As the Affordable Care Act ripens, healthcare organizations must transform to survive. Hospitals and clinics will treat more Medicare patients and will be rewarded more for the quality of care than for the volume of patients they treat. While this is an improvement in patient care, the shift in healthcare management will have a ripple effect that will inject elements of complexity and uncertainty into the industry. Complexity has always been the enemy of good security practice and uncertainty can put a choke-hold on budgetary decision-making. Taken together, these two factors will impose a challenge to healthcare leadership on security improvements and decisions supporting healthcare institutions and clinics.
So how complex has the healthcare environment become?
- The ACA is forcing a steady move away from sick care to “wellness and disease prevention.” Since sick care revolves around hospitals, cutbacks in the construction of new hospitals are becoming a statewide and national issue. This is good for health care but could lead to hospital budget cuts.
- New Medicare recipients bring reams of new paperwork. Many state programs comprise several managed-care organizations with varying plans, forms, and rules for pre-authorizations. There are more Medicare patients and more temporary enhanced reimbursement rates for certain primary-care services.
- On January 1, 2015, the “Paying Physicians Based on Value Not Volume” provision went into effect. This provision ties payments to the quality of care provided. Healthcare organizations are responding with expansion of storefront medical care centers affiliated with hospital systems. According to Sandy Baker from Trusted Choice Independent Insurance Agents – doctors, nurses, and hospitals may be affected by the following factors:
- Development of Accountable Care Organizations which bring together several small physician practices into a larger organization.
- Required changes to electronic records are very expensive for organizations with a high number of patient records.
- Medicare payments will be withheld from hospitals that see too many patients returning within 30 days of discharge for specific ailments, such as pneumonia and heart attacks.
- Healthcare mergers to minimize costs and streamline efficiencies.
- Increased weight on clinical outcomes and patient satisfaction surveys.
Healthcare organizations must get fit or die. While the full impact of ACA has yet to be determined, many healthcare organizations are tightening the purse strings in preparation. Security department budgets will likely be among the victims of these cuts. Forward-thinking organizations will look for increased efficiencies and will take a more streamlined approach to security. Organizations should pay particular attention to the following elements:
Strategic Planning As healthcare shifts towards smaller clinics and urgent care facilities, the need for a program-wide strategic plan increases. Programs that are an assemblage of unconnected bits and pieces are a recipe for disaster in security incidents, liability exposure, and budgetary control. For larger organizations, a holistic approach to security is a necessity. While the doctors who own a clinic bearing a hospital’s name may want to keep their costs down and ignore proper access control, alarm, and records security; a breach at that clinic will affect the business reputation of the hospital system as a whole. And this could bring unwanted regulatory scrutiny on the parent hospital.
Metrics When budgets are tight, performance measurement becomes even more important. Using metrics to validate the effectiveness of a security program helps the Security Director account for and defend his or her budget through measurable results.
Common Design Standards As organizations improve their electronic security, they often find that the “as-built” plans on existing systems are non-existent, poor, or not to any single standard (each contractor uses a different “as-built” standard). The greater the level of integration of electronic security systems, the greater the need for common design standards across an organization.
Security Policy All aspects of the security program should be aligned with policy and driven by the mission of the organization. The first question for every decision should be, “What is the policy on this and how will the organization benefit?” Organizations should perform a comprehensive security policy review to determine where the gaps lie. The policy review should be performed as part of a comprehensive risk analysis. Risk drives policy and policy drives the program.
Despite industry and regulatory changes, the burden of liability and security risk that are part and parcel of an institutional healthcare facility will not change. Addressing security requirements smartly and efficiently will ultimately allow management to balance tighter budgets with the need to maintain effective security standards in a changing industry environment.