WHO IS ACCREDITED?

Private Organization Accreditation

Family Services of Southeast Texas strengthens families through accessible, affordable counseling services and education for issues affecting family life, mental health and employment.  We also provide comprehensive domestic violence shelter and support services.
read more >>

ORGANIZATION TESTIMONIAL

Catholic Charities, Diocese of Covington

Wm. R. (Bill) Jones, ACSW, MDiv, Chief Executive Officer

Catholic Charities in Covington has been COA accredited since 1996. Though the time spent in completing the self study and hosting the site visit can sometimes feel sometimes daunting, the rewards far outweigh the effort. In our agency, the self-study is a group process that involves every member of the staff from the CEO to the building maintenance staff.
read more>>

Purpose

Comprehensive, systematic, and effective risk prevention and management practices reduce the organization’s risk, loss, and liability exposure.

FOC
RPM 2: Risk Prevention

The organization identifies and reduces potential loss and liability by:

  1. conducting prevention and risk reduction activities; and
  2. monitoring and evaluating risk prevention and management effectiveness.

Interpretation: Organizations can further support their risk management activities by developing a risk management plan that is proactive and anticipates potential risks, includes strategies for managing risks, assigns responsibility for key tasks, and includes measurable goals for reducing potential risks.

Rating Indicators
1
The organization's practices fully meet the standard, as indicated by full implementation of the practices outlined in the RPM 2 Practice standards.
2
Practices are basically sound but there is room for improvement, as noted in the ratings for the RPM 2 Practice standards.
3
Practice requires significant improvement, as noted in the ratings for the RPM 2 Practice standards; and/or 
  • At least one of the Fundamental Practice Standards received a 3 or 4 rating.
4
Implementation of the standard is minimal or there is no evidence of implementation at all, as noted in the ratings for the RPM 2 Practice standards; and/or 
  • At least two of the Fundamental Practice Standards received a 3 or 4 rating.

Table of Evidence

Self-Study Evidence On-Site Evidence On-Site Activities
    • Procedures for conducting annual assessments of potential organizational risks
    • Procedures for quarterly review of immediate and ongoing risks
    • Procedures for investigation and review of critical incidents (RPM 2.03)
    • Quarterly (RPM 2.02) and annual (RPM 2.01) risk management reports, including analyses and improvement action plans, as applicable
    • Governing body and management meeting minutes where risk prevention and management activities are reviewed, improvement actions discussed, and implemented, as applicable
    • Policy for legal assistance to personnel against whom claims are made (RPM 2.06)
    • Contract or other documentation of agreement with organizations permitted to use facilities
    • Interview:
      1. Governing Body CEO/CFO
      2. Risk management personnel

  • RPM 2.01

    The organization annually assesses areas of potential risk, including:

    1. compliance with legal requirements;
    2. technology and information management;
    3. insurance and liability;
    4. health and safety of administrative and service environments;
    5. human resources practices;
    6. contracting practices and compliance;
    7. client rights and confidentiality issues;
    8. financial risks;
    9. public relations, branding, and reputation; and
    10. conflicts of interest.

    Update:

    • Added Interpretation - 01/26/17
      A new Interpretation was added on assessing risk associated with the organization’s use of vehicles in the course of its daily operations.

    Interpretation: Although the organization should assess all areas of potential risk at least annually, the assessments do not need to be conducted all together, in one sitting.

    Interpretation: Regarding element (b), annual assessments should include a review of systems in place to protect physical and electronic data and information, databases, files, computers and mobile devices, networks, and programs from unauthorized access, use, modification, disruption, destruction, and/or attack.

    Interpretation: Regarding element (c), annual assessments of insurance and liability exposure should include, when applicable, a review of the organization’s use of agency- and privately-owned vehicles in the course of the its daily operations including, but not limited to, transporting clients, running errands, attending home visits, traveling between sites, attending meetings, etc.

    Note: The results of these assessments should be provided to the governing body, for its annual review of overall risks to the organization. For more information see GOV 6.06.

    Research Note: In accordance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, organizations that receive, store, and/or transmit electronic protected health information (ePHI) are required to conduct a security risk assessment. Risk analysis is the first step towards implementing effective and appropriate administrative, physical, and technical safeguards to secure ePHI. The process requires that organizations review their existing security infrastructure and identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of critical data and information. Findings from the security risk analysis inform the organization’s risk mitigation strategy and help to reduce the likelihood and severity of identified threats. 

    The HIPAA Security Rule does not prescribe any one method of risk analysis, recognizing that organizations vary in size, complexity, and capabilities. The Office of the National Coordinator for Health Information Technology (ONC) offers a helpful security risk assessment tool for organizations managing ePHI.

     

    Rating Indicators
    1
    The organization's practices reflect full implementation of the standard.
    2
    Practices are basically sound but there is room for improvement; e.g., 
    • One or two of the elements were not fully addressed; or
    • One element was not addressed at all.
    3
    Practice requires significant improvement; e.g.,
    • A risk assessment has not been conducted within the last twelve months; or
    • Three elements were not fully addressed; or
    • Two elements were not addressed at all.
    4
    Implementation of the standard is minimal or there is no evidence of implementation at all.

  • FP
    RPM 2.02

    The organization conducts a quarterly review of immediate and ongoing risks that includes a review of incidents, critical incidents, accidents, and grievances including the following, as appropriate to the program or service:

    1. facility safety issues;
    2. serious illness, injuries, and deaths;
    3. situations where a person was determined to be a danger to himself/herself or others;
    4. service modalities or other organizational practices that involve risk or limit freedom of choice; and
    5. the use of restrictive behavior management interventions, such as seclusion and restraint.

    Note: In credit counseling organizations, only elements a-c could potentially apply.

    Note: In employee assistance programs, only elements a-c could potentially apply.

    Rating Indicators
    1
    The organization's practices reflect full implementation of the standard.
    2
    Practices are basically sound but there is room for improvement; e.g., 
    • Reviews are conducted quarterly but one of the elements is not fully addressed.
    3
    Practice requires significant improvement; e.g.,
    • The organization conducts reviews less than quarterly; or
    • Two elements are not fully addressed; or
    • One element is not addressed at all.
    4
    Implementation of the standard is minimal or there is no evidence of implementation at all.

  • FP
    RPM 2.03

    The organization conducts an independent review of each incident, serious occurrence, accident, and grievance that involves the threat of or actual harm, serious injury, or death, and review procedures:

    1. require that the investigation be initiated within 24 hours of the incident and/or accident being reported and establish timeframes for review;
    2. require solicitation of statements from all involved individuals;
    3. ensure an independent review;
    4. require timely implementation and documentation of all actions taken;
    5. address ongoing monitoring if actions are required and determine their effectiveness; and
    6. address applicable reporting requirements.

    Interpretation: Root cause analysis can be a useful approach to reviewing serious incidents and accidents.  Root cause analysis is a term used to describe a variety of techniques used by organizations to identify the cause of a problem and determine how to prevent that problem from recurring.   

    Rating Indicators
    1
    The organization's practices reflect full implementation of the standard.
    2
    Practices are basically sound but there is room for improvement; e.g., 
    • Review procedures need strengthening; or
    • Documentation could be improved.
    3
    Practice requires significant improvement; e.g.,
    • One of the elements is not addressed at all; or
    • While reviews are generally conducted, documentation is consistently missing; or
    • There is evidence that one serious incident was not reviewed.
    4
    Implementation of the standard is minimal or there is no evidence of implementation at all.

  • RPM 2.04

    Individuals qualified by knowledge and experience are responsible for risk prevention and management functions.

    Interpretation: Responsibility for risk management may be shared among different staff members or committees.  Organizations that assign primary risk management responsibility to a staff member without specific risk management training and experience should anticipate supporting this individual through professional development, training, and networking opportunities.

    Rating Indicators
    1
    The organization's practices reflect full implementation of the standard.
    2
    Practices are basically sound but there is room for improvement; e.g.,
    • The personnel responsible for Risk Management task effectively perform the duty; however improvements can be made.
    3
    Practice requires significant improvement; e.g.,
    • The personnel responsible for risk management tasks lack capacity and/or time to conduct activities effectively.
    4
    Implementation of the standard is minimal or there is no evidence of implementation at all.

  • FP
    RPM 2.05

    The organization informs external organizations that use its facilities of their obligation to minimize hazards and to assume liability for use of the facility.

    NA The organization does not permit other organizations to use its facilities.

    Rating Indicators
    1
    The organization's practices reflect full implementation of the standard.
    2
    Practices are basically sound but there is room for improvement; e.g., 
    • Contracts need greater specificity.
    3
    Practice requires significant improvement; e.g.,
    • There is evidence that some contracts do not include the standard's requirements.
    4
    Implementation of the standard is minimal or there is no evidence of implementation at all.

  • RPM 2.06

    The organization provides, and assumes the cost of, legal assistance to personnel against whom claims are made related to lawful, authorized actions taken within the course and scope of their duties.

    Interpretation: This standard does not require the organization to provide assistance to personnel who commit unlawful acts or acts that are not conducted in the course of, or in furtherance of, their employment. In addition, this standard does not require the organization to provide legal assistance to personnel if the organization’s legal counsel determines that doing so would constitute a conflict of interest.

    Rating Indicators
    1
    The organization's practices reflect full implementation of the standard.
    2
    Practices are basically sound but there is room for improvement; e.g.
    • Resources exist, however there is no written information provided to staff about the availability of legal support.
    3
    Practice requires significant improvement; e.g.
    • Employees must bear the cost up front to be reimbursed at a later date.
    4
    Implementation of the standard is minimal or there is no evidence of implementation at all.
Copyright © 2017 Council on Accreditation. All Rights Reserved.  Privacy Policy and Terms of Use