What Risk Managers Can Learn From the Health Care Industry

The COVID-19 pandemic had the silver lining of accelerating the digital transformation of countless industries, and as the dust settles over health care’s own evolution, risk managers will need to navigate an ever-more complex web of challenges to enable the path forward.

We believe it was harder prior to the pandemic’s disruption to imagine the sort of health care landscape that research and advisory firm Gartner® is projecting in just a few short years. By 2025, 40% of healthcare providers will shift 20% of hospital beds to the patient’s home through digitally enabled hospital-at-home services, improving patient experience and outcomes and reducing the cost of care.

Supporting this delivery model will be technologies that not long ago were relatively uncommon – think of the biometric sensors many of us now wear every day in the form of a smartwatch. Where a video appointment with a primary care physician was once rare, it increased 38-fold from a pre-COVID-19 baseline by February 2021, according to research published by McKinsey & Company.

Yet the business risks intrinsic to these evolving health care delivery models, fueled by the expansion of operations to new technologies and third-party relationships, are also profound. Fifteen of the top 20 life science organizations will lose a combined $10 billion in revenue due to digitalization-related cybersecurity issues by 2025, Gartner projected.

As we see in NAVEX’s work helping our customers manage IT and third-party risk, the pitfalls intrinsic to health care’s increasingly interconnected business models will require serious vigilance from risk professionals. Silos are not going to work – to enable the coming evolution, risk managers will need visibility into the whole organization.

Some of this transition to a new paradigm for at-home care delivery is already in place – with a business model to back it up. According to Gartner, by August of last year, more than 140 health care providers across 32 states had received approval from the Centers for Medicare and Medicaid Services to obtain reimbursement for eligible patients treated in their own home.

Higher Stakes – Risk in the Health Care Industry

It’s not just at-home care that is opening new avenues for risk. Like many industries, health care organizations face boundless pressure to decide whether a business function, sometimes invisible to the consumer, should go in-house or be outsourced through a third-party relationship. The average modern hospital relies on more than 1,300 external vendors, according to the Ponemon Institute, and it’s worth noting that many third-party vendors will have their own third parties, sometimes known as “fourth parties.”

Health care regulators can also extend compliance requirements to those third parties, requiring health care organizations to ensure their partners are compliant on an ongoing basis.

More organizations are using purpose-built software to assess risk across these relationships. NAVEX’s 2021 Definitive Risk and Compliance Benchmark Report showed that 57 percent of risk and compliance programs used such a mechanism, up from the 44 percent and 46 percent of the prior two years.

“Risk” in the health care world can have a deeper societal meaning than business risk. A rural hospital struggling to stay afloat economically is still a major community asset whose risk implications for an individual could literally mean life or death. Gartner made an ominous assessment in its strategic planning assumptions around health care outcomes for 2023 – a lack of virtual health care access such as telehealth appointments will contribute to 5 percent of global deaths due to disease.

Some of that projection stems from the fact that not all people have access to robust internet connectivity. Yet it is necessary that providers are able to deliver such service in the first place, and in a sense, risk managers charged with enabling the digital transformation of health care by managing third-party and IT risk can be seen as playing an integral role in community health.

The Complexity Continues

Gartner also assumes that, by 2025, a digital commerce and marketplace platform will connect one in five consumers, payers and providers.

This expected consolidation of consumer experience will require more health care delivery organizations to forge partnerships, even with rivals, to compete. These relationships will require a large amount of trust and vetting of third-party relationships.

Whether or not your organization is in the health care realm, the lessons of managing risk in this essential industry provide great insight into best practices for enabling digital transformation over the next few years. NAVEX is pleased to provide this Gartner research to readers, available here.

For more information about managing IT and third-party risks, download the

Definitive Guide to IT Risk Management and Third-Party Risk Management

Gartner, Predicts 2022: Connections Drive Healthcare and Life Science Business Model Change, 18 November 2021, Pooja Singh, Barry Runyon Et Al.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Diversity & Inclusion: Being Aware and a Part of Change

On the one-year anniversary of Juneteenth being recognized as a national holiday, it is a fitting time to re-open the discussion of the history, how people and communities celebrate it, and the significance of this day to all Americans. 

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Your Questions, Answered Pt. 1: ESG Standards – The Road Ahead

Recently, NAVEX hosted the webinar, “ESG Standards: The Road Ahead”, where ESG experts discussed what organizations should prepare for when standardized disclosure takes effect. This post is the first installment dedicated to answering your questions from the session.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.