Make the Most of Your Patient Privacy Monitoring Program
Having an effective patient privacy monitoring program is necessary to demonstrate compliance and to protect sensitive ePHI. Unfortunately, it is often difficult for organizations to execute a successful program due to time, resource, and budget constraints. Many organizations that deploy patient privacy monitoring technologies failed to achieve compliance during an OCR audit because they were not utilizing the capabilities of the audit tool, could not produce an audit and monitoring plan, or were merely automating what they had been doing previously which was inadequate or reactive.
What is utterly amazing about this is that fraud is a multi-billion dollar problem in healthcare. It robs legitimate dollars from other positive initiatives, it tarnishes reputations when discovered, other than patient safety it probably does more damage than anything else to patient confidence, yet the industry treats it as if it is someone else’s problem. Fraud is happening everywhere, most just aren’t aware of it yet. If you are not looking (auditing) you don’t know what you don’t know.
– Mac McMillan, President of CynergisTek
To help alleviate the technical and administrative burdens that health care delivery systems face, as well as the challenge of limited resources, CynergisTek can help implement and optimize your patient privacy program with our Patient Privacy Monitoring Services.
Optimize Your Patient Privacy Monitoring Program
Patient Privacy Managed Services helps our healthcare organization partners establish, enhance, and maintain an effective auditing and monitoring program. This service is a holistic and thorough approach designed to meet the needs of healthcare organizations of all sizes. The service includes an initial program assessment, a customized optimization plan architected to achieve successful integration and adoption of the technology chosen by the organization, and a designated team of analysts to conduct scheduled audits. Discover which level of service best suits your organization:
Patient Privacy Monitoring Services Select
Our select-level option is a cost-effective managed service that provides scheduled proactive monitoring, analysis, and reporting utilizing your audit tool.
Patient Privacy Monitoring Services Elite
The elite-level services offers a dedicated managed service partnership of advanced analysis and management of your patient privacy monitoring program.
CynergisTek obtains and reviews relevant information and documentation regarding current auditing and monitoring practices and planned data capture parameters to support future privacy monitoring operations. Analysis of information received from the customer to address completeness of policies/procedures/plan is with respect to regulatory guidance and industry best practices. CynergisTek provides the customer with a set of observations regarding the maturity of the privacy audit program as well as relevant policy and procedure templates if needed.
Current & Future State Analysis
CynergisTek conducts a current-state working analysis of the existing privacy monitoring practices in an interactive session with customer representatives. Through interviews with key stakeholders, CynergisTek conducts a deeper and broader baseline gap analysis of patient privacy monitoring practices. CynergisTek provides a document capturing observations and optimization recommendations to the customer at the completion of this phase.
Optimization Plan & End User Training
CynergisTek delivers a customized, proactive ePHI access auditing and monitoring optimization plan that includes: implementation of a gradual escalation process through a phased approach towards a comprehensive ePHI access auditing and monitoring environment; implementation of essential processes; normalization process approach for behavioral modeling to support identity theft and fraud detection program; recommendation plan for alerts and reports to include frequency and distribution; recommended updates to policies and procedures needed to support the audit plan; and collaboration with your auditing tool manufacturer to confirm configuration is aligned to support the optimization plan.
Validation & Testing of the Audit Tool
Your Patient Privacy Monitoring Services Team conducts a comprehensive validation and testing process. Key process elements include: testing the functionality of all reports and alerts within your tool, comparing testing findings with your tool manufacturer, assembling a comprehensive report of findings, determining if any current data element gaps impact audit reports, and provide a set of recommendations based on findings.
Proactive Audit Report Analysis
On a monthly basis, CynergisTek’s team of analysts complete, per approved delivery schedule, analysis of planned proactive audits; escalate findings to our managed services customer’s; ensure the audit tool functions as intended or escalate notice to the manufacturer; and conduct a review of next month’s scheduled audits for program readiness. Following completion of proactive audit analysis, notification of audit results are delivered directly to our clients.
Incident Documentation & Escalation of Findings
On an ongoing basis, CynergisTek provides program updates and identifies each program element for ease of reference. All program-related deliverables, team communication and notifications are efficiently contained within one location to ease the administrative burden associated with program management. Following completion of necessary analysis methodology steps and associated documentation within the audit tool, a notification of completion is delivered to include: the report type, description of the report, date range of the audit, volume of findings, and specific cases for the organization’s review and handling.
Audit Tool Optimization
CynergisTek provides dedicated analysts to manage and monitor the customer’s audit tool and escalate findings per agreed upon timelines. All issues are tracked and progress is provided to the customer during standing monthly meetings.
Standard Program Reports
Managed services include standing monthly meetings with a designated member of CTEK’s analyst team. Following each meeting, your team receives a summary report of discussion points and associated action items.
Additionally, CynergisTek produces a monthly programmatic report that illustrates the preceding month’s audit activity and includes: proactive audit analysis conducted; incident metrics; date ranges of proactive audits; applied sanctions, as informed by the organization, for each proactive audit; and identification of incidents in a status other than closed. Elite-level client reports comprehensively inform and include both proactive and reactive or investigation-based audit metrics.
Reactive Audit Report Analysis
To further assist our elite-level clients, CynergisTek conducts reactive or investigation-based audits upon demand in response to additional reports, complaints, or incidents.
CynergisTek’s auditing and monitoring team conducts pattern and trending analysis to inform rule, reporting or process revisions. As risks are identified, CynergisTek then develops custom reports within the audit tool, follows established analysis methodology, and provides recommendations in support of the Optimization Plan. On an annual basis, next year’s recommended audit plan is drafted for review approval by the client. The plan includes recommended monthly audit reports, frequency of occurrence, and program optimization elements based on risk.
Advanced Program Reports
Our elite-level clients receive program trending analysis on a quarterly and annual basis. Contents of the reports provide the organization an executive summary of the preceding audit period, trending of sanctions by report type, proactive and reactive audit metrics, and volume of findings to support the audit program’s impact.
CynergisTek provides advice focused on improving the audit and monitoring program, best practices for audits to ePHI applications that are not included within the audit tool, updates to regulatory audit requirements, and recommendation in support of challenges or threats to business operations.