When the HHS Office of Inspector General’s (OIG) new General Compliance Program Guidance (GCPG) recommended that compliance committees—not compliance officers—take charge of risk assessments, it struck a chord with Wendy Trout, senior director of corporate compliance at WellSpan Health in York, Pennsylvania.[1] She said WellSpan had already gone down that route, but in a slightly different way.
A compliance risk assessment team (CRAT) that’s separate from the compliance steering committee meets monthly to review and assess risk areas, Trout explained. Although some of its members also serve on the compliance steering committee, which provides high-level oversight, the CRAT has a different modus operandi, Trout said. It gets more in the weeds. But the driving force behind the CRAT reflects the OIG’s reason for leaving the risk assessment off the list of primary responsibilities of a compliance officer.[2]