Risk Management Guidelines


to protect clients, staff, and organizational operations by establishing clear procedures for responding to emergencies, behavioral health crises, and operational disruptions while maintaining ethical, legal, and clinical standards.

1. Emergency Procedures

Medical Emergencies (Client or Staff)

Immediate Actions

  • Call 911 immediately
  • Provide:
  • Office address
  • Nature of the emergency
  • Individual’s condition
  • Do not leave the individual unattended
  • Provide first aid if trained
  • Clear access for emergency responders

Staff Responsibilities

  • Front desk directs emergency personnel to the appropriate location
  • Clinician remains with the individual until responders arrive

Documentation

  • Incident report completed within 24 hours
  • Clinical note entered in client record (if applicable)
  • Notify Clinical Director as appropriate

2. Suicidal or Homicidal Risk

If a client expresses intent to harm self or others:

Clinical Response

  • Conduct immediate risk assessment:
  • Intent
  • Plan
  • Means
  • Timeframe
  • Do not leave client alone if risk is imminent

Interventions (as appropriate)

  • Safety planning
  • Contact emergency contact
  • Referral to crisis services or mobile crisis unit
  • Call 911 for imminent danger
  • Initiate involuntary hospitalization (Baker Act – Florida) if criteria met

3. Threats of Violence in the office

  • Remain calm and attempt verbal de-escalation
  • Maintain safe physical distance
  • Alert staff as needed
  • Call 911 if safety is at risk
  • Evacuate area if necessary

4. Crisis Escalation Pathways

Level Situation Required Action

Level 1 Emotional distress Provide therapeutic intervention

Level 2 Moderate risk (passive SI, no plan) Safety plan and increased monitoring

Level 3 Active SI with plan Supervisor consultation and crisis referral

Level 4 Imminent danger Contact emergency services (911)

5. After-hours Crisis Protocol

Crosspoint Counseling Center does not provide 24/7 crisis services.

Clients are instructed to contact:

  • 988 Suicide & Crisis Lifeline
  • Local crisis stabilization unit
  • 911 in emergencies

This information is communicated via:

  • Intake documentation
  • Voicemail messaging
  • Client portal communications

6. Supervisor and Leadership Escalation

Clinicians must escalate when appropriate by:

  • Consulting Clinical Supervisor
  • Notifying Director of Operations or leadership for serious incidents
  • Documenting all consultations

Situations requiring escalation include:

  • Suicidal or homicidal risk
  • Abuse reporting
  • Ethical concerns
  • Threats toward staff

7. Mandatory Reporting

Clinicians are required to report suspected:

  • Child abuse
  • Elder abuse
  • Abuse of vulnerable adults
  • Credible threats to identifiable individuals (duty to warn)

Reporting Authority: Florida Abuse Hotline

Documentation must include:

  • Date and time of report
  • Hotline reference number
  • Summary of concern

8. Disaster Response

Natural Disasters (Hurricanes, Severe Weather)

Preparation

  • Maintain updated client contact information
  • Ensure secure, cloud-based EHR backups
  • Maintain staff contact tree
  • Enable telehealth capability

Operational Response

  • Notify clients of closures via:
  • Phone
  • Secure messaging (Therapy Notes)
  • Website updates
  • Transition services to telehealth when feasible

Evacuation Procedures

Applicable for:

  • Fire
  • Gas leak
  • Active threat
  • Structural damage

 

Procedure

  • Evacuate immediately
  • Assist clients calmly
  • Move to designated safe location
  • Check rooms if safe to do so
  • Contact emergency services if needed


Fire Emergency

  • Activate fire alarm
  • Call 911
  • Evacuate building
  • Use extinguisher only if trained and fire is contained

9. Data and Operational Risk Management

Preventative Measures

Preventative Measures

  • HIPAA-compliant EHR system
  • Secure billing platforms
  • Password-protected devices
  • Annual HIPAA training for staff

 

Data Breach Response

  • Notify leadership immediately
  • Contain breach
  • Assess scope and impact
  • Follow HIPAA breach notification requirements

10. Data and Operational Risk Management

All significant events must be documented, including:

  • Client crises
  • Medical emergencies
  • Injuries on-site
  • Threats or violence
  • Property damage

 

Required Elements

  • Date and time
  • Individuals involved
  • Description of incident
  • Actions taken
  • Follow-up recommendations

Timeline: Within 24 hours

11. Staff Training

All staff are required to complete training in:

  • Suicide risk assessment
  • Crisis intervention
  • De-escalation techniques
  • Mandatory reporting laws
  • Emergency procedures
  • HIPAA compliance

 

Frequency

  • Upon onboarding
  • Annually thereafter

12. Plan Review

This Risk Management Plan will be reviewed:

  • Annually
  • Following any major incident
  • Upon regulatory or policy changes

 

Responsible: Director of Operations