This is audit cycle in health care
Stage 1 – Preparation
• Choose a topic :
o Preferably one which is a high priority for your organization.
o This may involve areas in which there is a high volume of work, high risks or high costs of care, or an area identified as a priority by patients.
• Identify available resources –eg :
o Your organization may have a local audit lead or office
o There may be existing guidelines defining desired standards for the topic you have choosen.
Stage 2 – Select Criteria
• Define the criteria. This is should be in the form of a statement –eg, ‘All patients with
hypertension who smoke should be offered smoking cessation advice’.
• Define the standard – usually a target (percentage). This may be a minimum standard or an
optimal one, depending on the clinical scenario.
Stage 3 – Measuring level of performance
• Collect the data :
o May be from computerized records, manual collection, or both.
o May be retrospective or prospective.
• Analyze the data collected :
o Compare actual performance with the set standard.
o Discuss how well the standards were met.
o If the standards were not met, note the reasons for this(if known).
Stage 4 – Making improvements
• Present the results and discuss them will the relevant teams in your organization.
• The results should be used to develop an action plan, specifying what needs to be done, how it
will be done, who is going to do it and by when.
Stage 5 – Maintaining improvements
• This follows up the previous stages of the audit, to determine whether the actions taken have been effective, or whether further improvements are needed.
• It involves repeating the audit (i.e. targets, results, discussion); hence the terms ‘ audit cycle’ or
‘audit spiral’.
Security auditing
A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. A thorough audit typically assesses the security of the system's physical configuration and environment, software, information handling processes, and user practices. Security audits are often used to determine regulatory compliance, in the wake of legislation (such as HIPAA, the Sarbanes-Oxley Act, and the California Security Breach Information Act) that specifies how organizations must deal with information.
According to Ira Winkler, president of the Internet Security Advisors Group, security audits, vulnerability assessments, and penetration testing are the three main types of security diagnostics. Each of the three takes a different approach and may be best suited for a particular purpose. Security audits measure an information system's performance against a list of criteria. A vulnerability assessment, on the other hand, involves a comprehensive study of an entire information system, seeking potential security weaknesses. Penetration testing is a covert operation, in which a security expert tries a number of attacks to ascertain whether or not a system could withstand the same types of attacks from a malicious hacker. In penetration testing, the feigned attack can include anything a real attacker might try, such as social engineering . Each of the approaches has inherent strengths, and using two or more of them in conjunction may be the most effective approach of all.
How do you analyse your audit data?
The purpose of data analysis is to find evidence to answer the questions posed by the audit objectives. Although quantitative and qualitative methods should compliment each other they do provide different perspectives and answer different questions within any one broad area.
There are two main types of data analysis:
Quantitative data : is concerned with counting and measuring, auditing patients who for example received good pre-operative information regarding processes -v- patients who didn't receive such good information. It would show improvement or failure of the input of clinical audit to the healthcare system, but would not necessarily be able to show that the data collected was either significantly good or bad.
Qualitative data : on the other hand is more of a social science, concerned about how people think and behave in the way that they do. With specially tailored questions good and bad data could be identified. It allows for a richer 'pool' of answers that may have been missed in applying a quantitative approach.
How do I choose the right method of collecting data?
You must plan the methodology in detail to consider the most effective and accurate way of collecting the data you require. You must decide whether you will look back at existing data (retrospective) or collect data as it happens (prospective). You must also ensure that your sample size is large enough to be representative of the population, condition or process you are auditing.
Source 1 : http://www.gain-ni.org/index.php/resources/clinical-audit/all-about-audit-data Source 2 : http://www.patient.co.uk/doctor/audit-and-audit-cycle Source 3 : http://searchcio.techtarget.com/definition/security-audit
0 komentar:
Posting Komentar