7 Monitoring and Reporting: The Most Bang for the Buck 7 Monitoring and Reporting: The Most Bang for the Buck
7.1 Objectives and Discussion Questions 7.1 Objectives and Discussion Questions
Monitoring and auditing is typically the last element that a program grows and matures. Yet, it is arguably the most valuable because it moves the program from reactive to detective if not preventive. It is the element where technology and AI has the most promise to reduce defects and manage risk.
Discusssion Questions:
1. You are a CCO (Chief Compliance Officer). How would you describe the difference between monitoring and auditing to your CEO?
2. What's an example of AI being used in compliance-related monitoring today?
3. Pretend you are the Privacy Officer and answer the question in the hypo at the end of the chapter.
7.2. SCCE: Monitoring, Auditing, and Reporting
7.3 AI in Monitoring 7.3 AI in Monitoring
7.3.1. https://www.skadden.com/insights/publications/2024/05/the-informed-board/ai-enabled-compliance
7.4 Role of Audit 7.4 Role of Audit
7.4.1. Recognizing the Value of Independent Assurance
7.5 Hypo: Can we accept low risk? 7.5 Hypo: Can we accept low risk?
You are the Privacy Officer at an integrated health system. Your privacy team is drowning in reports from proactive monitoring and hotlines. They have come to you with two recommendations:
1) Discontinue investigating the “hits” that involve only one patient, whether flagged by the monitoring program or on intake from the hotline. The hotline intake includes about half that are anonymous, e.g. "someone, somewhere, sometime accessed my record."
2) Turn down” the monitoring rules used so that they flag on patterns of inappropriate access at a higher threshold, e.g., 5 co-workers instead of 1, 2 famous persons rather than 1.
How will you take a risk-based approach to this? What types of risks will you include in your analysis?