The Client: A Major BCBS Affiliate


The healthcare industry has witnessed sweeping regulatory reforms over the last few years. From the Affordable Care Act to the Model Audit rule (NAIC MAR) to mandates from the Centers for Medicare & Medicaid Services (CMS), compliance regulations have only increased in scope and number. Health plans cannot afford to slack as regulatory scrutiny is intense and noncompliance penalties are high. However, compliance is not only a matter of appeasing regulators. A robust compliance program can lower the incidence and impact of risks, help overcome crises and build higher brand loyalty.

Fueled by the desire to offer access to top quality healthcare, the company is committed to developing a world-class risk and compliance management framework. It has already incorporated a number of standards and procedures to reward quality healthcare and minimize medical errors. However, ensuring compliance with complex regulations such as NAIC MAR and CMS can be daunting especially with regard to tracking regulatory updates and monitoring compliance.

As the number of compliance requirements increased, the need of the hour was for a robust system that could strengthen the company’s existing compliance strategies, mitigate risks and protect the interests of patients and stakeholders.

Download the Case Study


The company wanted a solution that could help embed and sustain a compliance-focused work culture. The solution was required to automate and streamline critical compliance workflows, while providing a common platform to integrate compliance management across the enterprise.

After considering several compliance solution providers, the company selected MetricStream based on its domain expertise and rich solution capabilities, as well as its successful track record with several other BCBS affiliates.

MetricStream provided the company a comprehensive healthcare compliance management solution, equipped with capabilities for regulatory alerts tracking, policy and document management, and issue management. Using the solution, the company will be able to assure compliance with regulatory requirements, thus enhancing stakeholder confidence and protecting the interests of its customers.

Regulatory alerts tracking
MetricStream Solution seamlessly integrates with regulatory sources such as CMS and the Health Plan Management System (HPMS). This helps the company track regulatory updates through various channels such as the Web, e-mail and RSS Feeds. The solution captures all relevant regulatory information and stores this in the form of a centralized repository that can be accessed by the relevant stakeholders.

Subsequently, the solution helps in interpreting these alerts and updates, keeping stakeholders informed and initiating an issue and action plan.

Compliance Management
MetricStream Solution enables the company to comply with the complete spectrum of healthcare regulations, including NAIC MAR and CMS mandates. The solution provides a centralized structure of the overall compliance and control hierarchy, including processes in scope, risks for the processes, controls to assess the risks and mechanisms to assess the controls.

At each point, control assessments are easily scored, tabulated and reported. They are also monitored based on predefined criteria and checklists.

The solution contains powerful reporting capabilities to aggregate control assessments and compliance data into comprehensive reports. It enables the company to track compliance patterns, study and analyze compliance trends, and focus on those areas that require immediate attention.

Issue Management
MetricStream Issue Management Solution helps the Compliance & Ethics group track, investigate and resolve sensitive noncompliance issues.

All issues including potential noncompliance issues trigger the issue management and remediation mechanism. The system then investigates, analyzes and documents the issue, and routes it to the required personnel for further investigation.

Automatic alerts track the progress of the issue remediation process and ensure that the company resolves each issue before it is closed. At every stage, executive dashboards allow managers to closely track the issue as it moves from one stage to the next.

Policy and Document Management
MetricStream Compliance Management Solution is equipped with a centralized repository for all policies, compliance requirements, control assessments, regulatory updates and other critical information. It provides the company with a single, secure data location for easy access and storage. Rights to view, modify, distribute, or print are granted based on roles and user groups.

Enterprise GRC Platform
MetricStream Solution is built on a GRC platform which meet’s the organization’s objective of extending the solution across business units, operations, departments and geographies. The platform provides built-in tools such as a Form, Process Flow and Data Designer that can be configured to suit specific business requirements. It helps the company streamline and integrate compliance management across the enterprise.

The platform also enables the company to adopt a clear, unambiguous approach to compliance by breaking down restrictive silos and building more collaborative workflows. It provides a centralized framework to manage all compliance processes ranging from control assessments and monitoring, to risk analysis, to reporting, to documentation.


Manual tracking of regulatory updates: With external regulations frequently changing, the company had to consistently keep abreast of all updates and alerts. Most of the time, these alerts were tracked through manual spreadsheets and paper-based processes, and then forwarded to the respective managers across the enterprise. The entire process was time-consuming and laborious. Besides, it was impossible to ensure that all updates across all required regulations were being tracked at all times.

Increasing compliance requirements: As a health plan, the company is confronted with a growing number of compliance regulations including NAIC MAR, HIPAA, the Affordable Care Act and other CMS regulations. Each regulation comes with an enormous list of requirements and demands. For NAIC MAR alone, the company needs to demonstrate compliance with over 500 requirements. It’s an extremely cost-intensive, time-consuming and laborious process – one that is prone to errors especially when conducted manually.

Ad hoc compliance Initiatives: Being a large organization, the company managed its operations - including compliance - in functional silos and ad hoc systems. There was not much collaboration across units, departments and locations. As a result, compliance activities would often result in redundancies and duplicities. The same risk across two departments would have multiple controls. This was costly, inefficient and unnecessary.

Building a culture of accountability: In addition to external regulations, the company has its own policies and ethical Standards such as monitoring employees’ use of social media. Ensuring sustainable compliance with these standards and building a culture of accountability requires a centralized view of enterprise-wide compliance. Without this, the company would find it complex to consistently monitor compliance at every turn and resolve sensitive issues.

Lack of a centralized repository for policies and documents: Like other health plans, the company is required to manage a large amount of documentation related to company policies, compliance requirements, control assessments and more. Sifting through these documents and extracting the required information at the right time is difficult when each department functions independently and stores their own documentation.

Why the Company Selected MetricStream?

MetricStream’s vast domain experience of implementing GRC solutions for some of the largest health insurance companies and BCBS affiliates

The solution’s ability to track regulatory changes and follow them up with an appropriate action plan

The solution’s ability to comply with a spectrum of regulations such as NAIC MAR, HIPAA/HITECH, and other CMS regulations

The solution’s ease of use and scalability which enables it to be extended across the enterprise

The solution’s flexibility to be configured to the customer’s specific requirements with minimum need for programming

Automated workflows ensuring collaboration with various stakeholders


  • Assured compliance:
    MetricStream’s enterprise-wide compliance framework along with regulatory alerts integration and automated control management enables the company to ensure complete compliance with the plethora of regulatory requirements extending across NAIC MAR and CMS. MetricStream Solution eliminates compliance gaps and inconsistencies at every step, ensuring a fool-proof approach to compliance. It also helps the company seamlessly evolve with the compliance landscape and respond readily to future changes in regulatory requirements.
  • Automation of critical workflows:
    MetricStream Solution eliminates the need for manual processes, spreadsheets and paper-based applications. The solution is equipped with the business intelligence to automatically track regulatory updates, monitor internal controls and raise alerts when issues occur. This way, the company will be able to improve the efficiency of compliance management processes and save valuable time, costs and effort.
  • Enhanced collaboration and visibility:
    MetricStream Solution helps the company shift from an ad hoc compliance approach to an integrated, one. It extends across business silos to streamline compliance management across the enterprise and improve collaboration. Powerful dashboards deliver enhanced, real-time visibility at every stage, enabling the company to make informed decisions regarding compliance.
  • Improved accountability:
    MetricStream Solution helps the company embed a culture of accountability and compliance. It supports independent management of assignments and has the capability to roll information back up to higher management for enhanced visibility and decision making. This way, the company will be able to closely monitor loopholes in compliance and apply the appropriate remediation measure.

Get a demo Download RFP Template Pricing Contact