SO - Health Care Compliance Association

More documents

Recommendations

Info

July 20018risk assessment for their organizations.All health care entities, regardless oftheir size or structure, encounter compliancerisk at some level of their organization.Compliance risk impacts manyactivities in the health care industry.According to the Office of InspectorGeneral's (OIG) Compliance ProgramGuidance, compliance risk should beidentified and analyzed. The guidancestates that policies and proceduresshould be developed to address thespecific risk identified.Identifying riskSo where and how does a complianceofficer begin to identify and analyzerisk? There are many ways of identifyingrisk in an organization. This discussionis not intended to be all inclusiveof the risk assessment methodologies,nor is it intended as a template or guidefor any specific compliance officer toutilize to conduct risk assessments intheir facilities. This discussion is merelyintended to help stimulate ideas thatother compliance officers may find use-By John FalcetanoEditor's note: Johnful as they workFalcetano, ComplianceOfficer, Univercationin their owntoward risk identifisityHealth Systemsinstitutions.of Eastern Carolina,is also the HCCAOne method thatRegion IV President.compliance officersHe may be reachedcould use to evaluateat 252/816-0125.compliance risk inOne task thatcomplianceofficers face on an annual basisis the task of conducting a compliancetheir institutions isknown as ControlSelf-Assessment(CSA). CSA is a process by which internalcontrols are examined and evaluated.CSA involves managers and lineemployees in the process of evaluatinginternal controls since they are theprocess owners.Begin with high-risk departmentsOne of the first places a complianceofficer could start when conducting acompliance risk assessment is with themanagers of high-risk departments suchas: Human Resources, Patient Billing,Health Information and ManagementServices, Information Systems,Pharmacy Services, Radiology, andLaboratory Services. These managersare responsible for ensuring compliancewith the rules and regulations that governtheir particular products or servicesand are most familiar with the processesin place to ensure compliance.The compliance officer should meetwith these managers to review thoseprocesses to identify if they have theproper internal controls in place tocomply with rules and regulations thatgovern their area. For example, whenmeeting with the director of HumanResources, the compliance officer mightquestion the director about the processesin place for complying with such regulationsas the:■ Civil Rights Act■ Equal Pay Act■ Age Discrimination Act■ Rehabilitation Act■ Pregnancy Discrimination Act■ Wage & Hour Act■ Americans with Disabilities Act■ Family and Medical Leave ActAfter the compliance officer hasreviewed the processes in place he/shemay also want to review the trainingdocumentation to determine if themanager has provided the necessary jobspecific training to line employees.OIG Work PlanOnce the compliance officer has completedthis task and identified some ofthe potential risk areas, the next placehe/she may want to examine is theOIG's annual Work Plan. The OIG'sWork Plan gives you an idea of whatcompliance-related issues the OIG willfocus on in the upcoming year. Thecompliance officer along with seniormanagement may want to review eachfocus area identified in the OIG's WorkPlan and ask the question, "Is this aproblem for our organization?" If theanswer is yes, or, we are not sure, thecompliance officer may want to placethat issue on the list with the otherpotential areas identified.The compliance officer may want toconsider meeting with senior managementto identify other potential organizationalcompliance risks. A good wayto achieve this is by having senior man-
agement brainstorm a list of potentialcompliance risks. The purpose of brainstormingis to generate a large numberof ideas from all participants withoutcriticism or judgment.You may choose to conduct the brainstormingsession either by "freewheeling"where everyone participates in noset order or "structured" where everyoneparticipates, however you goaround the room calling on one personat a time. After they have completedthe brainstorming session, the risk areasidentified should be discussed to decidewhich risk areas should be added to thelist.Analyze risk exposureThe next phase of completing the compliancerisk assessment is to analyze therisk exposure and prioritize the risk tothe organization. Analyzing the compliancerisk implies making a judgementand may require some fact-findingactivities in order to quantify the risk.Risk analysis is one of the greatest challengesfor compliance officers. Itrequires skill, experience, knowledge ofoperations, personal contacts, andawareness of the organizational culture.ance officer to conduct an educationalworkshop with the managers of highriskdepartments to provide necessarymanager education on how to conductcontrol self-assessments for their areas.During that educational session, thecompliance officer may want to explainthe levels of internal controls to themanagers.One way of controlling compliance riskto an organization is to have appropriatecontrols in place. There may besome confusion surrounding the variouslevels of internal controls that needto be in place to help ensure complianceand reduce risk. The complianceofficer may wish to explain the differentlevels of control so the manager hasa better understanding of their responsibilities.Those levels of control includeIt may also be beneficial for the complioperatingcontrols, monitoring controls,oversight controls and internalaudit controls. The higher the risk thegreater the need for controls. It is alsoimportant to remember that it may beunreasonable to expect controls thatwould cost more than the risk you aretrying to prevent.Identifying and analyzing compliancerisk is an important function of anysuccessful compliance program. Compliancerisk assessment should be conductedas comprehensive as possible.However, it is important to rememberthat it is not expected that every possiblerisk area will be identified. There isno best way to conduct a risk assessment.The important thing is to identifyand analyze the compliance risk. ■Your physiciancompliance trainingjust got easier!Once this has been completed, thecompliance officer can plan the complianceactivities for the calendar year. Theactivities should be selected based onthese priorities in order to reduce, eliminate,or manage the compliance risk tothe organization. The compliance activitymay include a process review, complianceeducation, or may require thecreation of a compliance policy andprocedure.Order a copy of HCCA’s 39-minute audio-training pro g r a mIndividual & Small Group Physician Compliance:What every physician should knowan essential re s o u rce for eve ry compliance department.Visit HCCA’s Website, w w w. h c c a - i n f o. o r g, to ord e r.9July 2001
Page 1 and 2: A re you nuts?That was myreactionwh
Page 3 and 4: July 2001By Al Josephs, CHCEditor
Page 8 and 9: By Wendy Rotz and Sara Dorn-HavlikJ
Page 10 and 11: TEN KEY FACTORS...continued from pa
Page 12 and 13: July 200114Steven W. Ortquistinvolv
Page 14 and 15: Steven W. Ortquisthave moved into i
Page 16 and 17: July 200118Editor’s note: Mariann
Page 18 and 19: Conferenceoptions?Make sureit is HC
Page 20 and 21: ABCsOF ACRONYMSEditor’s note: The
Page 22: PEOPLEONTHE GOJuly 200124Editor and

SO - Health Care Compliance Association

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?