As we head into the second half of 2020, many of the temporary flexibilities for telehealth allowed during the COVID-19 pandemic have been made permanent. Since its arrival in
Read more »GRC Adoption to Protect Patients and Protect Margins
Healthcare organizations facing anything like a data breach, an infection outbreak, or an accidental death can find it very hard to bounce back. To stay ahead of these problems and to give patients the dignity and respect they deserve when being treated, hospitals and healthcare facilities need to approach governance, risk management, and compliance (GRC) as a whole instead of individually. GRC isn’t relevant for information technology only, but has clinical, operational and financial implications as well.
While some may think that Enterprise Risk Management is an equivalent to governance, risk management, and compliance there is a key difference. ERM strategies typically are not connected to the rest of the organization from a process or data perspective. In a hospital setting, ERM is relegated to addressing issues after they happen, whereas GRC is intended for prevention.
Establish True Culture of Safety and Reliability
Improving the culture of safety within healthcare is an essential component of preventing or reducing errors and improving overall healthcare quality. A safety culture is characterized by shared core values and goals, non-punitive responses to adverse events and errors, and promotion of safety through education and training. A safety culture requires strong, committed leadership, along with the engagement and empowerment of all employees.
Steps to GRC maturity
Currently, there are few processes or models for organizations to emulate, nor technologies to implement them. But as providers begin considering GRC, here are some likely milestones:
Audit
The first step to integrated GRC begins with an audit – establishing a baseline rating of where the organization is in their GRC “maturity.”
Goals
Results of the audit help set the baseline goals of what a successful GRC looks like.
Strategy
With destination in hand, now’s the time to chart the road map.
Metrics and Measurement
Establishing acceptable performance thresholds to measure GRC, and aligning those with the metrics that reflect the current state of the organization, provides all stakeholders with what they need to succeed.
Reporting
Regular reporting to decision-makers keeps the Governance in GRC. As a recent Forrester1 report points out, organizations need to continuously demonstrate the reliability of risk and compliance data, show how thoroughly risks are being tracked, and give leadership the information they need to take action.
Predictive analytics is a significant part of the reporting matrix, as it allows a GRC process to become proactive. Teams are alerted to issues so that they can be addressed before a clinical error or patient complication emerges.
As other industries have discovered, a mature risk management program contributes to better financial performance. A recent Ernst & Young report and survey found that companies in the top 20 percent of risk maturity generated three times the level of EBITDA as those in the bottom 20 percent. Financial performance was highly correlated with the level of integration and coordination across risk, control and compliance functions.
1 Forrester Research, Inc., (2016, April). Measure GRC Performance to Show Processes and Data Reliability