Each year, the fourth quarter is a very busy time for Medicare Compliance departments – so it is very important not to forget about the annual Risk Assessment. If you haven’t already done your annual Medicare Risk Assessment, now is the time to get it scheduled and completed!
Include all Medicare Operations Areas
The annual Risk Assessment requires examination of all of your Medicare business operational areas. This includes all operational areas that are delegated to your PBM or some other entity. For each operational area, you will want to review several factors to help determine the appropriate risk level. Keep in mind that it is a CMS requirement to also rank each operational area. We recommend assigning a numeric value in your reviews as opposed to the more simplistic “high, medium or low” values to score your measures. This will allow the ranking process to occur simultaneously as you evaluate each of the measures, rather than going back and ranking each item as a separate task.
The criteria or measures to use in your Risk Assessment will include items from CMS guidance, such as the size of the department, complexity of work, amount of training completed, any past compliance issues and budget. As a best practice, we recommend that you include the results of past auditing/monitoring activities, as well as any recent changes in regulatory guidance that might impact a particular area.
Additional Scrutiny of FDR Compliance
In addition to a review of the operational areas delegated to your FDRs, don’t forget to include their Compliance Program Effectiveness abilities in your assessment. We recommend doing a ranking on the operational areas and a separate review and ranking on the individual FDRs. Many Plan Sponsors don’t do this separate review on the FDRs and place themselves at risk of not identifying their highest areas of risk.
Add Business Partners Into This Process
We strongly recommend that you include your business partners from each operational area in this review process. Their insights in the discussion of these issues and their involvement in determining the ranking can be of value to everyone. Even so, you need to be comfortable with the overall ranking results. Where there has been an issue, some clients have had the business partner and the Compliance Department complete separate Risk Assessment documents and then come together to review the results. You will need to determine an approach that works for your company, as well as for the Compliance Department.
Approvals and Going Forward
Once the Risk Assessment is completed, it should go through an approval process. Approvals should be documented from each of your operational business areas, senior management, the Medicare Compliance Officer and the Medicare Compliance Committee. After this approval process is completed, it will be time to build your 2016 Auditing and Monitoring program both internally and for your FDRs.
Finally, don’t forget to do a quarterly or mid-year Risk Assessment review in 2016. This review will look at any changes in your measures, risk added by new guidance, or if you experience significant changes in operational performance. If your ranking has changed, you will want to determine if there will be any impact to your auditing and monitoring work plans.
Don’t Quite Know Where to Begin?
Visante is available to provide assistance if you have any questions or concerns with your Risk Assessment or as you build your 2016 Compliance Program Effectiveness work plan.
Our Medicare Ad Hoc Operational and Compliance Support service can be used to procure our assistance for as little as 4 to 5 hours. Clients use this option to ask questions or to have us do a quick review of their Risk Assessment document.
If you are not certain of the current level of risk in your operational areas, our Strategic Review service will do a high level examination of nine of the highest risk operational areas. Information from the Strategic Review can be used as additional information in your Risk Assessment.
We can be reached at email@example.com for any questions or further information.