Health Care Regulatory Risk Management

Regulatory compliance risk management is critical to the success of compliance operations. A robust risk management program allows health care organizations to identify weaknesses in internal controls and systems, and minimize potential liabilities by reducing the likelihood of potential overpayments, civil or criminal penalties, and administrative sanctions, such as program exclusions. Strategic Management’s team of compliance experts have assisted hundreds of organizations with regulatory compliance risk management and program integrity advisory services, including assessing and evaluating compliance high-risk areas.

Have Compliance Concerns? We Have Solutions.

Speak with an Expert Today

Regulatory compliance and risk management is a continuous process of gathering, analyzing and updating information to ensure ongoing compliance with government rules and regulations. Risk management and compliance in health care begins with prioritizing regulatory risks associated with daily operations, and continues with routine monitoring, auditing and reporting of control strategies. Strategic Management’s regulatory compliance risk management process involves four phases:

  1. Risk Assessment
  2. Risk Remediation
  3. Risk Monitoring and Auditing; and
  4. Risk Reporting

Risk Assessment

Strategic Management’s approach to risk assessment is to first identify all possible compliance risks in one specific area. This step includes reviewing all of the regulatory requirements in a risk area, such as arrangements with referral sources, HIPAA privacy and security, or claims development. Strategic Management analyzes and evaluates high-risk areas by employing high-quality data mining and analysis techniques. The initial phase of the risk management process concludes with an impact/probability analysis to prioritize the highest risks for remediation.

Risk Remediation

The second phase in the risk management process is to develop a risk remediation work plan that includes an assessment of the highest risks and the strength of internal controls and systems in those risk areas. If necessary, Strategic Management will develop or revise policies and procedures to help remediate these risks. Once policies and procedures are in place, Strategic Management trains the organization’s compliance staff to ensure employees and managers understand what is causing the risk, the measures used to address the risk, the compliance principles surrounding the risk and how the risk can be mitigated and managed.

Risk Monitoring and Auditing

The third phase for successful risk management is on-going compliance risk monitoring and auditing. To implement effective risk monitoring, the organization’s staff and managers need to keep tabs on internal controls on a regular basis to ensure that all policies are being followed and that procedures are working properly. They must also update these policies and procedures based on new regulations or organizational improvements. For effective risk auditing, organizations should work with an independent party outside of the organization to perform objective, on-going audits to determine the efficiency and effectiveness of their internal controls.

Risk Reporting

Risk reporting is the final phase of the risk management process and is a key factor in properly addressing any high-risk areas in the organization. Through risk reporting, Board members and executives can be informed on the risks identified during the risk assessment, risk remediation, and risk monitoring and auditing phases. If any risk areas are identified that may lead to fraud, federal and state enforcement entities may also need to receive the final risk management information.

View our Health Care Compliance Services

Return to the Strategic Management Homepage