Written by Donna Thiel, Chief Compliance Officer at ProviderTrust
While the healthcare industry is constantly evolving, one thing remains the same: the need to prepare for compliance audits. It’s a daunting process that I’ve taken on many times over my 30 years as a Compliance Officer.
Here’s what I’ve learned.
Start at the Beginning
Audits are all about preparation. Start by asking the most basic questions:
- Do you have the resources, time, and/or people to complete your audit?
- Do you have the expertise?
- Do you have an internal audit team, or are you using contract auditors?
- How often should you audit?
- What do you do with the audit findings?
I’m tired already, and we haven’t even gotten started.
Verify and Validate Everything
An important thing I learned over the course of my career as a Compliance Officer was the concept of “verify and validate.” Everything you discover should be verified, validated, and confirmed as fact throughout the process.
Conducting staff interviews is an excellent way to include verification and validation in your audit process. Getting information from the people who do the job every day is invaluable, and the auditors will also establish a rapport with the staff. These are both important components of an effective healthcare audit, but ultimately, you have to see the entire process, documentation, and outcomes to truly verify and validate.
Everything should be verified, validated, and confirmed as fact.
Define the Risk and the Purpose
You can’t begin to prepare for an audit unless you clearly understand the risk you are seeking to monitor for current status or improvement. It’s best to start assessing how prepared you are before you even get started. What outcome(s) are you trying to achieve? Is it a risk validation or an assessment of a risk?
If it’s a risk assessment, consider using a scoring system to better communicate the severity of the risk. Your audit outcome may also determine if additional risk monitoring is necessary. For a risk validation, it might be as simple as a “yes or no” measurement.
Strengthening Healthcare Security: A Collaborative Approach with HITRUST and ProviderTrust
Identify the Resources You Need
Now, identify the people and systems that will be part of the audit process. Identify people with knowledge or background related to the risk area so you can interview them or have them assist you in preparing the audit.
You also have to identify whether or not there are systems that contain data that you will need to review prior to or during the audit. Also, you will need to familiarize yourself with all of the associated policies and procedures.
Now you should be ready to identify who to interview, what data to review, and what policies or procedures to research (don’t forget to validate and verify!) before beginning your audit.
The Final Touches
Next, you have to decide who will be conducting your audits—internal or third-party. Will the audits be completed on-site, through data analysis or phone interviews? How will you collect and report the information? All of these are important steps in creating an effective compliance audit.
To be effective, you need to properly prepare, taking time to consider what tools and resources you will need to confidently complete your audit. Create your tools, go out and verify and validate what is happening in your organization, and communicate your findings. Don’t forget to retain your research as compliance evidence moving forward.
Evaluate Your Compliance Monitoring Program with the Impact Compliance™ Spectrum
What If I Find Something?
In a perfect world, your audit would yield perfect results. But a crucial part of the auditing process is taking your findings and learning from them so that you can do better moving forward. If you find something, don’t panic—follow these steps:
- Look at your process and assess where it broke down.
- Ask yourself: was this systemic, an anomaly or human error?
- Understand the impact of your findings: is there any potential patient harm, litigation or regulatory risk?
- Finally, decide if you have the internal expertise to evaluate reporting requirements, or if outside counsel is needed.
And remember, if you’re a ProviderTrust client, don’t hesitate to lean on our expertise. If you are auditing processes related to the types of services we provide, leverage our products and our people, we are here to help. Happy auditing!
