HOME | ABOUT US | CONSULTING | RESEARCH INSTITUTE | JOURNAL | EUROPE | PAPERS | SUPPLIERS | FOCUS AREAS | EVENTS | NEWS | CONTACT US

Table of Contents

Protecting Data: Navigating the Rough Waters of Offshore Data Security

Outsourcing Customizes Customer Care Worldwide

How an Outsourcing Partnership is Creating a Global HR Offering

Part 3: A Diamond In The Rough

Procurement Outsourcing To Double In Next Three Years According to Accenture Study

Asia
Australia
Best Practices
Business Process (BPO)
Canada
Events
Finance & Accounting
Financial Services
Healthcare
Human Resources
Information Technology
Manufacturing
Offshore
Outsourcing Journal
Supply Chain Management

The Impending Information Technology Refresh: Navigating through Change and Mnaximizing ROI

How to Make Full-Service HRO Work for You

Managing Your Customer Relationships with Business Process Outsourcing

How check truncation legislation could transform banking

Sole Source Outsourcing

Outside Upside: Finding focus through finance outsourcing

In recognition of the inevitable yin-yang nature of all hot outsourcing trends, offshore outsourcing is receiving its share of negative press to offset the glittering claims of monstrous cost savings. In addition to taking away American jobs, skeptics claim American data is unsafe in foreign hands.

The skeptics are absolutely right...and wrong. By its very nature, data (particularly in its electronic forms) is unsafe in any hands. A bold statement, which is also absolutely right....and wrong. A recent incident in San Francisco (San Francisco Chronicle, October 22, 2003) demonstrates what companies need to do to protect their data from everybody, including their own employees. It teaches us many lessons about preserving confidentiality - a challenge facing every business in our increasingly global village.

Outsourcing Medical Transcription

Medical transcription is a relatively complex process requiring extensive education and training. Staffers translate the physician's notes (replete with medical jargon) into patient medical records for use by various staff from administration to nursing. This is a common process that hospitals (as well as clinics and private-practice physicians) outsource which, while critically important, is not core to their mission of curing the sick.

Here's how it works. At the end of the day, physicians routinely record their patient notes into a tape recorder or other recording device, depositing the resulting medium at the hospital's transcription department. Since most in-house records departments are not 24/7 operations, there is no action on the patient data until the next morning, when the transcription staff types up the information in the tapes. When the transcription is complete, the staff sends the transcription reports back to the doctor for review and approval. Once approved by the doctor, they are sent to the hospital server and placed in the patient file.

This process can take between two to four days depending on the backlog. Aside from the obvious expense and demands on the doctor's time, transcription traditionally inserts real delays into the patient care process. Time is often of the essence in medical care.

Cue the outsourcing opportunity. Outsourcing the process speeds up the results. The physician phones a toll-free number, anytime, to record his or her transcription. Doctors can do this at home, since they don't have to deposit the recording at the hospital. If the service provider has an offshore office, say, in India, it's morning. Staff members retrieve the recording and type the transcript. On-site staff physicians review the transcription, so the American doctor doesn't need to review the record for accuracy, saving him or her valuable time that could be spent with patients. The service provider emails the transcript to the hospital's server. Voila! The outsourcer completed the process overnight.

Outsourcing Offshore Can Save Millions

Often more compelling than the quick turnaround time is the real opportunity to radically cut labor costs by up to 50 percent. For an average hospital, the savings are easily in the millions of dollars per year - too big a sum to ignore. These savings are extremely attractive to increasingly cash-strapped hospitals -- they can deploy that capital better elsewhere, like in newer equipment, better facilities, or more nursing staff.

The American Association for Medical Transcription, an industry group, estimates that offshore companies are handling 10 percent of all U.S. medical transcription, which is currently a $20 billion a year industry.

The San Francisco Story

USFC Medical Center in San Francisco has outsourced its medical transcription to another Bay Area company for 20 years. What USFC didn't realize was that this company subcontracted some of its work to a small company in Florida. The Florida company then subcontracted the work to a man in Texas, who, without the knowledge of anyone, subcontracted the work to a woman in Pakistan.

The offshore arrangement worked well for 18 months, until the man in Texas refused to pay the Pakistani woman, who turned out to be a physician in Karachi. After repeated attempts to contact the man in Texas to get her payment, she decided to raise the stakes by contacting the owner of the confidential patient data. She emailed the USFC Medical Center and threatened to post patient medical histories on the Internet if she didn't receive her $500 in back pay. She included some of the sensitive information to prove that she had the files.

Aside from their honest concern about the patient's confidentiality, USFC Medical Center was particularly unhappy because this would be a violation of a very tough new federal law that guarantees the privacy of patient information. If the patient information appeared on the Internet, in addition to the significant damage to their reputation, the Medical Center would be subject to severe fines for violating that law, known as HIPAA.

After receiving the threat, USFC went back to its supply chain. The Florida subcontractor paid the Pakistani physician and she agreed to protect the patients' privacy.

Lessons in Protecting Data - Here or There

We can learn many lessons from this potential fiasco. First, it CAN happen to you, no matter what business you are in. There are security and confidentiality risks whether you outsource your work to a company in town, across the ocean, or do the work in-house. In fact, in many situations, you have more data security and less risk when utilizing an outsourcing provider than you would if the work were done in-house. If a disgruntled employee threatens to post patient histories on the Internet, all you can do is fire him or her. If an outsourcing provider breaches HIPAA rules, it has a huge legal problem. In addition to the damage to its reputation, if publicly traded, shareholder value could be destroyed. The current Putnam trading scandal is causing massive withdrawals from the mutual fund. Its survival is uncertain.

Second, the only way to ensure the safety of your data when outsourcing is to intelligently assess your points of risk and structure the outsourcing agreement to mitigate them. In the San Francisco story, this might have been as simple as USFC having a clause in its agreement that gave it the right to review and approve all subcontractors used by its outsourcing service provider. I always suggest that you do the same. When you have oversight and control of your outsourcing supply chain, if you don't want your work to go offshore, it won't.

In the San Francisco story, each subcontractor in the chain had no idea what the subcontractor below them was doing, and the Medical Center didn't even know that there were other subcontractors doing its work. That's a big mistake for the buyer of outsourcing services. Buyers must control their supply chain.

Worry about Data Security When Selecting a Provider

Protecting data should be a concern when you select your outsourcing service provider. If you want to use an offshore provider to capture the savings, use a supplier with a brand name. Pick someone who has something to lose if they make a confidentiality breach.

Ask about the service provider's security measures. For example, Outsource Partners International, a New York, New York service provider with an Indian office, processes U.S. tax returns in Bangalore. It uses armed guards at all doors and forbids employees to have pencils or paper in the building. That stringent policy would be difficult to enforce in the U.S.

I suggest selecting an established, Tier I offshore service provider who has an American presence. If push comes to shove and litigation is the only solution, you can sue the company in an American court. If you win, you can enforce a monetary judgment. More importantly, you can be sure that their reputation is worth much more to them than any savings they might achieve by cutting corners. This may cost you a few pennies more per transaction, but I feel it is worth it.

The bottom line is that you must assess all your risk points in any process involving sensitive data. It doesn't matter if you are in town or offshore; the risks remain the same. Then, address those risks in the structure of your outsourcing contract.

Lessons from the Outsourcing Journal:

• Companies must assess all risk points in any process involving sensitive data, then address those issues in their outsourcing contracts.
• Buyers must control their supply chain when they outsource. That includes knowing about and having veto rights over all the subcontractors the service provider uses.
• If you are going offshore, use an established company with an American presence. This guarantees your ability to litigate in American courts if the situation deteriorates.
• In some cases, outsourcing can provide more data security than in-house departments.

Publish Date: November 2003

For more information...
Printer friendly...

Related Articles
How Offshore Providers Ensure Data Security

Copyright © 2003 - Everest Partners, L.P.

[Previous Story] [Next Story]