Mitigating Compliance Risk in the Connected Healthcare Ecosystem

For two and a half years, COVID-19 has been the primary lens through which health systems have viewed their infection control compliance efforts. However, by putting the sole focus on COVID-19, we’ve been missing the broader mission of infection control—for example, in credentialing, access management, and other healthcare operations areas.   

Amid evolving data reporting requirements regarding COVID-19 and other infectious diseases, proactive health systems prepare for future mandates by ensuring their data is accurate and comprehensive across vendor, visitor, and volunteer populations.

Holistic data is at the core of these efforts where vaccination information is only one piece of the puzzle, and vendors are not the only players being tracked. 

Read about additional major compliance drivers in access management.  

Recognize that compliance is a culture 

With COVID-19 variants, ever-evolving compliance mandates, increasing foot traffic, and flu season quickly approaching, how are health systems keeping their focus on safety? In the world of compliance, patient and staff safety are paramount, which means that no one in the health system is exempt from playing a part in the healthcare compliance ecosystem.   

Compliance is a continuous process never to be considered complete. In fact, rapid changes in governing body regulations and clinical outcomes targets ensure that continuous change is the norm. Reporting mandates, best practices, and guidelines for safety from the Centers for Medicare and Medicaid Services (CMS) and the Centers for Disease Control work to protect patients, visitors, and staff.

Visit CMS for up-to-date information as requirements and policies evolve.  

Leverage data to stay prepared 

To address the requirements and standards, compliance professionals must update their policies and socialize data needs accordingly—which requires them to remain well-informed and aligned on leading practices. For many health systems, however, keeping up with evolving reporting mandates put forth by CMS and other government entities is a challenge, both from a data-collection perspective and from an access management standpoint.   

For organizations, compliance and risk-management strategies for infection control serve a dual purpose. Primarily, they protect their diverse populations, including patients, visitors, and staff. Second, they help organizations avoid costly penalties.

In healthcare, where the pace of change is sometimes slow, incentives typically precede mandates. For example, remember the path to electronic health record adoption? Up to $27 billion in Medicare and federal Medicaid payments were authorized as an incentive for providers who met adoption requirements. Penalties soon followed, with up to $250k in violation penalties for systems that failed to comply.

Risk-averse organizations today are hyper-aware of the changing regulatory environment by anticipating similar patterns when it comes to COVID-19 compliance and are leveraging constant assessments to stay prepared. 

Take a holistic view of risks 

For clinically integrated, compliance-driven systems, this involves looking beyond basic requirements to reevaluate the scope of measurement to include:  

  • Comprehensive credentialing and enforcement beyond the acute-care space 
  • Visitor, volunteer, and contractor access management polices  
  • Enforcing credential requirements, including criminal background checks and immunizations 
  • Considering how credentials and policies affect the operational areas of the organization  

 These elements help support a comprehensive strategy. Yet, evolving CMS reporting mandates support the deeper understanding that:  

  1. The healthcare community is still learning as various infectious diseases evolve, which requires a forward-looking focus. 
  2. Regulations and requirements will continue to evolve, and compliance is not a fixed state.
  3. The data points to measure risk are not defined solely by COVID-19. Rather, it is an ecosystem of people, processes, and the environment that intertwine to form the complex reality of risk.  

Jay McDonald Headshot symplrJay McDonald, MBA, solution executive at symplr, has worked with hundreds of hospitals during access management discussions and policy implementations in healthcare facilities. According to McDonald, “In current practices, I think we’re missing the broader mission of infectious control; how we prevent, measure, track, and predict what’s coming down the road will separate progressive organizations. Peeling back the intricate layers of access management, this means instituting comprehensive infectious control, not just creating a policy on a piece of paper.

By taking a holistic view, we start to look at our patient populations and craft policies for those types of areas that reflect a living, mutating virus.”  

McDonald also pointed to holistic vaccination and access management compliance as a key strategy for mitigating risk in the years to come: “Many organizations are still focused on the majority of individuals or entities that are compliant with vaccines, credentials, etc., which is not where the violations are going to fall. As a community, we must be focused on creating policies, processes, and ways to identify the “10%” who aren’t compliant."

He stated that most people want to be compliant, and their employers are already doing the heavy lifting to make that possible, and added, "Therefore, it is a critical strategy shift to position people and processes so they can identify the 10% who fail to meet set standards. This better focuses scarce resources and maximizes time and efficiency. We must ask ourselves and understand that, if we’re not doing everything possible to keep patients safe, then we’re not doing everything possible to keep employees safe, a failure that puts the entire health system at risk.”  

Use an ecosystem model 

For McDonald’s conversations in the market, preparation to be fully compliant goes beyond the current understanding of access management to identify an ecosystem model where operations play a central role.   

He said, “In the market, I see organizations looking to identify which staff members have which vaccine. Why? As we start to look at which vaccines fail or become less effective over time, we have the ability to model that against workforces. Key to this conversation is understanding efficacy of different vaccines and what the associated operational considerations are; for example, the period of time an employee needs to take off work following a booster is relevant for understanding how boosters and staffing overlap in the larger healthcare ecosystem.”  

This approach, McDonald said, applies to everyone who supports the health system, including contractors and pharmaceutical reps. This creates the need for transparent insights into their data profiles and compliance levels that rival the more “fixed” members in the hospital rotation. “When we are able to capture that level of data, our employees and everyone else who supports the hospital environment are critical for modeling, staffing, and providing predictive analytics for how we manage the ecosystem and mitigate risk,” he added.   

With a team of clinical experts driving innovation, symplr is ready to share the resources and tools we’ve built for evolving access compliance requirements and data needs. To learn more about comprehensive access management strategies, set up a strategy session with us. 

Let's get started


Request a Demo