Chief Compliance and Ethics Officer Health Care

 View Only
  • 1.  Heat Map and Risk Assessment Categories for Enterprise Risk

    Posted 13 days ago
    Good  Afternoon, Everyone.

    My supervisor has requested that I use a heat map to have as a visual document to discuss enterprise.  I created one, as requested.  He said it was too detailed.  He now wants me to take all identified risks and categorize them into not more than 15 areas of risk. If anyone uses a heat map for risk assessment, would you mind sharing your map and your enterprise categories?   I have my detailed enterprise risk map completed. I am willing to share my work as well. I will greatly appreciate any assistance you can provide in this area.

    Current Risk Categories I have identified:
    1. Billing and Coding
    2. Litigation
    3. Cyber
    4. Breaches ( Privacy and Security)

    Thank you in advance.



    Kristi Lewis
    VP, Corporate Compliance Officer
    Covenant Physician Partners
    Default Blank

  • 2.  RE: Heat Map and Risk Assessment Categories for Enterprise Risk

    Posted 12 days ago
    You might consider including reputational risk (or media exposure). I work exclusively in the realm of helping organizations with professional boundaries, sexual misconduct, and abuse. We continue to see increasing attention to these types of allegations within healthcare, particularly on the heels of some very large settlements over the last few years. These types of claims will often fall into your litigation risk category, but the reputational risk can be significant.


    Candace Collins
    Director of Strategic Alliances

    Default Blank

  • 3.  RE: Heat Map and Risk Assessment Categories for Enterprise Risk

    Posted 12 days ago

    Hi Kristi!


    I don't have a heat map, and I wasn't sure what "enterprise" meant, but I recently had each manager/director develop a list of their departments' top two risks (then they developed a simple action plan with tasks on how they could reduce those risks).  I don't' know what type of organization you're with, but thought I would share some of the categories that managers/directors sent me in case you could use them...


    • Accreditation
    • Employment (hiring, credentialing, termination, required annual education, exclusion checks, etc.)
    • Discrimination (I've seen an uptick in a variety of discrimination complaints)
    • Patient Management (patient safety, falls, ensuring patients sign consents, receive proper paperwork, medication management, etc.)
    • Facility Compliance (OSHA, Life Safety, etc.)
    • Contracts/Agreements (Joint Ventures, Employed Providers [fair market value], Pricing Agreements)




    ******************************************* This message and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

    Default Blank

  • 4.  RE: Heat Map and Risk Assessment Categories for Enterprise Risk

    Posted 11 days ago
    Hi Kristi,

    Last year, SCCE & HCCA partnered with COSO to release: COSO- Applying ERM Framework to Compliance Risk.

    The guidance is indicated for Compliance professionals who want to align the program or integrate with an ERM framework. It outlines five components and 20 principles of an effective compliance program as it relates to enterprise risk management.

    Wondering if It may be possible to follow this model and similarly categorize the risks that were identified based on the principles underlying the five components. At least, it may provide insight on additional categories to consider.

    Ta-Tanisha Thomas, MBA, CCEP, CHPC, CHC
    HCA Healthcare E&C Compliance Standards Manager
    Nashville, TN

    Anything stated is my sole opinion and not that of my Company.

    Default Blank