Internal Audit, Risk, Business & Technology Consultingprotiviti.com/healthcare

Regulatory scrutiny of healthcare providers has never been greater. With

endless guidance issued by the government and private payers, it is important

that healthcare providers not only comply with these requirements, but also

prepare for and be ahead of any future changes. As civil and monetary penalties

have shown, it is not enough for a compliance function to merely exist. It must

effectively demonstrate a commitment to day-to-day operations, culture and doing

the right thing. Protiviti’s deep industry knowledge and skills assist organizations

in maturing their compliance departments to stay ahead of compliance risks

and build a solid foundation for future success.

Key areas where Protiviti can be of assistance in maturing your compliance function

1. Compliance Program Effectiveness Assessment and Financial Services Benchmarking

Protiviti can assist you in evaluating

the maturity of your compliance program

function and identifying areas of

continuing opportunity to ensure you stay

ahead of the curve by using our proprietary

tools. Assessments can range from a

high-level self-assessment or a detailed

dive into all elements and measures of the

compliance program.

Protiviti’s effectiveness assessment

methodology incorporates leading practices

from other highly regulated industries,

such as financial services, to further

provide our clients practical insights and

strategic benchmarking capabilities. Our

innovative, cross-industry perspective can

help you tackle complex compliance risk

management challenges and implement

pioneering best practices.

2. Compliance Risk Assessments

Protiviti’s proven four-step process identifies

your organization’s current compliance

risks, as well as your capabilities and

vulnerabilities, and then creates a risk-based,

highly focused and prioritized compliance

work plan. Protiviti can also help determine

how your compliance function compares to

other similar compliance functions.

How Protiviti Can Help Mature Your Healthcare Compliance Function

protiviti.com/healthcare

3. Staffing

Protiviti can assist your organization with staff

augmentation to provide seasoned interim

compliance leadership (chief compliance

officer), and supplemental staffing of

experienced professionals to assist with

the day-to-day operations of a compliance

program, complete an assessment, conduct

training, provide subject-matter expertise,

aid project execution, or perform specific

audits where specialized skill sets are

needed. Whether by utilizing our Protiviti

healthcare specialists or the network of

candidates available through Protiviti’s

parent company, Robert Half, we can

quickly supply highly skilled professionals

on a temporary, full-time or project-by

project basis. We partner with clients to

provide scalable assistance from interim

management of the compliance department

to tactical project-based resources.

4. Audits and Investigations

Protiviti partners with organizations in

fully outsourced, co-sourced and project-

specific arrangements to conduct audits

and investigations. We will outline areas of

concern, identify ways to reduce exposure,

and effectively address shortcomings or

challenges the organization may be facing.

We can provide assistance with audits across

all Office of Inspector General areas of focus

and other hot topics, including:

• Credit balances and overpayments

• Physician contracting and compensation

• Physician and nurse credentialing

and licensing

• Medicare reimbursement

• Drug diversion and pharmacy operations

• Two-Midnight Rule and

observation status

• False Claims Act

• HIPAA compliance gap evaluation

• HIPAA risk analyses

5. Work Plan Development and Oversight

At different times during the compliance

program lifecycle, compliance officers

may find they need additional assistance

to ensure all risks are continuing to be

addressed. We partner with organizations in

a variety of relationships, from developing

a compliance function’s work plan to

managing execution of the work plan

for designated periods of time.

6. Training

Using our deep industry experience,

Protiviti can conduct compliance

trainings for employees at all levels

of your organization, from staff,

physicians, executive management and

boards, to ensure the organization is

equipped with the latest compliance

information. We can also evaluate the

effectiveness of training materials and

assess training comprehension of staff.

protiviti.com/healthcare

7. Compliance Committee

Protiviti can assess your organization’s

compliance committee. Opportunities

for improvement often include drafting

or revising the compliance committee

charter, enhancing committee agendas,

and benchmarking committee membership.

8. Policies and Procedures & Code of Conduct

Protiviti has dedicated seasoned

professionals and a Healthcare Center

of Excellence organized to gather insights

for knowledge sharing and to develop

compliance best practice policies and

procedures. Protiviti can help you draft

policies and procedures ranging from

general or specific compliance topics to

your overall code of conduct.

9. Compliance Reporting

Protiviti assists our clients in developing

reporting mechanisms, including

dashboards, and packages on a variety of

topics, including: hotlines, investigations,

trainings, policies, audits, monitoring and

enforcements. Reporting can be geared

towards compliance staff, management

or the board/compliance committee.

10. Enterprise Risk Management

Protiviti combines our deep enterprise risk

management expertise with our compliance

solution to ensure your organization’s

regulatory risk is appropriately considered

and addressed in the development of or

an assessment of your enterprise risk

management function.

11. Corporate Integrity Agreement Assistance

Protiviti works with organizations to

satisfy required corporate integrity

agreement remediation activities. We assist

in completing implementation and annual

reports to the Office of Inspector General

on the status of your compliance program’s

activities. Protiviti can serve as a formal

internal review organization (IRO), as well

as act as a mock IRO to confidently

prepare you for your formal IRO review.

12. Coding Reviews

Protiviti has deep experience across a

variety of coding and documentation risk

areas, covering OIG-, RAC- and MACRA/

MIPS-focused issues. Protiviti works with

specialized coding auditors to provide

detailed audit reports to management

or the board showing trends of areas at

risk, including specific error rates, in a

report card format. Protiviti can then assist

organizations in creating corrective action

plans for resolution to prevent errors from

reoccurring. Additionally, Protiviti can

provide education and training to improve

compliance and promote accuracy of coding

and billing as part of a healthy revenue cycle.

13. Health Insurance Portability and Accountability Act (HIPAA)

Protiviti utilizes our subject-matter experts

to partner with your organization’s security

and privacy officers. We conduct extensive

gap analyses to identify areas of deviation

from the HIPAA requirements and overall

intent of the rule. Additionally, Protiviti can

help perform your organization’s security

risk analysis to identify opportunities

for further risk mitigation across the

organization. Further, Protiviti can help to

provide recommendations on compliance

remediation and risk management strategies

that similar healthcare organizations have

found to be effective and efficient.

© 2019 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. PRO-0319-104283 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help

leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology,

operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries. 

We have served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. We also work with smaller,

growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of

Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

Richard Williams Global Healthcare Industry Practice LeaderDallas, TX+1.214.395.1662richard.williams@protiviti.com

Leyla Erkan Global Healthcare Compliance LeadChicago, IL+1.312.213.5606 leyla.erkan@protiviti.com

CONTACTS

14. Conflicts of Interest

Protiviti partners with organizations to

establish conflict of interest protocols. We

have completed assessments of the conflict

of interest process to identify and mitigate

any risks to minimize the likelihood of a

possible conflict of interest. We also have

extensive experience in assessing conflicts

of interest disclosures for appropriateness.

15. Business Associates Agreements

Business Associate Agreements (BAAs)

are not only required under HIPAA but also

are critical to ensure your data is protected

when accessible by external individuals

and/or vendors. Protiviti works with

organizations to review all aspects of the

BAA process and performs reviews of third-

party relationships to identify those that

require a BAA. We also help organizations

determine if all of the necessary HIPAA

requirements are in place for existing BAAs.

16. Clinical Research

Clinical research activities are fraught

with regulatory compliance risk.

Protiviti’s comprehensive clinical research

compliance assessments include initiatives

to determine the sufficiency of policies,

procedures and other controls in place to

mitigate the major areas of research-related

risk, such as billing for trial-associated

procedures, human subject protection and

IRB operation, informed consent practices

and documentation, study and patient

folder completeness, conflict of interest

identification and management, and animal

research. Our assessments can also be

tailored to review those specific areas that

are of most concern to your organization.