The purpose of the Risk Management Program is:
- To establish our commitment to maintain a program designed to create conditions that reduces and maintains the risk on unauthorized disclosure/release of electronic Patient Health Information.
- To define the method of reporting unusual occurrences and the procedures used to conduct effective follow up, and efficient tracking of data.
- To establish the practice of monitoring trends in incidents reported and to analyze the outcomes of trends, to seek assistance from the staff involved in monitoring these incidents and to educate the staff regarding outcome.
- To lower the risks of acceptable levels of risk over time.
Procedure: Our Medical and Professional Staff understands and agree that as part of the security management policy these procedures must be followed:
- Develop Risk Management Program or facsimile of the same as a result of the Risk Assessment Plan.
- The risk management program shall identify actions to take and basic time frames related to the same
- The risk management plan shall result in a number of policies and procedures that addresses topics covered during the risk assessment;
- The Security Manager is given full authority to implement and oversee the facility’s internal risk management program as defined by duties and responsibilities in the Security Manager’s Job Description.
- All team members shall receive training on the risk management program within the first thirty days of employment.
- At least annually, all team members shall receive a refresher covering the risk management program and appropriate topics regarding the same.
