Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
This article looks at the role of regulations like HIPAA, through the implementation of Electronic Health Records, and now the Patient Protection and Affordable Care Act (PPACA) has played in bringing technology in the fore front in the healthcare industry.
Over the last year, the Patient Protection and Affordable Care Act (Affordable Care Act) has occupied the spotlight in the healthcare industry. Its intent to reform the industry by delivering affordable healthcare to an expanded population base has been the subject of much commentary and debate.
However, healthcare reform began much before the Affordable Care Act. The year was 1996 and the legislation was the Health Insurance Portability and Accountability Act (HIPAA). HIPAA was designed to make health insurance more portable, but it also generated the need for a technology revolution with its Part C Administrative Simplification provisions. Healthcare professionals, healthcare systems and health plans have all been impacted. Their focus has centered on not only standardizing transactions and protecting personal health information, but also acquiring the tools to effectively and economically achieve these objectives. Consequently, technology has moved to the forefront of the healthcare industry.
Thanks to HIPAA's financial incentives, the number of health professionals utilizing Electronic Health Records (EHRs) today has increased from less than 30% to over 50%. The Affordable Care Act now offers further financial incentives for the 'meaningful' implementation of EHRs. Clearly, the current decade will see a dramatic shift from traditional medical record maintenance to a paperless electronic format. New programs from the Center for Medicare and Medicaid Services (CMS) are also fostering this shift.
While the criteria for the 'meaningful use' of EHRs is impacting the selection of technology, healthcare professionals need to be mindful of the impact that other CMS programs will have. For instance, the CMS medical home demonstration project calls for the efficient use of data for all participating healthcare professionals. In addition, the incentives to create accountable care organizations will result in the need for sophisticated data gathering and data organization systems to support the ACOs. Pay-for-performance and other incentive programs also require the effective utilization of data. .
Integrated into all this data are the ubiquitous compliance requirements regarding the storage and transmission of personal health information. Participants in the healthcare delivery system must plan how they will use the data gathered from the various programs. At the core of that planning is the need to comply not only with the requirements of the individual programs but also with HIPAA privacy and security rules and other federal laws and regulations.
HIPAA provides a compliance framework, but does not mandate what technology is required. It leaves this decision up to the users. The framework instead focuses on providing administrative, physical and technology safeguards to achieve the privacy and security of personal health information. These safeguards can be used when participating in any CMS program, where aggregation, organization and sharing of data are essential elements. Participating in these programs requires that compliance be demonstrated not only with the objectives of the program but also with the requirements of data privacy and security. In this context, the term 'compliance' takes on a much broader meaning. It also highlights the importance of choosing the right technology to meet the above goals.
Payers and providers should look for technology that aligns the development of compliance policies and procedures with regulations, and ensures organization-wide acceptance of these policies and procedures. They should also leverage technology in shifting from a reactive compliance approach to a proactive approach. The right technology framework will not limit itself to playing a reactive role in the event of a regulatory breach, but will go to the extent of measuring the impact of non-compliance based on various pre-defined scenarios.
Organizations need to move away from rigid and stand-alone systems to a collaborative, enterprise-wide platform that presents a unified view of compliance across departments, functions and complex organizational hierarchies. Ideally, the platform should be able to extend beyond compliance management to other critical GRC areas such as risk assessment, internal audit management and incident management. It should also offer the flexibility to adapt to business processes and align with the organization's broader goals of growth, expansion across geographies and profitability. Healthcare professionals and health systems that leverage technology well will be the winners in the long run. It is therefore crucial to plan for the right technology to protect health data and thrive in the reformed healthcare environment. Implementing the right technology is capital well spent. No doubt it will provide a good return on investment.