The new health economy is
bringing change and new entrants from diverse industries are stepping into
revolutionize care. Before a new entrant can seize opportunity in the new
market, they first need to understand health industry regulations and risk
factors.
This publication outlines
a four step approach to building a compliance program for clients entering the
healthcare market:
- Identify the appropriate operating model
- Make and manage risk-savvy decisions
- Establish a risk management plan, including organizational
design required to manage risk
- Build a roadmap toward an incorporated compliance function
capable of supporting critical decision making
NEW
ENTRANTS: CHARTING THE HEALTH INDUSTRY’S RISK AND REGULATORY LANDSCAPE WHERE
RISK MEETS OPPORTUNITY
PWC - July
2015
The new health economy is bringing change and new entrants from
diverse industries are stepping into revolutionize care. Conscious of the risk
endemic to the market, successful companies are using risk management to gain a
competitive advantage, employing a proactive approach to industry complexities
that isolates risks and allows them to move forward with a solid compliance
plan of action.
As traditional healthcare players, such as hospitals, healthcare
systems, and pharmaceutical companies, adapt to an emerging, value-driven
landscape, new entrants are entering the scene from a multitude of industries.
Retailers, technology companies, telecommunications businesses and consumer
products entities are offering up new products and services designed to meet
government and consumer pressure for efficient, lower cost and convenient
healthcare options.
Alternate treatment centers are springing up in retail markets,
home testing of common ailments1 are on the horizon and wearable devices that
monitor functions such as heart rate, hydration levels and sleep patterns are
sparking the interest of home health and wellness consumers.2 But successful
new entrants entering the healthcare space are thinking about more than the
prospect of shaping an industry. They are learning about the myriad of
regulations and codes that may impact their daily business activities and
referencing U.S. federal and industry association guidelines for guidance on
establishing effective compliance programs. These new entrants have learned
that a proactive approach to identifying and managing risk is more than a
prescription for avoiding and mitigating events. By limiting risks,
organizations gain long-term sustainability and market place credibility that
extends to raising funds or seeking buyers.
Mitigating
the far-reaching effects of risk
The healthcare industry
is evolving before our eyes. What holds true today could easily change
tomorrow, making routine risk assessments and prioritization a vital ongoing
process. While many new entrants are familiar with the concept of the risk and
the regulatory landscape in their current lines of business, the healthcare
arena presents unfamiliar challenges and obstacles. Across the value chain, from
research and development through manufacturing, commercial and medical
processes, organizations are exposed to risk from a variety of sources. Regulation
alone encompasses a vast universe that includes FDA, antikickback and other
laws that affect everything from product development to interactions with
healthcare professionals as well as the protection of consumers and the privacy
of patient health information, to name a few.
Before a new entrant can seize opportunity in the new market,
they first need to understand health industry regulations and risk factors. A
struggle many new entrants face is how to balance these new risks against the
needs of the business that may not be focused on the
healthcare environment.
This is accomplished as new entrants adopt a proactive strategy
that includes:
• Selecting the most appropriate operating structure
• Identifying and prioritizing the risk universe
• Taking time early in the pre-commercialization process to
establish a risk management plan, including the organizational design required
to manage acceptable levels of risk
• Building a roadmap toward an incorporated compliance function
capable of supporting critical decision making in the early stages and beyond
Following PwC’s Integrated Framework Approach, new entrants can
more easily navigate industry complexities and build an effective compliance
program.
Adopting PwC’s 4-Phase Approach to Developing a Compliance
Program Developing a compliance program in the complex healthcare market can
easily be accomplished with the help of PwC and a 4-phase approach:
• Select the most appropriate operating structure
• Identify and prioritize the risk universe
• Take time early in in the pre-commercialization process to
establish a risk management plan, including the organizational design required
to manage acceptable levels of risk
• Build a roadmap toward an incorporated compliance function
capable of supporting critical decision making in the early stages and beyond
Where are
you now? Identifying the operating model
The first step in ensuring an entity can identify, isolate and
manage risk, is by evaluating and selecting the appropriate operating structure
– either an integrated, hybrid, standalone, or partnership model. An integrated
model expands on current infrastructure, processes and systems to serve both
new and existing compliance service capabilities. Healthcare risk concerns are
incorporated into broader Enterprise Risk Management. This makes sense for some
entities, especially where health products and services align well with
existing offerings and geographic markets, but this model also exposes an
organization to the greatest potential risks. Similarly, a hybrid operating
model delivers some of the same cost saving advantages by sharing the processes
and systems that provide the greatest benefit to the organization as a whole,
but minimizes more of the exposure by dedicating resources to healthcare
compliance and isolating the areas of the business prone to the highest risk.
Meanwhile, stand-alone operating models provide the most protection to the
organization by centralizing risk in a separate department, but are not as cost
saving due to some operational redundancies.
Where do
you want to go? Making risksavvy decisions
Next, a company needs to determine how it plans to manage risk
decisions. A new entrant’s ability to survive the healthcare ecosystem’s highly
regulated environment is dependent on how effectively it can incorporate,
embrace, and manage the appropriate risks as part of organizational strategies,
operations and processes.
How risk is shared and absorbed across business units is one
factor in determining the amount of risk an entity can assume or how to best
mitigate those risks. Appetites are generally quite high for new competitors
entering a space, whereas a long-established organization may be less inclined
to indulge in the same risk patterns. Making risk savvy decisions requires a
view of the universe as a whole and the ability to distill down to the
applicable risk factors. Successful organizations entering the healthcare space
incorporate legal and regulatory counsel responsibilities as part of the
pre-commercialization and decision making process. By pulling forward internal
knowledge and expertise across the business, new entrants gain a complete view
of the risk landscape, assessing organizational activities and
commercialization markets to then isolate the most probable risk factors. By
identifying the areas of impact early, new entrants can plan for challenges
that could otherwise prohibit or cut short entry.
Another path to successfully managing risk is through
partnerships with incumbent healthcare organizations. Depending on their market
strategy and product development stage, marketing or collaborating with
traditional healthcare companies or industry trade associations, such as the
Advanced Medical Technology Association (“AdvaMed”), could help navigate some
of the complexities of the market.
How can
you manage the risk you decide to take? Building the compliance structure
Maintaining an effective compliance program protects brand
reputation and value by enabling crisis prevention, management and remediation.
Given the dynamic state of the health industry, and new risks related to the
new health economy, organizations typically follow specific guidelines to
establish a functioning structure that meets both organizational needs and
regulatory requirements. This includes the development of policies and procedures
that help manage risk as well as the inclusion of effective controls and
internal business unit self-monitoring to evaluate how the risk model is
functioning and to identify emerging risks as the landscape continues
to change.
As new entrants take stock of the pre-commercialization
landscape, they can consider the scope and shape of their compliance function
by determining:
• The span of control
• The necessary resource requirements
• Lines of reporting
• Resource model as well as necessary new skill sets
• The formation of governance committees
In addition, new entrants can become acquainted with healthcare
industry better practices related to compliance. To bring organizational
concerns and critical issues to the forefront earlier in the decision process,
established healthcare entities are elevating the role of the Chief Compliance
Officer (CCO), recognizing the necessity for a CCO who reports directly to the
board of directors or audit committee.3 Managing risk requires a full time
professional at the helm, one in charge of a standalone department, budget and
resources. This growing trend underscores the emphasis the healthcare industry
places on the compliance environment. By shifting the focus from the legal
arena and including compliance officers in strategic decision-making,
organizations effectively enable the CCO’s ability to escalate issues and
better embed compliance-related processes throughout the organization.
Also of primary concern to compliance-oriented organizations is
the resource model. Many chief compliance officers are expanding their standard
team definitions beyond legal experts to include professionals with proficiency
in data analytics or with clinical, technical or business backgrounds.4 Drawing
on this rich and varied experience, the compliance function can generate more
timely business insights, improve decision-making across the organization and
establish protocols to prevent serious mishaps, particularly in the early
planning phases of product innovation.
The formation of a separate compliance committee is another
element of the compliance structure that is being employed in healthcare
organizations. When fully supported by and empowered with talented and
knowledgeable individuals from across the company, the formation of a committee
sends a clear message on the organization’s commitment to compliance. Equally
as important, a compliance committee stands as a line of defense. By providing
senior decision makers with the right information to navigate legal obligations
and reporting on overall compliance, an organization also empowers those on the
front lines of everyday operations to understand and manage the issues and
risks that impact their business activities.
How will
you get there? Developing the risk management plan
Capitalizing on the emerging opportunities in the healthcare
industry requires substantial risk consideration and a prioritized road map
that guides the creation of the compliance structure. An effective compliance
program is embedded in the organization’s operations and has buyin from the
top. Senior leadership sets the tone for the rest of the organization by
supporting the formation of a compliance committee and by demonstrating a
personal and organizational commitment to compliance. This includes the
development of policies and procedures that manage risk, the inclusion of
effective communication to ensure the policies and procedures are easily
understood, and periodic formal assessments to evaluate how the risk model is
functioning and to identify emerging risks as the landscape continues to
change. Additionally, performance metrics should guide employees toward the
goals and objectives of the compliance program, while performance incentives
award ethical behavior.
Risk
management as a competitive advantage
Recognizing the complex nature of the industry and the variety
of new entities now entering or inhabiting the space, there is no “one size
fits all” compliance program. As new entrants join the emerging new health
economy, they follow a twisting road marked by changing guideposts. The
organizations that have an ability to understand those changes, and then assess
and manage the overall risk to their business model, will be the ones that come
out on top. Risk management becomes a competitive advantage when it maximizes
efficiency and minimizes exposure, resulting in long-term sustainability and
market place credibility.
To gain an edge in a competitive market, new entrants should
follow leading industry practices when building a compliance structure and
consider the following:
• Turning risk management to a competitive advantage will
require new entrants to obtain maximum value from the operation. Integrating
common compliance methods, tools and practices across the business will ensure
consistent communication and reporting in a cost effective manner.
• Establishing a formal process for prioritizing risks, and then
aligning mitigation, monitoring and control functions by priorities, is also
key to obtaining valuable insights while maintaining an efficient operation.
• Successful healthcare companies are following emerging better
practice methods, escalating the role of the CCO to one who reports directly to
the audit committee or board of directors. By doing so, they demonstrate agile
and supportive compliance programs. Focused on recognizing critical issues
early in the decision making process, they also support the formation of
compliance teams and committees, incorporating members from varied backgrounds
and expertise.
• Adopting a culture of compliance is critical to program
success, including continuously monitoring the risk universe for emerging
factors and evaluating the impact on operations, strategy, resources and the
organization as a whole. This is an area where analytics can help by making
sense of historic trends and monitoring current activities, while proactively
identifying key risk indicators.
The most effective and
responsive compliance programs are embedded in operations and have a seat at
the table when discussing operational and strategic planning. This provides the
organization with the opportunity to identify risk early on and develop
reactive strategies for mitigating risk with all stakeholder input. As new
entrants plot their course along the new healthcare path, early risk
consideration, planning and strategy adoption will do more than prepare them
for the complicated challenges of the industry. It will enable a more
sustainable, effective and competitive organization capable of leading the way
for all new entrants entering the new health economy.
_______________________________
© 2015 PricewaterhouseCoopers LLP, a Delaware limited liability
partnership. All rights reserved. PwC refers to the US member firm, and may
sometimes refer to the PwC network. Each member firm is a separate legal
entity. Please see www.pwc.com/structure for further details. This content is
for general information purposes only, and should not be used as a substitute
for consultation with professional advisors. MW-15-2305
_______________________________
1 PwC Health Research Institute, “Healthcare’s
New Entrants: Who Will be the Industry’s Amazon.com?,” PwC, 2014.
2 PwC Health Research
Institute, “Health Wearables, Early Days,” PwC, 2014. www.pwc.com/hri
3 “PwC State of Compliance
2014, Healthcare Provider Industry Brief”
http://www.pwc.com/us/en/risk-management/state-ofcompliance-survey/assets/pwc-soc-provider.pdf.
4 “PwC State of Compliance 2014, Healthcare
Provider Industry Brief” http://www.pwc.com/us/en/risk-management/state-ofcompliance-survey/assets/pwc-soc-provider.pdf
_______________________________
ĐỌC THÊM