University of Kentucky Internal Audit (UKIA) Activity Report for UK HealthCare (UKHC) September 13, 2019
I. Risks and Concerns II. UKIA Structure for UK HealthCare III. Work Product (Previous, Current, Future)
UK HealthCare Profile Public Exposure External Factors Materiality • • • 40,909 patient discharges Grants $1.7 billion in revenue in 2018 – an average of • Federal/state Building Efficiencies Private 113 per day through Strategic • Contracts • 677,996 hospital Transformation (BEST) Vendor • outpatient visits Pharmacy Partnerships • Retail 1.7 million ambulatory • Industry accreditation Hospital clinic visits The Joint Commission Audit Duration Control Environment 1 Control Environment 2 • • • Annual financial statement Key leadership changes Implementation of • audit 8,875 Full-time Electronic Health Record • Regulatory compliance equivalent employees (EHR) system • • audits Ancillary locations Numerous applications Federal (50+) State • Physical infrastructure Data centers Network
I. Risks and Concerns II. UKIA Structure for UK HealthCare III. Work Product (Previous, Current, Future)
Regulatory Compliance Common Events • Pharmacy Regulations Industry-wide UK HealthCare Drug Pricing Program • Fair Labor Standards Act • HIPAA Violations (FLSA) • Health Insurance • Time Reporting Portability and Accountability Act (HIPAA) • False Claims Act • Emergency Medical Treatment and Labor Act (EMTALA) • Stark Law
Regulatory Compliance Common Events • Pharmacy Regulations • Dispensing Industry-wide UK HealthCare Drug Pricing Program • Fair Labor Standards Act • Non-Compliance (FLSA) with HIPAA • Health Insurance Portability and • Time Reporting Accountability Act (HIPAA) • False Claims Act • Emergency Medical Treatment and Labor Act (EMTALA) • Stark Law
Information Technology Common Events • Cybersecurity • Single Enterprise Industry-wide UK HealthCare EHR Platform • Disaster Recovery Maintenance and Updates • Infrastructure • Role-based Access • Deprovisioning • Capacity Management • Encryption • Access Management • Access Management • Endpoint and Mobile • Mobile Device Device Management Management • Server Configuration
Information Technology Common Events • Cybersecurity • Single Enterprise Industry-wide UK HealthCare EHR Platform • Disaster Recovery Maintenance and Updates • Infrastructure • Role-based Access • Deprovisioning • Capacity Management • Encryption • Access Management • Access Management • Endpoint and Mobile • Mobile Device Device Management Management • Server Configuration
Business Operations Common Events • Health Information • Contract Industry-wide UK HealthCare Management Management • Tracking • Billing and Collections Transactions • Charge Capture • Cash Handling • Coding • Manual Coding
Business Operations Common Events • Health Information • Contract Management Industry-wide UK HealthCare Management • Tracking Transactions • Billing and Collections • Cash Handling • Charge Capture • Manual Coding • Coding • Inventory Management
I. Risks and Concerns II. UKIA Structure for UK HealthCare III. Work Product (Previous, Current, Future)
Auditing Structure By Enterprise Divisions University Campus Finance and Academics Administration UK HealthCare Operations Administration Affiliates UK Research Foundation Central Kentucky Management Services Mining Engineering Foundation Gluck Equine Foundation Center on Aging Foundation Humanities Foundation
UKIA Hours By Enterprise Division Fiscal Year 2019 Hours Enterprise FY 17 FY 18 Division Academics 21.46% 20.77% Academics UK HealthCare 23% 29% (3,728 hrs.) (4,557 hrs.) Campus Operations 11.87% 5.6% Affiliates Finance and 12.98% 34.83% Administration Campus Operations 12% (1980 hrs.) Administration .4% 3.12% Administration Finance and Administration 3% Affiliates .11% 1.1% 33% (521 hrs.) (5,188 hrs.) 53.18% 53.18% 34.57% 34.57% 0% Affiliates HealthCare HealthCare (8,857 hrs.) (8,857 hrs.) (4,667 hrs.) (4,667 hrs.)
UKIA Resources Dedicated to UK HealthCare • As of March 2019, UKIA dedicated one principal IT auditor and one senior business auditor to work with UKHC. • The two audit consultants now collaborate with the infrastructure team for UKHC inquiries and investigations.
UKIA Structure Compliance Program - Repetitive Audits - Data Mining UK Infrastructure Healthcare Support Inquiries & Two Investigations - Quality Dedicated - Communications Resources Project Administration
I. Risks and Concerns II. UKIA Structure for UK HealthCare III. Work Product (Previous, Current, Future)
UKIA Activity in UK HealthCare Fiscal Years 2017 - 2019 Nine UKIA Services • Comprehensive Reviews Inquiries & • Repetitive Audits Investigations • 10 Assessments Consultations Comprehensive • Follow-up Reviews 3 Reviews • Consultations 18 • Inquiries & Investigations • Follow-Up Information Reviews Technology Reviews 9 • Data Mining • Repetitive Training Audits 13 Assessments 3
Approved Work Prioritization Processes Contract Management 1 Family Educational Rights 2 and Privacy Act (FERPA) Health Insurance Portability and 3 Accountability Act (HIPAA) Conflicts of Interest 4 5 Regulatory Compliance 6 Student Fees 7 Agency Accounts 8 ProCard 9 Cash Handling 10 Vendor Master File 11 Deprovisioning 12 Capital Construction
Approved Work Prioritization Processes Units 1 Contract Management Alumni Associations Family Educational Rights 2 Shared Services and Privacy Act (FERPA) Health Insurance Portability and 3 Service Centers Accountability Act (HIPAA) 4 Conflicts of Interest 501(c)(3) Entities Required by Kentucky Revised 5 Regulatory Compliance Statutes (KRS) 6 Student Fees Academic Units 7 Agency Accounts ProCard 8 Cash Handling 9 10 Vendor Master File 11 Deprovisioning Capital Construction 12
Approved Work Prioritization Processes Units Applications 1 Contract Management Alumni Associations In-house Applications Family Educational Rights 2 Shared Services Server Configuration and Privacy Act (FERPA) Health Insurance Portability and 3 Service Centers Unit Applications Accountability Act (HIPAA) 4 Conflicts of Interest 501(c)(3) Entities Required by Kentucky Revised 5 Regulatory Compliance Statutes (KRS) 6 Student Fees Academic Units 7 Agency Accounts ProCard 8 Cash Handling 9 10 Vendor Master File 11 Deprovisioning Capital Construction 12
FY2020 UK HealthCare Work Prioritization: Current Activities Approved Work Project Name Risk Factor Components* Prioritization Contract (15) (16) Event (7) Industry 2019 MC02 Crothall Management Operational Identification Compliance 2020 MC01 Center of (5) State (2) Customer (18) IS Excellence in Rural Health Regulations Type Applications Regulatory 2019 MC04 Ryan White (1) Customer (6) Federal (20) Management Compliance Grant Clinical Review Type Regulations Requests 2020 RA03 UK HealthCare (6) Federal (5) State (16) Event Nursing Trauma and Acute Care Regulations Regulations Identification Surgical Services (ACSS) Cash Handling, 2019 MC05 Patient (16) Event (9) Transaction (12) Internal Audits Expanded Scope Financial Services Identification Volume (20) 2019 CP06 College of (4) Program (6) Federal Academic Unit Management Medicine Expansion Visibility Regulations Requests Clinical Unit, 2020 PP06 Family and (16) Event (2) Customer (15) Operational Expanded Scope Community Medicine Identification Type * See Appendix A at the end of this presentation.
FY2020 UK HealthCare Work Prioritization: Follow-Up Activities Approved Business Risk Responsible Work Project Name Factor Area Prioritization Components* Contract UK HealthCare Network Medical Devices Review Management Administration College of Clinical Unit Ophthalmology - Administrative Procedures Medicine College of Clinical Unit Sanders Brown Center on Aging (7) Industry Medicine Compliance UK Pharmacy Cash Management Kentucky Clinic Pharmacy Cash Handling (15) Operational Pharmacy Cash Handling Turfland Retail Pharmacy Cash Handling Services University Health Pharmacy Cash Handling (20) Management Specialty Pharmacy Cash Handling Requests Pharmacy ProCard UKHC Pharmacy Services ProCard Services UKHC Good Samaritan Security Regulatory UK Police UKHC Chandler Security Compliance Department UKHC Eastern State Hospital Security *See Appendix A at the end of this presentation.
FY2020 Audit Projects Affecting UK HealthCare Approved Work Project Name Risk Factor Components* Prioritization (20) 2020 CP01 Cost Savings (15) Contract Management Management Analysis Operational Requests (7) Industry (6) Federal (5) State Regulatory Compliance Grants Compliance Regulations Regulations (9) Vendor Master File (18) IS Vendor Master File Transaction (5) Operational (Campus-wide) Applications Volume 2020 CC02 Conflicts of (16) Event (12) Internal Conflicts of Interest Interest Identification Audits * See Appendix A at the end of this presentation.
Recommend
More recommend
