Regulatory and Accreditation Compliance Services
Margret\A Consulting, LLC has extensive experience in preparing organizations to implement regulatory and accrediting agency initiatives and to ensure ongoing compliance. Our team has helped healthcare organizations achieve positive results for HIPAA, JCAHO, NCQA, URAC, GLBA, MMA, and other regulatory/accrediting activities. Our approach is to offer only the services you need:
- Awareness, Education and Organization – we help organizations create awareness, obtain executive management commitment, organize a cross-functional project team, orient management to their responsibilities, and deliver educational programming for their workforce.
- Assessment and Risk Analysis – we have developed a bank of assessment and risk analysis tools that can help an organization conduct the right assessment for their compliance activities. A high-level investigation of current documentation, practices, and technology assist in identifying highest priority initiatives for compliance. We also provide focused assessments and more detailed analysis of risks.
- Compliance Project Plan Development – we facilitate the customization of a model project plan, assignment of resources, and timeline for compliance project components. The process includes defining project organizational components, roles, and job descriptions.
- Business Associate/Trading Partner Readiness – particularly for HIPAA, but also for other compliance initiatives that require interfacing with other entities, we assist organizations develop contractual language necessary to establish applicable relationships. We provide model documents, work with your legal counsel, or provide attorney services.
- Corporate Strategy and Risk Profiling – Many compliance initiatives require organizations to assess their needs and risks, and devise, implement, and maintain appropriate compliance activities. We facilitate determining management’s level of risk tolerance and coordinating corporate strategy with compliance plans to achieve business initiatives and guard against derailment of other priorities.
- Comprehensive Assessment and Risk Analysis – To determine the most cost-effective solutions in accordance with an organization’s risk tolerance and industry benchmarking, we help organizations value their assets, identify threats, and evaluate costs of mitigation relative to the compliance initiative being undertaken. Examples of such assessments include:
- HIPAA Privacy assessment includes review and ongoing compliance assessment. Privacy auditing may include establishment of key indicators, appropriate triggers, and auditing tools, as well as actual performance of an audit, feedback presentation, and full report with recommendations for remediation.
- HIPAA Security risk analysis may include introduction to concept, provision of tools, or actual performance, including social engineering test, perception profiles, security penetration testing (sub-contracted), and development of a formal risk analysis profile. Tools and deliverables include: perception studies, risk analysis spreadsheet, policy and procedure inventory, physical facility inventory, applications and device inventory.
- HIPAA Transactions and code sets analysis helps identify gaps, vendor preparedness, and transition strategies to adopting the required transactions.
- JCAHO Preparedness provides an ongoing resource for review, mock survey assistance, or focused corrective action relative to information management.
- Remediation Services – we can supply oversight or direct management, including managing the project plan, identifying teams, managing change initiatives, creating metrics, acquiring technology, drafting policies and procedures, providing training, overseeing installation, testing scripts, executing communications plans, and conducting internal compliance review.
- Training – possibly one of the most critical success factors for any compliance initiative is the cultural change required to achieve compliance. We offer a variety of training tools from onsite facilitation and courses to development of training packages.
- Documentation and Ongoing Monitoring – “if it’s not documented, it’s not done” is a key factor in ensuring that compliance can be substantiated. All tools used in consulting services are included in the deliverables to the clients. These are either ready for or easily modifiable for compliance tracking.
- Independent Verification and Validation – for organizations that conduct compliance implementation themselves, for large organizations using multiple contractors, or for organizations who want an unbiased view of their progress toward compliance, we provide independent verification and validation of compliance readiness, risk assessment, and ongoing monitoring activities. We use our client base as a benchmark of readiness and our extensive involvement in industry activities as a means to target compliance goals.