organization and management factors
g) Institutional context factors
h) Disruptive and inappropriate behavior
(I) Establish a facility policy and procedure
(a) Apply to employees, patients, families and visitors
(b) Address physical and/ or verbal behavior
(c) Define disruptive and inappropriate behavior
(2) Establish a code of conduct that applies to all staff and practitioners
(3) Manage disruptive and inappropriate behaviors
(4) Conduct education around application of policy and procedure
(5) Provide counseling/support for staff involved if needed
11. Education strategies to reduce human errors
a) Information
(I) Warnings and labels
(2) Posters
(3) Memos
'I I
b) Training
(I) Annual safety test
(2) Ongoing training
c) Policies and procedures
d) Standardization of processes
(1) Order sets
(2) Checklists
e) Designs to prevent errors: Mistake-proofing
12. Human-error reduction strategies
a) Simplification of tasks and processes
b) Standardization
c) Use of constraints and forcing functions

....... _ __
_:_
d) Reduce reliance on memory

e) Reduce reliance on vigilance
f) Use of protocols and checklists
- g) Reduce handoffs-
h) Reduce need for calculations
i) Avoid or reduce fatigue
j) Heighten awareness of error prevention through communication and training
L. Key Patient Safety Influencers
1. Studies
a) The-Institute of Medicine (IOM)
(1) Landmark 1999 report: "To Err is Human: Building a Better Health System"
(2) Health care in the United States is not as safe as is should be and can be. Approximately
44,000 to 98,000 people die each year in hospitals as a result of medical errors
(a) Quantified the frequeney of medical error, based on the results of the Harvard
Medical Practice Study in 1984
(b) Evoked much scrutiny and comment
(c) Estimated that reporting of preventable adverse events is understated
(d) Defined medical error "as the failure of a planned action to be completed as
intended, or the use of a wrong plan to achieve an aim''
(e) Supports risk management loss prevention efforts
(f) Supports a collaborative relationship with quality improvement
b) Committee on Quality Health Care in America Project
(1) "Crossing the Quality Chasm: A New Health System for the 21st Century," published
in 2001 by the IOM
_(2) Report proposed specific objectives for improving health care delivery based upon the
six aims of safe, effective, patient-centered, timely, efficient and equitable provision of
health care
(3) Biggest challenge is to establish a culture that encourages reporting of events that may
result in actual or potential harm to patients or others; this is also known as a "just culture"
2. National Patient Safety Foundation (NPSF)
a) Independent, non-profit organization
(1) ''A central voice for patient safety''
(2) Non-biased influence
(3) Supported by well-known patient safety leaders
(4) Enhances patient safety awareness through
(a) Educational programs for professionals
(b) Research project grants
(c) Awareness campaigns
(d) Supports and encourages patient and family involvement

3.1he Leapfrog Group
a) A coalition of Fortune 500 companies concerned about the impact of medical errors on the
employees for whom they purchase healthcare benefits
(1) Minimum requirements for healthcare organizations that wish to compete for their business
(2) Identified hospital quality and safety practices that are the focus of its health care
provider performance comparison and hospital recognition and reward program based
on independent scientific evidence:
(a) Computerized physician order entry (CPOE)
(b) Evidence-based hospital referral
(c) ICU physician staffing
(d) Leapfrog Quality Index: Based on NQF's Safe Practices
4. National Quality Forum (NQF)
a) Private, non-profit organization seeking to improve United States healthcare
b) Developed cons~nsus standards
c) Published set of hospital safe practices aimed at reducing harm to patients
d) Published set of serious reportable events - never events
(1) Of concern to public, healthcare professionals, and providers
(2) Identifiable and measurable
(3) Risk of occurrence is signi:ficandy influenced by the policy and procedures of the organization
e) Patient safety taxonomy
5. Agency for Healthcare Research and Quality (AHRQ)
a) Makes patient safety a strategic priority
b) M~dical errors are caused by:
(1) Communication problems
I ,
(2) Inadequate information flow
I'
(3) Human factor-related problems

(4) Patient-related problems
(5) Patient-related issues
(6) Organizational transfer of knowledge
(7) Staffing patterns/work flow
(8) Technical failures
(9) Inadequate policies and procedures
c) Grant funding available for organizations to study impact of safety practices on error
d) Surveys and patient safety indicators
(1) Patient Safety Culture Survey
(2) Patient safety indicators (PSI) focus on potentially preventable complications and
iatrogenic events for patients treated in hospitals and are measures that screen for
adverse events

(3) Consumer Assessment ofHealthcare Providers and Systems (CAHPS): administers the
patient satisfaction survey.
6. Patient Safety Quality Improvement Act (PSQIA) of 2005
a) To improve patient safety and reduce the incidence of events that adversely affect patient safety
b) Creates "Patient Safety Organizations" (PSOs)
c) Establishes "Network of Patient Safety Databases" (NPSD)
d) Provides federal confidentiality protections for analyses and reports
e) Completely voluntary
7. CMS- Hospital Acquired Conditions (HACs)
a) CMS to select conditions that are:
(I) f:iigh cost, high volume or both
..
(2) Assigned to higher paying DRG when present as a secondary diagnosis and could
reasonably have been prevented through the application of evidence-based guidelines
b) Requires hospitals to submit a tlaims report for dischat:ges that include any of the selected
conditions and to identify if the condition was present on admission (POA)
c) Patient safety indicators: patient outcome related to quality and safety
8. Institute for Healthcare Improvement (IHI)
a) IHI Open School
b) IHI Global Trigger Tools
c) lOOK and 5M Lives Campaign
d) WHO Surgical Checklist
e) Linking quality and financial management
9. The Joint Commission: Patient Safety Advisory Group
a) Identifies the National Patient Safety Goals (NPSGs) and makes recommendations to The
Joint Commission
b) May recommend retirement of selected NPSGs to maintain the focus of accredited
organizations on the most critical patient safety issues
c) Reviews draft patient safety suggested actions for potential publication in The Joint
Comin.ission's Sentinel Event Alert patient safety advisory
10. The Joint Commission: National Patient Safety Goals
a) Entities subject to NPSGs:
(1) Ambulatory care and office-based surgery
(2) Assisted living
(3) Behavioral healthcare
.-.,
(4) Critical access hospital
(5) Disease-specific care
(6) Home care
(7) Hospital
(8) Laboratory

·,
(9) Long-term care

(10) Networks
b) The Joint Commission: National Patient Safety Goals (Review current year goals for the exam.)
(1) Updated annually (www.TJC.org)
(2) Promote specific improvements in patient safety
• (3) Highlight problematic areas in healthcare and describe evidence and expert-based
~I
solutions to these problems; goals focus on systemwide solutions
(4) Derived primarily from informal recommendations made in Joint Commission's safety
newsletter, Sentinel Event Alert
(5) Sentinel Event database, which contains de-identified aggregate information on
sentinel events reported to the Joint Commission, is the primary source of information
from which the alerts, as well as the goals, are derived
(6) Retired Goals
(a) Free-flowN's
(b) Universal Protocols
(c) Alarms
(d) Unapproved use of Abbreviations
(i) U =units
(ii) MS04
(iii) Leading and trailing O's
c) Surveying and Scoring ofNPSGs
(1) All applicable NPSGs or acceptable alternative approaches must be implemented for
accredited organizations
(~) Surveyors evaluate the actual performance, not just the intent of meeting the NPSGs
(3) NPSGs are scored as either Compliant or Not Compliant.

I (4) Failure to comply With a NPSG will result in a "Requirement for Improvement" (RFI)
I I
I
I
I :
lll. Sentinel Event
I
I
I
I
I
A. Must comply with Joint Commission requirements
B. Any unexpected occurrence involving death or serious physical or psychological injury, or the
risk thereof
C. Goals of the sentinel event policy
1. To have a positive impact in improving patient care, treatment, and services and preventing
sentinel events
2. To focus the attention of a hospital that has experienced a sentinel event on understanding the
factors that contributed to the event (such as underlying causes, latent conditions and active
failures in defense systems, or organizational culture), and on changing the hospital's culture, i
!
systems and processes to reduce the probability of such an event in the future
3. To increase the general knowledge about sentinel events, their contributing factors, and
strategies for prevention
4. To maintain the confidence of the public and accredited hospitals in the accreditation process
··-·~·.-,.~,,
J.' •• , , . , ; ,
D. The Joint Commission requests voluntary reporting of sentinel events
1. Must conduct a root-cause analysis (RCA) on all sentinel events
E. The product of the root-cause analysis is an action plan that identifies strategies the organization
intends to implement to reduce the risk of similar events in the future. The plan should address
responsibility for implementation, oversight, pilot testing as appropriate, time liens, and
strategies for measuring the effectiveness of the actions.
F. Critical incident debriefing
G. Subset of sentinel events that is subject to review by the Joint Commission includes any
occurrence that meets any of the following criteria (for hospitals):
1. The event has resulted in an unanticipated death or major permanent loss of function not
related_to the natural course of the patient's illness or underlying condition or
2. The evept is one of the following (even if the outcome was not death or major permanent loss
of function not related to the natural course of the patient's illness or underlying condition):
a) Suicide of any patient receiving care, treatment and services in a staffed around-the-dock
care setting or within 72 hours·;of discharge
b) Unanticipated death of a full-term infant
c) Abduction of any individual receiving care, treatment or services
d) Discharge of infant to wrong family
e) Rape, assault (leading to death or permanent loss of function), or homicide of any patient
receiving care, treatment, and services
f) Rape, assault (leading to death or permanent loss of function), or homicide of any staff
member, licensed practitioner, visitor, or vendor while on site at the health care organization
g) Hemolytic transfusion reaction involving major blood group incompatibility (ABO, Rh,
other blood groups)
h) Invasive procedure, including surgery, on the wrong patient, wrong site, or wrong procedure
i) Unintended retention of a foreign object in an individual after surg~ry or other invasive procedures
j) Severe neonatal hyperbilirubinemia (bilirubin> 30 milligrams/deciliter)
k) Prolonged fluoroscopy with cumulative dose> 1500 rads to a single field, any delivered to
wrong body region, or >25o/o above the planned radiotherapy dose
IY. Root Cause Analysis: RCA

A. Definition
1. A process to identifY the most basic causal factor or factors that underlie a variation in
performance, including the occurrence of an adverse sentinel event
2. RCA identifies changes that could be made in the system and processes - through either
redesign or development of new systems or processes - that would improve the level of \
performance and reduce the risk of a particular event occurring in the future
B. When to do a root cause analysis?
1. Sentinel events
2. Adverse events
3. Near misses

l'
C. Preparing for a successful RCA ·~

1. Interdisciplinary review that includes those closest to the process
2. Focus on systems and processes rather than individual performance
3. Analysis digs deep until allfactors are identified
4. Analysis identifies changes that can be made in systems and processes
'D. Former investigation focus
1. Traditional healthcare model
E. Current Focus
1. Investigations should represent varying levels and all departments involved
F. Advantages of reporting sentinel events
1. Enables lessons learned to be added to:
a) The Joint Commission's sentinel event database and contributes to general knowledge of
. the causes of such events
b) Allows lessons to be learned within the organization
2. Provides for an opportunity to consult with The Joint Commission staff on development of
RCA and action plan
3. Sends a positive, proactive message to the public
4. Promotes transparency
G. Submitting RCA to TJC
1. Submit RCA and action plan to the Joint Commission
a) Organization should consider its comfort level with preserving the reports' confidentiality
(1) May take reports directly to TJC offices in Illinois
(2) May pay forTJC staff to come to the hospital to review reports
(3) May submit a s~ary of RCA, action plan, relevant policies, etc .
....
V. Failure Mode, Effects, and Criticality Analysis (FMECA)
A. Method used to identify those risks inherent in care delivery
B. FMECA is a proactive model designed to identify weak points, incidents or events before they occur
1. Different from RCA which is a reactive process and subject to "hindsight bias"
2. Promotes a redesign for safety philosophy
C. The Joint Commission requires hospitals to select at least one high-risk process annually upon
which to conduct a FMECA
D. FMECA Process Steps:
1. Identify project scope
2. Assemble a team
3. Diagram intended and actual process
4. Identify potential failure mode
5. For each failure mode, identify the possible effects
88 ASHRM Preparation Guide for the CPHRM Examination j

j
~·----
6. Put new process in place

7. Test and implement the redesigned process
8. Identify and implement measures of effectiveness
9. Implement a strategy for maintaining the effectiveness of the redesigned process over time
E. FMECA: Risk Priority Number
1. Likelihood of Occurrence (1-10)
2. Likelihood of Detection (1-10)
3. Severity (1-10)
4. Risk Priority Number= (Occurrence x Detection x Severity)
5. NOTE: 1 =Very likely it WILL be detected 10 =Very likely it WILL NOT be detected,...
Source;JHI
·'
VI. Patient Safety Challenges

A. Communication and Teamwork
1. Healthcare is traditionally hierarchical
a) An additional ramification of hierarchy is that it may legitimize intimidating behavior or
lack of assertiveness by frontline staff
2. Personal communication styles of staff
3. Relationship of staffing to medical errors
4. Lack of common language (SBAR, ICUS, IPASS)
a) Situational Briefing Model (SBAR: Situation, Background, Assessment, Recommendation)
is a method to ensure proper, consistent and objective communication to help eliminate
communication failures that often exist in healthcare
5. Addressed with other patient safety initiatives
a) Simulation training
b) Rapid Response Teams (RRT)
c) Walk arounds
d) Patient engagement: Participation in committees I RCAs
e) Critical incident debriefing
VII. Critical Incident Debriefing

A. Can occur for any reason
B. Do it when memories are fresh
C. Include the members of the "team''
D. Don't "point fingers"
·:. .. ,
E. Provide a safe environment of inclusion

F. Provides an opportunity for individual, team and organizational learning
G. The greater the specificity, the better

I· H. What would we do differently next time?
I. What did we do well? j
!
J. What did we learn?
VIII. Patients as Partners in Patient Safety
\ A~, Growing consumer skepticism about the quality and safety of patient care will lead toward less
deferential, more informed, and more demanding patients. If healthcare professionals want to
enlist the help of patients in preventing medical mistakes, new patient-practitioner relationships
must be formed.
B. Create readiness for patients through:
1. Education
2. Healthcare literacy
3. Speak-up campaign
4. Decision-making
5. Disclosure and transparency
6. Fair and "just" culture
7. Teamwork
C. Speak up
1. The Joint Commission (TJC)
D. Patient participation
1. Root Cause Analysis (RCA)
2. Failure Mode, Effects and Criticality Analysis (FMECA)
3. Patient Safety inform~tion
E. Rapid Response Team (RRT)
1. Driven by medical profeS\ion
2. Driven by patients
F. Key concepts:
1. Communication
2. Education
3. Empowerment
4. Active partnership
5. Patient and family centered
6. Listening
G. Patient rights as partners
1. Important for empowered consumers
2. Foundations for the organization
a) Informed consent
b) Bill of rights

c) Consumer Rights and Responsibilities: 1997 Advisory Committee on Consumer
Protection and Quality
(1) Information disclosure
(2) Choice of providers and plans
(3) Access to emergency services
(4) Participation in treatment decisions
(5) Respect and discrimination provisions
(6) Confidentiality of health information
(7) Complaints and appeals
(8) ~onsumer responsibilities
3. The ne':Y patient
a) Patients have become more educated consumers
b) A new patient focus is needed that addresses
(1) Access
(2) Choice
(3) Affordability
(4) Availability
(5) Timeliness
(6) Satisfaction
(7) Quality
(8) Rights
4. Increasing patient/consumer responsibilities
a) Individuals have legal obligation to exercise caution and refrain from negligent acts that
result in injury to others
b) Individuals have a duty to refrain from negligently exposing themselves to harm .
c) Patients are required to assume increased control of their personal healthcare and to
communicate their healthcare needs to their providers
5. New risk challenges/new competencies
a) Caring competence
b) Cultural competence
(1) Culture is composed of the beliefs, values, morals, customs, traditions, knowledge and
habits acquired through living in the community and within society
(2) Addressed in TJC standards
(3) Guidance provided by the U.S. Department of Health and Human Services
(4) Potential for "cultural negligence" claims
c) Educational competence
( 1) Internet
(2) Direct-to-consumer advertising

(3) Unlicensed healthcare staff practicing with patient-centered or patient-focused delivery models
I j
'I
(4) Community
(5) Health on the Net Code of Conduct (HONcode) seal
(6) Risk issues regarding literacy
d) Spiritual competence
i6. Risk interventions
',\
a) Safety policies articulating support of the organizational mission and values
b) Posting patient rights
c) Credential staff on matters involving newly-identified competencies
d) Promoting cultural knowledge and competent care
e) Training staff to improve communication and patient education skills
I I
f) Grievance policies and appropriate execution of policies
g) Evaluating patient education and training
h) Addressing diversity through interdisciplinary quality improvement activities
i) Literacy testing on all patient education materials and tools
j) Assessing community needs
IX. Patient Safety Challenges

A. Technology to Improve Patient Safety
1. Electronic health record (EHR)
2. Electronic medical records (EMR)
3. CPOE
4. Bar ~oding
5. Robotics
6. eiCU's
7. ·Smart pumps
X. Patient Safety: Disclosure

A. Definition: Communication of information regarding results of a diagnostic test, medical
treatment or surgical intervention
B. Purpose: To give patients/families information they need to make further decisions
1. Medical decisions
2. Decisions to pursue legitimate compensation
C. It is not stricdy related to medical error, nor necessarily to bad news
D. Some states have requirements for disclosure, both verbal and written
E. Key concepts
1. First obligation always to immediate needs of the patient (stabilization, comfort, care, etc.)
2. Obligation to discern facts from "hearsay"
I
~.~.~.-..-_ .. ,-.
3. Obligation to come from a place of integrity
4. Obligation to take care of the needs of providers and others involved in the incident
5. Recognize that disclosure is a process that will require multiple discussions, not an "event"
6. Recognize that the purpose of disclosu~e is not to avert litigation but to respect the integrity
of the patient/caregiver relationship .
7. Whatever promises are made d~ring this process must be kept; trust is at stake
8. Maintain close contact with the patient/family during the process; do not put the onus of
responsibility on them to maintain the relationship
F. Reasons to disclose
1. Right thing to do
2. Patient~ expect it
3. Professi~nal responsibility
4. Earn trust/possibly forgiveness of patient
5. Supports patient safety initiatives; \
6. Required byTJC for unanticipated outcomes
G. Framing the conversation
1. Acknowledgement that adverse event occurred
2. An explanation as to why it happened
3. Statement that organization taking event seriously and investigating it
4. Statement that organization taking steps to prevent similar event from happening
5. An apology (as appropriate)
H. The Four "R"s of Apology
1. Recognition: Knowing when an apology is in order
2. Regret: Responding empathetically
3. Responsibility: Owning up to what has happened
4. Remedy: Making it right
I. Personnel barriers to disclosure
1. Fear oflegalliability
2. Fear of loss of credibility and reputation
3. Fear ofloss of licensure
4. Fear of punishment by organization or loss of job
1\·,
5. Feelings of vulnerability i
6. Difficulty in accepting role in error

J. System barriers to disclosure
1. We've always done it this way
2. Hierarchical structure of medicine
3. Profession demands perfection

111 I
,,'
4. Struggle with accepting even most well trained and competent can make mistakes
. ' '
5. Conflict of Interest
K. A successful disclosure allows the patient and family
1. -To understand what happened
2. To understand the ramifications of the event
3. To have sufficient information to make future decisions (including seeking compensation)
,, 4. To receive an apology from the organization
5. To begin to heal
XI. Measuring a Culture of Safety

A. Methods
1. Survey
2. Rounding
3. Reporting
4. Trust
B. AHRQ: Survey on Patient Safety Culture (hospital example)
1. Communication openness
2. Feedback and communication about error
3. Frequency of events reported
4. Handoffs and transitions
5. Management support for patient safety
6. Non-punitive response to error
7. Organizational learning
8. Overall perceptions of patient safety
9. Staffing \
10. Supervisor/manager expectations and actions promoting safety
:i,
11. Teamwork across units
I
12. Teamwork within units
13. Two additional questions
a) Overall grade on patient safety
b) Number of events reported in last 12 months
14. Caring for Caregivers (Second-Victim Phenomenon)
a) Support provided for employees, physicians and licensed independent practitioners (LIPs)
after involvement
';-,•,·,'.' ... -
C. Use of safety assessments surveys
1. "The delivery of survey results is not the end point in the survey process; it is j~st the
beginning. Often, the perceived failure of surveys to create lasting change is actually due to
_faulty or nonexistent ~ction planning or survey follow up."
2. Pre- and post-safety interventions
3. Utilize results for PI action plan
a) Understand your results
b) Communicate and discuss the results
c) Develop focused action plans
d) Communicate action plans and deliverables
e) Imp~ement action plans
f) Track progress and evaluate impact
g) Share what works
D. Patient safety metrics
1. Involves both reactive and proactive measures
a) Good catches resulting in a practice change
b) Number ofFMECAs
c) Number ofRCAs resulting in a policy and procedure change
d) Sentinel events with and without disclosure
e) Number of disclosures involving risk management
f) Number of lessons learned from RCA that impacted more than two units
g) Participation in a periodic PS culture survey
h) Number of committees/family councils in which patients/families participate
1:
··.
I

REVIEW QUESTIONS
Mark your answers and then compare them with the answers explained below.
.1. High-reliability organizations:

'I
A. Provide the greatest diversity of services.
B.i Have fewer adverse outcomes.
c.:10perate complex systems without mistakes over long periods of time.
D. Offer the most cost-effective healthcare.
Answer: C
Operate complex systems without mistakes over long periods oftime.
2. A key characteristic of a high-reliability organization is a reluctance to simplify. This means

that the organization utilizes detailed processes for each key function and strives to include as
many steps as possible to decrease the possibility of errors.
A. True
B. False
Answer: B
False. This key characteristic speaks to a HRO's refusal to accept simple answers or simplistic solutions to
complex problems. The concept does not mean that the organization is reluctant to make its processes as
simple as possible, which is an attribute ofpatient safety.
3. A Failure mode, effects and criticality analysis (FMECA)) is a process used to investigate
serious adverse events in an effort to identify the active and latent causes of the event.
A. True
B. False
Answer: B
False. This definition as written mor; closely aligns with a root cause analysis. FMECA's do not require
an adverse event as the basisfor conducting the analysis. A FMECA is a proactive patient scifety tool that
'I, I
includes selecting a process, identifying the failure modes, and determining the effects ofthose failures, then
implementing an improved process.
4. Nurse Johnson was administering medications to the two patients in room 236 using the
bar-coding system. According to the facility's written procedure, the nurse was to administer
each patient's medication separately. She was to scan the medication, then scan the patient's
bar code, check for any error alerts, and then administer the medication if no alerts appeared.
The nurses complained that going out to the medication cart between patients was time-
consuming. To save time, Nurse Johnson habitually scanned the medication and the patient's
bar codes while the medication was being administered. On this day, after giving patient A his
medication, he immediately became severely short of breath, signaling an allergic reaction,
and respiratory support was required. Following an investigation it was determined that
Nurse Johnson had given patient A the medication for patient B and an error alert would have
activated in the bar-coding system. Nurse Johnson's behavior is an example of:

A. Human error
B. At-risk behavior
C. Benign neglect
D. Reckless behavior
Answer: D
Reckless behavior. The nurse consciously disregarded the hospital medication administration policy, which
was intended to prevent the type ofharm suffered by the patient. Through bypassing critical steps in the
policy the nurse put the patient at risk.
5. Safety culture surveys are intended to assess the organizational and unit-level attitudes
regarding p_atient safety. Survey results can reveal differences in perception of safety between
types of staff (such as MD and RN) and between departments or teams. They can be used to
identify pridrities for improvement and to help create a performance improvement action plan.
A. True
B. False
Answer: A. True
6. Mrs. Cobb was admitted for surgery on her right leg. At the conclusion of the surgery, she
awoke to learn that the wrong leg had been operated upon. An investigation revealed that the
pre-operative nurse had performed the site marking incorrectly and had placed the X-rays
in the OR suite facing backward. The root cause analysis team identified that failure to have
surgeons routinely participate in the site-marking process, with confirmatio:it by the patient,
was a participatory cause of the incident. This failure identified by the root cause analysis
team is an example of:
A. Latent failure
B. Reckless failure
C. Active failure
D. Supervisory failure
Answer: A
Latentfailure. The surgeon's lack ofparticipation was not a reckless or conscious disregardfor the patient's
safety, rather it was the routine process used at this facility. The active failures at the point-ofcare were
the incorrect site marking and the mistakenly placed X-rays. There are insufficient facts in the narrative to
know whether there was also was a failure ofsupervision; therefore, answer D would be incorrect;·
7. Select the answer that best identifies those organizations that are key inHuencers in the field
of patient safety: 1
:
A. Institute of Medicine (I OM), Agency for Healthcare Research and Quality (AHRQ), Fed6-al
Communications Commission (FCC), Center for Medicare and Medicaid Services (CMS)
B. Leapfrog Group, Institute of Medicine (IOM), Institute for Healthcare Improvement (IHI),
Administration for Children and Families (ACF)
C. National Patient Safety Foundation (NPSF), Institute for Healthcare Improvement (IHI),
Agency for Healthcare Research and Quality (AHRQ), Center for Medicare and Medicaid
Services (CMS)

D. The Joint Commission (TJC), Administration for Children and Families (ACF), Institute of
Medicine (IOM), Institute for Healthcare Improvement (IHI)
Answer: C
, National Patient Safety Foundation (NPSF), Institute for Healthcare Improvement (IHI),.Agency for
1
Healthcare Research and Quality (AHRQ), Center for Medicare and Medicaid Services (CMS). Although
the FCC andACF are actual federal agencies, they are not key injluencers in patient safety.
'I
8. Taxonomy is a necessary and important aspect of patient safety because:
A. It defines a common language to classify events.
B. It allows organizations to compare themselves to others.
C. It creates a common understanding from which to create action plans and drive patient safety efforts.
D. All of the above
Answer: D
All ofthe above
9. The Emergency Department is a high risk area for which of the following reasons?
1. Brief patient contact
2. Lack of familiarity with the patient's medical history
3. Use of nurse practitioners and physician's assistants
4. Language and cultural barriers
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
Answer: C
Patient assessment is at the root of.many ED risk management issues. Use ofnurse practitioners and
physicians' assistants would not impede this process; however briefpatient contact, lack offamiliarity
I '
with the patient's medical history and language and cultural barriers are involved in provider/patient
I , ,
II:;.: communication issues. Because ofhigh volumes, tight time constrains and a needfor ED physicians to act
decisively even when hampered by incomplete data, errors are likely to occur.
10. A surgeon performs a hysterectomy on a 25-~-old female due to an abnormal Pap smear
result obtained as an outpatient in the physician's office. The :final pathology report on the
uterus states the uterus contains only benign inflammation with no cancerous cells present. The
case is referred to the Obstetrics department, where the actions of the surgeon are discussed at
length. It is concluded that the surgeon acted in good faith based on the incorrect Pap smear
&om an independent laboratc>ry. The patient sues the obstetrician and the hospital, and seeks
to obtain copies of the minutes and any other documents related to the Obstetrics department
meeting. Which of the following is true?
A. The risk manager should argue that the documents are for purposes of peer review and protected
under the Health Care Quality Improvement Act
B. The risk manager should argue that attorney-client privilege should apply and not produce the
documents

c. The risk manager should argue that patient-physician privilege should apply and not produce
the documents
D. The risk manager should produce the requested documents since a lawsuit has been filed
Answer: A
Peiformance improvement and peer review documents are exemptfrom production in a lawsuit. Medical
records must be produced; but not PIIQJ data.
11. Which of the following statements regarding the use of restraints are TRUE?
1. Wrist or vest devices can be considered restraints
2. Locked seclusion is considered a form of physical restraint
3. Medicati0n used to significandy alter a patient's behavior on an emergency basis is considered a
form of chemical restraint
·'
4. Voluntary use by a patient of an unlocked "quiet room" is NOT considered a form of physical
restraint
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: D
Anything used to restrict an individual's behavior, physical or chemical is considered to be a restraint and
appropriate guidelines must be followed. However, placing a patient in an unlocked room so they can
regain composure is not a restraint since they can leave under their own volition.
12. The legal theory res ipsa loquitur would most likely apply to which of the following
scenarios?
A. A unit of blood is given to the wrong patient
B. A tornado damages visitors' vehicles on hospital property
C. A surgical sponge is left in a patient during a cesarean section
D. A visitor slips on an icy sidewalk and fractures her hip
Answer: C
Res ipsa loquitur means the thing speaks for itselfand is often used in retained-object cases. Leaving surgical
tools is not the intention ofany procedure; as such, foreign body retention is obviously a medical error. Oiice
circumstances supporting res ipsa are established, the theory shifts responsibility for proving the case from the
plaintiffto the defendant, who must then establish a lack ofculpability.
1\
•. \
13. Behavioral health patients may be at high risk for abuse. Which of the following statementS
regarding the risk of abuse of behavioral health patients are true?
1. Pediatric, adolescent, and geriatric behavioral health patients are particularly vulnerable
populations that may be at even greater risk for abuse
2. A crucial abuse prevention strategy is to require that all behavioral health workers undergo
reference checks and criminal background checks before they are allowed to work with patients

3. The organization must have a zero tolerance philosophy regarding any form of abuse including
physical, sexual, and emotional abuse
4. Behavioral health patients may be confused and/ or disoriented, and staff should be given "the
benefit of the doubt" and be allowed to continue working while a patient's allegation of abuse is
being investigated
, A. 2 and 3 only
'\
· B. 2 and 4 only
C. 1, 2 and 3 only
D. 1, 2 and 4 only
Answer:·.C
Regardle'ss ofthe degree ofconfusion or disorientation ofthe patient, all abuse allegations must be seriously
considered and thoroughly investigated. During the course ofthe investigation, the staffin question should
be suspended to prevent patient tampering and to reduce potential additional risk to the patient or other
patients, and the staffin question. The investigation results will determine whether the suspension is with or
without pay.
14. A study published in 1999 revealed that approximately 44,000 to 98,000 people die each }'ll3.t in
US hospitals due to preventable medical errors. The entity that directly initiated the study was: ·
A. The Joint Commission
B. The Centers for Medicare and Medicaid Services
C. The Institute of Medicine
D. The U. S. Congress
Answer: C
"To Err Is Human: Building a Better Health System" is the Institute ofMedicine's landmark 1999 report
on medical error.
15. To maintain confidentiality,of an incident report:

1. Send the incident report directly to risk management
2. Never make the incident report part of the medical record
3. Never mention the facts of the incident in the medical record
4. Maintain the original in the risk management office and a copy in the originating department
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
Answer: A
To maintain confidentiality, the original report should be sent to the risk manager immediately upon
completion. Copies should never he made, and the report must never be made part ofthe medical record.
The facts ofthe incident should be included in the medical record.
1
j
16. H a practitioner requests a telemedicine consult with another practitioner in a different stat~,
the consultant:
A. Must possess a valid medical license from his own state since reciprocity is granted in all states
B. Must possess a valid medical license from the requesting physician's state since reciprocity is not
granted in all states
C. May need to possess a valid medical license from the requesting physician's state since reciprocity
varies from state to state
D. Must obtain a temporary license from the requesting physician's state
Answer: C
Reciprocity requires the authorities ofeach state to negotiate and enter agreements to recognize licenses
issued by the ot#er state without further review ofindividual credentials.
17. For more than 20 years, which of the following high-risk clinical specialties has led, or been
close to the top of, severity statistics for liability claims?
A. General surgery
B. Obstetrics
C. Neurological surgery
D. Emergency medicine
Answer: B
Claim statistics show that adverse events in obstetrics are generally high severity and are at the top ofseverity
lists. Whenever there is a bad outcome in the birth ofan infant, often the parents look to assign liability to
the obstetrician and/or hospital.
Notes

Notes
',\
~----. -----.-----.-.-:,-.
. ~· •. r·· .. _.,.,.,-~--.,---.- -------
~·~·-,-~--
--~-----~·~---- --~-
LEGAL AND REGULATORY

Domain
1:·,
\
LEGAL AND REGULATORY Domain 103

~ • I
Legal and Regulatory Domain

1-fter learning the content in this section, you should be prepared to:
I
A. Examine the value of ethics as a cornerstone in the delivery of healthcare

B. Id.entify ethical considerations in treatment decisions
' .
C. Arialyze the purpose and role of an ethics committee
D. Describe the informed consent process and its impact on patient care
E. Summarize key regulations and laws that govern patient care, data management, payment,
' employment, and workplace safety in the healthcare environment
E Discuss accreditation, licensure and surveying bodies and the value of participating
KEY TERMS
Important terms and definitions relevant to this domain:
Advance directive- Written instructions recognized under law relating to the provision ofhealthcare when
an individual is incapacitated. Examples include living will and durable power of attorney for healthcare.
Age Discrimination in Employment Act- 29 U.S. C. Section 621 et seq. The federal statute
prohibiting certain types of employment discrimination on the basis of age.
I ,i
Americans with Disabilities Act- 42 U.S. C. Section 12101 et seq. A federal statute aimed at
i I
I
I Anti-kickback statutes- Medicare-Medicaid Anti-Kickback Statute (42 USC § 1320a-7b).
!
Knowingly and willfully seeking or receiving a bribe, rebate or kickback for a referral for a program,
reimbursable item or service.
'~twill" employment- Can be terminated at any time by either party (employee or employer), for
any reason or no reason. \
Autonomy- The right to self-govern or self-manage; the capacity to make an informed, uncoerced
decision.
Becomes aware -A facility becomes aware of an event when the clinical personnel employed or
affiliated with a user's facility learn of a potentially reportable event.
Belmont report- Report describing the basic ethical principles on which all biomedical and
behavioral research should be based.
Beneficence - The concept of doing good.
Capabilities- CMS refers to two requirements: 1) physical capabilities and 2) personal capabilities.
• Medical facility capabilities: Physical space, equipment, supplies and services the hospital
provides (e.g., surgery, psychiatry, obstetriCs, pediatrics).
• Staff capabilities: Level of care the personnel of the hospital can provide within the training and
scope of their professional licenses.
Capacity-
• Hospital: Ability of the hospital to accommodate the individual requesting examination or
I .:1', '
----'----~ -- ._ -'--"--'--"-------
treatment of the transferred individual; encompasses such things as numbers and availability of
qualified staff, beds and equipment and the hospital's past practices of accommodating additional
patients in excess of its occupancy limits.
• Patient: The mental ability to make rational de_dsions.
Case law- Law based on judicial precedent rather than statutory law.
Civil false claims- Enables lawsuits by government or any individual (qui tam relator) against one
who submits a false claim to the government.
Common law- Used interchangeably with case law.
Common rule (45 CFR 46)- Basic Department of Health and Human Services policy for
protection of human subjects that encompasses the human subject protections followed by all federal
agencies that sponsor research.
Conditions ofParticipation (CoPs)- Requirements hospitals must meet to participate in the
Medicare and Medicaid programs.
Corporate compliance- As relates to healthcare fraud and abuse, any number of programs and
initiatives undertaken by providers to avo~d civil and criminal inv~tigations and charges related to
improper billing procedures, inappropriate referrals, kickbacks and' other prohibited activities under
federal statutes such as the Anti-Kickback Act and the Stark I and Stark II amendments to the Medicare
Act. Many healthcare providers have taken corporate compliance programs beyond these specific
legislative and regulatory requirements to encompass broader corporate business ethics concerns.
Covered entities (CEs) -Any healthcare provider who transmits health information in electronic
form in connection with a "standard transaction." Among covered entities are healthcare providers
(hospital, physicians, insurance company, etc.) and health plans (pay for cost ofhealthcare),
healthcare clearinghouses (furnish bills or pays for healthcare services).
Dedicated emergency department (DED) - Must meet one of the following criteria:
• Licensed as an emergency department
• Advertises itself as providing emergency care
• One-third or more of walk-in patients seen for conditions that are considered "emergency
medical condition" as defined within the statute. -
Drive-through deliveries - Childbirth resulting in short postpartum stay as determined by the
managed care organization or other health plan.
Elder abuse - Single or repeated act or lack of appropriate action, occurring within any relationship
where there is an expectation of trust, which causes harm or distress to an elderly person. ',
Elements of informed consent for research - Include full disclosure of the nature of the re5earch '
and the subject's participation, adequate comprehension on the part of the potential subject and the
subject's voluntary choice to participate.
Emergency medical condition (EMC) -Medical condition manifesting itself by acute symptQms of
sufficient severity (including severe pain) such that the absence of immediate medical attention 't:oulH
reasonably be expected to result in:
• Placing the health of the individual in serious jeopardy
• Serious impairment to bodily functions
• Serious dysfunction of any bodily organ or part
Or with respect to a pregnant woman who is having contractions:

• There is inadequate time to effect a safe transfer to another hospital before delivery, or
• Transfer may pose a threat to the health or safety of the woman or the unborn child
Note: Regulations define "emergency medical condition" to include psychiatric illness including
alco~ol and drug intoxication. - .
Emergency medical services (EMS) - Provision of services to patients needing immediate care
EM~ sys.tem - Comprehensive, coordinated arrangement of resources and functions that are
organized to respond in a timely, staged manner to targeted medical emergencies, regardless of cause
or the patient's ability to pay, in order to minimize their physical and emotional impact (National
Association of State EMS Directors and National Association of EMS Physicians definition).
Food and Drug Administration (FDA) -Federal agency whose responsibility to protect the public
health by regulating commerce involving food, drugs, medical devices and the like; is authorized to
gather information regarding the safety of medical devices, including adverse incidents attributed to
use under the Safe Medical Device Act.
Fraud and abuse - Informal term for the various federal statutes and regulations regarding inappropriate
billing, kickbacks, referrals, etc., related to the federal or state Medicare/Medicaid programs.
Futile care - The care that the patient's family demands, but which the clinician has decided is
medically unnecessary.
Health Insurance Portability and Accountability Act o£1996 (HIPAA) - 42 U.S. C. Section 201 et seq.
Amendments to ERISA addressing a variety of healthcare-related issues including fraud and abuse and the
portability of group health insurance benefits as well as mandating specific patient-privacy protections. It
is a federal law that resulted in the promulgation of several regulations including the HIPAA Privacy Rule.
Human subject - A living individual about whom an investigator (professional or student)
conducting research obtains data through intervention or interaction with the individual or
identifiable private information. ·
Implied consent - Consent to healthcare diagnosis or treatment manifested by action or by a silence
that raises the presumption that an authorization is given.
Informed consent - The legal doctrine that patients generally have a right to be informed regarding
proposed medical and surgical treat.rn_ents, including anticipated benefits, risks, and alternatives, and
to accept or reject such proposed treatments.
Institutional review board (IRB) - Required for any healthcare institution that receives federal
funding for human research from a department or agency covered by the common rule or that
conducts research that is regulated by the FDA
Justice - Provide what is owed; treat fairly, fair and just allocation of resources within the community
being served.
• Life-sustaining treatment- Any treatment that serves to prolong life without reversing the medical
condition.
Long-term care services- Range of medical and/or social services designed to help people with
disabilities or chronic care needs (Department of Health and Human Services definition).
Medical emergency- Sudden and/ or unanticipated medical event that requires immediate assistance.
Medical screening exam (MSE) -Process required to reach with reasonable clinical confidence, the
point at which it can be determined whether a medical emergency does or does not exist applied in a
nondiscriminatory manner (i.e., a different level of care must not exist based on payment status, race,
national origin, etc.).
- ,_-·;1.
Med Watch form - Required form filed by facilities required to report events, injuries of patients.
Minimum necessary - Least amount of PHI disclosed to meet the request and accomplish the
intended purpose.
Non-maleficence- Avoiding harm; to not harm intentionally.
Notice of privacy practices (NPP) -Provided by covered entity which delineates how CE routinely uses
and discloses PHI, provides the rights and responsibilities of the patient, to whom the patient may complain.
Office of Civil Rights (OCR)- Office within Department of Health and Human Services which
enforces HIPM Privacy and Security compliance.
Paternalism -A unilateral and sometimes unreasonable decision by health care providers that implies
that they know what is best, regardless of the patient's wishes.
Patient Self Determination Act (42 USC Section 1395 et seq.)- Federal statute requiring certain
healthcare orga~izations to provide patients with information regarding advance medical directives.
Protected health information (PHI) - Includes information regarding a patient's condition and
provision of payment (past, present, future).
Prudent layperson standard - Request of the individual will be'considered to exist if a prudent
layperson observer would believe, based on the individual's appearance or behavior, that the
individual needs examination or treatment for a medical condition.
Regulation - Legislative mandates such as federal and state law; there are others that reflect
regulatory requirements, such as government-sponsored programs (e.g., Medicare).
Research -Activity designed to test a hypothesis, permit conclusions to be drawn and thereby to develop
or contribute to general knowledge; also "a systematic investigation, including research development,
testing and evaluation, designed to develop or contribute to general knowledge" (45 CPR 46.102(d)).
Sarbanes-Oxley Act (SOX) - Applies to public companies that are required to file periodic Securities
and Exchange Commission (SEC) Reports under Sections 12 or 15 (d) of the Security Exchange Act
of 1934 or if the public company has filed a registration statement that has not yet become effective
under the Securities Act of 1933.
Single use devices (SUDs) - Devices reprocessed for reuse originally intended for single use.
Stabilized- With respect to an EMC, that no material deterioration of the condition is likely, within
reasonable medical probability, to result from or occur during the transfer of the individual from a
facility, or, with respect to pregnancy, that the woman has delivered, including the placenta.
Surrogate - One who legally stands in place of another.
Telemedicine I telehealth - The use of telecommunications to provide medical information and
services. Also, the provision of healthcare consultation and education using telecommunication
networks to disseminate information; medical practice across distance via telecommunications and
interactive video technology (American Medical Association's Council on Medical Education and
Medical Services). The use of electronic information and communications technologies to prov~~e
and suppon healthcare when distance separates the participants (Institute of Medicine). \
Vulnerable subjects - Human subjects are considered vulnerable and require special considerations
if there are legitimate concerns about competency to understand information presented to them an~
make reasoned or informed choices; populations include children, pregnant women, prisoners, those
with psychiatric, cognitive and developmental disorders and substance abusers.

OUTLINE
I. Statutes, Standards and Regulations
A._Healthcare is one of ~e most highly regulated industries
1. Mandatory: State and federal law
2. Voluntary: TJC, NCQA, etc.
\ B. \Risk managers need to assist the organization in complying with both mandatory and voluntary
for the following reasons:
1. Reimbursement can be influenced by compliance
2. Policies and procedures must be developed to ensure compliance
3. Reputation of the organization
4. Patient satisfaction
C. Categories of key regulations and laws
1. Patient care
2. Data management
3. Payment
4. Employment
5. Workplace safety
IT. Types ofLaw

A. Statutory law
1. Enacted by congress and approved by the president.
B. Administrative law
1. RegWations and rules developed and implemented by a federal or state agency to provide
direction for carrying out the purposes of the Acts it oversees
C. Case law '

1. Judicial interpretation of a statute or established court precedent (also known as common law)
I
,!
ID.Ethics
A. Ethical Basics
1. Ethics center on deliberations and explicit arguments to justify particular actions
2. Created by the collision of:
a) Law
b) Medicine
c) Biotechnology
d) Business
e) Philosophy
f) Religion
.I
:~
,;:y:;;-:.-:.·.·
3. Focuses on the reasons why an action is considered right or wrong
a) Ethical principles and moral obligations
b) Societal policy
c) Professional guidance (code of ethical behavior vs. clinical ethics)
(1) ASHRM Code of Professional Conduct: available at http://www.ashrm.org
Practicing responsibility to the profession
Practicing responsibility to those we serve
Avoiding conflict of interest
(2) AMA's Principles of Medical Ethics: available at www.ama-assn.org
(3) U.S. Ag~ncy for International Development
· (a) How to interpret the federal policy for the protection of human subjects of
"Common Rule"· available at www. usaid.gov
B. Ethical Principles
!.Autonomy
a) Ability to make decisions with~ut undue influence .\
b) Fundamental basis for informed consent and informed refusal
2. Beneficence
a) To do good and protect from harm
3. Non-maleficence
a) To avoid causing harm or prohibition against cruel treatment
4. Justice
a) Fairness and equal distribution ofhealthcare, non-discriminatory care
C. Moral Obligations
1. Related to conduct that conforms to accepted customs or conventions of a people
2. Respect patient's privacy and protect confidentiality
3. Communicate honestly about all aspects of the patient's diagnosis, treatment and prognosis
4. Determine whether patient is capable of sharing in decision making
5. Conduct an ethically valid process of informed consent
D. Ethical issues
1. Advance directives: A method to make decisions known to healthcare providers
2. Do-not-resuscitate orders: Physician communication to other healthcare providers that is
typically based upon prior conversation with patient/family
3. Research: Includes identification of risks and benefits, addresses data collection and pr~tecq
1
the subject's rights (including termination of participation) •
4. Institutional review boards: Charged with establishing protocols for and oversight of clinical trials
I
5. Informed consent \
E. Patient Self-Determination Act of 1990
1. Overview of the law
a) The law, 42 U.S. C. 1395 cc (a), established the right of competent patients to make

binding, legally enforceable decisions about their healthcare preferences to be followed
should they later become unable to express them
b) Encourages patients to consider the option of preparing an advance directive
'":
c) Requires providers to develop policies and procedures to address a patient's right to refuse
treatment and to execute an advance directive in accordance with individual state laws
~) Encourages patients to consider the option of preparing an advance directive
\ e) Requires providers to develop policies and procedures to address a patient's right to refuse
treatment and to execute an "advance directive" in accordance with individual state laws
f) Requires healthcare providers to furnish information about self-determination to their patients
2. Requirements
a) Written policies and procedures
(1) Living wills
(2) Durable power of attorney
b) Notice of Rights to provide information to patients concerning:
(1) Right to make healthcare decisions
(2) Right to accept or refuse care
(3) Right to formulate advance directives
!;
I
:I
(4) Presented at time of admission for inpatients, at time of enrollment for HMOs, prior
'I
to care for home health agencies
c) Documentation in medical record of advance directive
d) May not require advance directive as precondition to care
e) Compliance policy must be instituted to deal with elements oflaw and establish a formal
process for investigating and resolving patient grievances
f) Proyide education for staff and community on issues concerning advance directives
3. Applies to:
a) Hospitals
b) Nursing homes (SNFs)
c) HMOs participating in Medicare
d) Home care and hospice programs
e) Hospice programs
4. Does not apply to:
a) Free-standing outpatient clinics
b) Private physician offices
5. Recognized under state law; specifics apply to each state's laws
6. Penalties/sanctions
a) Condition of Participation in Medicare and Medicaid programs
b) Appeal process
:I

I;
! i
~-~- ---.- ·.· _".,
I',;',',".!, ----
7. Risk management implications ofPatienr Self-Determination Act

a) Develop, implemenr and monitor compliance with policies and procedures that address
each element of the law
b) Familiarity with the specifics of the state's laws, if any, relating to advance directives
c) Keep copies of written materials for later reference
d) Educate staff on encouraging patients to complete an AD and having proper staff available
to answer questions from patient and family
F. Advance Directives
1. Legal documenr: May include living will and durable power of attorney for healthcare.
2. Completed in advance and when patient has capacity to do so
3. Governed at the state level
·'
4. No uniform document
5. Preferably written, but also can be verbal
6. Can specify what to include and b:clude (such as intubation, mechanical ventilation,
antibiotics, blood transfusions, dialysis, anificial nutrition/hydration)
7. Patienr can change mind at last minute
G. Do Not Resuscitate
1. Governed at the state level
2. Requires a physician order
3. Documented in the medical record
4. Requires clear policy and procedure
5. Documented education of patienr, family and staff
6. Does not require an advance directive as a precondition
7. May be rescinded for surgical interventions
H. Assisted Suicide
1. Rendering of assistance to a person who wants to end his or her life but is not able to do this alone
2. In some states, when a healthcare provider does this, it is considered murder
3. In other states, governments have legalized this procedure; also known as euthanasia
4. Consideration: Does the diagnosis make a difference? Does the amount of pain and suffering
make a difference (quality of life)?
I. Withholding and Withdrawing Treatment
1. Life-sustaining treatment is any treatment that serves to prolong life without reversing rpe
medical condition
2. Clear policy and procedure that outlines what life-sustaining treatment entails and under
what criteria/parameters withholding/withdrawing of care can occur
3. Examples of such treatment
a) Intubation
b) Mechanical ventilation

c) Renal dlalysis
d) Artificial nutrition and hydration
e) Antibiotics
f) Blood and blood products
J. Capacity
1~~Mental ability to make a rational decision, which includes the ability to perceive and
appreciate all relevant facts; ability to weigh the risks, benefits, and alternatives; not necessarily
synonymous with "sanity"
2. Patients requirements
a) 'Able to understand the nature of the situation and the consequences of the decision
'
b) Of age (varies greatly by state and circumstances)
c) Able to communicate the wishes to the caregiver
d) Normally determined by the physician
e) Presumed unless there is a reason to question
f) May come and go so act as close to the time of capacity as possible
g) Normally not questioned as long as the healthcare providers and the patient's family agree
K. Surrogates of Patients
1. Definition: The individual who is legally authorized to make healthcare decisions on behalf of
a patient who is unable to make or communicate decisions
a) Common law next-of-kin
b) Established in advance dlrective, such as durable power of attorney for healthcare
c) State-specific
L. Futile Care
1. Quality oflife is defined by the patient's values, not by the surrogate or caregiver's
2. Physicians do not have an obligation to deliver care that, in their best judgment, will not have
a reasonable chance of benefiting the patient
3. Physicians are not required to violate their own ethical or religious beliefs
4. Clinical staff may decline only for reasons of "conscience"
5. Do not abandon the patient; arrange transfer
6. Have appropriate policies
7. Be sure decisions are based on medlcal issues, not age, social status, or be financially driven
8. Avoid court if at all possible
9. Negotiate with the patient, surrogates, and healthcare providers, if necessary
10. Use the Ethics Committee
M. Culturally-Appropriate Care
1. The National Quality Forum
a) Endorsed 45 best practices to deliver culturally appropriate and patient-centered care
(1) Issues addressed

(2) Communication
(3) Community engagement
(4) Workforce training
2. The Joint Commission Requirements to Advance Effective Communication, Cultural
Co~petence, and Patient-Centered Care
a) Became effective January 1, 2011 with a grace period of 1 year
b) Will be graded in TJC 2012 surveys
c) Incorporates issues such as diversity, language, culture, health literacy into current
standards or draft new requirements
d) Some issues addressed
(1) Effective communication
(2) Equitable treatment
(3) Accommodation of patient's cultural, religious, spiritual needs and beliefs
(4) Non-discrimination in card
(5) Staff training in cultural sensitivity
N. Ethics and the Law
1. Ethical decisions are based on what is best for the. common good and, generally, exceed what
is required by law
2. Legal decisions are based on what is mandated by statutes or case law
3. Case Law Examples
a) Karen Ann Quinlan: Matter of Quinlan, 70 N.J. 10, 355 A. 2d 647 (1976)
(1) Ethical issues: Legal vs. medical death; patient wishes
In 1975, for whatever reason, Ms. Quinlan ceased breathing for at least two 15-minute
periods. Subsequently she was found to be in a "chronic persistent vegetative state."
Her father requested that her life support be withdrawn 3.11;d was refused. He sued for
the right to have her life-support withdrawn, and to be declared legal guardian. He
was adjudicated in the negative. He appealed to the New Jersey Supreme Co~rt and
its decision was in the affirmative granting guardianship. He then had the ventilator
removed, but the gastrostomy tube stayed in place. After the removal of the ventilator,
Ms. Quinlan was transferred to a nursing home where she survived for approximately
10 years before succumbing to pneumonia. .
b) Nancy Cruzan: Cruzan et ux. v. Director, Missouri Department of Health, et al
(1) Ethical issues: Gave constitutional status to the ethical principle of autonomy; clear
and convincing evidence standard introduced
Court's first right to die case. In 1983, Nancy Cruzan was involved in an accideri.t ,
leaving her in a "persistent vegetative state." She was sustained for several weeks ~th .
artificial feedings via a gastrostomy tube. When her parents attempted to terminate
life-support, state hospital officials refused to do so without court approval. The
Missouri Supreme Court ruled in favor of the state's policy over Ms. Cruzan's right
to refuse treatment. The question before the U.S. Supreme Court was "Did the Due
Process Clause of the 14th Amendment permit Cruzan's parents to refuse lifesustaining
treatment on their vegetative daughter's behalf?" In a 5-4 decision, the court held that,

while individuals enjoy the right to refuse medical treatment under the Due Process
Clause, incompetent persons were not able to exercise such rights. Absent "clear and
convincing evidence" that Ms. Cruzan desired treatment to be withdrawn, the Court
found the State of Missouri's actions designed to preserve human life to be constitutional
because there was no guarantee family members would always act in the best interest
of incompetent patients and, because erroneous decisions to withdraw treatment were
irreversible, the Court upheld the state's heightened evidentiary requirements. Ms.
Cruzan's gastrostomy tube was withdrawn, and she died about 10 days later.
c) Nelly Vega: Stanford Hospital v. Vega, 236 Conn. 646 (1996)
(1) Ethical issues: The state's interests of preservation oflife, protection of an innocent
third party, prevention of suicide, maintenance of ethical integrity of the medical
professions; the hospital's interests of preserving life, protecting the ethical integrity
of the healthcare profession; the patient's interest of right of self-determination,
constitutional right to exercise religious freedom.
The Supreme Court of Connecticut held that a hospital's interest in preserving a
patient's life and in protecting the medical profession's ethical integrity were not
sufficient to take precedence over the common law right of self determination of a
Jehovah's Witness to refuse a blood transfusion.
d) Terri Schiavo: Theresa Schindler Schiavo, ex rei. v. Michael Schiavo, as guardian (2005)
(1) Ethical issues: State's interest, patient's interests, spousal vs. parental interests
In 1990, Terri Schiavo collapsed at her home, suffered a cardiac arrest and sustained
permanent loss ofbrain function. On June 1990, her spouse, Michael, was formally
appointed to serve as legal guardian, because Ms. Schiavo was adjudicated incompetent
by law.. This appointment was undisputed. In 1994, her spouse acknowledged the
irreversibility of her condition and imposed a "do not resuscitate" order should Ms.
Schiavo experience another cardiac arrest. Ms. Schiavo's biological family also did not
dispute this. In 1997, Michael elected to initiate an action to withdraw artificial life
support. Her parents opposed this, stating that she displayed special responses, mosdy
to her mother, but that these had not been observed or documented. This began
lengthy legal maneuyerings by her parents to stop the withdrawal of life support and to
try to remove Michael as his wife's guardian. Various legal challenges and interference
by the Office of the Governor of Florida occurred, however, in March 2005 the feeding
tube was removed for the final time, and Ms. Schiavo was allowed to die.
0. Ethics Committee
1. Basic ethical concepts include autonomy, beneficence, paternalism, non-maleficence, justice
a) Chairperson should be well educated or trained in ethical issues
b) Multidisciplinary including appropriate medical and clinical staff
c) A clerical representative from the religious community should be a member
d) A layperson from the community should be a member
e) Decisions are nonbinding- consultative only
f) The risk manager should:
(1) Be a neutral party during the discussions
(2) Serve as a facilitator
(3) Act as a consultant on legal issues

(4) Develop a systematic approach to obtaining an ethics committee consultation that
addresses both a routine process as well as an ad hoc process
2. Topics for Ethics Committees
a) Abortion and reproductive rights
b) End-of-life or futile care
c) Quality of life
d) Surrogate decision-making
e) Advance directives
f) DNRs
g) Meqical resources
h) Staff; rights that conflict with patient wishes
i) Specifically designed to screen out hospital with issues
rv. Consent
A. Introduction
1. Consent is an important element of the provider/patient relationship
2. Consent is the act of agreeing to a specific diagnostic test or treatment; it can be characterized
as a contract for agreed upon services
3. Consent is a communication process between provider and patient, not merely the
completion of a form
4. Consent can be characterized as a contract for agreed upon services
5. Consent is practitioner's (individual who is to conduct the proposed test or treatment)
responsibility that is non-delegable
6. Consent presumes that an adult is capable of making treatment choices, as are minors under
defined circumstance
B. Legal sources of influence in the consent process
1. Federal law- Consumer Bill of Rights and Responsibilities published in 1997 reiterates the
fundamental framework of consent
a) Provide easily understood information to patients and opponunity to select among options
b) Discuss all treatment options with a patient in a culturally competent manner, ~eluding
the option of no treatment
c) Ensure that patients with disabilities have effective communication with care providers and
the tools for effective communication (e.g., interpreters, communication boards, etc.)
d) Discuss all current treatments a consumer may be undergoing, including alternative'\
treatments and those that are self-administered ·
e) Discuss all risks, benefits and consequences to treatment or non-treatment
f) Give patients the opponunity to refuse treatment and to express preferences about future'·
treatment decisions
g) Discuss the use of advance directives- both living wills and durable powers of attorney for
healthcare with patients and their designated family members

, .
<;"".
Jl::
.-~~
'
~~
.
h) Abide by the decisions made by patients and/ or their designated representatives consistent '-:j
with the informed consent process ·1

i) Give patients opportunity to refuse treatment and express preferences about future
~
treatment decisions, including advance directives
j) Assure patients that care providers will abide by patient'~ decisions
2. Other federal laws, regulations and guidance promote the consent process
\ a) Civil Rights Act of 1964
(1) Bars discrimination on basis of race, background, etc., thereby necessitating use of
interpreters when necessary
(2) Office of Civil Rights monitors compliance
b) Medicare Conditions of Participation (CoPs)
c) Patient Self-Determination Act of 1990 (PSDA)
d) HIPAA
e).EMT.ALA
f) Americans with Disabilities Act of 1990 (ADA)
3. State law
4. Case law
C. Types of Consent
1. General: Typically seen at time of admission for non-invasive, low-risk or routine procedures
such as blood work
2. Informed: For invasive or high-risk procedures such as surgery; feeding tube placement or
cardiac catheterization ·
3. Implied consent: For emergency situations such as stabilization of the airway following a car
accident
D. Elements of Consent to Treatment
1. Disclosure of the nature and'Purpose of the test or treatment
2. Description of the probable risks and benefits
3. Explanation of risks and benefits of alternatives
4. Risks and benefits of foregoing the test or treatment
5. Opportunity for questions and understandable answers taking into consideration the patient's
or surrogates comprehension level
6. Opportunity to make a decision free of coercion and undue influence
E. Legal authorities differ regarding what is "enough" information to disclose in a consent dialogue
1. Patient need: Information that a reasonable person would want to know
2. Medical community: What the caregiver believes patients should be told
3. Essential information should be disclosed to prevent or eliminate misunderstanding or
misinformation, such as:
a) Risk of death, disfigurement, disability or major change in lifestyle
b) Degree of pain, dysfunction or discomfort associated with the test or treatment

~'-'-'-'""'-'-----'---'~-'- __ ', L::_._::t '-'-- - - -
c) Time commitment associated with proposed and alternate treatments, including rehab,
physical therapy or long-term medication management
d) Urgency to undergo the test or treatment
e) Consequences of·deferring or refusing the tester treatment
F. Exceptions from the General Rules of Consent
1. Emergency treatment exception
a) Basic criteria
(1) Life threatening illness or injury requiring immediate attention
(2) Patient unable to communicate
(3) ;N"o time to secure treatment authorization
(4) ~imited to care only to extent that it is necessary to rectify the urgent situation
(5) Comprehensive documentation supporting the emergency condition and fulfillment of
the basic criteria
(6) Steps to minimize inappropriate use of emergency~xception:
(a) Clinical decision support tools such as clinical pathway or decision trees for
declaring emergency
(b) Staff and physician education
(c) Comprehensive documentation
2. Therapeutic privilege exception
a) To protect the patient from consequential harm arising from disclosure of medical information
b) Criteria for invoking the privilege
(1) Assessment of facts and circumstances
(2) Assessment preferably made by someone not involved in the patient's care
(3) Comprehensive documentation of assessment and decision
3. Compulsory treatment situation
a) Empowers public health officials to test, treat or quarantine individuals with infectious illnesses
G. Importance of an Informed Refusal of Care
1. Patient or recognized decision-maker must have mental capacity
2. Inform patient of consequences of refusal of proposed test or treatment
3. Document discussion with patient or recognized decision-maker
4. Patients and decision-makers have the right to withdraw consent
H. Needs of Specific Patients in the Informed Consent Process
1. Preliminary screening to identify special patients
2. Patients who warrant special considerations
a) Minors
(1) State laws differ
(2) Mature or emancipated minors may consent to treatment related to pregnancy,
sexually transmitted disease, mental health treatment or alcohol abuse· treatment

l j
(3) Physician should assess minor to ensure such minor has the appropriate level of
judgment and reasoning skills for medical decision making
b) Mentally disabled or challenged per~ons, such as those with dementia or psychosis
c) Patients undergoing specific care as may be identified by law
(1) Breast cancer
., (2) SterUization
(3) Blood transfusion
(4)HN
d) Auditory, speech or visually impaired patients - ADA requires reasonable accommodations
to
facUitate the patients understanding, such as use of telephone or amplification devices,
sign language, interpreters for limited English proficiency, etc.
e) Culturally sensitive situations
f) ~esearch patients - Have a specific process and form that must be followed
(1) Addressed in the PSDA
(2) Identify risks and benefits of participating in research
(3) Minimize risks
(4) Perform risk-to-benefit evaluation
(5) Determine intervals of periodic review
(6) Determine mechanisms for monitoring data collection
(7) Protect subject's rights that mandates a process for accepting, rejecting and terminating
participation in research
I. Consent Litigation
1. Despit.e the presence oflaws and controls, consent- or lack of it- remains a persistent basis
for claims in professional liability lawsuits.
2. Consent litigation reflects a breakdown in the provider-patient relationship
3. Risk managers should be familiar with consent-related issues arising from
a) Managed care
b) Compulsory treatment situations
c) Behavioral health settings
d) Minors
e) Ambulatory care
f) Documentation
4. Results of a breakdown in the consent process
a) Battery - care provided absent consent or after consent is withdrawn
b) Unprofessional conduct
c) Negligent consent- FaUure to disclose material risks
d) Misrepresentation or deceit - intentional harm
e) Breach of contract- Assertion that care promised was not achieved

f) Corporate liability- "Constructive notice" of flawed consent process
g) Licensure action - Failure to follow applicable consent law or regulations
h) Compliance action - Failure to comply with provisions of Medicare's "patient's rights"
condition of participation
J. Risk Management Approach to Consent or Treatment
a) Ensure disclosure of conflicts of interest
b) Prohibit "gag" clauses
c) Prohibit punitive measures taken against providers or other healthcare workers who
advocate on behalf of the patient
d) Includes criteria for making and documenting an assessment that establishes mental
cap:icity when appropriate
2. Risk identifiers for reviewing consent-related incidents, claims and patient complaints
3. Education
a) Must recognize state-specific exceptions
b) Educating providers as to their role in this process and its value in facilitating a greater
trust with patients should be emphasized
4. "Family-focused" consent process is encouraged
5. Consent checklist is a tool to facilitate consent process
a) Evaluate ability of patient or decision-maker to participate in the process
b) Confirm patient's understanding of disclosure
c) Confirm patient's understanding of treatment plan
d) Screening questions for continuing care interventions
e) Tool may be customized for different settings
f) Tool may be used as evidence of compliance
6. Documentation: Can be short- or long-form, or detailed notes in the medical record that are
typically driven by organizational policy; procedure and/or practices
V. Patient Care Regulations and Laws

A. CMS develops Conditions of Participation (CoPs) and Conditions for Coverage (CfCs)
1. Healthcare organizations must meet CoPs and CfCs in order to begin and continue
participating in the Medicare and Medicaid programs.
2. These standards are the foundation for improving quality and protecting the health anq safety
of beneficiaries. \ ~
3. CoPs and CfCs apply to the following healthcare organizations:

a) Ambulatory Surgical Centers
b) Community Mental Health Centers
c) Comprehensive Outpatient Rehabilitation Facilities
d) Critical Access Hospitals

e) End-Stage Renal Disease Facilities
f) Federally Qualified Health Centers
g) Home Health Agen~ies
h) Hospices
i) Hospitals
I
J) Hospital Swing Beds

k) Intermediate Care Facilities for Individuals with Intellectual Disabilities
1) Organ Procurement Organizations
m) Portable X-ray Suppliers
n) Programs for All-Inclusive Care for the Elderly Organizations
o) Clinics, Rehabilitation Agencies, and Public Health Agencies as Providers of Outpatient
Physical Therapy and Speech-Language Pathology Services
p) ·Psychiatric Hospitals
q) Religious Nonmedical Healthcare Institutions
r) Rural Health Clinics
s) Long-term Care Facilities
t) Transplant Centers
4. CoPs for Hospitals
a) Covers many hospital services and .functions such as
(1) Quality assessment and performance improvement, medical staff, nursing, infection
control, surgical ~ervices, governing body, patient's rights, medical records, physical
environment, pharmacy, radiology, lab, food services, etc.
b) Co.P: Nursing Services
(1) Defines the operational elements of a nursing service that includes the following
mandates:
(a) Staffing and staff supervision
(b) Developing and implementing nursing care plans
(c) Staff competency assessment
(d) Medication administration
(e) Mandatory reporting of blood transfusion reactions, adverse drug reactions, and
medication errors
c) CoP: Infection Control
(1) Requirements include:
(a) Designating an infection control officer
(b) Developing and maintaining a log system
(c) Creating policies and procedures
(d) Delegating responsibility and accountability on hospital leadership
(e) Ensuring that hospital-wide QI and training programs are implemented
(f) Implementing corrective action plans

I_ _ _
····· . .-.
-···.-:.-
d) CoP: Surgical Services
(1) Scope of the services:
(a) Staffing
(b) Duties of staff
(c) Surgical privileges
(d) Consistency between quality of inpatient and outpatient surgical services
(2) Delivery of service requirements
(a) Medical history and physical examination
(b) Informed consent form
·{c) Post-operative care requirements
.(d) Operating room register
(e) Operative report
e) CoP: Patient's Rights Standard.s
'
(1) Notice of Rights- patients notified in writing
(a) Complaint and Grievance Process
(2) Exercise of Rights: Patient has the right to participate in medical decision making
(3) Privacy and Safety: Patient has right to privacy and a safe environment
(4) Confidentiality of Medical Records: Reaffirms and strengthens confidentiality of
medical information
(5) Restraint or seclusion: Protocols for use of restraints and seclusion including staff
education mandate
f) CoP: Complaint and Grievances Standards
(1) Standards set by CMS that hospitals must follow to manage complaints and grievances
(2) Standards must ensure:
(a) Families are informed of their rights to present complaints and the mechanism to
do so; by issuing a complaint it does not compromise patient's future access to care
(b) Analysis of complaints and appropriate action is taken to correct the issues
(c) A response is sent to each patient/family which addresses the complaint.
g) CoP: Quality Assessment and Performance Improvement Program
(1) Standards
(a) Must develop, implement and maintain effective, ongoing hospitalwide, data-
driven quality assessment and performance improvement program ,.,
. \
(b) The program must include, but not be limited to, an ongoing program for which
there is measurable evidence that health outcomes will improve and medical errors
will be indentified and reduced.
(c) Must measure, analyze and track quality indicators including adverse patient events and
other aspects of performance that assess processes of care, hospital service and operations
(d) Must take actions aimed at performance improvement, measure success of
interventions and monitor to ensure improvements are sustained ·

5. Risk Management Implications of Medicare Conditions of Participation
a) Many other CoPs address wide range of healthcare organizations
(1) Hospitals
(2) Home health agencies
(3) Ambulatory surgical centers
(4) Outpatient rehabilitation fac:ilities
(5) Psychiatric hospitals
(6) Home health agencies/hospices
(7) Providers of outpatient services
b},Development of actual means to compliance left up to program participants; consult with
legal counsel for interpretation of CoPs if necessary
c) Complete compliance with CoPs should be monitored on an ongoing basis
B. CMS Hospital Acquired Conditions (HACs)
1. Medicare will not pay a hospital at a higher rate for an inpatient hospital stay if the sole reason
for the enhanced payment is one of the selected HACs and the condition was acquired during
the hospital stay.
2. Enacted due to:
a) High cost and/or high volume
b) Assignment of higher MS-DRG payment (increased reimbursement)
c) Could reasonably have been avoided through evidence based medicine
3. CMS list ofHACs inch,1.de
a) Foreign objects retained after surgery
b) Air embolism
c) Blo.od incompatibility
d) Stage III and N pressure.,ulcers
e) Falls and trauma
(1) Fractures
(2) Dislocations
(3) Intracranial injuries
(4) Crushing injuries
(5) Burns
(6) Other injuries
4. Iatrogenic Pneumothorax with venous catheterization
5. Manifestations of poor glycemic control
6. Catheter-Associated Urinary Tract Infection (CAUTI)
7. Vascular Catheter-Associated Infection

--~~------
8. Surgical site infection following:

a) Coronary Artery Bypass Graft (CABG) -Mediastinitis
b) Bariatric surgery (gastroenterostomy, gastric bypass, gastric restrictive surgery)
c) Cardiac Implantable Electronic Device (CIED)
d) Orthopedic procedures (spine, neck, shoulder, elbow)
9. Deep Vein Thrombosis (DVT)/Pulmonary Embolism (PE) following:
a) Total knee replacement
b) Hip replacement
C. Healthcare Quality Improvement Act- (HCQIA)
a) To provide protections for all healthcare organizations and individual participants engaged
in formal peer review activities if certain conditions are met
b) Does not necessarily provide added protections over and above state statutes, but may
apply in cases of claims filed uhder federal antitrust latys
2. Peer review immunity
a) Encourages hospitals, licensing boards, professional societies, group medical practices, etc.
to engage in effective peer review
b) Qualified immunity from liability in civil actions attaches to those engaged in peer review
if the professional review action is taken
(1) To further quality healthcare
(2) After reasonable effort to ascertain the facts
(3) After notice and fair hearing opportunities are afforded the physicians
(4) In the reasonable belief that the action is supported by the facts
3. Physician due process
a) Notice of a proposed professional review action must include .
(1) Reason for the review
(2) Time frame within which a physician may request a hearing is not less than 30 days
after the date of the notice
(3) Summary of fair hearing rights
b) Physician rights
(1) List of witnesses appearing for the reviewer
(2) Notice of time, place and date of hearing
(3) Representation by counsel 1:
··.
\
(4) Written record of proceedings

(5) Examination and cross-examination of witnesses
(6) Presentation of relevant evidence
(7) Submission of a written closing statement
(8) Written recommendations/rationale of the reviewer
(9) Written decision/rationale of the healthcare entity
- _, ____________
, ___________________________________________
c) Institutional rights
(1) Institution may suspend or restrict privileges for 14 days during which an investigation
may be conducted to determine the need for a professional review action
(2) Institution may summarily suspend privileges, subject to subsequent notice and
hearing, if failure to take such action would jeopardize the health of any individual
4. Established the National Practitioner Data Bank (NPDB)
I
:, a) Purpose ofNPDB
(1) Collects information on healthcare practitioners related to the professional competence
and conduct of physicians, dentists and other healthcare practitioners
(2) Tracks practitioners who have been defendants in malpractice claims that have
concluded with either a judgment or settlement
(3) Collects information on practitioners with adverse action against their hospital
privileges or their license to practice
(4) Provides conditional immunity from anti-trust suits against healthcare facilities and
their medical staff that participate in peer review, provided that:
(a) Due-process protections were made available to the physician under review, and
(b) The reviewers acted in good faith in furthering quality patient care
b) Entities that must report include
(1) Hospitals and other healthcare providers
(2) Medical and dental licensing boards
(3) Medical malpractice payors, including medical liability carriers, SIRs, trust, captives, RRGs
c) Entities with access to' the reported data include
(1) Hospitals
(2) Other healthcare entities with formal peer review
(3) Professional societies with formal peer review
(4) Boards of medical or clental examiners and other healthcare practitioner state licensing
boards
(5) Plaintiff's attorneys of plaintiffs representing themselves (some limitations)
(6) Healthcare practitioners - self query
(7) Researchers (statistical data only)
d) Reporting Requirements
(1) Payments of judgments or settlements made on behalf of specified licensed
practitioners, regardless of the amount in response to written demand - report within
30 days of the date of payment to NPDB
(2) Hospitals and other healthcare entities: Actions taken which adversely affect privileges
of physicians and dentists or membership on the staff- report within 15 days of
adverse action to board of medical examiners
(3) Disciplinary actions taken by State medical and dental boards -licensing board reports
within 30 days

e) Ongoing requirements
(1) Hospitals must request information from NPDB on a new physician, dentist or other
practitioner at the .time of initial application
(2) Information on current members must be requested at a minimum of every two years
(3) Failure to report indemnity payments- up to $11,000 fine
(4) Hospitals that do not request information from the NPDB are presumed to know
about the information they would have obtained if they had asked.
(5) Failure to report a reportable adverse action waives the hospital's immunity protection •
from discovery for three years
f) Information available
(!)"Medical malpractice payments
(2) Medicare and Medicaid exclusions
(3) US DEA actions
(4) Adverse actions related to professional competenqr and conduct
(a) Professional licensing actions
(b) Clinical privilege actions
(c) Professional society membership status
D. The Healthcare Integrity and Protection Data Bank (HIPDB)
1. A clearinghouse for the reporting and disclosure of certain final "adverse actions" taken against
healthcare practitioners, suppliers, and other providers in an effort to combat fraud and abuse.
2. HIPDB contains information regarding:
a) Civil judgments against healthcare providers, suppliers, or practitioners related to the
delivery of a healthcare item or service
b) Federal or state criminal convictions against healthcare providers, suppliers, or practitioners
related to the delivery of a healthcare item or service
c) Actions by federal or state agencies responsible for the licensing and certification of
healthcare providers, suppliers, or practitioners
d) Exclusions of healthcare providers, suppliers, or practitioners from participation in federal
or state healthcare programs
e) Any other adjudicated actions against healthcare providers, suppliers, or practitidp.ers
E. Hospital Value-Based Purchasing Program (HVBP)
1. CMS quality incentive program built on the Hospital Inpatient Quality Reporting (IQR)
measure reporting infrastructure
\:
2. Designed to promote higher quality care for Medicare beneficiaries i
3. Rewards facilities with better patient outcomes, processes and experiences instead of just
volume of services and penalties apply if hospital is non-compliant
4. Funded by a 1.25 percent reduction from participating hospitals' base-operating Diagnosis-
Related Group (DRG) payments in FY 2014

5. Three domains:
a) Clinical Process of Care (13 measures)
b) Patient Experience of Care (8 HCAHPS dimensions)
c) Outcome (3 mortality measures)
F. Food and Drug Administration (FDA)
1. '-[>. divis~on of the Department of Health and Human Services
2. Designed to protect public health by regulating commerce that involves food, drugs
(including biologics) and medical devices (including radiation devices)
3. A robust collection oflaws that impact the day-to-day delivery ofhealthcare in a multitude of
ways, such as
'
a) Record keeping for dispensing narcotics
b) Manufactures of drugs must show evidence of drug safety and provide evidence of drug
effectiveness
c) Initiated tracking of medical devices
d) Required reporting of serious events related to medical devices
4. FDA: Three healthcare divisions
C.::nter for Dc1 ice:-, c1nd Cc·mcr l~ll f)ll!~ [ 1 .tlt,,llinn C ciHct tor BI<llnglc.\ i ~cdu.moil
R.tdiologiol Health: CDRH .md Rc,c,u-~_h: ( -uLR .tnd Rc,urc.h: r..:BER
Responsible for Responsible for oversight Responsible for oversight of

regulating companies that of the development, the nation's blood supply
manufacture, repackage, testing and marketing of
re-label, and/ or import · all pharmaceuticals (except
medical devices. vitamins and dietary
supplements)
Tracks reports of Includes over the counter, Ensures safety and

adverse events including pr@scription, biological effectiveness of biological
device malfunctioning therapeutics & generics products
Regulates all radiation- Other products such Includes vaccines, blood

emitting electronic as fluoride toothpaste, and blood products, cells,
devices antiperspirants, dandruff tissues, & gene therapies
shampoos and sunscreens
G. Safe Medical Device Act of 1990 (SMDA)

a) Enacted in 1992
b) Amended in 1993 to require manufacturers to track products that are:
(1) Permanently implantable
(2) Life sustaining or life-supporting and intended to be used outside of device user facilities
c) Administered by the Food & Drug Administration (FDA)

.- - .. _. _:_ . . .,_. ~" '' ..:.::· .
'~
d) The FDA wanted to intensify the act as hospitals initially were either not reporting or
under-reporting serious events, illnesses, injuries or death that were caused by, or related
to, medical devices
e) Requirements of the act
(1) Reporting serious events
(2) Tracking of several implantable devices
f) Facilities that are required to report
(1) Hospitals
(2) Ambulatory surgical facilities
(3) Nursing homes
(4) ~orne health agencies
(5) Ambulance providers
(6) Rescue squads
(7) Rehabilitation facilities
(8) Psychiatric facilities
(9) All outpatient diagnostic and treatment facilities that are not physicians' offices
g) Facilities exempt from reporting
(1) Offices including physicians, chiropractors, optometrists, nurse practitioners, dental offices
(2) Employee health clinics
(3) Freestanding care units
(4) Patient confidentiality protections
(a) Reportable events should be handled under peer review, quality improvement or
other related protection programs
2. Reporting
a) If device has or may have caused or contributed to a death, report to product manu&ctt.I.rer (if
known) and FDA within 10 working days of notice (eMDR Electronic Medical Device Reporting)
b) If device has or may have caused or contributed to a serious injury, report to product
manufacturer only within 10 working days of notice. If the manufacturer is unknown,
report to the FDA (eMDR Electronic Medical Device Reporting)
c) If a facility submitted any eMDR Electronic Medical Device Reporting reports to the
manufacturer or the FDA, the facility must submit a summary to the FDA no later than Jan.1
3. Medical device tracking via FDA Modernization Act of2002
a) Requires the final distributor (such as a hospital) to collect patient identifying inforn.'\atio\l
1
for each patient who receives a tracked device and submit this to the manufacturers ·
b) Includes patient confidentiality provisions

c) Primary tracking especially lies with manufacturer
d) Records are to be maintained as long as the device is in use or in distribution for use
e) List is updated on an ongoing basis at www.fda.gov

,,;
,~,
4. Product recall drivers

a) Federal agencies
(1) FDA·
;· (2) OSHA
I
b) Accreditation requirements
(1) The Joint Commission
"c) Manufacturing trends: Outsourcing of products
(1) Product quality and safety outside full control of corporation
_ 5. Product Recall Challenges
a) Oevelop standardized processes to receive and disseminate information about product
recalls, notifications, and safety alerts to appropriate departments and individuals
(1) Accountability- Establish who is responsible
(2) Communication plan
(3) Consider pharmaceuticals
(4) Alerts tracking mechanism
b) Timely management of recall and replacement efforts
-c) Establish a claims processing mechanism
H. Emergency Medical Treatment and Labor Act (EMTALA)
a) Part of the Consolidated Omnibus Budget Reconciliation Act of 1986 (COBRA)
b) Enacted in response to· practice of "patient dumping," the transfer of uninsured individuals
from one hospital emergency department to another for no reason other than inability to pay
c) Congressional mandate for hospitals and providers to provide a "safety net" for persons
seeking assessment and care for a possible clinical emergency at a Medicare-contracted hospital
d) Applies to: \
(1) Hospitals that participate in the Medicare program and have a dedicated emergency
department (DED)
(2) Emergency physicians
(3) On-call physicians
2. Requirements
a) Provide a medical screening examination to determine if an "emergency medical condition''
(EMC) exists
b) If an EMC exists, provide appropriate medical treatment to stabilize the patient, subject to
the availability of resources (capability/capacity)
c) If capability/capacity is not available, provide "appropriate" transfer to facility that does
have capability/capacity to stabilize EMC
d) Participating hospital must accept a patient transfer from another hospital if it has the capability/
capacity to provide stabilizing treatment to patient that the transferring hospital does not have

~' ·'
3. Medical screening examination (MSE)

a) Not an isolated event, but an "ongoing process," per CMS
b) Elements for proper MSE
(1) Log entry with disposition
(2) Triage record
(3) Ongoing recording of vital signs
(4) Oral history
(5) Physical examination
(6) Use of all necessary testing resources to check for EMC
(7) Use of on-call physicians as needed
(8) Discharge or transfer vital signs
(9) Adequate documentation of all of above
c) Must be performed by a "qualified medical person" (QMP)
' '
(1) Hospital determines criteria for QMP; must be outlined in medical staff bylaws
(2) CMS does not require physician to perform MSE; requires QMP to have sufficient
training to make proper decision
(3) American College of Emergency Physicians position: physician should perform
medical screening exam
d) MSE ends when determination is made by QMP that emergency medical condition does
not exist, no longer exists or patient is admitted or transferred to a higher level of care for
fUrther treatment
4. Compliance
a) Hospital expectations
(1) Adopt and enforce policy consistent with EMTAIA
(2) Adopt policy oudining which medical personnel are qualified to perform MSE
(3) Post signs informing the public of the hospital's EMTAIA obligations
(4) Maintain central log of all patients who present to facility and request care for an
emergency medical condition
(a) Each department that meets the definition of a DED must maintain a log
(b) Log must include notations of patient dispositions
(c) Records of persons transferred to or from the hospital must be kept for five years
from date of transfer
(5) Maintain list of on-call physicians
(a) 24-hour coverage of all specialties not required
(b) Hospitals are responsible to maintain list in manner that "best meet the needs of :
hospital patients receiving required EMTAIA services" ·
(c) Make and document efforts to arrange for such coverage
(d) CMS will apply "reasonable standard" rule retrospectively to determine if on-call
coverage was appropriately scheduled given services available at hospital
LEGAL AND REGUlATORY Domain 129

(6) Advise patients who refuse treatment of risks of leaving before completing their
screening assessment or treatment
(a) Document efforts
(b) Attempt to have the patient sign a form that confirms the decision to leave "against
medical advice" (AMA)
b) Financial screening of patient is permitted if:
',\ (1) There is no delay in patient receiving MSE or stabilizing medical treatment in order to
inquire about insurance status
(2) Hospital does not attempt to obtain treatment authorization from patient's primary
caregiver or health plan before providing MSE, any needed stabilizing treatment or
·-., arranging for appropriate transfer to higher level of care
(3) Patient is not made to feel pressured or coerced in not staying for treatment
5. EMTALA applies to:
a) Any individual who comes to the emergency department and requests exam and treatment
for a medical condition, or request is made on his/her behalf
b) Any individual, on hospital property other than DED, who requests exam and treatment
for what may be an EMC
(1) Includes individual who would qualifY for care under prudent layperson standard
(2) "250-yard rule": hospital campus defined as entire main campus including parking
lot, sidewalk and driveway or hospital departments including buildings owned by the
hospital within 250 yards
6. EMTALA does not apply to:
a) Patients at hospital for scheduled outpatient procedure who are already under medical care
and develop potential emergency conditions
b) Inp3:tients
c) Hospital off-campus departments (unless that department meets the definition ofDED)
d) Ambulances operating under community wide emergency medical service protocols
(1) If ambulance shows up at hospital, regardless of divert status, EMTALA is triggered
e) During national emergency; CMS issues appropriate guidance to hospitals
7. Hospital's EMTALA obligation ends if:
a) It is determined that no EMC exists
b) The EMC is stabilized
c) Patient is admitted to hospital for further treatment
d) Patient is appropriately transferred to hospital that can provide stabilizing treatment
8. Transfers
a) An unstable patient with an EMC may not be discharged or transferred to another facility unless:
(1) Hospital does not have capability/capacity
(2) Physician certifies that benefits of transfer outweigh risks
(3) Patient refuses treatment or requests a transfer

b) Appropriate transfer (CMS definition)
(1) Transferring hospital has provided medical treatment within its capacity to minimize
risk of transfer
(2) Receiving facility has capac-ity and capability and has agreed to transfer
(3) All patient medical records related to emergency condition available at time of transfer
are sent with patient
(4) Transfer effected through qualified personnel and transportation equipment
(5) Any other requirements as CMS may find necessary in interest of health and safety of •
patient transferred
c) Discharge from hospital considered "transfer" under EMTALA
d) Physician must sign transfer form
9. Psychiatric patients
a) Only considered stable once he/she is "protected" and prevented from injuring himself/herself
or others
; .,
....
10. Penalties/sanctions
a) Non-compliance may result in investigation by state licensing authority (SA), state quality
improvement organization (QIO), CMS, the Office of the Inspector General (OIG) or
Of11 ce of Civil Rights (OCR)
b) Civil monetary penalties (CMPs) of up to $50,000 per violation for hospital and! or physician(s)
c) Can lead to termination of participation in Medicare program for both hospitals and physicians
d) Hospital has a duty to report violations or inappropriate transfers (e.g., no prior notice
from other hospital, financial "dumps," etc.) to state licensing authority or direcdy to CMS
within 72 hours - not doing so is, itself, a violation
e) Whisde-blower statute: any facility or individual who retaliates against physicians or other
qualified individuals who refuse to authorize unsafe or inappropriate transfer or anyone
who reports suspected EMTALA violation, can be fined
11. Risk management implications ofEMTALA
a) EMTALA violations are too cosdy not to have policies and procedures established and
education provided and enforced to ensure compliance
b) Staff should be trained/ retrained on EMTALA compliance at least annually
'
c) Staff should be educated to treat presenting patients based on presenting signs arid
symptoms to avoid potential EMTALA violations
d) Staff should understand that MCOs cannot deny a patient access to hospital services but
may deny payment for those services
I. Medicare Regulations for Long Term Care Facilities (LTC)
1. Overview of long-term care
a) Care provided in person's home or community, assisted living facilities (ALFs), skilled
nursing facilities (SNFs), continuing care retirement communities (CCRCs), etc.
2. Omnibus Budget Reconciliation Act of 1987 (OBRA)
a) Basis for uniform regulations governing care and assessment of nursing home residents
under Federal Nursing Home Reform Act of 1987

b) Establishes requirements relating to provision of care such as assessing residents, training for
nurse's aides, physician examinations, follow-up visits, level of nursing care, nursing coverage
and the establishment of quality assurance committee that meets regularly, at least quarterly
c) Emphasizes residents' rights, promoting the dignity of residents; residents may file formal
~omplaints about infr~ctions of any rights
d) As a condition of maintaining Medicare provider agreement, nursing facilities are required
i to go through survey and certification process every 9-15 months. Four areas of focus
'·' evaluated in this survey:
(1) Quality of care furnished to residents
(2) Adequacy of written plans of care
{3) Accuracy of residents' assessments
(4) Compliance with residents' rights
e) Enforcement
(1) Empowers the survey agency (state and/or CMS) to impose sanctions on
noncompliant providers
(2) Civil monetary penalties or fines of up to $10,000 per day
(3) Denial of payment for new admissions
(4) Termination from the Medicare and Medicaid programs
(5) New sanctions may be imposed with greater flexibility and speed
(6) Types of deficiencies that trigger an appeal option; not all survey actions can be appealed
3. LTC Requirements
a) Develop initiatives to continually improve and maintain overall level of patient care
(including a special focus on restraint reduction)
b) Reduce the incidence of pressure ulcers and malnutrition
c) Imposes staffing obligations: Nursing coverage, physician examinations and follow-up visits
d) Establish a formal training_and certification for nursing assistants
e) Establish and enforce resident's rights
f) Periodic and routine survey and certification process by state agency on behalf of CMS or CMS
4. Risk Management in LTC
a) Industry trends
(1) Increased frequency and severity of claims
(2) Declining or inadequate reimbursement
(3) Chronic staffing shortages
(4) Heightened awareness of medical errors in LTC facilities
b) Increasing awareness and citations for elder abuse violations
c) Regulations vary from state to state
J. Child abuse and neglect
1. Overview

a) Federal initiatives in I974 (CAPTA) with amendments in I996
b) Children and Families Safe Act of2003 defined child abuse
c) Abuse
(I) Any recent act or failure to act on the part of a parent or caretaker which results in
death, serious physical or emotional harm, sexual abuse or exploitation, or an act or
failure to act which presents an imminent risk of serious harm
(2) Four main categories:
(a) Neglect
(b) Physical abuse
(c) Sexual abuse
(d) Emotional abuse
d) Negfect
(I) Deprivation of adequate food, clothing, shelter or medical care
e) Every state has enacted mandatory reporting requirentents relating to suspected ~hild abuse
and neglect, including crime codes
f) Requires healthcare practitioners, teachers and professionals in positions who interact with
children to report suspicions or known abuse or neglect
g) Exceptions to reporting exist but are mainly focused on children who are under treatment
by spiritual means
2. Risk management implications regarding child abuse and neglect
a) Educate staff on symptoms of child abuse and mandatory reporting
b) Requirements under state law
c) Be knowledgeable of your state reporting requirements and elements to report
d) Ensure a policy and procedure for reporting and examinations exists
K. Elder abuse and neglect
1. Types of elder abuse
a) Physical abuse
b) Sexual abuse
c) Psychological or emotional abuse
d) Neglect
(I) Self-neglect: Intentional decision by a competent individual to refuse or fail to provide
him/herself with adequate food, water, clothing shelter or who engages in acts to
threaten his or her own welfare ,.·,,
e) Financial exploitation
f) Abandonment
g) Abduction by family members
h) Some states offer immunity provisions protecting those who report from civil liability
i) Consequences of not reporting

(1) Significant penalties up to and including loss of licensure, allegations of unprofessional conduct
and exposure to civil litigation to the individual and facility who fail to uphold the law
2. Elder abuse and neglect risk management implications
- J
-a) Become familiar with mandatory reporting requirements, including permitted statutory
exceptions relating to child, elder and dependent adult abuse and neglect
b) Provide ongoing education to hospital staff and physicians of the reporting obligations
under state laws
c) Develop a policy for identification and reporting of elder abuse
d) Review information from National Center on Elder Abuse (www.elderabusecenter.org)
_L. The Americans with Disabilities Act (ADA): Title III Nondiscrimination on the Basis of
Dis~bility in Public Accommodations and Commercial Facilities www.usdoj.gov/crt/ada
1. Title III prohibits private entities that provide public accommodations and services from
denying goods, services and programs to people based on their disabilities.
a) Includes the following:
(I) Structural accessibility requirements for private entities
(2) Programmatic access: Reasonable modifications in policies and procedures or practices when
such are necessary to provide same level of goods, services, etc. to disabled as non-disabled
2. Public accommodations:
a) Must not impose or apply eligibility criteria that screen out or tend to screen out an
individual with a disability or any class of individuals with disabilities
b) May impose legitimate safety requirements that are necessary for safe operation.
c) May not impose a surcharge on a particular individual with a disability or any group of
individuals with disabilities to cover the costs of measures for accommodation
3. Definition of a disability according to ADA
a) A physical or mental impairment that substantially limits one or more of the major life
activities of such individual
4. Examples of physical or me)ual impairment
a) Anatomical loss affecting one or more of the following body systems
I'
I
b) Any mental or psychological disorder such as mental retardation, organic brain syndrome,
emotional or mental illness, and specific learning disabilities
c) Includes, but is not limited to orthopedic, visual, speech, and hearing impairments,
cerebral palsy, epilepsy, muscular dystrophy, multiple sclerosis, cancer, heart disease,
diabetes, mental retardation, emotional illness, specific learning disabilities, HN disease,
tuberculosis, drug addiction, and alcoholism
5. Major life activities
a) Functions such as caring for one's self, performing manual tasks, walking, seeing, hearing,
speaking, breathing, learning, and working
M. Clinical Laboratory Improvement Act (CLIA)
a) Enacted in 1998 by Congress to establish quality standards for clinical laboratories

----·,--·~ •.:.......c_ ___ •__ , __
b) Oversight by CMS CDC (Division of Laboratory System) and FDA

c) Cited reasons for enactment
(1) Misread lab tests
(2) Absence of workload limits for lab technicians
(3) Proliferation of unregulated laboratories
d) Law establishes three categories of covered tests:
(1) Waived complexity
(2) Moderate complexity
(3) High complexity
e) Specifies quality standards
(!);Proficiency testing (PT)
(2) Patient test management
(3) Quality control
(4) Personnel qualifications
(5) Quality assurance for labs performing moderate and high complexity tests
(6) Stringency of standards linked to complexity of tests
f) Labs performing gynecologic cytology testing must ensure each pathologist or cytotechnologist
who participates in screening must annually enroll in CMS-approved cytology PT program
2. Risk management implications of Clinical Laboratory Improvement Act
a) Remain aware of the regulations as they undergo revisions
b) Assure those responsible for lab interpretation are properly enrolled in appropriate programs
N. Human Research Subjects
1. Overview
a) Mandatory strong safeguards for the safety of human subjects. in medical research is a
primary obligation for clinical investigators and institutions
b) Ethical principles for current regulations governing human biomedical research
(1) Respect for persons: Recognition of the personal dignity and autonomy of individuals
and special protection of those persons with autonomy (vulnerable subjects)
(2) Beneficence: Involves an obligation to maximize benefits and minimize risks'ifharm
(non-maleficence)
(3) Justice: Requires a fair distribution of benefits and burdens of research
2. Federal research requirements
a) Respect for autonomy of the research subject
b) Protection of vulnerable populations
c) Absence of coercion
d) Reasonable balance of benefits and burdens of the proposed research for the individual
subject and not for society, at large

1 .
.
.
·,:,,1•
·-· ~
3. Responsibility of institutional review boards (IRBs)
a) Reviewing all clinical, translational research conducted at the institution
b) Reviewmg minimization of risks to human subjects to the greatest extent possible
c) Reviewing equitable selection of subjects
d) Assuring risks are reasonable in relation to anticipated benefits
~ Assuring risks, benefits and alternative options are clearly communicated to potential
human subjects during the informed consent process
f) Educating the research community on proper conduct of research
g) Assuring privacy and confidentiality of research subjects
4. IRB ~uthority and membership
a) Authority
(1) Prospective review
(2) Monitoring
(3) Require modification of protocols
(4) Approve or disapprove the research
b) Membership
(1) Minimum of five members of diverse backgrounds
(2) Includes one non-affiliated member, one non-researcher, one scientific member
(3) No member may participate in an IRB review of a study with which the IRB member
has a conflict of interest
(a) Member is the investigator
(b) Member has a financial interest
(c) Member has any other interest that may have an adverse impact on the ability to
exercise independent judgment
5. IRB activities \
a) Review of application and proposal for DHHS-funded human research
b) Prospective and ongoing review of research activities (non-exempt)
c) Review and approval of research conducted at intervals appropriate to the degree of risk,
but not less than once per year
d) Reporting of adverse events and unexpected risks to human subjects
e) Approval of amendment and modifications to protocols and consent forms
f) Documentation of review of protocols, actions, findings, and attendance in IRB minutes
6. Compliance
a) Oversight by DHHS and Food and Drug Administration (FDA)
b) Scope: Results of research, whether in terms of scientific recognition and/or financial
reward, may never take priority over the research subject
(1) Conduct compliance inspections of institutions engaged in research
(2) Provide oversight ofiRB activities
-~-~.-.-.
--- --- _ _ ',.1.:_;_;,~:.;__._,___,_ ·~---
c) Federal oversight activities have increased in recent past

d) Continued emphasis due to increasing public interest in ethical and procedural proprietary
of biomedical research
e) Non-compliance can result in:
(1) Loss of reputation, funding (which may be substantial)
(2) Heightened oversight by federal investigative arid/or prosecutorial bodies
-_;:.'·.
7. Common deficiencies identified by DHHS Office for Human Research Protections (OHRP,
www.hhs.gov/ ohrp)
a) Consent form deficiencies
( 1) Language not understandable to public
(2) !~adequate explanation of benefits
..
(3) Failure to address all elements of informed consent
(4) Failure to describe all research procedures
b) IRB procedural and process dellciencies
(1) Inadequately written policies and procedures
(2) Improper use of expedited review
(3) Inadequate information available to support risk, benefit determination
(4) Substantive changes to protocol and consent without full IRB re review
(5) Failure of documentation of IRB actions
c) Lapsed IRB approval (approval valid for one year)
d) Failure to report unanticipated problems involving risks to subjects, serious and continuing
noncompliance, suspensions and terminations to OHRP
8. Risk management considerations with human research subjects
a) Understand protection rights of human subjects
b) Know confidentiality of human subjects is held to higher level than general patients
c) Understand common deficiencies cited by OHRP and work with responsible persons to
assure compliance with human subject research activities
0. Patient Safety and Quality Improvement Act
a) Law enacted in 2005
b) Medical error: failure of a planned action to be completed as intended or the use of a wrong
plan to achieve an aim, including problems in practice, products, procedures and systems
c) Patient safety organization (PSO): private or public entity or component thereof that\"
is listed by the Secretary of the Department of Health and Human Services (DHHS)
pursuant to the Act
(1) PSO must be certified and listed by DHHS
d) Patient safety work product (PSWP): any data, reports, memoranda, analyses (such as root
cause analyses) or written or oral statements
(1) Assembled or developed by a provider for reporting to a PSO and are reported to a

PSO; or are developed by a PSO for the conduct of patient safety activities and which
could result in improved patient safety, healthcare quality or healthcare outcomes
(2) Identify or constitute the deliberations or analysis of, or identify the fact of reporting
pursuant to, a patient safety evaluation system
1 e) Patient safety activities primarily conducted by a PSO
(1) Efforts to improve patient safety and the quality ofhealthcare delivery
'<2) Collection and analysis of patient safety work product
(3) Development and dissemination of information with respect to improving patient safety
(4) Utilization of patient safety work product for the purposes of encouraging a culture of safety
(5) .Maintenance of procedures to preserve confidentiality with respect to patient safety
work product
(6) Provision of appropriate security measures with respect to patient safety work product
(7) Utilization of qualified staff
(8) .Activities related to the operation of a patient safety evaluation system
f) Patient safety evaluation system (PSES): collection, management or analysis of information
for reponing to or by a patient safety organization
g) Provider: individual or entity licensed or otherwise authorized under state law to
provide healthcare services Examples: hospitals, nursing facilities, home health agencies,
pharmacies, nurse practitioners, physicians' offices, physical or occupational therapists
2. Purpose
a) To provide for improvement of patient safety and reduce incidence of events that adversely
affect patient safety
(1) Establishes framework for creation of national database on medical errors
(2) Designates individual reports as confidential
(3) Grants participating providers protection from being compelled to disclose certain
information
(4) Allows for reporting and ;ubsequent analysis of medical error information
b) Encourages open communication among providers and regulators that could result in
improved safety, healthcare quality and/or healthcare outcomes
3. Agency for Healthcare Quality (AHRQ) is responsible for implementing the act
4. Voluntary reporting of errors
a) Act imposes no mandatory reporting provisions
b) Privilege and confidentiality protections provide incentive for providers to participate
c) Protections afforded to patient safety work product reported to a patient safety organization
5. Establishment ofPSOs
a) Certified by D HHS secretary
b) Must have policies and procedures in place to perform patient safety issues required by act
c) Must resubmit for certification every three years
d) Provisions for revocation of certification if entity no longer meets certification requirements

6. Creating network of patient safety databases
a) Maintained by DHHS
b) Network capable of accepting aggregating across the network and analyzing non
identifiable PSWP reported by PSOs, providers or other entities
c) Information reported used to analyze trends and patterns of healthcare errors nationally as
well as regionally
d) Error data will be available to the public
7. Enforcement
a) DHHS may assess CMPs for violation of confidentiality and privilege provisions of the act
(1) Up to $10,000 for each act constituting a violation
·..
(2) Six-year statute of limitations
(3) No double penalties (HIPAA, PSQIA)
(4) Private action (civil suit) permitted for adverse employment action against individual
subsequent to report individual has made to provich;r or PSO
8. Privilege and confidentiality protections
a) Privilege of act preempts federal, state or local law
(1) PSWP not subject to federal, state or local civil or criminal administrative subpoena or
order including disciplinary proceeding against a provider
(2) PSWP not subject to discovery in disciplinary proceeding against a provider
(3) PSWP not admissible as evidence in civil or criminal proceeding including one against
a provider
(4) PSWP not admissible in professional disciplinary proceeding by disciplinary body
pursuant to state law
b) Confidentiality preempts all federal, state or local law but allows application of any law
that is more stringent in confidentiality provisions
c) Exceptions to protections (privilege and confidentiality)
(I) For criminal proceeding only after in camera determination that PSWP is material to
the proceeding and not reasonably available from any other source
(2) During adverse employment action to extent required to provide equitable relief to
aggrieved individual
(3) If authorized by each provider identified in the work product
(4) Voluntary disclosure of non-identifiable PSWP
(5) Eight additional exceptions for confidentiality protection: \:..
(a) To carry out patient safety activities \
(b) Non-identifiable PSWP

(c) For research, evaluation or demonstration projects
(d) To FDA for product or activity regulated by FDA
(e) By provider to accrediting body for accrediting purposes
(f) Other, as determined by DHHS secretary
-~-''·· --------------------~---~-
(g) Law enforcement authorities if necessary for criminal law enforcement purposes
(h) If other than a PSO, PSWP does not include assessment of provider's quality of care
(6) PSWP continues to be privileged and confidential even after disclosure; however, no
confidentiality provisions in criminal proceeding
(7) No privilege or confidentiality protections when non-identifiable PSWP is disclosed
9. Wlpsde-blower protection
. loss of employment, failure to promote individual, failure to provide employment-
' a) Includes
related benefit, adverse decision made in relation to accreditation, certification,
credentialing or licensing of individual
10. PSOs and HIPM
a) PSOs treated as business associates under HIPM
b) Patient safety activities of PSOs constitute healthcare operations of provider
11. Risk management implications of Patient Safety and Quality Improvement Act
a) Structure ofPSOS and protections they afford, will enable risk managers to have access to
information otherwise unavailable or guarded under attorney client and work product privilege
b) PSOs should demonstrate at least basic competencies of its staff performing clinical,
technical and analytical functions
12. PSOs must accept data in the most efficient way possible, thereby ensuring a reasonable cost
structure
a) Ensure stringent technological and human firewalls to protect information being shared
with aPSO
VI. Data Management Regulations and Laws

A The Health Insurance Portability and Accountability Act (HIPM)
1. Overview 9f the law
a) Goal: Reduce costs and administrative burdens ofhealthcare by standardizing electronic
transactions of certain administirative and financial transactions previously carried out on paper
b) Tide II '~istrative Simplification" established national standards for electronic
healthcare transactions
c) Covered entity must appoint privacy and security officer
d) Requires providers, health plans and employers to adopt unique health identifiers for
electronic transactions
e) Established national standards for protecting the privacy and security of health information
f) Protects consumers against unauthorized use and disclosure of health information
g) Implemented by the Department of Health and Human Services (DHHS)
h) 17 direct identifiers
(1) Details at http://www.cms.gov/HIPMGeninfo

2. Elements of the Privacy Rule and the Security Rule
r,-:. ~...._. l~Lr;___

-
'),__'-. •.r-~L~
-
RLLI_
• Protects privacy and confidentiality of • Builds upon Privacy Rule-

individual's health information • Governs PHI only in electronic form
• Governs how covered entities (CE) may use • Safeguards the confidentiality, integrity and
and disclose patient information maintained availability of electronic health information
or transmitted by a CE
• Requires CE to protect confidentiality,
• Imposes restrictions on what information integrity and availability of all electronic
can be disclosed, who may receive the PHI it creates, receives, maintains or
information and permitted uses transmits
• Calls for a security/privacy officer • Protects against reasonable anticipated
• Limits who ·is authorized to access PHI threats or hazards
• Ensures compliance by members of the
workforce
"·
• Seeks to ensure that only authorized
individuals can access information
• Requires administrative, physical and
technical safeguards
3. State vs. federal protections

a) HIPAA establishes a minimum level for the protection of confidentiality and security of
PHI at the federal level
b) Provides a floor for protecting the confidentiality and security of PHI
c) Preempts any state law that is contrary
d) States with more stringent rules will supersede the federal level
e) When able, entities should conform to federal, state and local laws
4. Direct identifiers
• Name/initials • Medical record numbers • Other identifying numbers II
• Street address, city, county, • Health plan ID numbers or characteristics I' I
precinct, ZIP Code • Account numbers • Biometric identifiers,

• All elements of dates including finger and voice
• Certificate/license numbers prints
(except year) direcdy
• Vehicle identifiers and serial
related to an individual • Full face photos and
numbers, including license comparable images \',
• Ages over 89 plate numbers
·,
\ ~
• Telephone number • Any other unique

• Device identifiers and serial identifying number,
• Social Security number numbers characteristic or code
I
i,
• Fax number • Web addresses

• E-mail address • Internet IP addresses

5. Exclusion of PHI
a) Education records (covered by Family Educational Rights and Privacy Act)
b) Employment records (held by CE in its ~ole as employer)
6~ Patient rights under the rule
a) Access to PHI
\1) Exclusions
'\
(a) Psychotherapy notes

(b) Notes compUed in anticipation of court proceeding
(c) PHI obtained &om source other than health care
(d) PHI that would endanger the life or safety of an individual
(e) PHI created or obtained in the course of a clinical study
(f) Denial of PHI access must be in writing by the CE
b) Requesting corrections and amendments to PHI
(1) Request must be made in writing by patient
(2) CE must respond within 60 days
c) Requesting confidential communications (alternative means or locations)
(1) CE must comply with "reasonable requests"
(2) Requests must be in writing
(3) Denials by CE must be in writing ·
d) Requesting accounting of disclosures:
(1) Must occur over six-year period
(2) Incidental disclosures and those used for TPO are excluded
e) Requesting restrictions of PHI disclosure:
(1) CE does not have to comply with request
\
(2) If CE complies, CE is bound by agreement untU terminated, except in emergency situations
f) Inspecting and copying PHI
(1) If maintained in designated record set
(2) Request must be in writing
(3) CE must reply within 30 days if has PHI; allowed one 30-day extension
g) Copy of the Notice of Privacy Practices (NPP) from covered entities
h) Right to complain
(1) To the Privacy or security officer of the CE
(2) To Office ofCivU Rights (OCR)
(3) Whisde-blower protections
i) Notice of Privacy Practices (NPP)
(1) Is responsibUity of CE
-
(2) Delineates how CE routinely uses and discloses PHI -·_,--.-
(3) DetaUs responsibUity of CE and patient

---~-·· ..:_..'~____,_:,___,-
\''-··-·
(4) Direct treatment providers (hospitals, physicians) must provide to patient on first date
of treatment ·
(5) Must make "good faith effort" to obtain signature of patient's receipt (one time
signature unless significant changes are made to NPP)
j) Permitted disclosures where authorization is not necessary:
(1) Treatment, payment and/or healthcare operations (TPO)
(2) Quality assurance
(3) Compliance
(4) Business planning and development
(5) Reporting of disease, injury or disability
(6) Child abuse
(7) R:eports of abuse, neglect or domestic violence
(8) FDA regulated product reporting requirements
(9) Public health activities "',
(I O) Employers for work related injuries or illnesses
(11) Healthcare oversight activities
(12) Disclosures for judicial or administrative proceedings
(13) Law enforcement purposes
(14) As required by law:
(15) Reporting of certain wounds, injuries
(16) Descendants related to criminal activities on the CE premises
(17) To identify and locate a missing person, fugitive, material witness
(18) Emergencies
(19) Organ procurement organizations
(20) Health and safety threats
(21) Government-related disclosures
k) Disclosures where separate authorization is required
(1) Release of psychotherapy notes including drug, alcohol treatment
(2) Research
(3) Marketing
(4) HIV records or labs
1) Business associates 1:
. \
' .
(I) If aCE shares PHI with a business associate, it must enter into an agreement to obtain
"reasonable assurances" that the business associate will protect the PHI in compliance
with the Privacy Rule and Security Rule
m) Security Rule
(1) Administrative safeguards
(a) Implementation of security management process (gap analysis)
(b) Plan to address vulnerabilities

(2) Physi~ safeguards
(a) CE must employ physical measures as well as policies and procedures to protect
electronic information from natural or unauthorized intrusion
(b) Facility-access controls: maintaining integrity of electronic data when operating in
contingency or emergency conditions
(c) Work station uses and security: prevention of unauthorized access, inappropriate
use; may include use of identification badges, etc.
(d) Device and media: control over portable media (CDs, zip drives) and removal of
PHI from obsolete equipment
(3) Technical safeguards
(a) CE must impose access and audit controls, implement policies and procedures to
protect PHI, procedures to authenticate persons or entities seeking access
(4) Security measures to protect against unauthorized access to PHI transmitted in
electronic format
(5} Examples:
(a) Access controls
(b) Audit controls
(c) Integrity
(d) Authentication
(e) Transmission security
(f) Non-compliance implications
(6) Civil monetary penalties (CMP)
(a) Five areas for determining if a CMP may be imposed:
~i) Nature of violation
(ii) Circumstances (including consequences) of violation

(iii) Degree of the CE~ culpability
(iv) CE' s history of offenses
(v) CE's financial condition
(vi) Also, CMP may be assessed individually to members of the workforce
(7) No CMP may be imposed if:
(a) CE was unaware of the violation
(b) CE had reasonable cause (not willful neglect) and the CE corrects the problem
within 30 days of discovering the failure
(c) CE is criminally liable for the offense
(8) Civil penalties:
{a) CE may be penalized $100 per violation if CE did not know (and by exercising
reasonable diligence would not have known) that he/she violated HIPAA unless
exceptions apply
(b) For repeated offenses, the CE cannot be penalized more than $25,000 in one year
I_~
(c) Penalty amounts may change. To obtain the most up-to-date information go to
http:/ /www.hhs.gov/ ocr/ privacy/index.ht.m.l
(9) Criminal liability:
(a) Federal act does not provide any private right of action (for filing suit) although
some state laws may exist
(b) CE may be subject to criminal penalties through Department of}ustice (as referred
to by OCR)
(c) CE may be held criminally responsible for knowing disclosing or obtaining PHI in
violation ofHIPAA statute; fines may be up to$50,000 and one-year imprisonment. •
(d) The criminal penalties increase to $100,000 with imprisonment for up to five years
if the wrongful conduct involves false pretenses
(~) Infractions for malicious intent to harm or for personal gain may result in a penalty
·' of $250,000 and up to 10 years in prison
n) Risk management implications of the Health Insurance Portability and Accountability Act
(1) Support and collaboration with the privacy and se~urity officers
(2) Provide training of workforce on policies and procedures related to HIPAA Privacy
Rule and Security Rule
(3) Establish steps for responding to complaints, requests
(4) Ensure compliance to assure NPP is provided to patient
(5) Create paper trail of documentation
(a) Complaints
(b) Workforce training
(c) Sanctions
(d) Disclosures to business associates
(6) Have broad knowledge base on local, state and federal laws where there may be conflict
(7) Retain all HIPAA records for minimum of six years
B. Health Information Technology for Economic and Clinical Health Act (HITECH)
1. HITECH includes a series of privacy and security provisions that expand the current
requirements under HIPAA's Privacy Rule and strengthens its enforcement
2. Promotes and advances the adoption of health information technology (HIT)
3. HIT is intended to provide rapid, efficient and secure coordination of care and sharing of
information among hospitals, physicians, long term care facilities, home health agencies and
all other authorized users.
1\
4. HITECH - Breach Notification Rule: i
a) Creates the right of individuals to be notified by the "covered entity'' (CE) within 60 days
if there is a breach of their protected health information (PHI)
b) A "breach" is defined as "the nnauthorized acquisition, access, use, or disclosure of
[PHI] that compromises the security or privacy of such information, except where an
unauthorized person to whom such information is .disclosed would reasonably have been
able to retain such information"

5. Breach Noti.fi.cation- Requirements
a) Notification requirements
(1) Under special circumstances posting on the home page of the of covered entity- or
- notice in major print or broadcast media
(2) If felt to be urgent due to the possibility of "imminent misuse" of the PHI, notice by
, telephone or other method
(3) Written notice to the individual or their next of kin
(4) If the breach is believed to affect more than 500 residents of a state or jurisdiction, notice
must be provided to prominent media within that area, and posting on HHS web site
6. Notifi.c~tion requirements apply to both providers and their business associates.
C. Medical R~cord
1. Purpose
a) Primary communication medium for planning, coordinating, and orchestrating patient
care -in which private health information about a patient is recorded
b) Primary basis for reimbursement
c) Legal document
d) Defense against negligence claims
2. Medical record content
a) Results of physical examinations
b) Medical history
c) Treatment reports
. d) Lab and X-ray reports
e) Physician orders
f) Consultation reports
g) Anesthesia reports
'··
h) Operative reports
i) Signed consent forms
j) Nurses notes
k) Vital sign record
1) Medication administration report
3. Medical record should be:
a) Complete
b) Legible
c) Accurate
4. TJC requires that all facilities treating patients maintain adequate medical records that:
a) Contain sufficient information to identify the patient (may include photographs)
,; ..•'.
b) Support the diagnosis
c) Justify the treatment

d) Document the course of treatment and results of same
e) Promote continuity of care among healthcare providers
5. The medical record is an important business record that may be accessed by:
a) Physicians
b) Peer review organizations
c) Billing department
d) Health plans
e) Health maintenance organizations (HMO)
f) Healthcare clearinghouses
g) Government agencies
h) Government funded organizations
i) Accreditation bodies
j) Quality review organizations
k) Third-party payors for reimbursement
1) Research professionals
m) Legal counsel
n) Patient!guardian
6. Required entries and signatures/authentication by a healthcare practitioner
a) TJC requires all entries by dated and timed
b) Entries can be authenticated by:
(I) Written signature
(2) Identifiable signature
(3) Electronic signature
(4) Computer key
7. The person responsible for ordering, providing and evaluating the service performed
personally authenticates the record
8. Generally, the person who made the incorrect entry should correct it according to established
policy if correction is necessary
9. Changes should be made by a healthcare professional within their scope of practice, as defined
by their state licensing and certification laws
10. Record retention
a) Federal and state laws apply \',
b) False Claims Act -An action for a false claim act may not be brought
(1) More than 6 years after the date on which the violation is committed
(2) More than 3 years after the date when facts material to the right of actioh are known
or reasonably should have been known by the US government official charged with
responsibility to act in the circumstances, but in no event more than 10 years after the
date on which the violation is committed, whichever occurs last

(3) Office of the Inspector General's Model Compliance Guide for Hospitals states that a
hospital compliance program should provide for the implementation of a records system
(4) Record system should establish policies and procedures regarding:
(a) Creation
(b) Distribution
(c) Retention
'I
(d) Storage
(e) Retrieval and access
(f) Destruction
(g) Medical records should be retained as long as there is a medical or administrative
need (most states have specific guidelines)
(h) Statutes and regulations specify the method by which a record may be destroyed
D. Documentation
1. Regulations
a) Federal and state statutes
b) Professional practice standards
c) Specific healthcare facility protocols
d) Third-party payors
e) Accrediting organizations
2. Ownership of medical records
a) Healthcare facility or provider owns the actual record
b) Patient owns the information contained within the record
3. Tampering.with medical records
a) Report such activities
b) Risk management involvement
c) Forensic document examination
(1) Electrostatic detection apparatus
(2) Ink analysis
(3) Infrared exams
(4) Identification of date markers
4. Charting and documentation models
5. Documentation challenges
a) Electronic documentation
(1) Copy and past
(2) Wrong patient record
(3) Navigation challenges
b) Uncooperative or noncompliant patients

c) Objective rather than subjective
·d) Legible
e) Correcting errors in the record
f) Patient or family request a medical record correction
g) Hearsay
h) Telephone advice in the physician's office practice
i) Adverse event and incident documentation
j) Pagination
k) When doctors do not arrive
1) Countersignatures
m) Abbreviations
n) Authentication
6. Risk manager's role
a) Monitor to assess quality of documentation
b) Communicate regularly with the medical records committee/Health Information Services/
Health Information Management Committee
c) Educate the clinical staff
d) Establish steps for responding to complaints and requests including paper trail of steps taken
e) Awareness of non-compliance implications, both civil and criminal at a local, state and
federal levels
f) Work closely with privacy and security officers
g) Retain HIPAA records for minimum of six (6) years
E. Information technologies: challenges for the risk manager
1. HIPAA security regulations
2. New variations of old concerns introduced by new information technologies
3. Electronic medical records
a) Legal requirements
b) Confidentiality
(1) Policy
(2) Vendors and data clearinghouses:
(a) Electronic incident reporting systems
\',
(b) Scanning of medical records ..
(c) Accessibility and durability

(d) Accuracy and evidentiary concerns
(e) Security:
(i) Data encryption
(ii) Passwords and access codes

.·~
(iii) Virus protection and firewalls

(iv) Digital signatures
4. HIPAA minimum necessary information, business associates, etc.
5. Staff
I
education
F. Release of confidential information without patient consent
1. fhy~icianltherapist duty to third persons in psychiatric cases ("duty to warn")
~I
2. Records of alcohol and drug abuse patients

3. Medical records containing HN or AIDS related information
4. :Release of patient information to law enforcement agencies
5. Researchprograms
G. Dissemination of information to internal or external review organizations
1. Medical error reporting
2. Sentinel event reporting
3. FDA reporting
H. Confidentiality of business and other records
1. Incident reports
2. Credentialing files
3. National Practitioner Data Bank (NPDB)
4. Healthcare Integrity and Protection Data Bank (HIPDB)
a) Peer review privilege
b) Attorney-client privilege
I. Electronic mail
J. Social media ·
1. An undeniable force to be recognp;ed and managed with specific policies, procedures and
strategies for enforcement "·
2. Its rapid and informal communication style represents liability exposures that are immediate,
cosdy and not retractable
K. Telemedicine/telehealth
1. The practice of using electronic technology to provide patient care over distance
a) Use of telecommunication technologies, such as Internet or videoconferencing, to bridge
geographic gaps and improve healthcare delivery
b) Provision of clinical care (diagnostics, treatment, follow-up) via telecommunications
c) Provision of healthcare consultations and education through telecommunications networks
to communicate information
d) Medical practice across distance via telecommunications and interactive video technology
e) Computer-based, interactive communication and transmission of images (X-ray films,
pathology slides, scope images, anatomical photographs, patient records, EKGs, vital signs,
pulse oximetry, and fetal monitoring)

_,_ . ...:...:_._:,__.'·_·,.:'·
2. Forms/utilization
a) Tele pharmacy
b) Robotics in the OR, ER and with rounds
c) eiCU
d) Terrorist or similar catastrophic events
e) Workforce shortages
3. Risk exposures and challenges
a) Practice standards
b) Licensure and credentialing
c) Financial and regulatory compliance
d) Legal.;
e) Medical and hospital professional liability
f) Data integrity, confidentiality and protection
.,. ·"'...
g) Technical
VII. Payment Regulations and Laws

A. Omnibus Budget Reconciliation Act of 1989
1. Better known as Stark I, II, III: Anti self-referral law
2. Purpose of the law is to deter fraud by prohibiting a physician from referring patients to
an entity for a designated health service (DHS) covered by Medicare, if the physician or
a member of his immediate family has a financial relationship with the entity, unless an
exception ("safe harbor") exists
3. Stark
a) Prohibits anyone from submitting a claim or a bill to any person for a service or item
furnished pursuant to a prohibited referral
b) Includes bribes, kickbacks, excessive or unreasonable discounts or rebates, and profit-
sharing agreements
c) Various healthcare services under scrutiny include:
(1) Labs
(2) PT/OT
(3) Radiology and radiation oncology
(4) DMEs
(5) Prosthetics \:·,
i
(6) HHC
B. Recovery Audit Program (RAC- Recovery Audit Contractor)
1. Purpose is to identify and correct Medicare improper payments through the detection
and collection of overpayments and underpayments made on claims of healthcare services
provided to Medicare beneficiaries
:__ ________________________________
2. Claims submitted to Medicare are screened prior to payment and are generally paid without
requesting the supporting medical records. As a result, some claims may be paid inappropriately,
resulting in improper payments. The most prevalent reasons for improper payment are:
a) Items or services that do not meet Medicare's coverage and medical necessity criteria
l -
1 b) Items that are incorrectly coded
c) Services where the supporting documentation submitted does not support the ordered service
C. Medic~e, Medicaid, and SCHIP Extension Act (MMSEA)
1. Requires that liability insurers (including self-insurers), no-fault insurers, and workers'
compensation plans report details of settlements, awards, judgments or other payments
!nvolving Medicare beneficiaries
2. The purpose of reporting is to assist CMS and other insurance plans to properly coordinate
payment of benefits among plans so that claims are paid promptly and correctly
3. What must be reported is the identity of a Medicare beneficiary whose illness, injury,
incident, or accident was at issue to enable an appropriate determination concerning
coordination of benefits, including any applicable recovery claim
VIII. Corporate Compliance

A. Why Have a Corporate Compliance Program?
1. Supports legal/ regulatory/ accreditation obligations
2. Improves the quality and safety of care
3. Demonstrates a commitment to honesty and integrity in work practices
4. Provides a more accurate view of employee and contractor behavior
5. Identifies and prevents cri.miilal and unethical conduct
6. Implements a means for immediate and appropriate corrective action
B. Corporate Compliance Program Elements
1. Develop and distribute written standards of conduct and policies and procedures that
demonstrate the organization's cd(nmitment to compliance
2. Designate a chief compliance officer and an appropriate oversight committee
3. Develop and implement regular and effective employee education programs
4. Implement and maintain an appropriate confidential complaint process
5. Develop a process to respond to allegations
6. Use audits to monitor compliance
7. Investigate and resolve identified problems
C. Corporate Compliance: Office ofinspector General (OIG) responsibility
1. Department of Health & Human Services
2. Oversight of programs funded through the American Recovery and Reinvestment Act of 2009
(Recovery Act)
3. Develops annual work plans focused on gaps within healthcare systems
4. Focused investigations:
. - -'' ,,, ~
,_.·,,
3~;:: "
ii
•
~;J.h
'
_:;
. ···:.::·::-r::::- .. -
"·/··
a) Individuals and organizations that knowingly and willfully execute schemes to defraud any
HHS program, grant, or contract involving Recovery Act funds; and
b) Facilitate ongoing communications with federal, state, and local law enforcement and
other agencies regarding the use and distribution of HH~ Recovery Act funds. -
_IX. Employment Laws and Regulations

A. Federal Statutes Regarding Employment
1. Fair Labor Standards Act (FLSA)
2. Title VII of the Civil Rights Act of 1964
3. Title I Americans with Disabilities Act (ADA)
4. Age Discrimination in Employment Act (ADEA)
5. Section$ 1981 and 1983 of the Reconstruction Civil Rights Acts
7. Equal Pay Act ofl963
8. Uniformed Services Employment and Reemployment Rights Act
9. "Whistle-blower" protection
B. Title VII of Civil Rights Act (Anti-discrimination Law)
I. Prohibits not only intentional discrimination, but also practices that have the effect of
discriminating against individuals because of their race, color, national origin, religion or sex
2. Established the Equal Employment Opportunity Commission (EEOC)
3. Prohibitions include:
a) Sexual harassment: Any act that creates a "hostile work environment"
b) A hostile work environment is a work environment made intolerable to a reasonable
person by the frequency, severity or pervasiveness of objectionable words, actions or other
materials of a sexual nature, or materials that direct hostility at people because of their
ethnicity, race or age. Employees who experience sexual or nonsexual harassment can claim
the discrimination created a hostile work environment. .
c) Pregnancy-based discrimination: Pregnancy, childbirth and related medical conditions
must be treated the same as other illnesses and temporary conditions and may not be used
to deny employment opportunities.
C. Title I, Americans with Disabilities Act of 1990 (ADA for employees)
1. Prohibits discrimination in recruitment, hiring, promotions, training, pay, social activities,
and other privileges of employment on the basis of disability in all employment practices
2. To be protected by the ADA, an individual must have a disability or have a relationship ?r ,
association with an individual with a disability ·
a) A disability is defined as a person who has a physical or mental impairment that
substantially limits one or more major life activities; a person who has a history or record qf
such an impairment; or a person who is perceived by others as having such an impairment
3. Title I requires employers with 15 or more employees to provide qualified individuals with
disabilities an equal opportunity to benefit from the full range of employment-related
opportunities available to others

4. The law restricts questions that can be asked about an applicant's disability before a j~b offer is made
5. Employers are required to make reasonable a~commodation to the physical or mental
limitations of otherwise qualified individuals with disabilities, unless it results in undue hardship
D. O~er federal acts affecting employment discrimination-
!. Age Discrimination in Employment Act of 1967 (AD EA) prohibits employment
~sc$nination against individuals age 40 and older
',\
2. Equal Pay Act of 1964 (EPA) prohibits discrimination on the basis of gender in compensation
for substantially similar work under similar conditions
3. Civil Rights Act of 1991 includes provisions for monetary damages in cases of intentional
discrimination and clarifies provisions regarding disparate impact actions
E. Equal Employment Opportunity Commission (EEOC)
1. Federal agency within the Department of Labor
2. Responsible for receiving and investigating charges of discrimination filed by former, current
or prospective employees under Title VII, ADA, and ADEA
3. EEOC claim must be filed within 180 days of alleged action
a) If negative findings: Employee can bring civil action
b) If positive findings: EEOC brings charges against organization
F. Employee Retirement Income Security Act (ERISA)
1. Establishes a standardization of the administrative functions of employee welfare benefit plans
2. Establishes federal pre-emption of state laws that cover plan benefits from state courts to
federal courts to avoid conflicting regulations among states
3. No pain and suffering damages available to the plaintiff if a claim is preempted by ERISA
4. Some movement seen among states to permit health plans to be sued directly by enrollees in
defiance of ERISA preemption
X. Workplace Safety
A Occupational Safety and Health Administration (OSHA)
1. The primary regulatory agency in the field of occupational safety and health is OSHA a
federal agency within the United States Department of Labor
2. OSHA has authority to promulgate standards pursuant to the Occupational Safety and
Health Act of 1970 which has a general duty clause
a) The general duty clause requires that each employer furnish to each employee a job and a
workplace that are free from recognized hazards that are causing or are likely to cause death
or serious physical harm to employees
b) OSHA has full regulatory authority to enforce its standards and regulations
3. The purpose is to create workplace safety rules for employers with more than 10 employees
except low hazard industries such as finance, retail, insurance, etc.
B. Occupational and Environmental Risk Exposures for Healthcare Facilities
1. Establishes a federal requirement that employers provide a place of employment that is free
from recognized hazards to personal safety and health, such as exposure to toxic chemicals,
excessive noise levels, mechanical dangers, unsanitary conditions, heat or cold stress, etc.
~--·-_·>;·,~· .... -.
·,:,.-.·:,-·.
2. Twenty (20) diff~rent C<!tegories that address the principal health concerns for which OSHA
has developed safety standards
3. Numerous other injuries and illnesses not directly addressed by OSHA
4. Hazard Communication Standards I Employee Right to Know Rule
a) OSHA requires that standards are developed and information is disseminated about the
identities and hazards of chemical to ensure chemical safety in the workplace
b) Material Safety Data Sheets (MSDS)
C. Environmental Protection Agency (EPA)
1. Mission is to protect human health and the environment
2. Leads the nation's environmental science, research, education, and assessment efforts
3. Regulates materials and activities outside of buildings
D. Environni~ntal Issues
1. Underground storage tanks
2. Aboveground storage tanks
3. Asbestos removal
4. Disposal of hazardous waste
5. On-site medical waste incinerators
6. Clean Air Act
7. Clean Water Act
8. Toxic Substance Control Act
9. Hazardous Waste Operations and Emergency Response Standards (HAZWOPER): Applies to
workers who clean up hazardous spills or hazardous material
E. Environmental Issues in Acquisitions
1. Inspection of the property
2. Records review
XI. Accreditation, Surveying and Licensing Bodies Introduction

A. Overview
1. More emphasis on consumer driven healthcare, an increase in payor reimbursement'~trategies,
demands from an increasing aging population and growing personal responsibility have
increased the development, visibility and vigilance of accreditation licensure and certifying
agencies
2. Some oversight agencies are voluntary while others are mandatory :
3. Healthcare organizations must demonstrate intent and willingness to comply with published·
1
. '
standards
4. Healthcare organizations with better outcomes focus on patient safety, safe delivery and
effective and efficient care without compromise of essential elements
B. Mandatory surveying body and activities
1. Mandatory activities may occur

a) Organizational licensure
b) Individual healthcare licensure
,c) State requirements
~~ \ g~lJJ [, c ( 1 , ' ~ l J IU ' '- , '

1
.._
U.S. Dep'~ent of Health and Human Some agencies under DHHS:

Services (D HHS) • National Institutes ofHealth (NIH)
www.dhhs.gov • Centers for Disease Control and Prevention
• Principle agency for protecting health of all (CDC)
Americans and providing essential human • Indian Health Services (HIS)
services, especially for the population least • Food and Drug Administration (FDA)
able to help themselves.
• Agency for Healthcare Research and Quality
(AHRQ)
Centers for Medicare and Medicaid Services Some activities under CMS:
(CMS) • Regulation of laboratories
www.cms.gov • Surveys
Oversees payment for healthcare covered by • Certification of nursing homes, hospitals, home
the federal government health agencies, intermediate care facilities
• Most visible certification organization • Development of coverage policies
• May contract with state health departments • Quality of care improvement
to survey healthcare organizations • Purchase of health services for beneficiaries
• Establishes policies for healthcare payment
• Oversees payment to healthcare
organizations
State health departments Some state-level activities:

Oversee healthcare organizations' "right to do Requirements vary by individual state, based
business" on culture
Activities include but are not limited to:
• Regularly scheduled activities
• Conducting independent inspections/
surveys
• Forming "deemed status" relationships with
private accrediting bodies
• Reacting to highly publicized or tragic events
• Credential review and privileging programs
C. Accreditation
1. Importance
a) A reflection of compliance with established norms or standards
b) A reflection or snapshot in time
ci{:i
156 ASHRM Preparation Guide for the CPHRM Examination l

s 4
~(~{:~
'
...
~--~---.-,·--·.-;---::·-··:·!
c) Viewed by the public and payor as a "Seal of Approval"
d) A threshold for contracting for some payors
2. Voluntary accrediting organizations
a) The Joint Commission: T]C
b) Det Norske Veritas: DNV
c) National Committee for Quality Assurance: NCHQ
d) Healthcare Facilities Accreditation Program: HFAP
e) College of Am~rican Pathologists: CAP
..
3. Value of participating
a) Public demands it
b) Participation makes good business sense
c) Leads to improved patient care and safer environment
d) Promotes good discipline
e) Supports transparency
f) Right thing to do
g) May present advantages in marketing and recruiting
D. Risk management implications of accreditation, surveying and oversight
1. Be familiar with all of the organizations responsible for oversight for accreditation, surveying
and oversight
2. Collaborate with others in the facility to assure compliance with established standards and
data outcomes
3. Be familiar with state requirements and have knowledge of where to access published standards
4. Expect additional regulation of healthcare
5. Focus on patient safety, patient rights, governance, product safety, provider qualifications and
fiscal responsibility (payors and providers)
6. Consider future risks of health e-commerce, confidentiality of data, unauthorized access and
disclosure of patient data, provider qualifications and customer satisfaction
E. Non-compliance
1. Failure to meet licensure, accreditation and certification requirements may have an irripact on
loss exposure
2. Loss of funding due to violations of regulatory or accrediting standards
3. Public disclosure may potentially jeopardize public image, finances and potentiallitigatio~
resulting in a reputationalloss \
4. Exclusions from CMS may result from non-compliance
5. As fraud and abuse becomes a focal point for the government, both criminal and civil
monetary penalties will be assessed for violations
6. Threat of criminal charges, resulting in prison sentences, will raise concerns that healthcare
programs are appropriately established and directed by governing boards
7. Ifthe CMS uncovers any evidence of non-compliance, other state and federal agencie5 may be notified

XII. Tort Reform
A Varies from state to state
1. AMA listing of "In Crisis," "Showing Problem Signs," "Effective Reforms Halting Crisis" and
;"Currently OK" states
. 2. In some states, obstetricians and rural family physicians no longer deliver babies; high-risk
,spe~ialists no longer provide trauma care or perform complicated surgical procedures
1
B. Federai tort reform
1. Various legislation attempts in both House of Representatives and Senate
2. No legislation passed, to date
C. General p~ovisions of tort reform measures
1. Statutory imposition of limits (caps) on general damages awarded in medical malpractice lawsuits
2. Focus on limiting non-economic damages
3. Allowing for periodic payments for future damages
4. Disclosing the existence of "collateral" benefits to juries
D. California's Medical Injury Compensation Reform Act (MICRA)
1. Enacted in 1976
2. Serves as the benchmark for most efforts at tort reform in other states
E. Effect on malpractice insurance
1. Limits on damages and other cost controls encourage insurers to offer professional liability
insurance in areas governed under tort reform statutes
2. High premiums forcing physicians in some areas of the country to retire early, relocate or give
up performing high-risk medical procedures
XIII. Case Law .

A Based on judicial decision and precedent rather than on statutes
B. Case law risk management implicaJons
1. When courts render a decision in the form of a written opinion, the opinion becomes part of
the body of law and should be given the same consideration as statutory law
2. Risk managers should routinely review relevant cases in local and federal jurisdictions to
anticipate any changes that might be required as a result of recent decisions
XlY. Peer Review

A Overview
1. Process used for checking the work performed by one's equals to ensure it meets specific criteria
2. Promotes patient safety and well-being of patients through ongoing monitoring of physician
performance
3. Hospitals have a direct and independent responsibility to patients to ensure quality of care
provided (Elam v. College Park Hospital)
4. Responsibility vested in organization's board of directors, which delegates operational
elements to medical staff
J
158 ASHRM Preparation Guide for the CPHRM Examination ,,~~t
J
. ...... ,.. -~-~~~--~·

.
5. To encourage physician involvement, states have enacted laws that provide protection from
civil liability for individuals who participate in peer review activities
6. Healthcare Quality Improvement Act of 1986 provides protections at federal level
B. Risk management implications of peer review
1. Need for hospitals to establish a thorough and above-board peer review protocol crucial
2. Integrity of peer review process crucial to maintaining privilege of proceedings
3. Records of protected committees must be controlled to enable application of immunity from
discovery in litigation
4. Staff education and adoption of related policies and procedures important to reserve
protections afforded under the law
REVIEW QUESTIONS
Complete the review questions and then compare your answers with those explained below.
A 28-year-old uninsured male patient is re:ceived unannounced from a rural acute care hospital. The
patient is fully alert and oriented, but he is cachectic, HN-positive and has a knife wound to his leg.
His hemoglobin is extremely low. A staff member is directed to start a blood transfusion, but the
staff member refuses. Another staff member attempts to give him a blood transfusion, but the patient
refuses the transfusion. Although aggressive medical care is rendered to the degree possible, the
patient expires 12 hours later.
1. Which of the following statements is true about the staff member who refused to administer
the transfusion?
A. Employee has a right to refuse to perform in a dangerous situation such as an HN-positive
patient
B. Employee has a right to r~fuse to perform in a dangerous situation such as an HN-positive
patient with active, uncontrolled bleeding
C. Employee is protected by the ADA
D. Employee has no right to refuse to administer the transfusion
Amwer: D
Right to refuse is not based on religious reasom and right to conscience. Caregivers may not abandon the
patient.
2. When the above patient refuses the transfusion, which of the following actions should be
taken?
A. Court order should be sought
B. Transfusion should be administered without the patient's consent since it is a life saving a~on ~
C. Care should be provided to the degree possible while respecting the patient's wishes
D. Supportive only measures should be given
Amwer: C
The patient's autonomy allows that he can refuse or accept treatment. This is especially true here because the
scenario does not indicate that he is incompetent to make his own decisiom; he can do so even to the point
ofhis own detriment or demise.

3. The committee that generally is charged with oversight of investigative patient research is the:
A. Quality assurance committee
B. Institutional review board
'
C. Utilization review committ.ee
D. Ethics, or bioethics, committee
Answer:'B \
It is the responsibility ofthis committee to identifY and minimize risks_ to the human subjects during
research. Members should determine how the research would be periodical!J reviewed and monitored
via data collection. They also superintend the subjects' rights ofacceptance, rejection or termination of
participation.
4. Which of the following are examples of advance medical directives?

1. Living will
2. Durable power of attorney for health care
3. Physician's do not resuscitate (DNR) order
4. Legal guardianship papers
A. 1 only
B. 1 and 2 only
C. 1, 2 and 3 only
D. All of the above
Answer: B
A physician's DNR order is not done by the patient. It may be ordered in agreement with the patient, but
it is not a separate legal document. A DNR status may be rescinded at any time, ifthe patient is competent
when making that ~hange. Legal guardianship papers are not considered as an example ofan advance
directive.
\._
5. A group of obstetricians and neonatologists submits a proposal for a study on a new drug
that might improve fetal lung maturity and, therefore, the survival of newborn infants. The
proposal is approved by the institutional review board (IRB), and the study commences.
Two months into the study, the physicians decide to alter the drug regimen. Instead of giving
the drug during just the second month of the pregnancy; they want the drug given until the
completion of the first trimester. The IRB has a backlog of proposals, and the investigators
fear their revised proposal will not be evaluated for a few months. The investigators should:
•
A. Ask the Department of OB-GYN to approve the change
B. Ask the Department ofOB-GYN and the Department ofPediatrics to approve the change
C. Consult the ethics committee
D. Suspend the study untU they can obtain an opinion from the IRB
Answer: D
Ifa researcher changes the conditions ofthe study, the IRB must review the changes to determine if there
are any new risks involved, decide how the change will be monitored, and then approve or disapprove the
researcher's proposed alteration.
L__
6. The Patient Self-Determination Act (PSDA) obligates which of the following entities to
· provide their clients with information regarding advance directives?
1. Hospitals
2. Providers of outpatient services
3. Health maintenance organizations (HMOs)
4. Home healthcare services
A. 1 and 2 only
B. 1, 2 and 4 only
C. 1, 3 and 4 only
D. All of the above
Answer: C
As a condition ofparticipation in Medicare and Medicaid programs, obligations are imposed upon
hospitals, hospices, skilled nursingfacilities, home health providers, personal care service providers and
managed care organizations; however the PSDA does not apply to pr0t1!iders ofoutpatient services.
7. Ethics consultations and decision-making done systematically will help to ensure that ethical
principles are met. This approach would include all of the following except:
A. Verification of the facts
B. Documentation of the rationale for the decision
C. Unanimous agreement among the participants
D. Identification for the potential legal and ethical problems that may be involved
Answer: C
Unanimous agreement is not required; however, there should be recommendations to the caregivers
providing direct care to the involved individual.
8. The Health Insurance Portability and Accountability Act (HIPAA):

1. Prohibits the flow of individually identified health information for unauthorized purposes
2. Allows individuals to know who is accessing their information
3. Allows individuals the opportunity to obtain corrections to inaccurate or incorrect information
4. Provides for legal recourse against individuals who misuse or mishandle health informatipn
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only 1\
D. All of the above

Answer: D
HIPAA does prohibit the flow ofindividually identified health information, so the correct answer must
contain option 1. Likewise, HIPAA allows individuals to know who is accessing their health information,
so the correct answer must contain both options 1 and 2. Only answers C and D contain both options 1
and 2, so the correct answer hinges on HIPAA providingfor legal recourse against the misuse ofhealth
information. Therefore, the all-inclusive answer, D, is correct.

9. Medical devices may play an essential role in the management of a claim. H a medical device
is involved, which of the following should not be done?
A. Remove the device from service
B. C~ntact the device's manufacturer to have them test the device
C. Secure all manuals, contracts, and other documents related to the device
D; ~tertnine if the occurrence must be reported to external agencies
',\
Answer: B
All ofthe answer options are correct except B. Giving a device involved in a claim or incident or PCB to a
manufacturer to test should not be done. Tests are indicated use a third party testing agency that specializes
in forenSic engineering ofmedical devices.
10. The Americans with Disabilities Act {ADA) makes it unlawful to discriminate in
employment against a qualified individual with a disability and requires that places of
public accommodation be accessible to disabled persons. Which of the following may NOT
be considered discriminatory under the ADA guidelines?
A. Terminating an employee only because he has a physical or mental impairment that substantially
limits a major life activity
B. Terminating a disabled person unwilling to perform the essential functions of the job with or
without reasonable accommodation
C. Not promoting a disabled person due to his disability
D. Not providing reasonable means of communication for the person that is deaf, blind or non-
English speaking
Answer: B
The ADA prohibits discrimination against an individual with a disability who, with or without reasonable
accommodation, can perform the essentialfunctions ofthe job.
11. Federal or state criminal convictions ofhealthcare practitioners related to the delivery of
healthcare services must be reportchl to the:
A. National Practitioner Data Bank
B. Healthcare Integrity and Protection Data Bank
C. The Joint Commission
D. Centers for Medicare and Medicaid Services
Answer: B
Th~ Healthcare Integrity and Protection Data Bank was established by the Health Insurance Portability
and Accountability Act ofl996 (HIPM) as a clearinghouse for the reporting and disclosure ofcertain final
"adverse actions" taken against healthcare practitioners, suppliers, and other providers.
12. Under the requirements of the Healthcare Quality Improvement Act, hospitals must query
the national Practitioner Data Bank upon physician appointment and reappointment, but
no less than:
A. Every year
B. Every two years

C. Every three years
D. Every four years
Answer: B
Information on current members ofthe medical staffmust he requested at a minimum ofevery two years.
13. The False Claims Aci prohibits which of the following activities?
1. Presenting a false claim for payment
2. Conspiracy involving federal claims
3. Embezzlement by government contractors
4. Purchase on the black market
A. 1 only .
·'
B. 1 and 2 only
C. I, 2 and 3 only
D. All of the above
Answer: D
The False Claims Act prohibits seven types ofactivities, which include presenting a false/fraudulent claim
for paymentfrom the government, making or using a false statement to get a claim paid, conspiracy to
defraud the government, embezzlement by government contractors, using a false record or statement to
concea~ avoid or decrease an obligation to pay money or property to the government, false certification of
deliveries to the government, purchase on the black market, and reverse false claims.
14. Under EMTALA, a patient is entided to:

1. A medical screening examination
2. Free medical treatment
3. Prompt medical treatment
4. All treatment necessary to stabilize any identified emergency medical condition
A. 1 and 2 only
B. 1 and 4 only
C. 1, 2 and 4 only
D. All of the above
Answer: B
EMTALA requirements include provision ofa medical screening examination to determine ifan
''emergency medical condition" (EMC) exists; ifan EMC exists, provide appropriate medical treatmen_t to ,
stabilize the patient, subject to the availability ofresources (capability/capacity). Ifcapability/capacity 'is ·
not available, provide "appropriate" transfer to facility that does have capability/capacity to stabilize EMC
Participating hospital must accept a patient transfer from another hospital ifit has the capability/capacity ·~
to provide stabilizing treatment to patient that the transferring hospital does not have. EMTALA does not '·
remove the obligation ofthe patientfor payment for services rendered, nor is there a requirement for prompt
medical treatment that should be determined by established triage guidelines.
~··
_•,-
;-·:
<_'

15. Documentation is the essence of the medical record, and risk managers have a personal stake
in preserving the record and enhancing the quality of the documentation. The rules that
govern documentation come from which of the following sources?
1. Joil\t Commission
I
2. State and federal statutes

3. Professi~nal practice standards
4. Insuran2b companies
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and·? only
D. All of the above
Answer: D
Healthcare is a highly regulated business that requires documentation to support compliance. Rules
governing docummtation and medical record management come from several sources, including federal
(CMS), state statutes and state licensure requirements, professional practice standards, specific healthcare
facility protocols, insurance companies, managed care organizations, other third-party organizations, joint
Commission and textbooks.
16. Which of the following is NOT a type of consent?

A Informed
B. Implied
C. Practical
D. General
Answer: C
Informed consent is the process between the patient and care provider in which the risks, benefits and
alternatives are explained and discussed. Implied consent occurs when a serious or emergency condition
exist that require immediate treatment/care /Jnd the patient is unable to communicate/take part in the
communication process and there is no time to secure an individual with the authority by law to consent to
the treatment/care General consent is used to allow release ofpersonal health information. Practical consent
is a misnomer.
I
l _ _ _ , ..• ···-· --, ·-----.-,----
----~ ' ,---- ..... -,--,.-
RISK FINANCING
Domain
RISK FINANCING Domain 165
..L
-
•· I
.....
I
Risk Financing Domain

After leat'ning
I
the content in this section, you should be prepared to:
1. Define risk financing

2. Describe e~ch of the risk financing techniques
3. Differentiate between the different types of insurance
4. Explain the difference between claims-made and occurrence insurance
5. Discuss the cost of risk
6. Compare a soft: market and a hard market
KEY TERMS
Important temis and definitions relevant to this domain
Actuary- A person who uses statistics to compute loss probabilities to establish premiums for
insurance companies and self-insurance trusts.
Boiler and machinery coverage- Provides protection for explosion of boilers and other pressure
vessels and accidental damage to equipment.
Business interruption insurance coverage- Insurance coverage typically provided as a part of a
property insurance policy covering the lost revenues and extra operating expenses associated with a
covered loss such as a fire; attempts to replace revenues lost due to covered loss.
Captive- An insurance company established to provide coverage to a sponsoring entity as opposed
to marketing and selling policies commercially to insureds; the sponsoring entity may be a parent
corporation and its related subsidiaries, a professional association or other group.
Certificate of insurance- A standardized form - usually produced by the insurance agent or
broker who arranges the coverage- that officially outlines the specific type of insurance in place, the
insurance carrier, policy period, policy nuihber, etc.
Claims-made coverage- Provides coverage for a claim .that occurred after the inception or retroactive
coverage date of the policy and is reported to the insurance company while the policy or any
replacement policy is still in effect.
Cost of risk- Value of all risks, internal and external, faced by an organization in fulfilling its mission.
Deductible- Amount required to be paid by the insured before the insurer will make payment for the
eligible loss as stipulated under the insurance contract; typically erodes the maximum benefit provided.
Direct insurance- A contractual arrangement involving the purchase of insurance by an insured
from an insurer.
Directors and Officers liability- D&O policies contain a two-part wrongful act definition:
• Any actual or alleged error or misstatement or misleading statement or act or omission or breach of
duty by directors and officers while acting in their individual or collective capacities
• Any matter claimed against them solely by reason of their being directors or officers of the company.
Errors and Omissions insurance: E&O insurance policies provide coverage for negligent advice or
business services provided by an individual or entity not eligible for professional liability insurance
coverage, such as medical billing companies, insurance brokers and managed care organizations.

Fiduciary liability- Insurance coverage policy that can be purchased to cover the alleged breach of
the fiduciary responsibility under common law or ERISA for individuals who exercise management or
administrative responsibilities for employee benefit plans.
First party insurance coverage- Provides coverage for the insured's own property or person so that
the insured will be restored to the same financial position that he or she had prior to the loss.
Fronting-The use of a licensed, admitted insurer to issue an insurance policy on behalf of a self-
insured organization or captive insurer without the intention of transferring any of the risk. The risk
of loss is retained by the self-insured or captive insurer with an indemnity or reinsurance agreement.
However, the fronting company (insurer) assumes a credit risk since it would be required to honor the •
obligations imposed by the policy if the self-insurer or captive failed to indemnifY the risk. Fronting
arrangements allow captives and self-insurers to comply with financial responsibility laws imposed by
many states that require evidence of coverage written by an admitted insurer, such as for automobile
liability and workers' compensation insurance. Fronting arrangements may also be used in business
contracts with other organizations, such as leases and construction contracts, where evidence of
coverage through an admitted insurer is also required.
General liability insurance- Coverage fof liability arising out o~:he hazards of the premises and
operations.
Guaranteed cost- Also known as "fixed cost" or "first dollar" programs. Insurance coverage is
provided from the first dollar of loss incurred.
Hard market- Insurance industry characterized by escalating premiums, strict underwriting
procedures and limited availability of coverage.
Incurred but not reported (IBNR) -Contains two components:
• An estimate to cover further development of paid losses or known claimants
• An estimate for the discovery of unknown claimants.
Indemnity- Amount that the insured person is paid for the covered expense.
Insurance- A system by which a risk is transferred to an insurance company, which reimburses the
insured for covered losses and provides for sharing of costs or losses among all insureds.
Limits (policy limits) -In insurance, the maximum the insurer will pay, cypically expressed either
per occurrence (occurrence limit) or as an annual aggregate (the maximum insurer will pay for all
claims covered under policy).
Nose- Under a claims-made form, this is the period between an insured's retroactive date and the
current policy period.
Occurrence coverage- Provides coverage for a claim that occurred during the policy period ·
regardless of when the claim is reported to the insurance company.
Professional liability insurance - Coverage for liability arising from the rendering of services or of
the failure to render professional services. ,.,
Reinsurance- Contractual arrangement involving the purchase of insurance by an insurer from '
another insurer.
Risk financing- Includes risk management techniques that encompass all the ways of generating
Risk transfer- Transmission of an organization's risks to an outside party.
Risk retention- Method an organization employs for financing ofloss through the retention of the risk.

Self-insured retention (SIR) -The portion of a claim that the insured is required to pay before the
insurer begins to pay. This is similar to a deductible but is frequently funded through a mechanism
such as a self-insurance trust fund and is larger than a ded~ctible. The insured generally manages
claims falling entirely with the SIR (or contracts with a third party to do so) so that the insurer
is involv~d only if the amount of the claim exceeds or is anticipated to exceed the amount of the
retention~ Self-insured retentions are common in hospital professional liability programs.
Soft market 1 Insurance industry characterized by low premiums, flexible terms and generous capacity.
' ; .
Stop loss covirage - Provider excess coverage that is usually structured to insure excess claims.
Insurance coverage for healthcare and managed care organizations that have agreed in advance to accept
financial risk for the provision of healthcare services under capitated managed care contracts. Stop loss
policies limit the losses experienced by such entities when utilization of service exceeds estimates.
Tail- An extended reporting period whereby a claims-made policy is essentially converted to an
occurrence policy by extending coverage to all claims that arise &om the care rendered during the
policy period regardless of when the claim is reported.
Third-party insurance coverage- Provides coverage to a party other than the insured to make that
person whole for loss or injury covered by the insured; involves three parties.
OUTLINE
I. Structure of the risk management process
A. Identification and analysis of exposures
B. Treatment of exposures
1. Risk control
2. Risk financing
a) Retention
b) Transfer
II. Basics of risk financing

A. Encompasses all ways of generating Rinds to pay for losses that risk control techniques do not
entirely prevent
B. Designed to obtain funds, at the least possible cost, to restore losses that impact the organization
and assure post-loss financ;ial resource availability .
C. An organization should apply at least one risk control and at least one risk financing technique to
each of its significant loss exposures unless exposure avoidance is a practical and safe alternative
D. One risk control technique often may be substituted for another; one risk financing technique
often may be substituted for another
ill. Distinction between risk control and risk financing

A Risk control aims to prevent losses before they occur and reduce the severity of losses after they
occur. Risk financing deals with managing the financial aspects of a loss after it occurs
B. An organization should apply at least one risk control and at least one risk financing technique to
each of its significant loss exposures unless exposure avoidance is a practical and safe alternative
C. One risk control technique may be substituted for another; one risk financing technique may be
substituted for another

IY. Risk financing techniques
A. Risk retention
1. Technique where all or part of the risk is retained by the organization
2. Types of risk retention
a) Current expensing of a loss (use of available cash)
(1) Charging off losses as current expenses without a fund or reserve; paying for losses out
of available cash as they occur
(2) Acceptable for losses that are small in nature and infrequent in occurrence
(3) Example: deductible for various policies (e.g., automobile or property loss)
b) Unfunded loss reserve
(1) Accounting entry that shows a potential liability; segregates a portion of surplus equal
i:~ booked value of retained losses
(2) Examples: uncollectible accounts, loss of revenue for lost items (dentures, eyeglasses,
hearing aids), incurred but~ot reported claims (c~d be unfunded or funded)
c) Funded loss reserve
(1) Organization sets aside funds (cash, securities or other liquid assets) for expected losses
(e.g., "earmarked funds")
(2) Examples: reserve for taxes payable at the end of the month, reserve to absorb the cost
of defending claims
d) Borrowed funds
(1) Organization borrows to pay losses
(2) Results in a reduction in its line of credit or ability to borrow for other purposes
(3) Represents a depletion of its own resources to pay its losses and, in time, uses its own
earnings to repay the loan
(4) A means of borrowing time
e) Formal self-insurance techniques
(1) Self-insurance trust
(a) Funding vehicle that is a bank account administered by an independent third party
(trustee)
(b) Funds are designated for the sole and restricted purpose of paying losses
(c) Since it is not an insurance vehicle, it is strictly limited to the funding purposes for
which it was established
(d) Cannot accommodate the risks of third parties (entities outside the parent's 1:
··.
economic family) 1
(2) Affiliated, captive insurer

I
(a) Closely held insurance company whose insurance business is primarily supplied by'·
and controlled by its owners, and the original insureds are the principal beneficiaries
(b) Subsidiary to finance specified types of losses
(c) Generally, the affiliated insurer and the insured "parent" organizatiqn are members
of the same "economic family," negating any transfer of risk to an outside entity
. '
R1SK FINANCING Domain 169

(d) Corpo~ation for which the product is the payment oflosses and the revenue is
premium payments
(e) Highly formalized type of retention
(f) Types of captives
(i) Single parent
(ii) Group captives
(iii) Fronts
(iv) Rent-a-captive
(g) Important considerations
· (i) Domicile selection (on-shore vs. off-shore)
(ii) Criteria for participation
(iii) State insurance requirements
(iv) Board composition/meeting requirements
B. Risk transfer
1. Techniques that seek to transmit a risk or the responsibility for the loss to an outside party
2. Funding the payment of losses from outside the organization after a specified loss
3. Contract or provision of a contract exists
4. Commitment to pay is specified
5. Organization can transfer the financial burden of losses but not necessarily the ultimate legal
responsibility for losses
6. Types of transfer
a) Noninsurance
(1) Contract under which one party, the transferee I indemnitor, agrees to pay money for
specified types of losses for which, in the absence of the contract, the financial burden
would fall on the transferor\
(2) Indemnity agreement: One party to a contract agrees to pay another if the latte; suffers
a specified type of loss
(3) Hold harmless agreements: a commitment that one contracting party makes to another
to hold the latter harmless from specified types oflegal claims that may be brought
against that latter because of activities covered by the contract
b) Insurance
(1) Insured's risk is transferred to an insurance company, which reimburses the insured for
covered losses and provides for sharing of costs or losses among all insureds
(2) Most common type of risk transfer
(3) Contractual relationship that exists when one party (the insurer), for a consideration
(the premium), agrees to reimburse another party (the insured) for losses to a specified
subject (the risk) caused by designated contingencies (hazards or perils)
(4) Insurance policy should never be viewed as a complete transfer of risk
(5) Risk retention groups: alternative method to commercial insurance for risk transfer

C. Key variables to consider in selecting risk retention vs. risk transfer
1. Size and type of organization
2. Financial strength and resources of the organization
3. Type of risk to be treated
4. Organization's risk-taking philosophy
5. Organization's goals and objectives
6. Effectiveness of the risk management and loss control program
7. Effect each technique has on the organization's long-run costs and, therefore, on its
profitability
8. Financia) security and solvenq of insurance companies
a) Role of state guaranty funds (applicability)
(I) Insw;ance rating system (e.g., A.M. Best, Standard & Poor's, Moody's)
(2) Financial strength and size
9. Soft vs. hard market
a) Insurance industry is cyclical
b) Considerations
(1) Overall business strategy of the carrier
(2) Historical commitment to the healthcare industry
(3) Carrier's reaction to other pricing cycles
(4) Carrier's loss ratio for similar accounts
(5) Analysis oflimits to be purchased
(6) Review of current retentions
(7) Review of current risk and claims management program
D. Typical strategy
1. Combination of risk transfer and retention for professional liability exposures is used
2. Predictable layer of loss is retained
a) State-mandated coverage limits
3. Unpredictable catastrophic loss is transferred
V. Insurance contract
A. Insurance is a legal contract
B. Policy includes four standard elements:
1. Declarations page: Identifies the named insured and describes the property or activity to be insured
a) Components
(I) Policy number
(2) Inception and expiration date
(3) Insured address
(4) Policy limits

(5) Premium
(6) Applicable deductibles
2. Insuring agreement: Provides the language wherein the insurer states its obligations under the
: terms of the contract
a) Components
\1) Broad statement, subject to narrowing and limitation later
(2) Conditional promises to pay
3. Conditions: Spells out the many obligations of the insured and the insurer
, a) Important conditions
(1) Insured's obligations, such as filing a timely proof ofloss, etc.
(2) Insured's obligation to cooperate with the insurer in investigation and settlement of the loss
(3) Insured's obligation to pay the premium in a timely manner
(4)-Terms for cancellation or non-renewal
(5) Insurer's right to inspect the premises
(6) Coverage territory
(7) Applicabtlity of deductibles, limits and defense expenses
4. Exclusions: Describes coverage the policy is not intended to provide
C. Direct insurance vs. reinsurance
1. Direct insurance
a). Involves a contractual arrangement involving the purchase of insurance by an "insured"
from an "insurer"
b) Primary insurance is the first layer of coverage, the layer that is prone to loss
c) Excess insurance sits over specific primary insurance to afford additional limits of liabtlity
d) Umbrella liability over several lines of liability coverage
\
(1) Hospital professional liability
(2) Commercial generalliabtlity
(3) Employer's liability
(4) AutomobUe liabtlity
(5) Aircraft/heliport liabtlity
e) Underlying limit warranties must be verified
2. Reinsurance
a) Involves a contractual arrangement involving the purchase of insurance by an "insurer"
from "another insurer"
b) Risk sharing reduces ultimate loss exposure to a more comfortable level
(1) Stabtlizing effect: smoothes the ups and downs of fluctuating loss experience
(2} Increases capacity
(3) Catastrophic protection: protects against the adverse effects oflarge losses from natural
forces or manmade disasters
- ' .-:----~- . ·- . -
D. Te.rms and conditions of limits of liability
1. Policy limit: Represents the maximum amount the insurer will pay for losses
2. Per occurrence: Applies to a specific loss
3. Aggregate: Applies to all losses within a policy term
4. Defense costs can be included within the policy limit or outside
5. Deductibles or self-in~ured retentions may apply before the limits
E. Agents and brokers
1. Agent: Generally represents one or more insurance carriers
2. Broker: Generally represents the purchaser
VI. State regulation of insurance

A. License irl:surers and insurance company representatives
B. Monitor the financial condition and operations of insurance companies
C. Regulate rates
D. Approve policy forms
E. Take consumer complaints
VII. Types of insurance

A. First party (also known as "direct damage coverage")
1. Coverage for the insured's own property or person so that the insured will be restored to the
same financial position that he or she had prior to the loss
2. Examples:
a) Fire/property
b) Business interruption (time element coverage)
c) Boiler and machinery
d) Builder's risk
e) Flood
f) Earthquake
g) Crime and employee dishonesty
h) HMO/ capitation stop loss
i) Electronic data processing and media
j) Commercial crime insurance and employee dishonesty
\',
B. 1hird party (synonym for "liability insurance") \
1. Coverage to a party other than the insured to make that person whole for loss or injury
covered by the insured
2. Involves three parties:
a) The one who was harmed (plaintiff/claimant)
b) The insured who caused the harm or damage (defendant)
c) The insurer (commercial carrier or alternative risk financing vehicle)

3. Unlike first-party coverage, the named insured is never a direct recipient of the payment for
the loss responded to by the liability policy
4. Examples:
~a) Medical professional liability
b) General liability (premises liability)

\c) Umbrella excess liability
'.\
d) Employment practice liability

e) Automobile liability
f) Garage/garage keeper's liability
g) Dire2tors and Officers liability (D&O)
h) Errors and Omissions (E&O) liability
i) Environmental impairment liability
j) Fiduciary liability
k) Heliport and non-owned aircraft liability
1) Educational and child care center
m) Employee benefit legal insurance
n) Medical director's liability
o) Contractual liability
p) Utilization management/review liability
q) Violation of privacy (e.g., HIPM)
C. Health and welfare insurance/social benefits
1. Coverage intended to indemnify the employee by restoring his or her health and earnings to
the level maintained prior to the loss
2. Examples:
a) Dental '·
b) Health benefits
c) Life
d) Long-term disability
e) Short-term disability
f) Vision
g) Workers' compensation
D. Financial guarantees (surety/bonds)
1. Contract guaranteeing performance
2. Different from traditional concept of insurance in that assets are pledged for full amount of
risk transferred
3. In a surety, one party (surety) agrees to be bound, along with the principal, to a third party in
the same agreement '
... i
4. The surety and principal on bond becomes the promisor to a third-party promisee ~. I
-~~.I
J
-'-----~__:_-.• .·;,,o_,,,•c·_·_:_,_,_,__., •
5. The third party would be able to collect the obligation from surety if principal cannot meet
the financial responsibility
6. Examples:
a) Contract bonds
b) Federal surety bonds
c) License and permit bonds (e.g., alcohol bonds)
d) Public official bonds
e) Judicial bonds
f) Nursing home bonds
VIII. Other i.ti.Surance considerations and program specifications

A. Imporr:int to understand standard program before tackling alternative risk financing structures
B. Insurance pricing: includes factors such as exposures, underwriting considerations, weighting/
rating, and deductible consideratipns ,,
1. Prospective rating
a) Unlike most industries, an insurance company does not know the cost of its product until
well after it is sold
b) Insurers must price their policies prospectively, making the assumption that the past is a
reasonably accurate predictor of the future
c) In offering insurance, an underwriter looks at a blend of industrywide information and the
characteristics of the particular risk
2. Loss exposure
a) Medical staff
b) Occupied beds
c) Measurable data
(1) ED visits
(2) Outpatient visits
3. Pure premium
a) Investigating costs
b) Defending costs
c) Settling claims
4. Experience rating
a) An insurer will take into consideration an organization's own loss experience if it feelsv:the
I
,.
data are accurate and credible
b) To achieve the goal of accuracy, an underwriter will request five or 10 years of experience, 1
recendy valued i.

5. Expense load
a) In addition to collecting enough premium to .adjudicate claims, insurers also need to cover
their costs and generate a profit
; b) Depending on the type of coyerage, the expense loading may be 25-50-percent of the final cost
I
6. Risk charge
. a) Overhead
' b) Loss control services
;
c) Catastrophic loss
7. Retrospective rating
a) Pridng approach that attempts to adjust premiums based on actual loss experience during
the· p~licy term
C. Types of risk financing programs
1. Large deductible
a) Most straight forward method of retaining risk
b) Virtually every type of insurance can be written with a deductible
c) As the deductible increases, credit against the guaranteed cost coverage should also increase
d) Considerations
(I) Risk appetite
(2) Budget ability
(3) Collateral/escrow requirements
(4) Claims handling
2. Self-insurance retention
a) Hard to ~istinguish between this program and a large deductible in many respects
(1) Both allow the insured a premium credit for accepting the responsibility for paying
claims up to a certain level.
(2) Both assume that some risk transfer or insurance excess of the retention will continue
to be purchased
(3) Both approaches may have collateral or escrow requirements
(4) Both may feature stop-loss features
b) State regulations must be reviewed to determine what is required to become a "qualified"
self-insurer
3. Risk retention group
a) An insurance company that provides liability coverage to its members and owners; members
must be "similar or related entities" with respect to the liabilities to which they are exposed
b) Must be licensed as an insurance company in at least one of the 50 states (off-shore
domiciles do not qualify)
c) Types:
(1) Reciprocals
(2) Purchasing groups

-~··--·----
"':"!!'"~
D. Coverage types
1. Claims-made coverage
a) Retroactive date: The date defining the beginning of the coverage period for the claims-
made policy; this date is retained on arf indefinite basis if one- remains with the same carrier
b) Nose: Period of time between an insured's retroactive date and the current policy period
c) To change claims-made carriers
(1) Maintain original retro date (nose coverage)
(2) Buy an extended reporting endorsement (tail coverage) from the existing carrier and
establish a new retro date with the new carrier
(i) Retro date will usually predate the effective date on the policy
(ii) Permits an insured to report claims that are made after a policy period has expired
.; or has been cancelled, provided the wrongful act giving rise to the claim took place
during the policy term
(iii) Provides coverage for a.. claim that occurred ~r the inception or retroactive
coverage date of the policy and is reported to the insurance company while the
policy or any replacement policy is still in effect
2. Occurrence coverage
a) Provides coverage of an insured for incidents that occur while the policy is in effect,
regardless of when:
(1) The incident is reported to the insurer
(2) A claim is filed
b) No need for an insured to obtain an additional policy endorsement or extension when
moving to a new insurer
E. Considerations for whichever program
1. Meeting local regulations
2. Medicare and Medicaid reimbursement
3. Meeting collateral requirements
a) Cash
b) Securities
c) Promissory notes
d) Letters of credit
4. Tax implications
1:..
IX. Cost of risk (COR) i
A. Development of insurance budgets, the value of an organization's liabilities reported on the

audited financial statements, and the effect of COR in continuing a specific clinical service are
examples of the use and impact that COR can play in managing a healthcare organization

B. COR can be categorized into four main areas
1. Hazard risks
2. Operational risks
3. Financial risks
I
4. Strategic risks
C. Cost of hazard risks
' ~(I
1. Generally insurable
2. Components
~)Insurance premiums
b) Retail'l:ed or uninsured losses

c) Internal administrative costs
d) External service and provider costs
e) Sum ~f the components helps approximate the total COR for a specific exposure
3. Insurance premiums
a) Analyze actual costs of risks being transferred
b) Analyze various services provided by the insurance coverage
c) Typically medical professional liability premiums include a cost component for each of the
following:
(1) Covered damages for lost wages, medical expenses, and pain and suffering of the claimant
(2) Legal and expert witness fees
(3) Pre-judgment interest, ·cost of surety bonds and other miscellaneous costs directly
associated with a specific claim
(4) Premium taxes and other assessments placed upon the insurer by the state or other
regulatory agency
(5) Broker/agent commission for placement of the coverage
'·
(6) Policy administration services
(7) Premium finance charges
(8) Risk management, education and other loss control services performed by the insurer
(9) Premium assessments or returns due to change in exposures
d) Exclusions must also be evaluated
( 1) Are defense costs included in the limit of liability, or are they in addition to the limit?
(2) What is the definition of an occurrence and how does the limit apply to multiple
defendants involved in the same occurrence?
(3) Are limits sufficient to cover all claims?
(4) What is the definition of an insured, and would all potential defendants be covered as
intended?
(5) Will some exposures remain?
e) Premium must be evaluated as to the viability, financial status and coverage terms and conditions
'.0..'0:·:-
.1·,·•,· '.

:1: '
;:r: .
.·
r-~rc,:-;:;,-.' -----
4. Retained or uninsured losses
a) Hazard insurance programs usually require facility to retain:
(I) A portion ofrhe loss
(2) A deductible
(3) A self-insured retention
(4) A quota share percentage of the limit
(5) Another form of risk sharing retention
b) Many losses are uninsured or retained on an unplanned basis because:
(1) Risk is not recognized
(2) Coverage is too limited
(3) Risk was uninsurable
c) Some hazard risks that are not always considered and medical malpractice issues that are
uninsurable include:
(1) Known incidents not reported timely
(2) Loss of use of medical equipment
(3) Losses related to research/experimental treatments
(4) Facility contamination
(5) Managed care exposures not delineated
(6) Excluded occurrences under the policy
(7) Insurer insolvency
(8) Punitive damages
(9) Violations oflaw
(10) Unplanned or uninsured issues must be considered in establishing the entity's COR
d) Internal administrative costs
(1) Risk management department salaries
(2) Overhead
(3) Information systems
(4) Program or policy services outsourced
(a) Claims handling
(b) Loss prevention
(c) Policy administration \',
\
5. Other related activities
a) External services and providers
(1) The use of outside services/providers can have a major impact on COR
(2) Examples
(a) Insurance broker
(b) Defense counsel

(c) Litigation manager
(d) Actuary
D. Cost of operational risks
[ <pperational risks are- generally defined as losses associated with internal systems and processes
and the people responsible for them
' .
2. Issue~ to consider
:I
a) Nursing shortage tied to quality of care
b) Physicians doing tests to protect themselves from litigation
E. Cost of financial risks
1. Relates to internal and external factors affecting the financial performance of an institution
2. Examples:
a) Third-party reimbursement
b) Cost of capital
c) Investment performance
d) Price of goods and services
e) Inflation
f) Philanthropy
3. Many financial risks can be mitigated through non-traditional insurance techniques such as
hedging, investment portfolio diversification to protect investments from major swings in
value, and the prudent use of lines of credit to manage an institution's cash flow needs
F. Cost of strategic risks
1. Relates to "big picture" areas of risk such as the quality of senior management leadership,
reputation, market share, the quality of affiliations or product innovation
2. Costs are difficult to measure and typically fall outside the realm of the traditional risk manager
G. COR allocation
\
1. A fair and equitable allocation system allows management to focus its attention on the
greatest opportunities for improvement and to reduce those allocated costs
2. Key principles
a) Defined purpose that clearly states what the organization wants to achieve with the
allocation system
b) Customize expressly for the organization
c) Communicate appropriately within the organization by senior management
d) Support with necessary staff and systems
e) Base on credible data
f) Maintain on consistent basis from year to year
g) Ensure key institutional leaders and physicians are vested in the process
h) Focus on quality improvement in a positive manner
---., ..... ·,;

'~ : .. ·.·.': :
H. COR and benchmarking

1. Internal benchmark must measure the effect of program changes over time
2. Internal benchmarking can effectively focus attention to those risk areas that can be impacted most
3. External surveys continue to evolve as the demand for benchmarking has increased
4. Surveys range from comparing one industry to another or as specific as comparing an
obstetrics department in one geographical area to another in the same geographical are
5. Well known and used external benchmarking reports
a) Risk Management Foundation of the Harvard Medical Institution
b) Risk and Insurance Management Society
c) Aon-ASHRM Hospital Professional Liability and Physician Liability Benchmark Analysis
6. Regardle~s of the system, challenges to benchmarking remain
a) Confidentiality of data
b) Inconsistent or incomplete data.
..
. ,
c) Willingness to share data
d) Cost as opposed to value received
e) Bias on areas of focus
f) Comparability of benchmarked group
7. Influence of outside factors
X. Integrated risk financing and integrated healthcare

A Efficiency: Spend more time on risk prevention and mitigation and less time on annual
insurance renewals
B. "Portfolio Effect": Pulling a group or portfolio of risk together
C. Combined purchasing power: Enhance "market clout" by placing as a package
D. Multiyear single limit: Locking up pricing for several years
E. Use of reinsurance
1. Treaty reinsurance: Protects an insurer across its book of business
2. Facultative reinsurance: Arranged on a risk-by-risk basis
XI. Tax aspects of risk financing

A Benefits of insurance to taxpayers
B. Disadvantage of insurance to taxpayers
C. Disadvantage of insurance to tax exempt entities
D. Tax definition of insurance
E. Unrelated party risk approach
R Brother-sister theory
G. Tax as a factor in captive domicile and form selection

XII. Actuarial and accounting applications for risk financing
A. Expected losses
B. Trends
1. Severity: Generally calculated by measuring the change in average loss costs each year where
~verage loss costs are the total loss costs divided by the number of claims
2. Frequency: Number of claims divided by the number of exposure units
'
C. Loss d~elopment
;
patterns (paid, reported, incurred)
1. Long tail coverage
2. Loss development triangle
D. Eiposure units: Measures the changes in expected loss from year to year due to changes in the
size of the entity or the mix of business
E. Limit adjustment factors
1. Basic lirnitlosses
2. Retained limit losses
F. Data credibility
1. Quality
2. Predictability
3. Geographic
G. Confidence levels: Probability that the expected losses will not be exceeded by the actual losses
H. Pure premiums: Expected loss costs per exposure unit
I. Retention levels
1. Specific
2. Aggregate
J. Coverage form
1. Claims-made: Claims reported dqring the coverage period regardless of when the incident
actually occurred, subject to the retroactive inception date
2. Occurrence: Incidents that occur during the coverage period regardless of when the claim is reported
3. Prior acts: Used in conjunction with claims-made coverage to essentially provide occurrence
coverage by covering any unreported or "incurred but not enough" claims
XITI. Actuarial projections
A. Medicare/Medicaid reimbursement
•
B. Regulatory requirements
C. Bond covenants
D. Audit support
E. Excess insurers and reinsurers
F. Fiduciary responsibility
G. Actuarial reports
1. Purpose or scope
' .
:-3~~--:
.l
:·i ).c;·B~\.l:..
.-~ .
.. \ ~ i
-.. .·
,!'·'
~-- -··.·:····-·..-.·-~ ·..----
2. Distribution and use
3. Reliances and limitations
4. Summary and conclusions
5. Methodology
6. Major assumptions
7. Exhibits and graphs
H. Accounting issues
1. Generally accepted accounting principles
2. American Institute of Certified Public Accountants
XIY. Requests ~or proposals (RFP)

A. Process utilization
1. Insurance brokerage
a) Selection of organization's insurimce broker ~\
b) Evaluate cost and availability of alternate risk financing mechanisms
c) Implementation: direct impact on finances of organization
2. Risk management consulting
3. Outsourcing
4. Legal bill review and auditing
5. Special projects
a) Claim file audits
b) Clinical department audits
c) Regulatory co.mpliance
B. Types of proposals for insurance brokerage
1. Market proposal
a) Specific lines of coverage are assigned to a specific broker who is then assigned to a market
or markets
b) Best used on smaller, easier-to-place coverage lines
c) Compensation is usually paid on a commission basis
2. Conceptual proposal
a) Respondents are asked to offer suggestions on improvements and changes without going to
the insurance market for costs or coverage 1:
\
b) Beneficial for multiple renewal dates, difficult lines of coverage to place, and limited
markets available to underwrite the risks
c) Broker does not have permission to access the marketplace
3. Interviews
a) Series of interviews as a valid selection methodology
b) Proposal to include questions all respondents will need to address

..,...
.
C. Initial steps in the RFP process for insurance brokerage

1. IdentifYing and assessing the goals of the RFP process
f-) Accurate assessment and understanding of what is to be accomplished through the process
I
b) What is the desired outcome?

c) What is the current market?
' \ Soft market: Characterized by low premiums, flexible terms and generous capacity
(f)
(2) Hard market: Characterized by escalating premiums, strict underwriting procedures
and limited availability of coverage
(3) Usual market cycle is five to seven years, but the previous soft market persisted from
the late 1980s through 2000.
d) How much insurance should be purchased?
(1) Appropriate policy limits
(a) Limits historically purchased
(b) Loss history
(c) Regulatory and legal climate
(d) Exposures created by organization's business strategies
(e) Benchmarking against similar organizations
(2) Policy limits may include or exclude defense costs (preferable to exclude)
(3) Sub-limits may cap the coverage for specific perils
(4) Deductibles and self-ip.sured retentions (SIRs)
(5) "Named peril" vs. "all risks" coverage: Specific, narrow coverage vs. broad, catch-all
type of coverage
2. Establishing a timeline
a) Date the RFP is distributed to potential respondents
\
b) Date the risk manager will be available to discuss information
c) Date written response is due
d) Timeframe for evaluation of written responses
e) Date respondents will be notified of results of written proposals
f) Date and time set aside for oral presentation
g) Date by which a final decision will be made
h) Date the assignment is to commence
i) Length of the assignment
3. Establishing a broker selection committee
a) Supports and assists the risk manager during the broker selection process
b) Provides an opportunity to obtain a wide variety of opinions
c) Encourages new perspective on insurance
d) Enhances collective support and buy-in among constituents

4. Determining evaluation criteria
a) Established criteria facilitates an objective process
b) Provides a useful guide in reviewing the written materials and oral presentation
c) Does not need to be complicated, lengthy or detailed
D. What to include in the RFP for insurance brokerage
1. Executive summary
a) Annual reports
b) Organizational charts
c) Brief description of operating divisions
d) Financial statements
e) Mission statements
f) Organizational vision
g) Market share evaluation
2. Insurance information
a) Schedules of insurance
b) Declaration pages to policies
(1) Insurance policies
c) Loss runs
d) Coverage specifications
(1) Comprehensive coverage of all major loss exposures, at a cost effective premium
(2) Evaluation of exposures
(3) Application for coverage (underwriting submission to qualified, interested carriers)
(4) Develop a quotation (qualitative issues such as appropriate limits, deductibles, etc.)
(5) Negotiation of coverage terms, services and pricing
e) Named insured
E. What to look for in responses to the RFP for insurance brokerage
1. Technical competence: broker has a competency that the risk management department does
not have
2. Market access and marketing philosophy
a) Skill in marketing the account to company underwriters
b) Broker's marketing philosophy fits with the organization's corporate culture
c) Broker's criteria for placing business with a given market
3. Account team list: Names of team members and their technical expertise and depth of
experience
4. Account services: Evaluate services required or desired to manage account
5. Consulting services
6. References

7. Service contracts: Should be drafted and approved by both parties
8. Compensation
a) Fixed fee
b) Commission
c) Time and expense
\ d) ·~etainer fees
!\
e) Bonuses
9. Respondents should show proof of coverage in place while handling the client's account
F. M;onitoring results and evaluating services
1. Establish criteria
a) Review what services the outside provider was engaged to perform
b) Agree to service criteria ahead of time
c) De~ermine if criteria are tied into compensation dollars
d) Set periodic status reports
2. Auditing tools: Performance standards
3. Develop and monitor a timeline
4. Stewardship
a) Stewardship reports are prepared by the broker and given to clients as an evaluative tool or
report card on performance
b) Should not be a marketing brochure for the broker
REVIEW QUESTIONS
1. Imagine you are a hospital risk man~ responsible for purchasing and managing the commercial
insurance and the self-insured retention (Sffi) fund. You have structured professional liability
coverage with a combination ofSffi and commercial insurance. The Sffi limits are $1,000,000
per incident and $3,000,000 yearly aggregate. In addition to the SIR, you have purchased excess
coverage in the amounts of $10,000,000 per incident and $25,000,000 yearly aggregate.
Assume all policies are written on a calendar-year basis, all payouts are in the correct year, and the SIR
fund and the commercial insurance carrier are financially solvent.
~amples: If no claim has been paid during the year, a total of $11,000,000 per incident and
$28,000,000 yearly aggregate are available.
Per I ncidem \cu·k Aggrc:g.1re
Self-Insured Retention Fund $1,000,000 $3,000,000
Excess Coverage $10,000,000 $25,000,000
Total Available $11 ,000,000 $28,000,000
--~~._..c.::··.·-··-·
If the first claim is settled for $1,500,000, the SIR pays the first $1,000,000, and the excess carrier
pays the remaining $500,000.
What is the remaining balance for the year end for the SIR and excess coverage? _ _ _ __
Answer. This leaves a year-end SIR balance of $2,000,000 and $24,500,000 of excess coverage for the year.
Ifthe next claim is settledfor $10,000,000, the SIR pays the first $1,000,000, and the excess carrier pays
the remaining $9,000,000. What is the remainingy~ar-end balance for the SIR and the excess coverage?
Answer: 7his leaves a year-end SIR balance of$1,000,000 and an excess coverage year-end balance of
$15,500,000.
2. 'What type of primary malpractice insurance policy is necessary to purchase "tail/prior acts"
coverage when changing carriers?
A. Excess
B. Umbrella .:
C. Occurrence
D. Claims-made
Answer. D
Claims-made coverage provides coverage for a claim that occurred after the inception or retroactive coverage
date ofthe policy and is reported to the insurance company while the policy or any replacement policy is still
in effect. A tail essentially converts a claims-made policy to an occurrence policy by extending coverage to all
claims that arise from the care rendered during the policy period regardless ofwhen the claim is reported
3. The insurance industry is cyclical. It is characterized by periods noted as "hard" and "soft"
markets. 'Which of the following statements is TRUE?
A. During a hard market, coverage is available and affordable
B. A hard market is characterized by flexible coverage terms
C. During a hard market, coverage may not be available at any cost
0. Hard market cycles last longer than soft market cycles
Answer. C
During a hard market it becomes difficult to place coverage and terms become less favorable. Only answer
C is correct.
4. 'Which of the following are types of third-party of liability insurance?

1. General liability
2. Fire/property
3. Directors and officers \',..
4. Fiduciary
A. 1 and 2 only
B. 1 and 3 only
C. 1, 3 and 4 only
D. All of the above
~'-
Answer: C
Ifthe insurance paymentflows to you or your organization, it is first-party insurance. Since liability policies
pay for damage or injury to someone other than you, it is not first-party coverage.
5. A captive insurance company is:

A. A type of reinsurance
B. A form of a self-insurance trust
(I
C. A fronted retention group

D. An insurance company subsidiary that insures the risk of the parent
Answer:D
A captive is an insurance company established to provide insurance coverage to a sponsoring entity as
opposed to marketing and selling policies commercially to insureds. The sponsoring entity may be a parent
6. An insurance policy contains what four standard elements:

A. Declaration page, broker, S&P rating, exclusions
B. Declaration page, defense costs, deductibles
C. Conditions, exclusions, insured's name only, where invoices are to be sent
D. Declaration page, insuring agreement, conditions, exclusions
Answer: D
A policy contains four standard elements: declaration page, insuring agreement, conditions and exclusions.
7. A physician has a $1-million policy limit with a $100,000 per-claim deductible. How much
insurance does the insured have?
A. $1,100,000
B. $1,000,000
c. $900,000
D. $800,000
Answer: C
The carrier is responsible to pay the deductible and recover.from the insured. The deductible amount is subtracted
.from the policy limit resulting in the insurance amount. A letter ofcredit may be required.from the insured.
8. A new claim has been reported to the insurer. The claim occurred on 6/112012 and was reported
2h/2013. The facility has a claims-made policy dated 111/2013 -12/31/2013 with a retroactive date
of 1/1/2003. Assuming the claim is for a covered loss and was not known or reported to the prior
carrier at the time of occurrence, will the carrier accept the claim as being covered under the policyr
A. Yes
B.No
Answer: A
Claims-made coverage provides coverage ofa claim that occurred after the inception or retroactive coverage date
ofthe policy and is reported to the insurance company while the policy or any replacement policy is still in effect.

,,,,' __ ..
,.,,,_,~·'·,_·,_,,.,~-
CLAIMS AND LITIGATION

Domain
1:
··.
I
I
·'·
ClAIMS AND LITIGATION Domain 189

Claims and Litigation Domain .
After leflrning the content in this section, you should be-prepared to:
I
A. Examine the claims management process from the occurrence of the event to claim resolution
B. Dist\flgu~sh between a claim, a potentially compensable event, and a lawsuit
~I
C. Describe the types of liability

D. Describe the four elements that must exist in order for there to be professional liability
E. Discuss the various exposures for different types of organizations
F. Identify factors that may influence whether a claim is covered under an insurance policy
G. State the va!ue of collecting claims data
H. Describe :ilie critical steps in a lawsuit
KEY TERMS
Important terms and definitions relevant to this domain:
Adverse event- Any injury (undesirable clinical outcome) caused by medical care and not an
underlying disease process.
Adverse outcome- Clinical outcome that, while neither desirable nor necessarily anticipated, may
still have been a known possibility associated with the treatment or procedure.
Alternative Dispute Resolution - A process or system to resolve disputes outside the formal judicial
process.
Negotiation- A voluntary, usually informal, unstructured process. There is no third-party
facilitator, but parties may be represented by legal counsel.
Mediation -A process in which a neutral third party helps the parties reach a mutually-acceptable
agreement.
\.
Arbitration - The hearing and determination of a case in question someone either chosen by the
opposing parties or by a person appointed under statutory authority.
Binding- An agreement that is final and not appealable.
Non-Binding-An agreement is not final until it is entered by the court into the record allowing
the party to continue the civil litigation process.
Answer -A document filed with the court in response to a complaint or petition. Generally the answer
must: 1. Admit that the plaintiffs' allegations are true 2. Deny that the plaintiffs' allegations are true or
3. State that the defendant does not have information regarding the truth or falsity of the allegati9ns.
Appeal- An action that is taken after the trial of a matter or after a dispositive motion has been
entered in a matter. An appeal may be taken for the purpose of correcting an error made by the trial
court or to obtain a new trial. Also, it is a resort to a higher court to obtain a review of a lower court's
decision and a reversal of the lower court's judgment or granting of a new trial.
Assault- An intentional act that is designed to make the victim fearful and that produces reasonable
apprehension of harm.

':.: . ..:..:._:..:__·_'.
Attorney-client privilege - A legal doctrine recognized by both common and starutory law
protecting certain confidential communications between an attorney and his or her client from
discovery in a legal proceeding unless the privilege is waived by the client.
Attorney work product privilege -A legal doctrine recognized by both common and statutory law
protecting the documents generated, theories devised, legal strategies formulated, etc., by-an attorney
on behalf of a client from discovery in a legal proceeding unless the privilege is waived by the client.
Battery- In .tort law, the intentional causation of harmful or offensive contact with a person without
that person's consent.
Claim- Formal notification that monetary damages are being sought for an alleged injury.
Claims-made coverage - Provides coverage for a claim that occurred after the inception or
retroactive coverage date of the policy and is reported to the insurance company while the policy or
any replacement policy is still in effect.
Claims man~ment- A systemized approach utilized to reduce the financial loss and negative
community image of a healthcare organization in situations where prevention fails and injury occurs.
Complaint/Grievance- A formal or infqrmal written or verbal complaint made to the hospital by
the patient or the patient's representative ~egarding the patient's clre. Medicare/Medicaid Hospital
Conditions of Participation require a formal process for patient notification of their rights and for
response and follow-up with the patient.
Complaint (legal) - One of the initial filings with a court to begin a lawsuit; normally recites all of
the allegations against the defendant and theories upon which the plaintiff seeks to recover damages
(may be called a petition in some jurisdictions).
Damages- Monetary compensation obtained for an injury for which the plaintiff (claimant) seeks
compensation from the defendant (healthcare provider) and may include economic losses, emotional
distress, pain and suffering and disability.
Punitive or Exemplary- Damages sought or awarded to punish or deter a defendant or others from
similar conduct rather than to compensate the injured party. The awarding of punitive damages
generally requires a showing of gross negligence or willful and wanton misconduct. Such damages are
not insurable in some jurisdictions and may be excluded by insurance pol.icies.
Special- Acrual damages such as medical expenses related to the injury.
Defamation- Intentional false communication that injuries another's reputation.
Slander -A false and defamatory statement (oral/spoken) made about a person.
Libel- Defamatory language expressed in print, writing, pictures, or symbols intended to injure
another's reputation, business, or means of livelihood. ·
Depositions -Testimony (under oath) of a witness taken on interrogatories reduced to writing and
used to support or substantiate testimony offered at trial. The deposition is an important phase of the
discovery process. It consists of a question-and-answer session in which the witness is interrogated
1
under oath, after which the testimony is transcribed. :
Discovery- The process in litigation by which each party to the action seeks to learn all the facts that
either 1. Support the plaintiffs cause(s) of action, or 2. Support the defendant's asserted defenses or denial~.
i,
Duty to defend- Insurer will defend any claim or suit alleging injury or damage and seeking
damages covered under the policy.
Duty to pay damages - Insurer will pay damages covered under the policy retroactive date.
CWMS AND LITIGATION Domain 191

,....
Event- A happening or occurrence that is not part of the routine care of a particular patient or the
routine operation of the healthcare entity.
Employee Retirement Income Security Act (ERISA) -A federal law that sets minimum standards
for most :voluntarily establi~hed pension and health plans in private industry to provide protection for
individtj.als in these plans. -
Fraud and abuse- Fraud is an intentional misrepresentation, deception or act of deceit for the
purpose. of r~ceiving greater reimbursement. Abuse is reckless disregard or conduct that goes
against :kd is inconsistent with acceptable busiriess, medical practices, or both, resulting in greater
reimbursement. The terms are generally used together to refer to breach of federal statutes and
regulations regarding inappropriate billing, kickbacks, referrals, related to the federal or state
Medicare and Medicaid programs.
Guardian Ad Litem- A person appointed by the court to represent the interests of a minor child, an
unborn child or ~ disabled person.
Integrated delivery system -A healthcare system made up of various types of providers, including
hospitals, ambulatory care centers, surgery centers, home health agencies and physician practices, and
frequendy a managed care organizati~n, such as an HMO or a preferred provider organization (PPO).
Insured parties - Organization and employees covered by an insurance policy.
Joint and Several Liability- The legal theory whereas a plaintiff can recover the entire adjudicated
damages from any culpable defendant (joint); or they can collect the apportioned amount from each
defendant (several).
Lawsuit - Formal legal action .filed in court.
Managed care -The integration ofhealthcare delivery and financing that includes arrangements with
providers to supply healthcare services to members, criteria for the selection of healthcare providers,
significant financial incentives for members to use providers within the plan, and formal programs to
monitor the amount of care and quality of services.
Moonlighting- Working at another job after hours of a regular job.
Occurrence coverage -An insurance policy for which coverage is provided for claims that occur
during the policy period, regardless of when the claim is made.
Ostensible agency doctrine- The doctriri'e of ostensible agency; sometimes referred to as apparent
agency, permits a finding of liability on a hospital where there is the appearance of an employment
relationship with an independent contractor. In the absence of an employer-employee relationship, a
managed care organization (MCO) may still be held vicariously liable for the acts of provider physicians
if the patient had a reasonable belief that the physician was the MCO's agent and that this belief was
based upon representations made by the MCO to that effect. The burden is on the plaintiff to prove
that he or she detrimentally relied on the fact that the MCO held the physician out as its agent.
Petition - See entry for complaint.
Potentially compensable event (PCE) - Encompasses any incident in which there is neither an active
claim nor institution of a formal legal action, including those cases in which an unexpected event has
caused injury, the potential for injury or some expression of dissatisfaction or perception of injury.
Respondeat superior- Law doctrine that says an employer is responsible for the acts of employees if
the acts are within the course and scope of their employment.
Reserves - Estimates of the amount ultimately required to setde a claim, or pay a judgment
(indemnity reserve), and to provide for a defense and pay other allocated expenses related to
managing a claim (expense reserve).

Sentinel event- Any unexpected occurrence involving death or serious physical or psychological
injury, or the risk thereof.
Standard of care - In medical malpractice cases, a standard of care is applied to measure the
competence o(the professional. The traditional standard for doctors is that they exercise the average
degree of skilled care and diligence exercised by members of the same profession, practicing in the
same or similar locality in light of the present state of medical and surgical science. With increasing
specialization, however, certain courts have disregarded geographical considerations holding that,
in the practice of a board-certified medical or surgical specialty, the standard should be that of a
reasonable specialist practicing medicine or surgery in the same specialty. In a legal proceeding, the
standard against which the defendant's conduct is measured. The defendant is expected to act as an
ordinary, prudent person with similar training and skill would have acted in a similar situation. If
the defendant's conduct falls below this standard, the defendant may be determined to have acted
negligently.
Summons -A notice to the defendants named in a complaint indicating an action has been filed
against them and that they are required to answer by a specific date and at a specific place.
1hird-party administrator -An indepen<;l.ent organization that contracts to provide claims
management services to a self-insured entity. '-
1hird-party overclaim -A claim by an injured employee against a party other than his or her
employer, such as the manufacturer of a machine involved in the injury, in which the third party
brings in the employer as an additional defendant, such as for failure to properly maintain the
machine. Third-party overclaims fall outside of workers' compensation coverage and are generally
covered by employers' liability policies.
Uninsured parties- Actual or potential codefendants not covered by the organization.
Vicarious liability- The imposition of liability on one person for the actionable conduct of another,
based solely on a relationship between the two persons. Indirect or imputed legal responsibility for
the acts of another (e.g., the liability of an employer for the acts of an employee). Also, a principle for
torts and contracts of an agent.
OUTLINE
I. Claims Management Program
A A systemized approach utilized to reduce the financial loss and negative community image of a
healthcare organization in situations where prevention fails and injury occurs
B. Supported by leadership and board commitment
C. Driven by organizational philosophy and culture
D. Anchored by development of an infrastructure supported by staffing, policies and procedures,
decision authority, program scope and technology
E. Influenced by the organizations chosen risk financing mechanism
1. Self-insurance
2. Commercial insurance coverage
II. Claims Management Process

A. Identification:
CLAIMS AND LITIGATION Domain 193

1. Process of identifying problems or potential problems that can result in loss; recognizing the
potential for loss
2. Established and specifically defined process that includes points in time in which the
-;organizationalleade~ship and/ or board or board committee receives claims information
I
a) New claims
. b) Open and closed cases
'c) Aggregate
. claims experience
d) High exposure cases
e) Impact on risk financing program
3. Claims data collection system for identifying potential claims and litigation
a) Includes numerous data sources and types of events, including potential compensable
events (PCEs) and sentinel events
b) Part of the data mining process
(1) Information from QI, risk, patient safety, medical records, patient relations
(complaints and grievances), committees, hodine, surveys or reports, grapevine,
incident report, recall notices, etc.
c) Supported by technology
(1) Driven by a taxonomy that supports identification of open and closed claims
(a) Critical for meaningful benchmarking purposes
(2) Configured to generate loss runs
(a) Geared towards specific needs of insurers, underwriters, and brokers
(b) Key link to actuarial evaluation process
B. Investigation:
1. Process of collecting information regarding the facts related to a loss or potential loss situation
including collection of evidence and interviews of witnesses
2. Guidelines for investigating an event
a) Discover and document the facts
(1) Include review of policies and procedures; medical records, lab and imaging reports;
interviews with staff under the direction of counsel; determination of the insured
parties, etc.
b) Secure evidence
(1) Verify that there are document retention policies in place and a process for "claim/
litigation holds" of medical records, policies, etc.
(2) Equipment believed to have malfunctioned or user error
(a) Complete voluntary and/or mandatory reports to FDA (SMDA)
(b) Sequester equipment (saving/recording device settings); equipment supplies,
including packaging, needles and syringes; maintenance logs; manuals, etc.
c) Determine the applicable standard of care
(1) May include gathering applicable policies or procedures in place at the time of the eV-ent

.·.·--.:,·.,
.d) Assess the applicable standard of care and legal principles.

e) Communicate with appropriate persons
(1) Interview witnesses
(2) Report the event to the insurance carrier as soon as possible; notify senior management
as appropriate, etc.
(3) Informal, preliminary expert (i.e., peer review process)
f) Protect the discovery of investigative material and avoid spoilage
(1) Be aware of statutory provisions and existing case law in the jurisdiction and work
under the direction of legal counsel
C. Documentation checklist:
1. Name. and demographic information on insured parties
2. Name ·a.nd demographic information on actual or potential codefendants
3. Date of incidence and date of notification
4. Insurance information
5. Claimant information
6. Review of medical records
7. Claimant's injuries
8. Current status of case
9. Summaries of interviews
10. Summary of claimant's allegations
11. Summary of facts
12. Copies of applicable policies, procedures and protocols
13. Copies of maintenance records
14. Summaries of expert reviews
15. Evaluation of damages
16. Evaluation of liability
17. Research including standard of care, applicable laws and regulations
18. Information regarding claimant's attorney
D. Analysis and classification:
1. Established process for claims analysis
a) May be supported by a committee
b) Considered independently as well as in the aggregate \~
c) Fact driven
d) May see evidence of both internal and external influencing factors
2. Claims classification system
a) Supported by technology
b) Driven by risk financing mechanism
c) Required fields (e.g., important dates, location, demographics, etc.)

E. Reporting:
1. All lawsuits, claims and potential compensable events (PCEs) should be reported to
organization's insurance provider(s)
2. frimary layer
a) Commercial insurance
\ q).,, Based upon reporting requirements identified in the insuring agreement to avoid non-
coverage
b) Internal: self-insured retention (SIR) or deductible
(1) The insuring agreement identifies the conditions for reporting
(2) Report to management claims reported to commercial carrier or when institutional
funds are at risk such as a SIR and deductible
(3) Notify public relations if media coverage is anticipated
3. Excess and reinsurers (if applicable)
a) Reporting typically rests with the original insured
(1) Described in the insurance agreement/policy requirements
b) The insurance company may perform an audit to validate the accuracy and completeness
(1) Reporting process
(2) Adequacy and timeliness of reserves
4. Insurance reporting definitions
a) Potentially compensable event
(1) An occurrence for which a claim can be reasonably anticipated, but for which no claim
has yet been asserted
(2) An event for which there are grounds or contributing factors found after investigation,
worthy of compensation being awarded the claimant
b) Claim: Formal notification (ge,nerally in writing) that monetary damages are being sought
for an alleged injury. Generally'accepted definitions, but some policies may define them
differendy. Always check your policy!
c) Lawsuit: Formal legal action filed in court
F. Coverage determination:
1. Questions
a) Is the involved party covered by the policy?
(1) May trigger a duty to defend
b) Is the loss within policy period?
(1) Dates are specified by policy
c) Is the cause of loss covered?
(1) Medical negligence, intentional tort i.e. assault and battery
(2) Duty to pay damages
d) What types and amounts of damages are covered?
(1) Compensatory/punitive
. ~"
196 ASHRM Preparation Guide for the CPHRM Examination ~~:
'------'--~ .. ,_..
~~-·-
,:,,_,_!:' _____
.-
e) Is the location covered?

(1) Activities of the covered individuals are within the scope of their employment
(moonlighting, volunteering, etc.)
(2) Schedule of covered entities or activities
f) What are the policy's exclusions?
(1) Assault and battery
(2) Sexual abuse
(3) Could trigger a reservation of rights letter where party is defended, but only until it
is determined whether or not the loss is covered or a criminal act is adjudicated or
admitted
2. Coverage: Insured or uninsured
a) Insur~d parties: Organization and employees; additional insureds under the facility's policy
(1) Are there any other insurance coverages that would apply?
b) Uninsured parties: Actual or potential codefendants nQ~ covered by the organization
(1) What are the conditions of coverage and does this situation meet the criteria?
(2) What are the coverage types and limits?
(3) Are defense costs included within policy limits?
3. Coverage: types of liability
a) GL- General liability: Hazards in the environment, non-professional judgment and
actions
(1) Slips and falls
(2) Slander (spoken) and libel (written)
(3) Malicious prosecution and false arrest
(4) Assault and battery
(5) Advertising issues
(6) Environmental pollution
b) HPLIPLIPPL- Professional liability/medical malpractice
(1) Professional negligence by act or omission by a healthcare provider in which care
provided deviates from accepted standards of practice in the medical commuhity and
causes injury or death to the patient.
c) EPL - Employment Practices
(1) Non-Discrimination
(a) Civil rights
(b) Age
(c) Disability
(d) Sexual harassment
(e) Whisdeblower
:~.

G. Liability Determination:
1. Negligence
a) A failure to act as an ordinary prudent person would, action contrary to that of a
reasonable party, or the failure to use such care as a reasonably prudent and careful person
would under similar circumstances; carelessness
b) Elements of negligence (4Ds)
I
\!) Duty to exercise reasonable care often noted as the "standard of care"
(2) Duty breached
(3) Direct or proximate causation: "injury''
(4) Damages resulted
2. Stan~d of Care
a) Must be established by expert opinion testimony
b) Exception can be rebuttable presumption of negligence based on:
(1) ·The negligence is so obvious that it is within the common knowledge of jurors
(2) The cause of the injury is under the exclusive control of the defendant and this type of
accident does not happen without negligence (res ipsa loquitur: "the thing speaks for itself')
(3) Negligence per se: A legal doctrine whereby an act is considered negligent because it
violates a statute or regulation
3. Tort reform
a) Activity on both the federal and state levels
b) Various legislative approaches
(1) Monetary cap on non-economic damages (e.g., $250,000)
(2) Mandatory prior notice of intent to file malpractice action
(3) Li.rri.its on percentage allocation of contingent attorneys' fees
(4) Abrogation of joint and s~eralliability
\.
(5) Mandatory alternative dispute resolution (e.g., mediation and arbitration)

(6) "No fault" insurance or state-administered victim's fund
H. Reserving
1. Process of estimating the amount ultimately required to settle a claim or pay a judgment
(indemnity reserve) and to provide for a defense and pay other allocated expenses related to
managing a claim (expense reserve)
2. Depends on numerous factors
a) Venue
b) Plaintiff attorney
c) Joint and several liability
3. An art more than a science, but experience plays a role
4. Critical for the financial soundness of the insurance company or the self-insurance fund
5. Reserve set when exposure and liability can be su.fficiendy assessed, both initially and
ultimately

6. Reserving can be done by the insurance company, the risk management professional or an
outside claims management service or third-party administrator (TPA)
7. Ensure accurately and timely loss runs are maintained
!
l. Claims management strategies - I
1. Defend vs. settle

2. Meritorious vs. frivolous
3. Alternative Dispute Resolution (ADR) -A process designed to resolve disputes in a manner
that avoids the cost, delay, and unpredictability of the traditional adjudicatory process
J. File Management
1. Claim file
a) Correspondence
b) Inves.rlgation documentation
c) Medical Records
d) Expert Reports
e) Legal papers
f) Expenses
g) Reserve history
2. Diary
III. Legal Theories

A. Vicarious liability (general category)
1. Imputed liability for acts of another; employer for the acts of negligence or omissions of its
employees
B. Respondeat Superior (specific category)
1. Employer responsible for the acts of their employees if the alleged wrongful act is within the
course and scope of their employment
2. Employee must also have been found liable
C. Ostensible or apparent agency
1. Patient looked to the facility rather than the individual physician for care
2. The institution held out the independent contractor as an employee, i.e., hospital ba:sed
physician services
D. Corporate negligence
1. Facility responsible for own acts of negligence in failing to ensure that a proper standard: of ,
care is upheld \ ·
2. Facility must have known of a defect in procedures and the defect was substantial factor in the
I
patient injury i.
IY. Exposures of Healthcare Entities

A. Exposures of hospitals and medical centers
1. Respondeat superior

-~
a) "Let the master answer for the acts of the servant"

b) An employer is responsible for the acts of employees if the acts are within the course and
scope of their employment
2 .. Ostensible agency or apparent authority
I
'a) Patient looked to the institution rather than the individual physician for care
b) Institution "held out" the independent contractor or the physician as its employee
'c) Physician services provided by contract require careful review for adequate insurance and
indemnification provisions
3. Negligent credentialing liability
4. Negligent failure to protect confidential data or invasion of privacy (HIPAA and HITECH)
B. Exposures of emergency medical services providers
1. Abandonment
2. Assault/battery
3. False imprisonment
4. Invasion of privacy
5. Failure to appropriately treat the medical condition
C. Exposures of primary care in ambulatory settings
1. Professional negligence
a) Failure to satisfy the standard of care, causation, damages
(1) Inadequate history and poor communication
(2) Failure to order diagnostic tests
(3) Failure to refer
2. Informed consent
a) Negligent failure to properly disclose risks, benefits, alternatives, risks of refusal
3. Battery (failure to obtain permiss4m to treat)
4. Abandonment
5. Elder abuse
6. Negligent failure to protect confidential data or invasion of privacy (HIPAA., HITECH)
7. Safety issues (ensuring a safe environment)
8. Infection control
• 9. Human resource issues
D. Exposures of integrated delivery systems (IDS)
1. Unemployed physicians with hospital privileges are considered to be an independent
contractors
a) Generally, hospital cannot be held vicariously liable for the negligence of independent contractors
2. Development of IDS
a) Arguments are being made that various healthcare entities share some responsibility for
o~er providers to ensure adequate care is being provided
--------~,- ,T•,
·. ·~.: .. ' :~· .
E. Exposures of managed care organizations (MCO)

1. Employee Retirement Income Security Act of 1974 (ERISA) requires that health plans and
plan sponsors provide members with a summary plan description
2. Parties involved in managed care
a) Patients
b) Providers
c) Provider organizations
d) Payers
e) Health plans
3. Liabili1=J theories against managed care organizations
a) Vica.fious liability
(1) Imposition of liability on one person for the actionable conduct of another, based
solely on a relationship between the two persons
b) Respondeat superior ' \
(1) Employer is responsible for the acts and omissions of employees in the course, action
and scope of their employment
c) Ostensible agency
(1) Actions of the principal lead the third party to believe that the putative agent is an
agent or employee of the principal
d) Corporate negligence
(1) Negligent selection of member physicians and/or failure to allocate appropriate resources
e) Breach of contract
(1) Failure, without legal excuse, to perform any promise that forms the whole or part of
the contract
f) Bad faith claims
(1) Claims brought forward without any merit
g) Breach of fiduciary duty
(1) Failure to exercise due diligence in overseeing the affairs of the organization
4. Areas of risk
a) Underwriting risk
b) Business risk
(1) Operating risk: Inability to predict and manage medical expenses
1\
(2) Growth risk: Unplanned expenses due to business growth \
(3) Provider subcontracting risk: Failure to maintain favorable contracts with provider
network, or experiences of higher costs due to referral patterns.
(4) Personnel risk: Failure to recruit and retain key employees
(5) Information risk: Disruption of information technology and its effect ori the organization
ClAIMS AND LITIGATION Domain 201

c) Litigation risk
(1) Insurance risk: Inability to obtain necessary insurance at reasonable rates
(2) Financial risk: Liquidity risk (cash Bow)
(3) Solvency risk: Maintaining sufficient assets to meet ongoing claim payment responsibilities-
(4) Affiliate risk: Associated with organization's access to capital based upon the funding of
the parent organization
:I
d) Regulatory risk
(1) Consumer protection, both federal and state
(2) State licensure
(a) All health insurance plans must be licensed in the states in which they offer coverage
(b) Based upon the state, providers may need to be licensed in order to provide
managed care tasks
(3) Minimum capital requirements: Ucensing agency requires specific levels of statutory capital
(4) Minimal benefit requirements: MCO may be subjected to minimum health benefit
and expense levels
(5) Government investigations: Subject to governmental reviews, audits and investigations
(CMS, DHHS, Office oflnspector General, state insurance departments)
(6) Anti-kickback laws: No inducements for the purchase of services for which payment
may be made under a federal program
(7) Fraud and abuse: Billing for unnecessary goods/ services
(8) Privacy and confideJ?-tiality laws: Both federal and state
(9) Government inquiries
(10) Electronic data transaction standards established under HIPAA and HITECH
(11) Collective bargaining: Some states' legislation allows physicians to collectively bargain
withMCOs
(12) Competition and strat~kic risks
(a) Competition risk: Actions of competitors may negatively impact the organization's
ability to increase its market penetration
(b) Environmental risk: State and federal budget decreases, inBation, unemployment, etc.
(c) Public relations risk: Negative publicity arising out of the management of the plan
5. Controlling third-party loss
a) Four major areas
(1) Due diligence: Legal review of an entity targeted for acquisition by an acquiring party
to obtain financial and operating history along with current status
(2) Patient communication: Clear and defined communication concerning expectations of
patients
(3) Policies and procedures
(4) Risk transfer: Procedure of shifting risk of loss to another party who agrees to accept
the risk

~ • ' • ::• .' 1 ~I ," --- ~~ ~ ~~~--~-'-----
b) Seven steps
(1) Using due diligence and contract analysis to identify critical risk issues
(2) Developing a written plan for provider selection, credentialing and peer review based
on objective performance metrics
(3) Preparing and monitoring written utilization review and quality management plans
(4) Developing a written plan guiding appropriate patient communication
(5) Developing effective billing procedures
(6) Maintaining an ongoing continuing education program for providers
(7) Using insurance and other risk-transfer mechanisms
(a) Use indemnification clauses
~b) Require providers to sign hold-harmless agreements and provide adequate
·· comprehensive liability coverage
(c) Identify coverage available under the provider organization's current insurance
programs and secure aqditional coverage if nee~ed
F. Exposures of long-term care
1. Example: liability for residents who wander from the facility
2. "When a number of residents are injured due to a poorly-operated facility, a class action
lawsuit (e.g., abuse of residents) may result
3. CMS defines the requirements under the federal law for nursing homes (Social Security Act)
to meet the standards for participation in Medicare and Medicaid programs
4. Vulnerable adult statutes
V. Litigation Management
A. Selecting a defense firm
1. Significant experience in litigation
2. Multiple attorneys capable of handling the case
3. No clients preferred over others
4. Billing rates
5. Geographical proximity
6. Current caseload and ability to handle the litigation assigned efficiently and effectively
7. Experience with subject matter
8. Experience with plaintiff counsel chosen to represent the plaintiff
B. Communicating with defense counsel
1\
1. Acknowledgment of assignment immediately after receipt of the case; assignment should. be ~in
the form of a written letter
2. Designation of trial attorney who will work closely with the risk management professional
3. Investigation
4. Discovery
a) Consider litigation management strategies that require prior approval for such things as
expert reviews, necessity of depositions, etc.

5. Medical reviews
6. Cross-claims and/or joinders
a) Require authorization from the risk management professionaL who will discuss with the
; organization'~ CEO and! or other designated individual prior to approval-
?. Settlements
8. 'R.ep~rting requirements
9. Deposition summaries
10. Pretrial litigation strategy
C. Controlling legal fees
1. Oversight of legal fees typically the responsibility of the risk management professional or TPA
2. When identifying defense firms to represent the organization, the following issues need to be
discussed and negotiated:
a) Hou,rly rates
b) Professional services
c) Miscellaneous expenses
d) Billing practices
e) Bill auditing
D. Evaluating defense firm performance
1. Procedural compliance with the agreement set forth in defense counsel instructions
2. Responsiveness and cooperation with the healthcare organization's risk management staff
3. Track record in litigation over the previous year or for a set period of time
4. Billings over the previous year
5. Understanding of underlying medical issues to be able to manage the claim
VI. Insurance Companies and Brokers\

A. Delineation of responsibilities
1. Clarify requirements for reporting potentially compensable events (PCEs), claims and lawsuits
2. Determine responsibilities for investigation, negotiation, authority to appoint counsel,
frequency of status reports and settlement authority
B. Duty to defend and reservation of rights
1. Requirement that the insurer will defend any claim or suit alleging bodily injury or property
damage that seeks damages payable under the insurance policy
2. Reservation of rights is a formal notification by the insurer indicating that while the claim is
being investigated and defended, the company is not waiving its rights under the policy
C. Responsibility for reporting to excess insurers and reinsurers
1. All claims that meet the reporting requirements must be reported in a timely manner under
the requirements set for by the carrier; reporting rests with the original insured
2. Excess or reinsurance company may perform an audit to validate the accuracy and
completeness of the reporting process

. . '._..'...'.J-',> -·-- --·---·--------
VII. Lawsuit Process

A. Public relations strategy
B. Pre-trial procedures
1. Pleadings
a) Summons: A document commanding a defendant to appear and answer before a court
b) Complaint: One of the initial filings with a court to begin a lawsuit. The complaint
normally recites all of the allegations against the defendant and theories on which the
plaintiff seeks to recover damages. May be called a petition in some jurisdictions. Received •
via process server.
2. Response
a) An.sWer
(1) Cross-claims: Suit filed by defendant against plaintiff
(2) Joinders: Additional defendants added to lawsuit
b) Motion to strike: A filing to eli.¢inate a cause of actio.f\_in the complaint or petition or to
preclude the defendant from mounting a defense based on a certain theory
c) Demurrer: Admission of the truth of the allegations asserted by a plaintiff accompanied
by a request for their dismissal due to legal insufficiency to state a cause of action. This has
largely been replaced in the federal court system and in jurisdictions following the federal
court rules of civil procedure by the motion to dismiss.
3. Discovery
a) Interrogatories
(1) Written questions to be answered in writing and under oath; usually completed by the
risk management professional
(2) Objections may be appropriate but detailed reason for objection may be needed (e.g.,
if unduly burdensome and time consuming)
b) Depositions
(1) Testimony of a witness (deponent), given under oath and out of court; party requ~sting
the deposition will also give notice to other parties involved in the legal action, so that
they can be present to cross-examine the deponent
c) Subpoenas or subpoenas duces tecum (requiring certain documents be produced with the
witness) ·
d) Motions (procedural law)
(1) Filing with the court: Requesting the court to perform some function
(2) Motion for summary: A filing that seeks to have a lawsuit decided because there t:re no
genuine issues of material fact for the jury to decide · ~
(3) Motion in limine: A filing to preclude the admission of certain facts, testimony, items, or
proofs at trial; may be granted on the grounds that the evidence is not relevant, is redundant
or duplicative of other evidence, will unduly arouse or inflame the jury, and so on '·
C. Trial procedure
1. Substantive and procedural law
a) Procedural law refers to rules developed to conduct the proceedings of the court

b) Substantive law creates, defines and regulates the rights and duties that are to be enforced
2. Parties and wimesses, fact and expert

3. Finder of fact
i -
' a) A special verdict when the jury only makes the findings of fact and the court applies the
law to the facts found by the jury
4~0utcomes
~;,
a) Jury verdict
b) Settlement
(1) Agreed upon outcome of the case between the parties
c) Directed verdict
(1) Motions are made for directed verdicts when it is believed that the evidence presented
was not relevant and material to the facts of the case; court then rules and determines
the outcome of the case
D. Post-trial procedures
1. Appeal: Action taken after a verdict or decision on a motion has been entered
2. Negotiate a settlement
VIII. Claims setdement process

A. Negotiate with the claimant if not represented by legal counsel
B. Negotiate with the claimant's attorney if represented by legal counsel
C. Settlement agreement
D. Alternative dispute resolution mechanisms
1. Types
a) Negotiation
(1) A voluntary, usually infoqnal, unstructured process. There is no third-party facilitator,
~
but parties may be represented by legal counsel.

b) Arbitration
(1) Either private, voluntary or court related process with a third party making the decision
c) Mediation
(1) Voluntary process where a third party facilitates negotiations between the parties
• 2. Advantages over trial
a) More economical
b) Quicker
c) Less hostile
d) More private
3. Reporting of medical professional liability payment
a) National Practitioner Data Bank (NPFB)
b) State licensing agencies

"1'·,\:r';'.'r'.·.·
REVIEW QUESTIONS
_ 1. The risk manager_ is usually expected to report which of the following to the insurer:
A. All events
B. Claims and lawsuits
C. PCEs
D.AandB
E. B andC
Answer: E
Requirements are described in the insuring agreement. Generally, reporting ofall events is not required but
the reporting ofc,laims, lawsuits and PCEs usually is required under the policy provisions for reporting.
2. A 24-year-old patient presents to the emergency department following a MVA with a

complaint of headache. The contract~d ED physician order~ a CT scan and requests
consultation with Trauma Services. The patient is admitted for observation. Six hours
after admission, the patient arrests, and it is determined she is brain dead &om a brain
hemorrhage. Review of the record determines that a bleed was evident on the CT scan and
that there was a delay in evaluating and treating the patient.
In the above scenario, who are the potential defendants?
A. The radiologist and the ED physician
B. The trauma physician
C. The admitting physician
D. All of the involved physicians
Answer: D
3. In the above case, are all four elements of negligence present?

A. True
B. False
Answer: A
4. Hospitals may be exposed to liability &om all but which of the following:
A. Employees' actions
B. Impaired physician
1:..
C. Contracted physician \
D. All of the above

Answer: D
Exposures can occur from each ofthese as a result ofrespondeat superior, vicarious liability and ostensible
agency.
,.:-.

5. Which is NOT a valid primary reason for selecting a particular defense attorney!
A. Referral from the hospital's board of directors
B. The degree of responsiveness to and cooperation with the risk manager
C. The firm's track record in medical malpractice litigation
D. The firm's compliance with procedures, including litigation guidelines
Answerl.A \
The firm's ability should be the direct measure ofwhy they should be selected, not just a referral Merit is
important.
6. Interrogatories may include questions thought to be objectionable by the risk manager.

Which of the following objections, while appropriate, must be accompanied by a detailed
explanation!
A. The interrogatory is not applicable to the case
B. The infoqnation being requested is already in the possession of the party requesting it
C. The interrogatory is unduly burdensome and time consuming
D. The information sought is a matter of public record
Answer: C
Although appropriate, further details regarding the reason for objection should be outlined.
7. A 50-year-old school teacher is brought to the hospital to rule out metastatic disease. She
has a history of breast cancer, but chose not to undergo a round of chemotherapy at the time
of her diagnosis four years prior to this admission. During this hospitalization she is given
five doses of an anticoagulant in 'error. She begins to have seizures, and a CT scan reveals
bleeding in her brain. The physicians, nurses and pharmacists do not discover the error until
it is picked up on a routine pharmacy audit. The patient's family is told of the error, and
the patient dies· in the ICU two weeks following the last dose of the anticoagulant. Autopsy
reveals metastatic disease to her brain contributed to her bleeding.
In the above case, the most applicable fegal term that the plaintiff might use to establish a claim
against the nurses and pharmacists would be:
A. Res ipsa loquitor
B. Ostensible agency
C. Respondeat superior
.
D. All of the above
Answer: C
An employer is responsible for the acts ofemployees ifthe acts are within the course and scope oftheir employment
208 .ASHRM Preparation Guide for the CPHRM Examination

8. For the facility's risk management professional, an appropriate strategy for managing the
claim would be which of the following:
A. Try to speak with the family and settle the claim before reporting the matter to the insurance
carrier
B. After speaking with the insurance carrier, do not have any discussions with the family
C. Speak with the family, let them know that you will be reporting the claim to the insurance
carrier, let them know that you wish to keep the lines of communication open
D. Because of the seriousness of the claim, let the family know that their interests would be best
served by seeking legal counsel
Answer: C
9. Once reported to the insurance carrier, reserving will take place. True statements concerning
setting an indemnity reserve are:
1. Only the risk management professional should set reserves within their retention
2. The reserve, once set, can be adjusted;
3. Reserving is an art more than a science
A. Only 3
B. All of the above
C. 2 and 3
Answer: C
Reserving ofclaims may be done by the risk management professional insurer or TPA.
10. There are several ways for the above claim to come to resolution. An optimal approach would
be:
A. Settlement prior to litigation
B. Litigation prior to any settlement
C. Deny the claim
Answer: A
11. A medical malpractice case has been filed in the above-described situation. You are the risk
management professional. The insurance company has assigned the case to a law :6.rin and -
the initial discovery has commenced. Interrogatories have been requested of the defense. The
best person to answer these would be:
A. The nurse who gave the wrong medication. \',
\
B. The hospital administrator
C. The risk management professional
Answer: C

12. The risk management professional will assist in the investigation of the lawsuit in
conjunction with defense counsel. Some of the tasks include:
1. Interviewing staff and physicians without counsel present
2. G~thering pertinent medical records, bills, etc.
3. Interviewing the plaintifFs expert witness
4. Bqng present with counsel for deposition preparation of witnesses
'.I
A. 2 and4
B. 1, 2 and 4
C.'All of the above
Answer: A
Communication should be done in the presence ofcounsel to preserve the attorney-client privilege.
13. In preparing an employee for deposition testimony, the employee should:

A. Review the medical record
B. Go to the library and read about the standard of care relating to the patient's illness
C. Discuss the case with others who have cared for the patient
Answer: A
A deposition is factual testimony (under oath) ofa witness used to support or substantiate testimony offered
at triaL
14. The process of legal discovery includes which of the following?

1. Depositions
2. Production of documents
3. Medical examinations by experts
4. Motions
'··
A. All of the above
B. 1 and4
C. 1, 2 and 3
Answer: C
Discovery is the process in litigation by which each party to the action seeks to learn all the facts that
eitber support the plaintiffs cause(s) or action or support the defendants asserted defenses or denials, which
includes 1, 2 and 3. Motions are legal pleadings.
:-.···-···-.·. -·-------;-~
.. ,......
-------
__:,. _,_·_ ~·· -:...:...~ ~

Acronym
AAAASF American Association for Accreditation of Ambulatory Surgery Facilities
AAAHC Accreditation Association for Ambulatory Health Care
AABB American Association of Blood Banks
ACHC Accreditation Commission for Healthcare
AANA American Association of Nurse Anesthetists
ACEP American College of Emergency Physicians
AGOG American College of Obstetricians and Gynecologists
ACR American College of Radiology
ACS American College of Su~geons
ADA ' Act
American with Disabilities
ADEA Age Discrimination in Employment Act
AED Automatic External Defibrillator
AHA American Hospital Association
AHIMA American Health Information Management Association
AHRQ Agency for Healthcare Research and Quality
ALARA As low as reasonably achievable
AOA American Osteopathic Association
AORN Association of periOperative Registered Nurses
APS Adult Protective Services
ARM Associate in Risk Management
ASA American Society of Anesthesiologists
ASCP American Society for Clinical Pathologists
ASHA American Speech-Language- Hearing Association
ASHRM American Society for Healthcare Risk Management
AWOHNN Association ofWomen's Health, Obstetric, and Neonatal Nurses
BA(BAA) Business Associate (Business Associate Agreements)
CAP College of American Pathologists
CAAS Commission on Accreditation of Ambulance Services
CAMTS Commission on Accreditation of Medical Transport Systems
CAPTA Child Abuse Prevention and Treatment Act of 1974
CARF Commission on Accreditation of Rehabilitation Facilities
CCAC Continuing Care Accreditation Commission
CDC Centers for Disease Control and Prevention
~:,:
Acronym 211
--. ···~
'-.:·.1
CE Covered Entity
CEO Chief Executive Officer
CERCLA Comprehensive Environmental Response, Compensation and Liability Act
CFQ Chief Financial Officer
I
CHAP Community Health Accreditation Program

CLIA Clinical Laboratory Improvement Act
CMS'
',\
Centers for Medicare and Medicaid Services
CMP Civil Monetary Penalties
COBRA Consolidated Omnibus Budget Reconciliation Act
COR Cost of Risk
CoPs Conditions ofParticipations (Medicare)
CPA Certified Public Accountant
CPCU Chartered Property Casualty Underwriter
CPHQ Certified Professional in Healthcare Quality
CPHRM Certified Professional in Healthcare Risk Management
CPS Child Protective Services
CRNA Certified Registered Nurse Anesthetist
CRO Chief Risk Officer
DFASHRM Distinguished Fellow of the American Society for Healthcare Risk Management
HHS Department of Health and Human Services
DME Durable Medical Equipment
DNR Do Not Resuscitate
D&O Directors and Officers(insurance)
DO] Department ofJustice
\
DOT Department ofTransportation
DRS Designated Record Set
EAP Employee Assistance Program
ED Emergency Department
EEOC Equal Employment Opportunity Commission
EMS Emergency Medical Services
EMTALA Emergency Medical Treatment and Labor Act
E&O Errors and Omissions (insurance)
EOC Environment of Care
EPA Environmental Protection Agency
ERISA Employee Retirement Income Security Act
ERM Enterprise Risk Management
FDA Food and Drug Administration
-::: ._,_·,,~r;·._; -.-· .-.-.-:.~.-:':"~.~..

.· ··~·~''--·
I
12. The risk management professional will assist in the investigation of the lawsuit in
conjunction wit:J:t defense counsel. Some of the tasks include:
1. Interviewing_ staff and physicians without counsel present
2. Gathering pertinent medical records, bills, etc.
3. Interviewing the plaintiffs expert witness
, I
4. Beihg p7;esent with counsel for deposition preparation of witnesses
A 2and4
B. 1, 2 and 4
C. All of the above
Answer: A
Communication should be done in the presence ofcounsel to preserve the attorney-client privilege.
13. In preparing an employee for deposition testimony, the employee should:

A Review the medical record
B. Go to the library and read about the standard of care relating to the patient's illness
C. Discuss the case with others who have cared for the patient
Answer: A
A deposition is factual testimony (under oath) ofa witness used to support or substantiate testimony offered
at triaL
14. The process of legal discovery includes which of the following?

1. Depositions
2. Production of documents
3. Medical examinations by experts
4. Motions \
A All of the above
B. 1 and4
C. 1, 2 and 3
Answer: C
Discovery is the process in litigation by which each party to the action seeks to learn all the facts that
either support the plaintiff's cause(s) or action or support the defendant's asserted defenses or denials, which
includes 1, 2 and3. Motions are legal pleadings.
210 ASHRMPreparation Guide for the CPHRM Examination
.. -. ·'. ·~' ..-. ' . -

-------'-~· __ . -

Acronym
AAAASF American Association for Accreditation of Ambulatory Surgery Facilities
AAAHC Accreditation Association for Ambulatory Health Care
AABB American Association of Blood Banks
ACHC Accredit~tion Commission for Healthcare
AANA American Association of Nurse Anesthetists

ACEP Ameri~an College of Emergency Physicians
AGOG ,; American College of Obstetricians and Gynecologists

ACR American College of Radiology
ACS American College of Surgeons
,
ADA American with Disabilities Act
ADEA Age Discrimination in Employment Act
AED Automatic External Defibrillator
AHA American. Hospital Association
AHIMA American Health Information Management Association
·AHRQ Agency for Healthcare Research and Quality
AIARA As low as reasonably achievable
AOA American Osteopathic Association
AORN Association of periOperative Registered Nurses
APS Adult Protective Services
ARM Associate in Risk Management
ASA American Society of Anesthesiologists
ASCP American Society for Clinical Pathologists
ASHA American Speech-Language- Hearing Association
ASHRM American Society for Healthcare Risk Management
AWOHNN Association ofWomen's Health, Obstetric, and Neonatal Nurses
BA (BAA) Business Associate (Business Associate Agreements)
CAP College of American Pathologists
1:·,
CAAS Commission on Accreditation of Ambulance Services I
CAMTS Commission on Accreditation of Medical Transport Systems

WTA Child Abuse Prevention and Treatment Act of 1974
CARF Commission on Accreditation of Rehabilitation Facilities
CCAC Continuing Care Accreditation Commission
CDC Centers for Disease Control and Prevention
~-- Acronym 211

~.~~-~-
CE Covered Entity
CEO Chief Executive Officer
CERCLA Comprehensive Environmental Response, Compensation and Liability Act
CFO'I Chief Financial Officer
CHAP Community Health Accreditation Program
CLIA \ '.\
Clinical Laboratory Improvement Act
CMS Centers for Medicare and Medicaid Services
CMP Civil Monetary Penalties
COBRA Consolidated Omnibus Budget Reconciliation Act
COR Cost of Risk
CoPs Conditions of Participations (Medicare)
CPA Certified Public Accountant
·cPCU Chartered Property Casualty Underwriter
CPHQ· Certified Professional in Healthcare Quality
CPHRM Certified Professional in Healthcare Risk Management
CPS Child Protective Services
CRNA Certified Registered Nurse Anesthetist
CRO Chief Risk Officer
DFASHRM Distinguished Fellow of the American Society for Healthcare Risk Management
HHS Department ofHealth.and Human Services
DME Durable Medical Equipment
DNR Do Not Resuscitate
D&O Directors and Officers(insurance)
DOJ Department of Justice \
DOT Department ofTransportation
DRS Designated Record Set
EAP Employee Assistance Program
ED Emergency Depart~ent
EEOC Equal Employment Opportunity Commission
EMS Emergency Medical Services
EMTALA Emergency Medical Treatment and Labor Act
E&O Errors and Omissions (insurance)
EOC Environment of Care
EPA Environmental Protection Agency ·
·ERISA Employee Retirement Income Secu~ity Act
ERM Enterprise Risk Management
FDA Food and Drug Administration
212 . ASHRM Preparation Guide for the CPHRM Exa.nllnation

' .... _I. ~ '
FECA Federal Employees' Compensation Act

FEMA Federal Emergency Management Agency
FMEA Failure Mode and Effects Analysis
FMLA Family Medical Leave Act
FASHRM Fellow of the American Society for Healthcare Risk Management
FPO Facility Privacy Official
FTC Federal Trade Commission
GL General Liability (insurance)
HAZWOPER Hazardous Waste Operations and Emergency Response Standard
HCQIA Health Care Quality Improvement Act
HEICS Hospital Ern.ergency Incident Commahd System
HEPA High-Efficiency Particulate Air
IDPAA Health Insurance Portapility arid Accountability Act
; -~...
HMO Health Maintenance Organization

HIV Human ImmunodeficiencyVirus
HPL Hospital Professional Lia~ility (insurance)
HRSA Health Resources and Services Administration
HBV or Hep B Hepatitis B virus
ICRA Infection Control Risk Assessment
IDS Integrated Delivery System
10M Institute of Medicine
IQRS Integrated Querying and Reporting System
IP Internet Protocol or Intellectual Property
IRB Institutional Review Board
JC The Joint Commission
MSD Musculoskeletal Disorder
MSDS Material Safety Data Sheet
MT· Medical Tech.nologist
MSQA Mammography Quality Standards Act of 1992
MSQRA Mammography Quality Standards Reauthorization Act of 1998 and 2004
NAHC National Association for Home Care and Hospice
NCQA National Committee for Quality Assurance
NESHAPS National Emission Standard for Hazardous Air Pollutants
NIH National Institutes of Health
NIOSH National Institute for Occupational Safety and Health
NPDB National Practitioner Data Bank
NPP Notice of Privacy Practices
.;.~·. Acronym 213

fo'
,___
NRC Nuclear Regulatory Commission
OBRA Omnibus Budget Reconciliation Act of 1987
OCR Office for Civil Rights

OIG Office of the Inspector General of the Department of Defense -
OPO Organ Procurement Organization

OPTN\ ',\
Organ Procurement and Transplantation Network
OSCAR Online Survey Certification and Reporting Database
OSHA Occupational Safety and Health Administration
PCA Patient Controlled Analgesia

PHI ·. Protected Health Information
PL Professional Liability
PPE Personal Protective Equipment
PSDA Patient Self-Determination Act
PRO Professional Review Organization
PSO Patient Safety Officer
. PT Proficiency Testing
PTO Paid Time Off
RCA Root Cause Analysis
RCRA Resource Conservation and Recovery Act
RFP Request for Proposal

RMIS Risk Management Information System
RN Registered Nurse.
RPLU Registered Professional Liability Underwriter
SIR Self-Insured Retention ,\.,
SMDA Safe Medical Device Act
SNF Skilled Nursing Facility
SUD Single Use Device
TPA Third-party Administrator
TPO Treatment, Payment & Health Care Operations
UID\C Utilization Review Accreditation Commission
URL Uniform Resource Locator (also known as Web address)
USERRA Uniformed Services Employment and Reemployment Rights Act
VBAC Vaginal Birth after Cesarean
-~---~.~--
Key Terms
A
Actuary- A person who uses statistics to compute l~ss probabilities to establish premiums for
insurance companies and self-insurance trusts.
Advance directive- Lawful written instruction that describes an individual's preferences for
healthcare should he or she become unable to express them later. Examples: living wills, power of
attorney for health care, advance healthcare directive.
Adverse event- Negative or bad result stemming from a diagnostic test, medical treatment or
surgical intervention; an injury resulting from a medical intervention.
Adverse outcome -A clinical outcome that, while neither desirable nor necessarily anticipated, may
still have been a, known possibility associated with the trealln:ex:tt or procedure.
Age Discrimination in Employment Act- 29 U.S.C. Section 621 et seq. Federal statutes
prohibiting certain types of employment discrimination on the basis of age
Alternative Dispute Resolution - Proceises used to resolve dispbte by other means than litigation.
Arbitration: The hearing and determination of a case in controversy by a person either chosen by the
parties in the opposition or by a person appointed under statutory authority.
Mediation: Informal process in which a neutral 3rd party helps the parties reach an agreement
Binding: Final and not appealable
Non-binding: Agreement is not final until entered by the court into the record allowing the party
to continue the civil litigation process.
Americans with Disabilities Act- (42 USC§§ 12101 et seq). 1990 federal statute aimed at
Answer -A document filed with the court in response to a complaint or petition. The answer must
generally admit or deny the allegations are true in whole or in part or state the defendant does not
have information to admit or deny. ·
Anti-kickback statutes- Medicare-Medicaid Anti-Kickback Statute (42 USC §1320a-7b)
knowingly and willfully seeking or receiving a bribe, rebate or kickback for a referral for a program,
reimbursable item or service
Appeal- An action that is taken after the trial of a matter or after a dispositive motion has,been
entered in a matter. An appeal may be taken for the purpose of correcting an error made by,'the trial
court or to obtain a new trial a resort to a higher court for the purpose of obtaining a review of a
lower court decision and a reversal of the lower court's judgment or granting of a new trial.
Assault- An intentional act that is designed to make the victim fearful and that produces reasonable
1
apprehension of harm. '
Assignment- Act of transferring to another all or part of one's property, interest or rights.
''At will" employment- Can be terminated at any time by either party (employee or employer), fof
any reason or no reason.
Attorney-client privilege -A legal doctrine recognized by both common and statutory law
protecting certain confidential communications between an attorney and his or her client from
discovery in a legal proceeding unless the privilege is waived by the client.
Key Terms 215

.....
Attorney work-product privilege - A legal doctrine recognized by both COffi1110n and statutory law
protecting the documents generated, theories devised, legal strategies formulated, etc., by an attorney
on behalf of a client from discovery in a legal proceeding unless the privilege is waived by the client.
B
Battery-:- In 1tort law, the intentional causation of harmful or offensive contact with an individual's
person ~ithotlt that individual's consent.
Becomes aware -A facility becomes aware of an event when the clinical personnel employed or
affiliated with a user's facility learn of a potentially reportable event.
Belmont Report- Statement of basic ethical principles and guidelines for addressing and resolving
ethical problems ·that surround the conduct of research with human subjects
Benchmarking- Comparative process used by organizations to collect and measure internal or
external data that may ultimately be used for the purpose of developing, implementing arid sustaining
quality improvements.
Boiler and machinery coverage - Provides protection for explosion of boilers and other pressure
vessels and accidental damage to equipment.
Breach of contract- Failure, without legal excuse, to perform any promise that forms the whole or
part of a contract Hindrance by a party regarding the required performance of the rights and duties
identified in the contract.
Business interruption insurance coverage - Insurance typically provided as a part of a property
policy covering lost revenues and extra operating expenses associated with a covered loss such as a fire;
attempts to replace revenues lost due to covered loss.
c
Capabilities - CMS refers to two requirements: physical capabilities and personal capabilities.
Medical-facility Ca.pabilities: Physical space, equipment, supplies and services the hospital
provides (e.g., surgery, psychiatry, obstetrics, pediatrics).
\
Staff capabilities: Level of care hospital personnel can provide within the training and scope of
their professional licenses.
Capacity- Ability of the hospital to accommodate the individual requesting examination or
treatment of the transferred individual; encompasses such things as numbers and availability of
qualified staff, beds and equipment and the hospital's past practices of accommodating additional
patients in excess of its occupancy limits.
Captive - An insurance company established to provide coverage to a sponsoring entity as opposed
to marketing and selling policies commercially to insureds; sponsoring entity may be a parent
Certificate of insurance -A standardized form, usually produced by the insurance agent or broker
who arranges the coverage, which evidences the specific type of insurance in place, the insurance
carrier, policy period, policy number, etc.
Civil false claims- Enables lawsuits by government or any individual (qui tam relator) against one
who submits a false claim to the government
Claim - Formal notification that monetary damages ·are being sought for an alleged injury.
- - - - . - - . - ; ...-,..
-- - - -
Claims-made Coverage -An insurance policy covering claims that are made during the policy
period and that occurred since the policy retroactive date. Although policy definitions vary somewhat,
most claims-made insurance policies consider a claim to be made when it is first reported to the
insurance company, subject to certain terms and conditions.
Claims management - A systemized approach to reducing the financial loss and negative community
image of a healthcare organization in situations where prevention fails and injury occurs.
Collective bargaining- Collective bargaining consists of negotiations between an employer and
a group of employees so as to determine the conditions of employment. The result of collective
bargaining procedures is a collective agreement. Employees are often represented in bargaining by a
union or other labor organization.
Common Rule (45 CFR 46) - Basic Department of Health and Human Services policy for
protection of human subjects that encompasses the human subject protections followed by all federal
agencies that sp?nsor research.
Complaint- One of the initial filings with a court to begin a lawsuit; normally recites all of the
allegations against the defendant and theories upon which the plaintiff seeks to recover damages (may
be called a petition in some jurisdictions):~
Conditions of Participation (CoPs)- Requirements hospitals must meet to participate in Medicare
and Medicaid programs.
Consideration - In contract law, something of value exchanged for the promised performance of the
other contracting party. Contracts frequently call for monetary consideration to be exchanged for the
promise to provide specified goods or services.
Contract- Agreement, either written or oral, involving an offer, the acceptance of the offer and
an exchange of consideration. Also, an agreement betwee~ two or more persons that creates an
obligation to do or not to do a particular thing; a promise or set of promises for the breach· of which
the law gives a remedy or the performance of whkh the law in some way recognizes as a duty.
Corporate compliance -As relates to healthcare fraud and abuse, any of number of programs and
initiatives undertaken by providers to avoid civil and criminal investigations and charges related to
improper billing procedures, inappropriate referrals, kickbacks and other prohibited activities under
federal statutes such as the Anti-Kickb~ckAcf and the Stark I and Stark IT amendments to the
Medicare Act. Many healthcare providers have taken corporate compliance program beyond these
specific legislative and regulatory requirements to encompass broader corporate business ethics concerns.
COSO (Committee of Sponsoring Organizations)- Independent private sector initiative which
studied ERM and has made recommendations on ERM structure and implementation.
. .
Cost of Risk- Value of all risks, internal and external, fac.ed by an organization in fulfilling itS mission.
Covered Entities (CEs)- Any healthcare provider who transmits health information in electronic
form in connection with a "standard transaction" Among covered entities are healthcare providers
(hospital, physicians, insurance company, etc.) and health plans (pay for cost of health care),
healthcare clearinghouses (furnish bills or pays for healthcare services). \\
Credentialing - Process of verifying and reviewing the education, training, experience, work history
and other qualifications of an applicant for clinical privileges conducted by a healthcare facility or
managed care organization; typically performed for independent contractors such as physicians and
allied health practitione_rs who are frequently iJ,ot employed by the credentialing entity but who are
granted specific clinical privileges to practice.
Key Terms 217

Critical incident stress debriefing- A facilitator-led group process conducted soon after a traumatic
event with individuals considered under stress from trauma exposure.
Source: https:/ /www.osha.gov/SLTC/emergencypreparedness/guides/ critical.html
PuniUve or Exemplary: Above actual damages to punish the defendant for willful, malicious or
fraudulent behavior. ·
Sped~: A~tual damages such as medical expenses related to the injury
:I
D
Darling v. Charleston Community Memorial Hospital- Landmark case that determined a hospital
has the iridependent duty to ensure high-quality care is rendered at its facility and is responsible to
screen the comp~tency of its medical staff.
Data mining- Data mining provides the methodology and technology to transform data into useful
inform~tion for decision making. ·
Source: l(oh,. H.C. &Tan, G. (2005}. Data ininirig applications in healthcare. Journal of
Healthcare ~nformation Management, 19(2), p. 64-72) . .
Damages- Monetary compensation for an ~njury.
Dedic~ted emergency department (OED) .:_Must meet one of the following criteria:
• Licensed as an emergency department
• Advertises itself as providing emergency care
• One-third or more of walk-in patients seen for conditions .that are considered "emergency .
medical condition'' as defined within the statute.
Deductible -Amount required to be paid by the insured before ~e insurer will make payment for the
eligible loss as stipulated under the insurance contract; typically erodes the maximum benefit provided.
Depositions- Testimony (under oath) of a witness taken upon interrogatories reduced to writing
and used to support· or substantiate testimony offered at trial.
Defamation - Intentional false communi~ation that injuries another's reputation
~-
Slander: Oral false and defamatory statements
'· . .
Libel: Written false and defamatory writing, pictures or signs
Direct insurance -A contractual arrangement involving the purchase of insurance by an insured
from an insurer
Directors' and Officers' Liability- D.&O policies contain a two-part wrongful-act definition: 1.
· Any actual or alleged error or misstatement or misleading statement or act or omission or breach of
dutj by directors and officers while acting in their individual or collective capacities. 2. Any matter
claimed against them solely by reason of their being directors or officers of the company.
Disclosure- Communication of information regarding results of a diagnostic test, medical treatment
or surgical intervention
Discovery- The process in litigation by which each party to the action seeks to learn all the facts that
either 1) Support the plaintiff's cause(s) or action, or 2) Supp9rt the defendant's asserted defenses or denials.
Drive-through deliveries - Childbirth resulting in short postpartum stay as determined by the
managed care organization or other health plan.
----:-~-
---------~ __ ___,_;,:___~~;._,~~-,-~---._ .- '---.
Due diligence- Review of an entity targeted for acquisition by the acquiring party to ascertain
pertinent information about its financial and operating history and current status Corporate staff are
generally held to the legal standard of having performed the review with due diligence before making
a recommendation to the board of directors as to whether to proceed with the acquisition.
Duty to defend - Insurer will defend any claim or suit alleging injury or damage and seeking
damages covered under the policy.
Duty to pay damages- Insurer will pay damages covered under the policy retroactive_ date.
E
Elder abuse __: Single or repeated act or lack of appropriate action, occurring within any relationship
where there is an expectation of trust, which causes harm or distress to an elderly person.
Elements of informed consent for research - Include full disclosure of the nature of the research
and the subject~ participation, adequate comprehension on the part of the potential subject and the
. subject's voluntary choice to participate.
Emergency Medical Condition (EMC) 7 Medical condition manifesting itself by acute symptoms of
sufficient severity (including severe p:tin) duch that the absence otimmediate medical attention could
reasonably be expected to' result in:
• Placing the health of the individual in serious jeopardy
• Serious impairment to bodily functions
• Serious dysfunction ofany bodily organ or part
Or with respect to a pregnant woman who is having contractions:
• There is inadequate time tp effect a safe transfer to another hospital before delivery, or
• Transfer may pose a threat to the health or safety of the woman or the unborn child
Note: Regulations define "emergency medical condition'' to include psychiatric illness including
alcohol and drug intoxication.
Emergency Medical Services (EMS) - Provision of services to patients needing immediate care
Emergency Medical Treatment and Active Labor Act (EMTALA)- (42 U.S.C. §§ 1395 et seq.)
1986 federal statute prohibiting the "dumping" of patients presenting to the hospital with ari.
emergent medical condition or in active labor and limiting a hospital's ability to transfer them to
other facilities. EMTALA specifies when and how a patient may be:
• Refused treatment, or
• Transferred from one hospital to another when in an unstable medical condition
Employee Polygraph Protection Act- (29 U.S.C. §§ 2001 et seq.) Federal statutes limiting most
employers' ability to use polygraph testing in applicant screening processes.
Employee Retirement Income Security Act (ERISA) -A comprehensive regulatory system fo.t::
resolving employee benefit disputes. \
Employers' liability- Any of a number of causes of action related to the employment relationship
but falling outside of workers' compensation and employment practices liability insurance coverage, i.
including dual capacity claims, spousal claims and third-party over claims.
;Employment-at-will- Legal doctrine in most jurisdictions that an employer may discharge an
employee for any reason, unless specifically prohibited by law.
Key Terms 219

Employment practi~es liability- Any of a number of violations by an employer, based on statute
or common law, giving rise to damages outside of those covered by workers' compensation or similar
statutes, including wrongful termination, discrimination and sexual harassment.
EMS system - Comprehensive, coordinated arrangement of resources and funs#ons organized to
respodd in a timely, staged manner to targeted medical emergencies, regardless of the cause or the
patient's ability to pay, in order to minimize th~ir physical and emotional impact
Source: ~ational Association of State EMS Directors' and National Association of EMS Physicians'
definitioh
Enterprise risk management - ERM in healthcare promotes a comprehensive framework for making
risk management decisions which maximize value protection and creation by managing risk and
uncertainty and their connections to total value.
Equal Employment Opportunity Commission - Federal agency charged with responsibility for
enforcing several federal statutes prohibiting various types of employment discrimination. Under
some statutes, administrative hearing procedures before the EEOC must be exhausted before an
employee has access to the c:;ourt system.
Errors and orirlssions insurance - E&O insurance policies prov.ide coverage for negligent advice or
business services provided by an individual or entity not eligible for professional liability insurance
coverage, such as medical billing companies, insurance brokers and managed care organizations.
Essential job functions- Under the Americans with Disabilities Act, those functions of a particular job that
an applicant must be able to perform, either with or without accommodation, in ord~r to perform the job.
Event - A happening or occurrence that is not part of the routine care of a particular patient or the
routine operation of the healthcare entity.
F . .
Failure Mode Effects Analysis or Criticality Analysis {FMEA or FMECA) - A proactive, systematic .
measures to either prevent or control such failures. If a criticality phase is used in this process, the
perceived level of criticality of each type of potential failure is identified, to .aid in setting priorities for
. establishing control mechanisms. \
Family Medical Leave Act-- (29 U.S.C. §§ 2611 et seq.) Federal statute requiring certain employers
to provide a period of unpaid leave to employees meeting specified criteria in order for them to
receive medical treatment or to provide care to designated family members ..
Federal Emergency Management Agenq (FEMA) - Independent response organization that was
folded into the Department of Homeland Security (DHS) in 2003. The FEMA administrator reports
to the President of the United· States ..
Fiduciary liability- Insurance coverage policy that can be purchased to cover the alleged breach of
the fiduciary responsibility under common law or ERISA for individuals who exercise management or
administrative responsibilities for employee benefit plans.
First party insurance coverage- Provides coverage for the insured's own property or person so that
the insured will be restored to the same financial position that he or she had.prior to the loss.
Food and Drug Administration (FDA) -Federal agency responsible for protecting the public health·
by regulating commerceinvolving food, drugs, medical devices and the like; is authorized to gather
information regarding the safety of medical devices, including adverse incidents attributed to use
undei: the Safe Medical Device Act.

-- -----~- -·-·- -- ·----~~~~
Fraud and abuse- Informal term for the various federal statutes and regulations regarding inappropriate
billing, kickbacks, referrals, etc., related to the federal or state Medicare/Medicaid programs.
Fronting- The use of a licensed, admitted insurer to issue an insurance policy on behalf of a self-
insured organization or captive insurer without .the intention of transferring any of the risk. The risk
of loss is retained by the self-insured or captive insurer with an indemnity or reinsurance agreement.
However, the fronting company (insurer) assumes a credit risk since it would be required to honor
the obligations imposed by the policy if the self-insurer or captive failed to indemnify it. Fronting
arrangements allow captives and self-insurers to comply with financial responsibility laws imposed by
many states that require evidence of coverage written by an admitted insurer, such as for automobile
liability and workers compensation insurance. Fronting arrangements may also be used in business
contracts with other organizations, such as leases and construction contracts, where evidence of
coverage through an admitted insurer is also required.
G
Guardian Ad Litem -Appointed by the court in a particular litigation to represent the interests of a
minor or disabled person. ~
General liability insurance - Coverage for liability arising out of the hazards of the premises and operations
Guaranteed cost- Also known as "fixed cost" or "first dollar" programs, which means insurance
coverage, is provided from the first dollar of loss incurred.
H
Hard market - Insurance industry characterized by escalating premiums, strict underwriting
procedures and limited availability of coverage.
Hazard- A condition that creates or increases the possibility of loss
Hazard analysis - Process of collecting and evaluating information on hazards associated with the
selected process; purpose is to develop a list of hazards that are of such significance that they are
reasonably likely to cause injury or illness if not effectively controlled.
Health Insurance Portability and Accountability Act o£1996 (HIPAA)...:. (42 U.S. C.§§ 201 et seq.)
Amendments to ERISA addressing a variety ofhealthcare-related issues including fraud and abliSe and the
portability of group health insurance benefits as well as mandating specific patient privacy protections. A
federal law that resulted in the promulgation of several regulations including the HIPAA Privacy Rule.
Heuristic - Experience-based techniques for problem-solving, learning and discovery that find a
solution not guaranteed to be optimal, but good enough for a given set of goals. Where th~·-exhaustive
search is impractical, heuristic methods are used to speed up the process of finding a satisfactory
solution via mental shortcut~ to ease the cognitive_load of making a decision. Examples of this
method include using "rule of thumb" or "educated guess".
High reliability organizations - Organizations with systems in place that are exceptionally ':
consistent in accomplishing their goals and avoiding potentially catastrophic errors. \
Source: McKeon LM, Oswaks JD, Cunningham PD. Safeguarding patients: complexity science,
high-reliability organizations, and implications for team training in healthcare. Clin Nurse Spec
2006 Nov-Dec; 20(6):298-304; quiz 305-6)
Hold harmless provision - Contractual clause providing that one party agrees not to pursue a tort
claim for vicarious liability against the other; usually found with indemnification provisions and are
usually mutual.
- Key Terms
"I 221
Hospital acquired conditions (HAC)- Section 5001(c) of Deficit Reduction Act of2005 requires
the Secretary to identify conditions that are: (a) High cost or high volume or both, (b) Result in the
assignment of a case to a DRG that has a higher payment when present as a secondary diagnosis, and
(c) Could reasonably have been prevented through the application of evidence-based guidelines.
~ - -
Source: CMS.gov
Human factors - The interrelationship between humans, the tools they use and the environment in
which liliey 'work.
:I
Source: Risk management handbook
Human subject- A living individual about whom an investigator (professional or student)
conducting research obtains data through intervention or interaction with the individual or
identifiable private information.
I
a particular patient. Examples: a union strike, a criminal act such as a homicide, or a physical disaster
Incurred but not reported (IBNR) -Two components:
• An estimate to cover further development of paid losses or known claimants
• An estimate for the discovery of unknown claimants
Indemnification provision -A contractual clause in which one party agrees to accept the tort liability
and legal defense of another; usually found with hold harmless provisions and are usually mutual.
Indemnity- Amount that the insured person is paid for the covered expense.
Institutional review board (IRB) - Required for any healthcare institution that receives federal
funding for human research from a department or agency covered by the common rule or that
conducts research that is regulated by the FDA.
Insurance -A syst~m by which a risk is transferred to an insurance company that reimburses the
insured for covered losses and provides f<;~r sharing of costs or losses among all insureds.
'·
Insured parties - Organi;zation and employees; other organization has agreed to provide coverage.
Integrated delivery system -A consolidation of a variety of technical, professional and laboratory
services for the purpose of controlling costs
J
Joint and several liability- Liability in which each liable party is individually responsible for the
entire obligation. Under joint and several liability, a plaintiff may choose to seek full damages from
all, some, or any one of the parties alleged to have committed the injury. In most cases, a defendant
who pays damages may seek reimbursement form nonpaying parties.
Joint Commission- Voluntary nonprofit accreditation body that sets standards for hospitals and
other types of healthcare organizations and conducts education programs and a survey process to
assess organizational compliance.
Joint v~nture- An undertaking by two or more entities to pursue business or other ventures. In
many jurisdictions, entities cannot form partnerships; hence they are deemed to be joint ventures;
each joint venture may be liable for the debts and obligations of the joint venture.

L
Lawsuit- Formal legal action filed in court.
Latent error -Errors in the design, organization, training or maintenance that lead to operator errors
and whose effects typically lie dormant in the system for lengthy periods of time
Lex loci delicti commissi - "Law of the place where the ton was committed."
Limits {policy limits) - In insurance, the maximum the insurer will pay; typically expressed either
per occurrence (occurrence limit) or as an annual aggregate (the maximum insurer will pay for all
claims covered under policy).
Long-term care services - Range of medical and/ or social services designed to help people with
disabilities or chronic care needs (Department of Health and Human Services definition).
M .
Maximum medical improvement (MMI) -In workers' compensation, the point in which the injured
employee has recovered to the maximum e~tent medically expecte~(also called permanent and stationary;
or P&S). When an employee reaches MMI, any residual disability, pain, etc., is expected to be permanent.
Managed care -Any of a number of organizations that arrange for the provision of, and payment for,
healthcare services with an eye toward reducing costs through managing access to specific providers.
Medical emergency- Sudden and/or unanticipated medical event that requires immediate assistance
Medical screening exam (MSE) - Process required to reach with reasonable clinical confidence, the
point at which it can be determined whether a medical emergency does or does not exist applied in a
nondiscriminatory manner (i.e., a different level of care must not exist based on payment starus, race,
national origin, etc.).
Med Watch form - Required form filed by facilities required to report events, injuries of patients
Minimum necessary- Least amount of PHI disclosed to meet the request and accomplish the
intended purpose.
Moonlighting- working at another job after hours of regular job
N
National Labor Relations Act - The main body of law governing collective bargaining explicitly
grants employees the right to collectively bargain and join trade unions; originally enacted by
Congress in 1935 under its power to regulate interstate commerce.
National Practitioner Data Bank (NPDB) -Maintained by the federal government containing reports
on certain individual practitioners. A report must be made by any entity that pays money on behalf of a
practitioner to settle a legal claim asserted against the practitioner. Reports must also be made by hospitals
that reStrict, suspend or terminate a practitioner's privileges to examine or treat patients at the hosp.t~al. ,
\ .
Nose - Under a claims-made form, this is the time between an insured's retroactive date and the
current policy period.
I
Notice of privacy practices {NPP) - Provided by covered entity which delineates how CE routinely'·
uses and discloses PHI, provides the rights and responsibilities of the patient, to whom the patient
may complain.
Key Terms 223
~.·
0
Occupational Safety and Health Act/Administration- 29 U.S.C. Section 65 i et seq. Federal
statute (and agency created by i~ charged with responsibility for promulgating standards and
enforce.Jillent mechanisms governing worker safety for most industries.
I
Occurrence coverage - Insurance providing coverage for a claim that arises during the policy period,
regardless of when the claim is reported.
. I
Occurr~nce\reporting- Unexpected patient medical intervention, intensity of care or healthcare

impairment Staff is given clear guidelines and specific examples of reportable incidents or events;
e.g., occurrences of missed diagnosis that result in patient injury; surgically related occurrences
such as wrong patient being operate on, the wrong site, the wrong procedure or treatment related
occurrences; falls; medication-related occurrences, etc.
Occurrence scr~en reports- Systematic review of medical records/cases (either retrospectively or
concurrendy conducted) using predetermined screening criteria, conducted to identify cases that may
warrant closer performance improvement review. Screeners look for deviations from practice, policy
and procedures. Criteria for screens are established in areas that are considered to be high risk, high
frequency or problem prone. Unplanned returns to the ED within 72 hours of admission or prior
treatment for a similar condition.
Office of Civil Rights (OCR)- Office within the Department of Health and Human Services that
enforces HIPAA Privacy and Security compliance.
Organizational culture - Set of values, guiding beliefs or ways of thinking shared among members
of an organization.
OSHA General Duty Clause- OSHNs general requirement that employers maintain a safe work
environment. OSHA inspectors may cite the general duty clause whenever an unsafe workplace
condition or work practice is identifie9., but no specific OSHA regulation applies.
Ostensible agency doctrine - Doctrine sometimes referred to as apparent agency, permits a
finding of liability on a hospital where there is the appearance of an employment relationship with
an independent contractor. In the absence of an employer-employee relationship, a managed care
organization (MCO) may still be held vicariously liable for the acts of provider physicians if the
patient had a reasonable belief the physiciifl was the MCO's agent and that this belief ~as based upon
representations made by the MCO to that effect. Burden is on the plaintiff to prove that he or she
p
Patient Safety Organization (PSO) -The Patient Safety Act and the Patient Safety Rule authorize
the creation ofPSOs to improve quality and safety through the collection and analysis of aggregated,
conE.dential data .on patient safety events. This process enables PSOs to more quickly identify
patterns of failures and develop strategies to eliminate patient safety risks and hazards. The Act
extends confidentiality and privilege protections to eligible information developed by providers for
reporting to a PSO (but not to information developed for other purposes), deliberations and analyses
conducted by either a PSO or a provider in its respective patient safety evaluation system (PSES) and
information developed by a PSO for the conduct of patient safety activities.
Source: http:/ /www.pso.ahrq.gov/legislation

·.:.','_;1.·_"_~~-
Peer review- Process whereby possible deviations from the standard of patient care are reviewed by an
individual or committee from the same professional discipline to determine whether the standard of
care was met and to make recommendations for improving patient care processes. Most jurisdictions
provide at least a limited protection from discovery in civil actions for peer review activities.
Petition - See entry for complaint
Potentially compensable event (PCE) - Encompasses any incident in which there is neither an active
claim nor institution of a formal legal action, including those cases in which an unexpected event has
caused injury, the potential for injury or some expression of dissatisfaction or perception of injury
Professional liability insurance - Coverage for liability arising from the rendering of or failure to
render professional services
Protected health information (PHI) - Includes information regarding a patient's condition and
provision of payment (past, present, future).
Prudent layperson standard- Request of the individual will be considered to exist if a prudent
layperson observer would believe, based on the individual's appearance or behavior, that the
individual needs examination or treatment for a medical condition.
,_
Q
Quality Improvement Organization (QIO) - Successor name for Pros the Centers for Medicare and
Medicaid Services (CMS). Administers the Peer Review Organization (PRO) program designed to
monitor and improve utilization and quality of care for Medicare beneficiaries. The program consists
of a national network of 53 PROs (also known as Quality improvement Organizations) responsible
for each U.S. state, territory and the District of Columbia.
R
Regulation - Legislative mandates such as federal and state law; there are others that reflect
regulatory requirements, such as government-sponsored programs (e.g., Medicare). ·
Reinsufan.ce - Contractual arrangement involving the purchase of insurance by :tn insurer from
~other insurer.
Research -Activity designed to test a hypothesis, permit conclusions to be drawn and thereby to develop
or contribute to general knowledge; also "a systematic investigation, including research development,
testing and evaluation, designed to develop or contribute to general knowledge" (45 CPR 46.102(d)).
Reserves - Estimates of the amount ultimately required to settle a claim or to pay a judgment
(indemnity reserve) and to provide for a defense and pay other allocated expenses related to'·managip.g
a claim (expense reserve).
Respondeat superior ,.... Law doctrine that says an employer is responsible for the acts of employees if
the acts ar~ within the course and scope of their employm~nt.
. - u
Restraint- Any manual method, physical or mechanical device, material, or equipment that \
immobilizes or reduces the ability of a p~tient to move his or her arms, legs, body, or head freely; or
a drug or medication when it is used as a restriction to manage the patient's behavior or restrict the 1
patient's freedom of moyement and is not .a standard treatment or dosage for the patient's condition!·
Source: http:/ /www.cms.gov/Medicare/Provider-Enrollment-and-Certification/
CertificationandComplianc/Downloads/PatientsRights.pdf
Key Terms 225

Right to know- Laws that require employers to provide information, education and! or treatment to
employees regarding hazardous materials to which employees may be exposed during their employment.
Risk- Chance of loss. "Pure" risk is uncertainty as to whether loss will occur; "speculative" risk is
uncertai~ty about an event that could produce loss. Pure risk is insurable; speculative risk usually is not.
I
Risk analysis - Process used by the person/individuals assigned risk management functions to
determine the potential severity of the loss from an identified risk, the probability that the loss will
happen ahd a,\ternatives for dealing with i:he risk.
Risk avoidance - Decision not to undertake a particular activity because the risk associated with the
activity is unacceptable. The only risk control technique that completely eliminates the possibility of
loss from a given exposure. This technique reduce~ the possibility of a loss to zero by the conscious
~hoice not to engage in or avoid a specific activity ?r operation ·
Risk control- InCludes techniques to minimize frequency or severity of accidental losses or to make
.losses more predictable; stopping losses from happening or mitigating the loss. Risk control techniques
include avoidance, loss prevention, loss reduction, segregation of loss exposures and contractual
transfers designed to protect an organization form legal obligations to pay for others' losses.
Risk financing- Includes risk management techniques that encompass all the ways of generating.
Risk identification- Process of identifying problems or potential problems that can result in loss;
recognizing the potential for loss
Risk management- Process of making and carrying out decisions that will assist in prevention of
adverse consequences and minimize the adverse effects of accidental losses upon an organization.
Also, a systematic and scientific approach in the empirical order to identify, evaluate, reduce or
eliminate the possibility of an unfavor~ble deviatiop. from expectation and, thus, to prevent the loss
of financial assets resulting from injury to patients, visitors, employees, independent medical staff,
or from damage, theft or loss of property belonging to the healthcare ~nrlty or persons mentioned..
The definition includes transfer of liability and insurance financing relative to the inability to
reduce or eliminate Intolerable deviations. Originally defin~d by the American Hospital Association
as the "science for the identification, evaluation and treatment of the risk of financial loss." Risk
.management now ~so encompasses the evMu~tion and monitoring of clinical practice to re~o~ize
.and prevent patient injiuy. ·
Risk retention- Method an organization e~ploys for financing of loss through the retention of the risk.
Risk tra.D.sfer- Transmission of an orgaruzation's ri~ks to an outside party
Ri~k treatnient strategies - Range of choices available to handle a given risk. Treatment strategies
include two general.categories: risk control and risk financing. ·
Root cause analysis- Multi-disciplinary process of study or analysis that uses a detailed, structured
process to examine.faa:ors contributing to a specific outcome (e.g., an adverse ev:ent). A process
. f~r ide~tifying .the basic or causal factors that underlies variation in performance, including the
occurrence or possible occurrence of a sentinel evenr:.
s
Safety culture --: Culture of safety emphasizes blameless reporting, successful systems, knowledge,
respect, confidentiality and trust; a culture that looks at the system, the environment, the knowledge,
the workflow, the to9ls and other stressors thai may have affected provider b~havi01: .
···---,---:-:-:_-.-.. ,·:-·--
"""·.21,:-...:...!.-.i._·
Sarbanes-Oxley Act (SOX) - Applies to public companies that are required to file periodic Securities
and Exchange Commission (SEC) Reports under Sections 12 or 15(d) of the Security Exchange Act
of 1934 or if the public company has .filed a registration statement that has not yet become effective
under the Securities Act of 1933.
Seclusion - Involuntary confinement of a patient alone in a room or area from which the patient
is physically prevented from leaving. Seclusion may only be used for the management of violent or
self-destructive behavior. If a patient is free to leave a time out area whenever the patient chooses, this
would not be considered seclusion based on this definition.
Source: http:/ /www.cms.gov/Medicare/Provider-Enrollment-and-Certification/
Certi.ficationandComplianc/Downloads/PatientsRights.pdf
Self-insured retention - The portion of a claim that the insured is required to pay before the insurer
begins to pay. This is similar to a deductible but is frequently funded through a mechanism such as a
self-insurance [Just fund and is larger than a deductible. The insured generally manages claims falling
entirely with the SIR (or contracts with a third party to do so) so that the insurer is involved only if
the amount of the claim exceeds or is anticipated to exceed the amount of the retention. Common in
hospital professional liability programs .
. ~
Sentinel event- Any unexpected occurrence involving death or serious physical or psychological
injury, or the risk thereo£
Single use devices (SUDs) - Devices reprocessed for reuse originally intended for single use.
Soft market - Insurance industry characterized by low premiums, flexible terms and generous capacity.
Stabilized- With respect to an EMC, that no material deterioration of the condition is likely, within
reasonable medical probability, to result from or occur during the transfer of the individual from a
facility, or, with respect to pregnancy, that the woman has delivered, including the placenta.
Standard of care - In medical malpractice cases, a standard of care is applied to measure the
competence of the professional. The traditional standard for doctors is that they exercise the average
degree of skilled care and diligence exercised by members of the same profession, practicing in the
same or similar locality in light of the present state of medical and surgical science. With increasing
specialization, however, certain courts have disregarded geographical considerations holding that, in the
practice of a board-certified medical or surgical specialty, the standard should be that of a reasonable
specialist practicing medicine or surgery in the same specialty. In a legal proceeding, the standard
against which the defendant's conduct is measured. The defendant is expected to act as an ordinary,
prudent person with similar training and skill would have acted in a similar situation. If the defendant's
conduct falls below this standard, the defendant may be determined to have acted negligently.
Stop loss coverage - Provider excess coverage that is usually structured to insure excess clail;ns.
Summons - A notice to the defendants na.f!led in a complaint indicating an action has been filed
against them and that they are required to answer by a specific date and at a specific place.
T
Tail- An extended reporting period whereby a claims-made policy is essentially converted to an
occurrence policy by extending coverage to all claims that arise from the care rendered during the
policy period regardless of when the claim is reported. . .
Telemedicine/telehealth - The use of telecommunications to provide medical information and
services Also, the provision ofhealrhcare consultati<?n and education using telecommunications
Key Terms 227

interactive video technology (American Medical .Association's Council on Medical Education and
Medical Services). The use of electronic information and communications
Technologies to provide and support healthcare when distance separates the participants (Institute of
Medicine).
Third-party administrator -An independent organization that contracts to provide claims
management services to a self-insured entity
Third pah:y ~surance coverage - Provides coverage to a party other than the insured to make that
person whole for loss or injury covered by the insured; involves three parties.
Third-party over claim -A claim by an injured employee against a party other than his or her
employer, ~uch as the manufacturer of a machine involved in the injury, in which the third party brings
in the employer as an additional defendant, such as for failure to properly maintain the machine.
Third-party over claims are a type of claim by an injured worker against his or her employer that fall
outside of workers' compensation coverage and are generally covered by employers' liability policies.
u
Uninsured parties - Actual or potential codefendants not covered by the organization.
U.S. Patriot Act o£2001- Federal legislation (H.R.3162) that enhances the ability oflaw
enforcement to deter and detect acts of terrorism, including cyber-intelligence gathering, wire tapping
and other means of gathering needed information from designated privacy records.
v
Value creation - In enterprise risk management, takes advantage of the opporrunity to add worth
and the potential for gain and is proaqive. It includes market share, competition, centers of
excellence, financial viability and growth, return on investment, etc.
Value protection - In enterprise risk management, includes preventing loss and harm to assets,
reputation, property and people and is reactive.
Vicarious liability- The imposition of liability on one person for the actionable conduct of another,
based solely on a relationship between the two.persons, such as the liability of an employer for the
acts of an employee.
Vulnerable subjects - Human subjects are considered vulnerable and require special considerations
· if there are legitimate concerns about competency to understand information presented to them and
make reasoned or informed choices; populations include children, pregnant women, prisoners, those
with psychiatric, cognitive and developmental disorders and substance abusers.
w
Whisde-blower - Individual, frequently an employee or former employee, who reports unlawful
activity, such as healthcare fraud and abuse or OSHA violations, to the government or an
administrative agency. Some statutes provide for the whiscleblower to receive a share of fines levied
against the organization for making the report. Most statutes prohibit retaliatory discharge or other
discriminatory actions against an employee who makes such a report.
Workers' compensation - Program that provides protection to workers who are injured while
engaged in the business of their employer. Statutory limits of cov~erage are set by each state.
'
j
228 ASHRM Preparation Guide for the CPHRM Examination l
l
- - - - - .-..
--~-.... . . ~
.~
Additional Practice Questions_
The following practice questions are based on domains of the CPHRM exam. For your convenience,
we have provided a blank answer sheet on page 254. Complete these 100 CPHRM practice questions,
and then compare your responses with the correct answers on page 255. Review the topics that may
have been difficult for you. But, remember that success with review questions does not automatically •
predict success with the actual CPHRM exam.
The following questions were developed, in part, from ASHRM's Risk Management Handbook for
Healthcare Organizations.
1. Federal regq.lations governing the "Protection of Human Subjects" define the relationship
between researcher, the institution's research oversight committee (the Institutional Review
Board- IRB), the sponsoring organization and the research subject. Under these regulations,
in the event that a sponsoring institu~on desires to initiate~ research project but the IRB
disapproves, the sponsoring institution: '
A. May initiate the project on its own with the approval of the majority of the institution's board of
directors
B. May obtain the research subject's permission to pursue the project independent of the IRB.
C. May not pursue the research project independently
D. May request special permission to pursue the project from the National Patient Safety Foundation
2. The Healthcare Quality Improvement Act requires the reporting of medical professional
liability payments made on behalf of certain healthcare practitioners to the National
Practitioner Data Bank and the appropriate state licensing hoard within _ _ days.
A.15
B.30
C.45
D.60
3. If The Joint Commission becomes aware of a sentinel event that meets the definition Qf a
reviewable sentinel event, the organization is required to submit to the Joint Commission its ,
root cause analysis and action plan, or otherwise provide for Joint Commission evaluation
of its response to the sentinel event under an approved protocol, within calendar days of the
known occurrence of the event.
A 15
B.30
c. 45
D.60
Additional Practice Questions 229

4. A board policy on hospital preparedness that outlines the hospital's responsibilities and
procedures to be followed in the event of a natural disaster or an incident of terrorism should
do all of the following EXCEPT:
A. Ens~e that practitioners act within the scope of their licensure_
B. Ensure that sufficient supplies are stockpiled in case of emergency
C. Ensp.re $at only practitioners credentialed by the hospital provide services to patients
'.\
D. Ensure that adequate precautions are taken to protect the security of the physical hospital building
5. A risk manager should review which of the following information when considering the
effectiveness of an organization's workers' compensation program?
1. Workers' compensation claims history
2. OSHA 300 Log
3. Listing of all employees and volunteers
4. Directors a.O.d officers of the organization
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
6. Employee health programs can be used to manage certain risks. Which of the following is NOT
an integral part of an effective employee health program? .
A. Baseline examinations
B. Job descriptions with quantifiable physical-based criteria
C. Mandatory vaccination programs
D. Interaction with injured employees ,
'··
7. Which of the following should be included in an institution's contract with a vendor for
biomedical equipment?
1. The responsibilities of each party regarding preventative and ongoing maintenance of the
particular biomedical equipment
2. A guarantee of equipment "uptime" or prompt provision of a substitute acceptable to the facility
• for biomedical equipment critical to patient care
3. A procedure for the vendor to directly notify the institution regarding identified product hazards
or recalls
4. A contingency plan in the event of an internal disaster
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and~ only
D. All of the above
--.-----,:-:·;:'~·.
8. Having performed an investigation of a patient's complaint, the patient grievance review
committee determined that the hospital faced a significant liability exposure, turned the results
of the investigation over to their attorney, and then told the risk manager that these results
would not be shared with the patient. The risk manager reminded them that the patient was,
nonetheless, still entided to the results of the investigation pursuant to:
A. The Healthcare Quality Improvement Act
B. Patient Self-Determination Act
C. Patient's Rights Conditions of Participation
D. Health Insurance Portability and Accountability Act
9. During an operation on an 18-year-old male in a Joint Commission accredited hospital, an

electrocautery device ignites the surgical drapes. Operating room staff quickly extinguishes the
:fire. However, the patient suffers second-degree bums to his right thigh. Based on all applicable
state and federal laws and regulations, what is the risk manager's best course of action?
A. Perform a root cause analysis and submit it and the device to the Joint Commission.
B. Secure the device until it can be exainined independendy. '-
C. Report the occurrence to the FDA and send the device to the manufacturer for repair.
D. Have the device examined by the hospital's biomedical department then send it to the hospital's
attorney if it is determined to be defective.
10. It is the risk manager's responsibility to report actual or potential claims to the healthcare
organization's insurance provider. Which of the following are generally considered reportable?
1. Lawsuits
2. Claims
3. Potentially compensable events
4. Patient complaints
A. 1 only
B. 1 and 4 only
C. 1, 2 and 3 only
D. All of the above
11. Which of the following statements regarding the use of restraints are TRUE?
1. Wrist or vest devices can be considered restraints
2. Locked seclusion is considered a form of physical restraint
3. Medication used to significandy alter a patient's behavior on an emergency basis is considei~d a'
form of chemical restraint
4. Voluntary use by a patient of an unlocked "quiet room" is NOT considered a form of physical restr$t
'·
A. 1 and 2 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above

12. The medical record historically has been a tool of risk management. In the event of an
untoward outcome or unusual incident, documentation in the medical record should include
all of the following EXCEPT:
1. A description of the occurrence
2. Corlunents about the notification of and related care provided by the patient's physician
3. The fact that an incident report was completed
4. The\fact~fhat the risk manager was notified
A 1 only
B. 1 and 2 only
C. 3' and 4 only
• D. 2, 3 and 4 only
13. One of the risk manager's responsibilities, in concert with the organization's legal counsel, is
to prepare a_witness for trial. In that regard, which of the following statements is FALSE?
A A witness should be prepared to give personal and professional information.
B. A witness should not pause before answering questions.
C. A witness should give brief answers.
D. A witness should tell the truth.
i '
14. The legal theory res ipsa loquitur would most likely apply to which of the following scenariosr
A. A unit of blood is given to the wrong patient
B. A hurricane damages visitors' vehicles on hospital property
C. A surgical instrument is rnisr::kenly left in a patient during a cesarean section
D. A visitor falls on the sidewalk and fractures her hip
15. Which of the following is an exampie of risk avoidancer

A Buying insurance so that the insurance company pays for losses
B. Including an indemnification and hold harmless clause in a contract with anesthesiologists
C. Closing a hospital's en;ergency department
D."Providing in-service education to improve the OB nursing staffs abilities to interpret fetal heart
monitoring
16. Which of the following is NOT part of risk identification and analysisr
A Gen~ric occurrence screening
B. Transfer of risk through a policy of insurance

C. Patient complaints and grievances
D. Joint Commission survey reports

'"···'-'--~,,
17. Which is NOT a role of the risk manager when it is determined that a medical record has
been altered?
A. Call the police
B. Conduct an investigation
C. Report the occurrence to external licensing boards as appropriate
D. Preserve the medical record and deter alterations
18. According to HIPAA, which of the following disclosures are permitted without an individual's
authorization and without granting the individual an opportunity to agree or object to the •
disclosure?
1. A physician discloses an individual's medical record to a colleague, who is a cardiac surgeon, for
review pri?r to consultation on that individual's heart condition.
2. A hospital discloses individually identifiable health information to the company that provides its
billing services. ·
3. A hospital discloses a patient's name ~d general condition injts facility directory.
4. A nursing home discloses patient health information to an accreditation organization for the
purpose of obtaining accreditation.
A. 1 and 4 only
B. 1, 2 and 4 only
C. 1, 3 and 4 only
D. All of the above
19. The federal "right to know" standard is also known as the:

A. Laboratory information standard
B. Hazard communication standard
C. Health Insurance Portability and Accountability Act
D. National Emissions Standards for Hazardous Air Pollutants
20. The insurance industry is cyclical. It is characterized by periods of time noted as "hard" and
"soft" markets. Which of the following statements is TRUE?
A. During a hard market, coverage is available and affordable
B. A hard market is characterized by flexible coverage terms
C. During a hard market, coverage may not be available at any cost
\',
·,
D. Hard market cycles last longer than soft market cycles
Additiona.J. Practice Questions 233

21. A group of obstetricians and neonatologists submits a proposal for a study on a new drug
that might improve fetal lung maturity and~ therefore, the survivability of newborn infants.
The proposal is approved by the institutional review board (IRB), and the study commences.
Two tp.onths into the study, the physicians decide to alter the drug regimen. lnst~d of giving
the drug during just the second month of the pregnancy, they want the drug given until the
completion of the first trimester. The IRB has a backlog of proposals, and the investigators
fear t\J.eir revised proposal would not be evaluated for a few months. The investigators should:
:I
A. Ask the Department ofOB/GYN to approve the change
B. Ask the Department ofOB/GYN and the Department ofPediatrics to approve the change.
C. Consult the ethics committee
D. Suspend the study until they can obtain an opinion from the IRB
22. The standard of care in a medical malpractice trial is established by:

1. State licens~g regulations
2. Standards published by medical professional associations
3. Expert opinion testimony.
4. Quality of care measures defined by voluntary accreditation organizations.
A. 1 and 2 only
B. 3 only
C. 1, 2 and 3 only
D. All of the above
•
23. Which of the following is true regarding ownership of medical records?
A. All medical record.s are owned exclusively by the entity that creates them.
B. The patient owns the information, but the healthcare entity owns the record.
C. No one "owns" a medical record, legaOy speaking.
D. All medical records are owned exclusively by the patient.
24. Changes to the federal EMTALA regulations that became effective in November 2003 include
.:which of the following?
1. All hospitals must have physicians on call 24 hours a day, seven days a week
2. Physicians are not allowed to schedule elective procedures when they are on call for emergencies.
3. The EMTALA regulations no longer apply to inpatients.
4. The definition of "hospital property" was narrowed.
A. 1 and 2 only
B. 3 and 4 only
C. 1, 2 and 4 only
D. 2, 3 and4 only

25. All of the following are effective error prevention strategies EXCEPT:
A. Decreasing the number of steps in a process
B. Reducing handoffs during a process
C. Adding multiple double-checks
D. Providing adequate training to "front line" staff
26. Which of the following is NOT a benefit of an external benchmarking project?

A. The benchmarking team will obtain information about the problem solving methods used by
other teams
B. The benchmarking team can use the resources of internal experts to assess and identify the needed
skills and experiences of external experts
C. The benchinarking team may learn otherwise inaccessible information about competitors that can
be used to .gain an advantage in the marketplace
D. External benchmarking facilitates COJ?parisons between corporate cultures and may identify
administrative/leadership issues that should be addressed '
27. Which of the following statement about reporting a sentinel event is FALSE?
A. Hospitals are required to investigate sentinel events that result in death or serious injury
B. Internal data is always protected under the state's peer review privilege
C. The outside agency that the event is reported to may use this data in generating its report
D. Hospitals are encouraged but not required to self-report these events
28~ Which of the following has the responsibility to determine initial emergency response level?
A. The emergency medical technicians responding to the scene
B. The emergency room physician scheduled to receive the patient
C. Dispatch personnel in accordance with policies and procedures appr~ved by the medical director
D. The medical expert at the scene
29. Calculation of retrospective rating premiums typically takes place:

A. At policy expiration and then every three months thereafter
B. Six months after policy expiration and then annually thereafter
C. Twelve months after policy expiration and every two years thereafter
D. Two years after policy expiration and every two years thereafter
\',
\
30. Which of the following is NOT ground for wrongful termination liability?
A. Violation of state wages and hours statutes
B. Hostile work environment
C. Quid pro quo sexual harassment
D. Discriminatory hiring/discipline based on sexual orientation

31. In the process of d~termining whether a patient has adequate mental or cognitive capacity to
make healthcare decisions, the physician must determine if the patient is:
1. Able to communicate either verbally or in writing
2. 0~ age according to state law
3. Able to understand the nature of the situation
4. Ahle td. understand the consequences of the decision
',1
A. 2 and 3 only
B. 2 and 4 only
C. 2, 3 and 4 only
D. All of the above
32. Which of the following criteria are necessary to establish that a healthcare advertisement is
deceptive?
1. The advertisement contains a representation or omission that is likely to mislead a consumer
2. The advertisement is in poor taste.
3. Consumers likely to be misled by the advertisement are "reasonable people," representative of the
audience targeted by the advertisement.
4. The representation or omission has a real impact on the consumer's choices.
A. 2 and 4 only
B. 1, 3 and 4 only
C. 2, 3 and 4 only
D. All of the above
33. Which of the following should prompt a root cause analysis according to Joint Commission
standards? \
1. Surgery performed on the wrong body part
2.Infantabduction
3. Non-hemolytic transfusion reaction
4. Death from a community-acquired infection
A. 1 and 2 only
•
B. 1, 2 and 3 only
C. 1, 2 and4 only
D. All of the above

For Questions 34-35:
A nursing home resident attempts to wander away from a facility and activates the alarm when he exits
the building via the main entrance. A nurse, who is in her first week of training, turns off the alarm at
the nurse's s!_ation. She then goes o~tside to find the patient. The resident is found and is returned to
the facility. The nurse in training then completes an incident report about the occurrence. She places
a copy in the medical record and sends the original to the risk manager. She also makes an objective
entry about the event in the nurses' notes in the medical record.
34. With regard to the alarm, which of the following is the most accurate statement?
A. The nurse should be disciplined for turning off the alarm before the patient was found.
B. The nurse should not have gone outside since other residents may have been placed in jeopardy.
C. The alarm switch should be relocated to the points of exit so the alarm can be deactivated only at
the locaii.on where the alarm was activated.
D. No action is warranted since the system worked the way it was designed.
~ '
35. With regard to the incident report, which of the following'is the most accurate statement?
A. No incident report was necessary since the resident was not harmed.
B. The nurse should not have copied the incident report and placed it in the medical record.
C. The nurse's note should not have mentioned the event.
D. No action is warranted since the personnel followed policy.
36. Interrogatories are:

A. Statements provided by employees while they are being interviewed by the risk manager.
B. Written questions that are answered in writing and under oath.
C. Documents produced in response to a request for production.
D. Live testimony given in person under oath out of court.
37. The doctrine oflex loci delecti commissi implies that:

A. The state where the injury occurred, or the one with the most ties to the issues involved, has
jurisdiction.
B. The master must answer for the acts of the servant.
C. The plaintiff has the burden of proo£
D. The board of trustees- as well as the chief executive officer- is responsible for the fiscal viability
of an entity.

38. For some behaviorhl health patients, remaining in the protected environment of an inpatient
unit is essential to ensuring their safety and the safety of others. Therefore, elopement
prevention is a critical component to the risk control program. Select the following statement
that is NOT an appropriate risk control practice.
A Th~ clinical managers of behavioral healthcare units that are designed with locked doors are the
only individuals who should carry keys to the doors in order to prevent elopements.
B. Cl~se opservation (1:1) and frequently scheduled face-to-face checks by staff are risk control
methods used to prevent elopements.
C. All behavioral health patients should be evaluated for the risk of elopement at the time of their
admission to an inpatient treatment setting and repeated periodically.
D. Strict visitor controls such as requiring visitors to show passes when entering and exiting the
behavioral h.ealthcare unit and staff confirming that elevator doors have been fully dosed prior to
unlocking the unit door should be implemented to prevent elopements.
39. Which of the following is NOT a type of consent?

A Informed
B. Implied
C. Practical
D. General
40. Issues surrounding the disposal of biomedical equipment generally fall into two categories:
1) the sale, donation or abandonment of ahealthcare facility's equipment to another entity,
group, or individual; and 2) the acquisition of a piece of biomedical equipment that is being
disposed of by another facility.
Based on the above, which of the following are key risk management considerations?
1. The selling/donating entity could find itself being considered part of the distribution chain, with a
potential for product liability exposure.
2. The capital outlay to acquire the piec~ofbiomedical equipment or the potential income to the
entity if they are the seller. ·
3. Compliance with FDA-mandated medical device tracking and documentation requirements that
may be associated with the disposal.
4. If the selling/donating entity is a tax exempt organization, it might jeopardize its tax exempt status.
A. 1 and 3 only
• B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
' • - > I~· ~~

41. Behavioral health patients may be at high risk for abuse. Which of the following statements
regarding the risk of abuse of behavioral health patients are true?
1. Pediatric, adolescent and geriatric behavioral health patients are particularly vulnerable
populations that may be at even greater risk for abuse.
2. A crucial abuse prevention strategy is to require that all behavioral health workers undergo
reference checks and criminal background checks before they are allowed to work with patients.
3. The organization must have a zero tolerance philosophy regarding any form of abuse including
physical, sexual and emotional abuse.
4. Behavioral health patients m:ay be confused and/or disoriented, and staff should be given "the
benefit of the doubt" and be allowed to continue working while a patient's allegation of abuse is
being investigated.
A. 2 and 3 only
·'
B. 2 and 4 only
C. 1, 2 and 3 only
D. 1, 2 and 4 only
42. A 44-year-old man develops severe chest pain while mowing his lawn. His family calls
911, and he is rushed via ambulance to one of the local hospitals. The emergency room
physician performs a comprehensive workup and discharges the patient with a diagnosis of
costochondritis. He dies that night while asleep in his own bed. The patient's family files suit
against the hospital and the emergency physician, a contracted provider for the hospital. The
most likely legal theory that can be used against the hospital would be:
A. Medical malpractice
B. Res ipsa loquitur
C. Contract liability
D. Ostensible agency
43. Which of the following are advantages of using an alternative dispute resolution meehanism
as compared to going to trial?
1. Better outcome
2. More economical
3. Less hostile
4. Quicker
A. 1 and 2 only
B. 1, 2 and 3 only .
\',
C. 2, 3 arid 4 only
D. All of the above

44. H a facility is accredited by the Joint Commission, which of the following are important risk
management reasons to review contracts?
1. To assure the Joint Commission standards are met regarding contracted services
2. To~evaluate indemnification/hold harmless provisions
3. To apply appropriate state law to the contract provisions
4. To,moJ!!.itor financial performance for the organization
•\
A 1 only
B. 1 and 2 only
C.,1, 2 and 3 only
D. All of the above
•
45. Mature or emancipated minors generally can consent to treatment of which of the following?
1. Sexually qansmitted disease
2. Pregnancy
3. Alcohol abuse
4. Mental health
A 1 and2 only
B. 1, 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
46. The risk manager should be vigilant in assessing the quality of medical record documentation,
looking for opportunities to enhance the yalue and quality of the medical record. This can be
done in which of the following ways?
1. Participate in general orientation foi'new employees.
2. Collaborate with Medical Records Department personnel.
3. Review incident patterns and trends for documentation issues and problems throughout th~ organization.
4. Contact defense counsel whenever there is a violation of a documentation guideline or standard of
practice.
A. 1 and 3 only
• B. 3 and 4 only
C. 1, 2 and 3 only
D. All of the above
-~.- . - . ~--•• l~r • •-

47. Legal essentials for a valid contract include:
1. A bargained for exchange of legal value between the contracting parties
2. The purpose or object of the contract is legal
3. The contract must be in writing
4. The contract contains risk assumption provisions
A. 1 and 2 only
B. 1 and 3 only
C. 2 and 3 only
D. 2 and 4 only
48. The Nee~e stick Safety and Prevention Act:

A p~'to emergency medical services and states that safe needle devices must be used whenever possible.
B. Pertains to emergency medical services but only indicates that universal precautions must be followed.
C. Does not pertain to emergency m~dical services because emergency responders recognize the risk
they are assuming in emergent situations.
D. Does not pertain to emergency medical services because services are provided out of hospital.
49. Which of the following does NOT pertain to first-party insurance?

A. Automobile liability
B. Fire/property
C. Boiler and machinery
D. Business interruption
50. Which of the following statements about occurrence and claims-made insurance policies is TRUE?
A. Invariably, an "occurrence" policy will cost less than a "clain'l.s-maqe" policy
B. Not all brokers and insurance carriers are able to offer "claims-made" coverage
C. Termination of "claims-made" coverage normally requires purchase of a "tail"
D. An "occurrence" policy always quotes higher deductibles than "claims-made"
51. The Patient Self-Determination Act obligates which of the following entities to provide their
clients with information regarding advance directives?
1. Hospitals
2. Physician's offices
I<
3. Health maintenance organizations (HMOs) \
4. Home healthcare services
A. 1 and 2 only
B. 1, 2 and 4 only
C. 1, 3 and 4 only
D. All of the above
Additional Practice Questions · 241

52. The most important aspect of claims handling is:
A. The art of reserving adequate funds
B. The initial investigation
C. The: skill of the defense attorney
D. The medical record
' .:I
53. Reserving a claim - that is, identifying what amount of money will be paid out in indemnity
and loss adjustment costs by the time the case is settled or resolved- is more an art than a
science. Therefore:
1. Reserves should reflect only the insurance coverage available.
2. Reserves should be based on all the information available.
3. Reserves should not take into account immunity provisions in either contracts or statutes.
4. Reserves should be changed every 90 days.
A. 2 only
B. 1, 2 and 3 only
C. 2, 3 and 4 only
D. 1, 2 and4 only
54. Behavioral health patients must be assessed for the risk of suicidal ideation or homicidal acts
in order to protect the patient and community. Select the following statement that is NOT an
appropriate risk control practice when managing a patient who is at risk of suicidal ideation
or homicidal acts. ·
A. When an individual who is at risk of suicide or homicide is placed on close observation (1: 1),
the staff member.performing the 1: 1 duty must always have total visual contact with the patient
including bathroom and grooming activities
B. A staff member performing 1:1 duty s~uld not have other assigned duties.
C. When a body search is determined necessary; it should be conducted by a same-sex professional
staff member and does not require a witness to be present
D. The physical environment must be modified to protect the behavioral health patient from suicide
attempts including the use of "break away' shower rods and showerheads, shatterproof mirrors
and fully enclosed plumbing in the bathrooms.
55. U.rlder EMTALA regulations, the Emergency Department must maintain a roster of
physicians who are available on-call to provide consultation or care for EMTALA patients. If
the hospital cannot provide complete on-call coverage for a particular service represented by
the medical staff:
A. The hospital may be fined up to $50,000.
B. The hospital must make efforts to arrange for such coverage to the best of its ability.
C. The hospital will lose its Medicare certification.
D. The hospital must post information to this effect in each public area.
l__
--~~- -' '..:.
56. If a state has its own occupational safety and health agency:
A. The federal OSHA regulations pre-empt the state regulations
B. State regulations must conform to the federal regulations
C. State regulations can be less strict than the federal regulations
D. State regulations can be stricter than the federal regulations
57. High-reliability organizations share all of the following characteristics EXCEPT:

A. Easy-to-use reporting systems
B. Early resolution of claims
C. Non-p~tive culture
D. Systems for rewarding safety-motivated behaviors
·'
58. A central log must be kept of everyone who comes to the Emergency Department seeking
emergent care. Such logs must also: be maintained by dep~ents that:
' '
A. Provide case management services to patients
B. Counsel patients as to the availability of alternative healthcare services within the community.
C. Offer non-scheduled primary care services
D. None of the above
· 59. Most healthcare risk managers gain access to the commercial insurance market by using an
insurance broker or agent. Which of the following statements is FALSE?
A. Agents are insurance professionals who represent the insured.
B. Brokers participate in the evaluation of risk potential.
C. Brokers are independent insurance professionals who represent the insurance buyer to the
insurance company.
D. Brokers are compensated on a commission and/or fee basis.
60. The insurance coverage a hospital purchases may be written on either an occurrence or claims-
made basis. Which of the following statements are TRUE?
1. An occurrence policy covers an insured for incidents that occur while the policy is in effect,
regardless of when the incident is reported to the insurer. .
2. A claims-made policy covers an insured for incidents that occur and are reported to the insurer
while the policy is in force.
3. Regardless of which type is purchased, supplemental tail coverage must be purchased, too. "
4. For coverage to apply under a claims-made policy, the incident or claim must have occurred' bef~re '
the retroactive date of the policy.
A. 1 only
B. 1 and 2 only
C. 1, 2 and 3 only
D. All of the above

I
61. The Patient's Rights Conditions of Participation mandates that a patient placed in a restraint
for behavioral reasons must be seen and assessed by a "licensed independent practitioner'':
A As soon as possible
B. lmm~diately
C. Within one hour of initiating the restraint
D. Wit4in rwo hours·ofinitiating the restraint
',I
62. A 12-year-old female is administered an excessive amount of a drug and develops transient
tachycardia that necessitates monitoring in the pediatric intensive care unit for eight hours. If
the preliminary information indicates there is clear liability on the part of the organization,
the most pmdent course of action for the risk manager would be to:
A Complete the investigation but take no further action since the tachycardia was only transient.
B. Review the patient's medical record to determine who, according to HIPAA regulations, is the
appropriate p:uent or guardian in case the risk manager is approached by the patient's family.
C. Inform the physician who ordered the medication so he can notifjr his malpractice insurance carrier.
D. Make direct contact with the claimant as soon as is practicable in accordance with the
organization's disclosure of unanticipated outcomes policy.
63. The investigative process is composed of which of the following steps?

1. Discovering the facts
2. Determining the applicable standard of care
3. Assessing the applicable legal principles
4. Reviewing the appropriate HIPAA regulations
A 1 and2 only
B. 1 and 3 only
\._
C. 1, 2 and 3 only
D. All of the above
64. Disasters can strike at anytime, anywhere. Hospitals that are accredited by the Joint
Commission must ensure that they can document they are prepared for such disasters by
doing which of the following?
1. Pe,rforming at least four drills a year
2. Evaluating each drill formally
3. Performing no more than two tabletop drills annually
4. Ensuring that drills are conducted no closer than 4 months apart
A 1 and2 only
B. 2 and 3 only
C. 2 and 4 only
D. 1 and 3 only
--· .:··,:.... ----.-~-,-·

... ,.._ .. '·
65. In the risk management process, the fourth step is:

A. Monitor and improve the risk management process
B. Identify and analyze the loss exposure
C. Implement the selected technique
D. Consider the alternative risk management techniques
66. H there is no OSHA standard for a given potential health hazard:

A. OSHA has no authority to govern it
B. OSHA may have the authority to govern it under the general duty clause
C. OSHA ~oes not have authority to govern it, but NI OSH may
D. It is pro~ably not a health concern
67. Which of the following is NOT true regarding child abuse and neglect reporting?
A. Child abuse and neglect reporting laws have been enacted ih every state in the U.S.
B. Practitioners face possible litigation for failure to act when they have a suspicion of child abuse
C. Practitioners are generally given immunity from liability when reporting in good faith
D. Healthcare practitioners are voluntary reporters of child abuse
• 68. One of the most important considerations when purchasing property insurance is:
A. Finding a local broker or insurance carrier who knows the geographic area
B. Whether "actual cash value" or '"replacement cost" is covered in case ofloss
C. Choosing an insurance carrier that also offers other insurance products
D. Whether higher deductibles are available for specific categories of losses
69. Within the Safe Medical Device Act, the Food and Drug Administration {FDA) defined a
reportable event as "information [from any source] that reasonably suggests that a device has
or may have caused or contributed to a death or serious injury." Such events must be reported
to the FDA alone whenever:
1. They involve a serious patient injury
2. They involve a patient death
3. The identity of the manufacturer of the device is unknown
4. The distributor of the device is unknown
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above

70. Workers' compensation experience modification factors are defined as:
A. Covered payroll and number of FTEs
B. Covered payroll and covered employees' risk classification
C. Emp\oyer's loss experience relative to other industry employers
I .
D. Number ofFTEs and employers' loss experience relative to other industry employers
. I
71. Whic~ of the following statements about peer review records is NOT correct?
A. Peer review records are protected from discovery by state statutes.
B. By transferring peer review records to an attorney, they become privileged.
C. Peer review records often contain confidential data about uninvolved patients.
D. Members of peer review committees have statutory immunity from lawsuits.
72. When a potentially compensable event occurs and it is determined that the event might be a
significant one, the original medical records should be:
A. Stored in the risk manager's office
B. Secured in the Medical Records Department with only limited access
C. Sent to the defense attorney with a valid copy maintained securely in the Medical Records
Department ·
D. Microfiched, microfilmed or digitally recorded immediately
73. Congress, in its Patients' Bill of Rights, directed states to ensure that behavioral health
patients receive the protection and services they require. In order to preclude the possibility
of litigation and control risk, organizations must ensure that the provisions of these rights are
implemented. Select the following statement that does NOT correctly represent the protection
afforded to behavi~ral health patients.
A. Patients have a right to receive treatment in an environment free from restraint and seclusion.
B. Behavioral health patients must receive ihitial medical, psychosocial and behavioral health
assessments that are used in the development of specific plans of care with measurable goals and
achievable treatment objectives.
C. A general consent for the release of medical information typically used by other healthcare
services is sufficient when a patient has received treatment for a behavioral health diagnosis and! or
treatment for drug or alcohol abuse.
D. Behavioral health patients have the right to review and/or obtain copies of clinical records; however,
access to behavioral health records by other individuals and organizations is specifically restricted.

,, ,,_u_._.__ ~·-··
7 4. Protecting outdoor air intakes can mitigate the risk of terrorist acts of introducing airborne
agents into a facility. Steps to accomplish this include:
1. Relocate intakes to a rooftop or higher up on the building
2. Establish a security zone around the ii:uakes
3. Add lighting and surveillance cameras to monitor the intakes
4. Implement negative ventilation throughout the building
A. 1 and 2 only
B. 2 and 3 only
C. 1, 2 and 3 only
D. All of the above
75. Workers' ~ompensation injuries often can be substantial not only from a medical cost
perspective but also from a productivity standpoint. One of the best ways to reduce workers'
compensation claims related to rep~titive motion injuries is to:
' \
A. Perform an ergonomic evaluation
B. Have an appropriate wellness program
C. Enhance on the job training
D. Offer annual physicals
76. A federal law that serves to limit the liability of hospital trustees is the:
A. Healthcare Quality Improvement Act
B. Limited Liability Act
C. Healthcare Not For Profit Corporation Act
D. Volunteer Protection Act
77. The best content and format for a risk manager's report to the board is:
A. A single, comprehensive report that provides as much information as possible on all available data
B. Several separate, comprehensive reports containing all available data
C. A short, easy to read report tracking the organization's risk management trends over time in a
graphic format ·
D. A short report that contains only the information deemed relevant by the risk manager and the CEO
78. As provided for within the Patient's Rights Conditions of Participation, all patient dea~
associated with the use of restraints must be reported to the: ;
.
A. Centers for Medicare and Medicaid Services
B. Office of Civil Rights
C. Food and Drug Administration
D. Office of the Inspector General

79. Which of the following BEST describes workers' compensation coverage?
A. Workers' compensation is a state regulated coverage that provides compensation to employees
for injuries arising out o£ and in the course o£ their employment. It is a pure form of no-fault
insurance and provides statutory benefits.
B. WorMers' compensation provides compensation to e;ployees for injuries arlsing out of their
employment
C. Wor~ers' ~ompensation is a federally regulated coverage that provides compensation to employees
for injuri~ arising out o£ and in the course o£ their employment. It is a pure form of no-fault
insurance and provides statutory benefits.
D. Workers' compensation is a state regulated coverage that provides compensation to employees
for injuries arising out o£ and in the course o£ their employment. For coverage to apply, the
employer m~t be found negligent.
80. Which of the following statements is TRUE?

A. Borrowing funds is an efficient means of paying for losses when they become due.
B. Borrowing funds is an inefficient means since it reduces the organization's ability to borrow funds
for more appropriate purchases.
C. The cost of unplanned borrowing typically is less expensive when used to fund operating expenses
instead of long-term capital improvements.
D. There is no significant difference between borrowed funds to pay for losses compared to a self-
insured retention fund.
81. On a steamy summer afternoon, an 86-year-old female is walking toward the entrance of a
physician's private-practice office. There was a light rainfall two hours before. As she steps
from the parking lot to the sidewalk, she slips on the curb. She tears her dress and stockings.
The woman now seeks reimbursement for her damages after hearing that a portion of the
sidewalk near the .door was to be replaced the day after she fell. Which of the following
defenses could reasonably be employed to deny this claim?
1. The fall was an act of God since it raineclearlier.
2. The sidewalk that was replaced the day after her fall was not the proximate cause of her fall.
3. The damages were minimal so no compensation was warranted.
4. There was no breach of duty.
A. 1 only
B~ 1 and 4 only
C. 2 and 4 only
D. All of the above

82. As a claim matures, new information from experts, defense counsel or adjusters may develop.
In that case, which of the following is TRUE?
A. Changing the reserve might be appropriate only under certain conditions.
B. It is acceptable to inerease reserves, if appropriate, but they should not be decreased.
C. Step laddering reserves is the best means of addressing new developments.
D. Adjust the reserves frequently to address new developments as well as to account for inflation.
83. Freestanding behavioral health organizations are considered to be those that are not hospital
based and!or not considered to be part of the services offered by an acute care general hospital'
or behavioral health inpatient hospital. Which of the following statements regarding risk
control practices in a freestanding behavioral health organization are TRUE?
1. The or~zation must require formal, written contracts with all independent contractors.
2. The orgacization must require all independent practitioners to maintain professional liability I
insurance in amounts deemed appropriate by the organization and in accordance with any state !
requirements and taking into accoU{lt the local litigation climate.

, \
3. The organization must maintain general liability and premises insurance policies in sufficient amounts.
4. There should be an on-site professional designated to develop the risk control program and
implement risk control activities.
A. 1 and 2 only
B. 2 and 3 only
C. 2, 3 and 4 only
D. All of the above
84. A contract involving professional services should always include minimum amounts of which
of the following coverages?
1. Professional liability
2. Workers' compensation
3. Directors and officer's
4. General liability
A. 1 only
B. 1 and 2 only
C. 1 and 4 only
D. All of the above
\',
85. The report "To Err Is Human'' concluded that approximately 44,000 to 98,000 inpatiehts J.ie
annually as a result of medical errors. 'Ibis report was originated by:
A. The Institute of Medicine
B. The Joint Commission
C. The Office of the Inspector General
D. The Centers for Medicare and Medicaid Services

86. In July 2001, the Joint Commission created additional Patient Safety Standards that speak
to risk management as a resource for pollcy-making, not just a data source for monitoring
improvement. These standards require organizations to develop policies and procedures for
which of the foil~
1. Proper: response to an adverse event
2. Prevention of accidental harm
3. Disclosure Vadverse events to patients and families
4. Fiscal accountability
A. 3 only
B. 1 and 3 only
C. 1, 2 and 3 only
D. All of the above
87. To encourage $e participation of physicians in the peer review process, federal law provides
protection from civil liability for those who participate in good faith in this endeavor. The
specific federal law that provides such protection is:
A. Health Insurance Portability and Accountability Act
B. Healthcare Quality Improvement Act
C. Medical Staff Conditions of Participation
D. Quality Standards Act
For Questiom 88 - 90:

An organization has structured professional liability coverage with a combination of SIR and
commercial insurance. The SIR limits are $2,000,000 per incident and $6,000,000 yearly aggregate.
In addition to the SIR, ·the organization purchased excess coverage in the amounts of $10,000,000 per
incident and $25,000,000 yearly aggregate.
Assume that all the policies are written on a caiendar year basis, all payouts are in the correct year, and
the SIR fund and the commercial insurance carrier are financially solvent.
88. If the above organization has not had a claim paid during the year, what amount would be
available for the first claim?
A. $2,000,000
B. $6~000,000
c. $10,000,000
D. $12,000,000

89. If the first claim is settled for $5,500,000, how much will the commercial insurance company
have to pay?
A. $0
B. $2,000,000
c. $3,500,000
D. $5,500,000
90. If the above organization loses three consecutive $2,000,000 cases then loses a case for
$3,000,000, how much money &om the SIR will be used to pay the fourth claim?
A. $0
B. $1,000,000
c. $2,000,000
D. $3,000,000
91. A 72-year-old Alzheimer's patient develops acute congesti~ heart failure. Several invasive
procedures are performed, but the patient dies within 12 hours of admission. His family files
a wrongful death lawsuit naming all the physicians and the hospital as defendants. At trial,
the standard of care in the above case must be determined by:
A. Case law
B. Expen opinion
C. State and federal law
D. Professional standards
92. According to the Healthcare Quality Improvement Act, which of the following require(s)
reporting of the medical professional liability payments to the National Practitioner Data Bank?
1. A verdict against a dentist
2. A verdict against a physician
3. A verdict against a solo physician's practice corporation
4. A verdict against physician group practice corporation
A. 2 only
B. 1, 2 and 3 only
C. 2, 3 and 4 only
D. All of the above
. 93. A physician has a $2-million policy limit with a $100,000 per claim deductible. How much
\',
·~ '
total insurance does the insured have?
A. $2,100,000
B. $1,900,000
c. $1,800,000
D. Less than $1,800,000

94. Many organizations are striving to become "highly reliable." Which of the following
characteristics is NOT considered indicative of a highly-reliable organization?
A Ongoing monitoring of activities
B. A "top down" management style
C. Acknowledgement of risk
D. AppJtopri~te reward systems
:\
95. The Joint Commission has developed numerous patient safety goals. Which of the following
is NOT one of the goals?
A Improve the accuracy of patient identification
B. Improve the effectiveness of clinical alarm systems
C. Improve safety in the Emergency Department
D. Improve the effectiveness of communication among caregivers
96. The Joint Commission is concerned about workforce shortage and is requiring hospitals to
develop screening criteria for monitoring the problem. Which criteria are acceptable to the
Joint Commission?
1. Number of skin breakdowns
2. Number of adverse drug events
3. Number of patient-related lawsuits
4. Number of nursing care hours per patient day
A 1 and2 only
B. 1, 2 and 3 only
C. 1, 2 and 4 only
D. All of the above
97. An employer may decline to hire a disabled applicant otherwise qualified for the job:
A If the applicant refuses to describe or explain her disability
B. If the applicant might present a safety risk to herself or her co-workers
C. Ifthe applicant cal:mot explain or demonstrate how she would actually perform her job when asked to do so
D . .t)ll of the above
98. Which of the following is regulated by both OSHA and EPA?

A Glutaraldehyde
B. Nitrous oxide
C. Asbestos
D. Isopropyl alcohol
'-- . :·.-.·.; ..·.: ...':·

.. ·_·,,.•:,:,_L'._.·· - - - - - - ···---··---
99. Managing a request for insurance proposals is a complicated yet necessary task. With regard
to market proposals and conceptual proposals, which of the following is FALSE?
A The market method selection process is simpler and more straightforward
B. Pricing all lines of coverage by market assignments is difficult for a program that has multiple
renewal dates
C. The conceptual approach is more objective
D. The conceptual approach allows factors other than cost to be considered
100. IDPAA requires a written agreement for covered entities and business associates in which of
the following situations?
1. A skilled-nursing facility transferring patients to a hospital pursuant to a transfer agreement
2. A transcdption service providing medical record transcription for a physician's office
3. A hospital contracting for exterior maintenance services
4. A software maintenance company PFoviding services to a hospital's finance functions
, .,
A 1 and2 only
B. 2 and 4 only
C. 1, 2 and 4 only
D. All of the above

Additional Practice Questions: Answer Sheet
1. 26. 51. 76.
'
I
2. 27. 52. 77.

3. ' :I
28. 53. 78.
4. 29. 54. 79.
5. . 30 . 55. 80.
6. 31. 56. 81.
7. 32. 57. 82.
8. 33. 58. 83.
9. 34. 59. 84.
10. 35. 60. 85.
11. 36. 61. 86.
12. 37. 62. 87.
13. 38. 63. 88.
14. 39. 64. 89.
15. 40. 65. 90.
16. 41. 66. 91.

,_
17. 42. 67. 92.
18. 43. 68. 93.
19. 44. •, 69. 94.
20. 45. 70. 95.

21. • 46. 71. 96.
22. 47. 72. 97.
23. 48. 73. 98.
24. 49. 74.

.
99 .
25. 50. 75. 100.
' ..
------'------'--'------'----'"'- --- -----~--- -' ·----·
Additional Practice Questions: Answers

1. c 26. c 51. c 76. D
2. B 27. B 52. B 77. c

3. c 28. A 53. A 78. A
4. c 29. B 54. c 79. A .

5. A 30. A 55. B 80. B
6. c., 31. c 56. D 81. c

7. c ·'
32. B 57. B 82. A
8. c 33. A 58. c 83. D

: .
9. B 34. c 59. A 84. A
10. c 35. B 60. B 85. A
11. D 36. B 61. c 86. c

12. c 37. A 62. D 87. B
13. B 38. A 63. c 88. D
14. c 39. c 64. c 89. c

15. c 40. A 65. c 90. A
16. B 41. c 66. B 91. B
17. A 42. D 67. D 92. B
18. B 43. c 68. B 93. B
19. B 44. B 69. B 94. B

'
20. c 45. D 70. c 95. c·
21. D 46. c 71. B 96. c
22. B 47. A 72. B 97. c 1:-.
-'--
23. B 48. A 73. c 98. c I
24. B 49. A 74. c 99. c I

i,
25. c 50. c 75. A 100. B

CPHRM Guide 2

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CPHRM Guide 2

Transféré par

Droits d'auteur :

Formats disponibles

.,.:.

For use with the

safe and trusted healthcare

155 N. Wacker Dr.

All rights reserved

ASHRM Preparation Guide for the CPHRM Examination i

Douglas J. Borg, MHA, ARM, CPHRM, DFASHRM

Karen Liptak, BSN, MPNHCA, CPHRM, CPPS

Sherrill Peters, BSN, ARM, CPHRM, FASHRM

Kathryn E. Townsend, RN, JD, ARM, CPHRM

Marcia Cooke RN-BC, MSN

For additional resources go to www.ashrm.org

ASHRM Preparation Guide for the CPHRM Examination

XXII. Human capital risks .................................................... 32

ASHRM Preparation Guide for the CPHRM Examination iii

Legal and Regulatory Domain

iv ASHRM Preparation Guide for the CPHRM Examination

Risk Financing Domain

Claims and Litigation Domain

Acronyms . .................................................................... .211

Key Terms ...••.•.•.•..••..••...•••..•........•.•.••.••..••.....•..••••.••••. ~ .2l5

ASHRMPreparation Guide for the CPHRM Examination v

Options for further review

]I AHA Certification Center Tools

vi ASHRM Preparation Guide for the CPHRM Examination

HEALTH CARE OPERATIONS Domain

2 ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 3

4 ASHRM Preparation Guide for the CPHRM Examination

HEALTH CARE OPERATIONS Domain 5

6 ASHRM Preparation Guide for the CPHRM Examination

- . . _._-... _._.;.·- -·:c- - ,-_,_.-----::--::.·,

HEALTHCARE OPERATIONS Domain 7

8 ASHRM Preparation Guide for the CPHRM Examination

HEALTH CARE OPERATIONS Domain 9

ASHRM Preparation Guide for the CPHRM Examination

HEALTHCARE OPERATIONS Domain 11

III. Risk identification

12 ASHRM Preparation Guide for the CPHRM Examination

L____,_ ·,-:,.• •. ·.·;

HEALTH CARE OPERATIONS Domain 13

IY. Risk management program

14 ASHRM Preparation· Guide for the CPHRM Examination

V. Development of the risk management program

HEALTH CARE OPERATIONS Domain 15

VI. Key attributes of a risk management program

VII. Scope of the risk management program

16 ASHRM Preparation Guide for the CPHRM Examination

HEALTH CARE OPERATIONS Domain 17

VIII. Required skills for the successful healthcare risk manager

IX. Education and professional recognition

18 ASHRM Preparation Guide for the CPHRM Examination

XI. Risk management operations

HEALTHCARE OPERATIONS Domain 19

B. Developing a risk management plan and policy statement

XII. Organizational Governance

20 ASHRM Preparation Guide for the CPHRM Examination

XIII. Directors and officers liability prevention

XIv. Physician and allied health professionals credentialing

HEALTH CARE OPERATIONS Domain 21

22 ASHRM Preparation Guide for the CPHRM Examination

XV. Risk management's role in performance improvement

Risk 1\Luugc:mcllC Pertornunu:: lmpru\cmcnr