Health Care Regulatory Risk Management
Compliance risk management is critical to the success of regulatory compliance operations. A robust risk management program allows health care organizations to identify weaknesses in internal controls and systems, and minimize financial and other losses by reducing exposure to potential overpayments, civil or criminal penalties, and administrative sanctions, such as program exclusions. Strategic Management’s strong team of experts have assisted hundreds of organizations with regulatory compliance and program integrity advisory services, such as assessing and evaluating compliance with high-risk areas.
The focus of Strategic Management’s Risk Management services is on regulatory compliance risks and areas that may give rise to potential liability. The objective is always to integrate compliance risk management into the overall business strategy of the organization. Compliance risk management is a continuous, dynamic process of gathering, analyzing and updating information to ensure ongoing compliance with government rules and regulations. Compliance risk management begins with identifying, analyzing, and prioritizing regulatory risks associated with the daily operations, and continues with the implementation, monitoring, auditing, and routine reporting of control strategies. The process involves four phases:
- Risk Assessment
- Risk Remediation
- Risk Monitoring and Auditing; and
- Risk Reporting
Strategic Management’s approach to risk assessment is to first identify all possible risks in a given area. This step includes reviewing all the regulatory requirements in a given risk area, such as arrangements with referral sources, HIPAA privacy and security, claims development, to ensure that no risks are left unattended. Strategic Management analyzes and evaluates high-risk areas, both quantitatively as well as qualitatively by employing data mining and analyses techniques, as well as taking into consideration the ever changing regulatory environment for evidence of enforcement interest. This initial phase concludes with an impact/probability analysis to prioritize the highest risks for remediation.
After identifying the highest risks for remediation, the next step is to develop a risk remediation work plan, where we start with the highest risks and assess the strength of the internal controls and systems in that risk area. If necessary, Strategic Management will develop or revise policies and procedures to remediate the risks. Once the internal controls are put in place, the staff is trained to ensure Employees and managers must understand the risk issue, the measures used to address the risk, the compliance principles surrounding the risk, and how the risk is mitigated and managed. Strategic Management has tools to measure the overall understanding of compliance within an organization.
Risk Monitoring and Auditing
Internal controls need to be monitored by staff and managers on an on-going basis to ensure policies are being followed and procedures are working as intended. Minor fixes may need to be made or major changes incorporated due to new regulations or organizational improvements. Audits also need to be performed by independent parties to determine the efficiency and effectiveness of the internal controls. Depending on the circumstances, there may be a need to have someone outside the institution to conduct the audit to provide expert advice on ways to increase the efficiency and effectiveness of the internal controls. Strategic Management has very experienced and qualified staff to provide this expert advice.
Depending on the level of risks identified during the risk assessment, risk remediation, and risk monitoring and auditing process, the organization’s Board members and executives may need to be informed. If probable fraud issues are identified, there may also be a need to inform Governmental entities. Strategic Management excels in providing expert advice in knowing when and how to report risks both internally and externally. Our consultants have extensive experience in presenting the outcomes of risk assessments to Boards of Directors and executive leadership. Strategic Management experts are also available to assist in addressing questions on whether issues need to be self-reported if problematic audit results or questionable practices are discovered, as well as the best means to do it.
View our Health Care Compliance Services
Return to the Strategic Management Homepage