White Papers

New White Paper!  Issued July 31, 2018

Drug Diversion Prevention & Detection: Using a Comprehensive Risk & Internal Audit Approach

In Parternership with Baker Tilly

The escalation of drug diversion... 

The United States Department of Health and Human Services (HHS) and the Centers for Disease Control and Prevention (CDC) report that opioids killed more than 42,000 people in 2016. In 2016, 66 percent of drug overdose deaths involved an opioid and 40 percent of all opioid overdose deaths involved a prescription opioid. (1) (2)

Now consider that approximately 10 to 15 percent of all healthcare professionals will misuse drugs or alcohol at some time during their career. Although the rates of substance abuse and dependence are similar to those of the general population, the prevalence is disturbing because healthcare professionals serve as the caregivers responsible for the general health and well-being of the general population. (3) Drug diversion by healthcare workers can cause serious harm to patients (particularly if the worker is impaired while delivering care) or to themselves.

Healthcare organizations face serious legal, financial, operational and reputational risks and regulatory fines resulting from worker diversion and inadequate internal controls.  Every healthcare organization, in partnership with its operations, compliance, and internal audit functions, must ensure a comprehensive interdisciplinary drug diversion management program is functioning. To effectively address drug diversion issues, a comprehensive program must include rigorous controls and monitoring.

(1) Center for Disease Control and Prevention, Opioid Overdose- Opioid Data Analysis.  Accessed February 13, 2018.  https://www.cdc.gov/drugoverdose/index.html
(2) Health and Human Services, Opioid Epidemic by the Numbers. Accessed February 13, 2018.  https://www.hhs.gov/opioids/about-the-epidemic/

(3) MR Baldisserri, Impaired Healthcare Professional. Critical Care Medicine. 2007; 35(2 suppl):S106-16.

About AHIA

The Association of Healthcare Internal Auditors (AHIA) is a network of experienced healthcare internal auditing professionals who come together to share tools, knowledge and insight on how to assess and evaluate risk within a complex and dynamic healthcare environment. AHIA is an advocate for the profession, continuing to elevate and champion the strategic importance of healthcare internal auditors with executive management and the Board. If you have a stake in healthcare governance, risk management and internal controls, AHIA is your one-stop resource. Explore our website for more information, www.ahia.org.

About Baker Tilly

Baker Tilly is a full-service accounting and advisory firm, providing assurance, tax, internal audit and consulting services to healthcare providers, higher education systems and research institutions. In addition to financial statement audit and tax services, we collaboratively address strategic areas such as risk management, research compliance, construction, managed care contracting, revenue cycle optimization, community health and needs assessments, fraud, cybersecurity and other strategic and operational issues. Visit us at bakertilly.com/healthcare to learn more.

Copyright © 2018 Association of Healthcare Internal Auditors. All rights reserved.


AHIA white papers provide healthcare internal audit practitioners with non-mandatory professional guidance on important topics. They are intended to supplement and support the mandatory requirements of formal professional standards. By providing healthcare specific information and education, white papers can help practitioners evaluate risks, develop priorities and design audit approaches.

White Paper Subcommittee:

Chair: Alan Henton
Mark Eddy
Linda McKee
Debi Weatherford
Publications Board Liaison: Debbie Pazourek

If interested in authoring a white paper, contact Chair at alan.p.henton@vumc.org


The Association of Healthcare Internal Auditors (AHIA) is pleased to announce its Call for White Papers on topics concerning the art and science of healthcare internal auditing.  A white paper is an authoritative report or guidance that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem or make a decision.

AHIA welcomes papers aimed at beginner to expert level practitioners. This includes original content clearly related to healthcare internal auditing that does not promote commercial products or services. 

This is your opportunity to share your ideas, concepts, case studies, and proven methods with the AHIA healthcare internal audit community!

Submissions will be accepted on an ongoing basis…

White Paper Topics Include:

Best Practices & Case Studies
Learn best practices from the experiences of other healthcare IA practitioners. Papers in this category should provide real- life examples of implementation and lessons learned or application of various tools and models. Papers should also include specific examples of how you addressed challenges and provide measures of success.

Models in Healthcare Internal Audit
This category includes healthcare IA management theory around innovation, emerging trends, value or the future of our field.

Special Interest and Other Topics
This area provides an opportunity to address specific industries such as government, healthcare and risk management.

Specific topics of interest are listed here, but proposals with unique quality and insight on related topics will also be considered.

  • Data analytics and continuous auditing (integrating with audits, describe a case study)
  • Research and IRB related audits (other than typical clinical trial audits), such as grant effort reporting and expense audit procedures
  • Information Technology audits (IT general controls, high risk areas)
  • Accounts Receivable and Revenue Cycles
  • Clinical auditing
  • Credentialing- physician, general, new enrollment, etc.
  • Charge capture (coding)
  • 340B Drug diversion
  • Ethics
  • Auditing quality measures
  • 501r implementations

Submission Guidelines

To be considered for white paper development consideration, please send us your topic idea and meet the following requirements:

  • Submitted via email to ahia@ahia.org – Subject Line – WHITE PAPER SUBMISSION
  • Authors must include an abstract accurately summarizing the topic and focus of the paper (approximately 100-200 words) and author’s bio (approximately 75 words).
  • Content must be structured clearly and provide an introduction (executive summary), results and observations, and conclusion.
  • Content should be technically correct and be of interest to a wide audience of healthcare IA practitioners.
  • Submissions cannot be previously published in their current or similar form.
  • Submission that are commercial in tone and/or intended to be promotional in nature will not be considered.
  • All ideas must be submitted in English.

Review/Acceptance Process

All submissions will be reviewed by the White Paper Subcommittee composed of AHIA members. The Subcommittee will vet each idea submission.  Upon acceptance, we will be in touch to work with you on the development of the White Paper in collaboration with the subcommittee. Authors/Contributors must permit AHIA to publish papers across various channels. Any written content including graphics and images from third parties must have written permission for use.

Links to existing white papers:


New White Paper!  Issued July 31, 2018

Drug Diversion Prevention & Detection: Using a Comprehensive Risk & Internal Audit Approach
Securing Data & Delivering Value: Identifying Patient and Employee Related Sensitive Information in Data Repositories


AHIA White Paper Guidance Issued: Cybersecurity, Data Analytics and Other Priorities for Internal Auditors in US Healthcare Providers

HIPAA: 5 Steps to Ensuring Your Risk Assessment Complies with OCR Guidelines

Cyber Assurance: How Internal Audit,Compliance and Information Technology Can Fight the Good Fight Together


Cybersecurity, IT Transformation and Analytics: Addressing Priorities for Internal Auditors in US Healthcare Provider Organizations

Data Analytics in Healthcare Internal Audit: A New Level of Value

Beyond HIPAA compliance: Aligning IT audit and information security to manage information risks


AHIA IT Audit and Information Security Survey

Evaluating Hospital Pharmacy Inventory Management and Revenue Cycle Processes

Priorities for Internal Auditors in US Healthcare Provider Organizations - Chief Concerns Include Cybersecurity, Regulatory Compliance and Fraud

ICD-10: Ready or Not? Survey Results Provide an Overview of ICD-10 Implementation and Planning Status

HHS/OIG “Practical Guidance for Health Care Governing Boards on Compliance Oversight”


Pharmacy Related Risk Areas (Deloitte/AHIA):

Auditing and Monitoring (HCCA/AHIA)


Third-party Relationships and Your Confidential Data (Grant Thornton/AHIA)

Auditing and Monitoring White Papers (HCCA/AHIA)


Meaningful Use Risks (PwC/AHIA)