A Day in the Life with the Office of Compliance, Audit and Privacy Services

Spanning responsibility across each of the Stony Brook Medicine hospitals, ambulatory sites and Health Sciences schools, the OCAPS team develops and executes annual workplans that align with high-risk processes to be monitored, analyzed and improved.

Joseph Rega, the Director of Hospital Compliance, manages a team of compliance analysts and medical auditors. He attended Stony Brook University and subsequently worked in a nonprofit organization, which focused on individuals with developmental disabilities, where he was promoted to become responsible for compliance to protect the organization’s assets. This experience led him to work in a hospital setting, as the approach to compliance activities is similar. He compared the world of compliance to lifeguarding, in which the team is fully engaged to dive in and assist many areas of the organization that require support.

Jacquleen Booth, a newer member of the OCAPS team, shared a humorous story about how she was named after a character on “Ryan’s Hope,” who is strong-willed, and lives up to her name. For that reason, she named her daughter Autumn in hopes that she would be “cool and breezy” but is actually quite like her mom. Jacquleen started her career as a bank teller and quickly moved up the ranks to become an operations manager. She expresses passion about how processes and systems worked and always was interested in the “why,” which led her to becoming an auditor for bank branches. 

Jacquleen also shared that her sister experienced a life-threatening illness and was treated at Stony Brook University Hospital, saving her life. As a result, Jacquleen seized the opportunity to work on the hospital’s audit team, concentrating on adding value for the organization to continuously improve performance.

While some team members from OCAPS are relatively new to Stony Brook, there are a few seasoned team members with longevity at Stony Brook University Hospital, as well. In fact, when I worked in the Quality Division at Technology Park, I had the pleasure of working with Anita Hiranandaney, Senior Internal Auditor, and Cristina Striffler, Privacy Manager. Both recalled stories about working together in the building, including a time when popcorn was left in the microwave and set off a fire alarm, causing everyone to evacuate the building. Both Cristina and Anita bring extensive experience to OCAPS, guiding newer members of the team through departmental processes.

Yves Mevs, the Director of Internal Audit, shared an interesting story as to how he came to work for Stony Brook. He and his wife commuted from Long Island to New York City. One of his clients happened to be Stony Brook University, so he suggested to his wife that she apply for a job at Stony Brook, since the culture and atmosphere were welcoming. As it turns out, she wasn’t able to find the right job; however, when a Senior Internal Auditor position opened, Yves successfully applied for the position, improving his quality of work life and commute.

In the early 2000s, Frances Ifemesia, a Senior IT Auditor, initially dreamed of becoming a lawyer; however she quickly pivoted from studying political science to working toward a master’s degree in Information Technology. During her tenure, she focused on Y2K testing and spent time in England where she met her husband and started a family. She noticed a job posting for Stony Brook and applied to the position, hearing back from us while she was on vacation. Jet-lagged, she made it through the interview process and landed the job. Frances expressed that her colleagues in the office are lovely, competent and engaging. She enjoys her work to continually add value to our processes and systems.

Privacy and the Health Insurance Portability and Accountability Act (HIPAA) areas focus on the importance of protecting and securing health information to prevent and avoid breaches that violate patient rights and can result in financial penalties. Dara Goldstein, the Chief HIPAA Privacy Officer, described a typical day in the office. Dara regularly reviews reports and incidents associated with potential HIPAA violations and fields questions from staff and faculty. Stony Brook’s breach monitoring detection software, FairWarning, monitors the electronic medical record for appropriateness of access. 

While the electronic record brings many benefits to healthcare delivery, privacy is more difficult due to ease of access; however, safeguards such as FairWarning and our policies and procedures help to protect patient health information. Dara also described accompanying changes in policies and procedures that link to identifying high utilization in the radiology information system that can potentially identify privacy risks.

The OCAPS team emphasized the importance of guiding principles that all staff, faculty, family members and neighbors must receive confidential healthcare without fearing that their information will be compromised — and the team takes this work very seriously. We, as members of the healthcare team, must respect privacy. Although our roles may grant us access to sensitive information, we must only do so for an authorized purpose; otherwise it infringes on the rights of others. Dara further reflected that she is pleasantly surprised at how collegially and collaboratively Stony Brook staff members work with the Privacy Team, as the Privacy Team’s recommendations and guidance are well received and implemented.

Matt McElroy, Senior Compliance Analyst, is serving as the Committee Chair to organize Compliance and Ethics Week, which began on Nov. 6. He has created compliance videos, which are being shared throughout the organization, and strives to identify fun and engaging compliance activities for all staff members during this celebratory week.

Patricia and I continued our Day in the Life visit by traveling to Stony Brook Eastern Long Island Hospital to hear from the Information Technology team about their experience working through a recent audit focused on access control and the data control center. Dan Scotto, the Information Technology Director, relayed that a recently completed audit added value, allowing the department to continually improve processes to reduce risk. The audit was conducted in a professional manner, and it was a genuinely positive experience. 

Similarly, we visited with the Quality Department, led by Tara Kraemer, to discuss the integration between risk management, quality, compliance and privacy activities that are vital to the operation of the hospital.

Continuing on our compliance journey, we ended the day at Stony Brook Southampton Hospital, where we were greeted by Cecelia Sheridan, the local Privacy Officer for the hospital. She walked us to the Patient Access—Admitting Office, where we met with Derek Tooker. Cecelia demonstrated the use of a HIPAA Rounding Audit Tool, which is a standardized checklist, to review various aspects associated with privacy. 

(A video clip of the HIPAA Rounding Audit Tool review in the Stony Brook Southampton Hospital Patient Access—Admitting Office with Derek Tooker and Cecelia Sheridan)

From ensuring that visitors and passersby cannot view protected health information on computer monitors to confirming staff knowledge regarding the criteria for accessing records appropriately and compliantly, policies and procedures were reviewed to ensure we are meeting privacy standards and requirements in alignment with regulatory agency expectations. The team at Stony Brook Southampton Hospital reiterated how it is using the health services in our system and recognize the importance of safeguarding protected health information. The HIPAA Audit Tool is a resource used to address goals in the annual compliance workplan.

It was noted by the teams at Stony Brook Eastern Long Island Hospital and Stony Brook Southampton Hospital that OCAPS provides knowledge, expertise, resources and tools to ensure success and continuously improves performance in order to mitigate risk. There is a sense of collegiality and collaboration, which fosters a culture of trust and transparency.

The Compliance team, under Joe Rega’s direction, also includes Jasmine Beach, Kathleen Cariello, Cassandra Equale and Rosanna Montero, who continually focus on coding, external government audit reviews and audits, and exclusion surveys to ensure that accurate information is shared with external agencies. The Audit team, under Yves Mevs’ direction, includes Jacquleen Booth, Melanie Cincotta, Anita Hiranandaney, Frances Ifemesia and Gregory Pietronuto, while Dara Goldstein and Cristina Striffler work closely on privacy matters. The glue keeping everyone together and on track includes Shannon Brandow and Joan Jachowdik.

Throughout my visit, it was incredible to watch the OCAPS team exude excitement over their work products and relationships with departments within the Stony Brook Medicine health system, while adding value through audits, compliance and privacy reports. Likewise, the recipients of these reports recognize the tremendous value of these activities that ultimately leads to improvement and increased organizational compliance.

Thanks to the OCAPS team for continuing to weave ethics and compliance into our daily work.
And of course, it all starts with the “tone at the top” from Patricia Cooper, our steadfast Chief Compliance Officer who lives by the quote that was cited earlier… “Do what is right, not what is easy.”

Carol Gomes, MS, FACHE, CPHQ
Chief Executive Officer
Stony Brook University Hospital