A strategic role


A strategic role

What are the most enduring and important health industry trends and how will they affect risk management? PwC’s Mitch Harris and Peter Claude explain why risk managers can now expect to take a more strategic role in moving their organizations forward.

Population health, cyber issues and the importance and use of quality data to drive improvements are three key themes that emerge from PwC’s latest analysis of health industry trends—and all have serious implications for risk managers, who can expect to take a more pivotal, strategic role within their organizations over the coming year.

This latest trend analysis takes a broader view than previous reports: since 2006 PwC’s Health Research Institute (HRI) has put out a report at the end of every year that forecasts what the top 10 health industry issues will be for the following year. HRI has now taken those past reports and searched for trends that have spanned the years, and compiled the issues that are still shaping the US health industry.

The report highlights the dramatic changes currently underway in US healthcare: “The ground is shifting rapidly, giving way to what we call the New Health Economy,” it states. “Technological advance, empowered consumers, disruptive new entrants and rising demand by an aging population are ushering in a new era in healthcare.”

In the ongoing quest for affordable, accessible, accountable healthcare, information technologies are taking center stage, states the report. Health IT, or HIT, is the critical connector, delivering real-time data to caregivers, helping drug and device makers prove their value and arming purchasers in government and the private sector with metrics to make smarter decisions.

A special area of concern for risk managers is the related rise in the number and availability of remote health tools. Peter Claude, a partner at PwC, says that healthcare providers are increasingly faced with the question: when is a device or app a medical device? The answer to this question raises further questions around approval, reliability and quality.

"The access to data is transforming the way that risk managers operate. The future related to that gets more complex for risk managers." Mitch Harris 

“We’re seeing an explosion of remote health tools and our report says even more are coming,” he says. “They are going to play a role across healthcare, so provider risk managers are going to be asking: how much am I going to be relying on this device or this app? If I’m going to be relying on it to make clinical decisions, to look at the safety of my patient, I’m going to want to know that it is validated as to quality and reliability.”

The wise use of data

A pervasive theme across a number of the trends identified by PwC’s report is the handling of personal data, and how to keep that data secure and private.

“Risk managers will have two things on their minds,” says Claude. “One is: how am I going to protect the data and reports in my systems? It’s not just a question of protecting all the devices out there that are collecting data and sending it in; they’re going to have to send it in through some kind of door into the providers’, payers’ or manufacturers’ systems.

“The more doors you have, the more opportunities there are for somebody to break in and the easier it is to insert data into one of those streams, such as a malicious piece of data that unlocks a door from the inside.”

As healthcare data fraud climbs, there has been a lot of concern over penetration, but the number one privacy and security risk is still knowledgeable insiders, says Claude.

“It’s folk inside the company with a grudge, with a profit motive. Given the evolution and growth in data flowing in and out of a company, risk managers need to be working closely with the security functions as well as with the business functions to make sure all three groups understand the new types of data coming in, how is it going to come in and that they have the right controls around making sure that it is protected.”

Claude adds that the proliferation of data can give risk managers the opportunity to spot problems before they occur.

“As a risk manager, it is wise to form an understanding of what data is out there around your company’s services and the products used, and how to use it to find problems before someone else does,” he says.

Social media can be an important place for discovering potential problems. For instance, by monitoring topics and comments in a nurses’ chat room it may be possible to discover common problems with a particular device which have gone unnoticed by the manufacturer.

“The stakes are higher and understanding what social media are saying about your company may drive you not only to managing regulatory risk issues but also to being able to provide real value back to the business around how to improve the customer experience.”

Another important use of data is to discover trends in the performance of your organization: Mitch Harris, a director with PwC, suggests that rather than simply using data to decide whether your organization is fully in compliance or out of compliance, it is increasingly important to look at the more subtle shifts exposed by the data in order to identify areas where your organization may be compliant, but is exhibiting weakness.

“If the claims department is averaging 28 days to pay and the risk manager sees that the average has moved to 28.5 and then to 29, that would be a good indication that they should pick up the phone and call a contact in claims and say, is there something we should be concerned about? Did you notice this?

“There are a lot of different metrics now, and third parties can know a lot more about what’s going on in a company than the company knows. For instance, health plans provide thousands of bits and bytes of data every day to the regulators and the regulators now have very sophisticated mechanisms to be able to identify and stratify that data to look for things that are off average, which then triggers other types of investigation,” he says.

Population health

Another factor influencing the proliferation of data is the shift towards population health. Access to quality data and a commitment to improving quality outcomes are major drivers in this new framework. The risk manager’s role in population health is particularly challenging, says Harris.

“Being able to monitor these risks across new multiple stakeholders really has stretched risk managers’ skills and their organizational capabilities, particularly in terms of how they use the data—a lot more actors are now involved.

“Accountable care organizations (ACOs) are a great example of that, with multiple providers forming a community around a member. Managing all the information that is going back and forth between these organizations and bringing it together to drive operations is particularly challenging.

“Risk managers have responded by developing more detailed understanding of operations, in terms of who does what, and what data they want to be looking at, where the controls are, how that flows, so that they can try to monitor this.”

Harris adds that there has been a shift towards relying more on the information that is being exchanged as opposed to waiting for somebody to pick up the phone or walk into the risk manager’s office and say that there is a problem.

“The shift is happening really rapidly and the access to data is transforming the way that risk managers operate. The future related to that gets more complex for risk managers.

“One of the big drivers is the CEOs and boards that are asking the risk management leaders to be strategic advisors: they want them to be able to enable the growth strategies of the organization: they’re not ‘traffic cops’ but are really sitting at the table helping the organization to grow. The organizations want them to be able to proactively advise and engage with the business.”

An exciting path

Claude and Harris both see a future where risk managers will provide predictive, strategic guidance, enabling their organizations to make better decisions faster. They will need to decide where they think regulators are going, paying attention to new laws being passed in other states that look likely to spread across the US. As coordination between the regulators improves and ideas are shared, this proliferation becomes more likely. By watching developments closely, risk managers can reach a conclusion on how best to help their organizations move forwards.

“Managing the risks of today that they’ve got under control is not going to be what consumes most of their attention in the future,” says Claude. “Instead, they can be looking forward to a dynamic and new set of issues and a new role within the organization which will be key to helping it succeed.”

He adds that risk managers bring an interesting perspective to the table that differentiates them from core legal functions: the latter are very good on policy, legality, managing contracts and making sure that risk is managed in those fashions. Risk managers can help expand the horizons of what a company can do because they understand how process monitoring and other risk mitigation techniques can allow a company to take risks that they may not have thought could be managed by contracts alone.

“One of the major changes in the way the regulators are regulating is that they’ve integrated quality measures into the way that they regulate as well as performance based payments,” says Harris. “That also links back to the risk manager’s ability to use data, and will continue to increase the profile of risk managers in the organization and really make them critical to boards and CEOs as they manage growth, helping them also to manage any hiccups that may disrupt their revenue stream.” 

PwC, Mitch Harris, Peter Claude, US