Large-scale healthcare mergers and acquisitions (M&As) are on a steep incline. In 2017, healthcare M&A deal value reached $172 billion – a 146 percent increase from 2016.
In the past few months alone, we’ve seen Walgreens team up with Amerisource and Amazon partner with Berkshire Hathaway and JP Morgan to penetrate the healthcare market for the first time.
These mergers often fuel discussion around healthcare providers’ poor handling of patient data. For example, Aetna, which recently merged with CVS in a $69 billion deal, faces an investigation for denying patients’ care without analyzing their patient records closely enough.
Additionally, Advocate Health Care Network, which will soon merge with Wisconsin’s Aurora Health Care, paid a $5.5 million fine last year for failing to comply with patient data protection rules. More than 4 million patient records were compromised after multiple Advocate desktop computers were stolen and one unauthorized individual gained access to the billing system.
Compliance and patient data protection become even bigger concerns when two large healthcare entities merge. With so many moving parts, it’s a challenge to remain compliant with ever-changing industry regulations. Hospitals, insurers and health networks can combat that struggle by putting compliance responsibility in the hands of automation tools.
Where do healthcare compliance processes fall apart?
There are plenty of manual processes that could cause trouble during an M&A, including these common culprits:
● Sharing information – If doctors, nurses or administrative employees need to share patient data or billing info amongst each other, the risk of it falling into the wrong hands increases. This is especially true when sharing data via insecure channels like email or Dropbox, where users can forward or share with anyone.
● Contacting patients – Healthcare organizations use multiple methods to contact patients, including phone, text, email and letters. No matter the chosen method, in carrying out patient communication manually, there is risk for error. One wrong phone number digit or email typo could cause sensitive patient data to wind up in the wrong hands.
● Using multiple systems – Patient data is often not consolidated, especially as healthcare organizations undergo mergers. Data decentralization can both increase the odds of a breach incident and limit patients’ access to their health information.
When these processes fall apart, healthcare companies open themselves up to reputation damage and potential fines. Plus, more public disapproval is the last thing healthcare organizations – especially insurers – need on their plate. Right now, only 44 percent of the public views health insurance companies favorably.
Workflow automation as the antidote to non-compliance
While repetitive collaboration and communication processes are at high risk for breaking down, they also provide the perfect opportunity for workflow automation. Automating manual processes removes human error and boosts efficiency. In automating your manual workflows, here are a couple good candidates to start with:
● Auditing security controls – Far too often, monitoring for misuse or inappropriate access of patient information is only done after data has been compromised. Process automation allows for constant monitoring for inappropriate access, even by authorized healthcare organization employees who unnecessarily access specific patient records. A workflow automation solution can identify when an employee improperly accessed a patient’s records, perhaps out of curiosity toward a public figure or family member. If an unusual use case occurs, workflow automation can trigger an email to the operations team so they can look deeper into the case. If things still seem fishy, they could reach out to the employee that accessed the data or turn to their boss to seek an explanation.
● Providing patient records – By U.S. law, patients need to have digital access to their medical records. Since many organizations keep patient data across disparate systems and locations, it’s tough to ensure that it all makes its way into the patient’s digital portal. Automation fixes this non-compliance issue by triggering a workflow to search lines of data across multiple systems and to then generate a consolidated view of the information. Every time the patient logs in to request access to their medical records, this process automatically begins.
● Announcing breaches – Healthcare organizations have a legal obligation to report the full extent of a data breach. Organizations often botch the process when scrambling to understand the details and alert the required groups. After uncovering a breach, automating the breach communication process enables you to set the workflow into motion and generate all needed documents – from patient letters to press releases to forms – and send them to the right groups, including government agencies and any stakeholders.
For healthcare organizations, it’s not a matter of if they’ll experience a breach, but when. Workflow automation can’t eliminate breaches. But it can help you comply with industry regulations. Thanks to automated processes, your healthcare organization can feel free to experiment with technology to stay relevant and create a better patient experience – all without the high risk of legal non-compliance.
Author bio:
Ryan Duguid is the SVP of Technology Strategy at Nintex, an intelligent process automation platform. He has more than 20 years of global IT experience and works closely with organizations to define automation and technology strategies.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.