Risk Assessment

Effective compliance programs must include regular monitoring and auditing of areas identified as high-risk for non-compliance with laws and regulations. Regulators have identified a number of compliance risk areas for regular monitoring and auditing by health care providers including claims submitted to federal health care programs, financial relationships with physicians, quality of care, and the privacy and security of patient information. Changes to the Federal Sentencing Guidelines in 2004 added the performance of periodic, ongoing risk assessments to identify potential areas of compliance risk or vulnerability as essentially the “8th Element” of an effective compliance program.

How SoNE HEALTH addresses this standard:

• The Integrity & Compliance Office conducts an annual risk assessment in connection with development of its annual work plan. Compliance risks are assessed in consideration of the DHHS – OIG Work Plan, activities announced by the Centers for Medicare and Medicaid Services (“CMS”), and regulatory enforcement priorities of the Department of Justice (“DOJ”), Internal Revenue Service (“IRS”), and others.
• A significant portion of the ICO annual Work Plan is devoted to auditing and monitoring of compliance risks identified through annual and ongoing risk assessments.
• The ICO monitors the completion status of management action plans developed in response to audit findings. Reports are issued on a quarterly basis to management to assist in this effort.