Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
The Client: Large independent non-profit organization providing health plans to organizations and individuals.
As one of the foremost health insurance providers in the US, the company values and promotes integrity, honesty and ethics in the business it does. It is of paramount importance to the company to follow the highest levels of industry standards for business practices, confidentiality, professionalism and compliance with federal, state and local laws and regulations such as Medicare and Medicaid Compliance, Code of Conduct, Office of Inspector General Corporate Integrity Agreements (OIG CIA), Health Insurance Portability and Accountability Act (HIPAA). It is through complete compliance to all the applicable regulations and assured safety that the company establishes trust and ongoing relationships with members and corporates it serves.
With the turbulent changes brought in by the health care reform in the United States and with the momentous passage of the Patient Protection and Affordable Care Act (PPACA), health plan providers undergo a transformation in terms of claims payment, health care delivery, accountability and corporate policies.
Many health insurance providers are stepping up their Governance, Risk and Compliance (GRC) programs to manage and streamline audits and ensure compliance with numerous regulatory requirements and mandates. Several health plan companies, including some of the largest affiliates of BCBS, have been taking decisive steps to be on top of the rapidly changing regulatory landscape
The company needed a central system with a highly flexible GRC software architecture for managing its compliance and audit programs as well as for supporting its regulatory commitments.
MetricStream was selected as the preferred solution provider on the basis of its holistic approach to compliance, audit and issue management. MetricStream's comprehensive functional capabilities and advanced technical capabilities to map the company's requirements were other pillars of the selection process.
MetricStream delivered to the company an integrated and robust audit, compliance and issue management system, implemented at a single location for several thousand users.
MetricStream's compliance, audit and issue management system
The solution is a comprehensive, Web-based application deployed on MetricStream GRC Platform and provides a common framework and an integrated approach to manage all compliance, audit and issue management requirements of the organization.
MetricStream's platform supports the company's organizational model across all the business units and departments, as well as their mapping to different roles and reporting relationships. The portal views are based on the user's profile and organizational mapping. The application provides a role-based portal access with options required for initiating actions, responding to events, assigning tasks, viewing reports and dashboards, limited to user roles. The architecture allows handling transitions and organizational changes such as acquisitions and mergers.
The application facilitates generation of packaged executive reports. Ad hoc or customized reports can also be configured. Alerts and notifications are generated using emails and task assignments. Flexible rules for escalation and color-coding are configured for risk scores, due dates and time limits.
Compliance management: MetricStream Solution provides a common framework and an integrated approach to manage HIPAA compliance and other CMS regulatory requirements faced by the company. With MetricStream Solution, the company can ensure complete compliance not only with health insurance-specific mandates, but also with cross-industry mandates such as the Sarbanes-Oxley Act, PCI, FCPA and several others.
The solution helps the company create and maintain a centralized compliance management structure that includes processes and assets in scope, risks, controls, policies and procedures, reporting requirements, schedules and filing templates.
The solution also facilitates the required transparency for the identification and tracking of all compliance issues using advanced functionalities such as risk heat maps, control monitoring and compliance dashboards. Issues that are identified are either automatically resolved or routed to the appropriate personnel for remediation action.
MetricStream Solution also captures and collates requirements and regulatory information, industry guidance, national governance, laws and regulations on a central platform. The compliance managers at the company can access an exhaustive compliance library within the application, identify relevant regulations, document specific requirements for the organization, and define a monitoring process to comply with requirements.
Issue management: MetricStream Solution enables the company to identify and rectify discrepancies, gaps, coding errors and other issues related to audits as well as enterprise wide issues.
The system assigns a unique ID to each issue which makes it easy to track the issue across review stages. Issues are categorized based on predefined criteria and detailed information about each issue is provided.
Failure investigations are conducted to determine the root cause of the issue. The investigation is conducted using collaborative workflows and investigative tasks are assigned to appropriate individuals. Remedial action is facilitated by automatic alerts and notifications which are sent to the appropriate personnel. Corrective action is initiated and the case closes when the action plan is implemented.
Policies and procedures management: MetricStream policy and procedure management solution provides a flexible framework to streamline the creation and management of policies and procedures in line with applicable regulations. This aspect of the solution helps the company encourage accountability and communication within its compliance teams.
The solution has introduced an electronic and automated approach to the development, maintenance, and communication of policies and procedures across the enterprise.
The solution provides a central repository to store and organize policies and procedure documents. Integrated collaboration and workflow tools can be used to access, create, modify, review, and approve policy and procedure documents globally in a controlled manner.
Built-in tools support policy implementation, acceptance, exception tracking and mapping of policies to compliance requirements. The detailed analytics and reporting capability with graphical dashboards tracks each policy from origin to obsolescence, giving managers complete visibility into the system.
MetricStream solution enables the company to integrate policies and procedures with the compliance, risk and control framework. At each section and sub-section of the policy, risks and controls can be linked.
Audit management: MetricStream audit management solution helped the company's audit schedulers to create and maintain an audit schedule in a logical structure and hierarchy with detailed audit templates required for different departments and teams.
Audits can be scheduled periodically or on an ad-hoc basis for internal departments, processes and projects. Based on the master audit calendar, the scheduler can select a team of auditors and assign the audit responsibility with a due date. In case of any change in the audit dates, automatic notifications are sent to the auditors as well as the entity to be audited and reasons for the modification are recorded. Relevant personnel can view the complete schedule of audits for the selected period.
Auditors can define checklists and tasks that need to be performed for audit. Checklists can also be downloaded and used offline with the MetricStream Offline Briefcase option. Auditors can confirm the audit assignment and completion of audit and record audit results indicating conformance or non-conformance.
The solution allows the auditors to attach additional documents relevant to the audit, create an outstanding action items list, allocate each item to a resource, record agreed completion date and additional comments. The solution supports tracking of action items and flagging critical failures. Automatic alerts are sent to relevant departments when audit results are posted. The automated workflow engine tracks the implementation of audit recommendations to complete the audit.
The solution maintains a complete record of management review meetings such as meeting schedules, meeting handouts, minutes of the meeting and tasks.
Reporting capabilities: The company is able to generate report summary information for pass rates and dates, audit rates and dates, review rates and dates using standard sets. Detailed reports can be obtained for sequential detailed information on policies, procedures, audits, corrective action plans and change requests. Managers at the company can generate and view interactive reports with an ability to drill down for oversight. The ad hoc reporting capability of the application includes a user-friendly interface with tips, hints and tutorials. Reports are presented in a way that is easily comprehensible to different levels of audiences.
The company selected MetricStream for this engagement based on the following value points:
MetricStream has implemented GRC solutions for a number of organizations affiliated to BCBS in diverse geographical locations, proving its expertise in the health insurance sector.
MetricStream is a comprehensive and integrated technology solution for compliance, audit and issue management processes – precisely what the company was looking for.
MetricStream platform possesses abilities to completely support the company's functional requirements related to information architecture, compliance frameworks, documentation workflows and reporting abilities.
MetricStream has the ability to support large organizations and meet their IT requirements in the areas of integration, configurability, scalability and security.
Lack of integrated compliance management model: The company utilized in-house systems to maintain an enterprise-wide policy and procedure system, to handle change management, internal and external audits as well as associated business processes and reports tracking. However, this technology lacked the sophistication to completely integrate and manage end-to-end compliance and audit procedures across departments and lines of business.
Need to increase productivity: The staff at the company was spending an excessive amount of time and effort on policy and procedure management, compliance and issue management owing to the gaps in the existing compliance model. Repetitive processes and duplication of work were contributing to lower productivity of the staff. As a result, important business objectives were not receiving the deserved attention.
Changing stipulations of compliance: Health care in the United States has undergone a dramatic change resulting in higher responsibility, sharper focus on policy holders, more stringent and ever-changing quality and compliance demands. The company was finding it challenging to comply with these stipulations, reduce risk and maintain quality.
"MetricStream's solution has helped us reinforce our compliance initiatives as well as restructure our audit programs. The risk transparency and amalgamation of enterprise-wide processes has contributed to our objective of total compliance and has eliminated all flaws in audit and issue management initiatives," articulates the spokesperson of the company.