Enhancing Health Plan Compliance Through Comprehensive Risk Assessment and Management: Navigating New Guidelines and Expectations

While risk assessment has always been a core component of compliance programs, recently the Office of Inspector General (OIG), Centers for Medicare and Medicaid Services (CMS) and the compliance community have emphasized the importance of a formal risk assessment in prioritizing resources and developing work plans. Risk Management

  • The Office of Inspector General (OIG) released guidance at the end of 2023, reiterating the significance of risk assessment as a foundational function for both small and large entities that should be completed at least once a year.
  • CMS guidance requires plans to conduct a formal baseline assessment of major compliance and fraud, waste, and abuse (FWA) risks (e.g., a risk assessment) and periodically re-evaluate the accuracy of that baselines assessment.

Furthermore, Medicare Advantage Plans will need to show risk assessments during audits including:

  • Compliance Program Effectiveness (CPE) Audits run by the CMS Medicare Parts C and D Oversight and Enforcement Group
  • Recently initiated Program Integrity Audits run by the CMS Center for Program Integrity

For CMS audits, plans must ensure that their risk assessments are comprehensive and show discussion of both compliance and FWA risks.  Plans may want to consider creating separate compliance and FWA risk assessment.

Finally, effective risk assessment is just one piece in an overall risk management program that protects your members and your organization.  Successful implementation of a risk management program requires documentation, tracking and coordination of the following activities.

  • Identification – Document any known potential risks across the organization.
  • Assessment – Evaluate each risk and measure the likelihood of it occurring and the impact it would have on the organization.
  • Mitigation – Once risks are identified and assessed implement strategies to reduce the occurrence and impact of risks.
  • Monitoring – Employ tools and processes to monitor risks on a continuous basis.
  • Reporting – Document risk management plans and report results and effectiveness to stakeholders.

It also requires interdepartmental coordination and collaboration to ensure operational expertise and engagement.  Commitment throughout the entire organization not only reinforces the organization’s risk culture but ensures that risk can be identified and assessed on an ongoing basis.

The importance of risk assessment for health plans cannot be overstated in today’s dynamic healthcare landscape. As regulatory guidelines evolve and enforcement mechanisms strengthen, health plans must embrace risk assessment and management as a fundamental tenet of their operational framework. By proactively identifying and mitigating risks, health plans can fortify their compliance programs, foster continuous improvement and accountability, uphold the integrity of healthcare delivery and plan operations, and ultimately, safeguard the well-being of member and the sustainability of the organization.

CODY® has the team, expertise, and state-of-the-art technology to support health plan operations, improve performance, and ensure compliance with industry and regulatory standards.  CodySoft® Risk Management Module® provides an integrated and centralized risk management solution that allows health plans to identify, assess, respond to, and continuously monitor compliance risks that may negatively impact the organization. Our Risk Management software provides efficient, automated, flexible, and configurable workflows. You can align your business processes for the management of risk assessments, risk registers, risk measurement, scoring, mitigation plans, reporting and monitoring results. The complete risk process empowers your compliance, audit, IT, risk, operational teams, and all levels of management to adequately identify risks, collaborate, and reduce both the possibility of a risk occurring and its potential impact.

 About us: Founded in 2006, CODY® is an Industry leader in Governance, Risk, and Compliance (GRC) Solutions designed exclusively for health plans. We enable over 70 government-funded, commercial, and ACA health plans across 50 states and Puerto Rico to mitigate compliance risk, maximize efficiencies, and improve outcomes. Our Enterprise technology and innovative solutions reduce administrative costs, increase accuracy, ensure regulatory compliance, and provide a better experience for plan members and providers. www.codyconsulting.com