Download - Health Care Compliance Association

Affinity GroupMeetingsHold your ownmeeting in conjunctionwith HCCA’s 2009Compliance Institute!Planning on attending theCompliance Institute? Need tohold a meeting of your own?Affinity group meetings are nowavailable in conjunction with theCompliance Institute.Not only do you get the benefitof holding your meeting alongsidethe most comprehensivecompliance conference forcompliance professionals, butyou also receive complimentarymeeting room space at theconference site, your choice ofa complimentary continentalbreakfast or an a m or pmbreak, and registration at theHCCA Member rate for yourattendees.Affinity Group Meetings maybe held on one of the followingdays:Saturday, April 25, 2009Wednesday, April 29,2009 (afternoon)Thursday, April 30, 2009To apply, please visitwww.compliance-institute.org(conference tab) and fill out theAffinity Group Meeting form.Please return the completedform to the HCCA office.Questions? Contact JenniferJansen at 952.405.7922 oremail her atjennifer.jansen@hcca-info.orgHospital regulatoryrisk management:Ten risk categories forthe four-step processEditor’s note: William C. Moran is SeniorVice President with Strategic Management inthe Chicago office. Mr. Moran may be reachedby e-mail at wmoran@strategicm.com or bytelephone at 847/828-3515.Deborah Hutchison is Senior Associate withStrategic Management in Alexandria, VA.Ms. Hutchison can be reached by email atdhutchison@stratigicm.com or by telephone at703/535-1450.In a prior article, “Refocusing the complianceparadigm,” that appeared in the April2008 issue of Compliance Today, welaid out the following four steps in the complianceprocess: risk assessment, risk remediation,risk auditing, and risk response and reporting.If conducted properly, these four steps canhelp provide logic and order in attaining theoutcomes desired in the seven elements of aneffective compliance program. But some haveasked, what is the content in the four steps?What risks do we have to consider and examine?What risks do we need to take to the CEOand the board? How do we keep track of all therisks while proceeding with the four steps in thecompliance process? The purpose of this articleis to address those questions.Keeping track of all the regulatory risksin a hospital setting is a daunting task. Inaddition to the myriad of laws passed byCongress, agencies such as the Centers forMedicare and Medicaid Services (CMS), theFood and Drug Administration (FDA), andthe National Institutes of Health (NIH),By William Moran and Deborah Hutchisonpromulgate lengthy regulations and frequenttransmittals to administer those laws. TheOffice of Inspector General (OIG) also issuesguidance to warn about certain risks in lawsand regulations that are especially prone tovigorous enforcement. The Department ofJustice (DoJ) issues press releases about healthcare providers who have been convicted ofcrimes. The DoJ also announces, along withOIG, penalties, fines, and Corporate IntegrityAgreements (CIAs) imposed on health careproviders and related institutions.How should a hospital keep track of the hundredsof risks prevalent in the regulatory andenforcement environment? How should theybe organized? Are they all equally important?Having worked in OIG and at a consultingfirm that has had contact with thousands ofhealth care clients over the past 15 years, wehave a suggested solution.Because tracking hundreds of risks by liningthem up in alphabetical or chronological orderis not efficient, we first analyzed the risks todetermine if they could be grouped in broadercategories. These groupings were based onOIG Guidances; the subjects of investigationsand CIAs; the areas of overpayments identifiedby Program Safeguard Contractors (PSCs),and more recently, Recovery Audit Contractors(RACs); and Congressional testimony given byOIG, CMS, FDA, NIH, and others. We alsoexamined the time periods covered by risksto determine if the risks presented short-termor longer-term vulnerabilities. In addition,we wanted the categories to be broad enoughSeptember 20084Health Care Compliance Association • 888-580-8373 • www.hcca-info.org