Standards for private organizations

2020 Edition

Risk Prevention and Management (RPM) 4: Technology and Information Management

The organization's technology and information systems have sufficient capability to support operations, service delivery, strategic planning, and quality improvement activities.

Interpretation

The standards in this section address the management of all types of paper and electronic information maintained by the organization including:
  1. case records and other information of persons served;
  2. administrative, financial, and risk management records and reports;
  3. personnel files and other human resources records; and
  4. performance and quality improvement data and reports.
2020 Edition

Currently viewing: RISK PREVENTION AND MANAGEMENT (RPM)

VIEW THE STANDARDS

Purpose

Comprehensive, systematic, and effective risk prevention and management practices sustain the organization's ability to positively impact the communities and people it serves by reducing its risk, loss, and liability exposure.
Examples: Implementing a controlled document system is one way an organization can organize, track, store and ensure the use of the most current version of documents. These systems address, for example, processes for:
  1. updating, creating, and deleting documents;
  2. notifying users of changes;
  3. identifying documents; and
  4. maintaining a master list of documents.
1
The organization's practices fully meet the standard, as indicated by full implementation of the practices outlined in the RPM 4 Practice standards.
2
Practices are basically sound but there is room for improvement, as noted in the ratings for the RPM 4 Practice standards.
3
Practice requires significant improvement, as noted in the ratings for the RPM 4 Practice standards.
4
Implementation of the standard is minimal or there is no evidence of implementation at all, as noted in the ratings for the RPM 4 Practice standards.
Self-Study EvidenceOn-Site EvidenceOn-Site Activities
  • Technology assessment
  • Information management procedures/guidelines
  • Agreements with third parties (e.g., information technology vendors, business associates, etc.), when applicable
  • Interviews may include:
    1. Information Systems manager
    2. Relevant personnel
  • Observe Information Systems

RPM 4.01

The organization assesses its technology and information management needs including a review of:
  1. current technology and information systems in use by the organization;
  2. short- and long-term goals for utilizing technology; and
  3. current technical skills of staff and need for staff training.
1
The organization's practices reflect full implementation of the standard.
2
Practices are basically sound but there is room for improvement; e.g.,
  • One of the standard's elements was not fully addressed.
3
Practice requires significant improvement; e.g.,
  • The assessment is very basic and provides minimal guidance to staff; or
  • One of the elements was not addressed at all.
4
Implementation of the standard is minimal or there is no evidence of implementation at all.

RPM 4.02

The organization has an information management system that:
  1. gives personnel consistent, timely, and appropriate access to all types of electronic and paper records; and
  2. supports continuity and integration of care across programs and services by giving timely access to information about persons served to practitioners across the organization, as appropriate.

Interpretation

Organizations moving to electronic systems may need to develop procedures for maintaining both electronic and paper records including procedures for maintaining consistency between the two file types and ensuring the electronic record is comprehensive and complete. If there are components of paper records that cannot be accommodated electronically, the organization should consider how it will retain and document the existence of supplemental, paper-based portions of records.
1
The organization's practices reflect full implementation of the standard.
2
Practices are basically sound but there is room for improvement; e.g.,
  • A formal system is in place, but is not fully implemented so locating records may sometimes be time consuming or difficult.
3
Practice requires significant improvement; e.g.,
  • The system is informal and unsystematic; or
  • Records are occasionally misplaced.
4
Implementation of the standard is minimal or there is no evidence of implementation at all.

RPM 4.03

The organization's electronic information systems are capable of:
  1. capturing, tracking, and reporting financial, compliance, and other business information;
  2. longitudinal reporting and comparison of performance and outcomes over time; and
  3. the use of clear and consistent formats and methods for reporting and disseminating data.

Interpretation

 “Electronic information systems” are used for collecting, storing, analyzing, and disseminating information electronically. An electronic information system may consist of a single desktop or larger network of computers, laptops, and/or devices. Organizations are not required to implement robust electronic information systems; rather they must have systems that are appropriate for supporting their administrative operations and service delivery.
1
The organization's practices reflect full implementation of the standard.
2
Practices are basically sound but there is room for improvement; e.g.,
  • Some aspects of the system need further development.
3
Practice requires significant improvement; e.g.,
  • The system is basic and minimally supports the organization’s data needs.
4
Implementation of the standard is minimal or there is no evidence of implementation at all.