Gatekeeping vital to a best practice organization

Gatekeeping should be viewed as a first line of defense, protecting not only a healthcare organization, but the patients as well. In a Health Care Compliance Association (HCCA) webinar titled “Gatekeeping & Monitoring – Developing Sound Processes for Screening, Removal & Reinstatement,” Amy Andersen, Director of Operations at Verisys Corp., noted that every organization can be sorted to a risk aversion spectrum. On one end, the most risk-averse organizations use best practice compliance to achieve stellar outcomes. On the other end, non-compliant organizations risk fines and loss of reputations. The greatest cost to organizations in terms of monetary impact to establish gatekeeping measures is the change management and system implementation. Regardless, best practices organizations need to be proactive about gatekeeping and monitoring, not after the fact.


The best way to protect organizations is to implement a gatekeeping strategy. Gatekeeping is ensuring that information is properly disseminated among an organization and its association. Thus, the first consideration for an organization is which parties are being let into the organization. Organizations should not only focus on the healthcare professionals within their organizations, but the vendors and contractors employed by the organization. Andersen noted that the vendor space was one of the most overlooked areas in protecting an organization.

Secondly, once an organization permits vendors or individuals into the organization, it must readily identify any gaps. In essence, Andersen said that the organization should understand what it knows and does not know about the admitted vendor or individual.

Finally, the organization should establish criteria for admittance of these vendors or individuals. Thus, an organization’s gatekeeping strategy should include three parts: (1) identification, (2) communication, and (3) remediation.

Identification, communication, and remediation

At a most basic level, identification starts with screening and monitoring. Some barriers to gatekeeping include data “hoarders,” those entities who do not share what they know or require you to go through a gate itself. These entities can be threats to the organization.

Andersen advised that organizations should examine and avoid unconsidered risks. In terms of credentialing, Andersen stressed “verify, verify, verify.” These risks are created when an organization silos information within itself. She cautioned against this, noting that organizations should do holistic reviews to determine whether the departments within the organization are communicating any risks effectively.

Access to information is vital. Once identification generates data for the organization, relevant information must be made visible. After policy and procedure access occurs, the organization must take action in a consistent manner. This is includes removal of individuals from the organization or vendor from a business relationship, expectations should be laid out clearly. Any auditing that is done should be unbiased and adhere to industry standards.

12 commandments for the operational efficiency of health IT

Health care IT operational efficiency must balance cost effectiveness with patient safety and care quality, according to a Health Care Compliance Association (HCCA) webinar presented by Manuel Lloyd, a health IT (HIT) operational efficiency expert. Lloyd noted that HIT operational efficiency depends on risk management, minimized service disruptions, patient relationships, and the establishment of benchmarks.

Operational efficiency

 Lloyd offered the following “twelve commandments” for operational efficiency and alignment:

1. Identify and focus on the highest value activities.
2. Service multiple customers with varying requirements using only limited resources.
3. Define, measure, and report relevant metrics to help with fact-based decision-making.
4. Improve efficiency by automating standard tasks and applying lean principles to your work.
5. Unite teams and processes by understanding interdependencies and their impact.
6. Influence the organizational culture to support continual improvement activities.
7. Improve communication by encouraging the use of common terminology.
8. Identify alignment opportunities with the business by identifying and understanding the value chain.
9. Save costs by centralizing activities and teams using well-defined fit-for-purpose and fit-for-use processes.
10. Be in control by clearly understanding your process responsibilities and expected outputs.
11. Build trust within the organization by understanding and aligning stakeholder goals, objectives and incentives.
12. Demonstrate business focus by taking a customer-centric approach to services.


Lloyd suggested that providers and compliance professionals keep their focus on data because, he said, Data Rules Everything Around Medical™ (DREAM™). Thus, because operational efficiency is ultimately driven by data, Lloyd explained that capacity management is a crucial component of continued efficiency as data becomes more complex and data storage needs increase. He also recommended that all data incident management be processed through a service desk so that “data about the data” will always be contained in a single location. He also noted, because of the importance of patient expectations, providers need to have effective workaround to minimize disruptions in HIT systems.