Employees Guide to Risk Management

Typing Template for APA Papers: Employees Guide to Risk Management


Grand Canyon University

Mishaps are unavoidable 100% of the time in the work place. This does not mean that proper policies, procedures and protocol are not important to avoid internal mistakes, especially in the health-related field. That is why I have chosen to write addressing employee risk management to address what liabilities lie ahead for improper work ethic and protocol, and why some of the dangers are happening risks employees may be taking inside these medical facilities.

Risk Management

In order to address the matter on Risk management, one must know exactly what it is. Risk management programs are designed to reduce the influence of preventable accidents and injuries to minimize the financial loss of the institution should an injury occur (Kavaler & Alexander,2014). In short, Risk management finds possible liabilities for companies, develop and enforce ways to avoid them. They protect the company’s equity by following four steps in advancement or combination: risk identification, risk analysis, risk control/treatment, and risk financing. We will take a closer look at what each step entail and the importance in certain agencies such as the Joint commission and HIPAA

Risk Identification

Risk identification involves the collection of information about current and past patient care occurrences and other events that represent potential losses to the institution. Staying atop of all the possible risks is an ongoing process. It is not something that is handled once and goes away or never happens again. Every situation or case is individual and ways to improve limitations on faults are always in play. Early warning data can be obtained through security reports, quality assessment studies, accreditation and/or licensure surveys, and patient complaints (Kavaler & Alexander,2014). While conformity professionals are responsible for describing, organizing, and assigning responsibility for administering agreement risks, employees are responsible for operating in a professional and ethical manner (Gravelle,2018).

Joint Commission/HIPAA

The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) is a not-for-profit organization that accredits some 21,000 healthcare organizations and programs in the United States. Its patient tracer methodology is a useful technique for tracking a patient through the entire healthcare experience, beginning with the first patient interaction (Gravelle,2018). JCAHO works to boost patient safety with a host of recently approved measures, which demand nursing involvement and IT support. This allows employees a chance to rectify the incident they were accused of creating (Simpson,2001). An expert panel of leaders in patient safety and medical/healthcare error reduction, as well as reps from hospital, government, insurance agencies, universities and advocacy care groups make up the JCAHO. Their aim is to encourage error identification, improve performance, manage information, and educate patients.

With Error Identification, medical facilities use internal and external knowledge in order to develop patient safety programs that help to minimize individual blame and reoccurrence of error. In order to improve performance, organizations implement proactive assessment programs targeted at stopping incidents before they happen. They do this by reviewing and taking the proper steps to reduce high risk activities. To manage information, hospitals should combine patient related safety to identify patient risks, apply the information, and educate staff involved in patient safety issues to improve outcomes. Hospitals emphasize patient safety when it comes to the patients’ rights, education for patient and their family and continuance of care. Patients should be aware of the outcomes of the care they are to receive, even if they are unforeseen. This consists of educating the patient thoroughly (Simpson,2001).


When considering healthcare, a common name used regularly would be HIPAA, this stands for Health Insurance Portability and Accountability Act. HIPAA creates national requirements to protect each patient’s medical information and other personal health information (PHI) (HHS.gov,2002). These requirements allow patients to have more control over their medical and personal information and who has access to it as well. It puts into place appropriate safeguards that health care providers and others must incorporate to protect the privacy of health information. This, for patients, means they have more of a say so in making informed choices when seeking care and reimbursement for care based on how personal health information may be used.

What happens for facilities when proper protocol is not followed, and rules are neglected, and shortcuts are taken regarding patient care? For instance, according to truevalt.com (2018), violating HIPAA can accrue fees anywhere from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time. The numbers can also increase depending upon how many patients were affected and the amount of neglect inflicted. The fines and charges are broken down into 2 major categories: “Reasonable Cause” and “Willful Neglect”. Reasonable Cause ranges from $100 to $50,000 per incident and does not involve any jail time. Willful Neglect ranges from $10,000 to $50,000 for each incident and can result in criminal charges.

In conclusion, it is very vital that all rules and regulations are followed according to proper protocol. Patient care and information can not afford to be compromised. The role that risk management plays is crucial due to constant updating and. The following chart gives employees a better look into how fines are broken down and how expensive preventable mishaps can become due to unwilful/willful neglect:

Violation Amount per violation Violations of an identical provision in a calendar year
Did Not Know $100 – $50,000 $1,500,000
Reasonable Cause $1,000 – $50,000 $1,500,000
Willful Neglect — Corrected $10,000 – $50,000 $1,500,000
Willful Neglect — Not Corrected $50,000 $1,500,000

Source: HHS,


GRAVELLE, L. (2018). RED alert. TD: Talent Development72(2), 26–31. Retrieved from https://lopes.idm.oclc.org/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=ehh&AN=127778517&site=eds-live&scope=site

HHS.gov. (2002). What does the HIPAA Privacy Rule do? Retrieved from: https://www.hhs.gov/hipaa/for-individuals/faq/187/what-does-the-hipaa-privacy-rule-do/index.html

Kavaler, F., and Alexander, R. S. (2014). Risk management in healthcare institutions: Limiting liability and enhancing care (3rd ed.) Burlington, MA: Jones & Bartlett Learning. ISBN-13: 9781449645656

Simpson, R. L. (2001). Size up the big three. Nursing Management32(3), 12–14. Retrieved from https://lopes.idm.oclc.org/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=5813245&site=eds-live&scope=

Brown, Morgan. What is the penalty for a HIPAA violation? (2014). Retrieved from: https://www.truevault.com/blog/what-is-the-penalty-for-a-hipaa-violation.html