Enterprise Risk Management
Enterprise risk management (ERM) in healthcare promotes a
comprehensive framework for making risk management decisions
which maximize value protection and creation by managing risk and
uncertainty and their connections to total value.
ERM Framework
ERM Domains
Operational
Clinical/Patient Safety
Strategic
Financial
Guiding Principles
The following guiding principles in concert with ASHRMs mission
and vision have been developed as basic building blocks supporting
the framework for ERM in healthcare:
? Advance safe and trusted healthcare
Human Capital
? Manage uncertainty
? Maximize value protection and creation
? Encourage multidisciplinary accountability
Legal/ Regulatory
? Optimize organizational readiness
? Promote positive organizational culture which will impact
readiness and success
? Utilize data/metrics to prioritize risks
? Align risk appetite and strategy
Technology
ERM Practices:
1. Are continuous
2. Require a paradigm shift in how an organization identifies and
manages risks and opportunities
Hazard
3. Are not a stop on the road, but a journey
© ASHRM 2016
ERM Risk Domains
Domain
Description/Example
Operational
The business of healthcare is the delivery of care that is safe, timely, effective, efficient, and
patient-centered within diverse populations. Operational risks relate to those risks resulting
from inadequate or failed internal processes, people, or systems that affect business
operations. Included are risks related to: adverse event management, credentialing and
staffing, documentation, chain of command, and deviation from practice.
Clinical/Patient
Safety
Risks associated with the delivery of care to residents, patients and other healthcare
customers. Clinical risks include: failure to follow evidence based practice, medication
errors, hospital acquired conditions (HAC), serious safety events (SSE), and others.
Strategic
per violation
OIG. (2020, JANUARY 2). COMPARISON OF THE ANTI-KICKBACK STATUTE AND STARK LAW. RETRIEVED FROM HTTP://OIG.HHS.GOV/COMPLIANCE/PROVIDER-COMPLIANCETRAINING/FILES/STARKANDAKSCHARTHANDOUT508.PDF
Stark Law
What is Stark Law?
The Stark Laws refers to a practice or a physician
referring patients to a medical facility in which the
physician has a financial interest, whether ownership or
other type of investment.
Physician Self Referral
Prohibits a physician from making referrals for certain designated health services (DHS) payable
by Medicare where there is a financial relationship (ownership, investment, or compensation),
unless an exception applies.
Prohibits the entity from processing claims for those referred services.
Establishes specific exceptions and grants the Secretary authority to create regulatory
exceptions for financial relationships that do not pose a risk or patient abuse.
Designated Health Services (DHS)
The following items or services are DHS:
? Clinical laboratory services.
? Physical therapy services.
? Occupational therapy services.
? Outpatient speech-language pathology services.
? Radiology and certain other imaging services.
? Radiation therapy services and supplies.
? Durable medical equipment and supplies.
? Parenteral and enteral nutrients, equipment, and supplies.
? Prosthetics, orthotics, and prosthetic devices and supplies.
? Home health services.
? Outpatient prescription drugs.
? Inpatient and outpatient hospital services.
OIG, 2020
Healthcare Quality Improvement Act
Developed in 1986
Protects the public from incompetent physicians
Requires the Board of Medical Examiners to report professional competence or conduct to the
Secretary.
Requires hospitals to request information from the Secretary about providers regarding staff
physicians and health care practitioners
? Want to Read more about these Laws?
? Visit http://www.hcqia.net/ or NAMMS https://www.namss.org/
Medical Identity Theft
Medical Identity Theft
? Medical Identity Theft
? Red Flag Rules- Registration, financial assistance, and business office will be mostly affected
? Background- the federal trade commission adopted the red flag rules to urge creditors to protect sensitive customer information,
watch for the red flags and respond quickly and claims of identity theft.
? What is Identity Theft? It is fraud
? Medical Identity is a growing problem and can include SSN, account numbers and other personal information.
? Riskiest time for identity theft- when a new patient account is opened
? Visit IdentityTheft.gov to report identity theft
? Federal Trade Commission
? Collaborate with law enforcement across the country and around the world to advance consumer protection and competition
missions.
OIG. (2020, JANUARY 2). COMPARISON OF THE ANTI-KICKBACK STATUTE AND STARK LAW. RETRIEVED FROM HTTP://OIG.HHS.GOV/COMPLIANCE/PROVIDER-COMPLIANCETRAINING/FILES/STARKANDAKSCHARTHANDOUT508.PDF
Identity Theft
? New requirements for registration
? Patients provide a photo ID
? Proof of address
? Exceptions- Not in ED due to EMTALA
? How to help prevent identity theft?
? Insurance card appears altered
? Photo on license does not look like patient
? Signature on drivers license does not match patients signature on consents
? Demographic information does not match
? What to do if you discover a Red Flag?
? Notify supervisor
? If supervisor is not available, contact Risk Management or Compliance officer
OIG. (2020, JANUARY 2). COMPARISON OF THE ANTI-KICKBACK STATUTE AND STARK LAW. RETRIEVED FROM HTTP://OIG.HHS.GOV/COMPLIANCE/PROVIDER-COMPLIANCETRAINING/FILES/STARKANDAKSCHARTHANDOUT508.PDF
HIPAA of 1996
Privacy and Security
HIPAA
Health Insurance Portability and Accountability Act of 1996. HIPAA is a response, by Congress,
to healthcare reform and is a federal law that is mandatory. Protects the privacy and security of
a patients health information.
Provides for electronic and physical security of a patients health information.
Prevents health care fraud and abuse.
Simplifies billing and other transactions, reducing health care administrative costs.
Privacy
? Minimum Necessary- What type of information am I about to share; Its a need to know
? Covered Entity- Health plans, healthcare clearing houses, healthcare providers, business associate
OIG. (2020, JANUARY 2). COMPARISON OF THE ANTI-KICKBACK STATUTE AND STARK LAW. RETRIEVED FROM HTTP://OIG.HHS.GOV/COMPLIANCE/PROVIDER-COMPLIANCETRAINING/FILES/STARKANDAKSCHARTHANDOUT508.PDF
HIPAA Contd
? Security- Organizations should conduct both risk analysis and risk management
procedures and provides a baseline for detecting risk and mitigating breeches.
? Risk analysis- when you look for vulnerabilities of confidential health information
? Risk management- This requires an organization to make decisions and address the security risk
and vulnerabilities and implement policies, procedures, and programs to comply with
compliance programs
OIG. (2020, JANUARY 2). COMPARISON OF THE ANTI-KICKBACK STATUTE AND STARK LAW. RETRIEVED FROM HTTP://OIG.HHS.GOV/COMPLIANCE/PROVIDER-COMPLIANCETRAINING/FILES/STARKANDAKSCHARTHANDOUT508.PDF
HIPAA: Security Standards
Administrative
Administrative Action
Policies and Procedures
Technical
Access controls
Audit Controls
Integrity
Person or Entity
Authentication
Transmission Security
Physical
Facility Access
Workstation Use
Workstation Security
Device and Media Controls
HIPAA
What is PHI? Protected health information
What is EPHI? Electronic health Information
What is an EMR? An electronic medical record
How does HIPAA affect my job?
Do you handle PHI?
If yes, than its your job to protect that information.
Health Information Technology for Economic and Clinical
Health Act (HITECH)
– Signed into law by President Obama in 2009.
– Under HIPAA, there were a few grey areas that needed
to fixed. The purpose of HITECH was to eliminate these
grey areas.
– Goal is to promote the use of healthcare technology and
to encourage use of Electronic Health Records (EHR).
– As of 2008, only 10% of physicians had adopted an EHR
system. By 2017, 86% of physicians and 77% of hospitals
adopted an EHR system.
– It provided incentives to providers and healthcare
organizations for proper EMR use. Ex: Meaningful Use.
Source: https://www.hipaajournal.com/what-is-the-hitech-act/
Who can I talk to within the Healthcare
Organization about Privacy and Security
? Chief Privacy Official (CPO)- responsible for privacy program implementation, facilitate training and
education, assess compliance, and evaluate complaints and potential breaches.
? Facility Information Security Official (FISO)- They are responsible for leading, driving, and helping
facility workforce members appropriately comply with the companys IPS requirements.
? Health Information Management Director (HIM)- Ensure compliance with state and federal laws
and standards related to privacy, security, and record completion
? Director of Information Security (IT & S)- lead and direct activities of the Information Technology
department and partner with business partners to deliver technology services that are aligned with
business needs.
? Ethics and Compliance Officer- Assist the organization in achieving responsible and effective
corporate (risk management) and compliance programs
WhistleBlower
What is a Whistleblower?
Whistle blower- is someone who reports waste, fraud, abuse, or dangers to public
health and or the safety of others. The individual that is being reported is in question
or position to correct the wrongdoing.
? Whistleblower laws are enforced by Occupational Safety and Health Administration
(OSHA)
? There are more than 20 whistleblower statutes
? Pro
Enterprise Risk Management
Our Service Charter
1. Professional & Expert Writers: Homework Discussion only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.
2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.
3. Plagiarism-Free Papers: All papers provided by Homework Discussion are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.
4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Homework Discussion is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.
5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.
6. 24/7 Customer Support: At Homework Discussion, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.