CASE STUDY
MetricStream
Customer
A MAJOR HEALTH INSURANCE PROVIDER IN THE
UNITED STATES
Benefits
Improved enterprise efficiency
Complete workflow automation by MetricStream
Solution, its integrated architecture and systematic,
guided workflows helped the company to eradicate
repetitive processes, unnecessary steps, and duplica-
tion of work. The saved time and effort was chan-
nelized to other high-priority activities, contributing
greatly to the overall increase in the efficiency and
productivity of the enterprise.
Streamlined compliance and issue management
MetricStream Solution has provided a single point of
reference for a number of complex and intertwined
processes and brought together compliance, internal
audit and issue management initiatives. The solution
has thus integrated and streamlined these processes
at enterprise level.
A BLUECROSS BLUESHIELD ASSOCIATE ACHIEVES SUPERIOR
COMPLIANCE, AUDIT AND ISSUE MANAGEMENT
Customer
The customer is a large independent non-profit organization providing health plans to organizations
and individuals.
Headquartered in the USA, the company provides health plan coverage and cost-effective, quality
healthcare benefits to approximately millions of members and thousands of customer companies.
The company is one of the largest health benefit plan organizations.
Overview
As one of the foremost health insurance providers in the US, the company values and promotes
integrity, honesty and ethics in the business it does. It is of paramount importance to the company to
follow the highest levels of industry standards for business practices, confidentiality, professionalism
and compliance with federal, state and local laws and regulations such as Medicare and Medicaid
Compliance, Code of Conduct, Office of Inspector General Corporate Integrity Agreements (OIG CIA),
Health Insurance Portability and Accountability Act (HIPAA). It is through complete compliance to all
the applicable regulations and assured safety that the company establishes trust and ongoing relation-
ships with members and corporates it serves.
With the turbulent changes brought in by the health care reform in the United States and with the
momentous passage of the Patient Protection and Affordable Care Act (PPACA), health plan provid-
ers undergo a transformation in terms of claims payment, health care delivery, accountability and
corporate policies.
Many health insurance providers are stepping up their Governance, Risk and Compliance (GRC)
programs to manage and streamline audits and ensure compliance with numerous regulatory require-
ments and mandates. Several health plan companies, including some of the largest affiliates of BCBS,
have been taking decisive steps to be on top of the rapidly changing regulatory landscape.
Challenges
Lack of integrated compliance management model
The company utilized in-house systems to maintain an enterprise-wide policy and procedure system,
to handle change management, internal and external audits as well as associated business processes
and reports tracking. However, this technology lacked the sophistication to completely integrate and
manage end-to-end compliance and audit procedures across departments and lines of business.
Need to increase productivity
The staff at the company was spending an excessive amount of time and effort on policy and proce-
dure management, compliance and issue management owing to the gaps in the existing compliance
model. Repetitive processes and duplication of work were contributing to lower productivity of the
staff. As a result, important business objectives were not receiving the deserved attention.
Changing stipulations of compliance
Health care in the United States has undergone a dramatic change resulting in higher responsibility,
sharper focus on policy holders, more stringent and ever-changing quality and compliance demands.
The company was finding it challenging to comply with these stipulations, reduce risk and maintain
quality.
MetricStream
Solution
The company needed a central system with a highly flexible GRC software architecture for managing
its compliance and audit programs as well as for supporting its regulatory commitments.

MetricStream was selected as the preferred solution provider on the basis of its holistic approach to
compliance, audit and issue management. MetricStream’s comprehensive functional capabilities and
advanced technical capabilities to map the company’s requirements were other pillars of the selection
process.

MetricStream delivered to the company an integrated and robust audit, compliance and issue man-
agement system, implemented at a single location for several thousand users.

MetricStream’s compliance, audit and issue management system

The solution is a comprehensive, Web-based application deployed on MetricStream GRC Platform and
provides a common framework and an integrated approach to manage all compliance, audit and issue
management requirements of the organization.

MetricStream’s platform supports the company’s organizational model across all the business units
and departments, as well as their mapping to different roles and reporting relationships. The portal
views are based on the user’s profile and organizational mapping. The application provides a role-
based portal access with options required for initiating actions, responding to events, assigning tasks,
viewing reports and dashboards, limited to user roles. The architecture allows handling transitions and
organizational changes such as acquisitions and mergers.

The application facilitates generation of packaged executive reports. Ad hoc or customized reports can
also be configured. Alerts and notifications are generated using emails and task assignments. Flexible
rules for escalation and color-coding are configured for risk scores, due dates and time limits.

“MetricStream’s solution has helped us reinforce our compliance initiatives as well as

restructure our audit programs. The risk transparency and amalgamation of enterprise-wide
processes has contributed to our objective of total compliance and has eliminated all flaws
in audit and issue management initiatives,” articulates the spokesperson of the company.

Compliance management
MetricStream Solution provides a common framework and an integrated approach to manage HIPAA
compliance and other CMS regulatory requirements faced by the company. With MetricStream Solu-
tion, the company can ensure complete compliance not only with health insurance-specific mandates,
but also with cross-industry mandates such as the Sarbanes-Oxley Act, PCI, FCPA and several others.
The solution helps the company create and maintain a centralized compliance management struc-
ture that includes processes and assets in scope, risks, controls, policies and procedures, reporting
requirements, schedules and filing templates.

The solution also facilitates the required transparency for the identification and tracking of all compli-
ance issues using advanced functionalities such as risk heat maps, control monitoring and compliance
dashboards. Issues that are identified are either automatically resolved or routed to the appropriate
personnel for remediation action.

MetricStream Solution also captures and collates requirements and regulatory information, industry
guidance, national governance, laws and regulations on a central platform. The compliance managers
at the company can access an exhaustive compliance library within the application, identify relevant
regulations, document specific requirements for the organization, and define a monitoring process to
comply with requirements.

Issue management
MetricStream Solution enables the company to identify and rectify discrepancies, gaps, coding errors
and other issues related to audits as well as enterprise wide issues.

The system assigns a unique ID to each issue which makes it easy to track the issue across review
stages. Issues are categorized based on predefined criteria and detailed information about each issue
is provided.
MetricStream
Why MetricStream
The company selected MetricStream for this engage-
ment based on the following value points:
MetricStream has implemented GRC solutions for a
number of organizations affiliated to BCBS in diverse
geographical locations, proving its expertise in the
health insurance sector.
MetricStream is a comprehensive and integrated
technology solution for compliance, audit and issue
management processes – precisely what the com-
pany was looking for.
MetricStream platform possesses abilities to
completely support the company’s functional require-
ments related to information architecture, compliance
frameworks, documentation workflows and reporting
abilities.
MetricStream has the ability to support large organi-
zations and meet their IT requirements in the areas of
integration, configurability, scalability and security.
For more information, visit
www.metricstream.com
Copyright 2011. All Rights Reserved.
Failure investigations are conducted to determine the root cause of the issue. The investigation is con-
ducted using collaborative workflows and investigative tasks are assigned to appropriate individuals.
Remedial action is facilitated by automatic alerts and notifications which are sent to the appropriate
personnel. Corrective action is initiated and the case closes when the action plan is implemented.
Policies and procedures management
MetricStream policy and procedure management solution provides a flexible framework to streamline
the creation and management of policies and procedures in line with applicable regulations. This
aspect of the solution helps the company encourage accountability and communication within its
compliance teams.
The solution has introduced an electronic and automated approach to the development, maintenance,
and communication of policies and procedures across the enterprise.
The solution provides a central repository to store and organize policies and procedure documents. In-
tegrated collaboration and workflow tools can be used to access, create, modify, review, and approve
policy and procedure documents globally in a controlled manner.
Built-in tools support policy implementation, acceptance, exception tracking and mapping of policies
to compliance requirements. The detailed analytics and reporting capability with graphical dashboards
tracks each policy from origin to obsolescence, giving managers complete visibility into the system.
MetricStream solution enables the company to integrate policies and procedures with the compliance,
risk and control framework. At each section and sub-section of the policy, risks and controls can be
linked.
Audit management
MetricStream audit management solution helped the company’s audit schedulers to create and
maintain an audit schedule in a logical structure and hierarchy with detailed audit templates required
for different departments and teams.
Audits can be scheduled periodically or on an ad-hoc basis for internal departments, processes and
projects. Based on the master audit calendar, the scheduler can select a team of auditors and assign
the audit responsibility with a due date. In case of any change in the audit dates, automatic notifica-
tions are sent to the auditors as well as the entity to be audited and reasons for the modification are
recorded. Relevant personnel can view the complete schedule of audits for the selected period.
Auditors can define checklists and tasks that need to be performed for audit. Checklists can also be
downloaded and used offline with the MetricStream Offline Briefcase option. Auditors can confirm
the audit assignment and completion of audit and record audit results indicating conformance or non-
conformance.
The solution allows the auditors to attach additional documents relevant to the audit, create an
outstanding action items list, allocate each item to a resource, record agreed completion date and
additional comments. The solution supports tracking of action items and flagging critical failures.
Automatic alerts are sent to relevant departments when audit results are posted. The automated
workflow engine tracks the implementation of audit recommendations to complete the audit.
The solution maintains a complete record of management review meetings such as meeting sched-
ules, meeting handouts, minutes of the meeting and tasks.
Reporting capabilities
The company is able to generate report summary information for pass rates and dates, audit rates
and dates, review rates and dates using standard sets. Detailed reports can be obtained for sequential
detailed information on policies, procedures, audits, corrective action plans and change requests.
Managers at the company can generate and view interactive reports with an ability to drill down for
oversight. The ad hoc reporting capability of the application includes a user-friendly interface with tips,
hints and tutorials. Reports are presented in a way that is easily comprehensible to different levels of
audiences.