Risk Management in Healthcare Outsourcing Services Research Paper

Introduction

Operations risk management is an area that has a significant impact on the strategic values of a healthcare service provider. The study engaged a qualitative research approach to investigate, for the purpose of better service delivery, how to manage operational risks that arise due to the outsourcing of IT services, and why such risks happen. It was established that healthcare service providers use different models to identify and plan for the best strategies to address operational risks.

In the context of managing operational risks, the outstanding risks that were identified include service level agreements, changes in pricing, changes in the relationship with the vendor, hardware and software changes, and management issues.

Often, it emerged that healthcare service providers need to develop an appropriate model for selecting the right vendor to minimize risks. These risks include those that arise due to poor vendor selection that often leads to higher costs and poor service delivery. The recommended operations risk management steps include risk planning, identification, qualitative and quantitative risk analysis, developing a risk response plan, and putting in place a risk monitoring and control plan. The strategies identified as appropriate for risk management include accepting risks, putting methods in place to avoid the risks, exploiting opportunities for risk avoidance, transferring the risks, sharing the risks, and mitigating the risks to effectively manage them.

Significance of the Study

The study is critical because it provides healthcare service providers with the right approaches to use in selecting the right vendor for outsourcing non-core functions. The goal is to effectively achieve the strategic objectives of cost savings, technology optimization, and the use of professional expertise in specific domains by focusing on core functions. In addition, managing operational risks when outsourcing IT services is critical for a properly functioning healthcare service provider to lower the costs associated with outsourcing risks.

Conceptual discussion

The study was conceptualized in terms of non-core functions of healthcare services that were outsourced and focused on core functions to lower operating costs, increase productivity and performance, and provide better quality services to increase trust among consumers. By outsourcing non-core functions, operational risks associated with outsourcing key IT services, such as service level agreements, data privacy and security, hidden costs, and data entry errors, arise as shown in figure 1.

Review of the Literature

Outsourcing in health care

A research study by Heeks which investigated outsourcing of healthcare services among 12 service providers, using a methodology that accurately reflected the research problem, showed that the practice is an emerging global trend that most companies are adopting (129). Heeks notes that healthcare service delivery is driven by industry players, such as insurance companies, hospitals, and pharmaceutical companies (129).

Insurance companies are finding it difficult to address the increasing number of people wanting to process their insurance claims quickly. Streamlining such services through outsourced service delivery such as using information technology running applications on advanced infrastructure reduces the risk of incurring high operational costs when adopting new insurance plans into the market (Heckmann et al. 120). Besides, health care providers, including hospitals, outsource non-core services using IT cloud platforms, among others, to create an environment that fosters concentration in the core functions.

This enables the healthcare provider to maximize reimbursements and increase accurate and effective cash flow cycles by integrating information systems into service delivery through accurate data analysis. According to Heckmann et al., hospitals are concerned with patient enrollment and strategic planning, medical care (e.g., medical imaging, device monitoring, and medical transcription), and revenue cycle management through IT-based systems (121). According to Quinn, pharmaceutical outsourcing focuses on drug discovery, pre-clinical trials, clinical operations, data management, and stats, and medical writing, which are generally referred to as clinical research (9).

Researchers including Quinn have concluded that often, the services are either IT-based or non-IT-based (9). In each case of outsourcing, different operational risks are bound to happen that need to be managed.

What can be outsourced in health care?

Roberts reviewed several academic research articles that revealed that pharmaceutical, insurance, health care, and information technology services when outsourced lead to a significant number of benefits (239). The clinical services that can be outsourced include patient care in the areas of diagnostic imaging, hospitalist staffing, anesthesia, dialysis, and emergency department staffing. Recent studies have shown that healthcare service providers outsource non-core services to information technology vendors to increase the quality and accuracy of data analysis.

Data entry operations and analysis is done using modern and-up-to date technologies. It has been established that outsourcing information technology services such as Business Process Management (BPM) enable the service provider to concentrate on core services, which is a strategic approach for saving money that leads to better quality services. In addition, Roberts argues that the need to address the increasing demand for healthcare services in the medical industry demands the integration of devices that use networked computers, servers, laptops, and personal digital assistants (PDAs) (239).

According to Quinn, the aim is to manage the data generated from the services delivered to patients, and other people seeking consultation services, using the devices (9). Examples include billing records, electronic management of medical records, and information management. Looking at another area, the types of pharmaceutical services that are outsourced include exploration of the best methods to test a drug to determine its behavior on the human agent. In addition, trials are conducted on patients who volunteer, to find enough data for analysis so that researchers can establish the level of metabolism and toxicity when the drug has been taken.

Top reasons for outsourcing health care

A case study by Quinn to determine the top reasons for outsourcing healthcare services in the healthcare setting enumerated factors such as cash infusion and lower infrastructure investment costs (9). The results show that lower costs are achieved by cutting back on investing in expensive infrastructure such as state-of-the-art IT technologies. Additional savings result from avoiding the cost of investing in expensive call centers and avoiding investing in highly qualified medical and IT staff.

The results include controlling operating costs, which translates into major cost savings in addition to accelerating the migration into new technologies. Such investments lead to increased performance and minimum downtime for better productivity and high-quality service delivery.

Another reason cited by Roberts involves disruptive risks such as seasonal workflows (239). Outsourcing helps organizations overcome the problem by forcing them to efficiently deal with seasonal peak workloads. Outsourcing enables a company to focus on its core functions and enhance risk management, such as addressing issues related to technical crises, as well as disaster recovery and risk management. Improving operational performance to the level of world-class infrastructure and capabilities, based on excellent service delivery by dedicated teams who operate within specialized domains with expert experience, leads to greater operational efficiencies (Logan 25).

The reasons are summarized as specialization, quality of services, cost savings, and effective staffing. The approach has been demonstrated in best practices in quality improvement through better clinical governance (Logan 25). Such approaches are critical enablers for different types of risks that happen in the outsourcing program. Operational risk management in outsourcing has an overall positive effect on value innovation.

The challenges of outsourcing in health care

Logan argues that the majority of practitioners lack the ability to operate sophisticated applications and mission-critical systems (26). Outsourcing such services to poorly qualified vendors is a source of critical errors such as medical billing mistakes. Logan established that 80% of the medical bills contain serious errors that need to be corrected by specialized IT professionals. Researchers including Roberts note that establishing and enforcing service level agreements is a significant challenge that institutions need to address (245).

In addition, emerging challenges such as the introduction of new hardware, under-performing services, sudden termination of services, and poorly functioning applications can breach parts of the contract. Such occurrences emerge in the form of business risks in the healthcare service industry. Here, it is critical for both parties involved in the agreement to ensure that cost upon termination and other obligations need to be specified upfront. It is also critical to ensure that the destruction of data or its maintenance is addressed, to keep it safe from unauthorized access and use.

According to Roberts, price changes have been observed to be the sources of legal redress when certain clauses in the contract have been violated (240). Here, price changes happen due to changing hardware and software costs and the underlying technology which makes change overly difficult. Additional challenges that happen in the industry include service change over time, third party license issues, patient safety issues, and ease of using the available solutions. Other challenges include problems with negotiating and building agreements, vendor selection process, building an outsourced team, outsourcing clinical services, and determining the correct strategy for service transition.

Outsourcing healthcare services: pros and cons

As shown in Table 1, Roberts analyzed 100 articles on the pros and cons of outsourcing healthcare services and enumerated the findings as being critical in outsourcing for IT healthcare services. Based on the Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis, key elements emerge in the discourse. The strengths include improved quality of services, lower operating costs, use of professional personnel, ability to get better and easy solutions, and high-quality service delivery.

The weaknesses include hidden costs, vendor risks, staffing problems, and increasing variable costs such as related costs. The opportunities include employee buy-ins, adoption of various management practices, and sharing of risks among others. The threats that emerge include practitioner operations management, technology mismatch, operations failure, and data security issues. Technology mismatch happens when healthcare service providers outsource their services to IT firms that operate new applications and infrastructure that are not interoperable with the technology of the outsourcing firm.

Table 1. SWOT.

Strategic approach to outsourcing

According to Roberts, various healthcare service providers use different models to outsource medical services (250). While the models remain diverse, strategic outsourcing is seen as a model that adds value for the patients or those who seek medical advice. When outsourcing, the service provider must identify those services in the value chain that need to be outsourced. It is important to identify the activities that remain within the core competence and strategic focus of the organization.

Quinn evaluated both linear and modularized outsourcing process models and revealed that the process-oriented model focuses on end-to-end outsourcing of business processes without emphasizing the underlying hierarchical and functional structures (11).

Further investigations by Roberts showed that embedded within the strategic outsourcing paradigm are key steps, which include developing an outsourcing relationship with experts from the internal and external environments, as well as establishing the core functions to outsource (250). Heeks identified additional steps that include creating a request for proposal, evaluating prospective vendors, creating an agreement for the outsourcing to take effect, and executing the best outsourcing contract based on a reliable governance structure (130).

The key elements emerging in the discourse include establishing the goals of outsourcing arrangements, identifying risk factors, gains in competitive advantages, internal and external expertise, types of vendors, and service level agreements. Each case involves the improvement of costs, service quality, customer satisfaction, operational effectiveness, and value-added outcomes. Roberts notes that when incorporating the best practices and different outsourcing approaches, it is possible to emphasize the value stream that creates value and perfect service delivery (250).

Operational Risk Management in outsourcing services in health care

While outsourcing remains an effective solution for optimizing high-quality services, certain risks accompany the process. According to Logan, loss of control and dependence on the vendor are strategic risks that executives fear could have a negative impact on the operations of a company (22). Loss of internal technical expertise and sensitive data, violations of service level agreements, and poor vendor performance or complete nonperformance constitute the additional risks. Different models have been proposed for operations risk management.

It is evident that outsourcing in health care is a complex phenomenon that is related to regulatory bodies, technological development, and strategic issues and plans that have an impact on the effectiveness of IT healthcare outsourcing. Organizational issues that affect outsourcing include compliance with issues in the business environment, the need to develop new and better applications and information systems, improved service quality, and the nature of the relationship between IT services provider and the healthcare service provider.

Outsourcing IT services causes additional issues that can be categorized into strategic issues. Strategic issues include cost control, reduced transaction costs, greater flexibility, cost of hardware, strategic alliance, and reduced capital costs. In addition, support for vertical integration is a source of risk that organizations need to factor into their calculations (Roberts 240). On the one hand, regulatory issues include ownership, terms, and conditions of the contract, business relationship with the origin of the hardware devices, and the underlying politics. On the other hand, risks happen due to technical issues that include rapid changes in technology, achieving the best practices, and accessing new technologies and skills.

Research studies have revealed that outsourcing IT services provide better and more accurate services that comply with dynamically changing billing needs that require hospitals to invest in training and retraining personnel. As another benefit, outsourcing IT services accommodate billing changes that happen dynamically and enable the service provider to address core functions (Roberts 241). It is possible to create a positive collaboration between the service provider and the patient to allow for predictable cash flow. Certified IT firms that offer outsourced services provide professional and efficient services in compliance with healthcare laws, including taxes, employee benefits, and salaries.

Information technology-based outsourcing operations promise to offer better service delivery, reduced service cost, better business consulting, and management focuses on the core functions of providing healthcare services for better and high-quality service delivery (Heckmann et al. 119).

The specific areas of IT outsourcing include finance and accounting, human resource management, tracking services that are offered to determine the progress of the patients, and the ability to use complex applications and other infrastructure that need specialized personnel to operate (Roberts 240). It is imperative to note that the majority of IT employees in hospitals in many parts of the world do not operate mission-critical services and applications that comply with new data privacy and security laws.

The use of such data centers, when management within the hospitals does not have specialized personnel, increases the risk of data breaches and other problems associated with data entry. Billing problems due to the use of less specialized and less experienced personnel have been noted among hospitals that use complex IT infrastructure. It has been estimated that over 80% of the bills received by insurance companies contain errors that result from poor data entry practices.

Operational risks in outsourcing IT services in health care

Researchers have established that outsourcing IT services is accompanied by several risks that need to be addressed. Among these risks is the possibility of weak management (Berger 219). The rationale is that if the vendor fails to provide the desired quality services and outsources to a third party, the result can lead to costly problems, quality issues, and privacy issues (Logan 22). Sometimes inexperienced staff can be a critical source of risks.

Such outsourcing can cause errors in data entry, lack of compliance with regulations, and breach of service level agreements, leading to lower quality services. Besides, it is possible for a company to experience a loss due to uncertainties in the market.

Introduction to Outsourcing IT Services in Health Care

Researchers have identified an approach, commonly used in the healthcare industry when managing operations risks. The first step involves establishing the context in which the risks occur, followed by risk identification, analysis in the context of qualitative and quantitative risks, risk evaluation, and risk treatment (Berger 219). The method resonates well within the commonly used enterprise risk management framework. After the context of operational risks has been established, the healthcare organization can establish the best risk mitigation strategies.

Operational risks include uncertainties related to outsourcing threats and mitigating those risks using managerial resources. As mentioned above, at the outset, risk planning includes identifying the context in which risks occur (Berger 219). The key inputs into this high-level process include determining the amount and types of risks that fall within the scope of the outsourced processes and making sure they are clearly defined in the scope statement that details the type of risks and associated threat levels.

Among the methods that have been suggested include the alignment of risk appetite and strategy, managing multiple and cross-enterprise risks, reducing operational surprises, seizing opportunities, and enhancing risk response. According to Quinn, different authors have suggested the cost management plan as an important input because of the general costs incurred in the risk management process (13). Within the framework is a schedule management plan that incorporates the operational risk management activities, showing internal and external system constraints. The planning components include a communication management plan that shows the specific risks and how to address them and basic enterprise environmental factors that reflect the nature of risks.

The Fishbone (Ishikawa) Diagram

The next step is to identify the risks. Different models have been proposed for risk identification, and one popular method that has widely been used in the healthcare industry can be conceptualized and expressed in the Fishbone (Ishikawa) Diagram.

The importance of operations risk management underpins the need to use an appropriate paradigm for risk identification. While various modes have been proposed for risk identification, the Fishbone (Ishikawa) Diagram shown in figure 2 provides details of the drivers of the risks and the resulting cause and effects.

As depicted in figure 2, the primary risks include compliance with the standards and guidelines for third party information management, business continuity in case of the third-party hardware and software system failures, loss of information confidentiality, and operational and transaction risks. Operational and transaction risks arise because of process flaws in any of the processes involved in the exchange of data between the healthcare service provider and the information technology service provider.

Secondary risks include the validity of the service provider, quality of service, and the discontinuance of service delivery. Other secondary risks include the inability to serve an increasing customer base besides inappropriate quality responsiveness, assurance, empathy, and trust. The overall result is the problem of loss of control and business continuity in the provision of outsourced IT services. However, the risks can be addressed through an appropriate risk management process.

Research Methodology

The study was based on a qualitative review of literature and case studies of organizations that have outsourced services to determine the sources of operational risks and how to manage these risks. A qualitative research method was deemed to fit well into the study because of the centrality of linking the research approach with the desired results of the study. The research approach was used to answer the main research question on how to manage operations risk in outsourcing healthcare services (Berger 219). A systematically predefined procedure was used to address the research questions.

The predefined approach consisted of analyzing the case study and collecting evidence from the literature review, which was a secondary source of data to address the research questions. One of the outstanding features of the qualitative research approach was seeking to explore the phenomena based on an analysis that provides a detailed description of the relationship that exists between outsourcing and operations risk management.

Using the qualitative research paradigm had certain advantages that made the approach appropriate for the study. The credibility of the results was deemed to be one of the advantages. Besides credibility, researchers point out that qualitative research results are transferable. It was established that qualitative research results are dependable. Dependability is an aspect of reliability and the ability to replicate results. In summary, it was established that the research is systematic, dependable, reliable, accurate, and reproducible.

Result and Discussion

Discussion

Many companies specializing in the provision of healthcare services have opted to outsource non-core functions and concentrate on core functions to increase the quality of services, enhance professional learning in the domain of specialized services, improve professional competence, lower operational and labor costs, tap into and leverage knowledge and other technologies, and share or mitigate risks associated with operating IT infrastructure.

Observations indicate that information technology services are widely outsourced to different vendors in the healthcare industry with the objective of minimizing costs. When outsourcing, it is imperative to use methods that have been proved to work to avoid or minimize the effects of associated risks. Moreover, it is imperative to manage the operational risks associated with outsourcing IT services through a risk management plan.

The key steps include planning, identification, qualitative and quantitative analysis, risk response, and a plan for risk monitoring and control. Typical operational risks that were identified to have implications on outsourcing IT functions include weak management approaches, employing inexperienced staff, uncertainties in the business environment, breaching of the service level agreements, and use of outdated technology.

Conclusion & Recommendation

In conclusion, outsourcing is a process that continues to be embraced by different organizations offering healthcare services in many parts of the world. Outsourcing IT functions comes with various benefits such as allowing the outsourcing company to concentrate on its core functions to gain competitive advantage and reduce cost. In addition, healthcare service providers gain greater competencies leading to better innovation capabilities, organizational flexibility, use of state-of-the-art technologies, lower training costs, expert focus on the domain of interest, access to modern technologies, and optimization of vendor economies of scale.

However, significant operational risks are possible when outsourcing IT services that should be given adequate attention to optimizing the outsourced services. Best practices for operational risk management include risk planning to identify and mitigate the risks. However, different approaches have been suggested to address operational risks such as avoiding the risks, transferring the risks, mitigation of the risks, enhancing the risks, sharing, exploiting, and accepting the risks. In any case, based on the results of the study, it can be recommended that outsourcing healthcare organizations need to first establish the financial standing, legal compliance status, technical capabilities, competencies, and history of the vendor organization before awarding a contract to an IT firm.

Works Cited

Berger, Roni. “Now I see it, now I don’t: Researcher’s position and reflexivity in qualitative research.” Qualitative Research 15.2 (2015): 219-234. Print.

Heckmann, Iris, Tina Comes, and Stefan Nickel. “A critical review on supply chain risk–Definition, measure and modeling.” Omega 52 (2015): 119-132. Print.

Heeks, Richard. “Health information systems: Failure, success and improvisation.” International journal of medical informatics 75.2 (2006): 125-137. Print.

Logan, Mary Spencer. “Using agency theory to design successful outsourcing relationships.” The International Journal of Logistics Management 11.2 (2000): 21-32. Print.

Quinn, James Brian. “Strategic outsourcing: leveraging knowledge capabilities.” MIT Sloan Management Review 40.4 (1999): 9. Print.

Roberts, Velma. “Managing strategic outsourcing in the healthcare industry.” Journal of Healthcare Management 46.4 (2001): 239-250. Print.