Every provider is aware of the need to conduct periodic compliance-based risk assessments, yet the process often seems overwhelming. When a risk assessment is more objective in nature, (i.e. OSHA or environmental) it is much easier to get our mind around exactly what needs to be done, what we are looking for, and how to address the issues. In contrast, a compliance-based risk assessment is more subjective in nature and can be more difficult to complete in a meaningful way. Taking a look at the entire organization and trying to anticipate where something could go wrong in terms of fraud, waste or abuse, or some other type of bad activity, can be a daunting task.
While it is wise to conduct an enterprise wise risk assessment periodically to ensure the integrated systems of the organization work together to detect and deter bad activity, taking on the process of risk assessment in more manageable “bites” may be a good option for getting started on the compliance risk assessment process. Conducting focused risk assessments on functions or departments of the organization makes the risk assessment process much more manageable. Rather than looking at every aspect of the organization, looking at one or two departments at a time can give a good snapshot of those departments; piecing together all the snapshots gives a view of the organization as a whole.
The heart of soul of the payment process is the documentation of services provided; without good documentation the agency can’t submit claims for payment. On this basis, conducting a risk assessment of the documentation and claim submission process is a great place to start for most any organization. Taking a look at the process, from how and when documentation is generated all the way through to how billing is submitted to determine where something could “go bump in the night” allows the organization to pinpoint where the process exposes the organization to the risk that improper activity, intentional or otherwise, could occur. Once those areas of risk have been identified processes can be put in place to mitigate those risks ensuring all billing submitted by the organization is supported by proper documentation that establishes the services provided and the medical necessity for those services.
As is stated above, breaking the risk assessment process into bite sized chunks allows a provider to take a look at itself to find the soft spots, so to speak, without becoming paralyzed by the prospect of having to dig into the systems and processes of the entire organization at one time.