Guest column: Explore using software to improve operational audits and patient safety
EMAIL THIS STORY
| PRINT THIS STORY
February 2, 2020
by Gerry Blass, president & CEO, and Ken Reiher, VP operations, ComplyAssistant
Security risk audits are most likely part of your daily routine—walkthroughs, business associate assessments, network access testing, medical device reviews—all designed to help uncover and mitigate risks associated with protected health information.
You may even be using governance, risk, and compliance (GRC) software to help collect, organize, and manage all the data and action items associated with your security risk audits.
But what about operational audits? How do you gather information related to facility, department, and patient safety? If you’re still using spreadsheets, there’s a better way. The same GRC software can also be used to help with operational audits.
Defining operational audits
What do we mean by operational audits? This could include any manner of audits intended to evaluate business processes, including areas such as environmental safety, facility standards, product and medication safety, departmental quality, and even workforce management.
Here are some considerations and questions to ask:
- Equipment safety: Is all of your equipment up to the latest standards? What about software upgrades? Has broken or damaged equipment been removed from the floor? Medical devices are especially important here as they can be high risks for both patient safety and network access.
- Infection control: Are your hand hygiene stations accessible? Do you observe correct hand hygiene? Do patients have access to protective apparel? Are your sharps containers accessible and emptied properly?
- Life safety: Mainly concerned with facilities, life safety focuses on placement and non-obstruction of items such as smoke detectors, sprinklers, fire extinguishers, electrical panels, and gas cylinders.
- Physical environment: Also related to facilities and environmental services, this area evaluates the overall cleanliness of the department or building. Are there boxes or other items blocking walkways or doorways? Is there dust and debris buildup in certain areas? Are EMTALA signage and nurse call systems up to date? How recently was the HVAC system inspected, and is it working properly?
- Product safety: Are medications and cleaning products expired? Are medications properly stored and locked?
- Patient safety: Focused on opportunities to reduce the risk of harm to patients, patient safety audits assess areas such as fall prevention, hospital-acquired infections, and more.
- Workforce management: Audits in this area focus on two primary areas: network access and training. Has network access for terminated employees been properly revoked in a timely manner? If employees move to another department or facility, are any required network access changes made? How often do you conduct staff compliance training? Are enforcement policies in place and followed?
Leveraging existing investment
Though the IT or security teams are probably not conducting operational audits, this could be a vital opportunity to collaborate with your colleagues in compliance, infection control, risk management, human resources, and facilities and environmental services.
Any department or team that is currently using a manual, hard-copy checklist or spreadsheet to perform operational audits can benefit from purpose-built software. The software will guide your organization on the right things to look for, help you collect and organize the data, and help you manage action plans to address any risks found during an audit. In addition, you’ll have running year-over-year data, enabling each department to recognize and manage trends. Teams conducting annual operational audits will also save time and energy—no more combing through various spreadsheets and handwritten notes.
Your organization will get more mileage out of the investment you’re already making in GRC software, and having all of your risk-related information in one place will help you more easily manage an enterprisewide risk register. With broader visibility into results from operational and security risk audits, you’ll be more informed and better equipped to implement your organization’s entire compliance management process.
Editor’s note: ComplyAssistant began as a security and compliance consulting company and is now a GRC software company. Blass is a former chief information security officer for a major healthcare system in New Jersey. Reiher has more than 17 years of consulting and management experience in healthcare.