WHO IS ACCREDITED?

Private Organization Accreditation

Children's Home Society of Florida delivers a unique spectrum of social services designed to protect children at risk of abuse, neglect or abandonment; to strengthen and stabilize families; to help young people break the cycle of abuse and neglect; and to find safe, loving homes for children.
read more >>

ORGANIZATION TESTIMONIAL

Nuevo Amanecer Latino Children's Services

Galo A. Rodriguez, M.P.H., President & CEO

Since Nuevo Amanecer Latino Children’s Services pursued its COA accreditation on October 14, 2004, this corporation has sustained a continuous quality improvement process by not looking whom to blame among the involved parties but improving what we have already done well… because good enough is not good enough.
read more>>

Purpose

Proactive, comprehensive, and systematic risk management practices reduce the agency’s risk, loss, and liability exposure.

FOC
PA-RPM 2: Risk Prevention

The agency identifies and reduces potential loss and liability by:

  1. conducting prevention and risk reduction activities; and
  2. monitoring and evaluating risk prevention and management effectiveness.

Table of Evidence

Self-Study Evidence On-Site Evidence On-Site Activities
    County/Municipality Administered Agency, State Administered Agency (Central Office), or other Public Entity
    • Risk management plan (PA-RPM 2.01) including:
      1. Procedures for conducting annual assessments of potential agency risks (PA-RPM  2.02)
      2. Procedures for quarterly review of immediate and ongoing risks (PA-RPM 2.03)
      3. Procedures for investigation and review of critical incidents (PA-RPM 2.04)
    • Quarterly (PA-RPM 2.03) and annual (PA-RPM 2.02) risk management reports, including analyses and improvement action plans, as applicable
    • Contract or other documentation of agreement with organizations permitted to use facilities (PA-RPM 2.05)
    • Network only:
      1. Procedures for identifying and verifying provider insurance 
      2. Copy of written communication to providers regarding required insurance
      3. Documentation of insurance verification (PA-RPM 2.06)
    State Administered Agency (Regional Office)
    • Regional risk management procedures, as applicable
    • Regional quarterly (PA-RPM 2.03) and annual (PA-RPM 2.02) risk management reports, including analyses and improvement action plans, as applicable
    All Agencies
    • Management meeting minutes at which risk and risk prevention performance is reviewed, improvement actions are discussed and implemented, as applicable (PA-RPM 2.02, PA-RPM 2.03)
    County/Municipality Administered Agency, State Administered Agency (Central Office), or other Public Entity
    • Interview:
      1. Agency head
      2. In-house counsel
      3. Risk management personnel
    • Network only interview:
      1. Provider Governing Body members
      2. Provider CEO/CFO
    State Administered Agency (Regional Office)
    • Interview:
      1. Regional Director
      2. Agency leadership

  • PA-RPM 2.01

    A written risk management plan operationalizes the agency’s risk management activities and:

    1. articulates the agency’s overall approach to risk management;
    2. describes the risk management structure and activities; 
    3. defines staff roles and outlines training and competency expectations by job position or category; and
    4. includes measurable goals for reducing potential risks. 

    Interpretation:  Element (b) for statewide agencies, or agencies that cover multiple regions/communities, must delineate:

    1. the specific responsibilities of the central, regional, and local offices in carrying out risk management activities; 
    2. how risk management information will be communicated among the various offices; and 
    3. what role each office will play in implementing and tracking corrective action.
    Additionally, in regards to element (b), risk management activities should include contract monitoring activities that align with the standards in PA-PQI 9.


  • PA-RPM 2.02

    The agency annually assesses areas of potential risk, including:

    1. compliance with legal requirements;
    2. technology and information management;
    3. liability exposure;
    4. the health and safety of personnel and persons served, including the prevalence of work-related stress and the impact of trauma;
    5. human resources practices;
    6. contracting practices and compliance;
    7. client rights and confidentiality issues;
    8. financial risks;
    9. public relations, branding, and reputation; and
    10. conflicts of interest.

    Update:

    • Added Interpretation - 01/26/17
      A new Interpretation was added on assessing risk associated with the agency’s use of vehicles in the course of its daily operations.

    Interpretation: Although the agency should assess all areas of potential risk at least annually and compare related areas, the assessments do not need to be conducted together at one time.

    Interpretation: Regarding element (b), annual assessments should include a review of systems in place to protect physical and electronic data and information, databases, files, computers and mobile devices, networks, and programs from unauthorized access, use, modification, disruption, destruction, and/or attack.

    Interpretation: Regarding element (c), annual assessments of liability exposure should include, when applicable, a review of the agency’s use of agency- and privately-owned vehicles in the course of the its daily operations including, but not limited to, transporting clients, running errands, attending home visits, traveling between sites, attending meetings, etc.

    Research Note: In accordance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, agencies that receive, store, and/or transmit electronic protected health information (ePHI) are required to conduct a security risk assessment. Risk analysis is the first step towards implementing effective and appropriate administrative, physical, and technical safeguards to secure ePHI. The process requires that agencies review their existing security infrastructure and identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of critical data and information. Findings from the security risk analysis inform the agency’s risk mitigation strategy and help to reduce the likelihood and severity of identified threats. 

    The HIPAA Security Rule does not prescribe any one method of risk analysis, recognizing that agencies vary in size, complexity, and capabilities. The Office of the National Coordinator for Health Information Technology (ONC) offers a helpful security risk assessment tool for agencies managing ePHI.


  • FP
    PA-RPM 2.03

    The agency conducts a quarterly review of immediate and ongoing risks that includes a review of incidents, accidents, and grievances including the following, as appropriate to each program or service:

    1. facility safety issues;
    2. serious illnesses, injuries, and deaths;
    3. situations where a person was determined to be a danger to himself/herself or others;
    4. service modalities or other agency-wide practices that involve risk or limit freedom of choice; and
    5. the use of restrictive behavior management interventions, such as seclusion and restraint.

    Interpretation: In regards to element (b), serious illnesses are defined as those illnesses that pose a significant, widespread risk to public health or the health of the agency’s staff and persons served.

    Interpretation: In credit counseling agencies, only elements a-c could potentially apply.

    Interpretation: In employee assistance programs, only elements a-c could potentially apply. 
     


  • FP
    PA-RPM 2.04

    The agency conducts an independent review of each incident and accident that involves the threat of or actual harm, serious injury, and death, and review procedures:

    1. establish timeframes for review including requiring the investigation be initiated within 24 hours of the incident and/or accident being reported;
    2. require solicitation of statements from all involved individuals;
    3. ensure an independent review;
    4. require timely implementation and documentation of all actions taken;
    5. address ongoing monitoring if actions are required and determine their effectiveness; and
    6. address applicable reporting requirements.

    Interpretation: For child and family services agencies, please see PA-RPM 3.03 for more information on conducting internal administrative reviews following a child fatality or near fatality.


  • FP
    PA-RPM 2.05

    The agency informs external organizations that use its facilities of their obligation to minimize hazards and to assume liability for use of the facility.

    NA The agency does not permit other organizations to use its facilities.


  • PA-RPM 2.06

    The network identifies and specifies the level and type of insurance required by its providers, and annually verifies that provider coverage is current.

    NA The agency is not a network management entity.

Copyright © 2017 Council on Accreditation. All Rights Reserved.  Privacy Policy and Terms of Use