Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:05 PM
Connect Directly

Compliance as Opportunity

Regulatory compliance demands force insurers to dedicate scarce resources, but meeting those demands can be the occasion to accomplish worthwhile IT goals.

Customer File

The core of Prudential's content management is a customer information file that draws together all information relating to each client. "It's a unique design in that it doesn't contain the data in a single physical location, but points to where the data resides," Koster explains. "It has brought together all the customer information to deliver to the agent, and with today's technologies we can deliver it to the customer through the Web."

Today's technologies also introduce new realms subject to regulatory scrutiny. To respond to the challenges of publishing on the Internet, Prudential implemented a Vignette (Austin, Texas) Web content management solution in 2001. A year later, the carrier added the vendor's workflow capability. "As content is entered for display, it gets routed through various compliance approval steps before it actually gets published to the Internet," says Prudential vice president, information services, Mike Mandelbaum.

Prudential has addressed e-mail related compliance challenges by a filtering process introduced about nine months ago into the carrier's IBM (Armonk, N.Y.) Lotus Notes environment. The application replaced a home-grown system that had been in place for the five previous years, which required manual review, according to Mandelbaum. "The volume of mail has been increasing at such a dramatic rate that we can't continue to operate that way," he says. The current solution automates the process by detecting key words and phrases. "The automation catches every message sent by or delivered to a sales person, and looks for specific language that might raise compliance alarms," Mandelbaum says.

Once the e-mail content is scanned, it is then stored for a predetermined length of time in IBM's Content Manager product. "We then have them available for retrieval should we need them for legal or compliance reasons," Mandelbaum says. He doesn't mention the vendor of the e-mail system because the demands of handling e-mail has led Prudential to move to yet another system in the near future. "It's a question of scalability and reliability," he comments.

While Prudential still maintains vast stores of paper documents, it introduces all of them into electronic circulation through imaging and routes them through Amdocs' (Chesterfield, Mo.) Clarify workflow product, according to Koster. The carrier introduces original customer information to the enterprise through its agents' LaunchPad proprietary hardware/software solution, equipped with EZ Data's (Port Washington, N.Y.) Client Data System (CDS) product. "That is the first place that customer information is captured," Koster says. "At the point [the agent] is going to write a policy, we automatically move the data from CDS into an electronic application [form]; all data that has to be collected for the application is captured at this time and stored, and then sent into the mainframe for processing."

In order to protect all that information once it enters the enterprise, Prudential takes special measures to ensure privacy and security. Mandelbaum characterizes these measures as one of the ways compliance adds cost, but he says that Prudential embraces that responsibility even beyond regulatory demands. "We feel very strongly that data needs to be protected, so we restrict access to those people that absolutely need it. Someone sitting in a call center answering a question from a customer needs access, but an application programmer moving the next version of that call center technology doesn't," he says. "Because of things like Gramm-Leach-Bliley and our own concerns, we've taken the extra steps of putting our programmers through a process that scrambles the data." Prudential has applied for a patent on the process, Mandelbaum adds.

Arkansas Blue Cross Blue Shield (ABCBS, Little Rock, $856.5 million written premium, 2002) was driven to modernize its records management capabilities for both compliance and business efficacy concerns, according to Mike Seay, an internal consultant responsible for the implementation of a FileNET-based medical records request (MRR) solution. Lack of "a friendly and efficient process for requesting and retrieving medical records from provider offices was a challenge that plagued ABCBS for many years," Seay relates. "It increased the time required to process a claim, and also put a burden on the physicians, especially when the same medical record is requested multiple times."

Before the implementation of MRR, ABCBS only used imaging as a back-end measure. "It was really just used as a back-up for research purposes," Seay relates. "After a claim was paid, the document would be imaged so that if someone wanted to go back and look at it they wouldn't have to see the paper again." By moving imaging to the beginning of the process, the insurer laid the ground for a centralized method to request, receive and track medical records-enabling ABCBS to address several HIPAA compliance concerns. The solution was also designed to eliminate duplicate record requests by use of a comprehensive indexing approach that enables a database search for records already requested.

MRR addresses HIPAA security and privacy requirements by minimizing circulated paper, according to Seay. "We developed a method whereby medical records come in through a designated fax and get routed electronically to those who need to see it," he explains. "That eliminates a lot of extra eyes seeing sensitive information." ABCBS is able to address the HIPAA "designated record set" requirement through the creation of patient cases. "When we need to order a medical record the claim is put into an electronic case and when the records come in they are automatically attached to it. So if we're required to demonstrate designated record set all we have to do is enter that person's name and it's all bound together electronically," Seay says. MRR also meets HIPAA's "denied amendment letter" requirement, which mandates the attachment of communications from individuals disputing some part of their medical record. "That was otherwise difficult for us because medical records are used by 15 departments in our company," Seay explains.

The solution also helps the carrier to address rising administrative costs caused by a shift to a greater volume of individual business. "Underwriting individual policies has a higher administrative cost, and a significant part of that is the medical records cost," Seay claims. "This project was a way to streamline the workflow to create a lower-cost, more efficient way of getting medical records in-house and sharing them with the employees that need to see them."

Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio

2 of 5
Register for Insurance & Technology Newsletters