Case Study: Humana Tackles Compliance Early and Often

Ah, compliance. Regulation comes in many shapes and sizes. And though it has been with us for hundreds of years, it seems that every new wave of government oversight sends even the most organized and scrupulous companies scrambling for cover. Somehow, they never see it coming.

"Our clients call us because the pain and the cost and the inability to meet all of their obligations is, in a sense, a perfect storm," says Alex Fowler, a director in IT risk and compliance at PricewaterhouseCoopers. A perfect storm that hits every decade or so, and lasts for years at a time.

But it doesn't have to be this way. Some companies, believe it or not, have learned to live with compliance on an ongoing basis, incorporating the costly and time-consuming tasks associated with regulation into their very business models. These organizations view the most recent wave of regulation as merely a continuation of an endless string of government demands; they see compliance as not just a necessary evil, but as an internal business benefit and a selling point to customers. Humana Inc., the $14 billion, Louisville, Ky.-based healthcare firm, is one of them.

While other firms gripe about the financial impact Sarbanes-Oxley is having on their bottom lines, falling all over themselves to explain the difficulties of compliance to shareholders and regulators, Humana's president and CEO, Mike McAllister said in a recent interview, "As things have heated up over the last two years, there hasn't been a major change at Humana—because compliance was part of our corporate culture already."

Humana, with 9.3 million medical members in all 50 states and Puerto Rico, has adhered to a litany of federal, state and local regulations for decades, including Medicare, state insurance requirements, accreditation such as the National Committee for Quality Assurance and the Utilization Review Accreditation Commission, and TriCare (which provides healthcare for the Department of Defense). And when the federal government rolled out the most onerous piece of healthcare regulation in recent years—the Health Insurance Portability and Accountability Act, or HIPAA—Humana tackled the challenges early and often. By comparison, SOX has been a walk in the park.

"Don't get me wrong. We had to do a lot of work to make sure we were compliant," says Humana CIO Bruce Goodman. "But it wasn't like, 'Oh my god, it's the end of the world.'"

Indeed, Humana faced some problems in meeting the HIPAA requirements. But because of an organizational structure that incorporates compliance into every part of the business, and a corporate culture that constantly reminds employees at all levels to be aware of regulations, the company had a far easier time than most. The model Humana has developed is one that any company could achieve, if they would just stop kicking and screaming long enough to figure it out. Essentially, Humana is speaking to us from the future, where regulation is accepted as a fact of life, adopted into business operations, and occasionally even used as a competitive advantage. As futures go, that's not such a bad place to be.

Story Guide:

Sidebar: The Cost of Compliance

Next page: Compliance Inc.

Next: ' Compliance Inc' >>

test

>>> More Case Studies Articles          >>> More By Michael Fitzgerald