Case Study

Leading Health Insurer Cuts Regulatory Reporting Time By 90% with MetricStream

The arrival of the Patient Protection and Affordable Care Act (PPACA) in 2010 brought in a number of changes to the health insurer’s business model, and prompted them to rethink the way they managed compliance. It was evident that traditional compliance methods using spreadsheets, ad hoc, and manual processes would no longer work. A more advanced solution was needed – one that would save time and costs by automating various compliance workflows, while also improving visibility into compliance risks and issues across the enterprise.

The insurer’s vision was long-term -- to not only meet PPACA requirements, but to also build an integrated and sustainable approach to compliance across multiple healthcare regulations, including the Model Audit Rule (MAR), Health Insurance Portability and Accountability Act (HIPAA), and the Michigan insurance code.

Overcoming Challenges

Before the PPACA, the health insurer used disparate papers, spreadsheets, and shared drives to document internal controls, as well as to track regulations, and manage large data volumes. This approach soon became inefficient, time-consuming, and prone to errors in processes, data, and reporting.

To add to the challenge, there was no efficient, coordinated mechanism to monitor regulatory alerts. Neither was there a common, consistent taxonomy to define and communicate compliance issues.

However, all of that began to change with the enforcement of the PPACA in 2010. The health insurer, already regulated in various capacities by state and federal rules, now had to have their entire book of business subject to federal scrutiny. They needed a robust compliance management system to ensure that the new healthcare reforms were implemented and monitored in a sustainable and reliable manner.

Their aim was to integrate all regulatory compliance processes so that the insights that ultimately rolled up to the senior management and board would provide a complete, accurate, and real-time view of enterprise-wide compliance.

To meet these requirements, the insurer chose to embark on a GRC journey with MetricStream.

Embarking on the GRC Journey

To get started with the process, the company identified all the key issues with their current processes and tools and chalked out a plan for the GRC implementation. This included process optimization, internal training and awareness, and digitalization of compliance and issue management across the organization.

The company involved all key stakeholders from both business and technical side to support quicker adoption of MetricStream products. They deployed the products in a phased manner.

Using the MetricStream Platform, as a foundation, the firm gradually rolled out an integrated GRC solution beginning with compliance issue management, followed by compliance risk management, policy management, case management, and internal audit management. Today, an efficient and standardized compliance program is in place with timely visibility into risks and other areas of concern.

With MetricStream, the insurer has automated and streamlined the entire compliance management process, thus enhancing operational excellence.


  • Inefficient manual methods to document internal controls
  • Disconnected compliance processes
  • Fragmented visibility into compliance issues

Business Value Realized

  • Better decision-making with over 200 qualified metrics based on a common compliance and risk universe
  • Increased transparency into compliance issues and risks throughout the enterprise
  • Improved agility with a common compliance taxonomy, integrated workflows, and simplified processes on a single platform
  • Reduced compliance reporting time by 90% -- from 30 days to 2-3 days

Improved Control Over Compliance and Issue Management

MetricStream has helped the insurer identify all applicable regulatory requirements along with the “enterprise work effort” for each of them. Enterprise work effort is a project targeted at ensuring that compliance requirements and controls are implemented effectively. For each requirement of the PPACA, as well as MAR and other regulations, the product enables the compliance team to build a control library, and to test these controls on a periodic basis. A distinct “implementation status” feature helps in tracking the progress of all work efforts.

Using the MetricStream Platform’s data foundation, the health insurer has mapped all regulations in a structured, multi-dimensional, and relational compliance data universe that is used as a “single source of truth” for compliance across different departments. Regulatory feed channels have been set up to automatically integrate regulatory updates from multiple external sources. If there are any issues or exceptions that arise, they are managed through the product’s issue management functionality.

Aggregated View of Risks Across the Enterprise

With MetricStream Enterprise Risk Management, the health insurer can swiftly assess the likelihood and impact of compliance risks based on configurable methodologies and algorithms. With both quantitative and qualitative risk ratings and graphical dashboards, users get an aggregated and holistic view of compliance risks and areas of concern. In addition, risk heat maps and color-coded charts present a simplified visualization of complex compliance and risk data, sorted by risk type, department, and other parameters.

Streamlined Policy Management

MetricStream Policy and Document Management has enabled the health insurer to streamline policy management processes across business units and divisions, while enhancing consistency in policy related workflows. The tool’s integrated data model makes it easy for the compliance team to understand the impact of regulations, risks, and controls on policies, so that they can then take steps to be audit-ready.

Comprehensive Visibility into Compliance Cases

Using MetricStream Case and Incident Management, the health insurer has simplified its case management process, from case recording to case resolution. Over 10,000 users across the organization can log compliance cases which are then prioritized based on their criticality and priority. Multiple investigators can collaborate on each case, documenting findings and resolving issues. Intuitive reports and dashboards highlight cases that need immediate action and further investigation.

The fully integrated solution with compliance risks, policies, and case data aggregated on a common platform, has allowed the insurer to build a best-in-class compliance program that provides management with timely visibility into risk and compliance initiatives.

Centralized Audit Management

MetricStream Internal Audit Management has helped the health insurer create and maintain an annual audit plan to accommodate different audits across the organization. Audits can be scheduled periodically or on an ad-hoc basis for internal departments, processes, and projects. Based on the master audit plan, the scheduler can select a team of auditors and assign the audit responsibility with a due date. Auditors, in turn, can define checklists, track tasks, record findings and observations, and confirm the audit assignment as well as the completion of the audit. Thereafter, audit reports can be created and presented to the audit committee and the board.

Using MetricStream products, the company is efficiently reporting and managing issues, tracking and managing risks and compliance changes, and creating and communicating policies. MetricStream’s federated data model and standardized taxonomy have helped it bring together all the compliance, risk, controls, and issues data in a centralized repository to improve risk and compliance visibility and actionability. The health insurer has successfully automated and streamlined the entire risk and compliance management process, thus enhancing agility and operational excellence.


Ready to get started?

Speak to our experts Let’s talk