This exhibit was las updated on June 3, 2024.
Objectives
The objectives of this audit are to:
- Validate that Customer has possession of all Authorizations relied upon;
- Verify Customer is using Authorization form that Data Vendor approved;
- Verify all Authorizations are in force; and
- Validate that Customer requesting PHI from the Data Vendor System for the purposes stated in the Agreement.
Process
All audits will be performed pursuant to the Authorization Audit Process summarized below.
Scope
In order to meet the objectives of the audit, Data Vendor will perform fieldwork in the follow areas:
- Customer will be subject to monthly audits beginning the first month that Customer initiates requests for PHI under this Agreement.
- If after three (3) monthly audits, Customer consistently meets the objectives of the audit, Customer will be moved to an annual audit cycle.
- If Customer is not meeting the objectives of the monthly audit, Customer will be reviewed and may be restricted from any further ordering until issues are deemed corrected by Data Vendor. Customer's allowed continued service under this Agreement will be subject to an additional three (3) month audit cycle. If Customer consistently meets the objectives of the audit in the subsequent three (3) month audit cycle, Customer will be moved to an annual audit cycle. If Customer does not meet the objectives of the monthly audit, the Agreement will be subject to termination.
- Data Vendor will compile a list of randomly selected names from prior Authorized Requests for a previous timeframe. The number of Authorizations requested will not exceed ten (10) in any monthly or annual audit cycle.
- Customer will have ten (10) days to aggregate the Authorizations corresponding to the names on the list and submit them to Data Vendor.
- Data Vendor will perform an internal review of the submitted Authorizations to validate the form and purpose, check for signature and effective date of Authorization.
- All written results will be submitted to Data Vendor and Customer. Any recommendations will be included in the results.
- All lists of individuals, their Authorizations and audit results will be stored by Data Vendor, for up to six (6) years, for future reference and comparisons.
