What Risk Managers Can Learn From the Health Care Industry – JD Supra

The COVID-19 pandemic had the silver lining of accelerating the digital transformation of countless industries, and as the dust settles over health care’s own evolution, risk managers will need to navigate an ever-more complex web of challenges to enable the path forward.
We believe it was harder prior to the pandemic’s disruption to imagine the sort of health care landscape that research and advisory firm Gartner® is projecting in just a few short years. By 2025, 40% of healthcare providers will shift 20% of hospital beds to the patient’s home through digitally enabled hospital-at-home services, improving patient experience and outcomes and reducing the cost of care.
Supporting this delivery model will be technologies that not long ago were relatively uncommon – think of the biometric sensors many of us now wear every day in the form of a smartwatch. Where a video appointment with a primary care physician was once rare, it increased 38-fold from a pre-COVID-19 baseline by February 2021, according to research published by McKinsey & Company.
Yet the business risks intrinsic to these evolving health care delivery models, fueled by the expansion of operations to new technologies and third-party relationships, are also profound. Fifteen of the top 20 life science organizations will lose a combined $10 billion in revenue due to digitalization-related cybersecurity issues by 2025, Gartner projected.
As we see in NAVEX’s work helping our customers manage IT and third-party risk, the pitfalls intrinsic to health care’s increasingly interconnected business models will require serious vigilance from risk professionals. Silos are not going to work – to enable the coming evolution, risk managers will need visibility into the whole organization.
Some of this transition to a new paradigm for at-home care delivery is already in place – with a business model to back it up. According to Gartner, by August of last year, more than 140 health care providers across 32 states had received approval from the Centers for Medicare and Medicaid Services to obtain reimbursement for eligible patients treated in their own home.
It’s not just at-home care that is opening new avenues for risk. Like many industries, health care organizations face boundless pressure to decide whether a business function, sometimes invisible to the consumer, should go in-house or be outsourced through a third-party relationship. The average modern hospital relies on more than 1,300 external vendors, according to the Ponemon Institute, and it’s worth noting that many third-party vendors will have their own third parties, sometimes known as “fourth parties.”
Health care regulators can also extend compliance requirements to those third parties, requiring health care organizations to ensure their partners are compliant on an ongoing basis.
More organizations are using purpose-built software to assess risk across these relationships. NAVEX’s 2021 Definitive Risk and Compliance Benchmark Report showed that 57 percent of risk and compliance programs used such a mechanism, up from the 44 percent and 46 percent of the prior two years.
“Risk” in the health care world can have a deeper societal meaning than business risk. A rural hospital struggling to stay afloat economically is still a major community asset whose risk implications for an individual could literally mean life or death. Gartner made an ominous assessment in its strategic planning assumptions around health care outcomes for 2023 – a lack of virtual health care access such as telehealth appointments will contribute to 5 percent of global deaths due to disease.
Some of that projection stems from the fact that not all people have access to robust internet connectivity. Yet it is necessary that providers are able to deliver such service in the first place, and in a sense, risk managers charged with enabling the digital transformation of health care by managing third-party and IT risk can be seen as playing an integral role in community health.
Gartner also assumes that, by 2025, a digital commerce and marketplace platform will connect one in five consumers, payers and providers.
This expected consolidation of consumer experience will require more health care delivery organizations to forge partnerships, even with rivals, to compete. These relationships will require a large amount of trust and vetting of third-party relationships.
Whether or not your organization is in the health care realm, the lessons of managing risk in this essential industry provide great insight into best practices for enabling digital transformation over the next few years. NAVEX is pleased to provide this Gartner research to readers, available here.
For more information about managing IT and third-party risks, download the
Definitive Guide to IT Risk Management and Third-Party Risk Management
Gartner, Predicts 2022: Connections Drive Healthcare and Life Science Business Model Change, 18 November 2021, Pooja Singh, Barry Runyon Et Al.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
View original article at Risk & Compliance Matters
See more »
Refine your interests »
This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.
Back to Top
Explore 2022 Readers’ Choice Awards
Copyright © var today = new Date(); var yyyy = today.getFullYear();document.write(yyyy + ” “); JD Supra, LLC


Leave a Reply

Your email address will not be published.