It seems that the healthcare industry gets more complex every year. That’s a good reason in and of itself for key stakeholders to expect healthcare providers to be as transparent as possible. Stakeholders still have much concern about the nature and magnitude of risks that are included – or not included – in the corporate strategy.
According to the seventh annual survey by Protiviti and North Carolina State University’s ERM Initiative, the top concerns for risks in the healthcare industry include pressures from board directors, instability in the marketplace, increased competition, stricter regulatory requirements, changes in the dynamics of the workplace, shifts in customer preferences, concern over the potential for catastrophic events and other dynamic forces.
The collection of these issues means that healthcare risk management teams have to stay on their toes. They need to work in collaboration with senior executives on designing and implementing effective risk management plans that identify key risk exposures and address them, so they have the least possible impact on the healthcare organization.
Gaining Perspectives from Around the World on Healthcare Risk Management
Protiviti and North Carolina State University’s survey considered the responses of 825 board directors and C-suite executives from around the world. The group provided their opinions about 30 risk issues that healthcare organizations are sure to face over the next year. They broke down the issues into three dimensions, which include:
- Macroeconomic risks – could impact organizational growth.
- Strategic risks – could negatively impact the strategic plan.
- Operational risks – could impact key operations, preventing implementation of the strategy.
The Impact of Regulatory Scrutiny and Changes
The vast changes in the healthcare industry have caused a rise in regulatory scrutiny. Also, the industry is suffering from the pressure to reduce regulation and to control regulatory costs. As healthcare costs have increased for patients and the way healthcare service delivery has changed, there’s also been an increase in public advocacy and engagement. The public has been demanding more transparency, public notice and responsible rulemaking.
Several things have contributed to increased regulatory costs. Governments have imposed significant fines and take-backs because of fraud, abuse and waste. Healthcare organizations are expected to provide healthcare for an increasing number of insured customers. Liability issues are becoming more commonplace, which is leading to increased insurance costs.
Employees and others are increasingly pursuing their right to blow the whistle on suspicious practices, which signals an uptick in audit activity.
State and federal governments, along with regulatory agencies, are cracking down significantly on coding and billing practices for every type of healthcare product and service.
While the Affordable Care Act was hailed as the solution to increasing the availability of healthcare for all, there’s no question that it has fallen drastically short of its goal. Fewer people have health insurance, which means there’s been a subsequent decline in doctor visits and hospital stays. There’s also been a decrease in the number of drugs and medical devices being sold.
At the same time, as healthcare providers have sought alternative and innovative ways to provide care, telemedicine and virtual care centers are filling the need by providing healthcare services at reduced costs. These types of services are relatively new and carry both known and unknown risks.
The opioid crisis continues to grow, which is causing the need for an increased number of mental health treatment programs and facilities. The crisis also calls attention to one of the reasons we have an opioid crisis, which is that physicians have overprescribed opioids for chronic pain, causing many people to become addicted. Enforcement and regulatory agencies are increasing their focus on the patterns of prescribing.
Information Security and Data Privacy Continue to Be Major Healthcare Themes
If changes in the European Union are any indication, more regulatory changes around personal information protection and data privacy will be coming down the line. European authorities passed the General Data Protection Regulation (GDPR), which aims at protecting the privacy of citizens in the European Union and the European Economic Area.
It’s too soon to tell what the impact of GDPR may be for healthcare organizations in the United States. Groups and individuals are monitoring the legislation to better understand how the law will be interpreted and enforced once it has more experience and it has been challenged.
The first state in the U.S. that comes close to GDPR is the California Consumer Privacy Act. The new law gives consumers new control over their personal data. This law could be a game-changer over the next few years. Other states are having talks about passing similar types of legislation to protect their citizens.
The Health Insurance Portability and Accountability Act (HIPAA) continues to plague healthcare-covered organizations. Healthcare providers have paid out over $100 million in penalties for HIPAA violations. The data privacy movement is alive and well and healthcare organizations will need to continue increasing their resources to meet compliance demands. Moving forward, healthcare organizations will also need to strive to prevent penalties and protect their reputations, as privacy compliance will continue to be a major issue to be addressed.
Data privacy goes hand-in-hand with another major issue facing healthcare entities, and that is cybersecurity. Cyber threats continue to be increasingly sophisticated and evolutionary. It’s a known fact that healthcare providers retain valuable personal information. Healthcare organizations will need to have strong authentication controls up and running so they can keep patient information safe and secure. In the name of efficiency, healthcare employees need processes to keep sensitive information private while not affecting their ability to obtain information that’s necessary to provide quality healthcare services. One of many challenges is having the capability to keep information confidential as caregivers move from one patient to another and from one workstation to another.
While most of the risk management issues in healthcare pertain to processes, procedures, protocols and patients, healthcare boards will continue to face many of the same governance-related issues as boards in other types of industries. There’s help here too in the form of solutions for modern governance. BoardEffect is a board management software program that helps healthcare organization boards to address governance issues such as board evaluations, succession planning, board composition and virtually every aspect of good governance. It’s a digital solution that helps healthcare and hospital boards communicate and collaborate securely as they address the many risk management issues in the healthcare industry.