Big Brother is watching–HRO users and providers beware.
As it turns out, Big Brother is watchingHRO users and providers beware.
< ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Federal privacy law is expanding with the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the privacy and civil liberties procedures established under the Intelligence Reform and Terrorism Prevention Act of 2004 (IRATPA) one for electronic health information, the other for virtually all personal information that could be discovered in homeland security and anti-terrorism investigations. For HRO customers, employees, and service providers, each law will impose new obligations and safeguards.
HIPAA SECURITY RULE
The HIPAA Security Rule reinforces the Transactions Rule and the Privacy Rule, which focus on the privacy of protected health information. The HIPAA Security Rule takes effect on April 21, 2005, for all covered entities except small health plans. In the private sector, all private health plans, healthcare providers, and healthcare clearinghouses must assure their customers that the integrity, confidentiality, and availability of electronic health information that they collect, maintain, use, or transmit will be protected. The goal is to ensure the integrity and confidentiality of the information and to protect against any reasonably anticipated threat or hazards to security or integrity of the information and unauthorized use or disclosure of the information. The HIPAA Security Rule will be an additional compliance requirement for HRO deals. There is no specific federal security standard, but only one that adopts reasonable and appropriate precautions. The enterprise customer cannot simply dump the HIPAA compliance obligation upon the service provider. As a best practice, HRO customers and their providers should review the design and implementation of the processes involved in compliance, and establish periodic reviews to deal with changes that might be needed. The costs of such periodic changes should be discussed as well.
PRIVACY AND CIVIL LIBERTIES
Under IRATPA, executive departments and agencies must appoint a bevy of new privacy and civil liberties officers to protect against abuses of constitutional and statutory rights. Within the National Intelligence Department, a Civil Liberties Protection Officer, reporting directly to the Director of National Intelligence, will be appointed to meet constitutional, technological, and statutory mandates. To protect constitutional freedoms, this officer will be responsible for compliance, review, and assessment of complaints and other information indicating possible abuses of civil liberties and privacy in the administration of national intelligence programs. As a counterbalance to the increasing centralization of powers in the war on terrorism, a Privacy and Civil Liberties Oversight Board will be established within the Executive Office of the President as part of an enhanced system of checks and balances to protect the precious liberties that are vital to our way of life. In addition, Congress recommended each executive department or federal agency with law enforcement or anti-terrorism functions designate a privacy and civil liberties officer.
PRIVATE SECURITY OFFICERS
In the private sector, enterprises that either hire their own private security officers or rely upon service providers to do so will now be subject to new regulation. A private security officer is an individual other than an employee of a Federal, State, or local government, whose primary duty is to perform security services, full or part time, for consideration, whether armed or unarmed and in uniform or plain clothes. IRATPA authorizes prospective employers, after getting written consent from the prospective employee, to submit fingerprints for an authorized criminal history record information check for prospective private security officers. The employer must disclose the results to the prospective employee.
CRIMINAL HISTORY CHECKS
The new law opens the door to new regulation of access to criminal records in support of lawful employment beyond private security officers. The IRATPA law calls on the Attorney General to recommend to Congress any legislative improvements for the conduct of criminal history record checks for non-criminal justice purposes. As part of this process, commercially available databases will be reviewed as possible supplements to government records. Privacy rights will need further consideration, based on principles of employee consent, access to the records used if employment was denied, the disposition of fingerprint submissions after records are searched, an appeal mechanism, and penalties for misuse of the information. Employerswhether or not they outsource any HR administrative functionshould review and update their employee handbooks and the rules applicable to third parties having access to HR information.
In Part Two of an examination of self-service menus: How improving employee productivity goes beyond basic HRM self service.
Last months column discussed the many self-service threads that must be woven together to deliver efficient business processes. For example, onboarding not only involves many HRM-specific self-service interactionsbenefits enrollment, work scheduling, and the provision of emergency contact informationbut it also involves many non-HRM self-service interactionsproviding office space and supplies; assigning computers, cell phones, facility keys, other equipment, and my personal favorite, the company AMEX card; granting specific system access permissions; and establishing personalized portal preferences, to name a few. Another common business process that involves both HRM and non-HRM selfservice interactions is business travelresearching benefit coverages and determining how they are affected if injuries or sickness occur while traveling; making travel reservations, including frequent flyer preferences; paying attention to travel allowances determined by position, salary level, etc.; making travel changes before and during the trip; and preparing the always popular travel expense and accomplishment report in conjunction with ones time and attendance report.
In each of these cases, its hard enough to achieve the productive level of self-service dialogue integration and data semantics when youre running a generic administrative application backbone for your entire organization. Imagine the challenge you face when you (1) outsource HRM processes in piecemeal to several providers or outsource your HRM processes to a single provider that uses separate applications to create their HRM delivery system (HRMDS) and outsources travel and expense to yet another provider, (2) have your own IT organization handle the granting of specific system access permissions, (3) use AMEX to manage card-related self-service transactions, (4) use your own facilities people to manage the assignment of offices, and then (5) outsource small supplies procurement to yet another provider. If you want to see a selfservice dialogue and semantic integration challenge that approaches getting all members of the United Nations to agree on anything, just try this back at the office.
Can it be done? Absolutely! But theres going to be quite a lot of work that is often overlooked in HRM outsourcing agreements.
During your transition to a comprehensive HRO providers HRMDS or your incorporation of a singleprocess outsourcing agreement into your own HRMDS, not only will there be some level of initial systems integration and process redesign work to be done by your organization, but youre going to be performing some degree of systems integration every time one of the participants changes their approach, systems, or, in the case of outsourced processes, pricing. Most important is to make sure that, via scenario testing, you understand all of the initial and ongoing systems integration work for which youll be responsible and, therefore, all of the costs and risks associated with your planned outsourcing arrangements. All too often this area of self-service integration, which is critical to achieving real productivity improvements, is overlooked.
One outcome of this analysis may be to encourage you to consider even more comprehensive HRM outsourcing, to include those ancillary processes that create self-service touch points that affect the majority of your workforce. Another outcome may be to include a much broader range of workforce-affecting business event scenarios in your assessment of the HRMDS of proposed comprehensive HRO providers, to determine just how integrated their self-service experience is in regards to dialogue protocol and data semantics. And you shouldnt be surprised to discover that those providers who are stitching together their delivery systems platform from an assortment of independently- developed commercially-available software components will have either had to do considerable systems integration work themselves or will be passing along to your workforce the demands of a nonintegrated and non-standard self-service experience.
There are many ways to achieve the level of selfservice dialogue and data consistency that increases user productivity. Ignoring these issues isnt likely to lead to any one of them.
CASE STUDY: The March of Dimes follows the path to a paperless HR department.
Cost savings are important to every business, and non-profits are no different. Many of these organizations rely solely on donations to provide services to those in need. The mission of the March of Dimes, a non-profit organization founded in 1938, is to ensure that every baby is born healthy. The bulk of our financial resources are directed to our missionrelated initiatives. Our goal is to continue to find the most efficient and effective ways to run our organization. Improving our use of technology is an important part of that. < ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Recognizing that the HR Department of the March of Dimes was doing most of its HR and payroll processes manually for more than 1,400 employees in more than 150 locations nationwide, my team and I researched ways to automate these processes. The March of Dimes did not have the resources to remedy this problem in-house. Most of our technology investments were going toward improving IT infrastructure and the March of Dimes presence on the Internet.
Having multiple locations was a significant challenge to overcome. HR paperwork was being received from multiple locations. We then had to distribute paper forms and information throughout the March of Dimes chapters across the < ?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />
Seeking a solution, we were directed by Ceridian a leader in information services for human resources, transportation, and retailingto a company based in
Based on our experience with the HR module, were now looking at ways of streamlining other processes. For example, currently our timesheets are processed manually, and we have no efficient way of running reports or analyzing data. The March of Dimes is looking into adding the timesheets module to our HRIS in the near future. Internet-based employee and workforce productivity applications, such as the HRIS that we are using, represent essential and evolutionary technology that will dramatically improve the way our and other organizations manage their processes and their workforce. These new technologies will transform the business and help us become more efficient and competive in an Internet economy.
By not creating new paper processes and by converting incoming paper to electronic files, the March of Dimes is realizing significant economic savings. When one truly looks at both the hard and the soft costs, the gains quickly become obvious. Business owners and outsourcing experts say that outsourcing allows companies to concentrate on what they do best, their core competencies. It enables them to have other functions performed more efficiently at a lower cost and higher level of accuracy.
The more cost effective and efficient our internal processes become, the more our financial resources can be dedicated to our core competencethe mission to work toward a day when every baby is born healthy.
Rick Martino is Senior VP of HR & Administration and Chief Administrative Officer for the March of Dimes.
Case Study: Creating a national health portal for employees.
An outsourcing partnership delivers e-health portal to Northrop Grumman employees in all 50 states.
Following 16 major acquisitions since 1994, Northrop Grumman, the second-largest defense contractor in the United States, had grown from roughly 40,000 employees to 120,000. Along the way, we also inherited nearly 350 different health and welfare plans and 16 different pension plans. And, although we have been outsourcing a significant portion of our administration for the past 10 years, we did not bring all of our acquisitions together onto one common administrative and design platform until recently.
The catalyst for this consolidation was our 2001 acquisition of Litton Industries. We used this acquisition as an opportunity to redesign all of our benefit programs for several reasons. First, we hadnt redesigned most of our programs for several years and were facing pension issues. And, as we realigned newly acquired employees into different areas within Northrop Grumman, the benefit programs needed to make more sense across the entire company.
Integrating our acquisitions gave us the opportunity to redefine health care at Northrop Grumman. This was a huge undertaking that required a threepronged approach: plan redesign, health care resources, and engaging our leadership and employees from the beginning. Because of the magnitude of the task, we couldnt do it alone. We needed the help of our main outsourcing vendor, Towers Perrin, an HR consulting and administration services firm, to actually make it all happen.
Integral to the changes we were making, and a key piece that we outsourced to Towers Perrin, was the creation of a Web portal to promote health care consumerism (which has the potential to help stem rising health care costs.) We looked at consumerdirected health plans but realized they would only touch those employees who selected them. We wanted to provide health care tools and resources for all of our employees. One of our key messages was that health care was changing dramatically. For employees, the message was that, whether or not we took all of these 350 different health and welfare programs and merged them into one, we were still going to have to address health care cost increases.
In making the decision to outsource the e-health portal, we recognized both the complexity of the task as well as the fact that we were still in the process of implementing our redesigned flexible benefit, recordkeeping, and defined benefit programs. We chose Towers Perrin, in partnership with WebMD, a leading provider of Web-based consumer-focused health care information, because we believed that they would be able to provide us with a solution that would meet our needs.
With our input, Towers Perrin developed an entire health online strategy for Northrop Grumman. They delivered an e-health portal that contains all of the critical health care information needed to help our employees become better health care consumers. Those resources include Health Online, a medical plan comparison tool, online open enrollment, and care management.
In early 2003, we introduced our new Web site NG Benefits Online to our employees, following an intensive communication effort. Through NG Benefits Online, employees can now access a wealth of information and enroll in their benefits with just one click of a mouse. A customized consumerism guide highlights all of the new resources now available.
At Health Online, employees can take a health risk assessment, visit a condition center, maintain their family health records, and use tools to compare drug costs or determine the quality of different hospitals. Care management provides a nurse advice line, a disease and case management option, and a list of centers of excellence. We also use the information employees provide in their health risk assessment to match them with appropriate disease management programs.
We have had very good results to date and view our new e-health portal as an ongoing endeavor to get employees to pay attention to health care costs and their part in managing them. Towers Perrin has provided user statistics that underscore the success of our portal, including the fact that 90 percent of our employees enrolled in their 2004 health care benefits online, 40 percent used the medical plan evaluation tool, and 17 percent registered at Health Online. Based on these encouraging results, we will continue to work with Towers Perrin and WebMD to provide our employees with the best tools to help them become even better health care consumers and managers of their health program costs.
© 2009 - 2019 Copyright SharedXpertise Media, LLC.
All SharedXpertise Media logos and marks as well as all other proprietary materials depicted herein are the property of SharedXpertise Media. All rights reserved.
SharedXpertise Media, LLC, 123 South Broad Street, Philadelphia, PA 19123