FierceHealthcare FierceHealthIT FierceMobileHealthcare FierceHealthPayer
FierceHealthFinance FierceEMR FiercePracticeManagemtn Hospital Impact

Wikio - Top Blogs - Health

Hospital Impact has been ranked one of the top 50 healthcare blogs by Wikio.

Get the RSS Feed


Advertise with us

Contact us

Internal controls will be a necessity of meaningful use compliance

November 1st, 2009

by Joe Ingemi

In my last post for Hospital Impact, I spoke of the possibility of standards-based meaningful use criteria, and performance-based meaningful use, such as recording the number of smokers enrolled in cessation. Hidden beneath these regulations are a whole other set of compliance standards that are yet to be discussed: internal controls.


When you hear the term 'internal controls,' you may think of them in terms of the financial industry's Sarbanes-Oxley (SOX) compliance. However, internal controls have also manifested within the healthcare and life sciences industries. HIPAA deals with internal controls in the concept of how privacy is protected. The FDA regulation, 21 CFR Part 11, takes into account internal controls by requiring audit trails on access to GMP data stored electronically.

Internal controls will ultimately be required for meaningful use compliance, especially the performance-based regulations. For instance, if a provider must report the number of smokers enrolled in a cessation class, how can it verify whether the number is accurate? Although there is no way to be 100 percent certain, internal controls could help improve the certainty. Audit trails and electronic signatures can verify who accessed the files. Standard Operating Procedures can confirm whether those individuals have authority to adjust the enrollment number. Then, training records can confirm if those individuals understand what those enrollment numbers represent.

The need for providers to establish a meaningful use compliance framework is not a question of "if," but rather a question of "when." Providers must begin thinking in terms of standards, performance and internal controls.

Joseph Ingemi is a blogger, Certified Information Systems Auditor, and certified Project Management Professional who writes about healthcare IT issues. He also consults on healthcare IT issues through his company, Pinarus Technologies.


Get Hospital Impact in your inbox!

List in Marketplace | Supplier in Marketplace