ASHRM Certified Professional in Health Care Risk Management CPHRM Exam Questions

Answer : A

According to Health Care Risk Management standards supported by ASHRM and the American Hospital Association Certification Center, the CMS Hospital Conditions of Participation define a grievance as a formal or informal written or verbal complaint made by a patient or representative regarding care, abuse, neglect, compliance with regulations, or patient rights that is not resolved at the time of the complaint by staff present.

A verbal complaint that cannot be resolved immediately by current staff and whose resolution is postponed qualifies as a grievance under 42 CFR 482.12. Such grievances require formal investigation, documentation, and written response within established timeframes.

Billing issues generally fall outside the grievance definition unless they involve quality of care or patient rights concerns. Information from patient satisfaction surveys is not automatically classified as a grievance unless the patient specifically requests investigation or follow-up. Post-discharge verbal concerns may constitute grievances depending on context, but the key CMS criterion is whether the complaint could not be resolved at the time it was expressed.

Legal and regulatory objectives emphasize proper classification, timely response, documentation, and board oversight of grievance processes. Therefore, a verbal complaint that cannot be resolved immediately and is deferred meets CMS grievance criteria.

Answer : A

According to Health Care Risk Management standards supported by ASHRM and The Joint Commission's sentinel event policy, a sentinel event is defined as a patient safety event that results in death, permanent harm, or severe temporary harm. Severe temporary harm is harm that is critical, life-threatening, or requires major intervention to sustain life, even if the patient ultimately recovers.

Sentinel events signal the need for immediate investigation and response because of the seriousness of the outcome. The Joint Commission requires completion of a root cause analysis and development of an action plan within specified timeframes following awareness of such an event. The focus is on identifying system vulnerabilities and preventing recurrence.

Temporary or moderate harm alone does not meet the sentinel event threshold unless it rises to the level of severe temporary harm. Increased length of stay, without death or significant harm, does not qualify as a sentinel event under the formal definition.

Clinical and patient safety objectives emphasize accurate event classification, structured investigation, and corrective action. Therefore, a sentinel event is one that results in death, permanent harm, or severe temporary harm.

Answer : D

The PSDA focuses on patient autonomy and informed decision-making, especially around advance directives. It requires certain healthcare organizations to inform patients of their rights under state law to make decisions about medical care, ask whether the patient has an advance directive, document it, and avoid discrimination based on whether an advance directive exists. The Act does not create a right for patients to select any medication they want irrespective of clinical appropriateness, prescribing laws, formularies, allergies, contraindications, or standards of care. Risk management objectives here include: ensuring compliant admission workflows (education + documentation), reducing disputes through early clarification of preferences, and preventing ethical/legal breakdowns during incapacity. Operationally, PSDA compliance improves care planning, reduces unwanted treatment, and lowers complaint/litigation risk by showing the organization respected patient rights and followed required processes.

Answer : B

Access to NPDB information is restricted to authorized entities for credentialing, privileging, and oversight---not public browsing. HRSA's NPDB rules identify who can query and report; professional societies with formal peer review are listed among entities that may query under certain circumstances. This limited-access model supports patient safety objectives by enabling credentialing bodies to identify adverse licensure actions, certain negative clinical privilege actions, and other reportable events, while protecting due process and confidentiality. From a risk management perspective, proper querying supports defensible credentialing and reduces negligent credentialing exposure. Equally important: organizations must maintain secure handling of NPDB responses and follow permitted-use rules to avoid compliance violations.

Answer : A

According to Health Care Risk Management standards outlined by ASHRM and the American Hospital Association Certification Center, proactive workplace violence prevention focuses on measures implemented before an incident occurs. These strategies aim to identify risks, strengthen preparedness, and reduce the likelihood or severity of violent events.

Pre-employment background screening helps identify applicants with histories that may pose safety concerns, consistent with legal hiring standards. Ongoing staff training enhances awareness of warning signs, communication skills, and reporting procedures. Leadership rounding increases visibility, supports early identification of environmental or behavioral risks, and reinforces safety culture. Active shooter drills and emergency preparedness exercises ensure that staff understand response protocols and can act effectively under stress.

Options B, C, and D primarily describe reactive or post-incident measures. Law enforcement notification, restraining orders, crisis intervention, DEA notification, documentation, and emergency command activation occur after an event has taken place or when an immediate threat is present.

Health Care Operations objectives emphasize prevention, preparedness, environmental assessment, and workforce education as foundational elements of a workplace violence program. Therefore, pre-employment screening, training, rounding, and drills represent proactive components of an effective prevention strategy.

Answer : A

In Lean terms, extra processing is work that does not add value from the patient's perspective and often introduces defect risk. Cutting and reformatting labels is a classic extra-processing waste: it consumes time, creates variability, and increases the likelihood of mislabeling---one of the most serious medication safety hazards. Risk management objectives prioritize eliminating rework and standardizing the labeling process through right-sized labels, standardized print templates by container type, barcode integration, and human factors design (font size, tall-man lettering where appropriate). Removing extra processing improves efficiency and reduces cognitive load and workaround culture---both strongly associated with error. Operationally, this is a system design failure: staff are compensating for poor equipment/process fit. Fixing the system reduces the chance of a high-severity adverse event and strengthens defensibility by demonstrating proactive hazard elimination.

Answer : A

According to Health Care Risk Management standards outlined by ASHRM and the American Hospital Association Certification Center, a risk management policy and procedure manual should clearly define the structure, authority, and operational framework of the risk management program. An organizational chart is an essential component because it identifies reporting relationships, lines of authority, and accountability within the department and in relation to executive leadership and governing bodies.

A clearly documented organizational structure supports regulatory compliance, facilitates communication, and ensures that responsibilities for event reporting, claims management, patient safety initiatives, and regulatory oversight are properly assigned. It also demonstrates governance alignment and helps accrediting bodies evaluate program effectiveness.

Medical staff bylaws are separate governance documents that outline credentialing, peer review, and clinical governance standards. Actuarial reports are financial analyses used in risk financing decisions but are not part of a policy and procedure manual. Loss run reports summarize historical claims activity and support financial review but do not define program structure.

Health Care Operations objectives emphasize formal documentation of authority, processes, and accountability within the risk management framework. Therefore, inclusion of the department organizational chart is an essential element of a comprehensive risk management policy and procedure manual.