Keeping Pace with Regulatory Change

We see what you see happening in the industry: massive ongoing change.

Starting with the most basic change of all: change to the underlying industry itself.

While there has recently been a slowdown, it’s clear that consolidation and mergers for payers and providers of all types will continue due to the ongoing political football that is healthcare reform. Regardless of what happens politically, it will involve a change in approach to our existing healthcare system.

Massive change and growth in technology and automation have caused some major problems despite being amazing solutions.

Solutions like electronic medical records cause the problem of protecting electronic patient data, amazing new networked or wireless medical devices likewise cause an ongoing security issue, and the ability to bring data to the point of care using BYOD (bring your own device) brings along with it issues surrounding information security and PHI.

Increase in adoption and priority of compliance and GRC programs puts the spotlight on the compliance function.

The number of health care organizations that have a robust, complete compliance program has grown, HCCA membership has grown to over 7700 since its founding and over 2900 people have obtained their CHC. Compliance, by necessity, has become a top organizational priority for both providers and payers.

Once organizations created the compliance role as a must-do, to check the box. Now thanks to the HITECH Act and the Responsible Corporate Officer doctrine, executives and board members are being held directly accountable for lapses in compliance as it relates to information security and reimbursement. This direct accountability, not surprisingly, has raised the priority of GRC (Governance, Risk and Compliance).

Organizations are changing their approach to governance, risk management and compliance.

More than ever before, compliance is a team sport, involving every role at every level of the organization. It requires full participation at every level to be successful, involving collaboration across the enterprise.

The massive change in volume has forced COs into a reactive stance of chasing after risk and compliance instead of managing it.

Here's something we all fully understand, more regulations coming from more regulatory bodies and agencies that affect more roles and departments within both payor and provider organizations—and more and more extending to vendors and suppliers outside the organization. Often those regulations overlap, or worse contradict, and more and more they come with larger teeth than ever before. The volume, in short, is simply overwhelming particularly for large or complex organizations.

Add to that the volume of audits that affect health care organizations, and the massive increase in enforcement and collections in recent years, and this change approaches impossible to manage without automation.

While the roles that handle compliance have expanded, the compliance officer's role has grown exponentially, in both breadth and depth, from an internal administrative function to an intrinsic strategic function.

COs are now expected to be global program managers, dealing with broad issues like information security of PHI, conflict of interest, etc. They are also responsible for planning, developing, implementing, managing, and constantly communicating the status of a robust compliance program with all stakeholders in the organization. Now more than ever, executives and boards of organizations expect that information in near real-time.

In addition, COs are expected to provide insight and expertise to other members of the committee, including privacy officers, health information managers, IT and IS directors, internal auditors and risk managers, some of whom have roles that are being currently redefined.

Ultimately, this entire team is going to be responsible for developing a complete governance, risk and compliance program that can be used as a tool for improving overall performance and quality of care within their organizations.