Risk Assessment Survey and Potential Risk Areas
By Nina Youngstrom
Here’s an example of a risk assessment survey, with a list of risk areas “inherent to health care organizations,” said Shelly Denham, senior vice president of compliance, risk and audit services at UofLHealth in Louisville, Kentucky. Contact her at shelly.denham@uoflhealth.org.
Annual Risk Survey
Background
Please help us plan our audit and compliance activities by providing your input on our enterprise risk assessment. (See survey on page below.) We need to know, in your opinion, which clinical, regulatory and financial processes have the highest risk and should be considered for an audit or compliance project.
Below are some areas of potential risks to help you generate your own ideas.
General Compliance Risks
General Compliance |
---|
-
501r -
Clinical research -
Community benefit -
Conflicts of interest -
HIPAA privacy -
Meaningful use
| -
Medicare three-day payment window -
Medication reconciliation -
Social media -
Joint commission readiness -
Two-Midnight rule
|
Legal and Regulatory Compliance Risks
Pharmaceuticals |
Physician Financial Transactions |
---|
| |
Emergency Medical Treatment and Labor Act (EMTALA) |
Advanced Practice Providers (APP) |
---|
-
Compliance with EMTALA guidelines with the emergency department -
Compliance with EMTALA guidelines for patients presenting outside the emergency department -
EMTALA transfer and receiving processes (antidumping)
| -
Scope-of-practice alignment with state-specific practice authority -
Compliance with supervision requirements -
APP services documentation and billing compliance
|
Clinical Risks
Patient Safety |
Behavioral Health |
---|
-
Surgical safety and surgical suite disinfection -
Device sterilization and disinfection -
Hospital-acquired conditions, including infections, falls and pressure injuries
| -
Environmental and ligature risk assessment -
Mental health assessment and suicide risk screening -
Access to mental health services
|
Case Management and Utilization Management |
Physician Practice Clinical Operations |
---|
-
Compliance with Medicare conditions of participation -
Status assignment (inpatient versus observation) -
Discharge planning and transition of care
| |
Emerging Risks
Telemedicine |
Environmental, Social and Governance (ESG) and Diversity, Equity and Inclusion (DEI) |
---|
-
Compliance with documentation and billing requirements -
IT assessment of telehealth platform and devices -
Cybersecurity assessment of network and unified communications supporting telehealth
| |
New Regulations |
Robotic Process Automation (RPA) |
---|
-
No Surprises Act process effectiveness -
Hospital price transparency compliance and accuracy -
CMS vaccine mandate process assessment and compliance -
CARES Act reporting compliance
| -
Review of overall RPA governance process -
Assessment of RPA security, controls and disaster recovery -
Assessment of RPA change management
|
Financial and Operational Risks
Workforce/Executive Retirement and Succession Planning |
Vendor Management |
---|
| |
Staff Safety and Security |
Revenue Cycle |
---|
| -
Revenue cycle process effectiveness -
Clinical documentation improvement -
Expected reimbursement -
Denials management -
Patient access -
Billing and claims submission -
Credit balances -
Collections -
Charge capture
|
Financial Reporting |
Supply Chain |
---|
| |
Technology Risk
Cybersecurity and Ransomware Preparedness |
Biomedical Devices |
---|
-
Ransomware preparedness and response -
Cybersecurity risk assessment -
Business continuity management
| -
Biomedical device governance and procurement -
Biomedical device security -
Biomedical device maintenance and third-party, service-level agreement compliance
|
This document is only available to subscribers. Please log in or purchase access.