Goal: Implement Security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
The purpose of the Risk Management Program is:
- To establish our commitment to maintain a program designed to create conditions that reduces and maintains the risk on unauthorized disclosure/release of electronic Patient Health Information.
- To define the method of reporting unusual occurrences and the procedures used to conduct effective follow up, and efficient tracking of data.
- To establish the practice of monitoring trends in incidents reported and to analyze the outcomes of trends, to seek assistance from the staff involved in monitoring these incidents and to educate the staff regarding outcome.
- To lower the risks of acceptable levels of risk over time.
Procedure: Our Medical and Professional Staff understands and agree that as part of the security management policy these procedures must be followed:
- The Security Manager is given full authority to implement and oversee the facility’s internal risk management program as defined by duties and responsibilities in the Security Manager’s Job Description.
- The Security Manager’s position in the organizational structure allows clear reporting lines to Management.
- The Security Manager is allowed complete access to all electronic records
- All providers agents and employees have the affirmative duty to report security breaches (potential or actual) as well as patient incidents, patient grievances, visitor incidents and serious incidents to Security Manager or designee within three working days.
- The staff will receive one hour of Risk Management training within the first thirty days of employment for the purpose of instruction in the operation and responsibility of the incident reporting system.
- At least annually, all personnel shall receive risk prevention training including the importance of accurate and timely incident reporting.
