To contribute your expert advisory Curt Rosengren on
|
Re-thinking Compliance Management
A 4-Step Approach to Holistically and Organically Reducing Risks and Costs by Kim MacKay, CEO, Lucidoc Corporation Compliance management often sounds about as exciting as Accounting 101 sounds to the non-finance major. Part of the reason has to do with the explosion of state and federal rules and regulations for Sarbanes Oxley, Graham Bliley, HIPPA, JCAHO and the like. As the burden of compliance has grown-so has an organization's risk exposure for compliance failure and the cost of managing compliance. Even as far back as 1995, before the increased tightening of compliance regulations, the FDIC examined 2814 banks and found compliance violations in 2714, equating to a violation rate of 96.4%. Likewise, in healthcare, studies have shown that medication non-compliance alone causes 125,000 deaths annually in the US1 and is becoming an international epidemic. As compliance complexity has grown, so has the need to create a compliance infrastructure with advanced management tools so that an organization can completely automate the compliance process, ensuring a constant state of compliance readiness. The problem is that most organizations are still relying on outdated methods to manage compliance. Herein is the problem. Because proof of compliance requires accurate paperwork to spur evidenced-based procedures, many organizations consider compliance management a document management issue. However, using document management to “follow the paper” through reviews, revisions, sign-off's and future changes has become a process nightmare. When the need to ensure document accuracy and access is added, most systems fall apart, forcing staff effort to manually attempt to manage the process. This creates a verbal-based culture instead of an evidence-based, compliant-ready culture. An organization can make a safe assumption that it could be at risk of compliance failure and wasting countless staff hours managing a faulty process, if it is managing compliance using these outmoded methods: 1. Department-by-department processes vs. an enterprise wide perspective When each department is responsible for its own compliance initiatives, the organization forfeits the opportunity to leverage technology, processes and best practices across the enterprise. This creates pockets of risk exposure that are difficult to manage, isolated silos of best practices that aren't leveraged and inconsistencies across the organization. 2. Paper-based access When paper-based systems are used to provide staff with policies, procedures, directives and forms, the organization loses its ability to insure that information is accurate and available. This increases compliance risk and costs. 3. Non-automated reviews, revisions & sign-offs Without a technology infrastructure to enable automated reviews, sign-offs and revisions an organization perpetuates countless hours of staff time to chasing compliance vs. bottom and top line activities. 4. Lack of audit-ready information When all is said and done, if an organization isn't audit-ready everyday, it is at risk of non-compliance day-to-day. In addition, the organization sustains fire-drill style audit preparedness practices, impeding the focus on bottom and top line activities such as patient care and serving customers. Solving the Real Issue For an organization to get a handle on the snarl of compliance, it must be considered from an enterprise-wide, process management perspective. The complexity of compliance management requires a holistic and user-friendly approach. New tools are required to automate the process of compliance so that the staff burden is reduced, evidence-based practices ensue and compliance readiness is maintained. Moving your organization from a verbal-based, compliance-risk and staff-intensive approach requires a fundamental mind shift. From an organic perspective, highly regulated industries need to achieve four key principals to automate the process of compliance: (1) Access Staffs need easy access to complete information. Google-like search capabilities combined with smart links between policies/procedures/directives and forms are crucial to ensure that complete internal and related external information can be easily found. (2) Accuracy The technology and processes must provide confidence that compliance-related information is accurate so that staff can trust and use the system, enabling movement from a verbal-based culture to an evidenced-based culture that is compliant ready. (3) Automation The technology must provide a means to automate the process of reviews, revisions, sign-offs and future changes in addition to providing automated reminders for updates. This will reduce the time consuming and potential for error when staffs coordinate these activities manually. (4) Integration The technology must provide the ability to automate similar changes in related documents and provide access to document revision history to ensure audit-readiness and leverage efficiencies. Unfortunately, many organizations are failing miserably at one, two or even all four principals of compliance management. The issue isn't due to a lack of trying. Most often it's due to the complexity inherent in the process. Unfortunately the cost of non compliance equates to huge exposure on two fronts: Risks of sanctions, fines and safety, plus widespread, oftentimes hidden organizational inefficiencies, reeking havoc on the bottom and top line. The challenge is to automate compliance preparations in addition to the renewal/updating of policies and procedures. With this approach compliance readiness becomes a byproduct and a verbal-based culture is replaced by an evidence-based culture. Creating a Compliance Infrastructure Tree Using a simple metaphor of a tree helps to illustrate the issue. Policies are often considered static, like loose 'leaf' binders on a shelf. The policy 'leaves' come out and are replaced by new policy leaves. When additional information is added, the leaves of compliance and quality assurance expand and grow naturally on the same branch or twig as their respective policy leaves-as minutes of quality assurance reviews, inspections, etc. This creates a tree of complete information. However as compliance grows and expands, to ensure compliance readiness, the tree needs to become self sustaining and smart with pre-encoded DNA. With this advantage, dead leaves and branches are automatically pruned as directed in advance. As autumn leaves fall on schedule, they are automatically re-absorbed into the organic processes of the ground and roots sending the regenerated substance of the leaf up the trunk to be routed to the proper branch and twig. This is automation at its finest. Important information is saved, stored and automatically renewed and available. However, most healthcare, business or clinical information systems don't operate this way. They tend to leave policy and compliance problems as orphans that become lost in the expensive and disruptive process of installation. Likewise, document management systems are static and do not address the need for the living self-renewal of policy, procedure, and compliance data. What is needed is a specialized system, designed around the challenge of automating this organic approach. This begins with a fundamental change. The management of documents and process must be integrated. At the core, a living database must be created. The database needs to be living vs. static because it has to be able to integrate the lifecycle of a document with the process of compliance. When this occurs, the result is a living repository for thousands of documents and procedures that becomes merged with every step of the compliance process. With this type of organic database an organization can automate, control and manage compliance more accurately with less staff effort. When Google-like search features and smart links are added, every staff member gains desktop access to complete and accurate information. Likewise, the process is streamlined further when the information is either hosted via the Internet or managed internally on an organization's intranet. It's time to re-think compliance. It's time to use smart technology to move from a verbal-based culture to an evidenced-based culture. The staff management effort required to stay compliant needs to be reigned in before your organization's future viability becomes at risk due to the increased exposure of sanctions and fines. It's time to embrace the new technologies available to turn the tide on compliance management. [24x7] (1) Smith, D., Compliance Packaging: A Patient Education Tool, American Pharmacy, Vol. NS29, No 2 February 1989 |
|
|||||||||||||
