We sat down with Ajenay Drummond, Compliance Director at EMS Management and Consultants (EMS|MC), to discuss her organization’s five-year journey with The Guard compliance platform. With an extensive background in revenue cycle management and compliance since 2007, Ajenay offers candid insights into the realities of implementing automated compliance management in a growing healthcare organization.
Background & The “Before Times”
Q: Can you tell us about your role and background?
Ajenay: I work with EMS|MC as their Compliance Director. I’ve been with the company on and off since 2007, and I have a very extensive background in revenue cycle management from an operational and a compliance standpoint.
Q: What was compliance management like before Compliancy Group?
Ajenay: We did a lot of manual processes. I’d like to say we had a good foundation to start with, but we also came to you later in life. Even when I started back in 2007, we had a stronger compliance foundation than some, but prior to that we were doing a lot of Excel spreadsheets. We were doing a lot of “hey, we do this on an annual basis” or “we know we’re supposed to do XYZ.” It was slightly less defined than it is now.
Risk Assessment Transformation
Q: Risk assessments are notoriously time-consuming. How has The Guard transformed your ability to manage them?
Ajenay: The Guard really—I would say that the types of questions that you all ask are very relevant to our industry. They’re very pointed to the privacy rule, to HIPAA, the regulations that are going on, the security aspect of things. They’re very pointed to any updates that have recently come out.
One of the features I absolutely love is you’re either meeting it, you’re not, or you’re partially meeting it. So in most cases we’re meeting it, right? But if I as a director decide “you know what, we’re meeting it but I do think we could improve XYZ,” I have the opportunity to put “partially met” and give direction to the team about when we’re going to do this.
It’s not just one assessment—there’s multiple assessments that you can access, save, make it a requirement across the board. So it’s not just a compliance thing. It’s a compliance and IT and operational thing. We are actively working together to make sure that we’re meeting goals, and if there’s gaps, there’s visibility.
Q: Which programs are you currently using?
Ajenay: We’re using the data security, the physical safeguards, privacy and breach programs. I want to say we have the business tier—probably the higher plan that you all offer. We also have the training component, which is very robust.
Operational Efficiency & Vendor Management
Q: How has the tool simplified your overall compliance management?
Ajenay: As a lead for our compliance department, ease is an understatement. Let me use the vendor section as an example. You offer the capability to list your business associate agreements, to list your communication between the two, to list the vendor risk assessments to make sure you’re asking that third party vendor that you should have a contract with.
You give us the opportunity to reach out to them to say, “how are you protecting PHI?” So if the question should arise like “do we have a contract with such and such,” there’s a contract management section. From a compliance standpoint, I build that into our regular process—if we’re having a third party vendor onboarded, I’m very involved from a compliance standpoint.
There’s the transparency, the communication between departments, but there’s also the understanding and support that I have in asking the right questions to these third party vendors. The team knows like, “we’re getting a vendor. Do we engage compliance?” we’re going to tell the vendor, “you can expect a vendor audit from us.”
ROI & Business Impact
Q: Let’s talk ROI. When you go to executives or board members, how do you demonstrate the return on investment?
Ajenay: It’s high. I’m going to pick one section of it, which is integrations. If you’re a company who’s looking to grow and integrate, this has been a very necessary part of our process because it allows visibility between even different locations. It’s a part of our everyday process, but as we partner with another organization or integrate with another location, we can clearly see any gaps in the process whether it’s from a physical standpoint, an IT standpoint, a privacy standpoint.
For example, let’s say we partnered with someone and they had a vendor that we didn’t have a business associate agreement with. When they go through this process, they’re going to run into the obvious question like, “do you have a BAA? Who are your vendors?” It provides the opportunity and prompts us to just really be engaged on a level that you probably wouldn’t be otherwise.
The cost savings speak for themselves because you’re lowering your risk. You’re educating employees, you’re creating healthy habits that will eventually hopefully keep you out of the OCR’s radar. And that is a goal.
Q: Would you describe The Guard as an “insurance policy”?
Ajenay: For my organization, I don’t know that I would say insurance policy—maybe if I was a smaller company, I would feel like it would be an insurance policy because I would know that you guys were there for me and to teach me maybe the things that I didn’t know.
I feel like we have a good compliance team, a good compliance foundation, so maybe my answer is a little skewed. I don’t feel like it’s an insurance plan. I feel like it’s more of a support. If we ever have to answer to hard questions—like if we have a phishing attempt—there was a big IT breach years ago that impacted the federal government and a lot of organizations. We used the letter that Compliancy Group wrote, the attestation that says, “this organization is making efforts to be compliant in XYZ areas.” It looks great. You’re taking the extra step to protect your data, to educate your staff, to move in the right direction.
Time Savings & Productivity
Q: What time savings have you realized, and what can you do with that extra time?
Ajenay: Let’s pick on research, right? Just the amount of time for me to research and realistically—I’m on board with updates that come out, but just the idea of “let me see if this question is still applicable. Has that law been updated in this specific section?” The privacy rule is pretty in-depth, but like “has this area been impacted or updated?” That information is readily at my fingertips. I can even click on a link in there and have access to what that rule means. You guys break it down from a question perspective—you give me that context.
From a time perspective, I have room to work on other goals, to check on other areas. We’re becoming very compliant from an overall federal standpoint, but there’s so many more aspects to being compliant—there’s state laws and just our everyday routine things that come up. But I have room to build and manage my team and grow and reach my goals in other ways. And I feel much more confident because Compliancy Group is supporting our compliance efforts.
Implementation Journey & Change Management
Q: How has the implementation evolved over your five years using the platform?
Ajenay: The first year is rough because you’re asking all the hard questions, right? You’re having those uncomfortable conversations. You’re laying it all on the table. The second year feels a little bit more comfortable. But by the third year, fourth year, you’re in the swing of things. Like this is routine. You built it into your process. It’s not a surprise. It’s not just a “hey guys, it’s that time of year” like a SOC 1 or SOC 2 audit would be. It’s normal practice.
Customer Support & Service
Q: How responsive is the support team when you need help?
Ajenay: Compliancy Group is very responsive from a support perspective. If I have questions or my team may have questions about anything in particular, I can chat, I can call, I can email and get very quick responses. From the support aspect, you essentially teach us to have great habits, and then if they’re implemented successfully with your organization, you’re just setting your organization up for success.
Q: What stood out about the customer service?
Ajenay: The support team held our hands throughout the first part of the process. It was very new. It was a lot more intensive than what any of us were expecting. But what stood out was the level of customer service. The EMS industry is a different industry in itself—the healthcare industry is huge, but the EMS industry is a very specialized portion of that.
What stood out is that you covered your bases. Even if I had a need or if we grew in a different direction from a healthcare perspective, I have no doubt that I’d be able to get the information that I need from a compliance standpoint from your platform.
Recommendation & Honest Advice
Q: What would you tell someone considering The Guard?
Ajenay: I would tell them absolutely, highly recommended, but I would also caution them to make sure that you have leaders or control owners of that process who are committed to the process because it can be intensive. If you don’t have the level of dedication needed to complete the risk assessments and be upfront and honest in answering those questions and being a bit vulnerable, right?
I have the conversations when we have a big group and I’m like, “listen, don’t worry about who’s on the call or what you should have done. Someone may have asked you to do this and you didn’t. We don’t care about that right now. We need you to say we’re either meeting or not. This is how we identify our gaps and then we’ll make a plan moving forward.”
I would highly recommend just having someone who can own that process, follow through with it and make it incorporated into your everyday routine for it to be the most successful.
