There’s a ton of regulations to follow; CQC, H&S, GDPR, IG to name a few. A practice should have a program to ensure compliance but I’ve always found it can be counter to efficiency, not very patient focused, and difficult to find someone to take ownership of.
Recognising it as a pririoty, and that we had a skill and ownership gap, I’ve recruited the skills into the team in the appointment of a Compliance Lead.
Our Lead has the responsibility of ensuring the required policies and procedures are in place and are being followed. To implement a rolling program of audit to check all activities are carried out in compliance with regulations. They will:
Identify- existing controls, process ownership, access levels, operating systems, policies, and procedures.
Assess - to find all potential gaps, risks, and vulnerabilities and review the likelihood of each vulnerability occurring.
Prioritise - the key areas and implement plans to rectify based on risk level.
Test - after rectifying to assess the effectiveness of any new processes that are put in place.
Report - the ratio of compliant to noncompliant processes. To give a compliance % and target to improve.
It will benefit the practice, are you doing something similar in yours?
Comments