Case Study

Home Healthcare Provider Accelerates Compliance Monitoring and Risk Mitigation Across Clinical Practices

As a global home healthcare provider with multiple specialty practices and service centers in different countries, the organization is expected to comply with the highest standards of professionalism, ethics, quality, and safety. Earlier, although these standards and associated regulations were well-defined, they were not tied to risks. This made it difficult for the organization to assess how non-compliance with a particular regulation or standard could impact their business. Adding to the challenge, there was no unified mechanism to track compliance cases that arose.

To close these loopholes, the healthcare provider decided to implement an integrated approach to compliance. They embarked on a GRC journey that would allow them to efficiently aggregate compliance data and associated risks in a single view, while also accelerating compliance case reporting.

Absence of a Risk Context to Compliance

Since the healthcare provider operates across countries, they have to follow a wide range of regulations and standards. Previously, these requirements were managed using multiple different compliance monitoring methods, including online, paper-based, and spreadsheet tools. Over time, this fragmented approach made it difficult for the organization to gain an integrated picture of compliance.

More importantly, it limited their understanding of compliance risks. Without a way to map compliance regulations and standards to the associated risks, the healthcare provider couldn’t accurately measure the impact of non-compliance. Although they had standards, policies, and procedures in place, they wanted a broad view of compliance with clearly defined systems of accountability. By tying compliance requirements to risks, they hoped to layer in a governance structure i.e. a way to escalate and report risks which would help them become more proactive vs. reactive in their risk response. The other challenge facing the organization was the growing disintegration in compliance case management processes.

Complaints from patients and employees, as well non-compliance incidents, were reported in various formats and systems, instead of a unified repository. Some complaints were logged on paper, others were gathered as feedback from surveys, and still others were registered on an internal portal. There was no common framework to connect the dots and identify recurring patterns or trends in compliance cases. To overcome these challenges, the healthcare provider turned to MetricStream for integrated compliance management built on a scalable Integrated Risk Platform – intelligent by design. Using the new system, the organization began to build a more holistic, transparent approach to compliance.

Improved Compliance and Risk Transparency

MetricStream has enabled the healthcare provider to create a single source of truth for all compliance related information. The product maps regulations and standards to the corresponding risks, processes, and controls in a structured, multi-dimensional, and relational compliance data universe. Ninety-one compliance monitoring processes at the clinical, operational, and back office levels have been identified, updated to include new standards, and incorporated in the product.

Having all this information together in one place has made it easier for senior management to pull up the information they need to identify and mitigate the risks of non-compliance. Prior to adopting the MetricStream product, stakeholders were limited to identifying and mitigating risks in an ad-hoc manner using different formats, papers, spreadsheets, and outdated document management systems. While various types of risks, were tracked—including service, quality, and operational risks—there was no clear ownership of those risks. Today, with MetricStream, the healthcare provider has defined clear lines of accountability for risk, while maintaining all risk information in one place across clinical practices and offices.

With this improved level of risk visibility, as well as insights from external survey findings and internal quality assurance monitoring processes, stakeholders can easily evaluate risks at the office or clinical practice level.

With MetricStream, the client can effectively manage compliance risk aggregation and monitoring at both clinical and office levels.


  • Lack of integration between compliance obligations and risks
  • Limited understanding of the risk impact of non-compliance
  • Fragmented approach to compliance case management and monitoring

Business Value Realized

  • Holistic, tightly mapped view of compliance and associated risks
  • Increased reporting of cases 40,000+ cases reported since the MetricStream product was implemented
  • Faster mitigation of compliance risks and issues

Integrated View of Compliance Cases

Using the MetricStream product, the healthcare provider has streamlined the reporting and management of cases and incidents. A single repository maintains all types of cases, including complaints, client incidents, employee incidents, infections reports, and compliance reports.

Users have total visibility into cases across service offices. Meanwhile, intuitive reports and dashboards enable regional directors to view all the cases in all the offices under their span of control, based on which they can identify those cases that need immediate action and investigation.

More Pervasive Compliance

MetricStream has helped the healthcare provider weave compliance deep into their organizational fabric. Users can track the status of compliance by office type or practice, while also capturing trends by type of event. They can also prioritize compliance risks and adjust the risk register based on shifts in internal and external environments.

Whenever a big change occurs at the organizational or industry level, the healthcare provider can immediately incorporate those changes into their compliance standards and measure the potential risks of non-compliance. Their aim is to instill a culture of compliance across the enterprise. To them, compliance isn’t a separate obligation – it underlies everything they do.

They want to be able to demonstrate their commitment to and focus on quality and safety. With MetricStream, this has become easier.


Ready to get started?

Speak to our experts Let’s talk