An evaluation of risk assessments conducted by CHAN Healthcare, a subsidiary of Crowe, during the first six months of 2014 provides some valuable information for healthcare organizations. The evaluation analyzed more than 3,200 risks across 13 health systems and 270 entities and computed average risk scores based on two primary factors – strategic and business impact and business environment complexity. The top 10 risks, ranked highest to lowest, follow, in the second article of a two-part series.
- Physician Contracting
Organizations continue to pursue physician integration, and physician arrangements are increasingly complex, bringing with them greater risk. Hospitals often must move quickly on contracts with physicians who are crucial to the overall hospital strategy. It is critical for all appropriate parties to review contracts before they are finalized. A committee or attorney should review every contract for appropriate compensation based on location, specialty, and market comparability as well as for potential Stark law violations. The hospital also should have a robust system in place for tracking contracts and monitoring adherence to contract terms.
- Joint Ventures
Joint ventures continue to grow in significance as healthcare organizations enter into a variety of creative arrangements across all aspects of the care continuum. In addition to managing cultural differences between not-for-profit and investor-owned businesses, the parties must address risks related to compliance with legal and ethical requirements and contractual obligations. A right-to-audit clause is an important contract term not only to demonstrate due care but also to be proactive in identifying noncompliance. The parties also should recognize that joint ventures typically come to an end, so items such as the proper distribution of reimbursements should be considered. All of these areas should be tackled during negotiations.
- Meaningful Use
With the significance of meaningful use (MU) incentives for those who are eligible, it’s no surprise that MU continues to pose a serious concern for both hospitals and physicians. The Centers for Medicare & Medicaid Services (CMS) avidly is pursuing audits of healthcare organizations, and some organizations are not prepared for the audits. To support their attestation, and thereby reduce the odds of being required to refund CMS payments, organizations must formally assign accountability and make sure thorough documentation is maintained.
- Quality Process Improvement
Healthcare reform has brought an increased focus on the quality of patient care, with quality measures having a greater impact on reimbursement. To help improve outcomes and recover the highest reimbursement possible, hospitals need to implement evidence-based practices and reinforce the reliability of their clinical processes. Proper monitoring is essential to identifying and promptly addressing breakdowns.
- ICD-10 Transition
International Classification of Diseases (ICD)-10 has been on healthcare organizations’ radar for some time now, and it remains a top concern. Organizations are concerned that reimbursement levels will decline for a period of time after ICD-10 is implemented as a result of a lack of detailed physician documentation, inaccurate coding, loss of coding productivity, or information system issues. Extensive communication, education, testing, and contingency planning in advance of the Oct. 1, 2015, implementation date can help mitigate any potential negative impact. Post-transition monitoring also will be important to confirm that the documentation, coding, and information system processes are working as they should.
- Accountable Care Organizations and Clinically Integrated Networks
A growing number of organizations are forming accountable care organizations (ACOs) or clinically integrated networks (CINs) in response to the Affordable Care Act. Common risks associated with these arrangements include securing patient data in compliance with Health Insurance Portability and Accountability Act privacy laws; complying with waiver requirements to shield the ACO or CIN from potential federal or other regulatory violations (including Stark and antitrust); executing, tracking, and managing physician participation agreements and contracts; and establishing appropriate methods to distribute payments to all physician participants.
- Denials Management
Denied or delayed claim payments are nothing new, but the risk associated with them has grown as healthcare organizations struggle with intensifying reimbursement pressures that threaten the bottom line. Hospitals should employ a dedicated denials staff populated by employees who understand payer contracts and their corresponding requirements. The staff should work every denial, responding in a timely manner with the specific information insurers require for reprocessing. The optimal control of risks related to denials management, of course, is to submit clean claims from the beginning.
- Two-Midnight Rule
The introduction of the two-midnight rule created significant operational challenges for many hospitals. Securing appropriate physician certifications prior to discharge became more challenging as new processes were designed. Although the physician certification requirement has been removed through the final 2015 Outpatient Prospective Payment System (OPPS) regulation that was issued on Oct. 31, 2014, many hospitals have chosen to keep their newly designed processes to support the medical necessity of a two-midnight stay.
- IT Application Post-Implementation
Recent years have seen a surge in hospitals’ reliance on IT applications, including electronic health records and various financial and business systems. These applications are intended to improve efficiency and effectiveness, but they can carry risks related to both clinical care and reimbursement. Controls must be put in place to confirm that applications capture all of the patient information needed to provide proper care and satisfy reimbursement requirements.
- 340B Drug Pricing Program
Requirements under the 340B drug pricing program are complex, and guidance is not always clear. A mega-regulation was expected during the summer of 2014, but it was canceled, leaving healthcare organizations without much-needed clarity. Healthcare organizations should develop system and data analysis processes to identify and remove patients and drugs that aren’t actually eligible for the program.
The risks facing the healthcare industry are complex and constantly changing. Organizations need to monitor their risks regularly by conducting a robust risk assessment. Processes should be in place to test controls in high-risk areas, uncover gaps, and take the appropriate actions to mitigate risks. For more risks healthcare organizations should be considering, please read the first article in this series.