WORKSHOP
Risk Assessments: Health Center Requirements and Recommendations
January 27 & 29, 2026
1:00–4:00 p.m. ET
January 21, 2026 at 1:00 pm (EDT)
Workshop Information
Overview
Learning Objectives
Audience
Instructors
Format
General
Session 1
Session 2
Health centers operate under a complex set risk assessment requirements and recommendations, including:
This workshop is designed to help health centers understand what’s required, what’s recommended and how to implement a meaningful risk assessment process. In this workshop, attendees will learn:
This workshop will cover the requirements and provide practical strategies and tools for collecting and analyzing information about your health center’s compliance risks.
- FTCA requirements to conduct quarterly risk assessments
- HIPAA Security Rule requirements to conduct regular security risk analyses; and
- The Office of the Inspector General (OIG) expectations to conduct regular compliance risk assessments to identify fraud, waste, and abuse.
This workshop is designed to help health centers understand what’s required, what’s recommended and how to implement a meaningful risk assessment process. In this workshop, attendees will learn:
- Compliance risk assessment essentials: Including how to meaningfully involve senior leadership, design risk assessment document reviews and interview questions, assign risk levels and understand your health center’s risk tolerance
- Risk assessment requirements: Identify current risk assessment requirements for health centers, including how to address common deficiencies identified by the FTCA Division of HRSA in the 2026 FTCA deeming applications and by the Office for Civil Rights (OCR) in recent enforcement actions
- Risk assessment recommendations: Develop a compliance risk assessment process that reflects and prioritizes recommended risk assessment areas based on your health center’s top risk areas
This workshop will cover the requirements and provide practical strategies and tools for collecting and analyzing information about your health center’s compliance risks.
Session 1 of this workshop will include:
- Risk assessments as an element of your Compliance Program: A formal compliance risk assessment helps identify, evaluate, and prioritize potential compliance risks. It forms the foundation of your compliance program—guiding how to focus your health center’s effort, time, and money. We’ll discuss the OIG’s expectation that health care providers conduct compliance risk assessments at least annually, that the Staff Compliance Committee be responsible for conducting and implementing compliance risk assessments, and that the Compliance Program itself be part of the compliance risk assessment.
- Risk assessment models and approaches: In this section, we’ll discuss a range of models and approaches for conducting risk assessments in health centers—from qualitative heat maps to quantitative scoring and hybrid frameworks. We’ll discuss the key factors that should guide the selection of a model suited to your organization’s size, structure, and risk profile, and review practical examples showing how different methods identify and prioritize compliance risks. Participants will gain actionable insights and practical tools to design a structured, repeatable process that enhances oversight and supports continuous compliance improvement.
Session 2 of this workshop will include:
- FTCA Risk Assessments: Deeming health centers are required to implement an ongoing risk management program that includes quarterly risk management assessments. In this section, we’ll review the requirements and discuss the warning notices issued by the FTCA Division of HRSA in response to the 2026 FTCA deeming application reviews. We’ll provide strategies for developing risk assessment documentation to ensure continued FTCA coverage.
- HIPAA Security Risk Analysis: Since it was issued in 2003, the HIPAA Security Rule has required covered entities to conduct a security risk analysis. In this section, we’ll review that requirement and how the Office for Civil Rights (OCR) has interpreted the requirement in recent enforcement actions, including OCR’s new security risk analysis initiative. We’ll also discuss the changes OCR proposed to the HIPAA Security Rule in 2025, providing the latest updates the Security Rule requirements and compliance deadlines.
- Developing a Compliance Work Plan: Risk assessment results need a response. In this section, we’ll discuss how to develop activities for your health center’s compliance work plan that reflect and respond to identified risks. We’ll focus on including auditing and monitoring activities, developing policies and procedures, and training and education.
- Compliance Officers
- Risk Managers
- COOs
- Clinical Leadership
- Explain the OIG’s latest guidance and expectations for conducting a formal compliance risk assessment.
- Design a risk assessment strategy to meet risk assessment requirements under the FTCA and HIPAA Security Rule.
- Apply practical best practices to strengthen and enhance your health center’s next compliance risk assessment.
Dianne Pledgie
Molly Evans
Alexander Lipovtsev
Principal
Dianne advises health care and non-profit organizations on the development and implementation of robust compliance programs.
Dianne also provides legal guidance on privacy, security and confidentiality matters, with particular focus on Health Insurance Portability and Accountability Act (HIPAA), 42 C.F.R. Part 2 and the Information Blocking Rule, including:
Dianne also provides legal guidance on privacy, security and confidentiality matters, with particular focus on Health Insurance Portability and Accountability Act (HIPAA), 42 C.F.R. Part 2 and the Information Blocking Rule, including:
- Advising clients on their obligations to protect patient records, respond to patient requests, and develop policies and procedures;
- Reviewing business associate agreements, data use agreements, and patient consents related to the use and disclosure of protected health information and sensitive information; and
- Supporting clients experiencing security incidents.
Principal
Molly provides strategic counsel to community health centers, healthcare organizations, and state and national associations on a full spectrum of legal, compliance, transactional, and governance matters. Her counsel helps organizations design effective legal structures, policies, and agreements that mitigate risk, ensure compliance with federal and state requirements, and support long-term sustainability and mission alignment.
Principal
Alex supports federally qualified health centers, behavioral health organizations, and other healthcare providers in developing and implementing effective compliance and risk management programs. With a strong understanding of the challenges posed by a fast-paced regulatory environment, he helps clients conduct risk assessments, develop policies and procedures, and deliver training and technical assistance in areas such as compliance, emergency management, and business continuity.
Alexander is a licensed clinical social worker (LCSW) registered in New York, and holds both Certified in Healthcare Compliance (CHC) and Certified Healthcare Provider Continuity Professional (CHPCP) certifications.
Alexander is a licensed clinical social worker (LCSW) registered in New York, and holds both Certified in Healthcare Compliance (CHC) and Certified Healthcare Provider Continuity Professional (CHPCP) certifications.
- This is a workshop educational activity, which consists of two separate virtual sessions on two separate days.
- Each workshop session will last approximately 3 hours, including breaks.
- Each workshop session will be recorded.
- Each workshop session recording will be available on-demand shortly after the conclusion of the live session.
Quick links
Resources
Join our mailing list
Be the first to know about new content and training products!
Thank you!
© 2025 Powers Pyles Sutter & Verville PC. All rights reserved.