Monitoring and Auditing


Effective compliance programs must include regular monitoring and auditing of areas identified as high-risk for non-compliance with laws and regulations. Regulators have identified a number of compliance risk areas for regular monitoring and auditing by health care providers including claims submitted to federal health care programs, financial relationships with physicians, quality of care, and the privacy and security of patient information.

Changes to the Federal Sentencing Guidelines in 2004 added the performance of periodic, ongoing risk assessments to identify potential areas of compliance risk or vulnerability as essentially the “8th Element” of an effective compliance program.

  • Trinity Health has conducted annual risk assessments in connection with development of annual compliance and internal audit work plans.Compliance risks identified include audit and regulatory enforcement priorities of DHHS – OIG, CMS, the Department of Justice (DOJ), Internal Revenue Service (IRS), and others.
  • The results of audits conducted by CMS contractors, internal audits, and other factors are considered in the annual risk assessment and planning process.
  • Ministries monitor the completion status of management action plans developed in response to audit findings. Reports are issued on a quarterly basis to Ministry ICOs and other senior leaders to assist in this effort.