Before the PPACA, the health insurer used disparate papers, spreadsheets, and shared drives to document internal controls, as well as to track regulations, and manage large data volumes. This approach soon became inefficient, time-consuming, and prone to errors in processes, data, and reporting.
To add to the challenge, there was no efficient, coordinated mechanism to monitor regulatory alerts. Neither was there a common, consistent taxonomy to define and communicate compliance issues.
However, all of that began to change with the enforcement of the PPACA in 2010. The health insurer, already regulated in various capacities by state and federal rules, now had to have their entire book of business subject to federal scrutiny. They needed a robust compliance management system to ensure that the new healthcare reforms were implemented and monitored in a sustainable and reliable manner.
Their aim was to integrate all regulatory compliance processes so that the insights that ultimately rolled up to the senior management and board would provide a complete, accurate, and real-time view of enterprise-wide compliance.
To meet these requirements, the insurer chose to embark on a GRC journey with MetricStream.
To get started with the process, the company identified all the key issues with their current processes and tools and chalked out a plan for the GRC implementation. This included process optimization, internal training and awareness, and digitalization of compliance and issue management across the organization.
The company involved all key stakeholders from both business and technical side to support quicker adoption of MetricStream products. They deployed the products in a phased manner.
Using the MetricStream Platform, as a foundation, the firm gradually rolled out an integrated GRC solution beginning with compliance issue management, followed by compliance risk management, policy management, case management, and internal audit management. Today, an efficient and standardized compliance program is in place with timely visibility into risks and other areas of concern.
With MetricStream, the insurer has automated and streamlined the entire compliance management process, thus enhancing operational excellence.
Better decision-making with over 200 qualified metrics based on a common compliance and risk universe
Increased transparency into compliance issues and risks throughout the enterprise
Improved agility with a common compliance taxonomy, integrated workflows, and simplified processes on a single platform
Reduced compliance reporting time by 90% -- from 30 days to 2-3 days
MetricStream has helped the insurer identify all applicable regulatory requirements along with the “enterprise work effort” for each of them. Enterprise work effort is a project targeted at ensuring that compliance requirements and controls are implemented effectively. For each requirement of the PPACA, as well as MAR and other regulations, the product enables the compliance team to build a control library, and to test these controls on a periodic basis. A distinct “implementation status” feature helps in tracking the progress of all work efforts.
Using the MetricStream Platform’s data foundation, the health insurer has mapped all regulations in a structured, multi-dimensional, and relational compliance data universe that is used as a “single source of truth” for compliance across different departments. Regulatory feed channels have been set up to automatically integrate regulatory updates from multiple external sources. If there are any issues or exceptions that arise, they are managed through the product’s issue management functionality.
With MetricStream Enterprise Risk Management, the health insurer can swiftly assess the likelihood and impact of compliance risks based on configurable methodologies and algorithms. With both quantitative and qualitative risk ratings and graphical dashboards, users get an aggregated and holistic view of compliance risks and areas of concern. In addition, risk heat maps and color-coded charts present a simplified visualization of complex compliance and risk data, sorted by risk type, department, and other parameters.
MetricStream Policy and Document Management has enabled the health insurer to streamline policy management processes across business units and divisions, while enhancing consistency in policy related workflows. The tool’s integrated data model makes it easy for the compliance team to understand the impact of regulations, risks, and controls on policies, so that they can then take steps to be audit-ready.
Using MetricStream Case and Incident Management, the health insurer has simplified its case management process, from case recording to case resolution. Over 10,000 users across the organization can log compliance cases which are then prioritized based on their criticality and priority. Multiple investigators can collaborate on each case, documenting findings and resolving issues. Intuitive reports and dashboards highlight cases that need immediate action and further investigation.
The fully integrated solution with compliance risks, policies, and case data aggregated on a common platform, has allowed the insurer to build a best-in-class compliance program that provides management with timely visibility into risk and compliance initiatives.
MetricStream Internal Audit Management has helped the health insurer create and maintain an annual audit plan to accommodate different audits across the organization. Audits can be scheduled periodically or on an ad-hoc basis for internal departments, processes, and projects. Based on the master audit plan, the scheduler can select a team of auditors and assign the audit responsibility with a due date. Auditors, in turn, can define checklists, track tasks, record findings and observations, and confirm the audit assignment as well as the completion of the audit. Thereafter, audit reports can be created and presented to the audit committee and the board.
Using MetricStream products, the company is efficiently reporting and managing issues, tracking and managing risks and compliance changes, and creating and communicating policies. MetricStream’s federated data model and standardized taxonomy have helped it bring together all the compliance, risk, controls, and issues data in a centralized repository to improve risk and compliance visibility and actionability. The health insurer has successfully automated and streamlined the entire risk and compliance management process, thus enhancing agility and operational excellence.