The top ten risks facing healthcare organizations, as collected and analyzed through data by CHAN Healthcare.
An evaluation of risk assessments conducted by CHAN Healthcare, a subsidiary of Crowe Horwath LLP, during the first six months of 2014 sheds some valuable light for healthcare organizations. The evaluation analyzed more than 3,200 risks across 13 health systems and 270 entities and computed average risk scores based on two primary factors – strategic/business impact and business environment complexity. The top 10 risks, ranked highest score to lowest, follow.
1. Physician Contracting
Organizations continue to pursue physician integration, and physician arrangements are increasingly complex, bringing with them greater risk. Hospitals often must move quickly on contracts with crucial physicians, but it is critical for all appropriate parties to review the contracts before they finalized. A committee or attorney should review every contract for appropriate compensation based on location, specialty, and market comparability as well as potential Stark Law violations. The hospital also should have a robust system in place for tracking contracts.
2. Joint Ventures
Joint ventures continue to grow in significance as healthcare organizations enter into a variety of creative arrangements across all aspects of the care continuum. In addition to managing cultural differences between not-for-profit and investor-owned businesses, the parties must address risks related to compliance with legal and ethical requirements and contractual obligations. The parties also should recognize that joint ventures typically come to an end, in which case issues, such as the proper distribution of reimbursements, will arise. All of these issues should be tackled during negotiations and in the contracts with, for example, a right-to-audit clause.
3. Meaningful Use
With the significance of meaningful use (MU) incentives for those who are eligible, it’s no surprise that MU continues to pose a serious concern for both hospitals and physicians. The Centers for Medicare & Medicaid Services (CMS) is avidly pursuing audits of healthcare organizations, and some organizations are not prepared for the audits. As ballast to support their attestation, and thereby reduce the odds of being required to refund CMS payments, organizations must formally assign accountability and make sure thorough documentation is maintained.
4. Quality Process Improvement
Healthcare reform has brought an increased focus on the quality of patient care, with quality measures having a greater impact on reimbursement. To help improve outcomes and recover the highest reimbursement possible, hospitals need to implement evidenced-based practices and reinforce the reliability of their clinical processes. Proper monitoring is essential to identifying and promptly addressing breakdowns.
5. ICD-10 Transition
International Classification of Diseases (ICD)-10 has been on the radar for some time now, but it remains a top concern for healthcare organizations. It seems inevitable that reimbursement levels will decline for a while after ICD-10 is implemented, resulting in decreased cash flow and revenues. Improper documentation or coding will delay reimbursement and create revenue cycle problems. Improving the revenue cycle in advance of the Oct. 1, 2015, implementation date can help mitigate the effects, as can training physicians and coders on the new expectations and requirements. Post-transition monitoring also will be important to confirm that the documentation and coding processes are working as they should.
6. Accountable Care Organizations/Clinically Integrated Networks
A growing number of organizations are forming accountable care organizations (ACOs) or clinically integrated networks (CINs) in response to the Affordable Care Act. Common risks associated with these arrangements include securing patient data in compliance with Health Insurance Portability and Accountability Act (HIPPA) privacy laws; complying with waiver requirements to shield the ACO/CIN from potential federal or other regulatory violations (including Stark and antitrust); executing, tracking, and managing physician participation agreements and contracts; and establishing appropriate methods to distribute payments to all physician participants.
7. Denials Management
Denied and delayed payments of claims are nothing new, but the risk has grown as healthcare organizations struggle with intensifying reimbursement pressures that threaten the bottom line. Hospitals should employ a dedicated denials staff populated by employees who understand payer contracts and their corresponding requirements. The staff should work every denial, responding in a timely manner with the specific information insurers require for reprocessing. The optimal control of risks related to denials management, of course, is to submit clean claims from the beginning.
8. Two-Midnight Rule
The introduction of the two-midnight rule created significant operational challenges for many hospitals. Securing appropriate physician certifications prior to discharge became more challenging as new processes were designed. Although the physician certification requirement has been removed through the final 2015 Outpatient Prospective Payment System (OPPS) regulation that was issued on Oct. 31, 2014, medical record documentation still must support the medical necessity of a two-midnight stay. Many hospitals have chosen to keep their newly designed processes to support the medical necessity of a two-midnight stay.
9. IT Application Post-Implementation
Recent years have seen a surge in hospitals’ reliance on IT applications, including electronic health records (EHRs) and various financial and business systems. These applications are intended to improve efficiency and effectiveness, but they can carry risks related to both clinical care and reimbursement. Controls must be put in place to confirm that applications capture all of the patient information needed to provide proper care and satisfy reimbursement requirements.
10. 340B Drug Discount Program
Requirements under the 340B drug discount program are complex, and guidance is not always clear. A mega-regulation was expected during the summer of 2014, but it was canceled, leaving healthcare organizations without much-needed clarity. Nonetheless, healthcare organizations should develop system and data analytic processes to identify and remove patients and drugs that aren’t actually eligible for the program.
The risks facing the healthcare industry are complex and constantly evolving. Organizations need to conduct formal risk assessments to identify new and changing risks, regularly monitor identified risks, uncover gaps, and take appropriate actions to mitigate risks to an acceptable level.
Annette Schandl is a senior vice president with CHAN Healthcare, a subsidiary of Crowe Horwath LLP, in the Englewood, Colorado office.
Rebecca Welker is an audit vice president with CHAN Healthcare, a subsidiary of Crowe, in the St. Louis, Missouri office.