Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

How SOA can help Transformation

Undoubtedly, today’s business leaders face myriad challenges ranging from fierce market competition to increasing market unpredictability. In addition, the modern consumer is more informed and in control of what, where and how they purchase. Couple these challenges with effects of globalization, and you will appreciate that need for business transformation is more of a necessity than a privilege.

As recent business trends show, top companies are characterized by organizational and operational agility. Instead of being shaken by rapid technological changes and aftershocks associated with market changes, they are actually invigorated by these trends. In order to survive in these turbulent times, business leaders are opting to implement corporate transformation initiatives to develop leaner, more agile and productive operations. In line with this, service oriented architecture (SOA) has emerged as an essential IT transformation approach for implementing sustainable business agility.

By definition, service oriented architecture is a set of principles and techniques for developing and designing software in form of business functionalities. SOA allows users to compile together large parts of functionality to create ad hoc service software entirely from the template software. This is why it is preferred by CIOs that are looking to develop business agility. It breaks down business operations into functional components (referred to as services) that can be easily and economically merged and reused in applicable scenarios to meet evolving business needs. This enhances overall efficiency, and improves organizational interconnectivity.

SOA identifies shortcomings of traditional IT transformation approaches that were framed in monolithic and vertical silos all dependent on isolated business units. The current business environment requires that individual business units should be capable of supporting multiple types of users, multiple communication channels and multiple lines of business. In addition, it has to be flexible enough to adapt to changing market needs. In case one is running a global business enterprise, SOA-enabled business transformation can assist in achieving sustainable agility and productivity through a globally integrated IT platform. SOA realizes its IT and business benefits by adopting a design and analyzing methodology when developing services. In this sense a service consists of an independent business unit of functionality that is only available through a defined interface. Services can either be in the form of nano-enterprises or mega-enterprises.

Furthermore, with SOA an organization can adopt a holistic approach to solve a problem. This is because the business has more control over its functions. SOA frees the organization from constraints attributed to having a rigid single use application that is intricately meshed into a fragmented information technology infrastructure. Companies that have adopted service oriented architecture as their IT transformation approach, can easily repurpose, reorganize and rescale services on demand in order to develop new business processes that are adaptable to changes in the business environment. In addition, it enables companies to upgrade and enhance their existing systems without incurring huge costs associated with ‘rip and replace’ IT projects.

In summary, SOA can be termed as the cornerstone of modern IT transformation initiatives. If properly implemented great benefits and a sharp competitive advantage can be achieved. SOA assists in transforming existing disparate and unconnected processes and applications into reusable services; creating an avenue where services can be rapidly reassembled and developed to support market changes.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Large scale corporate transformation

Large scale corporate transformation are the necessary actions required to increase performance in an organisation. It leads to greater performance results and greater organisational growth. It is a lasting change and can range from getting new leaders to combining the functions of different departments. It can also involve the introduction of a new phase in the life of an organisation. Large scale corporate transformation can be measured using three variables. The first variable involves determining how deep the change penetrates to all levels of the organisation. The second variable measures how entrenched it becomes in the organisation while the third measure determines the percentage of the organisation covered in the change.

Corporate transformation is essential for a company that seeks to have a greater impact and a longer life in its business sector. The process requires time and resources. The whole establishment needs to support it for success. Not only does the top management need to back it, but stockholders and staff members also need to buy the idea. This is because when the process of corporate transformation hits a barrier, it will take the entire organisation to keep it on course and complete the process. Without the support of everyone, most organisations will not complete the process.

Business transformation in recent times has begun to combine finance, HR and IT departments into one functioning piece of an organisation. This has resulted in leaner, faster, and more efficient corporate entities that produce high results and has a greater impact in its overall functioning. These three key departments are the backbone of any organisation, and the combination of the three creates an efficient organisation that translates into high performance results.

One crucial aspect of large scale corporate transformation is IT transformation, which entails the entire overhaul of any organisation’s technology systems. It adopts a more efficient platform that enhances its overall operation. IT transformation involves the use of Service Oriented Architecture (SOA) and open systems. This process is the revamping of the existing technology used to support the organisation and is critical for aligning the business functions to the mission of the organization. It touches on the current hardware and software and how they can best be improved upon for greater results. This process is necessary in the entire business transformation.

The question that needs to be addressed is how any organisation can make this process successful. First, it requires the understanding that it is not just a goal to be achieved, but a new way of thinking embraced by the entire organisation. Secondly, the leadership in place needs to be fully involved and dedicated to the process and to realise that it takes time and effort to complete such a mission. There also needs to be flexibility and adaptability in order to learn from mistakes and keep moving forward. Constant communication is also critical to ensure that everyone involved understands the current stage and the next steps to be done. Change is the only constant and is necessary for progress and success.

Succeed at Transformation

Despite the pomp and fanfare associated with launching corporate transformation programs, in reality very few of them succeed. According to a recent report by McKinsey the success rate is pegged below 40%. In addition, the same research indicates that defensive transformations – those undertaken as part of crisis management – have lower chances of success than progressive ones – those launched to streamline operations and foster growth. However, adopting certain strategies, like setting clear and high goals, and maintaining energy and engagement throughout the implementation phase, can really boost the project’s success rate. A key aspect of business transformation is IT transformation. This can be attributed to the fact that significant business change is either driven or influenced by technological change.

So what is IT Transformation?

IT transformation is basically a holistic reorganisation of the existing technological infrastructure that supports the company’s mission critical functions. In essence, IT transformation is not all about effecting change for the sake of change but involves systematic steps that align IT systems to business functions. To appreciate this approach, it is important to explore current trends in the business world where human resource, finance and IT transformations are being carried out in unison. This is being done to develop strong corporate centres that are leaner, agile and more productive that enhance greater synergies across all business functions.

IT transformation inevitably results in major changes of the information system’s technology, involving both hardware and software components of the system, the architecture of the system, the manner in which data is structured or accessed, IT control and command governance, and the components supporting the system. From this scope of works it is evident that IT transformation is a huge project that requires proper planning and implementation in order to succeed.

Tips to Improve Success in IT transformations Projects

1. Focus on Benefits not Functionality

The project plan should be more focused on benefits that can be accrued if the system is implemented successfully rather than system functionality. The benefits should be in line with business goals, for instance cost reduction and value addition. The emphasis should be on the envisaged benefits which are defined and outlined during the project authorisation. The business benefits outlined should be clear, feasible, compelling and quantifiable. Measures should be put in place to ensure that the benefits are clearly linked to the new system functionality.

2. Adopt a Multiple Release Approach

Typically most IT projects are planned with focus on a big launch date set in years to come. This approach is highly favoured because it simplifies stakeholder expectation management and avoids the complexity associated with multiple incremental releases. However, this approach misses the benefit of getting early critical feedback on functioning of the system. In addition, the long lead times often result in changes in project scope and loss of critical team members and stakeholders. IT transformation projects should be planned to deliver discrete portions of functionality in several releases. The benefit of multiple release approach is that it reduces project risks and most importantly allows earlier lessons learnt to be incorporated in future releases.

3. Capacity of the Organisation to confront Change

As pointed out, IT transformations result in significant changes in business operations and functions. Hence it is important that all business stakeholders should be reading from the same script in regards to changes expected. In addition, key stakeholders should be involved in crucial project stages and their feedback incorporated to ensure that the system is not only functional but business focused.