Top 5 Challenges In Healthcare Compliance and Risk

New and Changing Healthcare Laws

The Medicare Access and CHIP Reauthorization Act (MACRA), signed in 2015, went into law this year, mandating changes to Medicare reimbursement for physicians and reauthorizing health insurance funds for families with children.

The Affordable Care Act (ACA) remains on shaky ground, as tax reform promises to end the individual mandate, further cutting and destabilizing the program.

With looming uncertainties in healthcare laws, compliance officers, senior leadership and legal teams must be prepared to update or overhaul existing policies and procedures at a moment’s notice to capture new requirements, maintain compliance, and adapt to any fallout from a destabilized ACA — all without compromising patient care and safety.

Tax Reform

With new tax provisions going into effect in 2018, full audits and updates to current financial reporting systems are critical to keep up with the new information. Not only will there be new reporting requirements, in addition to the old ones, but changes to the tax code may also bring about modifications to reimbursement models, increase the number of uninsured patients, and create other risks to revenue that will leave healthcare organizations scrambling to rewrite policies and plans to minimize the damage.


General Data Protection Regulations (GDPR)

Data protection (or lack thereof) was a major theme in 2017, and it will continue to be in the years to come as organizations everywhere are tasked with increasing safeguards to protected health information.


For healthcare providers, protecting against the misuse or theft of patient information is a serious concern—one that requires an even higher standard of protection for sensitive healthcare, genetic, and biometric data.


The European Union has led the charge by approving the GDPR in 2016 (enforcement date May 25, 2018).  It’s just a matter of time before the U.S. follows suit and implements a similar set of more stringent regulations for personal healthcare information.


Healthcare organizations’ IT departments will have to work diligently to ensure all patient data as well as healthcare organization data are compliant with current standards and regulations, while being prepared to up the ante as new GDPR-driven benchmarks make their way stateside.

Intelligent Technologies

Machine learning and AI (artificial intelligence) are making inroads into patient care, with the promise of improved outcomes and lowered healthcare costs. At the same time, IoT technologies, like connected machines and personal health monitors, are proliferating, making it easier than ever to input and access data from anywhere and on multiple devices.


But like any new technology, the groundbreaking capabilities introduce a whole host of unanswered questions around data management, security, and analytics. In particular, IT departments are going to have to figure out how to effectively and efficiently incorporate these technologies into existing ecosystems. At the same time, their compliance and legal counterparts are determining how these new technologies will affect their organization’s ability to maintain established standards for data collection, patient care, and addressing ethical concerns.


Like data protection, cybersecurity will be another recurring topic for 2018. With the healthcare industry a continual target of cyberattacks, the consequences of data breaches extend beyond the reputations of healthcare providers to financial bottom lines.


Yet, most organizations don’t spend nearly enough time or resources on comprehensive cybersecurity measures. Threats like ransomware, employee negligence, a growing demand for medical records in the black market, and device-dependent healthcare lacking adequate security pose potentially existential risks for healthcare providers if they’re not properly addressed.


To minimize the risks, healthcare providers need to invest in information experts who understand the intersection of medical devices, software, and regulations, and can also regularly educate staff on the latest threats and best practices.