Do you have the resources; time and or people? Do you have the expertise? Do you have an internal audit team or are you using contract auditors?
How often should you audit? What do you do with the audit findings? I am tired already, and we haven’t even gotten started.
*Updated from original post on 11/15/2016
Here is some good news, in the recently published HCCA/Office of Inspector General (OIG) Measuring Compliance Program Effectiveness: A Resource Guide you can find the word audit on 49 different pages and on 255 occasions. Definitely a plethora of information.
Things to keep in mind
An important thing I learned over the course of my career as a Compliance Officer was the concept of “verify and validate”. So as you begin to prepare, think about how you will verify and validate the information you are gathering.
Verify and validate
One easy way to verify and validate is to conduct staff interviews as part of the audit process. Getting information from the people who do the job every day is invaluable. The auditors will also establish a rapport with the staff. These are both important components of an effective healthcare audit, but ultimately you have to see the process, documentation, and/or outcomes to truly verify and validate.
Define the risks
First, you need to clearly define the risk or risks which will lead you to create an audit. You can’t begin to prepare for an audit unless you clearly understand the risk you are seeking to monitor for current status or improvement. For purposes of this blog, we will “assume” you have completed a risk analysis, and this step is completed (Good job.) If not, here’s a link in our Risk Assessment Series on how to implement risk assessments.
The audit purpose
When putting the process together, ask yourself what outcome(s) are you trying to achieve? Is it a risk validation or an assessment of a risk. If it is a risk assessment, you might consider using a scoring system so that you can more easily communicate the severity of the risk. Your audit outcome may also determine if additional risk monitoring is necessary. For a risk validation, it might be as simple as a yes or no measurement.
Identify the resources
Now, identify the people and/or systems that will be part of the audit process. You have to identify people who have the knowledge/background related to the risk area so you can interview them or have them assist you in preparing the audit. You also have to identify whether or not there are systems that contain data that you will need to review prior to or during the audit. Also, you will need to familiarize yourself with all of the associated policies and procedures as well.
Now you should be ready to identify who to interview, what data to review, and what policies or procedures to research (validate/verify) before beginning your audit.
What tools and where
Next, you have to decide who will be conducting your audits; internal or third-party. Will the audits be completed on-site, through data analysis or phone interviews? How will you collect and report the information? All of these are important steps in creating an effective compliance audit.
To be effective you need to properly prepare, taking time to consider what tools and/or resources you will need to confidently complete your audit.
Create your tools, go out and verify and validate what is happening in your health care organization, and communicate your findings.
The next steps
These will involve understanding the data you collected and implementing corrective actions. Each program and environment will be different, so try your best to identify unique characteristics for your organization, and determine how to leverage your findings for better results!
Written by Donna Thiel, Chief Compliance Officer
Donna Thiel is the Director of our Compliance Integrity team, a consulting division of ProviderTrust. Donna works with compliance officers across the country to help reduce the stress and anxiety of this very difficult role.
