UW Medicine Compliance
Compliance Risk Assessment – COMP.009
This policy requires UW Medicine to engage in comprehensive and on-going formal assessments which identify and mitigate compliance risks. It applies to UW Medicine compliance departments, executive and administrative leaders and operational departments.
Applicability: UW Medicine and UW Medicine Affiliated Covered Entity, excluding UW Physicians and
UW School of Medicine
Policy Title: Compliance Risk Assessment
Policy Number: COMP.009
Superseded Policies: VMC, Corporate Compliance Program Assessment Policy & Procedure
Date Established: October 11, 2017
Date Effective: November 20, 2020
Next Review Date: November 20, 2023
UW Medicine is committed to maintaining an effective compliance program through ongoing risk assessments which identify, mitigate and correct noncompliance. Toward that end, leadership, operations and compliance staff partner to identify, analyze and prioritize compliance risks affecting the organization, evaluate the probability of those risks occurring and their potential impact to the organization, and determine how those risks should be managed. Compliance risk areas include, but are not limited to fraud, waste, abuse, and patient information privacy and security. Risks are evaluated annually, and if appropriate, on an as needed basis. This annual risk assessment forms the basis of the Compliance Work Plan.
At a minimum, each risk assessment considers the following factors:
- The Office Inspector General (OIG) Workplan
- Internal and external audit results;
- Regulatory developments, rule changes, enforcement focus and other trends;
- Internal operational and structural changes;
- Compliance inquiries and consultations;
- Findings associated with compliance investigations;
- The presence or absence of internal controls;
- Factors specifically mandated by federal, state or institutional requirements; and
- Nature of the risks (for example, reputational damage, operational disruption, penalties and other costs).
The assessment process is coordinated by a compliance official with scope and jurisdiction over the issue who creates and maintains documentation of the risk assessment and corresponding Compliance Work Plan. The Compliance Work Plan is approved by the Compliance Governance Group, and includes compliance risk mitigation strategies, including but not limited to policy development and education and audit plans.
- UW Medicine Compliance Glossary.
- Entity and department-specific risk assessment procedures.
- United States Sentencing Commission, Guidelines Manual, §8B2.1 (Nov. 2016).
- Compliance Program Guidance for Hospitals, 63 Fed. Reg. 8987 (February 23, 1998).
- Supplemental Compliance Program Guidance for Hospitals, 70 Fed. Reg. 4858
(January 31, 2005).
- Risk Analysis, 45 C.F.R. §164.308(a)(1)(ii)(A).
- Centers for Medicare and Medicaid Services (CMS), Medicare Managed Care Manual, CMS Pub. 100-16, Chap. 21 (Rev. 110, Jan. 11, 2013); available at https://www.cms.gov/regulations-and-guidance/guidance/manuals/downloads/mc86c21.pdf.
- CMS, Medicare Prescription Benefit Manual, CMS Pub. 100-18, Chap. 9 (Rev. 16, Jan. 11, 2013); available at https://www.cms.gov/regulations-and-guidance/guidance/manuals/downloads/mc86c21.pdf.