HR compliance report: county completes fall training rollout; 12 HIPAA/incident reports and several audits noted

Deb Makowski, director of Human Resources and county compliance officer, presented the county’s six-month compliance report to the Audit & Control Committee. Makowski said the county completed a summer training cycle with 100% participation and deployed updated fall training modules covering required topics tied to PESH/OSHA, state and federal mandates.

Makowski reported 12 HIPAA and related incident reports during the period (the majority in August). She said none of the incidents constituted an actual reportable breach; most were email address errors (10 emails sent to the wrong recipient but destroyed before being read) and one instance where client paperwork was handed to the wrong client and returned immediately. One more involved a client who shared payment-account details with an outside contact; the bank flagged fraudulent checks and county staff implemented positive-pay protections on client disbursement accounts and involved the sheriff and federal investigators as appropriate.

The compliance office completed or reviewed six audits (early intervention, preschool, SNAP-related, child support services, Office for Aging and CDBG). Five audits had minor findings for which corrective action plans are being developed; the CDBG audit was 100% compliant. Makowski said the compliance committee continues monthly meetings and is moving into annual policy reviews; 16 compliance-related policies are in an annual review cycle.

Why it matters: the report documents internal controls, training compliance and incident response steps taken to contain potential exposures (positive-pay bank controls, counseling memos for employee errors and corrective-action plans for audit findings).

Ending: Committee members asked technical questions about payment controls and confirmed that the county will continue policy reviews and prepare for the next countywide training on compliance and ethics.