Risk management must use risk control strategies for a variety of risks that can be eliminated or minimized. If these strategies are not implemented or not effective, the organization may suffer significant losses including civil liabilities, criminal penalties, employee turnover, and patient dissatisfaction. A risk manager should be familiar with techniques such as failure modes and effects analysis (FMEA) or root-cause analysis (RCA) to pinpoint causes of problems in the system to determine how to counter them.
One of the most important risks to control concerns the privacy and security of patient records. Privacy and security must be ensured to protect patients’ rights and comply with the Health Insurance Portability and Accountability Act (1996) and the Privacy Rule and Security Rule promulgated under the act.