Whitepaper
Navigating Compliance Regulations for Healthcare Communications in 2016
Novitex Enterprise Solutions1-844-NOVITEX I www.Novitex.com
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 2 2
In the highly-regulated healthcare industry, communication managers and compliance
officers face a growing number of complexities when it comes to communicating with
patients and members in a way that is both effective, and compliant. Already in 2016, fines
and sanctions related to HIPAA and HITECH laws have tallied as high as $6.5 million dollars
for a single violation. Today’s regulatory landscape, in regards to communications within the
healthcare industry is an understandably tense one, and stakeholders are actively seeking
more effective methods to execute their communications. The goal is to deliver
communications that are 100% compliant, contain zero defects, and are truly 1-to-1 in terms of
personalization, including honoring the patient or member’s preferred channel of
communication. However, those objectives are not always easy to achieve. In support of that
goal, we have assembled this whitepaper; taking a look at industry trends, some available
healthcare enterprise content management system options, and lastly, providing a look at
our own solution: Healthcare Connect.
Introduction
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 3
Organizations in the healthcare space face a myriad of industry-specific regulations when it
comes to patient and member communications that do not exist in other industries, even
other highly-regulated ones like financial services.
Many organizations are bringing in a number of safeguards already. Compliance Officers and
dedicated compliance teams are among the top. But many are also using a number of
industry-specific software systems in an attempt to automate some of the production of
compliant materials, to reduce the risk of human error and mitigate the risk of compliance
penalties. While investing in tools and teams dedicated to this work are good steps, there is
still room for improvement as evidenced by the high number of substantial fines and sanctions
levied against a large percentage of healthcare and insurance firms in 2016.
$5.5 million settlement from
Advocate Healthcare
$4.3 million assessment
against Cignet
$2.2 million penalty against
New York Presbyterian
3
Mission Critical: Clear, Affective, Compliant Communications
Examples of Fines Against Healthcare Providers Include:
Due to sets of newly introduced and evolving laws
and conditions, like a 2016 round of HIPAA audits,
ICD-10 revisions, and the introductions of Medicare
Access and CHIP Reauthorization Act (MACRA),
Merit-Based Incentive Payment System (MIPS), and
Alternative Payment Models (APMs); navigating the
fluid conditions of HIPAA and HITECH Compliance,
as enforced by CMS, brings everyday challenges for
healthcare enterprises of all sizes when it comes to communicating with members and
patients; and high visibility to compliance and communications managers/officers within
these organizations.
In this ever-changing landscape of regulated communications, healthcare organizations are
finding it increasingly more important to have systems, processes, and accountability in
place to manage it all.
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 4
Let’s face it – the creation, and distribution of patient and member communications might be
one of the most cumbersome workflows; from sensitive information, including personal
health and financial records, to the privacy and security implications facing the management
of such documents. Hospitals, health insurance providers and pharmaceutical alike are
facing some common trends when looking at the industry in more detail.
Trends Within the Healthcare Communications Landscape
TREND 1: INCREASING REGULATIONS
TREND 2. KEEPING UP WITH TECHNOLOGY
As communication technologies change and evolve, healthcare enterprises must understand
how they can leverage technology and which tools are right for them.
These types of communication processes can lead to questions like:
Constant changes of regulatory conditions makes
choosing communication tools that can securely
manage and disseminate patient and member
communications in a compliant manner paramount.
Tools need to support security and privacy as well as
give insight back to the provider.
As important as the tools used are, so is the ability to
maintain and upgrade technology. Mergers and
acquisitions can lead to a number of legacy systems
that do not interface with one another, creating an
inability to effectively manage end-to-end
communications.
• Was the document printed or mailed?• Does it meet quality standards?
• When did we send our last communication?• Was it on time with a mandated deadline?
Oftentimes, organizations are working across departments, creating siloed workflows.
Working independent from one another can present redundant work, inefficiency and lost
productivity, as a result. And with little or no oversight, organizations have minimal visibility
into the chain-of-custody over communications, and limited ways for compliance managers
to audit the process – in the moment, or in review. Documents may be created by one
department, audited by another, and produced by yet another; sometimes by an external
vendor.
TREND 3. INDEPENDENT DEPARTMENT WORKFLOWS / PROCESSES
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 5
TREND 4. RISING FINES AND SANCATIONS
Trends Within the Healthcare Communications Landscape, Continued
With fines and sanctions becoming this common, and the financial stakes being so high, it is
important that organizations take careful steps to consider where and how they can
effectively manage their risk.
• The human ability to catch errors is inherently flawed. With only visual confirmation of data
correctness, humans miss an average of 10.23 errors per data set.
• The risk of fines for non-compliant communications around protected health information
(PHI) is on the rise. If discovered, a single non-compliant message could lead to a penalty
of up to $1.5 million.
• Even if corrected within 30 days, HIPAA violations can attract a fines of $10,000 –$50,000.
• HIPAA violation penalties can even include imprisonment for up to 10 years for knowingly
misusing individually identifiable health information.
The approximate number of healthcare companies who have received a CMS sanction or
suspension in 2015 is 35%, and 62% of these companies have received a CMS fine of $250K+,
on average. There are a number of causes behind these alarming compliance statistics.
Occasionally, problems arise due to internal processes. A lack of visibility in production, and
limited audit capabilities within communication platforms themselves lead to breakdowns of
oversight within processes.
$14,883,345 in resolution amounts and monetary penalties to date
OTHER FACTORS AFFECTING COMPLAINCE:
So the question becomes, how can enterprises most successfully navigate these
compliance rules, and avoid audits or breaches that prompt compliance fines and
affect revenue?
For healthcare communication production and dissemination, the best practices are clear:
achieve 100% compliance; maintain zero defects; develop 1-to-1, personalized
communications. In the current climate of software communication platforms available to
support healthcare enterprises, those best practices are not always achievable. In the next
section, we will take a closer look at why.
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 6
1.
There are a number of communication management options available to healthcare
organizations today – from SAAS-based software products to consultancies. Each one should
be considered carefully. Where one is strong in templated production capabilities, it lacks in
auditable oversight capacity for compliance; and while experts might recommend processes
and best practices – it leaves organizations on their own to manage in the every day.
Available Communication Management Options
Three Options for Healthcare Organizations:
2.
3.
Consultant-Based Solutions that can leave you exposed over the long term once their training period has completed, due to still manual processes and workflows
Software-Only Solutions that fail to address everything that HIPAA/HITECH or CMS
regulations entail; a software platform may contain compliance safeguards, but does not
have document production engine
A Holistic Solution that addresses the full extent of compliance regulations with
comprehensive, consultative guidance – combining proven methodologies and best of
breed technology applications
Anything less than the third option listed above can spell trouble for healthcare
organizations and put communication compliance at risk. For instance, one healthcare
provider drew the attention of auditors when they sent an explanation of benefits (EOB) by
mail to a complainant's unauthorized family member. A seemingly innocent mistake, but the
subsequent Office of Civil Rights (OCR) investigation determined that a flaw in the health
plan's communication system put the protected health information of approximately 2,000
families at risk of disclosure in violation of HIPAA compliance rules; a substantially larger
violation.
On a separate occasion, a programming error by a business associate at an Indiana-based
FSSA was not caught by internal audits, causing extra pages from client notifications to be
mixed into mailings to the wrong clients, compromising medical and financial information for
nearly 200,000 clients.
Adding software technology to the mix can help, but alone is not the answer. Where one
platform may be strong in terms of audit capabilities, its editable content templates may be
limited. For example, solutions like MedSafe offer compliance training, but then leave you on
your own to remember that training, and create compliant communications based on what
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 7
Available Communication Management Options,
Continued
Another company, called Healthicity, offers a suite of compliance-focused software designed
to help organizations manage compliance issues in regards to their outgoing
communications, but their platform does not include an actual document production engine;
meaning, that while their software can guide you through the process of creating compliant
communications, you are still left to create the actual documents outside of their software,
leaving room for human error, unmanaged version control and no trackability or insight into
the proofing process, inclusive of the actual delivery of the final patient facing
communications.
The best option to consider –
a fully holistic, document composition and workflow solution.
they taught you. This consultant-based approach is hardly different than the educational and
training content offered by the CMS themselves. In both cases, you’ll have to learn volumes
of always-evolving information either on your own or with the help of a consultant, and are
left without the built-in compliance safeguards that more comprehensive solutions offer, when
it comes time to actually produce communications. While such educational approaches are
beneficial, this strategy essentially leaves all the same technical and process-based
potential for compliance lapses that your workflows had previously, even if your workforce is
more educated.
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 8
Introducing Healthcare Connect
When it comes to effectively communicating
with patients and members, healthcare
organizations have substantially more
components to manage than businesses in
other industries. Connect was developed with
this in mind.
Designed with input from hundreds of client conversations and a proven CMS practice,
Novitex designed Healthcare Connect.
During the document composition phase,
Healthcare Connect includes built-in
safeguards that help support compliance,
zero defects, and mitigate operational risk.
With a web-based portal at the core,
Healthcare Connect allows for the
implementation of proprietary business rules
that will create parameters to satisfy
regulatory requirements. To help ensure
these business rules are followed, the
platform also allows for the establishment of
document formatting rules, and provides
templates with lockable content zones;
preventing errors before they ever happen
by removing the ability to change sensitive
patient and member information completely.
Connect is a complete end-to-end communication composition and workflow solution that supports compliance, personalization, and the fulfillment and
dissemination of healthcare communications.
-by-side document comparisons, and a
streamlined, customizable document review
process, which provides validation, version
comparison, quality control, and document
approval capabilities; all helping to facilitate
that only compliant documents make their
way to production and fulfillment stages.
Version control helps increase compliance by
building in safeguards. This allows your
organization to better manage the most
updated and approved versions among ever-
changing regulations and requirements. It
enables organizations to speed up the
approval process. You can apply template
changes at a parent level that can get applied
to all other related documents.
Enabling compliance and communications
teams alike, Healthcare Connect provides
real-time, self-controlled auditing and
proofing capabilities, including version
control, document rights management, side-
With Healthcare Connect, you’ll be able to
personalize communications and honor each
patient or member’s preferred communication
channel with a number of specifically-
engineered tools. Multi-channel templates
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 9
help facilitate the efficient production of
various types of documents; from email to
traditional direct mail; and personalization
through data ensures the most relevant
information is being sent to the appropriate
recipients.
By simply uploading patient or member
data files through the easy to use web
portal, Healthcare Connect automates the
personalization of communications.
Healthcare Connect
SUMMARY:
The last component of successful communication is being able to track and prove that
communications entered the mail stream in accordance with federally regulated CMS
deadlines – offering full chain of custody – down to as granular a level as managing
individual enrollment kits and envelope fills.
Integrating composition, print, fulfillment and mail services with our best-of-breed technology
into your workflows, Novitex offers a seamless and holistic communications solution.
The penalties for compliance issues caused by departmental silos, lack of auditability,
and lack of process oversight, or internal business rules are simply too high to ignore in
the healthcare environment in 2016. Achieving the seemingly lofty goal of 100%
compliance, zero defects, and true 1-to-1 communications is possible, but only with the
right technology, people, and processes in place.
Compliance is just one aspect of an
effective healthcare communication
process. Your patients and members now
expect consistent, personalized multi-
channel communications — satisfaction
and consistency is of utmost importance.
ParentTemplate
ChildrenTemplates
Change Comparison
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 10
These efforts led to the company earning 100% HIPAA
compliance after our solution was implemented, saving them
hundreds of thousands of dollars in penalties along with
millions in saved postage costs.
100%
of SLAs were Met
CHALLENGE: DELIVERING 100% COMPLIANCE
When a nationwide health
insurance provider added
Medicare Part D to its portfolio
of services, it was confronted
with new, operational
challenges. Its internal print
and mail facilities did not have
the equipment to handle all
administrative mail, annual
notices of change (ANOCs)
and enrollment documentation
SOLUTION
RESULTS
Within Connect, Novitex created document templates with hierarchical, parent/child structures
and zones that enabled the provider to easily personalize their directories through data
integration while maintaining compliance with HIPAA regulations. With our live auditing tools,
our client was able to track all jobs, from creation to mail insertion, checking for compliancy,
accuracy, and consistency.
triggered exponential cost
increases due to the size of
the piece. The vendor’s
failure to audit also
subjected the client to a
multitude of HIPAA
violations and due to the
size of the pharmacy
directory mailings, incurred
exponential processing
and postage fees.
could not adequately comply
with CMS regulations.
Additionally, they needed to
create confidential pharmacy
directories to disseminate to
their members, but were
confronted with technological
and operational challenges
that impeded compliance and
caused cost increases that
impeded compliance and
$1.4 Million Saved In Postage Costs
Case Study #1: Healthcare Connect in Action
Plus, Connect kept a log of all jobs, allowing the provider to reference historical information
when needed for auditing and tracking purposes.
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 11
Our team introduced Connect’s Produce Module and its powerful tool set that included a
customizable web-to-print capability for managing the production of promotional
communications. Features included:
• An eCommerce shopping cart, allowing for easy job submission
• Real-time reporting, providing insight into volume, costs and more
• Preview capabilities, helping to manage quality and consistency
• Audit-friendly tools, enabling managers to quickly approve jobs
• Job tracking, providing users insight into project status
In order to reduce costs further, we leveraged our proprietary collaborative sourcing
database to help our client find the best vendor at the right price point
CHALLENGE: DRIVING THOUSANDS IN SAVINGS WHILE INCREASING QUALITY
This solution led to a 22% annual reduction in print costs,
while satisfaction with printed documents increased
substantially.
Annual
Savings
15% Faster
Production
Times22%
Case Study #2: Healthcare Connect in Action
For more than a decade,
Novitex had been providing
on-site reprographic services
to the number one ranking
pharmaceutical company in
the world. As a trusted
adviser, our client turned to us
asking that we help optimize
the production of its
promotional communications.
jobs, which resulted in:
• Usage of multiple vendors,
limiting buying power
• Limited visibility into costs
due disparate workflows
• No approval process,
leading to inconsistent
quality and branding
More specifically, our client
needed to develop a more
efficient and cost-effective
process for ordering and
producing promotional
communications for new
pharmaceutical products.
Our client did not have one
centralized location for users
to submit commercial print
SOLUTION
RESULTS
Whitepaper: Navigating Compliance Regulations for Healthcare Communications in 2016 12
By leveraging the web-based portal, our client was able to automate the personalization of
customer communications easily and quickly. In addition, we implemented:
• An enterprise-wide set of rules for the development of materials
• Helped develop hundreds of pre-approved templates and brand assets
• An optimized and automated approval process
Our solution enabled this client to save time, money, and
allowed agents to communicate more frequently and
effectively with clients.
30%
SOLUTION
RESULTS
Saved on
Production
Costs
Increased
Brand
Consistency
Case Study #3: Healthcare Connect in Action
CHALLENGE: CENTRALIZING THE CREATION OF MATERIALS TO DRIVE
INCREASED STANDARDIZATION
A national, diversified
healthcare services company,
operating 80 hospitals, 190
outpatient centers and six
health plans and Conifer
Health Solutions needed to
launch an outreach and
enrollment campaign to raise
awareness of the new
coverage options available
each agent had their own
system for completing this
task; leading to brand
inconsistencies. One agent
was even using tools like
Word’s merge feature with
Excel to develop hundreds of
letters, wasting countless
hours and increasing the risk
of human error exponentially.
through the Affordable Care
Act. However, the provider
needed to have greater
control over branding across
their hospitals and outpatient
centers. Additionally, the
client needed to increase
efficiency for creating and
producing personalized
communications. At first,
For more information on Healthcare Connect and examples on what it can do for your
healthcare customer communications, visit:
https://www.novitex.com/regulatory-communications-management
https://www.novitex.com/communications-management
You can reach out to our team directly as well by emailing [email protected]
Novitex Enterprise Solutions is the leading provider of innovative, cloud-based solutions in
the document outsourcing industry. By leveraging the end-to-end Integrated Document Life
Cycle™ framework, our consultative approach and the right technology, Novitex and its
9,000 on-the-ground employees enable clients to free up valuable resources to drive their
businesses forward. With more than 30 years of experience, Novitex has successfully
implemented solutions for hundreds of clients, including the Fortune 500, Am Law 200 and
across ten vertical markets.
Learn More About Healthcare Connect