Insurance Overview
Requirements Addressed
Solution Capabilities
HIPAA/HITECH Privacy Breach Management
HIPAA Compliance Audits
MIC Audit Management
Resource Center
view a product demo
Request a Live, Personal Demo
visit the effective compliance resource center
visit the third party risk management resource center

To learn more or
request a personal demo:
Tel: 678.992.0262
Fax: 678.992.0266
contact us

Sample Customers

 

Insurance - Requirements Addressed

The Compliance 360 online solution for insurance organizations reduces the overhead and risks of regulatory compliance and governance, enabling increased focus on the core business of providing quality plans and services and creating shareholder value.  With over 100,000 active users, Compliance 360 is one of the most widely used compliance, risk and governance solutions in the insurance industries today.  Key insurance industry requirements addressed by Compliance 360 include:

Compliance with State Regulations

Insurance companies face the challenge of unique, varying regulations among the 50 states, in addition to separate Federal mandates.  As a result of this complex regulatory environment, many insurance companies today continue to address regulatory compliance in a highly reactive mode.  Without the right tools in place, insurance executives are often unaware of compliance problems until they are faced with a market conduct examination or audit, or complaints from providers and policy holders.  The obvious risks include penalties, fines, litigation and potential negative media coverage.

How can Compliance 360 help?

With Compliance 360, insurance companies organize all relevant statutes and regulations and link them to the corresponding policies, procedures, surveys and remediation plans to construct their evidence of compliance.  With our content partners including LexisNexis, Clear Market Practices and others, we help insurance companies keep abreast of newly proposed laws and regulations as well as newly enacted laws.

The system allows insurance companies to manage all facets of compliance and audit management within the framework of their overall corporate governance and risk management initiatives.  The collaborative tools from Compliance 360 enable proactive demonstration of corporate governance and risk management initiatives by automating processes associated with assessing and monitoring risk, managing the risk response strategy, linking risk management data to compliance activities and providing a comprehensive view of all risk-related activities through an executive dashboard. Finance, audit and risk management professionals have the ability to organize and manage projects across the organization, document audit tasks and audit findings, track issues, manage remediation tasks, and record resulting actions.

Market Conduct Examinations

Market conduct examinations harbor significant risks for most insurance companies because of the regulator’s focus on the business practices of insurers (and their producers) as well as the demand for evidence of compliance with all legal and regulatory statutes.  In some cases, market conduct examinations include a look-back period of three to four years and even more. This delayed timing can pose a challenge to the insurance company due to staff turnover, acquisitions and document retrieval.  Regardless of the circumstances precipitating a market conduct examination, the outcome of a market conduct examination is generally expected to be more positive for the insurance companies that are organized and responsive, providing easy access and thorough, accurate data, throughout the process.   

How can Compliance 360 help?

In numerous situations, Compliance 360 has been proven to help insurance companies weather the storm of a market conduct examination and minimize the risk of sanctions and fines, as well as the severity of corrective action plans.  With Compliance 360, insurance companies are always prepared for the market conduct examination with detailed evidence of compliance, policies and standard procedures.  The exclusive Virtual Evidence Room® provides an audit-ready state with all policies, procedures, surveys attestations and remediation plans, linked back to their corresponding regulations. With full audit capabilities, insurance companies can easily identify the governing regulations for any historical point in time and the status of all the corresponding evidence of compliance.  Should the market conduct examination result in sanctions with a corrective action plan, Compliance 360 can be used to help implement the plan and streamline the monitoring and reporting of adherence to the plan.

Management of Corrective Action Plans

Corrective Action Plans imposed as a result of market conduct examinations can be very complex, creating significant cost burdens.  The format of corrective action plans can also vary widely from state to state creating challenges for organizations seeking to standardize their operations as much as possible..   

How can Compliance 360 help?

Corrective action plans are required to effectively manage the findings of market conduct examinations or other audits.  Assigning, assessing and tracking the requirements manually is virtually impractical and simply adds to the risk of missed requirements.  With Compliance 360, insurance companies can centrally manage their Corrective Action Plans.  To manage the internal process of implementing the corrective action plan, insurance companies can sort reports by responsible parties and give each individual access to the relevant sections.  Responses to regulatory inquiries can be provided immediately and confidently with thorough, accurate information tracked within Compliance 360 to reduce the risk of additional sanctions and speed the corrective action process to a rapid conclusion.

Fraud, Waste and Abuse

For companies that provide benefits to Medicare and Medicaid recipients, the risk of fraud, waste and abuse violations has increased.  The OIG and the state Inspectors General across the country have stepped up their audit and inspection efforts to root out fraud and abuse in these government programs. The financial incentives for whistle-blowers (qui tam witnesses), can create a very compelling motive and necessitates the establishment of preventative and response measures for insurance companies.  Improving the management and overall outcomes of fraud, waste and abuse claims now harbors a significant financial advantage for most insurance companies.

How can Compliance 360 help?

Compliance 360 is often used by insurance organizations to help build and foster a culture of trust and compliance.  The system is used first and foremost to ensure that all employees and third party partners are policies related to fraud, waste and abuse.  The system is also used to encourage potential whistle-blowers to report suspected issues internally. 

With the Incident Management capabilities of Compliance 360, insurance companies can centrally manage the investigation of all types of fraud, waste and abuse claims.  All information compiled for each investigation is centrally stored in Compliance 360.  The investigative process is streamlined by dynamically routing the incident to the appropriate person based on the type of incident and the stage of the investigation.   Additionally the Incident Management system  has a complete audit trail of actions and signoffs for accountability.

Sensitive investigation data is secured for each business unit, with secure, central access provided to corporate Regulatory Assurance individuals for identifying issues that may be broader in nature, impacting multiple business units.  This capability allows insurance companies to leverage the power of their entire organization while selectively promoting best practices among various business units as desired.

NAIC Model Audit Rule

The Sarbanes-Oxley Act of 2002 has precipitated the most sweeping changes to financial reporting, corporate governance, and regulatory environment for public companies since the Securities Act of 1933 and 1934. The failure of internal controls, especially those relating to financial reporting, is among the specific concerns addressed by the Act.  The National Association of Insurance Commissioners (NAIC) has amended its Model Regulation, requiring annual audited financial statements to include Sarbanes-Oxley Act requirements. The amendments relate to auditor independence, corporate governance, and internal control over financial reporting.  With an increased emphasis on regulatory compliance in today’s market, compliance failures with NAIC regulations are likely to result in reduced enterprise risk management (ERM) ratings and possibly reduced bond scores with the ratings agencies. 

How can Compliance 360 help?

Compliance 360’s SOX solution is an integrated part of the complete compliance platform that helps insurance companies ensure compliance with the NAIC Model Audit regulations.  With this solution, insurance companies can manage internal controls for financial reporting while integrating all aspects of SOX compliance such as controls monitoring and testing, documentation, risk evaluation and measurement and monitoring with the enterprise governance, risk and compliance strategy.

Code of Conduct Management

The code of conduct is one of the most elementary components of any compliance program in the insurance industries.  Yet, in today’s climate with mergers and partnerships creating dispersed, virtual organizations comprised of in-office employees, work-at-home employees, contractors, agents and other business partners, the dissemination and verification of the code of conduct can be surprisingly difficult.  This increased difficulty, however, doesn’t lessen the regulatory requirements.  Most insurance companies must be able to disseminate their code of conduct to all relevant parties annually and confirm their individual understanding as well as investigate and remediate any conflicts of interest that are identified.  Managing this process manually through e-mail and spreadsheets is commonly attempted, and is fraught with costly overhead and risk of errors and omissions.

How can Compliance 360 help?

Compliance 360 supports the entire process of managing the code of conduct as well as policy and procedure attestations, including the dissemination to all relevant individuals and the verification of all attestations.  Compliance 360 performs the verification automatically, and can immediately identify issues requiring further investigation.  This capability has been proven to save significant amounts of time and cost by Compliance 360 customers.  The unique Virtual Evidence Room® is also used to gather attestations and remediation plans needed to streamline operational audits and accreditation projects.

Vendor and 3rd-Party Risks

State and Federal regulators and auditors are now very focused on compliance programs related to vendors and third-party service providers (often called delegated entities or First Tier, Downstream, and Related Entities “FDR’s”). Today many insurance organizations are not adequately overseeing their business partners and verifying their compliance with state and federal regulations.  Although your business partners may only be held accountable indirectly, you are ultimately responsible for compliance gaps that may exist within your network of business partners.  Establishing and communicating policies is not enough. You must be able to show that the policies are effectively practiced by your business partners too.

How can Compliance 360 help?

Using Policy Management capabilities of Compliance 360, you can store, distribute and manage your vendor management policies and procedures. With Contracts Management and integrated workflow, you can automate collaboration, establish paths for approval routes and keep everyone on track for timely revisions, reviews and renewals. You can also automate the monitoring of contracts to ensure adherence and maintain an audit trail of all contract revisions. Through the Surveys capability, you can collect attestations of compliance to specific policies and regulations with your third-party contractors and vendors, just as you would with your employees. The system is also used to identify compliance gaps and conflicts of interest, as well as manage the remediation process. Finally, Compliance 360 allows you to perform detailed assessments of your vendor management program to ensure it is meeting both internal and regulatory goals and ensure that you have substantial evidence of a strong 3rd-party compliance program to support regulatory audits and inspections.

Learn More about Third Party Risk Management with Compliance 360

Quality Programs & Accreditation (NCQA and URAC)

The accreditation process, designed to help employers and consumers distinguish health plans based on scored quality metrics, represents both opportunity and risk for health plans.  With so much at stake, the process generally requires a significant commitment and attention to ensure success.  Because accreditations are broad reaching in nature, the entire organization must be aligned with accountability and tasks assigned and managed with a common goal of on-time, quality completion. 

How can Compliance 360 help?

Ideally, the accreditation process is a by-product of a comprehensive compliance and governance program.  By managing to federal, state and your own governance standards, the documents and processes required by the accreditation processes are readily available and associated with the accreditation standards and guidelines.  The project management capabilities of Compliance 360 are ideally suited to help manage the accreditation process.  With built in workflow, accountability is easily assigned and individual tasks are tracked.  The remediation of any issues identified is also facilitated by the system with status reports helping managers and executives monitor the status.  With Compliance 360, health plan providers use the Virtual Evidence Room™ to collect and review all documents needed for accreditation as well as facilitating the transfer and final submission of those documents to the accreditation agencies.  This method provides an audit trail and easy access to identify and review any documents that are questioned after the submission.  The system also facilitates central monitoring by the corporate accreditation department for all accreditation submissions, either from a central corporate group or from any individual health care plan.  With Compliance 360, the entire process is streamlined, predictable and auditable.  Many Compliance 360 customers have earned “Excellent” accreditation ratings.

OCR HIPAA Compliance Audits

Starting in 2012, the HHS Office for Civil Rights (OCR) is piloting a program to perform as many as 150 audits of covered entities to assess privacy and security compliance as mandated under the HITECH Act. The audits will be focused on assessing whether each covered entity: (1) has comprehensive policies and procedures that address critical requirements of the HIPAA Privacy and Security Rules; and (2) has implemented these policies and procedures through routine operations in a manner consistent with the Rules.

When you consider the myriad of tasks, projects and assessments that an organization must undertake to ensure an effective HIPAA compliance program, you are likely navigating through multiple, independent IT solutions and manual processes including: policy development, incident reporting, employee surveys, policy acknowledgements and risk assessments. Even if fully automated, staff must still expend enormous effort to tie all aspects together to document evidence of your overall HIPAA compliance efforts.

How can Compliance 360 help?

Compliance 360 offers a proven, web-based framework allowing you to collaboratively manage your HIPAA/HITECH Act compliance initiatives including HIPAA Audits and HITECH Privacy Breach Management using a single, integrated solution. You can identify the various provisions, show the policies developed to address the provisions, document any risk assessments performed, as well as tie employee training, relevant documents, incident reporting and other remediation efforts back to the individual HIPAA/HITECH Act compliance requirements within an easily accessible, Virtual Evidence Room. With Contract Management, you can efficiently achieve the oversight of business associate agreements. Through email integration, the vast majority of users are not even required to log into Compliance 360 to collaborate on policy initiatives, investigate and remediate incidents or participate in compliance.

CMS Managed Care Compliance Assessments

In July 2011, CMS created their Compliance Program Effectiveness Self-Assessment Questionnaire for organizations that participate in the Medicare Advantage (MA) and Prescription Drug Benefit (PDP) programs.  This tool is designed to help these organizations evaluate and report on the effectiveness of their Medicare Compliance Programs.

How can Compliance 360 help?

We have incorporated the CMS Compliance Program Effectiveness Self-Assessment Questionnaire into the Compliance 360 system to automate the management, assessment and reporting process.  The system includes the assessment questions defined in each of the seven element categories as well as the additional questions from the “Measuring Effectiveness of Your Compliance Program” section.  

At any time, online dashboards and reports show the overall compliance status with all completed and open tasks, task owners, due dates, etc.  The CCO can view their overall compliance status at any time, and receive alerts regarding any critical tasks that are overdue.

Click Here to learn more and request access to an on-demand demonstration of the CMS Compliance Program Effectiveness Self-Assessment Questionnaire automated in Compliance 360.

OIG Work Plan

The OIG Work Plan, in many cases, serves as the bedrock for health plan compliance programs.  Released each fiscal year by The Office of Inspector General of the Department of Health and Human Services (OIG), the Work Plan gives health plan providers visibility into the issues that will receive particular attention from the OIG and provides the necessary guidance to address the related requirements.  The Work Plan also serves as a roadmap to future government enforcement activity.  The OIG Work Plan is an invaluable tool that enables health plans to prioritize risk, focus efforts, and create effective compliance programs.

How can Compliance 360 help?

Compliance 360 provides a single, integrated platform to help health plan organizations manage complex industry requirements.  Compliance 360 provides clients with a content repository, consisting of most healthcare laws, regulations, standards and guidelines.  The OIG Work Plan, along with many other regulatory items, is stored and maintained in Compliance 360’s Content Library for easy retrieval, access, and evaluation.  Compliance 360’s content workflow engine enables organizations to route content to the appropriate people, build custom risk assessments, prioritize risk and identify compliance shortfalls related to the OIG Work Plan, and create and manage the appropriate policies & procedures affected by the OIG’s guidance.  Risk Assessments can be routed to employees via email for easy completion, with Compliance 360 calculating the risk exposure and action plans necessary to remediate any gaps.  In addition to identifying key actions required by the OIG Work Plan, Compliance 360 has a single repository for all documentation of compliance, called the Virtual Evidence Room®.  All activities and documentation are directly linked to the OIG Work Plan and other requirements to demonstrate real-time proof of compliance in an easily accessible view for internal & external audits.  The Virtual Evidence Room creates an audit-ready environment and links key policies, incidents, projects, contracts, risk assessments, reports, and surveys back to the OIG Work Plan.  In addition, custom reports and dashboards can be designed to monitor compliance with the OIG Work Plan and other regulations.

OIG Corporate Integrity Agreement (CIA)

The imposition of a Corporate Integrity Agreement (CIA) from the Office of the Inspector General (OIG) on any healthcare provider or health plan that participates in one of the federal healthcare programs, generally creates significant risk and compliance overhead.  These corporate integrity agreements (CIA) generally last for 5 years and include specific compliance stipulations that must be enacted within specified time frames which are often as short as 90 days.  These stipulations frequently include verifiable code of conduct attestations and training certifications from all “covered persons” (employees, contractors and vendors) as well as verifiable distribution of relevant policies and procedures to all appropriate covered persons.  Corporate Integrity Agreements (CIA) also frequently mandate specific claims review criteria and reporting of the findings as well as the establishment of processes for managing and reporting on “Reportable Events” that might be criminal or fraudulent in nature.  

How can Compliance 360 help?

With little time to react and comply with the mandates of a corporate integrity agreement (CIA), insurance companies must move quickly and thoroughly to avoid the risk of losing the revenue from a federal healthcare program.  Compliance 360 has been proven to be very effective in its ability to help manage corporate integrity agreements (CIA) to a successful conclusion.  The system can be up and running in as little as 60 days and supports the entire process of managing the code of conduct and policy and procedure attestations, including the dissemination to all covered persons and the verification of all attestations as well as the remediation of any issues that arise during the process.  The unique Virtual Evidence Room® serves as the collection point for all relevant data and reports needed by the OIG.  Some customers even choose to provide online access for the OIG, directly to their Virtual Evidence Room to eliminate the laborious task of compiling and submitting reports manually.  This approach demonstrates a cooperative, transparent approach, akin to sharing the accounting books with a financial auditor.       

The Incident Management capabilities of Compliance 360 are also particularly useful in compliance with the “Reportable Events” stipulations of a corporate integrity agreement (CIA). The Incident Management system collects, stores, and allows departmental personnel to collaborate on compliance-related incident information and track the progress of investigations.  All incident information can be included in reports and graphically represented to demonstrate trends and correlations.  Compliance managers will frequently use this area for audit committee meetings and board meeting presentations.  These same reports and trends are highly useful in compliance with a corporate integrity agreement (CIA).

Medicare Part D Compliance

The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) established a new voluntary prescription drug benefit for Medicare beneficiaries under Part D of the Medicare program.  As part of the final requirements implementing the Part D program, Prescription Drug Plans and Medicare Advantage-PDs are required to develop and implement compliance plans, including specific compliance programs focusing on detecting and preventing fraud and abuse in the Medicare prescription drug program.

Effective January 1, 2011, Prescription Drug Plans and Medicare Advantage-PDs are required adopt and implement an "effective" compliance program.

How can Compliance 360 help?

Implementing and demonstrating compliance with the CMS requirements for Medicare Part D can be challenging.  Compliance 360 provides numerous solutions to specifically support health insurers in meeting this compliance challenge.  These solutions include: the storage of all Part D requirements, facilitation of auditing and monitoring, organization and linking of relevant policies and procedures and preparation for audits. The automation of the CMS Compliance Program Effectiveness Self-Assessment Questionnaire in Compliance 360 provides a powerful tool for demonstrating compliance program effectiveness. Learn more

Learn More

To learn how leading insurance companies are using Compliance 360 to minimize their compliance overhead and risks, and how you can be doing the same, Contact Us today.





Home | Solutions | Industries | Resources | News & Events | Company | Privacy | Terms of Use | Contact Us
Copyright © 2001-2012 Compliance 360, Inc. All Rights Reserved.
website by Surface Interactive