ASHRM Certified Professional in Health Care Risk Management CPHRM Exam Questions

Answer : D

According to Health Care Risk Management standards supported by ASHRM and the American Hospital Association Certification Center, the primary consideration in designing a risk management program is alignment with the organization's mission and vision. A risk management program must support the strategic goals, values, and patient care objectives of the facility. This ensures that risk identification, mitigation strategies, and reporting structures are integrated into the broader organizational framework.

While facility size, insurance structure, and historical claims experience are important operational factors, they are secondary to strategic alignment. The mission and vision guide priorities such as patient safety, quality improvement, regulatory compliance, and financial stewardship. Risk management activities should be structured to advance these priorities, reinforce leadership commitment, and support governance oversight.

An effective program reflects organizational culture, scope of services, and community role. It establishes reporting mechanisms to leadership, integrates enterprise risk management principles, and promotes collaboration across departments.

Health Care Operations objectives emphasize governance integration, strategic alignment, and organizational accountability. Therefore, the mission and vision of the facility should be the primary consideration when designing a new risk management program.

Answer : A

According to Health Care Risk Management standards outlined by ASHRM and the American Hospital Association Certification Center, the governing board has ultimate responsibility for organizational oversight, quality of care, and patient safety. As part of its fiduciary and governance duties, the board approves high-level policies that establish the organization's philosophy, strategic direction, and commitment to safety and risk management.

A philosophy regarding medical error management reflects the organization's approach to disclosure, reporting, just culture principles, accountability, and system improvement. Because this philosophy sets the tone for organizational culture and impacts patient safety, legal exposure, and regulatory compliance, it requires board-level approval to ensure alignment with governance expectations and accreditation standards.

In contrast, the risk management department's annual budget is typically approved through financial governance processes rather than as a policy document. Risk analyses are operational tools conducted by management and do not require board approval. Departmental personnel job descriptions are administrative documents managed at the executive or human resources level.

Health Care Operations objectives emphasize board engagement in safety culture and oversight of enterprise risk management. Therefore, the philosophy regarding medical error management should be approved by the organization's board of directors.

Answer : C

According to Health Care Risk Management standards supported by ASHRM and the American Hospital Association Certification Center, the declarations page is the first section a risk manager should review when assessing limits of liability in a professional liability insurance policy. The declarations page summarizes key policy information, including named insureds, policy period, coverage types, limits of liability per occurrence and aggregate, deductibles or self-insured retentions, endorsements, and premium details.

Because the question focuses specifically on limits of liability, the declarations page provides the most direct and concise statement of coverage limits. It serves as the policy's summary and reference point for determining financial exposure and coverage structure.

The insuring agreement defines the scope of coverage and triggers for defense and indemnity obligations but does not list specific limit amounts. Exclusions outline what is not covered, and conditions specify policyholder responsibilities such as notice and cooperation requirements. While all sections are important for comprehensive review, the declarations page is the appropriate starting point when verifying coverage limits.

Risk financing objectives emphasize careful policy analysis to ensure alignment between coverage limits and organizational risk exposure. Therefore, the declarations page should be reviewed first when assessing limits of liability.

Answer : B

According to Health Care Risk Management principles endorsed by ASHRM and the American Hospital Association Certification Center, the effectiveness of an educational program is best measured by demonstrated changes in behavior rather than by subjective or indirect outcomes. Educational initiatives in healthcare risk management aim to improve compliance, enhance patient safety practices, and modify unsafe behaviors.

Analysis of written evaluations primarily reflects participant satisfaction and perceived value of the program, but does not confirm that learning objectives were achieved or that behaviors changed. Reductions in claim frequency or severity are important organizational outcomes; however, these are influenced by multiple variables beyond education alone, including patient volume, case complexity, legal climate, and system-level interventions. Therefore, claims data are indirect and delayed measures.

Observable changes in human behavior, such as improved adherence to safety protocols, increased incident reporting, or consistent compliance with documentation standards, provide direct evidence that learning has translated into practice. Risk management objectives emphasize measurable performance improvement, competency validation, and alignment with patient safety goals.

Thus, observable behavioral change is the most reliable and immediate indicator that an educational program has achieved its intended effect.

Answer : B

According to Health Care Risk Management standards established by ASHRM and the American Hospital Association Certification Center, the Patient Safety and Quality Improvement Act of 2005 amended the Public Health Service Act to promote voluntary reporting of patient safety events. The Act established a federal framework to encourage confidential reporting and analysis of medical errors in order to improve patient safety.

The law enabled the creation and certification of Patient Safety Organizations PSOs, which collect and analyze patient safety data submitted by healthcare providers. Importantly, the Act designates patient safety work product submitted to PSOs as privileged and confidential, providing federal legal protections against disclosure in most civil, criminal, or administrative proceedings. This privilege encourages candid reporting and system-wide learning.

However, reporting to PSOs is voluntary, not mandatory. The Act was specifically designed to foster participation by offering confidentiality protections rather than imposing compulsory reporting requirements.

Legal and regulatory objectives in healthcare risk management emphasize understanding the scope of federal protections and ensuring proper designation and handling of patient safety work product. Therefore, provisions 1, 2, and 4 are correct, while mandatory reporting to PSOs is not required under the Act.

Answer : C

According to Health Care Risk Management standards supported by ASHRM and the American Hospital Association Certification Center, deaths resulting from violent, traumatic, or suspicious circumstances are legally reportable to the appropriate medico-legal authority, typically the Office of the Medical Examiner or Coroner. A gunshot wound constitutes a violent and potentially criminal cause of death, triggering statutory reporting requirements.

When a patient is pronounced dead on arrival due to trauma, particularly with a history suggestive of domestic violence, the death falls within the jurisdiction of the medical examiner. The medical examiner has authority to determine cause and manner of death, order autopsy if indicated, and coordinate with law enforcement to preserve forensic evidence. Hospitals are required by state law to notify this office promptly.

The state Board of Medicine oversees professional licensure and discipline, not death investigation. The Department of Health and Family Services may have reporting roles for public health matters, but traumatic deaths are typically handled by the medical examiner. The public relations department may manage communications but is not a regulatory notification requirement.

Legal and regulatory objectives emphasize compliance with mandatory reporting statutes and preservation of evidence. Therefore, the appropriate entity to notify is the Office of the Medical Examiner.

Answer : D

According to Health Care Risk Management standards supported by ASHRM and the American Hospital Association Certification Center, while parents generally serve as surrogate decision-makers for minors, their authority is not absolute. When refusal of treatment places a child at significant risk of serious harm or death, healthcare providers have an ethical and legal obligation to act in the best interests of the child.

In cases involving life-sustaining treatment for a premature infant, refusal of a medically necessary blood transfusion may constitute potential medical neglect if it threatens the infant's survival. When disagreement persists after appropriate communication and ethics consultation, and the infant's life is at risk, the appropriate step is to seek judicial intervention. Contacting legal counsel to obtain an emergency court order allows the state to exercise its parens patriae authority to protect the child's welfare.

An ethics consultation may help clarify values and promote dialogue but does not override urgent medical necessity. Simply prohibiting or proceeding without legal authority exposes the organization to liability.

Legal and regulatory objectives emphasize protecting vulnerable patients while respecting due process. Therefore, seeking an emergency court order through legal counsel is the appropriate action.