What do Sarbanes Oxley and HCAHPS have in common?
March 21, 2017
Most finance professionals can remember back to the mid-2000s when Sarbanes-Oxley (SOX) compliance was a hot topic, not just for public companies, but for many private ones that wanted to reduce risk. The fall of Enron impacted almost every finance department in some way, whether you legally had to change your processes around controls and segregation of duties, were previously using Arthur Andersen as your auditor, or decided to diversify your audit partner from your consulting partner.
Finance and security professionals at non-public companies, including those in healthcare, were generally recognizing that concepts like segregation of duties definitely had long-term expense implications. A nefarious employee, former employee, or hacker that gains access to a system they shouldn’t definitely could have downstream expense impacts. As such, enacting at least some form of SOX compliance was akin to buying an insurance policy. At the time, I had multiple healthcare clients adopt aspects of SOX despite no legal requirement to do so, with such endeavors being driven by both IT and finance departments.
I would argue that funding toward improving HCAHPS scores should not be simply viewed as a moonshot to additional revenue, but as a form of self-insurance, just like SOX compliance is viewed by non-public companies. For the past 25+ years, articles everywhere from the NY Times to scholarly journals have been correlating improved bedside manner to a reduction in malpractice lawsuits. Such lawsuits don't just negatively impact insurance expenses, but also the brand recognition that drives patients to your facilities.
In 2017, not being SOX-compliant could mean a rogue hacker or ex-employee gaining access to a single network account that has super-user access to multiple servers with HIPAA data on them. Audit and reparation expenses could be debilitating, while your brand equity could plummet. Similarly, continually training your providers toward the goal of higher HCAHPS scores could prevent a malpractice suit that otherwise could have notable insurance costs, besides a similar brand impact.
As such, I would argue that all healthcare organizations should be putting notable effort and funding into attaining higher HCAHPS scores. It is an efficient way to hit two sides of the all-important Cost/Quality/Outcome triangle at once, while at the same time potentially increasing revenue credits from CMS, and reducing risk to your brand. Plus, you get to positively influence the wellbeing of the people in your community. What’s better than that?
Chuck Whinney, Financial Strategy Director
- North America