Skip Navigation Links
Products and Services
Partner Community

Insurance Requirements Addressed

Compliance 360 – Insurance Requirements Addressed

The Compliance 360 online solution for insurance organizations reduces the overhead and risks of regulatory compliance and governance, enabling increased focus on the core business of providing quality plans and services and creating shareholder value. With over 100,000 active users, Compliance 360 is one of the most widely used compliance, risk and governance solutions in the insurance industries today. Key insurance industry requirements addressed by Compliance 360 include:

Compliance with State Regulations

Insurance companies face the challenge of unique, varying regulations among the 50 states, in addition to separate Federal mandates. As a result of this complex regulatory environment, many insurance companies today continue to address regulatory compliance in a highly reactive mode. Without the right tools in place, insurance executives are often unaware of compliance problems until they are faced with a market conduct examination or audit, or complaints from providers and policy holders. The obvious risks include penalties, fines, litigation and potential negative media coverage.

How can Compliance 360 help?

With Compliance 360, insurance companies organize all relevant statutes and regulations and link them to the corresponding policies, procedures, surveys and remediation plans to construct their evidence of compliance. With our content partners including LexisNexis, Clear Market Practices and others, we help insurance companies keep abreast of newly proposed laws and regulations as well as newly enacted laws.

The system allows insurance companies to manage all facets of compliance and audit management within the framework of their overall corporate governance and risk management initiatives. The collaborative tools from Compliance 360 enable proactive demonstration of corporate governance and risk management initiatives by automating processes associated with assessing and monitoring risk, managing the risk response strategy, linking risk management data to compliance activities and providing a comprehensive view of all risk-related activities through an executive dashboard. Finance, audit and risk management professionals have the ability to organize and manage projects across the organization, document audit tasks and audit findings, track issues, manage remediation tasks, and record resulting actions.

Market Conduct Examinations

Market conduct examinations harbor significant risks for most insurance companies because of the regulator’s focus on the business practices of insurers (and their producers) as well as the demand for evidence of compliance with all legal and regulatory statutes. In some cases, market conduct examinations include a look-back period of three to four years and even more. This delayed timing can pose a challenge to the insurance company due to staff turnover, acquisitions and document retrieval. Regardless of the circumstances precipitating a market conduct examination, the outcome of a market conduct examination is generally expected to be more positive for the insurance companies that are organized and responsive, providing easy access and thorough, accurate data, throughout the process.

How can Compliance 360 help?

In numerous situations, Compliance 360 has been proven to help insurance companies weather the storm of a market conduct examination and minimize the risk of sanctions and fines, as well as the severity of corrective action plans. With Compliance 360, insurance companies are always prepared for the market conduct examination with detailed evidence of compliance, policies and standard procedures. The exclusive Virtual Evidence Room® provides an audit-ready state with all policies, procedures, surveys attestations and remediation plans, linked back to their corresponding regulations. With full audit capabilities, insurance companies can easily identify the governing regulations for any historical point in time and the status of all the corresponding evidence of compliance. Should the market conduct examination result in sanctions with a corrective action plan, Compliance 360 can be used to help implement the plan and streamline the monitoring and reporting of adherence to the plan.

Management of Corrective Action Plans

Corrective Action Plans imposed as a result of market conduct examinations can be very complex, creating significant cost burdens. The format of corrective action plans can also vary widely from state to state creating challenges for organizations seeking to standardize their operations as much as possible.

How can Compliance 360 help?

Corrective action plans are required to effectively manage the findings of market conduct examinations or other audits. Assigning, assessing and tracking the requirements manually is virtually impractical and simply adds to the risk of missed requirements. With Compliance 360, insurance companies can centrally manage their Corrective Action Plans. To manage the internal process of implementing the corrective action plan, insurance companies can sort reports by responsible parties and give each individual access to the relevant sections. Responses to regulatory inquiries can be provided immediately and confidently with thorough, accurate information tracked within Compliance 360 to reduce the risk of additional sanctions and speed the corrective action process to a rapid conclusion.

Fraud, Waste and Abuse

For companies that provide benefits to Medicare and Medicaid recipients, the risk of fraud, waste and abuse violations has increased. The OIG and the state Inspectors General across the country have stepped up their audit and inspection efforts to root out fraud and abuse in these government programs. The financial incentives for whistle-blowers (qui tam witnesses), can create a very compelling motive and necessitates the establishment of preventative and response measures for insurance companies. Improving the management and overall outcomes of fraud, waste and abuse claims now harbors a significant financial advantage for most insurance companies.

How can Compliance 360 help?

Compliance 360 is often used by insurance organizations to help build and foster a culture of trust and compliance. The system is used first and foremost to ensure that all employees and third party partners are policies related to fraud, waste and abuse. The system is also used to encourage potential whistle-blowers to report suspected issues internally.

With the Incident Management capabilities of Compliance 360, insurance companies can centrally manage the investigation of all types of fraud, waste and abuse claims. All information compiled for each investigation is centrally stored in Compliance 360. The investigative process is streamlined by dynamically routing the incident to the appropriate person based on the type of incident and the stage of the investigation. Additionally the Incident Management system has a complete audit trail of actions and sign-offs for accountability.

Sensitive investigation data is secured for each business unit, with secure, central access provided to corporate Regulatory Assurance individuals for identifying issues that may be broader in nature, impacting multiple business units. This capability allows insurance companies to leverage the power of their entire organization while selectively promoting best practices among various business units as desired.

NAIC Model Audit Rule

The Sarbanes-Oxley Act of 2002 has precipitated the most sweeping changes to financial reporting, corporate governance, and regulatory environment for public companies since the Securities Act of 1933 and 1934. The failure of internal controls, especially those relating to financial reporting, is among the specific concerns addressed by the Act. The National Association of Insurance Commissioners (NAIC) has amended its Model Regulation, requiring annual audited financial statements to include Sarbanes-Oxley Act requirements. The amendments relate to auditor independence, corporate governance, and internal control over financial reporting. With an increased emphasis on regulatory compliance in today’s market, compliance failures with NAIC regulations are likely to result in reduced enterprise risk management (ERM) ratings and possibly reduced bond scores with the ratings agencies.

How can Compliance 360 help?

Compliance 360’s SOX solution is an integrated part of the complete compliance platform that helps insurance companies ensure compliance with the NAIC Model Audit regulations. With this solution, insurance companies can manage internal controls for financial reporting while integrating all aspects of SOX compliance such as controls monitoring and testing, documentation, risk evaluation and measurement and monitoring with the enterprise governance, risk and compliance strategy.

Code of Conduct Management

The Code of Conduct is one of the most elementary components of any compliance program in the insurance industries. Yet, in today’s climate with mergers and partnerships creating dispersed, virtual organizations comprised of in-office employees, work-at-home employees, contractors, agents and other business partners, the dissemination and verification of the Code of Conduct can be surprisingly difficult. This increased difficulty, however, doesn’t lessen the regulatory requirements. Most insurance companies must be able to disseminate their Code of Conduct to all relevant parties annually and confirm their individual understanding as well as investigate and remediate any conflicts of interest that are identified. Managing this process manually through e-mail and spreadsheets is commonly attempted, and is fraught with costly overhead and risk of errors and omissions.

How can Compliance 360 help?

Compliance 360 supports the entire process of managing the code of conduct as well as policy and procedure attestations, including the dissemination to all relevant individuals and the verification of all attestations. Compliance 360 performs the verification automatically, and can immediately identify issues requiring further investigation. This capability has been proven to save significant amounts of time and cost by Compliance 360 customers. The unique Virtual Evidence Room® is also used to gather attestations and remediation plans needed to streamline operational audits and accreditation projects.

Vendor and 3rd-Party Risks

State and Federal regulators and auditors are now very focused on compliance programs related to vendors and third-party service providers (often called delegated entities or First Tier, Downstream, and Related Entities “FDR’s”). Today many insurance organizations are not adequately overseeing their business partners and verifying their compliance with state and federal regulations. Although your business partners may only be held accountable indirectly, you are ultimately responsible for compliance gaps that may exist within your network of business partners. Establishing and communicating policies is not enough. You must be able to show that the policies are effectively practiced by your business partners too.

How can Compliance 360 help?

Using Policy Management capabilities of Compliance 360, you can store, distribute and manage your vendor management policies and procedures. With Contracts Management and integrated workflow, you can automate collaboration, establish paths for approval routes and keep everyone on track for timely revisions, reviews and renewals. You can also automate the monitoring of contracts to ensure adherence and maintain an audit trail of all contract revisions. Through the Surveys capability, you can collect attestations of compliance to specific policies and regulations with your third-party contractors and vendors, just as you would with your employees. The system is also used to identify compliance gaps and conflicts of interest, as well as manage the remediation process. Finally, Compliance 360 allows you to perform detailed assessments of your vendor management program to ensure it is meeting both internal and regulatory goals and ensure that you have substantial evidence of a strong 3rd-party compliance program to support regulatory audits and inspections. Learn More about Third Party Risk Management with Compliance 360.

Quality Programs & Accreditation (NCQA and URAC)

The accreditation process, designed to help employers and consumers distinguish health plans based on scored quality metrics, represents both opportunity and risk for health plans. With so much at stake, the process generally requires a significant commitment and attention to ensure success. Because accreditations are broad reaching in nature, the entire organization must be aligned with accountability and tasks assigned and managed with a common goal of on-time, quality completion.

How can Compliance 360 help?

Ideally, the accreditation process is a by-product of a comprehensive compliance and governance program. By managing to federal, state and your own governance standards, the documents and processes required by the accreditation processes are readily available and associated with the accreditation standards and guidelines. The project management capabilities of Compliance 360 are ideally suited to help manage the accreditation process. With built in workflow, accountability is easily assigned and individual tasks are tracked. The remediation of any issues identified is also facilitated by the system with status reports helping managers and executives monitor the status. With Compliance 360, health plan providers use the Virtual Evidence Room™ to collect and review all documents needed for accreditation as well as facilitating the transfer and final submission of those documents to the accreditation agencies. This method provides an audit trail and easy access to identify and review any documents that are questioned after the submission. The system also facilitates central monitoring by the corporate accreditation department for all accreditation submissions, either from a central corporate group or from any individual health care plan. With Compliance 360, the entire process is streamlined, predictable and auditable. Many Compliance 360 customers have earned “Excellent” accreditation ratings.

OCR HIPAA Compliance Audits

Starting in 2012, the HHS Office for Civil Rights (OCR) is piloting a program to perform as many as 150 audits of covered entities to assess privacy and security compliance as mandated under the HITECH Act. The audits will be focused on assessing whether each covered entity: (1) has comprehensive policies and procedures that address critical requirements of the HIPAA Privacy and Security Rules; and (2) has implemented these policies and procedures through routine operations in a manner consistent with the Rules.

When you consider the myriad of tasks, projects and assessments that an organization must undertake to ensure an effective HIPAA compliance program, you are likely navigating through multiple, independent IT solutions and manual processes including: policy development, incident reporting, employee surveys, policy acknowledgements and risk assessments. Even if fully automated, staff must still expend enormous effort to tie all aspects together to document evidence of your overall HIPAA compliance efforts.

How can Compliance 360 help?

Compliance 360 offers a proven, web-based framework allowing you to collaboratively manage your HIPAA/HITECH Act compliance initiatives including HITECH Privacy Breach Management, a single, integrated solution. You can identify the various provisions, show the policies developed to address the provisions, document any risk assessments performed, as well as tie employee training, relevant documents, incident reporting and other remediation efforts back to the individual HIPAA/HITECH Act compliance requirements within an easily accessible Virtual Evidence Room. With Contract Management, you can efficiently achieve the oversight of business associate agreements. Through email integration, the vast majority of users are not even required to log into Compliance 360 to collaborate on policy initiatives, investigate and remediate incidents or participate in compliance.

CMS Managed Care Compliance Assessments

In July 2011, CMS created their Compliance Program Effectiveness Self-Assessment Questionnaire for organizations that participate in the Medicare Advantage (MA) and Prescription Drug Benefit (PDP) programs. This tool is designed to help these organizations evaluate and report on the effectiveness of their Medicare Compliance Programs.

How can Compliance 360 help?

We have incorporated the CMS Compliance Program Effectiveness Self-Assessment Questionnaire into the Compliance 360 system to automate the management, assessment and reporting process. The system includes the assessment questions defined in each of the seven element categories as well as the additional questions from the “Measuring Effectiveness of Your Compliance Program” section.

At any time, online dashboards and reports show the overall compliance status with all completed and open tasks, task owners, due dates, etc. The CCO can view their overall compliance status at any time, and receive alerts regarding any critical tasks that are overdue. Click here to learn more.

Learn More

To learn how leading financial services organizations are using Compliance 360 to minimize their compliance overhead and risks, and how you can be doing the same, contact us today.

grc community

Learn & NetworkSAI Global GRC

News, insights, opinions, events, and resources of value to compliance, legal, risk, ethics and audit professionals in healthcare.

Compliance Management for Property and Casualty Insurance

On-Demand demonstration of Compliance 360Compliance 360 Compliance Management for Insurance

Learn how Compliance 360 is used to manage regulatory compliance requirements in property and casualty insurance.

Compliance Management for Health Insurance

On-Demand demonstration of Compliance 360Compliance 360 Compliance Management for Insurance

Learn how Compliance 360 is used to manage regulatory compliance requirements in health insurance.

Regulatory Change Management for Insurance Organizations

On-Demand demonstration of Compliance 360Compliance 360 Stark Compliance for Healthcare Providers

Learn how Compliance 360 is used to monitor and manage regulatory change affecting insurance organizations.

Complaint Management for Insurance Organizations

On-Demand demonstration of Compliance 360Compliance 360 Complaint Management for Insurance Organizations

Learn how Compliance 360 is used by insurance organizations to manage complaints.

CMS Managed Care Compliance Assessments in Compliance 360

On-Demand demonstration of Compliance 360Compliance 360 Complaint Management for Insurance Organizations

Learn how Compliance 360 is used to automate CMS Managed Care Compliance Assessments.

Managing Vendor Compliance and Third Party Risk

On-Demand demonstration of Compliance 360Compliance 360 Vendor Compliance and Third Party Risk

Learn how Compliance 360 is used to ensure vendor compliance and third party risk.