Corporate Compliance

Tip: Follow these five steps for an effective risk assessment

Healthcare Auditing Weekly, March 17, 2009

A risk assessment allows a practice to take inventory of risk areas and identify current and potential hazards, as well as control weaknesses. Risk assessments measure a practice’s compliance level with laws regulations, and internal policies/procedures and should be performed once every two years.

Break your risk assessment into the following five steps:
  1. Plan – Identify the goals and objectives of your risk assessment. If this is the first time the practice has ever performed a risk assessment, you may want to obtain a baseline assessment.
  2. Organize – Define risks for each area of the practice and organize the risk assessment to obtain the best data possible. Use a tool in the form of a questionnaire to be completed by providers and other staff that includes one or several areas of focus, such as level of concern, risk level, and preparedness.
  3. Assess – Distribute the risk assessment tool to all appropriate people, such as physicians, non-physician leaders, compliance committee members, and practice managers—depending on how large your practice is.
  4. Rank – After completing the risk assessment, rank risks from highest to lowest. The most common way to rank risks is to use a weighted point scale. If there are multiple areas where the final results are the same, solicit leadership opinion to decide how to rank the risks to your practice.
  5. Manage – Develop an action plan. This should list all the risks identified in the practice and should include information on why each risk is present, what controls you should implement to reduce or eliminate the risk, and who is responsible for following through with the implementation and by what date.

This tip was adapted from Auditing Evaluation and Management Coding. For more information about the book or to order your copy, visit the HCMarketplace.

 

Most Popular