New White Paper! Issued March 2, 2018
In Parternership with Jackson Health System
Author: Rubensky Calixte, MBA, CISA
Healthcare organizations collect and store much more than just patient health information. Functional areas such as Human Resources, Internal Audit, and Finance accumulate terabytes of sensitive employee and patient information across business functions. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and National Institute of Standards and Technology (NIST) recommend guidelines to establish internal safeguards for sensitive data. However, operational and financial leadership, as well as Internal Audit, need practical solutions to identify and control the amount of and access to information stored within an organization.
This paper will provide insight into a practical framework through which internal auditors can economically identify sensitive information relating to both patients and employees in data repositories such as shared drives. Operational and financial leadership, Information Technology, and department data owners should use this framework to structure access rights and establish protective procedures. This whitepaper will provide an understanding of the tools and strategies needed to execute continuous security audits on corporate-wide sensitive patient and employee information.
About the Author
Rubensky Calixte is the IT Audit Manager at Jackson Health System (JHS), a nonprofit academic medical system. Jackson Memorial Hospital, a centerpiece of JHS, is the largest public hospital (by number of beds) in the United States. With over ten years of IT and Audit experience, Rubensky has provided assurance services to multiple S&P 500 companies. Rubensky holds an MBA from Babson College, a BS in Electrical Engineering from the University of Florida, and is a Certified Information Systems Auditor.
AHIA white papers provide healthcare internal audit practitioners with non-mandatory professional guidance on important topics. They are intended to supplement and support the mandatory requirements of formal professional standards. By providing healthcare specific information and education, white papers can help practitioners evaluate risks, develop priorities and design audit approaches.
White Paper Subcommittee:
Chair: Alan Henton
Publications Board Liaison: Debbie Pazourek
If interested in authoring a white paper, contact Chair at firstname.lastname@example.org
CALL FOR WHITE PAPERS
The Association of Healthcare Internal Auditors (AHIA) is pleased to announce its Call for White Papers on topics concerning the art and science of healthcare internal auditing. A white paper is an authoritative report or guidance that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem or make a decision.
AHIA welcomes papers aimed at beginner to expert level practitioners. This includes original content clearly related to healthcare internal auditing that does not promote commercial products or services.
This is your opportunity to share your ideas, concepts, case studies, and proven methods with the AHIA healthcare internal audit community!
Submissions will be accepted on an ongoing basis…
White Paper Topics Include:
Best Practices & Case Studies
Learn best practices from the experiences of other healthcare IA practitioners. Papers in this category should provide real- life examples of implementation and lessons learned or application of various tools and models. Papers should also include specific examples of how you addressed challenges and provide measures of success.
Models in Healthcare Internal Audit
This category includes healthcare IA management theory around innovation, emerging trends, value or the future of our field.
Special Interest and Other Topics
This area provides an opportunity to address specific industries such as government, healthcare and risk management.
Specific topics of interest are listed here, but proposals with unique quality and insight on related topics will also be considered.
- Data analytics and continuous auditing (integrating with audits, describe a case study)
- Research and IRB related audits (other than typical clinical trial audits), such as grant effort reporting and expense audit procedures
- Information Technology audits (IT general controls, high risk areas)
- Accounts Receivable and Revenue Cycles
- Clinical auditing
- Credentialing- physician, general, new enrollment, etc.
- Charge capture (coding)
- 340B Drug diversion
- Auditing quality measures
- 501r implementations
To be considered for white paper development consideration, please send us your topic idea and meet the following requirements:
- Submitted via email to email@example.com – Subject Line – WHITE PAPER SUBMISSION
- Authors must include an abstract accurately summarizing the topic and focus of the paper (approximately 100-200 words) and author’s bio (approximately 75 words).
- Content must be structured clearly and provide an introduction (executive summary), results and observations, and conclusion.
- Content should be technically correct and be of interest to a wide audience of healthcare IA practitioners.
- Submissions cannot be previously published in their current or similar form.
- Submission that are commercial in tone and/or intended to be promotional in nature will not be considered.
- All ideas must be submitted in English.
All submissions will be reviewed by the White Paper Subcommittee composed of AHIA members. The Subcommittee will vet each idea submission. Upon acceptance, we will be in touch to work with you on the development of the White Paper in collaboration with the subcommittee. Authors/Contributors must permit AHIA to publish papers across various channels. Any written content including graphics and images from third parties must have written permission for use.
Links to existing white papers:
New White Paper! Issued March 2, 2018
Pharmacy Related Risk Areas (Deloitte/AHIA):
- Controlled Substances: Identifying Risks and Internal Audit Focus Areas
- Computerized Physician Order Entry: Identifying Risks and Internal Audit Focus Areas
- 340B Drug Discount Program and Documentation: Identifying Risks and Internal Audit Focus Areas
- Documentation, Coding, Charging and Billing for Medications: Identifying Risks and Internal Audit Focus Areas
Auditing and Monitoring White Papers (HCCA/AHIA)
- Article #1: A&M In Healthcare Organizations
- Article #2: Compliance Risk Assessment
- Article #3: Compliance Work Plan
- Article #4: CAATS
- Article #5: Documented Comprehensive Approach
- Article #6: Core Set Policies & Procedures
- Article #7: Compliance Training
- A&M Focus Group Progress Report
- Contrasting Roles and Responsibilities - Corporate Compliance and Internal Audits
- Defining the Meaning of 'Auditing' and 'Monitoring' & Clarifying the Appropriate Use of the Terms
- Physician Contracting
- Roles and Responsibilities - Corporate Compliance and Internal Audit
- Seven Component Framework