External Risk Assessment Tool for Inpatient Rehabilitation Facilities (IRF) Compliance

Catie Heindel | April 2012

In its Compliance Program Guidance document for Hospitals, the Department of Health and Human Services, Office of Inspector General (OIG) asks the question, “Has the Hospital developed a risk assessment tool, which is re-evaluated on a regular basis, to assess and identify weaknesses and risks in operations?”

As each type of health care organization has its own unique risks, risk assessment tools may vary in content and design.  However, depending on the type of care provided by your organization, there are certain risks that are always present and must be addressed.  This is definitely the case when examining risks for Inpatient Rehabilitation Facilities (IRFs). This article will outline one method for developing a risk assessment tool for IRFs.

Importance of IRF Risk Assessment

Prior to undertaking the job of developing an IRF risk assessment tool, organizations should briefly remind themselves of the importance of such a task.

To begin, facilities always want to ensure that they are providing the best possible care to its patients, in accordance with professional and governmental standards.

Second, since healthcare organizations operate in a finite budgetary environment, it is vital to mitigate those risks that are most damaging to the finances and reputation of the institution, and are most probable to be found by external enforcement agents.  

Finally, as no organization has the resources or ability to audit every risk it has, it is important to thoughtfully choose among risk options and be judicious with any expenditures not directly related to patient care.

Have Compliance Concerns? We Have Solutions.

Speak with an Expert Today

Elements of IRF Risk Assessment

Every risk assessment should focus on both Internal and External risks. Internal risks are those that exist within the organization due to weaknesses in policies, procedures, systems and personnel.

Organizations learn about internal risk through audits, work groups, and observing daily interaction with policies and procedures. Since internal risks are unique to every organization, suffice it to say that these risks need to be identified and recounted when prioritizing and considering overall risk to the organization.

External risks are those that exist outside the organization and can be separated into two categories: Regulatory Risk and Environmental Risk.  Regulatory risk areas can be identified by reviewing the laws, regulations, policies and guidance promulgated by governmental entities for IRFs.  Once these areas of regulatory risk are identified, organizations should examine and observe how these rules are enforced by the government and those acting on behalf of the government. The risk assessment tool proposed in this article will focus primarily on the different external risks for IRFs.

External Regulatory Risk Areas

As mentioned earlier, to conduct a robust external IRF risk assessment, it is important to identify and record the universe of IRF regulatory risk areas, noting the written reference and a brief description for each risk area. Since there are number of regulatory risk areas, it may be easier to divide the risk areas into major categories, which might include:

  • Conditions for Coverage/Conditions of Participation
  • Medical Necessity
  • Billing Integrity
  • Records Management

Billing Integrity; and Clinical Record Entries, and Hospital in a Hospital—Admission and Discharge Records that go under Records Management. For each of these areas, there should be a brief, one or two sentence description of the risk identified.

In addition to noting the Risk Category, Risk Area, Citation or Reference, and Brief Description of the Risk, organizations may want to add other indicators to its tool, such as linkage to Internal Risk areas, Risk in Previous Year, Special Mitigation Efforts in Process, and Rank (High, Medium, Low or 1-5). Each of these indicators can be placed on a spreadsheet for easy viewing

External Environmental Risk Areas

It is also important for organizations to consider the risks presented by the various governmental enforcement entities and those acting on their behalf.  Risks associated with enforcement activities may be displayed in categories that might include most recent OIG Work Plan, OIG Evaluation and Audit Reports, OIG Announced Investigations, Centers for Medicare & Medicaid Services (CMS) Major Program Updates, Health Care Reform, Recent Congressional Testimony, Recent Government and Industry Conferences. Again, under each of these would be an identified risk area, Citation or Reference and Brief Description. You may also want to prioritize the risk for each risk area. 

The use of a strong risk assessment tool is essential for prioritizing an organization’s risks, which in turn, helps to design a plan to mitigate the most important risks through revised policies and procedures, education for staff, and then monitoring and auditing those risk areas.  Once performed, the risk assessment is a valuable tool for informing the Executives in the organization and the Board of Directors about where the most vulnerable parts of its operation reside. This type of information is essential for Executive and Board members to understand in order for them to perform their oversight and accountability duties. A robust risk assessment is an invaluable tool for governance. It makes sense to do it right.

About the Author

Catie Heindel is an attorney who is certified in Healthcare Compliance (CHC), Healthcare Privacy Compliance (CHPC) and Healthcare Privacy and Security (CHPS). She has over 11 years of experience in the health care compliance industry and performs regulatory risk assessment and management services for clients, both general in scope, as well as more tailored towards specific risk areas.