Confidentiality, Privacy and Security

Crystal Ball Time...Auditing

  • 1.  Crystal Ball Time...Auditing

    Posted 08-12-2020 08:08
    In the course of studying for certification exams, the question of audits often comes up since auditing, as indicated by the Office of Inspector (OIG), is the one way the effectiveness (or not!) of a compliance program can be assessed.  So that being said, and many folks are dealing with HIPAA Privacy and Security compliance programs...the following question.

    What audit is there that you would like to see put in place within your facility?  (Example....one popular audit is to assess whether the access to ePHI, such as through an EHR, is discontinued in a timely manner according to policy, once a workforce member leaves the organization (voluntarily or involuntarily).

    Offlist responses are fine.  If I do receive offlist responses, I'll summarize and post them later this week.

    Thanks to all!

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    Posted: 5:07 AM AZ time
    ------------------------------


  • 2.  RE: Crystal Ball Time...Auditing

    Posted 08-13-2020 08:10
    Auditing, I think we all wish we had more time for it.   I routinely do access audits - did you access your neighbor's records, you spouse's record, high profile records.   Was everyone accessing a record, part of the team who needed to review the record.  We have software that can do a lot of this for us.

    I would like to audit the date of departure of an employee versus date of access to network,  EHR, etc is terminated.  I think the average time would be good to know and measurable.

    Another project is to verify that there is a BAA (or appropriately paperwork) for anyone who has access to your organization's systems remotely.   Of course, BAA could be a big audit in itself.

    ------------------------------
    Esta Farmer
    Director Medical Record Department
    Northern Hospital of Surry County
    ------------------------------



  • 3.  RE: Crystal Ball Time...Auditing

    Posted 08-13-2020 09:16
    Esta Lynn,

    Those are some very good examples.  You highlighted something very interesting which I think is worth it's own post which I will do next.

    Thanks for sharing!

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------