Continuous Auditing and Monitoring Leveraging Your Data for Compliance

Size: px
Start display at page:

Download "Continuous Auditing and Monitoring Leveraging Your Data for Compliance"

Transcription

1 Continuous Auditing and Monitoring Leveraging Your Data for Compliance A Phyllis Patrick & Associates LLC White Paper April 2014 Gail Hormats, B.S., M.B.A., C.I.A., C.I.S.A., C.R.M.A., C.A.D.A. Automated Continuous Testing and Monitoring Ad-hoc Testing and Monitoring Manual Testing and Monitoring

2 Executive Summary Data analysis solutions, including automated continuous auditing and monitoring approaches, can enable information security and privacy compliance. This is a new trend and one that we predict will not only leverage the resources of information security and privacy programs, but will evolve the programs to a higher level of credibility and sustainability through the use of analytic tools and reporting. In this paper, we will explain how continuous auditing and monitoring (CAM) can provide ongoing assurance for security, privacy, compliance and audit in your organization. We will describe some of the key tools and types of testing that will benefit your organization. CAM is a process or methodology used to test transactions based upon prescribed criteria, identify anomalies, and provide written assurance via the reporting process simultaneously with or shortly after the review. CAM employs computer aided audit techniques (CAATs) to mine data to check whether an organization s security, privacy, financial, clinical, or other controls are working to ensure regulatory compliance or to prevent fraud, waste, abuse, or errors. The deployment of these tools provides the capability for data to be checked in near real-time and the results shared with those having a need to know. One of the most common CAAT applications is ACL Analytics (ACL). ACL is a data mining and analytic application developed by ACL Services, Inc. (Vancouver, CN). Coupled with Visual Basic for Applications and Excel, ACL provides a platform for creating routines that can be scheduled to run automatically on a pre-set schedule. These routines can range from simple, such as testing applications for authorized access or dormancy, to complex analytics that verify meaningful use calculations. Other possibilities include routines that allow management to monitor compliance with level of care regulations related to an Electronic Medical Record or to identify possible invoice duplicates before they are paid. Routines can be designed such that Security, Privacy, Audit or Compliance Departments receive responses from management as a result of automated routines. Routines are designed to be a turnkey solution requiring minimal or no intervention on the part of Security, Privacy, Compliance or Audit staff. Phyllis A. Patrick & Associates LLC 2

3 Table of Contents What Is Continuous Auditing and Monitoring... 4 Data Analytics... 5 Success Factors... 6 Management Agreement... 6 CAAT Tools... 6 Data Availability... 6 Examples of CAM Routines... 8 Development of a CAM Routine... 9 Planning... 9 Developing Data Understanding... 9 Script and Output Report Development Moving to Production Summary Appendix A Sources Appendix B About the Author Phyllis A. Patrick & Associates LLC 3

4 What Is Continuous Auditing and Monitoring? The Institute of Internal Auditors defines Internal Audit as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations... bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Audit is the application of a methodical process to gathering and analyzing processes to ensure that controls exist to mitigate risk. Audit is generally the responsibility of the Internal Audit Department. Merriam Webster defines monitor as to watch, keep track of, or check usually for a special purpose. 1 The Environmental Protection Agency (EPA) defines monitoring as measurement data or other information for assessing performance against a standard or status with respect to a specific requirement. 2 Thus, monitoring is the routine collection or review of data to ensure that operations are functioning properly. Monitoring is a responsibility of operational management, which generally includes Security, Privacy and Compliance departments. Merriam-Webster defines continuous as continuing without stopping: happening or existing without a break or interruption; marked by uninterrupted extension in space, time, or sequence 1 In an automated, continuous auditing and monitoring (CAM) process, however, continuous can better be defined as done repetitively, on a pre-defined schedule. It is continuous, in the sense that, compared to a traditional audit or review which may be done annually or less frequently, CAMs occur routinely on a set schedule. CAM is used to test transactions based upon prescribed criteria, identify anomalies, and provide written assurance via the reporting process simultaneously with or shortly after the review. CAM has also been defined as the automated and frequent analyses of data through the use of computer assisted audit tools (CAATs) and other audit techniques. CAM employs CAATs to check whether an organization s data is processed correctly and determines whether internal controls are working to prevent errors and fraud. As noted above, deployment of these tools provides the capability for controls to be checked in near real-time and the results shared with those having a need to know. Use of these tools also allows testing of complete populations not just sampling. Putting these tools in place provides assurance regarding the integrity of information at given points in time and provides constant checking for issues, errors or fraud. CAM may be used to audit controls or it may be used to strengthen compliance monitoring. Phyllis A. Patrick & Associates LLC 4

5 Data Analytics According to the Institute of Internal Auditors, Data analysis is the process of identifying, gathering, validating, analyzing, and interpreting various forms of data within an organization to further the purpose and mission... 3 ISACA indicates that data analytics allow enterprises to make better business decisions and increase competitive advantage. 4 In the security and privacy arena, data analytics can provide assurance that data integrity is maintained and that the date is appropriately protected. Data analytics can also help to ensure that employees are complying with regulations and that the information is properly reported. Data analysis technologies are computer programs the reviewer or auditor uses to process data of significance in order to improve the effectiveness and efficiency of the review process. When data analysis is being used, the overall objective and scope of a review does not change. Data analytics can also be used to develop controls to ensure that a process is functioning as designed. For example, data analytics can be used to create alerts if employees access patient data outside of job needs that is, an alert concerning a potential patient privacy breach and/or violation of an organization s Minimum Necessary Policy. The use of data analytic tools ranges in maturity from ad-hoc to a vigorous continuous (or at least repetitive) monitoring. A capability or maturity model describes process components that are believed to lead to better outputs and better outcomes. A low level of maturity implies a lower probability of success in consistently meeting an objective while a higher level of maturity implies a higher probability of success. 5 ACL Figure 1: Audit Analytic Capability Model Source: ACL Services, LTD. The Audit Analytic Capability Model (AACM) in Figure 1 shows the stages of CAM development. At the basic Data Analysis level (1), analytics are typically ad-hoc and mostly used during a single audit for simple summarizations of data. At the Applied Analytics level (2), analytics are still ad-hoc but more comprehensive, and integrated into the audit process. At the Managed Analytic level (3), analytics are a core part of the audit process. Data analyses may occur near real-time, are maintained in a central repository, and are often scripted. Although an individual generally initiates testing, analysis at this level is repeatable and sustainable. Phyllis A. Patrick & Associates LLC 5

6 At the Continuous Auditing level (4), suites of tests are in production and run in an automated, or near automated fashion. Testing is now real-time or near real-time. This increases the ability of Security, Privacy, Compliance, and Audit Departments to more effectively and efficiently identify and share opportunities for improvement (OFI) with management. The Continuous Monitoring level (5) moves automated analytics away from the Audit Department and into management s responsibility. The analytics at this stage are used by management to continuously or near continuously monitor a process. Together, continuous auditing and continuous monitoring provide management with continuous assurance that processes security, privacy, and business controls are functioning as designed. This assures that fraud, waste, and abuse are likely to be identified and corrected, and that the organization is complying with required laws and regulations. Success Factors A number of factors must be in place for a CAM routine to be successfully implemented. The three key factors are management agreement, CAAT tools, and data availability. Management Agreement A successful CAM routine requires management agreement. A CAM routine will identify conditions that need a response, e.g., a possible breach will need to be investigated, a user s access may need to be terminated, or revenue may need to be returned to a payer. Additionally, business processes may need to be modified or changed based on the results of the CAM process. CAAT Tools Many healthcare organizations use ACL. ACL permits data analysis without changing the original data and while tracking each step in the analysis (maintaining an audit log). ACL has a scripting language that allows the development of programs to facilitate repetitive or near continuous testing. Visual Basic for Applications and the use of a job scheduler extends the ability of ACL to create a completely automated CAM. Other CAAT tools that can be used include IDEA, a data analytic tool similar to ACL, and Excel or any other spreadsheet application. As data sets become more complex (what is referred to as big data), more elaborate data analytic tools are required. These include, but are not limited to, SAS (Statistical Analysis System), HADOOP (big data strings), and NoSQL (representing different database technologies). Data Availability The CAM process relies on obtaining and analyzing data from various sources, including computer applications, spreadsheets, lists, and even Adobe files. Key applications used in many CAM routines are defined in Figure 2 below. Data may be in the form of a stand-alone file, an ODBC connection into the application s database, or a direct link into the application s database. Phyllis A. Patrick & Associates LLC 6

7 Figure 2: Common Applications Used in CAM Routines APPLICATION 1. Electronic Medical Record PURPOSE Contains clinical information, including physician orders. Information can be used for many CAM routines including but not limited to meaningful use validation, PHI mapping, and revenue recovery. Examples include EPIC, Cerner, and Meditech. 2. Data Loss Prevention Used to detect potential data breach or ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use, in-motion, and at-rest. Can be used in conjunction with PHI mapping and CAM routines to strengthen safeguards and minimize data leakage risks, due to workforce error. Examples include Cisco, Symantec, and McAfee. 3. Physician Billing System Usually includes a combined Provider Patient Registration, Scheduling, Accounts Receivable, and Billing System. An example is IDX. 4. Facility Billing System Usually is a combined Master Patient Index, Hospital Patient Registration and Accounts Receivable System. Two examples are SMS and Meditech. 5. Reimbursement Results 6. Badge/Security Identification Contains hospital paid claims data used in billing reviews (i.e. RAC); generally is the 835 reimbursement file data or an application that aggregates this information such as The Advisory Board Company s Revenue Integrity Compass. Used to assign and track physical access to the organization s property; may or may not be the application that actually prints the badges. An example is Premisys. 7. Time Application Employee time capture. One of the most commonly used is KRONOS. 8. Enterprise Resource Management System (ERM) The major financial application(s) used to manage the organization. Generally consists of General Ledger, Asset Management, Purchasing, and Accounts Payable modules. Examples include Lawson, Oracle Financials, and Meditech. 9. HRMIS Human Resources Information Management System (including employee data, payroll and benefits. Examples include Oracle HRMIS and PeopleSoft. 10. Research or Project Application(s) that contain research or project related information such as special purpose fund budgets or construction budgets. Phyllis A. Patrick & Associates LLC 7

8 Examples of CAM Routines Following are examples of CAM routines, organized by review focus: Security and Privacy, Compliance, and Audit. This list is a starting point for determining how you can use data analytics and CAM tools to meet auditing and monitoring objectives throughout an organization. Information security and privacy officers, internal auditors, compliance officers, quality officers, safety officers, and other functional areas can leverage the value of these tools and processes to identify potential issues and analyze data in new and creative ways while improving programs and reporting results. Security and Privacy Meaningful Use - Validate meaningful use attestation calculations, determining accuracy of payments and requests for incentive monies from CMS and state Medicaid agencies. PHI Mapping - Identify where protected health information (PHI) resides in systems, on devices, in network drives, and other areas. Use information to develop strategies for minimizing data leakage. Logical Security Access Testing - Test additions, transfers, and terminations of users. Test dormancy, last login, and unapproved access. Business Associate Agreements (BAA) - Assist in developing and testing BAA Inventories and determining high-risk vendors. Data Breach - Develop tests and alerts to identify possible data breaches. This is particularly useful to test applications other than the electronic medical record, i.e., interfacing systems that provide lab, radiology, and other diagnostic results. Compliance Revenue Recovery and Protection - Compare group practice and facility billing for missing revenue either by the hospital or physician s group practice (usually organization based) and identify mismatched data that may lead to compliance concerns. These types of CAM routines are particularly effective in areas such as Surgery, Interventional Radiology, Cardiac Catheterization, Electrophysiology Laboratory, and other high-dollar clinical areas. Outcomes Reporting - Compare clinician documentation and use electronic health record (EHR) modules to determine potential over-coding, cloning, errors, and other issues related to EHR integrity. Level of Care - Compare EHR and patient accounting systems (daily and quarterly) to ensure level of care is billed appropriately. The value is captured by using a quarterly look back comparing the daily accounts to the actual reimbursement received. Exclusions - Test personnel inclusion on Federal and State exclusion lists. This routine can be fully automated if employee and physician social security numbers (SSN) are available for comparison to the exclusion lists. If only names and addresses are available, a final manual check must be made by comparing the SSN of the hit to the employee or physician SSN. Phyllis A. Patrick & Associates LLC 8

9 Physician Contracting - Validate that payments to and from physicians do not violate Stark and Anti-Kickback Laws, including lease payment testing. 72-hour Rule Testing - Provide assurance that all charges that fall within the 72-hour rule are rolled into a single bill. Human Resources (HR) - Test for compliance with labor regulations and an organization s policies including minimum wages and employees paid as vendors. Audit Overtime - Develop tests to ensure excess overtime has not been charged. Pension Validation - Test that pension payments have been properly calculated. General Ledger Analyze the trial balance roll-forward and anomalous transactions. Accounts Receivable - Test the accounts receivable aging. Accounts Payable - Test possible upcoming duplicates and provide a look back to identify any already paid duplicates. Vendor Master File (VMF) - Test the VMF data integrity including but not limited to dormant and duplicate vendors and missing data. Development of a CAM Routine The continuous audit approach used to develop a CAM routine consists of five major stages: Planning Understanding process / data Developing scripts Developing reports Implementing routine into production Each phase is important and plays a key role in continuous auditing and monitoring. Planning The planning phase involves developing a general understanding of the process being considered for CAM and identifying potential testing routines. During the planning phase the scope and objectives of the CAM routine are documented. Approximately 5% of the project time is spent in planning. Developing Data Understanding In developing data understanding, the CAM developer works with the subject matter experts and Information Systems Departments to identify the specific data needed and to determine how it is stored. During this phase, one or more sample data files are produced, and the automated extraction schedule and storage location are defined. If sensitive data is involved (e.g. protected health information or employee social security numbers), protective measures such as limited access shared drives, are established. This phase represents about 30% of the project. Phyllis A. Patrick & Associates LLC 9

10 Script and Output Report Development The script and output report development phases are intertwined. During these phases, data analytics are programmed and results validated with subject matter experts. The final format of the output report and any required management response(s) are defined and developed. Together, these two phases comprise about 50% of the project. Moving to Production The last phase is the move to production. During this phase, instructions for maintaining the CAM routine are developed and shared with the responsible parties. Also, if required, the developer creates the code needed for ensuring the routine runs on the agreed schedule. This phase encompasses 15% of the project. Figure 3 shows the process flow of a continuous audit or monitoring project from start to completion depicted by stage. Click on Figure 3 below to see a larger version. Figure 3: Continuous Audit and Monitoring Process Flow Source: Gail Hormats, C.I.A., C.I.S.A., A.C.D.A. and Feline O Gorman, C.P.A., A.C.D.A., Case Study: Continuous Audit Recovers Lost Cardiac Catheterization Laboratory Revenue, New Perspectives, Association of Healthcare Internal Auditors, Fall Phyllis A. Patrick & Associates LLC 10

11 Summary This white paper explains automated continuous auditing and monitoring (CAM) and describes how it can be used to facilitate security and privacy compliance, as well as other compliance and audit functions. As noted earlier, there are five stages of maturity in the development of using data analytics for ongoing auditing and monitoring. Together, the two most mature stages provide continuous assurance that processes are functioning as designed. A five-stage process (planning, understanding data, developing scripts, developing output reports, and moving CAMs to production) provides the methodology for developing automated CAM routines. While CAM routines and CAAT tools have been used in internal and financial functions for many years, use of these tools and techniques to achieve data analytics objectives is new for security, privacy, and related functions such as, meaningful use, PHI mapping, data integrity in EHRs and other systems, and vendor risk assessment. We are confident that these tools will provide the key to improving and sustaining security and privacy programs and related functions by providing compliance measures, new reporting capabilities, and an effective adjunct to an organization s risk analysis and risk mitigation programs. Phyllis A. Patrick & Associates LLC 11

12 Appendix A Sources Environmental Protection Agency, Technology Transfer Network Clearinghouse for Inventories & Emissions Factors 3 Altus J. Lambrechts, C.I.S.A., C.R.I.S.C., Jacques E. Lourens, C.I.A., C.I.S.A., C.G.E.I.T., CRISC, Peter B. Millar, and Donald E. Sparks, C.I.A., C.I.S.A., The Institute of Internal Auditors Global Technology Audit Guide (GTAG ) 16 : Data Analysis Technologies, August Generating Value from Big Data Analytics, ISACA, IPPF Practice Guide Selecting, Using, and Creating Maturity Models: A Tool for Assurance and Consulting Engagements, The Institute of Internal Auditors, July The ACL Audit Analytic Capability Model, ACL, Gail Hormats C.I.A., C.I.S.A., A.C.D.A. and Feline O Gorman C.P.A., Case Study: Continuous Audit Recovers Lost Cardiac Catheterization Laboratory Revenue, New Perspectives, Association of Healthcare Internal Auditors, Fall Gerard (Rod) Brennan, Ph.D., Continuous Auditing Comes of Age, ISACA, David Coderre, Royal Canadian Mounted Police (RCMP), The Institute of Internal Auditors Global Technology Audit Guide 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment, July Practice Advisory : Continuous Assurance, The Institute of Internal Auditors, June Appendix B About the Author Gail Hormats, B.S., M.B.A., C.I.A., C.I.S.A., C.R.M.A., C.A.D.A. Ms. Hormats served as Project Leader (Audit Services), as Manager of Audit Services, and most recently, as Manager of Audit and Compliance at Baystate Health. In her roles at Baystate Heath, she developed and managed the Continuous Audit and Monitoring Program. The program averaged direct recoveries or revenue protection of approximately $7.5 million annually. Prior to working for Baystate Health, Ms. Hormats was the Associate Director of IT Audit for the University of Massachusetts where she introduced Computer Aided Audit Techniques using ACL. Ms. Hormats has held audit positions at Boston Medical Center, John Hancock Financial Services, Boston Children s Hospital and the University of Massachusetts Medical Center. Ms. Hormats is a member of the Institute of Internal Auditors, the Association of Healthcare Internal Auditors, and ISACA. She has served as the Chair, Technology Committee for the Association of Internal Auditors and program coordinator for ISACA. Phyllis A. Patrick & Associates LLC 12

13 Phyllis A. Patrick & Associates LLC partners with Gail Hormats to provide this service. Ms. Hormats is passionate about the use of data and data analytics to foster robust information security and privacy programs, and to identify and reduce risks associated with confidential information its creation, use, storage, and maintenance. Office: Mail: Phyllis A. Patrick & Associates LLC 13

How to Leverage Data Analytics in Healthcare Auditing

How to Leverage Data Analytics in Healthcare Auditing Feature How to Leverage Data Analytics in Healthcare Auditing Unleash the power of the computer to vastly improve your audit reach By Scot Murphy, CFE, CIA, ACDA, and Tom Stec, CIA, ACDA Healthcare auditing

More information

The Medicare and Medicaid EHR incentive

The Medicare and Medicaid EHR incentive Feature The Meaningful Use Program: Auditing Challenges and Opportunities Your pathway to providing value By Phyllis Patrick, MBA, FACHE, CHC Meaningful Use is an area ripe for providing value through

More information

Using CAAT in Compliance

Using CAAT in Compliance Using CAAT in Compliance Auditing Suzann Hall, CPA, ACDA November 12, 2010 CHAN Founded in 1997 through the collaboration of Ascension Health and Catholic Health Initiatives, the two largest not-for-profit

More information

Using Technology to Automate Fraud Detection Within Key Business Process Areas

Using Technology to Automate Fraud Detection Within Key Business Process Areas Using Technology to Automate Fraud Detection Within Key Business Process Areas 2013 ACFE Canadian Fraud Conference September 10, 2013 John Verver, CA, CISA, CMA Vice President, Strategy ACL Services Ltd

More information

Internal Control Deliverables. For. System Development Projects

Internal Control Deliverables. For. System Development Projects DIVISION OF AUDIT SERVICES Internal Control Deliverables For System Development Projects Table of Contents Introduction... 3 Process Flow... 3 Controls Objectives... 4 Environmental and General IT Controls...

More information

Auditing Application User Account Security and Identity Management with Data Analytics

Auditing Application User Account Security and Identity Management with Data Analytics Auditing Application User Account Security and Identity Management with Data Analytics James Kidwell, JD, CISA Senior Information Systems Auditor Audit Services Session Agenda and Learning Objectives Brief

More information

Current Uses and Trends in ACL and Data Mining

Current Uses and Trends in ACL and Data Mining Current Uses and Trends in ACL and Data Mining Weaver and Tidwell, L.L.P. January 10, 2013 Marlon B Williams, CPA, ACDA Partner, Assurance Reema Parappilly, CISA Senior Manager, IT Advisory Objective Discuss

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

CONTINUOUS CONTROLS MONITORING

CONTINUOUS CONTROLS MONITORING Clarity. Certainty. Confidence. CONTINUOUS CONTROLS MONITORING Support Regulatory Compliance Improve Cost Management Drive Operational Performance Executives today are more challenged than ever to make

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

Continuous Auditing with Data Analytics

Continuous Auditing with Data Analytics Continuous Auditing with Data Analytics Brooke Miller, CPA, CIA, CPCU brooke.miller@rlicorp.com Sean Scranton, CPCU, CISSP, CISM, CISA sean.scranton@rlicorp.com Overview Understand embedding data analytics

More information

An Auditor s Guide to Data Analytics

An Auditor s Guide to Data Analytics An Auditor s Guide to Data Analytics Natasha DeKroon, Duke University Health System Brian Karp Services Experis, Risk Advisory May 11, 2013 1 Today s Agenda Data Analytics the Basics Tools of the Trade

More information

Leveraging Big Data to Mitigate Health Care Fraud Risk

Leveraging Big Data to Mitigate Health Care Fraud Risk Leveraging Big Data to Mitigate Health Care Fraud Risk Jeremy Clopton, CPA, CFE, ACDA Senior Managing Consultant BKD, LLP Forensics & Valuation Services Introduction Health Care Is Victimized by Fraud

More information

MDaudit Compliance made easy. MDaudit software automates and streamlines the auditing process to improve productivity and reduce compliance risk.

MDaudit Compliance made easy. MDaudit software automates and streamlines the auditing process to improve productivity and reduce compliance risk. MDaudit Compliance made easy MDaudit software automates and streamlines the auditing process to improve productivity and reduce compliance risk. MDaudit As healthcare compliance, auditing and coding professionals,

More information

Healthcare Solutions: Giving you the freedom to care.

Healthcare Solutions: Giving you the freedom to care. Healthcare Solutions: Giving you the freedom to care. viders Our deep industry-wide experience helps create better outcomes across the entire healthcare ecosystem. Gove Better Outcomes What s the business

More information

Using Data Analytics to Detect Fraud

Using Data Analytics to Detect Fraud Using Data Analytics to Detect Fraud Gerard M. Zack, CFE, CPA, CIA, CCEP Introduction to Data Analytics CPE Instructions Course Objectives How data analytics can be used to detect fraud Different tools

More information

Are CAATs keeping you awake at night?

Are CAATs keeping you awake at night? Are CAATs keeping you awake at night? SUMMARY: The importance of using Computer-Assisted Audit Techniques is discussed. A challenge is made regarding the audit profession s traditional methodology. The

More information

Chapter 2 Standards for EHRs 1 Chapter 2 Content: LO 2.1 Describe EHR Standards History LO 2.2 Identify basic HIPAA regulations LO 2.3 List basic CHI regulations LO 2.4 Summarize IOM s Core Functions LO

More information

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized

More information

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S A C a s e W a r e I D E A R e s e a r c h R e p o r t CaseWare IDEA Inc.

More information

OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia,

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances ACL WHITEPAPER Automating Fraud Detection: The Essential Guide John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances Contents EXECUTIVE SUMMARY..................................................................3

More information

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

More information

The HIPAA Omnibus Final Rule

The HIPAA Omnibus Final Rule WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information

Medical Assistance Provider Incentive Repository (MAPIR) - 13 State Collaborative

Medical Assistance Provider Incentive Repository (MAPIR) - 13 State Collaborative Medical Assistance Provider Incentive Repository (MAPIR) - 13 State Collaborative Category Contact Cross-Boundary Collaboration and Partnerships Sandy Patterson, Commonwealth of Pennsylvania Project Initiation

More information

Real- time Performance Improvement for Patient Safety

Real- time Performance Improvement for Patient Safety Real- time Performance Improvement for Patient Safety one two Introduction Real- time Value Proposition three Patient Safety Indicators four five six Point- of- care Alerts & Advice Documentation Improvement

More information

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on

More information

These are some labor burden test queries that auditors can make if they have the contractor s or vendor s labor burden breakdown:

These are some labor burden test queries that auditors can make if they have the contractor s or vendor s labor burden breakdown: Applying Data Mining and Analytics to Efficiently Audit Vendors and Contractors By Paul Pettit, Protiviti Inc. Each year, companies spend billions of dollars to start up, operate and maintain their businesses

More information

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing

More information

Internal Audit Practice Guide

Internal Audit Practice Guide Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

Advanced Forms Automation and the Link to Revenue Cycle Management

Advanced Forms Automation and the Link to Revenue Cycle Management Advanced Forms Automation and the Link to Revenue Cycle Management Chris Joyce Director of Healthcare Solutions Engineering Today s healthcare providers are facing growing financial pressures that can

More information

Business Associate Management Methodology

Business Associate Management Methodology Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates

More information

Using Computer Assisted Audit Techniques For More Effective Compliance Auditing and Monitoring In Healthcare Organizations

Using Computer Assisted Audit Techniques For More Effective Compliance Auditing and Monitoring In Healthcare Organizations Using Computer Assisted Audit Techniques For More Effective Compliance Auditing and Monitoring In Healthcare Organizations Author: Glen C. Mueller, Chief Audit & Compliance Officer, Scripps Health, San

More information

REALIZING MAXIMUM BENEFITS FROM GOVERNANCE, RISKS AND COMPLIANCE (GRC) TOOLS

REALIZING MAXIMUM BENEFITS FROM GOVERNANCE, RISKS AND COMPLIANCE (GRC) TOOLS IT GOVERNANCE SUMMIT OCTOBER, 2015 REALIZING MAXIMUM BENEFITS FROM GOVERNANCE, RISKS AND COMPLIANCE (GRC) TOOLS Presented by Ralph Ugbodu CGEIT, CISA, CRISC, CISSP, CFE, EDRP, ISO 27001 Lead Auditor, COBIT5.

More information

Who is looking at your electronic health record?

Who is looking at your electronic health record? Who is looking at your electronic health record? A practical guide to building an audit plan. April 22, 2013 Sandy Gilmore Audit Plan April 2013 2 1 Audit Plan April 2013 3 Who is looking at your EHR Objectives

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

Information Security Governance:

Information Security Governance: Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens

More information

Use of Data Extraction & Analysis Software In a Financial Statement Audit

Use of Data Extraction & Analysis Software In a Financial Statement Audit Use of Data Extraction & Analysis Software In a Financial Statement Audit A Message from The Audit Wizard April 2008 Making Auditors Proficient, Inc. Phone: 352-750-9636 www.billallen.com E-mail: ballen@billallen.com

More information

DIVURGENT S ACORM FRAMEWORK

DIVURGENT S ACORM FRAMEWORK white paper DIVURGENT S ACORM FRAMEWORK The Right IT Infrastructure for ACOs written by David Shiple CMS Is Driving ACO IT Planning After reading the final rule for Medicare Accountable Care Organizations

More information

Continuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006

Continuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006 Continuous Controls Monitoring ISACA, Houston Chapter August 17, 2006 Purpose of Discussion Understand impact of Continuous Controls Monitoring (CCM) on the Information Systems Audit community To perform

More information

Agenda 3/7/2011. 2011 ERM Symposium March 14 16, 2011. Continuous Controls Monitoring. I. Changes In Corporate Environment

Agenda 3/7/2011. 2011 ERM Symposium March 14 16, 2011. Continuous Controls Monitoring. I. Changes In Corporate Environment 2011 ERM Symposium March 14 16, 2011 Continuous Controls Monitoring Futuristic Approach to Enterprise Risk Management Swissotel, Chicago, Chicago IL. Speakers: Syed M. Ali Alan Ash Sr. Audit Manager, Director

More information

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

What Virginia s Free Clinics Need to Know About HIPAA and HITECH What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics

More information

Healthcare Data Interoperability: What s Required to Establish Meaningful Use

Healthcare Data Interoperability: What s Required to Establish Meaningful Use WHITEPAPER Healthcare Data Interoperability: What s Required to Establish Meaningful Use Driving Healthcare Efficiency As the cost of healthcare increases, so does the drive of healthcare organizations

More information

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas Dallas, Texas Objectives The purpose of this presentation is to develop a general awareness of DLP/SIEM

More information

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive

More information

Integration for your Health Information System

Integration for your Health Information System Integration for your Health Information System Achieve comprehensive healthcare IT integration that leverages your existing IT investments and helps you meet the growing demands of Meaningful Use, HIE,

More information

Inpatient EHR. Solution Snapshot. The right choice for your patients, your practitioners, and your bottom line SOLUTIONS DESIGNED TO FIT

Inpatient EHR. Solution Snapshot. The right choice for your patients, your practitioners, and your bottom line SOLUTIONS DESIGNED TO FIT Inpatient EHR The right choice for your patients, your practitioners, and your bottom line SOLUTIONS DESIGNED TO FIT Our customers do more than save lives. They re helping their communities to thrive.

More information

Framework for Audit Oversight INTERNATIONAL WORKSHOP ON ACCOUNTABILITY IN SCIENCE AND RESEARCH FUNDING JUNE 2 4, 2011

Framework for Audit Oversight INTERNATIONAL WORKSHOP ON ACCOUNTABILITY IN SCIENCE AND RESEARCH FUNDING JUNE 2 4, 2011 Framework for Audit Oversight 1 INTERNATIONAL WORKSHOP ON ACCOUNTABILITY IN SCIENCE AND RESEARCH FUNDING JUNE 2 4, 2011 Overview 2 Forensic Audit and Oversight Forensic Techniques Identify Anomalies Framework

More information

Feature. Multiagent Model for System User Access Rights Audit

Feature. Multiagent Model for System User Access Rights Audit Feature Christopher A. Moturi is the head of School of Computing and Informatics at the University of Nairobi (Kenya) and has more than 20 years of experience teaching and researching on databases and

More information

Fire Department Overtime Audit Report

Fire Department Overtime Audit Report Audit Report Issued by the May 23, 2006 EXECUTIVE SUMMARY The has concluded its audit of the Overtime Procedures at the City of El Paso s Fire Department. The has identified the Fire Department s Overtime

More information

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

AGA Kansas City Chapter Data Analytics & Continuous Monitoring AGA Kansas City Chapter Data Analytics & Continuous Monitoring Agenda Market Overview & Drivers for Change Key challenges that organizations face Data Analytics What is data analytics and how can it help

More information

How to select a practice management system

How to select a practice management system How to select a practice management system New challenges and opportunities are impacting your practice today The physician practice environment is changing dramatically. The transition to ICD-10-CM and

More information

Internal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls

Internal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls Course Name: Internal Auditing & Controls Module: 5 Module Title: Examination phase of the internal audit Lecture and handouts prepared by Chuck Campbell Examination phase of the internal audit Module

More information

A SELECTICA GUIDE ALL THINGS STARK LAW WHAT IS STARK LAW, AND HOW CAN CONTRACT MANAGEMENT SOFTWARE HELP YOU COMPLY?

A SELECTICA GUIDE ALL THINGS STARK LAW WHAT IS STARK LAW, AND HOW CAN CONTRACT MANAGEMENT SOFTWARE HELP YOU COMPLY? A SELECTICA GUIDE ALL THINGS STARK LAW WHAT IS STARK LAW, AND HOW CAN CONTRACT MANAGEMENT SOFTWARE HELP YOU COMPLY? 1 A Selectica Guide All things Stark: What is Stark Law, and how can contract management

More information

Information overload: How to make data analytics work for the internal audit function

Information overload: How to make data analytics work for the internal audit function Information overload: How to make data analytics work for the internal audit function Danny Miller, Scott Higgins and Michael Rose Contents 1 A value proposition for internal audit 2 Leveraging data analytics

More information

Securely Yours LLC Top Security Topics for 2013. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC Top Security Topics for 2013. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC Top Security Topics for 2013 Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps

More information

Tom Deas, Jr. MD, MMM. Karen Van Wagner, Ph.D. Executive Director, North Texas Specialty Physicians

Tom Deas, Jr. MD, MMM. Karen Van Wagner, Ph.D. Executive Director, North Texas Specialty Physicians Essential Role of Health Information Exchange in Quality Improvement Tom Deas, Jr. MD, MMM Board Member, North Texas Specialty Physicians CMO, Sandlot, LLC Karen Van Wagner, Ph.D. Executive Director, North

More information

May 2011 Report No. 11-030. An Audit Report on Substance Abuse Program Contract Monitoring at the Department of State Health Services

May 2011 Report No. 11-030. An Audit Report on Substance Abuse Program Contract Monitoring at the Department of State Health Services John Keel, CPA State Auditor An Audit Report on Substance Abuse Program Contract Monitoring at the Department of State Health Services Report No. 11-030 An Audit Report on Substance Abuse Program Contract

More information

Certification and Meaningful Use of Electronic Health Records what. care leaders must know

Certification and Meaningful Use of Electronic Health Records what. care leaders must know Certification and Meaningful Use of Electronic Health Records what hospice and home care leaders must know OBJECTIVES Define meaningful use requirements of electronic health records Explain certification

More information

Transformational Data-Driven Solutions for Healthcare

Transformational Data-Driven Solutions for Healthcare Transformational Data-Driven Solutions for Healthcare Transformational Data-Driven Solutions for Healthcare Today s healthcare providers face increasing pressure to improve operational performance while

More information

Don t Panic! Surviving a Meaningful Use Audit October, 2014

Don t Panic! Surviving a Meaningful Use Audit October, 2014 Don t Panic! Surviving a Meaningful Use Audit October, 2014 Angie Falletti, RN, PMP Senior Consultant, Encore, A Quintiles Company DISCLAIMER: The views and opinions expressed in this presentation are

More information

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,

More information

Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples

Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples June 3, 2015 Cliff Stephens, CISA Agenda Introductions Technological Advances in Analytics Capitalizing on Analytics

More information

THE ABC S OF DATA ANALYTICS

THE ABC S OF DATA ANALYTICS THE ABC S OF DATA ANALYTICS ANGEL BUTLER MAY 23, 2013 HOUSTON AREA SCHOOL DISTRICT INTERNAL AUDITORS (HASDIA) AGENDA Data Analytics Overview Data Analytics Examples Compliance Purchasing and Accounts Payable

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

Information & Asset Protection with SIEM and DLP

Information & Asset Protection with SIEM and DLP Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the

More information

Data & Analytics in Internal Audit. January 13, 2015

Data & Analytics in Internal Audit. January 13, 2015 Data & Analytics in Internal Audit January 13, 2015 With You Today KPMG Brian Greenberg, Director, Data & Analytics-enabled Internal Audit (National) Sean Mulyanto, Manager IT Advisory (Los Angeles) 1

More information

How To Do In-House What You Do Best, Outsource The Rest

How To Do In-House What You Do Best, Outsource The Rest Do In-house What You Do Best, Outsource the Rest: The Shared Services Model for Release-of-Information (ROI) Processing that Lets Healthcare Organizations Maintain Control, Work Efficiently, and Generate

More information

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations

More information

Please feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.

Please feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees. 17 May 2012 International Internal Audit Standards Board Via e-mail: Lily.Bi@theiia.org Re: Definition of Internal Auditing Ms. Lily Bi, CIA, CISA, CGEIT Director, Standards and Guidance The Institute

More information

2/5/2013. Session Objectives. Higher Education Headlines. Getting Started with Data Analytics. Higher Education Headlines.

2/5/2013. Session Objectives. Higher Education Headlines. Getting Started with Data Analytics. Higher Education Headlines. + Getting Started with Data Analytics Prepared for the UCOP Auditor s Symposium January 30, 2013 and February 14, 2013 Session Objectives 2 Higher Education Headlines New IIA Guidance Visual Risk IQ s

More information

Preventing Healthcare Fraud through Predictive Modeling. Category: Improving State Operations

Preventing Healthcare Fraud through Predictive Modeling. Category: Improving State Operations Preventing Healthcare Fraud through Predictive Modeling Category: Improving State Operations Commonwealth of Massachusetts Executive Office of Health and Human Services Project initiated: July 2012 Project

More information

Dear Honorable Members of the Health information Technology (HIT) Policy Committee:

Dear Honorable Members of the Health information Technology (HIT) Policy Committee: Office of the National Coordinator for Health Information Technology 200 Independence Avenue, S.W. Suite 729D Washington, D.C. 20201 Attention: HIT Policy Committee Meaningful Use Comments RE: DEFINITION

More information

Best Practices for Protecting Sensitive Data in an Oracle Applications Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA

Best Practices for Protecting Sensitive Data in an Oracle Applications Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA Best Practices for Protecting Sensitive Data in an Oracle Applications Environment Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar control panel by clicking on

More information

One Patient, One Record: How Allina completes an award-winning EHR with enterprise content management

One Patient, One Record: How Allina completes an award-winning EHR with enterprise content management Healthcare Enterprise Spotlight Brochure Allina Hospitals & Clinics One Patient, One Record: How Allina completes an award-winning EHR with enterprise content management More than 20,000 users access content

More information

HCCA Audio Conference 2015 OIG Work Plan Part B Physicians and Non-physician Providers November 20, 2014

HCCA Audio Conference 2015 OIG Work Plan Part B Physicians and Non-physician Providers November 20, 2014 HCCA Audio Conference 2015 OIG Work Plan Part B Physicians and Non-physician Providers November 20, 2014 1 OIG Overview Mission To protect the integrity of HHS programs and the health and welfare of the

More information

Presenters. How to Maximize Technology to Improve Care and Reduce Cost 9/17/2015

Presenters. How to Maximize Technology to Improve Care and Reduce Cost 9/17/2015 How to Maximize Technology to Improve Care and Reduce Cost Presenters Justin Miller Director of Synergy Jordan Health services Dallas, TX jmiller@jhsi.com Justine Garcia Director of Software Solutions

More information

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to

More information

Financial Management TRANSACTION CONTROL AND APPROVAL

Financial Management TRANSACTION CONTROL AND APPROVAL Financial Management In today s complex, global, and regulated environment, organizations face numerous challenges in trying to meet deadlines, comply with local regulations and multiple reporting requirements,

More information

Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009

Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009 Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009 Dr. Brett Baker, CPA, CISA Assistant Inspector General for Audit U.S. Department of Commerce OIG Overview Forensic

More information

Application Testing: Not Just for IT Auditors. Insert Logo Here

Application Testing: Not Just for IT Auditors. Insert Logo Here Application Testing: Not Just for IT Auditors Huntington Ingalls Industries Who We Are Over a century designing, building, overhauling and repairing ships for the U.S. Navy, the U.S. Coast Guard and world

More information

RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES

RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES AS ECONOMIC AND FINANCIAL CHALLENGES WEIGH ON, ORGANIZATIONS FIND IT INCREASINGLY DIFFICULT TO LOCATE ENOUGH MONETARY SUPPORT TO HELP FACILITATE THE CONSTRUCTION

More information

Fraud and Abuse. Current Trends and Enforcement Activities

Fraud and Abuse. Current Trends and Enforcement Activities Fraud and Abuse Current Trends and Enforcement Activities Agenda Background Overview of Key Fraud and Abuse Laws Enforcement Recent Significant Cases and Trends Areas of Focus and Challenges for 2014 Identifying

More information

Data Analytics - Current Market Landscape & Trends

Data Analytics - Current Market Landscape & Trends www.pwc.com Top Healthcare Risks: How Information Technologies & Controls Can Help Mitigate Organizational Risk ISACA Los Angeles Chapter November 17, 2015 Introductions Jack Flaherty Director Health Industries

More information

AHIA HCCA Auditing & Monitoring Focus Group Defining the Key Roles and Responsibilities Corporate Compliance and Internal Audit.

AHIA HCCA Auditing & Monitoring Focus Group Defining the Key Roles and Responsibilities Corporate Compliance and Internal Audit. and Requirement: May be required if the organization must comply with Sarbanes-Oxley. Otherwise, is implemented as an organizational governance/business decision and best practice. Purpose: Provide independent

More information

Microsoft Confidential

Microsoft Confidential Brock Phillips, CPA, CFE, CCEP Forensic Accounting Sr. Manager Financial Integrity Unit Microsoft Audit Group Lou DeCola, CPA, CIA, CFE Forensic Accounting Sr. Manager Financial Integrity Unit Microsoft

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Qi Liu Rutgers Business School ISACA New York 2013

Qi Liu Rutgers Business School ISACA New York 2013 Qi Liu Rutgers Business School ISACA New York 2013 1 What is Audit Analytics The use of data analysis technology in Auditing. Audit analytics is the process of identifying, gathering, validating, analyzing,

More information

Official Audit Report Issued July 27, 2015

Official Audit Report Issued July 27, 2015 Official Audit Report Issued July 27, 2015 (MassHealth) Review of Radiology Claims Submitted by Baystate Mary Lane Hospital For the period January 1, 2013 through December 31, 2014 State House Room 230

More information

Hillside Medical Office

Hillside Medical Office EHR Case Study Hillside Medical Office Hillside Medical Partners with Pulse to Quickly Achieve Meaningful Use pulseinc.com Pulse Complete EHR 8 board-certified physicians. 40 employees. Over 65 years of

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview

More information

CA Technologies Healthcare security solutions:

CA Technologies Healthcare security solutions: CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA

More information

Comptroller of Maryland Information Technology Division Annapolis Data Center Operations

Comptroller of Maryland Information Technology Division Annapolis Data Center Operations Audit Report Comptroller of Maryland Information Technology Division Annapolis Data Center Operations March 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY

More information

Innovative Projects: Big Data Revisited (An ACHE Qualified Education (Cat II), 1.0 Hour CEU)

Innovative Projects: Big Data Revisited (An ACHE Qualified Education (Cat II), 1.0 Hour CEU) 2015 ACHE-SETC Conference on Healthcare Leadership Innovative Projects: Big Data Revisited (An ACHE Qualified Education (Cat II), 1.0 Hour CEU) Jessie L. Tucker III, Ph.D., FACHE Harris Health Executive

More information

Data Management Practices for Intelligent Asset Management in a Public Water Utility

Data Management Practices for Intelligent Asset Management in a Public Water Utility Data Management Practices for Intelligent Asset Management in a Public Water Utility Author: Rod van Buskirk, Ph.D. Introduction Concerned about potential failure of aging infrastructure, water and wastewater

More information

Open Platform. Clinical Portal. Provider Mobile. Orion Health. Rhapsody Integration Engine. RAD LAB PAYER Rx

Open Platform. Clinical Portal. Provider Mobile. Orion Health. Rhapsody Integration Engine. RAD LAB PAYER Rx Open Platform Provider Mobile Clinical Portal Engage Portal Allegro PRIVACY EMR Connect Amadeus Big Data Engine Data Processing Pipeline PAYER CLINICAL CONSUMER CUSTOM Open APIs EMPI TERMINOLOGY SERVICES

More information

Case Study Success with a. into a Corporate Integrity Agreement (CIA)

Case Study Success with a. into a Corporate Integrity Agreement (CIA) Case Study Success with a Corporate Integrity Agreement (CIA) More than 100 affiliated physician practices and healthcare facilities Operations in multiple states More than 2,000 Covered Persons under

More information