Is Risk Management Real? Leadership's Role is a Critical Issue.

Risk management and compliance-related issues may seem obvious—improper billing practices, unethical business decisions, unauthorized access to medical records, data breaches, poorly designed incentive programs and so on. There are, however, other harmful business practices that may lead to unexpected and devastating exposure to risk. Take the recent example of a banking institution that sold improper loans and set up improper accounts so as to meet certain quotas that led to improper monetary incentives. Not only did these actions gain national attention, many individuals lost their jobs and a great brand was tarnished. Leaders in medical groups and health systems must develop systems along with policies, processes and procedures to limit and manage risk in the healthcare setting. Medical groups must determine the most critical concerns confronting their organization. Boards and management can use the Federal Sentencing Guidelines and the Office of Inspector General’s voluntary compliance program guidance documents as baseline assessment tools to determine current capabilities and identify gaps.

Some of the basic requirements to risk management include:

• Determining a methodology to identify risk and a process to report events within an organization. You must determine how issues or concerns are evaluated in the organization, who is responsible for addressing those issues and where those issues go for resolution.
• Identifying methods of encouraging organization-wide accountability for achievement of compliance goals and objectives.
• Clarifying the roles and relationships among the organization’s committees and how the organization interacts with the public, vendors and other stakeholders who come in contact with the medical group or its employees.
   

Medical groups and their boards should develop and enforce standards for how to report compliance-related information. Leadership must be engaged and identify the most relevant and accurate information about internal operations and associated risk. The board should work with management to determine the types of reports on risk management and compliance needed to effectively measure and monitor identified areas.

If you are interested in learning more on how to evaluate your risk and develop systems to address those risks, please contact Nick A. Fabrizio at nfabrizio@mgma.com.