Risk Assessment
Effective compliance programs must include regular monitoring and auditing of areas identified as high-risk for non-compliance with laws and regulations. Regulators have identified a number of compliance risk areas for regular monitoring and auditing by health care providers including claims submitted to federal health care programs, financial relationships with physicians, quality of care, and the privacy and security of patient information. Changes to the Federal Sentencing Guidelines in 2004 added the performance of periodic, ongoing risk assessments to identify potential areas of compliance risk or vulnerability as essentially the “8th Element” of an effective compliance program.
How Trinity Health addresses this standard:
- Integrity and Audit Services (IAS) conducts an annual risk assessment in connection with development of the department’s annual work plan. Compliance risks are assessed in consideration of the DHHS – OIG Work Plan, activities announced by the Centers for Medicare and Medicaid Services (“CMS”), and regulatory enforcement priorities of the Department of Justice (“DOJ”), Internal Revenue Service (“IRS”), and others.
- A significant portion of IAS’ annual Work Plan is devoted to auditing and monitoring of compliance risks identified through annual and ongoing risk assessments.
- IAS monitors the completion status of management action plans developed in response to audit findings. Reports are issued on a quarterly basis to Ministry management to assist in this effort.