As I read the headlines from the major industry news sources recently, I was struck by how Stark (pun intended) the competing pressures facing healthcare providers are today.
Consider the following challenge as providers attempt to better coordinate care in today’s highly fragmented delivery system:
Hospitals must build physician partnership to support a stronger care continuum. According to the results of the most recent HealthLeaders Survey; “2014 CEO Industry Survey: The Winners and Losers of Healthcare Reform.” the number one area of focus in order to succeed under the Affordable Care Act (ACA) is to strengthen the clinical care continuum; ie, forge and strengthen physician partnerships. In fact, a full 89% of CEOs rank clinical care continuum relationships as the top area of opportunity1 . However, due to ongoing concerns about violating Stark Law, physicians and medical professionals are limited in their ability to form these partnerships.
These concerns are real. The recent preliminary settlement in the U.S. v. Halifax case has the hospital settling to the tune of $85 million—more than eight times Halifax’s annual operating margin and nearly 18% of its $480 million annual revenue.2 If the settlement numbers are any indication, these cases will continue to increase. According to a recent article in Modern Healthcare, Regulatory authorities are investing more in fraud detection and enforcement than ever before, recovering $4.6B from providers last year alone.
“The tough part for hospital leaders is that these legal pressures are at odds with public policy and market forces pushing health systems toward greater integration to improve care coordination and reduce costs. The federal government hasn’t reconciled its goal of encouraging integration with its desire to prove that it’s tough on fraud and abuse. As a result, systems pursuing integration will need to be even more vigilant because they’re stepping closer to the line where traditional Stark law enforcement might come into play.”
Data privacy issues have also hampered attempts to provide a more integrated patient medical experience. Experts agree that a critical “enabler” to support quality, efficiency and care coordination is more broadly distributed, linked healthcare IT. However,the increasing prevalence of healthcare identity theft has made implementation of new technology systems difficult to say the least. With a wealth of data and a significant amount of money to be made in theft of said data—an individual’s medical record can be worthas much as $500 per record—healthcare organizations are an attractive target for breaches. Anew study by the Identity Theft Resource Center found that 43% of all reported identity thefts in the U.S. last year were medically-related. A recent article featured in iHealthBeat, “Health Care Biggest Target of Identity Theft, Report Finds” finds that according to HHS, between 27.8 million and 67.7 million individuals’ health records have been compromised since 2009. It isn’t just the individuals that are at risk. In 2013, healthcare organizations experienced 267 breaches, while all other businesses combined experienced 210 breaches.
It’s a dangerous world out there
While the ACA, changing care models and value-based purchasing initiatives introduce new opportunities; increased regulatory scrutiny, HIPAA and data privacy concerns introduce new risks. At the same time, decreasing, capitated payments amplify the need for operational efficiency and cost control. These are just some of the challenges facing healthcare providers today as they operate in an increasingly volatile, complex and highly competitive environment.
So what can be done? Fortunately, there are options out there to manage your regulatory risk.
STEPS TO TAKE TO AVOID A RISK EVENT (PRE-EVENT)
- Designate a compliance officer and compliance committee:
– Implement written policies, procedures and standards of conduct
– Conduct effective training and education
– Enforce standards through well-publicized disciplinary guidelines
– Conduct internal monitoring and auditing
- Consider engaging an independent broker or consultant to audit your insurance program to determine the remedies available in the current program and to outline other potential coverage options.
- Utilize tools to proactively manage your risk. To help our clients manage these regulatory risks our Healthcare Practice developed The Risk Management ACO. This is an innovative approach to integrate our internal coverage, consulting and claims specialties, as well as, external professional service providers such as healthcare regulatory attorneys, audit, actuarial / data-analytics and clinical risk consultants. We feel this is an efficient, proactive way to help manage your changing risk profile while preparing for a wide range of contingencies.
STEPS TO TAKE IF YOU DETECT A POTENTIAL RISK EVENT (POST-EVENT)
- Consider engaging counsel to determine whether an event has, in fact, occurred (privilege considerations) and if so, consider working with a consultant or auditor to identify the universe of affected claims
- Notify the regulatory liability claims counsel at your insurance broker to trigger coverage and advocate for optimal recovery
- Develop a corrective action plan and suspend billing for potentially affected claims until executed
For more information on the issues discussed in this blog, contact Chad Follmer, Healthcare Practice Leader, at email@example.com.
1. 2014 CEO Industry Survey: The Winners and Losers of Healthcare Reform, HealthLeaders, February 2014
2. Fraud scrutiny injects danger into hospitals’ physician compensation, Modern Healthcare, March 8, 2014