CPHRM

The CPHRM Examination is structured as follows:

 Composed of 110 multiple-choice questions. A candidate’s score is based on 100 of these

questions. Ten (10) items are “trial” or “pretest” questions that are interspersed throughout
the Examination and are not scored and passing score usually is 70 correct answers
 A candidate is allowed two (2) hours in which to complete the CPHRM Examination.
 The CPHRM Examination is based on the five (5) major content areas listed in the Content
Outline. - Each content area is further defined in the Content Outline by a list of tasks
representative of that job responsibility. - The number of CPHRM Examination questions
devoted to each major content area is included in the Content Outline.
 Generally, the Examination questions are categorized by the following cognitive levels: -
Recall: The ability to recall or recognize specific information –
Application: The ability to comprehend, relate or apply knowledge to new or changing
situations –
Analysis: The ability to analyze and synthesize information, determine solutions and/or
evaluate the usefulness of a solution

CPHRM Examination Content Outline For the CPHRM Examination Content Outline for the
current CPHRM Examination, refer to the following pages.

1. Clinical/Patient Safety: 35 items (Recall: 7, Application: 10, Analysis: 18)

A. Assess the current state of patient safety and staff awareness within the organization.
B. Collaborate on proactive patient safety initiatives (e.g., FMEA, RCA, Safety Culture/Just
Culture).
C. Design, implement, and maintain educational programs on risk management and patient
safety related topics.
D. Promote a culture of patient safety through education, policy development, and
standardization of processes.
E. Educate providers, staff, employees, patients and families on the role of patients and
families in improving patient safety and reducing risk.
F. Coach physicians, leaders, managers, and staff on appropriate disclosure methods and
processes.
G. Participate in critical incident debriefing.
H. Participate in the development of corrective action plans and supervise follow-up of
recommended improvements stemming from risk assessments, audits and investigations (e.g.,
sentinel events, reported events/incidents, FMEA and Root Cause Analysis).
I. Provide guidance to staff regarding a: 1) disruptive patient. 2) verbally disruptive family
member.
J. Design a management data collection and analysis system and timely reporting including
elements of written incidents reports.
K. Design a management data collection and analysis system and timely reporting including
elements of patient complaints and/or satisfaction surveys.
L. Design a management data collection and analysis system and timely reporting including
elements of clinical indicators.

2. Risk Financing: 10 items (Recall: 2, Application: 6, Analysis: 2)

A. Assist General Counsel with administration of all aspects of the Self-Insured Retention
(SIR) program.
B. Implement a program for control of contractual risk by recommending/implementing
modifications to address identified risks.
C. Oversee the investigation of accidents or circumstances that could lead to financial loss
(e.g., professional, institutional, general liability, and product liability).
D. Participate in due diligence/research potential liability assessment for new services or
delivery models, acquisitions or construction (e.g., line of service, new products in the
delivery of care).
E. Assess liability and probability of legal action resulting from adverse events, complaints,
and regulatory actions.
F. Analyze professional liability historical loss experience.
G. Develop comprehensive risk financing strategies to address the organization's areas of
exposure (e.g., general liability (GL), professional liability (PL), privacy and security
liability).
H. Respond to risk management concerns about insurance coverage from organization
personnel and staff members.

3. Legal and Regulatory: 24 items (Recall: 5, Application: 14, Analysis: 5)

A. Promote compliance with state-specific legislation through policy development, guidance,

or education.
B. Promote compliance with federal and state laws and regulations governing patient
confidentiality through policy development, guidance, or education including protected
health information (PHI).
C Promote compliance with state reporting requirements through policy development,
guidance, or education (e.g., abuse of vulnerable populations).
D. Promote compliance with state reporting requirements governing violence in the
workplace through policy development, guidance, or education.
E. Educate staff on regulatory issues related to risk management.
F. Promote compliance with state regulations regarding the investigation and resolution of
patient complaints or grievances through policy development, guidance, or education.
G. Collaborate with other departments by preparing and conducting quality and/or risk
assessments to maintain a constant state of accreditation readiness.
H. Promote compliance with regulations governing involuntary detention of patients through
policy development, guidance, or education.
I. Manage a vendor liability program to catalog evidence of vendor licensure, required
insurance limits, permits, etc.
J. Promote compliance with state agencies governing the reporting of specific events through
policy development, guidance, or education.
K. Promote compliance with the requirements of the following federal acts/regulations
through policy development, guidance, or education:
1) Americans with Disabilities Act (ADA).
2) Anti-Kickback Statute.
3) Centers for Medicare and Medicaid Services (CMS).
4) Emergency Medical Treatment and Active Labor Act (EMTALA/COBRA).
5) Food and Drug Administration (FDA).
6) Health Care Quality Improvement Act (HCQIA).
7) Health Insurance Portability and Accountability Act (HIPAA).
8) National Practitioner Data Bank (NPDB).
9) Occupational Safety and Health Administration (OSHA).
10) Patient Self-Determination Act (PSDA).
11) Safe Medical Device Act (SMDA).
12) Stark Law.
L. Provide guidance to staff regarding:
1) consent for care.
2) false identification provided by a patient.
3) illegal drugs in the patient’s possession.
M. Design a management data collection and analysis system and timely reporting including
elements of:
1) device reporting and tracking logs.
2) recall notices.
3) regulatory inquiries.
N. Ensure that appropriate policies, procedures, and mechanisms exist to reflect current
practice and are routinely updated to reflect relevant legislation and regulations.
O. Provide ongoing consultation to other departments to promote compliance with
accreditation standards.
P. Collaborate in the development of the organization's regulatory compliance plan.
Q. Promote compliance with The Joint Commission (TJC) Sentinel Event reporting
requirements.
R. Promote compliance with private accrediting organizations.
S. Assure compliance with The Joint Commission (TJC) Patient Safety Standards.
T. Develop and implement policies in response to regulatory mandates from The Joint
Commission (TJC).
U. Maintain awareness of patient safety activities occurring locally and nationally (e.g., The
Joint Commission (TJC), Institute for Healthcare Improvement (IHI), National Quality
Forum (NQF)).
V. Advise on questions related to patient self-determination and advance directives. W.
Ensure HIPAA compliant business partner agreements are in place and current for all
insurers, attorneys and others involved in the claims process that will have access to PHI.
X. Ensure processes and programs are in place (e.g., Advance Directives, cultural sensitivity,
organ donation).
Y. Provide risk management consultation for specific ethical dilemmas (cases).
Z. Provide education/in-service for staff, patients, families, communities on patient's rights
(e.g., end of life decisions).
AA.Ensure organizational compliance with disclosure of unanticipated outcomes.
BB. Ensure programs that address provider and staff behavioral issues are culturally, legally
and psychologically sound and non-discriminatory.
CC.Develop responses to inquiries from regulatory and licensing agencies.

4. Healthcare Operations: 26 items (Recall: 5, Application: 16, Analysis: 5)

A. Ensure that processes are in place for compliance with federal and state community
initiatives for emergency preparedness and business continuity including natural, man-made,
and biologic disaster readiness.
B. Provide guidance to staff regarding a physically disruptive family member.
C. Conduct risk assessments to identify exposures related to new and existing services.
D. Collaborate with public relations in the preparation of responses to the media/external
inquiries regardingincidents/occurrences.
E. Design a management data collection and analysis system and timely reporting including
elements of: 1) security reports. 2) general liability incidents (e.g., sexual misconduct by or
against staff, patients).
F. Design a management data collection and analysis system and timely reporting including
elements of referrals by staff, committees, departments, other facilities.
G. Design a management data collection and analysis system and timely reporting including
elements of medical record requests.
H. Develop and maintain communications and relationships across the continuum of care.
I. Communicate with key committees, including the governing body.
J. Promote appropriate procedures for retention, access, and destruction of medical records
and other key business records.
K. Supervise risk management staff.
L. Conduct risk assessments to identify exposures related to enterprise-wide services.
M. Develop/maintain department policies and procedures and modify as required. N. Prepare
risk management department budgets.
O. Develop enterprise risk management philosophy including the organizational response to
errors.
P. Coordinate enterprise risk management activities for the institution/committees.
Q. Develop annual institutional goals for enterprise risk management program/department.
R. Train risk management staff.
S. Develop enterprise risk management plan for institution.
T. Evaluate the effectiveness of risk management activities.
U. Develop policies and procedures for acceptance of legal documents (e.g., summons,
complaints, subpoenas, court orders).
V. Support patient safety committee meetings by collecting and formulating relevant
information to facilitate decision-making process.
W. Participate in professional association activities.
X. Assess enterprise risk management plan for effectiveness on an annual basis.
Y. Develop statistical and qualitative enterprise risk management reports.
Z. Analyze information technology liability risk exposure (e.g., risk assessment, general IT
control audits/reviews).

5. Claims and Litigation: 5 items (Recall: 2, Application: 3, Analysis: 0)

A. Design a management data collection and analysis system and timely reporting including
elements of reports of Potential Compensatory Events (PCEs).
B. Design a management data collection and analysis system and timely reporting including
elements of open and closed claims and loss runs.
C. Notify carriers and/or claims and litigation department of potential or actual claims.
D. Participate in claims management activities (e.g., setting loss reserves, discovery
requests/interrogatories, preparation for trials, evidence/record preservation and
management).
E. Ensure that administration is kept informed of high exposure cases and aggregate claims
experience, including its impact on the risk financing program.
F. Secure and evaluate all pertinent medical, billing, and other records related to individual
liability claims.
G. Ensure chain-of-custody for all potential evidence related to individual liability claims.
H. Ensure legal case files are maintained in such a way to protect discoverability.
I. Manage the response to service of process and notify appropriate parties of such service.