Objectives
The objectives of this audit are to:
1. Validate that Customer has possession of all Consents relied upon;
2. Verify Customer is using authroized Consent methods;
3. Verify all Consents are in force; and
4. Validate that Customer requesting PI and/or PHI from SettLiT for the purposes stated in the SettLiT Services Agreement.
Process
All audits will be performed pursuant to the Consent Audit Process summarized below.
Scope
In order to meet the objectives of the audit, SettLiT will perform fieldwork in the follow areas:
- Customer will be subject to monthly audits beginning the first month that Customer initiates requests for PHI under this Agreement.
- If after three (3) monthly audits, Customer consistently meets the objectives of the audit, Customer will be moved to an annual audit cycle.
- If Customer is not meeting the objectives of the monthly audit, Customer will be reviewed and may be restricted from any further ordering until issues are deemed corrected by SettLiT or Custodian. Customer's allowed continued service under the SettLiT Services Agreement will be subject to an additional three (3) month audit cycle. If Customer consistently meets the objectives of the audit in the subsequent three (3) month audit cycle, Customer will be moved to an annual audit cycle. If Customer does not meet the objectives of the monthly audit, the Agreement will be subject to termination.
- SettLiT or Custodians will compile a list of randomly selected names from prior Authorized Requests for a previous timeframe. The number of Consents requested is unlimited and could require all past requests to be provided.
- Customer will have ten (1) day to aggregate the Consents corresponding to the names on the list and submit them to SettLiT. SettLiT will perform an internal review of the submitted Consents, personal information, supporting documentation (including substitute decision maker documentation), and legal representative or signature use agreements to validate the legitimacy of acquired Consent.
- All written results will be submitted to SettLiT and Customer. Any recommendations will be included in the results.
- All lists of individuals, their Consents and audit results will be stored by SettLiT and/or Custodians, for up to seven (7) years, for future reference and comparisons.
