The Client: A Globally Recognized Hospital


Faced with regulations like HIPAA, HITECH, Data Protection Laws, and the related complexities of complying with them, the hospital had to address multiple compliance gaps. Stakeholders were looking for a solution to proactively identify and address these gaps, strengthen their compliance and information privacy program, and automate their audit management processes. They wanted to effectively mitigate the risk of information security breaches.


After a rigorous evaluation of Governance, Risk, and Compliance (GRC) solution providers, the client chose MetricStream because the company demonstrated the capability to meet the hospital’s requirements. The key driver for choosing MetricStream was the strength of its GRC platform and its ability to seamlessly align with the hospital’s compliance and privacy program.

Having been implemented in some of the largest global healthcare institutions, MetricStream solutions are renowned for their ability to improve the efficiency and efficacy of healthcare organizations’ compliance and privacy management programs. Powerful capabilities such as built-in remediation workflows, compliance and privacy process automation, a built-in integration engine, enterprise-level reporting dashboards, and offline audit recording features enable organizations to implement healthcare industry best practices for optimal benefits.

The highlights of the MetricStream solution for the hospital include:

Incident and Issue Management: To strengthen the hospital’s compliance and privacy program initiatives, MetricStream provided a comprehensive solution to establish and follow consistent procedures for incident capture, task management, and status reporting.

The solution logs each incident, captures the details, and categorizes it based on severity level. The incident is then routed to the concerned authority for review and analysis. The collaborative workflow allows management to configure the number of review and approval cycles with multiple iterations, before publishing the final report.

Once a corrective action is initiated, the case remains open till the action plan is carried out and the results are verified for effective­ness. The solution makes it easier for the hospital’s compliance and privacy team to track the status of each incident as it automatically moves from one stage to the next, based on the hospital’s procedures.

Centralized Audit Management: In line with the hospital’s proactive approach of streamlining and integrating its audit program, MetricStream provides the hospital with tools to define and manage the entire audit universe consisting of functions, systems, processes, and objects. It helps auditors perform risk-based audits, and enhances enterprise wide efficiency by enabling risk assessments, sharing audit calendars, providing email notifications, collecting and organizing data, simplifying audit reporting and review, and facilitating the implementation of audit recommendations.

The MetricStream solution is designed such that individual audits can be conducted independently by each department within the hospital, and then rolled back upstream to provide an enterprise-wide view of audit results and trends. Thus, auditors and managers gain clear visibility into audit activities across the organization at all times. Any findings that arise are automatically routed for investigation and resolution.

The underlying infrastructure for all the applications is the robust MetricStream GRC Platform. The platform provides core services and capabilities such as automatic email notifications and alerts, role-based information routing, real-time analysis of data on reports and dashboards, and the ability to slice and dice statistics by a variety of parameters such as product lines, sites, and customers.


The compliance and privacy office of the hospital was dealing with myriad challenges, and was looking for a solution to streamline, centralize, and automate the compliance and privacy program. The office was struggling to keep track of the incidents occurring from regulatory non-compliance, and efficiently manage information security.

The hospital wanted to avoid any possibilities of loopholes in its compliance processes which could give rise to incidents that would, in turn, lead to penalties. To proactively monitor and address such loopholes while also avoiding any issues or potential incidents, the hospital decided to streamline the audit program, and implement a system that could support the end-to-end audit process.

The company’s existing systems were limited in their ability to provide complete and real-time visibility into enterprise-wide audits. Auditors at the company found themselves spending excessive time and resources on basic audit functions such as recording findings, collating and organizing the data, and preparing reports. Tracking and monitoring audit management as well as issue remediation also proved to be complex.

Why the Company Selected MetricStream?

In-depth healthcare domain expertise with regard to GRC 

Flexibility of the MetricStream solution to extend to other solution areas such as risk management, policy management, regulatory intelligence management, or IT-GRC

A highly scalable and robust MetricStream GRC Platform that serves as the foundation for the company’s compliance and privacy program needs

  • Increased alignment with the changing regulatory landscape
  • A proactive approach to streamlining the audit program and identifying non-compliance gaps before they get out of control
  • Enterprise wide collaboration with stakeholders, thus increasing efficiency
  • A complete view of the compliance and privacy program with flexible reporting capabilities and real-time visibility into the process




Ready to get started?

Speak to our experts Let’s talk