Crowe utilized input from executive management and board members at many of the largest U.S. health systems and analyzed risk assessments conducted by the firm at hundreds of health systems, hospitals and other healthcare provider clients during 2022. The report groups risk areas into six categories – clinical, emerging, financial and operational, legal and regulatory compliance, new regulation, and technology. While the risks are not ranked, workforce, inflationary economy, cybersecurity and business continuity were consistently identified as the highest risks by executives and board members alike.
"Health systems historically have not had to deal with workforce issues at this scale before, so industry executives are strategizing how to best address pandemic-related burnout, accelerated retirements and the competition for talent in the current market," said Colleen Hall, managing principal of healthcare at Crowe. "Labor shortages have a direct impact on the quality of care they are able to provide their patients, so recruitment and retention must be a top priority to leadership."
Inflation and talent costs go hand in hand, with staff at many organizations requesting salary adjustments given the rising cost of living expenses. Hospitals are also heavily relying on contract labor such as traveling nurses to fill staffing gaps, which tend to come at a higher cost. To help expand workforce risk coverage, audit and compliance professionals can utilize technology to analyze timekeeping, retention expenses and turnover data to make necessary adjustments and improve operations.
As organizations become more dependent on technology to support operational, clinical and financial processes, they also become more vulnerable to data breaches and ransomware events. According to the Crowe report, preparing for an emergency that could hamper or shut down operations, such as a ransomware attack, while continuing to care for patients and communities is one of the most significant risks facing healthcare providers. Hall noted that failure to formulate a plan for these types of disruptions can cause reputational damage and result in severe legal and financial repercussions. To help mitigate these risks, organizations should consider conducting business continuity plan assessments and IT backup and recovery audits.
Grouped by category, the top risks identified in the full report are:
- Clinical risks – Behavioral health, patient safety, opioids, supply chain and telemetry monitoring
- Emerging risks – Coronavirus Aid, Relief, and Economic Security Act, health equity and social determinants of health, and increased use of robotic process automation
- Financial and operational risks – Accounts payable processing fraud, community benefit, inflationary economy, drug diversion and 340B, physician practices, vendors and business associates, workforce, and workplace violence
- Legal and regulatory compliance risks – Emergency Medical Treatment and Labor Act, Society Security Act Section 1135, and telehealth and remote patient monitoring
- New regulation risks – Cybersecurity, No Surprises Act and state-regulated data privacy
- Technology risks – Cybersecurity insurance and ransomware preparedness, IT and operational business continuity management, and post-merger integration of IT systems and data
Hall continued, "It is important for healthcare internal audit departments to thoroughly understand their organization's operations and strategic direction while keeping a pulse on current and emerging risks in the industry. By identifying areas in which they are vulnerable, they can develop comprehensive audit and compliance work plans and ensure they are properly allocating their resources to avoid undue risk exposure."
To download a copy of the report, please visit "25 Top Management Risks for Healthcare in 2023."
About the report
Crowe has identified the top management risks facing healthcare organizations in 2023 using input from executive management and board members at some of the largest health systems in the U.S. and Crowe risk assessments conducted at hundreds of health systems, hospitals, and other healthcare provider clients. Crowe defines a risk area as anything that might impede a healthcare organization's ability to achieve its goals in critical areas such as patient care, regulatory compliance, operations, strategic growth, and financial performance. The report groups risk areas into six categories – clinical, emerging, financial and operational, legal and regulatory compliance, new regulation, and technology, It includes audits that internal audit and compliance teams should consider to mitigate the specific risks and tips on how technology can be used to assist in those audits.
About Crowe
Crowe LLP is a public accounting, consulting and technology firm with offices around the world. Crowe uses its deep industry expertise to provide audit services to public and private entities. The firm and its subsidiaries also help clients make smart decisions that lead to lasting value with its tax, advisory and consulting services, helping businesses uncover hidden opportunities in the market – no matter what challenges the markets present. Crowe is recognized by many organizations as one of the best places to work in the U.S. As an independent member of Crowe Global, one of the largest global accounting networks in the world, Crowe serves clients worldwide. The network consists of more than 200 independent accounting and advisory services firms in more than 130 countries around the world.
Twitter: @CroweUSA
LinkedIn: Crowe
SOURCE Crowe LLP
Share this article