Surviving a records audit: 6 steps to prepare your organization: although most records are created electronically, physical records continue to proliferate and demand that organizations seek software solutions that meet the requirements for effectively managing records in both media.

• Author: Simons, Neil

[ILLUSTRATION OMITTED]

In 2007, actor George Clooney and his girlfriend were cruising through northern New Jersey when their motorcycle was hit by a car and they were briefly hospitalized at Palisades Medical Center in North Bergen, N.J. There, according to The New York Times, the temptation to look at the famous actor's Health Insurance Portability and Accountability Act (HIPAA)-protected medical information proved irresistible to as many as 40 hospital employees. Some even tried to sell the records to the tabloids.

This fact was later uncovered during a records management audit of HIPAA compliance routinely conducted by the hospital's records management personnel. Needless to say, it caused quite a stir, and dozens of medical personnel were suspended without pay.

More importantly, the hospital uncovered serious lapses in its records management practices and was able to quickly institute records access policy changes to prevent future federal statute violations. What's more, the medical center's records managers emerged with their reputations intact, rather than being the scapegoats. This incident serves as a good illustration of the value of internal audits.

Why Audit Yourself?

Every organization should consider a policy of regular records management audits for several reasons.

First, internal records audits are essential to ensuring your organization is following its internal standards and practices- and can prove it, if required, to external auditors, regulatory agencies, and courts.

Second, they are essential for complying with your organization's regulatory or oversight bodies and to ensure your organization's records are meeting regulatory criteria and the recordkeeping is legally defensible.

Records audits also can contribute to improved business processes--not just within records management itself, but within the business units responsible for the records.

Finally, but perhaps most importantly, if you regularly audit your records management policies, practices, and systems, you'll automatically be prepared for virtually any external audit scenario.

Testing your ability to pass an external audit usually means conducting a simulated audit based on your records management policies. You can conduct mini audits with a portion of your policies or audit all your records management policies at one time.

These types of internal audits can prove invaluable if an auditor from a regulatory agency calls you and gives you a week to prepare for a full-blown sales audit. If internal records management audits are part of your standard operating procedure, there's no reason to hit the panic button. Instead, it's just a part of your normal, routine business practices. You know what to do, your staff knows what to do, and other players, like your IT department, know what to do.

Key to any organization's preparation is gaining an intimate knowledge of the operational, legal, and regulatory issues respective to your organization or industry. As a records and information management (RIM) professional, you must either know these issues yourself- or...