Case Study: Humana Tackles Compliance Early and Often - ' Compliance Inc'
(
Page 2 of 8 )
.">
Compliance Inc.
A legacy of compliance is to be expected from a company founded by a pair of lawyers. Humana got its start in 1961, when two attorneys had an idea for a better way to run a nursing home, figuring they could provide more personalized care than was typically offered. Their firm went public in 1968 as a nursing-home operator called Extendicare, shifted to running hospitals in 1972, and changed its name to Humana in 1974. The company got into the benefit business in 1984; it was a natural offshoot of Humana's emergence as the nation's largest operator of hospitals at the time. Then, in 1993, Humana spun off the hospitals to focus exclusively on the benefits business.
Goodman joined Humana in 1999, coming over from the consultancy and systems integrator C2K Technology Partners, where he had been CEO. At the time, Humana had some compliance issues that were of a rather immediate nature: Y2K was front and center for every major company in the world. And while the Year 2000 bug failed to deliver on some very dire predictions, the effort Humana marshaled to deal with it produced a model for future compliance challenges.
To run its Y2K compliance projects Humana appointed a "tiger team." Originally a military term that has been co-opted by IT professionals, Humana's Y2K tiger team pulled together the relevant people from different departments to run critical projects with definite deadlines. In effect, the team became a project management office, analyzing the business problem that needed to be addressed, figuring out what work needed to be done and who would do it, and then managing the project throughout its lifetime. When Humana started gearing up for HIPAA, in early 2001, the company went back to the tiger team concept.
Passed in 1996, HIPAA is a broad piece of legislation designed to let Americans keep their health insurance if they change jobs or become unemployed. It also sets standards for the healthcare industry for such disparate concerns as patient health, data exchange and data privacy. HIPAA thus represents a blueprint for going digital for the entire healthcare industry. The law includes a series of compliance deadlines that began in 2003 and were staggered depending on the size of the organization involved.
To meet its compliance goals, Humana pulled together three tiger teams—one to ensure that electronic-data interchange met the standards established in HIPAA, one to handle the development of privacy policies and practices, and one to handle data security and make sure it complied with HIPAA guidelines. Then the company interlocked the teams by staffing them with people from a variety of departments: internal audit, compliance, privacy, security, EDI, legal, and service providers.
Overall, each tiger team consisted of roughly a dozen people who met weekly, and sometimes more frequently, depending on the immediacy of the issues at hand.
Story Guide:
Humana Tackles Compliance Early and Often
Compliance Inc.
New Security Director
IT's Role in Compliance
Good Corporate Hygiene
The Culture of Compliance
From Regulated To Heavily Regulated
Sidebar: The Cost of Compliance
Next page: New Security Director
test
Case Studies 
