image_pdfimage_print

by Marc Stein, MBA, Principal  – WithumSmith+Brown. 

 
 
Groundbreaking changes in the healthcare industry have increased the scope and complexity of a healthcare organization’s risks.  Healthcare risk areas appear to be around every corner, from legislation and regulatory developments to operational and financial concerns. It is becoming more imperative that an organization go through a robust comprehensive enterprise-wide risk assessment that goes beyond traditional boundaries and reaches more clinical, operational and strategic areas.  The results of the risk assessment will be the basis of internal audit plan areas reflecting the priority of risks for a healthcare organization.
 
2017 Top Healthcare Risk Areas
 
Based on the 2017 annual survey of Healthcare Chief Audit Executives and Internal Audit Leaders performed by Protiviti partnering with the Association of Healthcare Internal Auditors (AHIA), the following were the top healthcare audit plan areas for 2017:
•Information System Controls
•Billing and Collections
•Accounting/Finance
•Information Security/Cybersecurity Program Effectiveness
•Charge Capture
•Electronic Health Records
•Compliance and Regulatory Monitoring
•Ancillary Services
•Accounts Payable
•Data Information Governance
•HIPAA Compliance
•Fraud, Waste and Abuse
•Clinical Systems
•Supply Chain
•Denials Management
 
Internal Audit Focus
 
Internal audit’s traditional focus on transactions and related financial business cycles has been sufficient for healthcare organizations in the volume-driven system in the past. That approach needs to be modified now that healthcare organizations are continuing to move from a reimbursement structure based on claims and production to a system of rewards based on value, including quality, safety, efficiency and appropriateness of care. Under value-based care, a provider can be financially penalized for failing to meet quality standards. Internal audit needs to evolve and consider expanding the use of data analytics as a tool in evaluating risks associated with a value-based healthcare environment.
 
Conclusion
 
An internal audit infrastructure based on the use of data analytics will support more efficient and effective coverage of traditional audit areas while allowing more time and resources to assess and address the new and emerging healthcare risk areas under value-based reimbursement. This approach will enable internal audit to generate and protect value within a healthcare organization
 
Marc Stein, MBA, Principal, 
(732) 828 1614
mstein@withum.com