Beverly B. Wallace

Multisite shared services organizations can strengthen business continuity planning and capability. They also afford providers a unique opportunity to mitigate risk in the event of a disaster or a disruption in operations.

At a Glance

A multisite shared services organization, combined with a robust business continuity plan, provides infrastructure and redundancies that mitigate risk for hospital CFOs. These structures can position providers to do the following:

  • Move essential operations out of a disaster impact zone, if necessary  
  • Allow resources to focus on immediate patient care needs  
  • Take advantage of economies of scale in temporary staffing  
  • Leverage technology  
  • Share in investments in disaster preparedness and business continuity solutions  

The concept of shared services has been adopted by many private and public organizations as a way of streamlining operations and service delivery and to control costs. A strategy incorporated by Fortune 500 companies and smaller organizations, it involves the centralization of administrative functions-such as finance, payroll, purchasing, and IT-that might otherwise have been performed in separate divisions or locations.

The healthcare industry has been slow to adopt the shared services business model, largely because many hospitals and health systems lack the technological expertise and the cultural buy-in to support the delivery of business functions from an external shared services organization (SSO). However, as an increasing number of hospitals and health systems acquire enterprise-wide resource planning systems, they are considering the shared services approach for business support activities.

The shared services model can be an attractive option for healthcare organizations because it liberates healthcare leaders from day-to-day nonclinical operations and allows provider teams to concentrate on patient care. This structure allows the management team to focus on performance, service delivery, and quality to take their organizations to the next level. From a financial perspective, shared services can generate benefits for healthcare organizations through process redesign, improved cash flow, reduced costs, enhanced accuracy of financial statements and controls, and supply chain operating efficiencies, to name a few. Such efficiencies allow CFOs to function more strategically as they concentrate their efforts on managing capital spending, growing volume, reining in supply costs, and scrutinizing their organizations' investment portfolios.

Here, leaders of the Shared Services Group of Hospital Corporation of America (HCA) provide insight on the potential for shared services to mitigate the risk associated with disasters or major disruptive events, as well as the role of the healthcare CFO in working with an SSO. They also share best practices for business continuity planning, based on their years of experience in operating an SSO.

SSOs: Taking a Closer Look

When it comes to business continuity planning,a shared services approach can be particularly beneficial.

An SSO operating at multiple locations on standard IT platforms with standardized processes has the capability to seamlessly transition critical financial processes (e.g., patient scheduling and payroll) as well as processing of transactions (e.g., purchasing/accounts payable) to an alternate location with minimal effort. This can be accomplished through a plan that focuses on system redundancies and documented system recovery plans. Documented system recovery plans are used to ensure that systems, applications, and processes can be restored in order of importance. For instance, primary financial functions, such as registration, scheduling, billing, cash posting, and payroll, would be restored first. Restoration of second-tier functions, such as payment discrepancy management, could then follow.

When an organization is faced with a disaster scenario-whether a fire or flood, a natural disaster such as a hurricane or a tornado, an act of bioterrorism, a gas leak, or an IT systems failure-the ability to seamlessly transition critical processes to an alternate location with minimal effort can prove invaluable. The extent of the disruption of business operations will be the factor that dictates the nature, scope, and timing of the response. Disruptions can range from minimal to major, and plans should be developed to deal with a variety of disaster scenarios and varying levels of severity. If a disaster causes disruption for weeks (think Hurricane Katrina), resources can become drained and put stress on facility teams and leaders. Providers should develop solutions that can be sustained over an extended period, including the option to relocate certain operations to another site.

A multisite SSO gives providers the ability to move and conduct business processes from the area impacted by the disaster to another location as necessary. In this way, having an SSO model expands the size and scope of resources that providers can leverage in times of crisis. A multisite SSO can reach across the country to find and relocate the services, staff, and products needed to restore and maintain key business functions quickly.

An SSO structure also enables an organization to support processes from an offsite location over the long term. For example, an SSO prioritizes the steps in the revenue cycle process that are most critical for maintaining cash flow and customer service (such as billing and posting of cash, either electronically or in a lock box). The secondary and tertiary processes-those that do not necessarily drive the bulk of cash (e.g., checking claim status, following up on underpaid accounts), but are necessary to keep the provider whole and to make accounting robust and clean-can be restored later.

An effective response requires having the right people with the right skill sets in place to respond to the needs of facilities. A standardized, well-documented business process model with downtime procedures allows business to be transitioned without disruption. Business recovery plans for key systems with expected recovery times are essential. So is a communications network to support top-down as well as bottom-up exchanges of information.

Supply chain. The three key elements of supply chain continuity planning are people, processes, and technology. An SSO creates multiple centralized supply chain locations with redundancies, so that the responsibility for placing orders and paying bills for medical items, food, pharmaceuticals, and other products can be transitioned from the SSO location in a disaster impact zone to another SSO location. The organization can then more easily procure and ship equipment, supplies, and security personnel from unaffected locations into the disaster zone.

During a disaster, the SSO will be responsible not only for processing transactions on behalf of its customer hospitals, but also for supporting the nontraditional needs of the hospitals that experienced the disaster, such as the need for sourcing fuel, bottled water, generators, and helicopters. The SSO's dedicated organizational structure can draw upon resources throughout the organization to augment or backfill employees in the affected region. This structure provides the command and control that can coordinate various logistical needs on behalf of the hospitals.

Staffing. Ideally, business continuity planning will identify how staff would be deployed or hired on short notice in the immediate aftermath of a disaster (such as a hurricane) while minimizing costs. A multisite SSO accomplishes these objectives by deploying staff from existing pools and applying economies of scale in negotiations with national staffing vendors, thereby benefiting from leveraged buying opportunities and volume discounting.

By establishing an incident command center, an SSO can oversee disaster response and recovery. The command center will identify the most immediate staffing needs and bring in backup staff as quickly as possible.

By prescreening staff credentials, an SSO can ensure compliance with various regulatory agencies and protect providers from incurring financial penalties under Medicare. A sophisticated web-based credentialing platform tracks all temporary labor against a predetermined list of credentials to be sure they meet a facility's requirements for quality patient care. The billing process is handled through that platform, so bills cannot be generated for services that are provided by a noncredentialed temporary staff member.

HCA's SSO audits 100 percent of the invoices from vendors for staffing services and corrects billing errors. According to studies conducted by HCA in the past, about 2 percent of invoices for staffing contain some kind of error. Some of these invoices go unpaid due to inaccurate information.

The Role of the CFO

Healthcare CFOs should have business continuity plans that align with their organizations' profiles and capabilities. However, because individual providers have limited size and scope, healthcare CFOs often are unable to access a wider range of resources to support an emergency need. An SSO may provide an option to help a CFO improve organizational performance and compliance and build an environment that will mitigate future risks.

CFOs are ultimately responsible for financial operations even in a disaster, so they need to feel confident that the SSO has their organizations' best interests at heart. The CFO should meet with the SSO team, review the business continuity plan, and weigh in on the decisions that are being made. The CFO should be sure the plan addresses priorities if a disaster or disruptive event prevents the facility or one of the SSOs that serve the facility from becoming operational. The CFO should make sure he or she understands the multisite SSO plan for shifting work during disaster situations. It is important that both the SSO and facility plans be integrated, with clear delineation of roles and responsibilities.

To make the most of the relationship with the SSO, the CFO should identify the business processes that have first-, second- and third-level priorities and understand timelines for recovery. The CFO should understand what services need to be transitioned to other locations and what constitutes an acceptable amount of down time.

The CFO should expect to have the SSO test real-life scenarios that could potentially affect his or her facility, then collaboratively assess the results with SSO representatives. Disaster drills should be integrated between the SSO and the facilities. Afterward, the organization's leaders should ask themselves the following questions:

  • Where did we have our bases covered?
  • Where did we experience problems?
  • What did we learn?
  • What adjustments should be made to the plan?

The CFO can then work with the SSO to cover gaps in recovery. In the area of payroll, for example, the CFO should make sure that the SSO:

  • Develops and tests an alternate time capture mechanism
  • Tests transition of the actual payroll processing activities to an alternate site
  • Considers and tests the payroll funding process in the plan, and has an alternate bank ready to fund payroll in the event the existing bank is subject to a disaster
  • Tests the delivery of manual checks using an alternate carrier
  • Can print checks and check stubs from an alternate location (To mitigate issues surrounding paycheck delivery, use of an electronic delivery system, including direct deposit and electronic pay statements, should be considered.)

The CFO's review of the SSO should include periodic system recovery tests to examine the SSO's data restoration capabilities. Any issues that are encountered during these tests should be dealt with and corrected by the SSO. The CFO also should examine the SSO's dependency on third-party vendors and the vendors' plans in the event of a disaster.

In summary, the SSO should be able to demonstrate to the CFO the full extent of the business continuity plan, the analysis of any gaps revealed during drills, and what can be done to eliminate them.

How a CFO Can Help Ensure Business Continuity

The primary role of the CFO in examining an SSO is to challenge the SSO to ensure that, together, the healthcare organization's administrative operations will be maintained to the fullest extent possible, even when faced with a multiweek disaster or a temporary disruption. It is up to the CFO to ensure that his or her organization has a robust business continuity plan that works with the SSO. Staff for the healthcare organization and its SSO should be educated and trained on the plan, with frequent drills conducted to test for weaknesses that should be addressed. Each key role should have back-up staff identified and fully trained.

Taking the time to carefully develop a business continuity plan, and to incorporate it into the SSO, will help to ensure an effective response in times of need-and a transition of services that can be accomplished with as little disruption as possible.

Beverly B. Wallace is president, HCA's Shared Services Group, Nashville, Tenn.; president,Parallon Business Solutions, an HCA-owned shared services company, Nashville; and a member of HFMA's Tennessee Chapter (

About Hospital Corporation of America
Hospital Corporation of America (HCA) provides healthcare services to more than 160 hospitals, 100 outpatient centers, and shared services organizations in 20 states. HCA's Shared Services Group provides a variety of centralized or regional services for all of HCA's facilities.

Beverly Wallace has been the president of HCA's Shared Services Group since 2001. She is responsible for divisions such as revenue cycle management, payroll, purchasing and supply chain, credentialing, health information management, and in-house clinical staffing.

The following HCA leaders contributed insight to this article:

Shannon Dauchot, COO, HCA's Shared Services Division (

Ed Jones, COO, HCA's HealthTrust Purchasing Group (

Kelly Kirchhoff, a director, HCA's Shared Services Division (

Anthony Pentangelo, COO, HCA's All About Staffing organization (

Larry Tatum, CFO, HCA's Shared Services Division (

Developing a Communications Plan that Supports Business Continuity  

A healthcare organization's business continuity plan could include the following means of communication:

  • An electronic communication system for notifying leadership, managers, and employees about an evolving situation and for providing periodic updates
  • A designated call-in number for staff to receive updates on the situation
  • A manual call list in the event of an electronic communications failure
  • An employee emergency helpline to provide information regarding benefits, payroll, and more during an emergency and to facilitate connection to a representative for assistance, as needed
  • A website to provide relevant information during and after a disaster
  • Predefined, event-based scripting to assist incoming call center representatives when receiving calls from patients

Key Elements of a Business Continuity Plan
An effective business continuity plan should be:

  • Embraced by the business owner of daily operations
  • Documented for each business process
  • Developed with key roles defined and assigned with back-up resources
  • Reviewed, tested periodically, and revised as needed
  • Used to train employees in reacting to disaster scenarios and restoring business operations
  • Developed to include plans for critical vendor partners
  • Located offsite and accessible from any Internet connection 

Publication Date: Friday, July 01, 2011

Login Required

If you are an existing member, please log in below. Username and password are required.



Forgot User Name?
Forgot Password?

If you are not an HFMA member and would like to access portions of our content for 30 days, please fill out the following.

First Name:

Last Name:


   Become an HFMA member instead