This is a list of the many potential risks facing health care organizations, said Kelly Sauders, a partner at Deloitte & Touche LLP.[1] In addition, there are risks stemming from the COVID-19 pandemic, including the supply chain, virtual care, potential fraud related to COVID-19 tests, security vulnerabilities in remote working and many other areas. Contact Sauders at ksauders@deloitte.com.
Risk Considerations in Health Care for 2021
-
Culture/Governance
-
Culture/Tone at the Top
-
Policies and Procedures
-
Roles and Responsibilities
-
Compliance Function
-
Board Oversight for Compliance
-
Board Effectiveness/Knowledge
-
Management
-
Executive Compensation/Performance Incentives/Alignment
-
-
Institutional Compliance Program
-
Code of Conduct
-
Training and Education
-
Communication
-
Disciplinary Action
-
Policies and Procedures
-
Auditing and Monitoring
-
Response and Prevention
-
-
Departmental Compliance
-
Pharmacy
-
Emergency Department (EMTALA)
-
Wound Care
-
Cancer Center
-
Laboratory
-
Radiology
-
PT/OT/ST
-
Operational Departments
-
-
Contract Management/Third-Party Risk
-
Physician Arrangements
-
Joint Ventures
-
Vendor Agreements
-
Contract Repository
-
Third-Party Vendor Management
-
-
Conflict of Interest
-
Board-Level
-
Executive Leadership and Management
-
Nonemployed Physicians
-
Foreign Support
-
-
Clinical Research
-
Research Compliance Program
-
Clinical Trials Billing
-
Human Subject Protection
-
Scientific Misconduct
-
Grant Management
-
Research Conflict of Interest
-
Institutional Review Board (IRB) Oversight
-
-
Quality/Performance Improvement
-
Patient Safety
-
Medical Errors
-
Patient Satisfaction
-
Value-Based Care
-
Quality Indicator Monitoring and Reporting
-
Joint Commission Accreditation
-
HACs and Readmissions
-
Opioid-Related Monitoring
-
Fraud, Waste, and Abuse Prevention
-
-
Hospital Coding and Billing
-
Inpatient Coding (“compliance DRGs”)
-
Short Stays/Observation
-
Computer-assisted Coding
-
Admitting Privileges/Appropriate Admission Orders
-
Outlier Payments/Payments > Charges
-
-
Professional Coding and Billing
-
Training and Education
-
Physician Documentation and Coding
-
Auditing and Monitoring
-
Computer-Assisted Coding
-
Use of Scribes
-
Incident-to, Split-Shared, etc.
-
-
Privacy and Security
-
Access and Permissions
-
Physical and Device Security
-
Privacy, Security, and Compliance
-
Phishing, Ransomware, and Breach Response Readiness
-
Risks with Automation, Artificial Intelligence
-
System Acquisition/Implementation
-
-
Materials Management/Procurement
-
340B Drug Pricing Program
-
Retail Pharmacy Pricing
-
Vendor Background Checks
-
Vendor Vulnerability (Single-Source)
-
Vendors with PHI Access/Business Associate Agreements
-
-
Specific Compliance/Regulatory Risks
-
Recovery Audit Contractor Readiness
-
Provider-Based Status
-
Durable Medical Equipment
-
Cost Reporting
-
Stark & Anti-Kickback
-
Medical Device Management
-
Manufacturer Credits for Medical Devices
-
Medical Necessity
-
Sanctioned Providers
-
HIPAA Privacy & Security
-
Kickbacks
-
Physician Arrangements/Contracting
-
-
Alternate Payment Models/Delivery
-
Accountable Care Organization Reporting
-
Telehealth and Virtual Care Compliance
-
Price Transparency
-
Population Health
-
-
Other Programs/Services
-
Inpatient Psychiatry
-
IP Rehabilitation
-
Ambulance Services
-
SNF, Hospice, Home Health (Requirements for Certification/Payment)
-
-
Medical Education
-
Program Quality & Accreditation
-
Affiliation Management
-
Faculty Recruiting & Retention
-
-
Revenue Cycle
-
Scheduling/Verifications
-
Registration/Admitting
-
Charge Description Master (CDM)
-
Charge Capture
-
Patient Billing/Collections
-
A/R, Denials, Bad Debt
-
Credit Balances & Refunds
-
CMS PEPPER Monitoring
-
Payer Audits
-
In-House vs. Outsourced Functions
-
