4 Takeaways from the 2017 Healthcare Compliance Benchmark Study: Managing Compliance Risk
Auditing from regulatory agencies and payers is increasing, driving the compliance program priorities across the healthcare industry. The latest research from SAI Global indicates healthcare compliance departments are shifting their focus in response to the ever-changing nature of the industry. The 2017 Healthcare Compliance Benchmark Study, which gathers insights from compliance professionals in the healthcare industry, is available as a free download from SAI Global’s website.
Here’s what you need to know about this year’s findings and what they mean for your compliance program.
Compliance Risk Assessments are Top Priority
Compliance risk assessments are the overall top compliance program priority. “With the ever-changing regulatory environment in healthcare, assessing compliance risk is a constant challenge,” the SAI Global study states. With the increased audits healthcare organizations are experiencing from regulators, it makes sense why compliance professionals are prioritizing this risk management tool. Compliance experts Yvonne Mazarredo and Florie Munroe explain the benefits of compliance risk assessments in a presentation for the Health Care Compliance Association’s (HCCA) 2012 Compliance Institute. When used properly, compliance risk assessments can enable management to reduce the impact and likelihood of unexpected or negative outcomes. Additionally, these assessments provide a flexible framework for evaluating risks and designing mitigating action plans.
Increased Investment in Software Technology
Of those organizations expecting an increase in budget this year, the focus of the investment is in software technology. “The shift towards technology the last few years indicates that Compliance departments understand the need to be more efficient and move away from manual approaches which do not scale,” the study states. Automating compliance processes is a key benefit from implementing software technologies. PreCheck’s SanctionCheck automated exclusion screening solution, for example, can help streamline an often cumbersome and complex investigative process for Compliance departments. Moreover, the majority (39 percent) of respondents in SAI Global’s study indicated that business intelligence/predictive analytics tools were a “top” or “high” priority for their organization.
Establishing a Culture of Compliance Remains a Challenge
Establishing an ethical culture has been named as one of the top five hot topics by healthcare organizations, according to a recent survey by HCCA. Internal acceptance of a culture of compliance, however, was noted as a key barrier to success by respondents from the SAI Global study. Employees can resist corporate culture changes, but there are ways to facilitate change more effectively. Davide Torsello, Associate Professor at the Central European Business School, shares some insight for addressing this challenge in his 2016 article published in the Budapest Business Journal. “Understanding what an organization needs in order to be more compliant with the rule of law is a process that calls for more attention to changes of the structure, design, functions and inner dynamics of the company,” he states. In a recent PreCheck article, Antique Nguyen discusses four ways healthcare organizations can accelerate cultural change:
- Developing a Clear Strategy
- Including the Leadership Team
- Delivering Effective Internal Communication
- Fostering Ongoing Collaboration
Data Breaches Show Need for Stronger Cyber Security
Breaches of protected health information are a rising problem for the healthcare industry, with the number of reported data breaches reported by healthcare organizations on the rise according to the Office of Civil Rights Breach Portal. Less than half (49 percent) of healthcare organizations in the SAI Global study felt “fully confident” or “strongly confident” that their organization has all of the controls in place to prevent a data breach. HIPAA fines can range depending on the degree of culpability, and having a solid compliance program that addresses cyber security can help an organization significantly reduce fines in the event of a data breach. The difference between the least and most culpable level of awareness “can mean the difference between a minimum fine of $100 per violation and $50,000 per violation,” Devin O’Brien, Senior Counsel for The Doctors Company, stated in an article for Healthcare Finance.
Clearly, cybersecurity is an area of growing concern for healthcare organizations and compliance departments should focus on developing the necessary protocol and security measures to minimize this emerging threat.
How do the study’s findings compare with your organization’s compliance program? Let us know in the comments section below.