Evolution is not always slow. It can happen in bursts as we have seen during COVID-19, when the evolution of risk in healthcare accelerated on all sides.
Even before COVID-19, the healthcare industry was primed for major transformation. But by redefining and intensifying the risks confronting healthcare organizations, the pandemic has made the need for transformation more apparent and more profound. And it has created an even greater need for effective enterprise risk management (ERM).
The factors that define risk in healthcare have markedly changed with the pandemic, and they are a key reason why executive resistance to change has no place on today’s leadership teams.
In some instances, there is new risk directly related to COVID-19, based on factors such as the pent-up demand for care to the decreased availability of skilled labor, the reduced capacity to perform elective procedures and the need for competencies in managing vaccine distribution.
In other instances, there is new risk indirectly related to the pandemic, including the shift in consumer healthcare preferences, increased demand for behavioral health, a stronger push for health equity and changes in payer mix.
These new risk factors have exposed a nerve, leaving organizations without an ERM strategy especially vulnerable to disruptors, more intense competition, deathly cyberattacks and demands for a more modern healthcare experience with the consumer at the center. The question for leaders is: “How should strategy evolve in this new era of healthcare, and do we have the agility to adjust course now and in the future?”
During a recent health system CFO roundtable, leaders discussed why these risks create an immediate need for their organizations to evaluate and update existing strategies and operations. In 2021, four areas of risk should be top of mind for leaders in setting a strategy to thrive in a post-COVID-19 era of healthcare and ensure future resiliency.
1. Digital health
The pandemic’s digital health disruption permanently changed care delivery, and the ripple effects are still being felt. Telehealth alone accounted for 20% of healthcare visits in 2020, with organizations experiencing a 154% rise in telehealth visits during the last week of March alone. A recent analysis found that an estimated $29 billion in healthcare services was tied to virtual visits in 2020 and predicted that, by 2023, telehealth’s share of healthcare spending could reach $106 billion.
But digital disruption is bigger than telehealth. Remote patient monitoring — a market valued at more than $956 million in 2020 — is projected to reach $4.1 billion by 2028. This phenomenon stems from increased demand for home care capabilities and the surge in patients suffering from conditions such as heart disease, diabetes and sleep disorders.
Digital enablement has become a table-stakes essential for both providers and health plans as more consumers expect a tech-enabled experience, with the ability to access specialty support — virtually and on demand — and out-of-the-box tools for managing care. Meanwhile, leading organizations are exploring the use of chatbots and other digital tools to boost efficiency in scheduling appointments, paying bills, receiving lab results and understanding care plans.
The move toward digital care forces leaders to consider whether they are overleveraging physical facility assets and what they should do to right-size in-person care to match current demand. It also is important to identify opportunities to lessen the risk of clinician burnout by pairing caregivers with the data they need to deliver the right care at the right time.
Unfortunately, advancements in digital tech also expose hospitals to higher levels of cybersecurity risk, as evidenced by an onslaught of ransomware attacks and a rise in healthcare data breaches in the second half of 2020. Today, healthcare organizations remain highly vulnerable to cyberattack, with some experts predicting at least twice as many data theft cases across industries in 2021. Facing this heightened cybersecurity risk, healthcare leaders must not only design their digital front door to engage health consumers, but also determine how to keep the resulting expanded data exchange secure in a post-COVID environment. The federal government will be taking a closer look at the security practices of healthcare organizations now that amendments to the HITECH Act have become law (HR 7898, Jan. 5, 2021).
2. More disruptors
COVID-19 propelled healthcare venture funding, with $17 billion invested in 2020, a record high. Low interest rates and continued interest in virtual and hybrid models of care that leverage both in-person and remote encounters have caused investments in telehealth, data analytics, mobile health apps and other digital health categories to grow to more than $12 billion (see the exhibit below).
Top venture capital-funded digital health categories in 2020 (dollars in millions)
The past year also bore a catalyst for innovation around Medicare Advantage (MA), with retailers and health tech startups viewing this population as a lucrative opportunity to gain a foothold in healthcare.
One differentiator these organizations rely on is the ability to leverage technology and data to engage seniors. Recent examples include Oscar Health, a health insurance tech startup that has partnered with MA plans to offer 24-hour access to virtual care and digital engagement, and Walmart, which partnered with insurtech company Clover Health, to offer MA plans to seniors in Georgia next year.
Well-capitalized disruption in healthcare is not new, but 2020 turned the heat up for disruption at a time when health systems’ ability to respond took a punch to the chest. Just as important: The market wants a transformational shift in care, which means strategic goals such as digital enablement and a more targeted access strategy must be moved to the top of an organization’s priority list.
In 2021, leaders should assess the extent to which their organization is exposed to disruption and how they can capitalize on, not just react to, disruptive forces in the market. They should also consider whether their organization is nimble enough to pivot away from a strategic plan developed prior to COVID-19 toward a more agile, adaptable roadmap. And they must determine whether their organization can respond to well-capitalized disruptors alone or whether partnerships with other organizations are necessary — and, if so, what those partnerships might look like.
3. Lack of agility
Leading through any crisis effectively is a critical component of healthcare leadership. Healthcare leaders have been tasked with bringing discipline to their organization during the pandemic while creating a foundation for innovation that prepares them for the “next normal” in healthcare. That’s no small feat. Moreover, risks are not always big and obvious. For example, year-end close processes and associated state tax responsibilities have been complicated for many organizations due to employees migrating to work-from-home environments across various departments.
Some executives may reasonably be questioning whether their organization is nimble enough to evolve during COVID-19.
Navigating risk in an environment forever changed by COVID-19 demands that leaders be both risk aware and risk-ready. It requires a culture that embraces ERM, where:
- Processes for identifying and monitoring enterprise risk are finely tuned
- Functions for risk response are highly aligned and coordinated
- Individuals with the right skillsets and experience execute the organization’s risk response
When seismic change occurs, yesterday’s models will not achieve the material impact that organizations need to thrive. The most agile organizations are characterized by a willingness to set aside pre-COVID-19 conceptions of success and make the investments needed to achieve a new vision more attuned to market realities emerging from the pandemic.
How can leaders determine whether their organizations lack agility to fine-tune their COVID-19 risk response? A 2020 survey says watching for the following characteristics is key
- Rigid resistance to change
- Lack of executive-level buy-in and support for risk management initiatives
- A mismatch between perception of risk and the resources devoted to mitigating risk
- Absence of a culture that accepts risk as part of everyday business
- Inability to bridge silos across the organization
4. Price Transparency
As of Jan. 1, hospitals face the requirement of posting not only their charges for 300 shoppable services, but also their negotiated rates per service and the cash price offered to self-pay patients. This never-before-seen level of visibility into hospital charges has drawn significant interest from consumers, payers and employers.
To date, compliance with the new federal price transparency rules has been spotty, with only 30% of hospitals complying, according to a February analysis Some hospitals have opted to hold off on sharing their rates until others in their market do the same. Some are posting rates for services without the corresponding procedural codes, making it difficult to compare across facilities.
But the biggest risk associated with price transparency isn’t the risk of being audited by the government for noncompliance, with a fine of up to $300 per day. In an environment where everyone knows how much care and services cost at each hospital, the impact on market dynamics will be substantial.
Competitors with lower rates and similar health outcomes will use the data to gain leverage in markets. Employers will create centers of excellence defined by base rates for services, giving employees incentives to use lower-cost providers. Payers, armed with price transparency data, will use the findings to drive down rates with higher-priced hospitals. The media, too, will look for large variances in rates per service, and the resulting coverage is certain to influence consumer sentiment.
The nation is in the early days of price transparency, and constituents have faced challenges in uncovering the data they need for analysis. But that day is coming. In this environment, leaders must consider: “What effect could payment compression have on our margin? And what steps should we take now to mitigate its impact?”
Leaders must examine not only their own data but also competitors’ data to evaluate trends and opportunities in their market. Assessing the ways they can lower the cost of care and pursue strategic pricing opportunities can protect their financial health.
The new ERM imperative for healthcare
The ERM model has long been deployed by organizations in the high-tech, manufacturing and energy industries. This model gives organizations a broad-based view of risk that supports a more strategic response. Even before the pandemic, more organizations were leaning toward ERM, with some creating committees devoted to risk oversight.
As healthcare leaders work to build their risk-management muscle while dealing with an already-complex set of challenges, now is a good time to incorporate ERM techniques that have been developed and honed both within the healthcare industry and by more volatile industries.a Doing so will help leaders combat economic and operational uncertainty while strengthening stability in an era of transformative change.
This will be a watershed year, with added pressure to maintain financial and operational stability, requiring a more holistic approach to identifying and responding to risk.
a The American Society for Health Care Risk Management provides a list of 20 questions for hospital boards to consider asking to assess their organization’s risk readiness on page 8 of its February 2020 report Enterprise Risk Management for Health Care Boards: Leveraging the Value.
6 benefits attributed to using the enterprise risk management approach
The benefits of a holistic approach to managing risk are numerous. According to a report by the Committee of Sponsoring Organizations of the Treadway Commission, organizations that adopt an effective enterprise risk management approach can experience the following benefits:a
- Increase the range of opportunities for the organization
- Identify and manage risk across the organization
- Increase positive outcomes and advantage while reducing negative surprise
- Reduce performance variability
- Improve resource deployment
- Enhance enterprise resilience
a COSO, Enterprise risk management integrating with strategy and performance: Executive summary, 2017.