B.2 Internal and external scrutiny

The following table summarises reports during the reporting year on aspects on the Health Directorate’s operations.

 

Name of agency Nature of inquiry/
report title
Recommendations/outcome of inquiry Response to the outcome of inquiry
Protiviti Review of controls and systems in place to ensure that reporting is adequate to meet the needs of activity based funding requirements Three recommendations were made relating to:
  • establishing and formalising accountabilities and reporting structures with activity-based funding (ABF) program management. ABF business rules should also be defined, and supported by formalised policies and procedures
  • considering using additional resources to support current management and facilitate a more diversified and sustainable team with ABF skills
  • formalising data input procedures that address timeliness, completeness and accuracy. These procedures should be communicated to hospitals for consideration.
ACT Health agreed to all recommendations.
Pricewaterhouse Coopers Review of
information security
Seventeen recommendations were made relating to:
  • preparing an overarching information security risk assessment and information security policy, clarifying responsibilities for clear ownership and accountability for information security, and refreshing policies to ensure consistency and currency
  • formalising an Information Asset Register to improve identity of key information sources, including ownership and responsibilities of information assets
  • developing a document that defines information security requirements, associated policies and improves staff awareness
  • reviewing and updating information security policies and procedures for completeness, practicality and consistency; together with a compliance regime
  • defining a classification framework that outlines how different classes of information should be categorised and handled
  • assessment of which processes are used in multiple business areas, to streamline and standardise these processes
  • running security awareness training to meet the needs of those receiving the training
  • developing a compliance regime
  • including information security incidents in the incident reporting framework and categorising in accordance with the International Standards Organisation (ISO) 27002
  • phasing out the usage of generic logons
  • restricting access to unapproved USB devices, where there is no business need
  • deploying email classification-marking software and associated staff training
  • implementing technology that prevents the copying of files to insecure locations
  • implementing an Electronic Records Document Management System, which is integrated and available to all staff
  • minimising the number of duplicate information requests from patients
  • investigating Mobile Device Management solutions to control
    ACT Health’s information on mobile devices
  • assessing integration of mobile devices clinical workflows, efficiently and effectively in a secure manner.
ACT Health agreed to 11 recommendations. One recommendation was noted in relation to implementing an electronic records document management system. Three recommendations were partially agreed in relation to restricting access to USB devices, developing a strategy to phase out generic logons and minimising the number of duplicate information requests from patients. Two recommendations were agreed-in-principle relating to deploying e-mail classification marking software and implementing controls that prevent and detect copying of files to insecure locations.

 

 

Name of agency Nature of inquiry/
report title
Recommendations/outcome of inquiry Response to the outcome of inquiry
Pricewaterhouse Coopers Review of purchasing
of medical and
surgical supplies
Seven recommendations were made relating to:
  • further formalising policies and procedures in relation to purchasing and inventory management
  • centralising monitoring and management of consignment stock function
  • updating stocktake procedures and determining the most appropriate levels of stock on hand
  • ensuring stock that is disposed of is recorded in the inventory management system
  • reviewing the option to create a register for re-usable items
  • ensuring the process of developing Surgeon preference cards is completed
  • Surgical and Oral Health extending the scope of its future internal reviews to include the consideration of the cost effectiveness of custom packs.
ACT Health agreed to four recommendations. Two recommendations that were partially agreed to related to stocktaking and stock obsolescence. One recommendation agreed to in principle related to reusable items.
Pricewaterhouse Coopers Review of compliance with Freedom of Information (FOI) procedures Five recommendations were made relating to:
  • updating the FOI guidance to further highlight compliance requirements and importance of compliance
  • keeping a formal registry of all training sessions held and recording the attendance of all staff via a compulsory sign-in sheet
  • updating procedural documents and guidance in relation to the performance of the FOI coordination role
  • updating the ‘Guidance Package’ to reflect current estimate rates and also the process for deducting the first 10 hours charges to align with the Attorney-General’s (Fees) Determination 2012
  • ensuring that completed timesheets are returned with the requested FOI documents from the responsible areas, and include capturing the FOI Coordinator’s time where applicants are to be charged fees.
ACT Health agreed to all recommendations.
Pricewaterhouse Coopers Review of Oxygen and Equipment Schemes with Rehabilitation Aged and Community Care (RACC) Three recommendations were made relating to:
  • upgrading the MES@LS application software to address the deficiencies of its current functionality
  • performing an assessment of available resources, funding, consumer
    preferences and risk level of different types of equipment in terms of programmed scheduled maintenance
  • investigating the ability to scan and save all related application
    forms and referrals into MES@LS against a certain piece of equipment on loan.
ACT Health agreed to all recommendations.
Pricewaterhouse Coopers Review of contractor compliance with health
and safety
Seven recommendations were made relating to:
  • working with Shared Services Procurement to ensure that safety key performance indicators are incorporated into contracts that enable the relevant ACT Government entity to effectively manage contracts for significant breaches or repeat offences
  • updating their policies and induction to improve the level of detail contained in the Work Health and Safety Act 2011
  • seeking to have the Contractor Safe Work Practice and Compliance Policy classified, reviewed and finalised
  • establishing clear definitions for each class of contractor and their associated responsibilities and risk profiles
  • ensuring that project managers for small builds and refurbishments are aware of their accountabilities relating to sub-contractors used on campus
  • ensuring that project managers for small builds and refurbishments [i.e. non Health infrastructure Program (HIP) works] are aware of their accountabilities relating to sub-contractors used on campus
  • reviewing the contractor sign-in records to ensure that all relevant fields are included.
ACT Health agreed to five of the recommendations. One recommendation
is noted relating to establishing clear definitions for each class of contractor.
One recommendation has been
agreed-in-principle relating to key performance indicators.
Pricewaterhouse Coopers Review of governance practices relating to Health Infrastructure Program (HIP) Eleven recommendations were made relating to:
  • reviewing the HIP project management governance documents in existence and having them updated, consolidated and made available from a single location
  • conducting a performance review of committees and meetings in operation with respect to project governance
  • reviewing risk management policies and procedures that extend to the identification and assessment of project risk, risk treatment, mechanisms to monitor, review and communicate on risks
  • implementing a regular independent review of the HIP to assess performance in line with the governance framework and to provide assurance that policies and procedures are in place to monitor project and contract management performance
  • developing and implementing project and contract management performance criteria
  • working with Shared Services Procurement to ensure that the contract management recommendation can be implemented
  • incorporating in policy the requirement for a project to identify in advance where specialist skills are required and obtain approval from a governance body such as the Expert Advisory Panel that it is appropriate
  • routinely reviewing and updating the governance framework
  • designing a project management framework to support the HIP
  • developing policies and procedures to assist staff with understanding the processes necessary to carry out their project management responsibilities
  • as part of updating the project management framework, developing a file cover sheet that lists all the key materials that would be expected for a given project.
ACT Health agreed to ten recommendations and one recommendation was noted
in relation to developing risk management policies and procedures.

 

 

Name of agency Nature of inquiry/
report title
Recommendations/outcome of inquiry Response to the outcome of inquiry
Auditor-General’s Office Australian Capital Territory Public Service Recruitment Practices (Report No.8/
2012 Tabled in the Legislative Assembly on
25 October 2012)
Two recommendations were made relating to: ACT Health: improving recruitment timeliness by reviewing processes to identify potential opportunities for efficiencies in consultation with Shared Services Human Resources identifying and documenting reasons for delays in actual recruitment processes improving records management and documentation of recruitment processes providing time-to-hire information to the Commissioner for Public Administration to assist with the preparation of the annual ACT Public Service Workforce Profile. ACT Health agreed to all recommendations.
Internal Audit
and Risk Management branch
Review of whether the content and storage of medical records complies with medical and legal requirements Eight recommendations were made relating to:
  • implementing recommendations in locations’ action plans to assess the on-going use of facilities and to consider finding better locations and consider options for sentencing of those records
  • implementing action plans to remedy identified gaps so that ACT Health better complies with legislation whilst also implementing a revised and improved medium- to long-term strategy for storage of heath records
  • reviewing the contract between the commercial storage providers to assess options for improved services
  • implementing a consistent revised and improved medium- to long-term strategy for storage of heath records across ACT Health
  • undertaking an OHS risk assessment at facilities
  • considering finalising the records management program
  • considering updating its business continuity policy for the clinical record service
  • considering whether clinical divisions should include essential clinical record documentation as part of their audit schedule to reinforce good clinician documentation practice.
ACT Health agreed to five recommendations. Three recommendations were partially agreed relating to implementing recommendations in locations’ action plans, implementing a consistent strategy for storage of health records and consider options for sentencing of those records.
Protiviti Review of Construction of the Adult Acute Mental Health Inpatient Unit Sixteen recommendations were made relating to:
  • utilising business cases and budget submissions as the basis for funding allocation
  • the Redevelopment Unit developing initial assessment of the most appropriate governance and structural arrangements
  • increasing ‘in house’ major healthcare construction project expertise before continuing further with the HIP
  • defining the role of the primary user health service along with a clear definition of when it must be involved and what skills and capabilities it is expected to bring to that involvement
  • designing program governance with a clear outcome in mind both at a program as well as a project level
  • outlining a clear delegation structure for financial, design, contractual, scope and human resources matters being established and enforced
  • establishing an independent project assurance mechanism for the HIP
introducing the following governance arrangements for HIP projects: – a specific mandate (and capability and capacity) for the Redevelopment Unit to initiate reviews to assess a need for reconsideration of project strategy or management should this be required – the establishment of project ‘gateways’ at which the Redevelopment Committee should formally assess whether projects should be continued
or suspended.
  • considering application of some of the better practice features of design sign-off
  • robustly assessing different contract forms to ensure the contract form used best manages the Territory’s (and the project’s) risk given the individual
    project circumstances
  • focusing more on core project management and cost control disciplines
  • assigning an experienced risk manager with appropriate skills, authority and accountability to ensure effective identification and management of risks
  • establishing a standard or better practice basis for monthly reporting from the projects within the program
  • taking responsibility for accumulation and monitoring of all cost sources associated with any project within the HIP
  • appointing a quantity surveyor with appropriate skills and knowledge of the program, to provide independent assurance on forecast final costs on projects
  • ensuring that any ‘value engineering’ or ‘value management’ activities include specificity on how savings will be achieved, a risk assessment associated with each savings initiative, and a tracking mechanism for achievement of savings.
ACT Health agreed to all recommendations