Healthcare by its very nature comes with an accepted culture of risk. Therefore, ongoing assessments are a necessary process because organizations create new information every day as part of normal operations and this can change the risk profile for their institution. New risk areas can be identified every day. Where does one begin when it comes to identifying compliance risks for your organization?
First, check the formal written definition and tolerance of risk in your organization’s documents.
These include compliance plans, risk management plans, institutional compliance assurance plans, and internal audit reviews. These will give you a foundation and a playing field in which you can work. Think of it as a jumping off point.
Second, leverage technology.
As we all know, the available technology is expanding every day – and healthcare is not excluded. Compliance software like MDaudit Enterprise is built for hospitals and healthcare professional settings. It automates and streamlines many of the administrative tasks involved in the billing audit process, dramatically improving productivity and helping healthcare organizations reduce billing compliance risk. With so much power behind technology out there today, how can you leverage it to identify size and scope of risk for your organization?
Within compliance, use technology to define, shape and monitor identified risks. As a compliance executive, it helped me identify the size of an issue. All too frequently, organizations will go after a problem with an elephant gun, when in fact the problem only merits being “stomped on” by a foot. Use technology to define the size of a risk, thereby helping you figure out how to reduce it, minimizing the damage it can cause in the future.
Third, create case profiles.
Case profiles are one way to categorize your organization into groups. They break down the hospital or professional setting into smaller parts so that auditing can be done quicker and more easily. The case profiles that I created, for instance, during a project at a medical center were designed to assess the risk for the clinical practice area. My logic for organizing them was based on the premise that there was a different provider risk profile depending on the clinical area. For example, thoracic surgery has a different profile than primary care or pathology.
The same is true on the revenue side – perform a probe audit to see if there are issues within a case profile, then, if one is identified, conduct a focused audit to assess the size of the problem. If it’s decidedly significant, plug it into your monitoring plan to reduce the organization’s risk of paybacks for services that did not meet the documentation requirements.
All too often, healthcare organizations focus on the safe bet from a compliance perspective: looking at the top dollar or high volume services. While these are important, including the results from external sources like the Office of Inspector General, Medicare Administrative Contactors, and external reviewers can shed light on already self- identified compliance risk areas and therefore need to be reviewed to ensure that there are no compliance risks within your organization. Compliance professionals need to continually revisit these to ensure that the important risks (big and small) are being reviewed and that tactics and strategies are being developed to address any problem areas.
