Harvard Pilgrim Health Care Uses Automation to Reduce Compliance Management Costs
Oracle 1-800-633-0738
Find an Oracle Specialized Partner
Oracle Customer Programs

Harvard Pilgrim Health Care Uses Automation to Reduce Compliance Management Costs

Harvard Pilgrim is a not-for-profit health plan that provides a variety of health benefit options and funding arrangements to more than 1 million members in Massachusetts, New Hampshire, Maine, and beyond. For nine consecutive years, Harvard Pilgrim was named the number-one private health plan in America, according to a joint ranking by the National Committee for Quality Assurance (NCQA).

As an insurer, Harvard Pilgrim operates in a highly regulated environment, where it must comply with numerous operational and financial requirements, such as the National Association of Insurance Commissioners (NAIC) Model Audit Rule (MAR). The company also must adhere to other, more general, accounting standards, such as Standards for Attestation Engagements No. 16 (SSAE 16).

For governance, risk, and compliance (GRC) management, the health plan largely relied on a series of manually produced spreadsheets routed for updates via e-mail. Managing and consolidating the spreadsheet and producing required periodic reports required a full-time staff member and left room for error.

Harvard Pilgrim wanted to ensure its ability to continue to comply with current and future GRC requirements, while reducing the cost and time needed to manage these processes and produce required documentation. Building on a large Oracle footprint, the company worked with Oracle Partner PricewaterhouseCoopers (PwC) to deploy Oracle Governance, Risk, and Compliance Manager 8.6.3. It automated periodic controls testing and GRC activities and improved its ability to document and manage change management and compliance issues. The company also gained enterprisewide, real time visibility into risks and controls to enable continuous monitoring. Further, Harvard Pilgrim reduced the time required to manage GRC processes around MAR and SSAE16 by utilizing workflow features within the application. It also gained the flexibility and capability to respond to changing requirements.




A word from Harvard Pilgrim Health Care

  • "With Oracle Governance, Risk, and Compliance Manager, we gained enterprise visibility, achieved continuous monitoring of risk and controls, reduced compliance management costs, using a solution that will take us into the future. It provides tremendous value." – Chuck Scheller, Director of Business Systems Support, Harvard Pilgrim Health Care

  • Continue to ensure compliance with various auditing standards, including SSAE16 and the insurance-industry-specific MAR, the later which NAIC expanded in 2010 to require a management report on internal control over financial reporting
  • Cut effort and costs associated with the company’s financial-standards compliance program, as the not-for-profit health insurer seeks to keep administrative costs low
  • Reduce the possibility of errors associated with manual and spread-sheet based GRC processes


  • Automated the insurer’s accounting-standard, SSAE16-compliance process―including management of the insurance industry’s expanded MAR―with Oracle Governance, Risk, and Compliance Manager 8.6.3
  • Created a centralized repository to gain risk and controls data visibility across the enterprise in real time to enable continuous monitoring―reducing risk for the health insurer
  • Used the solution’s robust functionality to automate periodic controls testing and management-assessment activities, and document and to manage change control and compliance issues
  • Reduced significantly the company’s reliance on manual spreadsheets and e-mail communication to sustain compliance activities―helping to ensure greater version control and accuracy, which are critical under insurance industry audit rules
  • Achieved significant cost savings by eliminating redundant testing and management of assessment activities
  • Made a system record of prior testing and assessment results available for internal and external reporting and auditing―streamlining these previously time-consuming processes
  • Allowed the insurer to report and manage documentation from a single solution, facilitating auditor review and laying a solid foundation for compliance with future regulations

Why Oracle

“When we made the decision to deploy Oracle Governance, Risk, and Compliance Manager, we did not really consider other solutions. We have a large Oracle footprint, so the ability to integrate the solution to our broader Oracle environment was compelling―in addition to the inherent value of being able to house, manage, and report on MAR and SSAE16 from a single repository,” said Chuck Scheller, director of business systems support, Harvard Pilgrim Health Care.

Implementation Process

Harvard Pilgrim used its existing compliance framework and PwC’s leading practice for managing risk and regulatory compliance to create an effective system for MAR and SSAE16 compliance activities. PwC managed the configuration and deployment process, including helping Harvard Pilgrim with process redesign to enable optimizing the solution’s benefits. After the initial deployment, which took approximately a year, in part, because the product was still in development, Harvard Pilgrim is now upgrading to 8.6.4 to remain current and take advantage of new functionality.


Harvard Pilgrim Health Care partnered with PwC to implement Oracle Governance, Risk, and Compliance Manager. It managed the solution’s configuration and deployment, and acted as a liaison between Harvard Pilgrim and Oracle during the process, which was very important as the health plan was an early adopter. PwC effectively and efficiently worked with Oracle to resolve issues when they arose.

“PwC and its support were essential to enabling us to optimize the value of Oracle Governance, Risk, and Compliance Manager. The firm’s experience with Oracle environments and its strong relationship with the company helped to ensure a very successful implementation,” Scheller said.