Element 2: Compliance Program Administration

What to Measure

How to Measure

HIPAA Survival Guide (HSG)

Board of Directors:

2.1

Active Board of Directors

·         Review minutes of meetings where Compliance Officer reports in‐person to the Audit and Compliance Committee of the Board of Directors on a quarterly basis

See self-audits. See Checklists. CO required to report to Executive Team on numerous topics on a periodic basis.

·         Conduct inventory of reports given to board and applicable committees.

Id.

2.2

·         Review of training and responsibilities as reflected in meeting minutes and other documents (training materials, newsletters, etc.). Do minutes reflect board’s understanding?

Id.

Board understanding and oversight of their responsibilities

·         Review/audit board education – how often is it conducted? Conduct interviews to assess board understanding.

Executive Team responsible for reporting to Board on an as needed basis; no formal process for that.

2.3

Appropriate escalation to oversight body

·         Review minutes/checklist in compliance officer files

See self-audits.

2.4

Commitment from top

·         Review compliance program resources (budget, staff).

Id.

·         Review documentation to ensure staff, board and management are actively involved in the program.

Id.

·         Conduct interviews of board, management and staff.

Id. Interviews only go as far up as the Executive Team.

2.5

Process for escalation and accountability

Process review (document review, interviews, etc.). Is there timely reporting and resolution of matters?

 Id.

Compliance Budget:

2.6

Appropriate oversight of budget

Review charter of governing body (Board) to verify it includes approval of compliance budget

Budget approved at the level of the Executive Team.

2.7

Budget is based on an assessment of risk and program improvement/effectiveness

Is the Board’s approval of the budget based on identified risks and effectiveness evaluation/program improvement?

Latest Risk Assessment conducted in Expresso™ serve as input to the budget process.

2.8

Sufficient compliance program resources (budget, staffing)

Review budget and staffing to ensure significant risks are managed appropriately

 Id.

Compliance Committees:

2.9

Active involvement of compliance committee members

Track percentage of attendance of each compliance committee member over the last year

Executive Team owns the HCI in many substantive respects, including approving budget and resources.

2.1

Assure that the compliance oversight committee goals and functions are outlined

Review charter of committee

No charter unless Executive Team deems it necessary to create one.

2.11

Committee structure

Review documentation of structure of committees as well as charters. Ensure no conflicting charters.

 Id. Executive Team functions as the governance committee.

2.12

Compliance committee composition and attendance

Review charter and minutes to assure attendance.

 Id.

2.13

Cascade administration of compliance program throughout the organization

Different operational areas give some certification/disclosure to the compliance office

Feedback is sought from distinct functional groups on an as needed basis especially during the performance of self-audits.

2.14

Composition of Compliance Committee

Review organizational chart to validate correct composition

 See self-audits.

2.15

Effectiveness of compliance committee meetings

Keep executive report card by member qualitative/quantitative with indicators of contribution on topics

Tracking of the HCI is kept is the following Scorecards: (1) Privacy Rule; (2) Security Rule; (3) Breach Notification Rule; and (4) Cloud, Social Media, and Mobile.

2.16

Engagement

In the last two years, have the compliance committee meetings been held in accordance with the charter?

See self-audits.

2.17

Engagement of Directors/Managers

Review committee structure to evaluate how directors/managers are participating in Compliance Operational Committee(s) meeting includes agenda, minutes, attendance and reports from subcommittees

See self-audits. See required reporting to the Executive Team.

2.18

Executive Leadership engaged in Compliance Program

Review frequency of meetings, membership, attendance, agenda and minutes over the past year of the Compliance Executive Committee to include all members of the Senior Executive team receiving information directly from the Compliance Officer

 Id.

Accountability:

2.19

Leadership accountability

Audit documentation and conduct interviews. Some examples might include:

Id.

·         Employee education completion rates

See Workforce training;

·         Demonstration of promotion of compliance (e.g., town hall meeting presentations, newsletters, etc.)

See self-audits. Process requires security reminders in compliance with the HIPAA Security Rule.

·         Completion of audit or review action items within established time frame

See self-audits.

2.2

Management accountability for compliance

Process and document review and interviews.

Id.

·         Is there a mapping of operational or management responsible for championing compliance?

See Executive Team governance committee.

·         Is there a mapping of management responsible for key areas of compliance to ensure accountability?

Id.

·         Does top management support the compliance team?

Id.

Compliance Officer:

2.21

Competency

·         Certification (CHC, CHPC, CHRC)

Our Subscription Plan offers a certification program based on over 200 questions corresponding to over 15 courses.

·         Annual evaluation, coaching, corrective action, professional development

CO’s are encouraged to attend our FREE monthly webinars where review past topics and discuss either new guidance or changes in the law.

2.22

Is the compliance officer a key stakeholder in the strategic initiatives of the organization

·         Review participation of compliance officer in strategic planning process and due diligence processes.

See self-audits. See Executive Team governance committee.

2.23

Compliance department involvement in enterprise‐ wide initiatives/entities/strategies (e.g., involvement or penetration in joint venture initiatives and other organizational inventory)

·         Process review, including review of organizational chart to ensure compliance captures enterprise‐wide entities.

Id.

·         Interviews with compliance and other committees.

2.24

Compliance independence/compliance structure

·         Does the reporting structure reflects the "express" authority required?

Id.

·         Audit program charters (compliance program or Audit committee)

Id.

2.25

Compliance integration

Audit to determine the extent to which compliance officer is involved in training, policy development, marketing and other operational aspects of the business

 Id.

2.26

Compliance Officer reporting structure and oversight to ensure direct access to C suite and board

·         Document review ‐ Look at organizational chart and conduct interviews.

Id.

·         Review board minutes and documentation that there are regular meetings with CEO and or appropriate parties.

Responsibility of Executive Team.

·         Ensure compliance officer has authority and is comfortable to go to board.

Responsibility of Executive Team.

2.27

Compliance officer’s independence/objectivity

·         Review compliance officer’s job description. Does s/he report directly to CEO, board (not CFO or Legal)? Conduct interviews, focused groups, audit.

See Executive Team governance committee.

·         Seating location of compliance with the business, senior teams are together, and dotted line on org chart

Id.

·         Interview compliance officer to see if they feel they have independence, do they document disagreements, is there executive session for audit committee.

Id.

·         Interview the board, review minutes, and interview the CCO

Responsibility of Executive Team.

·         Review of written organizational structure

Id.

·         Verify the Compliance Officer has the independent authority to retain outside legal counsel

Id.

·         Review if there is screening of compliance officer material to the Board of Directors

Id.

·         Regular executive session of the Compliance Officer with the Audit and Compliance Committee of the Board

Id.

2.28

Credibility of compliance officer

Job Description review, ongoing training of compliance officer, basic competencies, certifications, reporting structure

 Id. See our certification program.

2.29

How much authority does the compliance officer have to start a working group to look at changes?

·         Have needed changes been made, and if not, why not?

See Executive Team governance committee.

·         What authority does the compliance officer have and how does he or she exercise it?

Id.

·         Where is the compliance team with regards to identifying working groups to help attack a new compliance risk?

Id.

2.3

How supported the compliance officer feels

·         Interview compliance officer;

Id.

·         Documentation review.

Id.

2.31

Organizational perception of compliance officer and corporate compliance program

Survey employees regarding:

·         Their perception of the compliance officer role.

Id.

·           Whether they know who the compliance team is, how to get to them and, what to tell them.

Id.

·           Is the compliance staff approachable?

Id.

·         Are the compliance staff solution facilitators or looked at as the organizational police force?

Id.

2.32

Compliance problem solving and adequacy of process

Process review

Id. See also Breach Notification methodology; policies.

Staffing:

2.33

Adequacy of staffing and resources

·         FTEs assigned to compliance function

Responsibility of Executive Team.

·         Review compliance matters and if they have been addressed timely.

Id.

·         Review and ensure policies and procedures are implemented and being followed.

Id.

·         Review documentation of reports to committee(s) and board.

Id.

·         Assess status of work plan and any delays.

Id.

·         Ensure documentation of risk assessment.

Id.

·         Review documentation regarding discussions at board level regarding budget.

Id.

·         Review benchmarking data from similar entities.

Id.

2.34

Assurance of staffing

Review qualifications of staff; ratio of compliance staff to business, compensation to the business

Id.

2.35

Adequacy of compliance staff based on risk assessment

Risk assessment considers the number and competency of staff required to address risk

Id. See also certification program available to all compliance staff.

Compliance Plan:

2.36

Compliance plan assessments

·        Document review, including compliance plan and policies.

See self-audits.

·        Is there an external review conducted periodically?

Id. External review recommended periodically.

·        What is the role of internal audit with regarding to compliance?

Role is to ensure that policies, processes and tracking mechanisms are being followed for each requirement of the Rules.

·        How does internal audit interact with compliance?

The Executive Team nominate the personnel to conduct self-audits. Includes Workforce members from various functional areas.

·        Benchmark program with similar sizes within the same industry

None.

2.37

Compliance plan process

Audit process for development of the annual compliance plan.

See self-audits.

2.38

Compliance organization

Assess the positioning and effectiveness of the compliance organization staff, titles, organizational chart, pay, promotion records compared to other areas within the organization

Id.

2.39

Document that establishes the authority of the program

Document review, meeting minutes for approval.

 Id.

2.4

Perception of compliance program

Survey employees

 Id.

Culture:

2.41

Accountability

SURVEY ‐ Does the compliance department have an impact on how you do your job? (Yes/No/Don't know)

 Id.

2.42

Accuracy and Trust in Monitoring

SURVEY: Do you believe the information from your department is reported with a high degree of integrity and accuracy? (Yes/ No/Don’t know)

2.43

Culture

Conduct cultural survey (interviews, confidential surveys, focus groups, etc.) and report findings to compliance committee and board. Review minutes to ensure report out and action plan established.

 Id.

2.44

Effectiveness of compliance program in the field

Survey of field compliance people

 Id.

2.45

What is company doing to drive compliance culture?

Surveys:

Id.

·         What does company incentivize?

Id.

·         What does the company promote and look down on?

Id.

·         Is compliance program tied to mission, vision, values?

Id. See also Executive Team governance committee.

2.46

Employee comments from “Rounding”

Audit the tracking of what employees report when proactively asked by compliance department (or leadership, etc.) and how this information is managed and reported.

Id.

2.47

Measuring effectiveness of executive communication on compliance

Track on‐line engagement (clicks) and survey audience

Id.

Incentives:

2.48

Aligning performance management system (promotion system) with ethics and compliance objectives

Audit criteria of promotion, bonuses and assignments

Id.

2.49

Compliance and Ethics Role/participation for developing the incentive system

Have an outside independent expert audit the incentive system and compliance officer's participation

 None.

2.5

Is incentive system consistent with compliance program

Employee Survey

 None.

Performance Evaluations:

2.51

Proper alignment of compliance objectives with organizational performance incentives (promotions/performance appraisals/bonuses)

·      Audit disciplinary records and performance evaluations for consistency with compliance

See self-audits.

·      Audit/Review of process for performance incentives (promotions/performance appraisals/bonuses) criteria to include compliance components

Id.

2.52

“Compliance” as a performance appraisal element

·         Audit performance appraisals. Some options include:                                                      o Acknowledgment of no disciplinary action                                                              o Education completion                                         o    Documentation of promotion of compliance

·         Are merit increases tied to performance?

Id.

·         Does completion of compliance education, promotion of compliance through words, actions or no documented disciplinary action and/or, completion of corrective action plans within the due dates play a role into the calculation of merit increase?

Id.

·         Compliance is part of the annual performance evaluation and HR knows how to evaluate issues for compliance

Id. See also

2.53

Manager performance evaluations

Managers have open door policy, communicate compliance directives/initiatives, address compliance matters and effectiveness is noted in performance evaluation.

See Executive Team governance committee.

2.54

Is compliance taken into account in promotion decisions?

Review promotion lists and documentation to support promotion. Did the individual actively promote compliance?

Id.

2.55

Organizational Retaliation

Track whistleblower promotion, bonuses, sick days, disciplinary, corrective action measures and exit interview over long term

 Id.

Risk Assessments:

2.56

Compliance Resource knowledge and competence

Survey, focus groups and interviews

Expresso also for Risk Assessment to be conducted as needed. Historical Risk Assessments can be accessed for reporting purposes.

2.57

Compliance staff knowledge of current regulatory changes and laws

Document review and interviews. Review certificates of attendance at conferences/other educational events, “tools” used to keep compliance staff current, compliance budget (to support access to current regulatory changes and laws).

See certification program available to all staff.

2.58

Monitoring of regulations that impact the organization

Document and process review, interviews.

See self-audits.

·         Is there a policy and procedure?

Id.

·         Is there evidence that regulations, etc. are disseminated and implemented?

Id. Signatures required for all policies by all Workforce members.

·         Are there designated individual(s) that monitor laws, regulations, policies that impact organization?

There is the responsibility of the CO.

·         How do they get the information and what do they do with it to make sure it gets to the right people?

Certification through training. Monthly newsletters, webinars, etc.

2.59

Risk Assessment Cycle

·        Audit adherence to risk assessment cycle

Expresso™

·        Annual documented risk assessment has been communicated to oversight committee

Id.

2.6

Risk based work plan that covers compliance plan elements with board approval and regular reporting on those projects to board

Compliance Committee and board minutes review.

See Executive Team governance committee.

2.61

Work plan development based on risk assessment

Process and document review.

 Id.

2.62

Prioritization of risk and consultation with applicable risk partners (i.e., legal, HR, IT, risk management, etc.)

Documentation and process review. Is there a risk based plan?  How was it developed?

 Id.

2.63

Exit interview

Compliance concerns that come up in exit interviews are addressed

 Id.

Compliance Work Plan:

2.64

Compliance work plan

Audit to ensure the work plan is developed and implemented and it is followed‐through and outcomes are reported to compliance committee or to governing body

 Id.

2.65

Effectiveness of compliance program

Written annual work plan that includes minutes

Id. Based in part on last Expresso™ Risk Assessment.

Legal Counsel's Role:

2.66

Role of counsel in compliance process

Interview counsel regarding their involvement.

 See self-audits. Monthly newsletters, webinars, etc.

·         When they are brought into matters?

As required.

·         Where is counsel situated in relation to compliance officer on organizational chart?

N/A

2.67

Existence and adherence to policy on involvement of legal in handling matters under privilege

Review policy and sample areas that were referred to legal followed the policy

As required.

Other:

2.68

Job descriptions of management

Review of management job descriptions. Do managers have concrete compliance deliverables other than training and abiding by Code of Conduct?

 See Executive Team governance committee.

Element 1: Standards, Policies, and Procedures

What to Measure

How to Measure

HIPAA Survival Guide (HSG)

Access:

1.1

·         Review link to employee accessible website/intranet that includes the Code of Conduct

Under HSG’s methodology, we view access as necessary but not sufficient; we require Workforce members to read and sign each policy; signatures can be done electronically to reduce paper workflow.

·         Survey ‐ Can you readily access or reference policies and procedures? (Yes/No/Don't know)

 Id.

Accessibility

·         Survey ‐ How and where do employees actually access policies and procedures?

 Id.

·         Test key word search (searchable)

Keywords search is available from the Expresso™ Repository.

·         Audit and interview staff to show policies

See above. Staff must read & sign policies.

1.2

Actual Access

Audit how many actual "hits" on policies and procedures

See above. Staff must read & sign policies. The “ability” to audit “policy” hits is mostly eliminated by signatures and access.

1.3

Accessible language for code, standards and policies

Flesch Kincaid measuring standard – no more than 10th grade reading level

Thousands of products sold; almost all containing references to the regulations; no complaints ever about reading level. Although this suggestion appears to be odd given the dense nature of the HIPAA regulations.

1.4

Compliance program awareness and communication

·         Survey employees to determine the extent to which the code of conduct and other compliance communications are available to employees 

Our Agile methodology recommends periodic self-audits to determine the effectiveness of a customer’s HIPAA Compliance Initiative (“HCI”).

·         Review to ensure the standards, policies, and awareness material is updated and distributed within organization’s guidelines

See above. Signatures required.

1.5

Impaired or disabled accessibility

Review accessibility options. Look at methods and speak to individuals.

 Id.

1.6

Policy communication

Communication strategy of policies

 Id.

1.7

Availability of policy content

Conduct surveys and observation

 See self-audits above.

Accountability:

1.8

Accountability

Policy Coordinator designated

Designated responsibility of customer Compliance Officer (Privacy or Security).

1.9

Ownership and accountability of policies

Audit process of how policies get enforced by chain of command when compliance is not the final approver. Is management taking responsibility for implementing and following policies?

Methodology requires that Executive Team reviews and modifies policies before said policies are distributed to the Workforce for signature.

1.1

Routine policies and procedures

Confirm that listed owner of each policy and procedure is the actual owner.

Methodology requires, as per the Rules, named Privacy Officer and Security Officer with corresponding titles and responsibilities updated in each individual’s personnel file.

Review/Approval Process:

1.11

Annual review and Board approval of Compliance Plan

Audit: Review of Board minutes

See self-audits above. Methodology requires results of self-audits to be reported to the Executive Team.

1.12

Compliance documentation operations manual

Compliance or other oversight committee to review annually to ensure it is up to date.

Id.

1.13

Maintenance of policies

Check last review or revision

 Id.

1.14

Number of policies reviewed and is the review timely

Process review/audit.  Use checklist to ensure all basic policy elements are in place, updated consistently and reviewed/approved by appropriate parties.

Id. Our methodology does not require hundreds of policies to be reviewed; rather the policies tend to be comprehensive around the each Rule and, in addition, nuanced items (e.g. social media, mobile, cloud, etc.) are also provided.

1.15

Checklist audit. Create list of policies, review committee and board minutes to ensure all approvals have been obtained.

Id. See also signatures.

Policy approvals

1.16

Policy review process

Audit process by which policies and procedures are prepared, approved, disseminated, etc.

Id.

1.17

Process for ensuring full organizational participation in policy and procedure development

Review documentation/minutes to verify input considered and solicited for policy and procedure development and review

All policies require Executive Team review and signatures by the entire Workforce.

1.18

Process for review and approving

Check for written process

Compliance Officer (“CO”) is responsible for ensuring that policies are maintained current as per the operational environment and/or material changes in the law. Once policies are modified then the Executive Team review and /or modifies after which Workforce signature process is invoked.

Quality:

1.19

Are policies (and procedures) as good as industry practice

Peer reviews

CO is responsible for ensuring he/she stays current with peers by participating in webinars, social media groups, etc.

1.2

Integrity of Process for developing and implementing policies and procedures

Audit policy and procedure on policy and procedures

See self-audits above.

1.21

Language and reading level of policies

Are policies written in plain language, appropriate grade reading level and written in applicable languages for organization? Policy review, Word grade level review and interviews of staff to make sure they understand.

Evidence is that word level is “usable” given the density of the Rules.

1.22

Language translation

Audit or process review.  Are policies and the code of conduct translated into appropriate languages for organization?

Language translation is available through online service such as Google, BUT is not provided out-of-the-box.

1.23

Usefulness

SURVEY ‐ Do department policies and procedures assist you in doing your job effectively? (Yes/No/Don't know)

See self-audits.

1.24

Need for policies that don’t exist

Interview staff to determine if they need the certain policies to strengthen internal controls.

 Id.

1.25

Policies and procedures

Request review from external experts

 Id.

Assessment:

1.26

Assessment of all company policies

Check list of policies; which are compliance and which are business

Compliance policies are kept in the Expresso™ repository.

1.27

Essential compliance policies and procedures exist

Can staff actually articulate policies and procedures; test staff

See self-audits. Workforce members required to read and sign policies; Workforce members are required to take basic Privacy, Security, and Breach Notification Rule training and pass the corresponding tests with a grade of 70% or better.

1.28

Existence of procedure to support policy

Audit for procedure to support policy

Checklists always contains a suggested list of processes for each specific policy subject matter section.

1.29

Have focus groups of work units/departments to determine whether they understand the policies and procedures necessary to do their jobs.

See self-audits.

Fundamental policies and procedures in place

1.3

Identifiability

·         Index of policies available and current

 See Expresso™ repository.

·         Numbered policies, not just titles

See last revised dates in the policies section on Last Revisions.

1.31

List of policies are applicable to employees

Supervisors to assess direct staff

See above policies routed and signed. See also training, including “nuanced” training like social media, mobile, cloud, etc.

1.32

Are those affected by policy given the opportunity to weigh in on policy when developed?

Focus groups and interviews of those affected by policy.

No. The only focus group is the Executive Team.

1.33

List of required policies

Create checklist to make sure minimum policies are in place and then audit against the list.

See above policies routed and signed. The “minimum list” covers ALL the Rules social media, mobile, cloud, sanctions, etc.

1.34

Effectiveness of policies

Effectiveness of policies based on the submission hotline calls

See self-audits.

1.35

Policies and procedures that have been identified as part of corrective action

Process review.  Conduct annual meeting with compliance and legal to look at databases and control and prioritize review to ensure implementation and ongoing compliance with policies and procedures.

Id.

1.36

Policies for high risk and operational areas

Audit

Id.

1.37

Policies, standards and procedures are based on assessed risks

Risk assessment, policy exists for each risk identified in the risk assessment (coverage of a specific risk topic)

See our Privacy Rule and Security Rule Checklists; see also our Breach Notification Framework.

1.38

Policy inventory to ensure no overlap and contradiction of policies

Create inventory and analyze inventory. Analyze and review past efforts. Look at various departments that might have overlapping policies.

See self-audits

1.39

Policy review following investigation/issue

Top policies implicated in an investigation are reviewed to determine if policy ambiguous, complex, fails to adequately safeguard issues. Validate through audit.

Id. 

1.4

Routine policies and procedures are addressed and filter down.

Review department and committee agendas to ensure policies are addressed

See above policies routed and signed.

Code of Conduct:

1.41

Code of Conduct

Audit:  Review dates, board approvals, distribution processes, attestations, survey employees for understanding, conduct focus groups.

See self-audits.

1.42

Compliance program awareness and communication

Survey employees to determine the extent to which they know the content of the Standards of Conduct (SOC) and how to access it.

 Id.

1.43

Integrate mission, vision, values, and ethical principles with code of conduct

Compare code with mission and vision statements to see if it includes elements/statements. Check to see if code is accessible to employees

No. For most of our customers this kind “organization speak” is beyond overkill.

1.44

Maintenance of code of conduct

Is code written, posted for employees, documented frequency of reviews, and survey/test employees on ability to locate it

Code of conduct is reflected in policies.

1.45

Distribution

Documentation of Code of Conduct distribution tracking and results over past two years for all employees, employed physicians, allied health professionals, independent (contracted) physicians, volunteers and vendors/contractor/consultants in the organization

See above policies routed and signed.

1.46

Orientation

Audit to ensure all employees receive orientation to the SOC and compliance policies within 30 days of hire.

Id. See also training provided to all Workforce members.

1.47

Staff understanding of code of conduct and policies and procedures

·         Review test scores after training.

Workforce members must make a passing grade of 70% or better for each exam taken.

·         Conduct interviews.

See self-audits.

Updates:

1.48

Compliance program communication of rule changes

Review periodically and at rule changes – Audit to ensure there is adequate communication to employees, including changes in policy/procedure.

Id.

1.49

New and updated policy distribution and education of appropriate staff

Process review ‐ Does organization have formal process to make workforce aware of new policies or changes in policies?

Id.

1.5

Practices implemented after new policy

Audit practices and review committee minutes and other documentation to determine how new policies are implemented.

Id. Updates to Checklists.

Understanding:

1.51

Understanding of Policies/Procedures

·         Conduct surveys and/or focus groups on specific policies

Id.

1.52

Orientation

·         Audit adherence to policy/procedure

Id.

Ensure employees are provided instruction by knowledgeable personnel for questions/clarity

See training provided to all Workforce members.

1.53

Policies reflect practice

Use policies as audit tool and then interview, observe and conduct document review to ensure policies are being followed.

See self-audits.

1.54

Questions asked by employees

System in place to track employee questions and concerns to ensure consistent guidance. Track departments where questions come from to deploy additional education where necessary.

 Id.

1.55

Understandable to board and c‐suite

Test board and c‐suite on location and understanding

Executive Team must review/modify/approve policies.

1.56

Understandable to employees

·         Reading comprehension test

 See self-audits.

·         Situational tests

 Id.

·         Test of location

 Id.

Compliance Plan:

1.57

Maintain compliance plan and program

Review written plan or written schedule of compliance activities

See Scorecards that track each requirement of the Rules plus remediations notes.

1.58

Maintain compliance department operations manual

·         Audit existence of written manual, handbook, or reference guide

See Checklists, Frameworks, etc. There is no one manual; there are a number of manuals depending on the subject matter.

·         Test whether the manual is current

See self-audits.

Confidentiality Statements:

1.59

Verify maintenance of appropriate confidentiality policies

·         Audit procedure for obtaining confidentiality statements from employees

See above policies routed and signed.

·         Audit employee files for signed confidentiality statements from employees

Id.

Enforcement:

1.6

Compliance with policies

Conduct interviews, observation.

See self-audits.

1.61

Policy violations

Audit policy and procedures to make sure practice consistent with policy.

Id. See also Sanction Policy.

1.62

Adherence to policies and procedures for cases involving patient harm and reporting to regulatory agency

Review policies and procedures and cases involving patient harm and validate proper reporting to regulatory agency