Driving healthy growth

Transcription

1 Health Care Of special interest to Boards of directors The C-suite Health care executives 5Insights for executives Driving healthy growth The value of a proactive stance to compliance Organizations throughout the health care ecosystem are struggling to keep their footing in a rapidly changing regulatory and competitive environment. In this complex landscape, regulators have heightened their scrutiny and are more frequently deploying the enhanced enforcement tools at their disposal. Regulators and patients increasingly expect organizations to demonstrate an effective, proactive approach to managing risk and compliance that can prevent and/or promptly mitigate costly exposures such as security and privacy breaches. In response, organizations are increasingly being audited for compliance against standards and implementation specifications such as those created by the HIPAA privacy and security requirements and the HITECH Act. In addition, regulators demand that organizations with discrete compliance, oversight and quality functions employ a more coordinated, holistic approach. Add to this the economic pressures of industry consolidation, a growing focus on prevention, the arrival of health care exchanges, and the increasing cost of care driven by the enrollment of baby boomers into Medicare and the expansion of Medicaid eligibility. At the same time, the Affordable Care Act s (ACA) emphasis on outcomes is forcing providers, payers and other marketplace participants to collaborate and streamline almost every aspect of health care from care delivery to reimbursement. They must learn to operate, or cooperate, outside their areas of expertise. In short, they must take on almost unprecedented risk. In these circumstances, mere compliance is no longer sufficient, and an uncoordinated approach is no longer sustainable. Leading organizations have learned to be proactive and prepared for the

2 regulatory changes. They disdain a check-the-box mentality and embrace a culture of compliance that includes not only robust oversight functions but also effective, risk-based controls and efficient processes embedded in operations. Compliance activities must become an integral part of patientcentered care. To thrive, organizations need to develop mature, robust compliance processes that enable effective partnerships with health care entities that traditionally have stood alone. Organizations must embrace the idea of change, and effective change management is a basic requirement. 2 5 Insights for executives [Health Care]

3 What s the issue? The ACA s focus on patient access and outcomes is driving fundamental change in the business models of both payers and providers, as well as their relationships with business associates. As part of that transformation, health care organizations are exposed to increased risk as they strive to create new opportunities in an environment where regulatory oversight and expectations have markedly increased. Many organizations are acquiring businesses with the goal of expanding their role in the health care value chain when they are often not structured or fully equipped to handle the associated risks. Ultimately, this jeopardizes patient care, increases health care costs and erodes shareholder value. Robust compliance capabilities will be essential in enabling growth and value creation with this disruptive shift. The care networks needed to fundamentally affect health outcomes and bend the cost curve will require the formation of new partnerships, where each collaborating entity has a strong culture of compliance that can be effectively coordinated with the others. Demonstrating successful compliance at this level will enable organizations to extend their capabilities to partners. Previously, this was sustainable: Clients remained reluctant to change until something went wrong, and thus their efforts remained uncoordinated, ineffective and costly. Now, this is required for viability: Clients are now realizing there is a more compelling reason to be proactive, not simply responsive to government audits. Audit Compliance Audit Quality Compliance Risk Legal Risk Operations 5 Insights for executives [Health Care] 3

4 Why now? Health care reform, including the establishment of health care exchanges and the development of accountable care organizations, has resulted in an unprecedented amount of change while the pressures on the system are reaching their peak. The baby boomer generation the largest generation in US history is reaching Medicare age, and the ACA is expanding the safety net. A growing portfolio of any health care organization s business will be derived from Medicare and Medicaid. Federal and state governments will become the biggest customer. This means thinner margins and more standardized transactions across the health care ecosystem. At the same time, threats to information and systems have continued to rise while investment in controls and technology remains relatively flat. This has generated a rising gap between security threats and the controls implemented to address them. In the world of information security and privacy, health care is outgunned, outmanned and always under attack. The traditional approach of building a bigger wall will not work, and the current reactive approach is unsustainable. Organizations risk becoming vulnerable if they don t transform their compliance capabilities to deal with the changing environment. How does it affect you? An organization that is seen as taking undue risks or failing to manage risk appropriately will lose the confidence of its members, patients and partners. Organizations risk becoming vulnerable if they don t transform their compliance capabilities to deal with the changing environment. Indeed, their viability may be at stake. A mature, proactive compliance model allows organizations to reduce compliance costs, enabling them to allocate scarce resources most efficiently. A compliance framework is an important quality measure for improving customer satisfaction that will enable growth and protect value, positioning the organization for success in the short term and the long term. As Jim Collins and Jerry Porras pointed out in their classic management book Built to Last, organizations that focus on quality in the long term reap benefits in the short term as well. 4 5 Insights for executives [Health Care]

5 What s the fix? To cross the quality chasm, organizations must transform their compliance capabilities and create a competitive advantage. These enhanced capabilities provide a return on investment by protecting existing value and by meeting the increased expectations of key customers, particularly the government. Truly sustainable compliance adds value to the organization by: Empowering a compliance function that drives enhanced performance by working with the business as an advisor, facilitator of change, and source of industry knowledge and experience Helping to align operational performance with compliance risk and control requirements across integrated processes with a balanced focus on efficiency and effectiveness Helping to enable and validate compliance with legal, regulatory and business requirements Optimizing the cost of controls to determine that they are right-sized in relation to the risk of potential threats and vulnerabilities The compliance transformation journey has three stages: Providing predictive insight so risks can be proactively identified, quickly addressed and efficiently managed React and respond People Process Technology Improve performance and build capacity Transform and govern 1. React and respond The organization reacts to regulatory findings and mandatory corrective actions, developing a tactical response for sustainable remediation. This is the least efficient and most costly stage, both during and after an event. 2. Improve performance and build capacity The organization utilizes compliance scorecards and develops disciplined, coordinated monitoring practices within formal compliance mechanisms and across business operations. It prepares for HHS audits and builds compliance capabilities within operations. 3. Transform and govern All oversight mechanisms across the organization work in concert, including compliance, legal, audit, risk, IT, information security/privacy and regulatory adherence within business operations. Effective controls are embedded across the organization on a sustainable basis. 5 Insights for executives [Health Care] 5

6 What s the bottom line? The ability to accurately identify, assess and mitigate risk is more essential than ever in this time of disruptive, large-scale change. Robust, integrated compliance capabilities help build confidence among shareholders, members and regulators, which in turn empowers management to take the risks that create the opportunity for growth as health care organizations move into uncharted territory. Confidence in your oversight functions coordinated efforts to achieve quality throughout the organization, with compliance leading the charge, will drive the focus on outcomes. By moving beyond react and respond to a proactive stance, robust compliance planning does more than simply protect the organization s assets and reputation; it enables sustainable growth. 6 5 Insights for executives [Health Care]

7 Want to learn more? Robust, integrated compliance capability helps build confidence among shareholders, members and regulators. The answers in this issue are supplied by: Jim Moran Executive Director Health Care Advisory Services Ernst & Young LLP Michael Kaiser Principal Advisory Services Ernst & Young LLP Reza Chapman Senior Manager Advisory Services Ernst & Young LLP For related thought leadership, visit 5 Insights for executives [Health Care] 7

8 EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US. About EY s Advisory Services Improving business performance while managing risk is an increasingly complex business challenge. Whether your focus is on broad business transformation or more specifically on achieving growth, optimizing or protecting your business having the right advisors on your side can make all the difference. Our 30,000 advisory professionals form one of the broadest global advisory networks of any professional organization, delivering seasoned multidisciplinary teams that work with our clients to deliver a powerful and exceptional client service. We use proven, integrated methodologies to help you solve your most challenging business problems, deliver a strong performance in complex market conditions and build sustainable stakeholder confidence for the longer term. We understand that you need services that are adapted to your industry issues, so we bring our broad sector experience and deep subject matter knowledge to bear in a proactive and objective way. Above all, we are committed to measuring the gains and identifying where your strategy and change initiatives are delivering the value your business needs Ernst & Young LLP. All Rights Reserved. SCORE No. BT0330 ED 0114 This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com/5 We want to hear from you! Please let us know if there are subjects you would like 5: insights for executives to cover. You can contact us at: fiveseries.team@ey.com Let s talk: protecting performance Safeguarding reputation and business performance is a top priority for organizations today. Rising commodity prices are leading to greater competition for available resources and placing an ever-tightening squeeze on margins. Intense emerging market competition is forcing companies to manage internal and external access to critical information. Industry consolidation, aging assets, complex global supply chains and tighter regulatory scrutiny add to the complexity of today s business environment. In an era bursting with opportunities and unbounded vulnerability, organizations have to rethink how they can simultaneously protect the business and accelerate performance. Breaking down silos, identifying the risks that matter most, automating internal controls, and using advanced data analytics and GRC technology give organizations the ability to do more than protect themselves from the worst. These steps also give organizations the agility to seize the opportunities that create lasting value across the enterprise. Learn more at