Ethics Program, Training and Compliance Auditing in the Health Sector

INTERNAL MEMO 

TO: John Smith, Executive Director 

FROM: Peter Brown 

RE: Ethics Program, Training and Compliance Auditing 

DATE: 21 st June, 2018 

With this memo you are hereby notified of planned initiatives to develop and implement an ethics program, staff training and monitoring of intended plans. Customer confidence and satisfaction is of paramount importance for the fulfillment of our organization vision and mission and therefore it is important to create a sense of trust and confidence within our clients. As we strive to provide our clients with quality healthcare services, the need for information privacy for our clients is paramount and should not be disclosed to third parties under any circumstances. Despite the continued annual review of the organization non-disclosure policy, there is the need to revise the standards and procedures to ensure client confidentiality is observed. 

The ethics program will be implemented in three phases. The first phase will entail the development of the organization standards and procedures that will seek to improve the organizations’ standards and procedures. The organization employees will be taken through the proposed standards and procedures to ensure clarity on the acceptable practices and actions on the employees’ part. The final step will include the setting up of a monitoring, auditing and evaluation system to check program adherence and effectiveness. The main intention of developing the ethics program is to ensure that the organization will be able to meet its vision and mission of quality healthcare for the clients and to become the health facility of choice by the community. 

People Wellness Health Facility (PWHF) has embraced technology so as to ease information access, storage and handling. However, it has been noted that there are emerging trends that pose risks to the gains made through the utilization of these technological innovations. The confidentiality of clients’ information and clients’ safety has been threatened as a result. Gonzalez-Padron (2015) observes that with the centralization of information and communication, organizations face the threat of breakdown in critical information infrastructure and networks, increase in cyber-crimes and risk of data fraud and theft. Felkey & Fox (2015) observe that errors related to technology are either those of omission or commission in nature. Healthcare professionals have been known to fail to carry out certain activities or perform their duties in the wrong manner resulting into negative health outcomes. Healthcare workers have also been noted to develop an attitude of complacency and therefore fail to countercheck the information that is received from the technological sources (Felkey & Fox, 2015). With the introduction of government financing to health facilities so as to subsidize the cost of healthcare to the citizens, cyber security threats are on the rise (Brammar, 2014). Identity theft and patient information leakages have been on the rise as people unlawfully use the medical information of other people to access subsidized healthcare services. 

Chui, Manyika & Miremadi (2017) state that technology has been embraced across the world but the pace of adoption varies across countries. China, India, Japan, United States, France, Germany, Italy, Spain and the United Kingdom are considered as some of the leading countries in technology adoption based on the employee remuneration figures associated with automatable activities (Chui, Manyika & Miremadi, 2017). Businesses across the world are regulated by foreign compliance regimes (Usnick & Usnick, 2013). The businesses are regulated by the federal agencies and governed by agencies that have a say in their operations. Usnick & Usnick (2013) state that the United States financial institutions are governed by more than a dozen agencies that monitor the activities of these organizations abroad. 

While technology has been adopted in many sectors, the health sector is one of the areas where technology can be utilized to ease the workload. Health Information Technology is used in health facilities to carry out many functions. Among these functions is to promote self care management and patient engagement by the care givers. This is achieved through the use of portals, personal health record apps, social media venues and mobile devices (Felkey & Fox, 2015). However, all these innovations pose a risk to the Health Information Technology systems. The exchange of information across all these avenues has created a loophole for leakage of patient information threatening their safety and confidentiality. Leakage of client information can lead to legal battles between the clients and the government as the policy of confidentiality has been breached hence massive loss of country resources to meet the compensation costs. The safety of patients can also be threatened as their lives might be at risk due to the revelation of sensitive information. At times the security of the country can also be threatened due to such leakages for instance in the case of highly contagious fatal diseases. Identity theft to enable access to healthcare services at subsidized rates also puts financial pressure on the government as the number of people accessing these services is more than the numbers of people whom the government had initially intended to access the services. 

As PWHF strives to mitigate the risk of cyber security within the organization, it is important for the organization to acknowledge that this risk touches on both the organization and the customers. Gonzalez-Padron (2015) states that ethical issue intensity needs to be recognized as pertaining to the importance of the ethical issue. While businesses are making ethical decisions, it is important that they assess the organizations’ growing scale and its impacts, improvement in sensors that measure impacts and heightened stakeholders’ sensibilities. When making ethical decisions concerning the threat of cyber security, the organization will factor in the impact that it has on the community and the surroundings. The decisions made will be those that result into positive outcome to the community and cause no harm to the environment. The organization will put in place technological initiatives that will measure the actual outcomes of the organization activities and provide tracking mechanisms that enable tracing of misconduct within the organization. PWHF will also ensure that the norms among the public will be observed and decisions made will not be contrary to the public expectations. 

Businesses are at times forced to make decisions on ethical issues that attract a lot of pressure from the stakeholders. The stakeholders in a business include the organization staff, customers and suppliers. The business may be forced to make a decision that may not be of the same view across the stakeholders (Gonzalez-Padron, 2015). Gonzalez- Padron goes further to categorize the ethical issues as those that are in line with most people, those that affect a section of the people and those that go against what is acceptable to majority of the people. Through regular scanning, organizations can be able to anticipate these issues by looking at credible and reliable resources. This divergence in views tends to create some kind of discord among the stakeholders. During decision making, the customers’ views are prioritized over all the stakeholders as they build the reputation of the organization. 

Ethics programs, training and compliance auditing is of importance to the organization as it will provide an orderly manner in running the business. The regulations, policy and code of conduct will provide a guide to the organization employees to act in a prescribed manner (Gonzalez-Padron, 2015). It also protects the business from legal cases and also acquisition of a bad reputation as the organization employees will be warned against engaging in practices that can lead to legal prosecution and unacceptable outcomes. Evaluation of the organizations’ effectiveness will also be achieved through audit and where results are below expectations improvements will be made and good practices replicated (Usnick & Usnick, 2013). 

Following changes in the organizations’ standards and procedures, the staff will undergo training on the program’s objectives and relevant policies. The organization staff members who will undergo training include the Board of Directors, managers and the rest of the staff members. The goal of the training program is to provide efficient healthcare services for the patients. The objective of the training program is easy access to quality healthcare services by patients through improved technological systems. 

The training will be divided into various parts. Instructor led training will enable the training participants to get an overview of the proposed standards and procedures. The instructor will make use of power point presentations, video presentations that will lead into discussions and whiteboard. Interactive sessions will include group discussions where the participants will be divided into small groups and presented with an issue for discussion and present their views to the rest of the participants. The participants will also be expected to take part in role play sessions. These sessions will entail participants acting out certain scenarios as presented by the instructor. The final method under the interactive session is the question and answer session where the participants will be allowed to present their queries and concerns to the instructor for clarification or further explanation. As the changes proposed a review of the technology, the participants will be exposed to practical sessions whereby the instructor will demonstrate the new set skills that the participants need to be aware of and giving them a chance to practically do it themselves. This session will be broken down into different clusters as different employees will be charged with different kinds of interaction with the technological platform. Participants will also be given access to an e-learning platform that seeks to provide additional knowledge to the skill set that the staff members already possess. 

Following the training sessions, the organization will undertake evaluation techniques to assess the effectiveness of the training in updating the staff of the proposed changes in standards and procedures and the cost effectiveness of the training. The staff members will be required to fill in a pre-training assessment questionnaire before undertaking the training. At the completion of the train, the staff members will also be required to fill in a post assessment questionnaire. The satisfaction level of the participants will be measured through the questionnaires that the staff members will fill in at the end of the training. Staff members will also be required to fill in questionnaires regarding the knowledge that they have acquired following the training sessions. The organization will also monitor the behavior of the staff members so as to check for change in practice following the acquisition of the new skills and knowledge. 

Training participants will be given an introduction session on the areas that the training will cover. In this case the participants will be given a brief introduction on the standards and procedures that they will be trained on. The instructor will then provide the participants with the relevant information in detail. During the video sessions and practical sessions, the instructor will inform the participants on what they are about to see beforehand. Hands on learning approaches like the discussion groups, role play and practical sessions will be used so as to ensure the participants are absorbing the information. The participants’ feedback and reactions from the training sessions will act as a guide for the instructor to revise planned activities or changing some of the training aspects so as to ensure that the participants are understanding the information the is being passed to them. During the end of the training session, the instructor will repeat the information that was presented to the participants during the introduction for the sake of emphasis. 

Usnick & Usnick (2013) states that the purpose of compliance audits is to establish how well organizations are adhering to the set rules, policies, procedures and standards. Compliance initiatives have become more structured and formal as the government provides rewards for those who demonstrate compliance efforts while those who do not are punished (Usnick & Usnick, 2013). Legal actions can be taken against organizations that fail to comply with the set rules and regulations. Usnick & Usnick (2013) observe that organizations are required to comply with industry protocols, licensing requirements and standards and ethical concerns. Compliance audits at the People Wellness health facility will be conducted on a three tier level. The first tier will be at the organization level so as to establish whether it is abiding to the set regulations of the industry as regarding privacy of customer information. The auditors will look at the list of beneficiaries of the standardized health services and establish whether there were any fraudulent activities leading to other beneficiaries apart from the intended ones. The second level of audit will be at the governance level to examine whether the Board of Directors is competent on Information Technology issues to establish the level of governance challenge. The audit team will be involved in the outsourcing of Information Technology services so as to ensure that the contact agreed upon includes oversight, monitoring and auditing of the service providers. The audit team will also review the access control process so as to establish whether the layered approach of processes approval is adhered to with the management providing the final approval. At the staff level, the audit team will review the company IT system so as to establish whether each of the staff members is accessing organization information through the organization machines or they are also using their personal machines. 

In conclusion, it is important to establish an effective ethics and compliance program in order to protect the organization. Through the ethics program, the organization will be able to protect itself from activities and conducts by the employees which can put the organization in problems with the legal system and regulatory bodies. The program will enable the organization to put in place mitigation measures that the emerging risks pose to the organization. An establishment of standards and procedures for the organization employees will regulate the behaviors of the staff members hence mitigating against instances where the staff put the organization at risk of breaking the law. Training of the staff members on the proposed changes enables a clear understanding of the standards and procedures for the organization operations. Through training monitoring, the organization will ensure that the staff carries out the standards and procedures in the appropriate manner as prescribed by the organization. Compliance audit will check whether the organization and the staff members are carrying out their duties according to the laid down rules and regulations of the industry as well as the organization. Compliance audits will enable detection of malpractices early enough and offer control measures of the organization actions as well as the staff members. 

References 

Brammer, R.F (2014), Technology trends that will impact risk and compliance in 2014 , retrieved from http://www.corporatecomplianceinsights.com/technology-trends-that-will-impact-risk-and-compliance-in-2014/ 

Felkey, B.G & Fox, B.I. (2015), Health information technology risks, external threats and human complacency, Hosp Pharm, 5 (6) 550-551 

Gonzalez-Padron, T. (2015), Business ethics and social responsibility for managers (Electronic version). Retrieved from https://content.ashford.edu/ 

Chui, M., Manyika, J. & Miremadi, M. (2017), The countries most (and least) likely to be affected by automation, Harvard Business Review 12, retrieved from https://hbr.org/2017/04/the-countries-most-and-least-likely-to-be-affected-by-automation 

Usnick, L. & Usnick, R. (2013), Compliance program auditing: The growing need to insure that compliance programs themselves comply, Southern Law Journal, 23 (2), 311-327