Risk Assessments: Health Center Requirements and Recommendations | Workshop Day 1

Health centers operate under a complex set risk assessment requirements and recommendations, including:

• FTCA requirements to conduct quarterly risk assessments
• HIPAA Security Rule requirements to conduct regular security risk analyses; and
• The Office of the Inspector General (OIG) expectations to conduct regular compliance risk assessments to identify fraud, waste, and abuse.

This workshop is designed to help health centers understand what’s required, what’s recommended and how to implement a meaningful risk assessment process. In this workshop, attendees will learn:

• Compliance risk assessment essentials: Including how to meaningfully involve senior leadership, design risk assessment document reviews and interview questions, assign risk levels and understand your health center’s risk tolerance
• Risk assessment requirements: Identify current risk assessment requirements for health centers, including how to address common deficiencies identified by the FTCA Division of HRSA in the 2026 FTCA deeming applications and by the Office for Civil Rights (OCR) in recent enforcement actions
• Risk assessment recommendations: Develop a compliance risk assessment process that reflects and prioritizes recommended risk assessment areas based on your health center’s top risk areas

This workshop will cover the requirements and provide practical strategies and tools for collecting and analyzing information about your health center’s compliance risks.

Audience:

• COOs
• Compliance Officers
• Risk Managers
• Clinical Leadership

Agenda Day 1:

• Risk assessments as an element of your Compliance Program: A formal compliance risk assessment helps identify, evaluate, and prioritize potential compliance risks. It forms the foundation of your compliance program—guiding how to focus your health center’s effort, time, and money. We’ll discuss the OIG’s expectation that health care providers conduct compliance risk assessments at least annually, that the Staff Compliance Committee be responsible for conducting and implementing compliance risk assessments, and that the Compliance Program itself be part of the compliance risk assessment.
• Risk assessment models and approaches: In this section, we’ll discuss a range of models and approaches for conducting risk assessments in health centers—from qualitative heat maps to quantitative scoring and hybrid frameworks. We’ll discuss the key factors that should guide the selection of a model suited to your organization’s size, structure, and risk profile, and review practical examples showing how different methods identify and prioritize compliance risks. Participants will gain actionable insights and practical tools to design a structured, repeatable process that enhances oversight and supports continuous compliance improvement.

Presenters:

• Dianne Pledgie
• Molly Evans
• Alexander Lipovtsev