Critical Change: Enterprise Risk Management Meets Healthcare. 18 TH Annual Compliance Institute San Diego, CA March 31, 2014.

Size: px

Start display at page:

Download "Critical Change: Enterprise Risk Management Meets Healthcare. 18 TH Annual Compliance Institute San Diego, CA March 31, 2014."

Melina Barker
8 years ago
Views:

1 Critical Change: Enterprise Risk Management Meets Healthcare 18 TH Annual Compliance Institute San Diego, CA March 31, 2014 Marie Moseley, JD, MPH, BSN, NNP-C, CHC, CHC-P 1 Objectives 1 Understand ERM Basics and how it applies to Health Care 2 Identify key components 3 Lessons learned 2 1

JD, MPH, BSN, NNP-C, CHC, CHC-P 1 Objectives 1 Understand ERM Basics and

2 Shared with permission B Braun Medical ERM What is it? [A] process, effected by an entity s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (Committee of Sponsoring Organizations of the Treadway Commission (COSO)) 4 2

the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk

3 Enterprise Risk Management (ERM) defined: A broad based interdisciplinary process through which an organization identifies, analyzes, prioritizes, and addresses the risks and opportunities (in other words, the uncertainties) than can affect its achievement of strategic objectives, whether in positive or negative ways. American Health Lawyers Association, Enterprise Risk Management for Healthcare: Where & How to Begin 5 Traditional Risk Management Risk = Negative outcome Risk driven Silo approach Enterprise Risk Management Risk = any issue affecting the organization s ability to meet its objectives Value driven Holistic approach 3

4 Key Components: 1. Enterprise wide risk analysis 2. Enterprise wide oversight 3. Strategic risk ranking 4. Accountability & Monitoring Core Elements: 1. Education 2. Objective setting 3. Event identification 4. Risk assessment 5. Risk response 6. Controls 7. Communication 8. Monitoring 4

Accountability & Monitoring Core Elements: 1. Education 2.

5 Loss of/reduction in Revenue Sources Loss of Accreditation 9 Key Components: 1. Enterprise wide risk analysis 2. Enterprise wide oversight 3. Strategic risk ranking 4. Accountability & Monitoring 5

6 Risk Domains Strategic Financial Human Operational Regulatory/ Legal Technological Project Specific Key Components: 1. Enterprise wide risk analysis 2. Enterprise wide oversight 3. Strategic risk ranking 4. Accountability & Monitoring 6

Components: 1. Enterprise wide risk analysis 2.

7 Marketing Finance Affiliates/ Faculty Operations IS Legal Organizational Risk? Compliance Operations Internal Affiliates/ Audit Faulty Quality Medical Staff HR IS Marketing Research Legal Affiliates/ Faculty Finance HR Compliance IS Quality Audit Medical Staff Operations Organizational Risk 7

Medical Staff HR IS Marketing Research Legal Affiliates/ Faculty Finance

8 Compliance Operations IS Marketing HR Research ERM Leader Medical Staff Legal Finance Affiliates/ Faculty Quality Internal Audit Key Components: 1. Enterprise wide risk analysis 2. Enterprise wide oversight 3. Strategic risk ranking 4. Accountability & Monitoring 8

9 Likelihood 17 Key Components: 1. Enterprise wide risk analysis 2. Enterprise wide oversight 3. Strategic risk ranking 4. Accountability & Monitoring 9

10 Management Response (Red & Yellow) Avoid Control/Mitigate Accept Transfer 19 Identify and focus on top risks Critical business unit Critical risk 10

11 Identify risk universe Monitor Assess impact & controls Report & manage Prioritize Identify risk universe Monitor Assess impact & controls Report & manage Prioritize 11

12 Project Financial Reputational Operational Legal Regulatory/Compliance Fraud/Abuse Project Specific Deliverables Execution Patient Satisfaction Branding Market Share CMS/OIG IRS EPA Accreditation FCA, AKB Project Organization Stark Reputational Legal Fraud/Abuse Civil/Criminal Liability Financial Operational Regulatory/Compliance Project Specific HR/Provider Relations Benefit Plans EMTALA Impact Revenue/Assets Bonds Clinical/Business Interruption Anti trust IT.???? Safety HIPAA 12

Reputational Legal Fraud/Abuse Civil/Criminal Liability Financial Operational Regulatory/Compliance Project Specific

13 Identify risk universe Monitor Assess impact & controls Report & manage Prioritize 13

14 Rate the impact and likelihood if a threat is exploited Compare impact and likelihood to existing controls Establish a risk priority for each threat potential Risk Assessment scorecard with recommendation and response decision 14

Establish a risk priority for each threat potential Risk

15 Identify risk universe Monitor Assess impact & controls Report & manage Prioritize 30 15

16 31 Identify risk universe Monitor Assess impact & controls Report & manage Prioritize 16

17 33 Lessons learned Slow, painful & time consuming Requires top down commitment Baby steps Strong leader, C suite engagement Build on existing resources Communicate Not about the tools 34 17

18 Objectives 1 Understand ERM Basics and how it applies to Health Care 2 Identify key components 3 Lessons learned 35 Example: Meaningful Use 1. EHR functionality 2. Clinical work flows 3. Untimely adoption 4. Reimbursement 5. Audit defense 18

Example: Meaningful Use 1. EHR functionality 2.

19 Example: ICD 10 Office Map, Reprinted with permission, AAPC. Available at 10/office map/index.aspx 19

20 20

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management