Thursday, January 8, 2009

Insurance Discovery Readiness....Don't be caught drowsy

For the last 6 months I have been researching the impact of the regulatory agencies as it relates to the Health Care Industry and the impact of ESI (electronically stored information) discovery in response to litigation. Ironically, to me it seems as though most people in the insurance industry have the same perceptions as commercial corporations with regards to being prepared for litigation in this electronic era;

"....doesn't affect me until it hits me...."

This view is even more troubling to me, as the Health Care Professionals are the only link between me and maintaining my personal privacy. I consider this far more important than a commercial corporation losing a couple million bucks for patent infringement, securities fraud or being negligent in accounting or fixing stock options.

Most of my conversations have been with primary care physicians and hospital administration professionals. The common thread is they all agree that maintaining patient records in an electronic form makes sense on many levels. Including the ability to access and update patient information with ease. Thus providing the patient with a higher level of proper care and diagnosis as the sharing of information between medical professionals is streamlined. Not to mention that with the emerge of electronic record keeping the medical billing process is also streamlined to generate more accurate billing and less likely to miss revenue from the three Tylenol that someone forgot to record in the chart.

The common theme in each conversation was the upstart costs to implement such a system to maintain the electronic data in a secure environment as indicated by the regulatory agencies. Therefore most physicians in private practice have been slow to implement an electronic record management system to date. They still rely on traditional...excuse me...pre-historic carbon copy records and steel file cabinets to maintain patient records. There are even those who still utilized thermal fax machines. The difference is that most hospitals are making the investment to "connect" their systems and policies in accordance to the rules of the regulatory agencies and law.

Perhaps the root of the problem is that most companies in the insurance industry realize that the fines imposed for their negligence by the regulatory commissions and statues, once identified, are not as significant in comparison to damages imposed following a civil law suit. And for now they are willing to take that risk of not being "totally" compliant.

I will continue to follow the industry trends and provide additional solutions that are simple and cost effective means to becoming compliant.

The article below I find to be very striking and hopefully will resound loud into the decision makers ears of the insurance industry:

Compliance Technology Investment: Risk and Benefit, by Larry Danielson, Principal, Deloitte Consulting LLP

The insurance industry is one of the most regulated industries, with states controlling company licensing, producer licensing, and product, financial and market regulations, with an end goal to protect consumers.

Insurance carriers have to comply with regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), Federal Rules of Civil Procedure (FRCP), and various statutory reporting requirements. The regulatory environment is also constantly changing and expected to become more complex in light of the current credit crisis and turmoil in the financial services industry. Recently, Treasury Secretary Paulson proposed more federal control of regulations for the insurance industry, at the expense of state oversight.

Return on Investment for Regulatory Technology Projects
The response of insurance organizations to these regulations is mostly reactive. Too often, the decision to invest in regulatory technology is made through a return on investment calculation that pits the cost of fines against the cost of technology. However, organizations are not thinking about the impact on brand value and reputational risk from non-compliance to regulations. The cost of reputational damage is immense, and in addition to the fines, also includes soft costs such as decline in share price and associated erosion of market capitalization, lost business, management diversion, etc. The cost of reputational damage often can run into tens to hundreds of millions of dollars and, in extreme cases, can cause regulators to revoke the insurance carrier's license to operate. Accordingly, compliance systems must be recognized as a "must have," and investments in them should be made with respect to the magnitude of exposure insurers face, with special attention to reputational risks.

Planned Approach to Understanding Data and Requirements
In this context, insurance organizations' investment in regulatory technology is a matter of strategic planning. If planned appropriately, regulatory necessities can serve as a catalyst to a better understanding of the organization's data and associated processes for all purposes. Structured efforts, systematically analyzing and classifying data up-front can lead to a significant cost reduction from data rationalization, reduction in data redundancy, and reduced business and IT effort needed to reconcile data. In addition, appropriate data classification can also yield broad business and operational benefits through better knowledge of an organization's information assets. A world-class regulatory technology platform would combine this knowledge to specific statutory requirements that are different for life, health & annuities and property & casualty carriers.

Synergies with other Initiatives
A planned response to regulatory technology also includes exploring synergies with an insurer's other proposed and in-flight initiatives. For example, regulatory reporting can leverage existing or planned enterprise data warehouses. Similarly, when complying with record retention requirements, organizations should leverage any broader enterprise content management (ECM) initiatives. Regulatory technology can be beneficial to other initiatives as well. For example, data analysis and data classification can support information lifecycle management (ILM), business continuity/disaster recovery or any other initiatives that could benefit from data analysis and classification.

Sponsorship and Governance
Often it is unclear who should sponsor regulatory and compliance technology initiatives – whether the business, CIO, chief risk officer or the CEO. A well-planned regulatory technology initiative requires appropriate executive sponsorship and a governance structure that has representation from business, IT and regulatory/compliance. The cross-functional nature of the governance structure will ensure that regulatory technology initiatives are informed by the perspectives necessary to make them successful.

to see full article