Printer Friendly, PDF & Email

Risk Assessments Are More ‘Fluid’; Some May Be Mistaken for ‘Controls Assessment’

For the first time in about a decade, Trinity Health isn’t using annual surveys in its risk assessment process. It was standard operating procedure to send electronic surveys to different service lines, including the hospitals and post-acute care providers at the Michigan health system, but it seems superfluous now.

Instead, Trinity Health’s risk assessment strategy is more continuous and flexible, and the compliance department asks itself, strategy by strategy, what brings value, says Andrei Costantino, vice president of integrity and compliance. The method also involves “keeping an ear to the ground to see what the HHS Office of Inspector General, Department of Justice, Medicare administrative contractors and state programs are doing to ensure Trinity Health is capturing any new and emerging risks.”

The surveys had become “burdensome,” and the risks don’t change significantly from year to year, he says.[1] “After a while, the risk assessment is more about maintaining. The whole risk assessment process is more fluid now,” he says, which echoes the way some other organizations do risk assessments and the HHS Office of Inspector General (OIG) updates its Work Plan. “I’m not saying that issues don’t come up that surprise us, but they are few and far between.” For example, Trinity had to respond to an unanticipated OIG Medicare compliance review at one of its hospitals in New Jersey during its sale to another health system, “but the liability is still ours,” and compliance attention had to be diverted to the audit. Trinity also is switching to Epic, a three-year undertaking with significant risks, Costantino says. “A lot of our work plan will focus on that”—privacy, coding, documentation and charge capture.

This document is only available to subscribers. Please log in or purchase access