The administrative complexities of the healthcare system and its onerous regulatory environment continue to increase the cost to administer a self-funded health plan – not to mention exacerbating the operating and compliance risks to plan sponsors. Although much of the administrative burden is outsourced to third parties, plan sponsors continue to experience higher administrative fees and an unacceptable level of eligibility and administrative claims payment errors.

It is challenging for plan sponsors to tackle these issues if monitoring and oversight are siloed and conducted on a periodic basis. Here are seven key steps that plan sponsors can take to develop a more effective healthcare administration monitoring and oversight program.

1. Assemble a Multidisciplinary Team of Professionals

Plan sponsors must have a team that collectively possesses the knowledge, skills, technology, and authority to monitor and oversee the program. In addition to a deep understanding of the organization’s health plan, these professionals should have a background in healthcare benefit administration, audit, risk, and law. It is not uncommon for an organization to hire an outside consultant to fill one or more of these roles, as well as facilitate the initial identification and assessment process.

2. Outline the Operating Environment of the Plan

Seeing the whole picture, rather than a collection of silos, is important to understanding where issues may arise. To do this, create a high-level workflow diagram that details the eligibility and administrative claims process, the parties involved, the systems utilized, the dependencies and interfaces, and the related transaction volume. Once complete, segregate the diagram by each of the administrative processing cycles as well.

3. Define Risk Tolerance

Eliminating all risk from the administrative process is impossible, so it is important to know your appetite for risk and calculate the level your organization is willing to accept.

4. Identify Risks

Using the administrative process workflow diagram, conduct a brainstorming session to explore the plan’s susceptibility to financial loss derived from people, processes, and systems. The objective of this session is to impartially identify – not eliminate – all possible risks.

Once identified, record and log each one into an administrative processing cycle “risk register,” a repository for all risks identified in the plan’s universe. Once all risks have been identified, each one should be reviewed and linked to interrelated risks. Later, additional information will be added to this register, so the risk management plan can be carried out in an efficient and effective manner.

5. Assess and Prioritize Risks

Once all risks have been identified, evaluate how likely each one is to occur and its financial impact. This two-stage process should consider the design and operational effectiveness of the organization’s internal control structure.

Since it is not uncommon for the combined exposure of interrelated risks to be greater than the sum of the individual ones, it is important to evaluate risks individually and collectively. Where practical, use data analytic tools to assist and refine the quantitative evaluation of the healthcare claims data.

Compare the assessment against the organization’s risk tolerance to determine which need to be addressed first, keeping in mind that additional factors like vulnerability and speed of onset, may impact the risk ranking.

6. Develop an Interrelated Risk Response

The risk assessment and prioritization process results will serve as the foundation for your monitoring and oversight program. Now you must determine how to address each one:

  1. Accept the risk if it is within the organization’s risk tolerance threshold.
  2. Reduce the risk through mitigation activities.
  3. Transfer the risk – primarily through insurance – to reduce it to an acceptable level.

A fourth – but unlikely – option is to avoid the risk altogether.

Teams most often choose mitigation activities or transfer when the financial impact is deemed moderate or greater, and the probability of its occurrence is possible. In this case, all other risks can be accepted, but should continue to be tracked by the team.

To ensure a cohesive strategy, each risk mitigation activity should be aligned to the risk it is intended to address. The register should indicate the type of mitigation strategy undertaken (i.e., preventative, detective, or corrective) and the planned level of risk reduction. This analysis identifies potential coverage gaps where adjustments are necessary. To design the best strategy, avoid repetitive coverage unless multiple strategies are needed to reduce it to an acceptable level.

7. Implement, Monitor, and Reassess

Once the risk mitigation plan is put into action, share it with each project owner so updates can be made in a timely manner. Keep in mind that project owners who address one or more of the same risks must collaborate to ensure the risk is properly mitigated. The team should continually monitor the plan for risk relevancy and ranking as well as to ensure it adequately reflects all risks present. If the plan isn’t reducing risk as it should, re-evaluate it to ensure it is designed properly.

The risk monitoring and oversight process is a continuing cycle of identification, assessment, prioritization, and response.


Amid heightened scrutiny and ever-increasing complexity, healthcare administrators face unique challenges related to the operation, regulation, and design of claims administration processes. A well-constructed, cohesive healthcare administration monitoring and oversight program is vital to navigating the impact such challenges put on health plan administration. Plan sponsors that can master this process will create a more risk-focused culture, provide a comprehensive framework to manage and mitigate it, improve decision making, and reduce costs.

About the Authors:

Matthew Dubnansky TMDG Healthcare Assurance and Risk ConsultingMatthew B. Dubnansky, CPA, CGMA | Partner
Matt leads our national healthcare assurance and risk consulting practice. He is a forward thinking leader who works with plan sponsors across North America to better manage and oversee their plan benefit administration. He is also a published author and speaks on various topics at industry leading conferences. Matt provides clarity to simplify an otherwise complex healthcare system, focus to concentrate resources on what matters most, and actionable insights to optimize health plan administration.

Adam C. Meier TMDG Healthcare Assurance and Risk ConsultingAdam C. Meier, CPA, CEBS, GBA, RPA | Manager
Adam primarily provides consulting services to jumbo local and national self-funded health and welfare plans. He is an industry thought leader who serves on local boards and international committees for the International Society of Certified Employee Benefit Specialists. Adam has experience managing complex engagements and creating value for health and welfare plans by delivering proven solutions that mitigate operational and compliance risk, hold insurance companies accountable, and recover claim overpayments.