CDH, CDH, CDH.

How often in the last month have you come across yet another article proclaiming the rise of Consumer Driven Healthcare (CDH)? For me, it's been a bunch:

URAC Awards BlueCross Consumer Education Accreditation

Grades to Transform U.S. Healthcare, Secretary Says

Report: IT Necessary for Consumer-Driven Health Plans

And so on.

Unless one is careful about reading these reports, one might conclude that CDH is either already the new dominant mode of healthcare financing, or that it will be soon. Every once in a while, though, a countervailing view pokes through:

Consumer-Driven Health Care is a False Promise

Hmm, talk about a bucket of cold water.

So, what is happening out there in CDH-Land? A lot, as it turns out, but in the context of a lot of uncertainty. Health plans, payers, providers, and regulators and moving frantically toward IT systems that can gather and analyze health data on an increasingly fine-grained level with growing sophistication. Medical management companies are able to drill down and dissect claims, prescription, and other data with increasing speed and subtlety.

But it's not just about IT -- it's also about consumer education. URAC's new Consumer Education and Support (CES) accreditation program is starting to catch on, establishing national standards that will guide managed care companies on how to talk to consumers in the new CDH environment. Government entities, both as regulators and as purchasers, are wading in to the CDH arena, too.

All this is happening, though, in the face of the very real possibility that, at the end of the day, most people won't want to direct their healthcare treatment and financing decisions. Some early reports suggest that, given the choice, most folks still don't want to sift through the data to make informed decisions about their payers and providers.

About 6 months ago, I sat down to lunch with a long-time friend of mine, who now is the regional CEO for one of the largest health plans in the nation. I've always admired him for the clarity of his vision, and, after we caught up on family news, I started to pick his brain about trends in healthcare, including CDH. His company, like many of its competitors, is taking a two-track approach, pursuing CDH on one track while sticking with more traditional managed care offerings on the other. After explaining why it makes sense, both in terms of market forces and IT strategy, he explained, "Tom, I give this 2-3 years to shake out. By then we'll know whether consumers really want to get involved in these kinds of choices. I don't know how it will play out, but we'll be ready to move either way, once we can figure this out."

He also explained that the IT investment seems to have other dividends, so even if CDH doesn't pan out, much of the IT investment will turn out to be worth it. This is primarily true because medical management gets better with more sophisticated IT systems, and the industry is just starting to see some serious cost savings and health benefits in upgrading medical management.

So, where does that leave us?

Most of our clients who can are taking the approach my friend's company is: act as though CDH is likely to be a part of the future of U.S. healthcare, and leverage the system improvements so that their benefits last even if CDH goes the way of other fads, like 8-track tapes. Hedging bets is a pretty good strategy, it appears, especially if the cost of doing so is pretty small.

Management Tips

A sticking point for many applicants, delegation contracts require more attention than most aspects of a URAC accreditation application. 

A few things to remember:

• If your delegate is URAC-accredited, this is the only standard that applies to that delegation relationship.
• Subsection (b) is explicit about the agreement requiring that the delegate comply with URAC standards. A clause requiring the delegate to comply with your organization's standards (which, of course, comply with URAC standards) is not enough. Similarly, a clause requiring that the delegate comply with another accreditor's standards (e.g., NCQA) is not enough. 
• Subsection (c) is another tricky one. Put simply, your contract must have a clause which confers an affirmative obligation on your delegate to let you know when circumstances have changed such that it can no longer perform the functions it's supposed to perform under the agreement. This is separate from the reporting obligation under subsection (e). Be explicit about this requirement on your delegate.
• Subsections (g) and (h) are distinct requirements. Restated, (g) requires that your agreement describes what the delegate must do in order to subdelegate (e.g., get your permission in writing). If your agreement prohibits subdelegation, that will suffice. Subsection (h) is applicable only if subdelegation is permitted, and requires that your delegation agreement require that any subdelegation arrangement be subject not only to your organizational requirements but also to URAC's (or "applicable accreditation requirements").

The Basics

One of the most frequently misunderstood URAC standards centers around this question: "what is data integrity?"

URAC's Core 13 (a) (in version 5.0) reads:

The organization implements information system(s) (electronic or paper) to collect, maintain, and analyze information necessary for organizational management that: (a) Provides for data integrity. . . .

This is a primary element of a mandatory (5 point) standard, so URAC applicants best not miss it. Yet, many do, at least on the first pass.

So, what does URAC mean by "data integrity"?

NOT SECURITY!

NOT PRIVACY!

Then what?

In a nutshell, "data integrity" means accuracy and trace-ability.

The Program Guide offers this oft-overlooked clarification:

"In this context, “data integrity” means data accuracy and trace-ability.
For example, when an organization pulls up a consumer’s records, what steps has it taken to ensure that it has pulled the correct record, and how accurate is the information in the record? Examples of “providing for data integrity” include (but are not limited to):
Monitoring data entry personnel for accuracy;
Cross-checking databases for consistency;
Using unique identifiers for consumer data; and
Prevention of and checking for duplicate entries."

So, what eveidence will URAC reviewers be looking for?

Again, the Program Guide helps: "Samples (2-3) of data integrity audit results, or records of database checks, or documents indicating unique identifiers for consumer data."

I wish I had deep wisdom to offer about how to comply with this standard, but I don't. The simple truth about this subsection is that URAC applicants miss it because they think they know what URAC means by "Data Integrity" without reading the Program Guide.

To repeat: in a nutshell, "data integrity" means accuracy and trace-ability. Security and privacy are dealt with elsewhere in the standard.

This simple standard requires that your communications plan assures that you notify consumers of benefit changes before they happen.  Most applicants appropriately submit a P&P to this effect and an example (newsletter or other member correspondence) of such prior notice.

While this is appropriate documentation, it overlooks that URAC also requests that applicants submit “Summary listing of all changes in covered benefits in the last two years, including the date of such changes.”

URAC’s reviewers want this information so that, during the onsite review, they can pick one or more such benefit changes and ask to see evidence that the announcement about the benefit change went to consumers before the effective date of the change. This suggests a practice note – since you know before the onsite review what this list looks like, go back and see if, in fact, your organization sent the notice timely. If not, diagnose why, and fix the systemic problem that led to that error before the onsite review. That way, while you cannot change history, you’ll at least be prepared to say “yes, we’re aware of our non-compliance with this standard on such-and-such a date, we diagnosed the problem, fixed the source of the problem, and feel confident that this won’t happen again.”

While this does not guarantee that you won’t get “dinged” for your error, it may be that the penalty will be reduced, given your documented, good-faith effort to fix the problem.

The Basics

This standard governs communications with providers and patients.  The organization needs to be able to receive communications from those two groups both during the business day and after hours.  In addition, you need to be able to respond to provider and patient communications within one business day.  Finally, the standard requires that your communications to providers occur during "reasonable and normal business hours" unless you have an agreement with the provider to the contrary.

Note that this standard does not apply to requests for certification.  Those time frames are covered in other standards.  This is limited to other, more administrative inquires from providers and patients.

Management Tips

This standard is anomalous because it uses business days, not calendar days, as its metric. This makes sense, however, since it covers only administrative communications, not communications covered elsewhere in the standards (especially requests for review determinations), and because the standard emphasizes that communications should take place during reasonable and normal business hours.

The key here is to articulate clearly in your P&Ps all the various ways you receive administrative requests, what mechanisms are in place to receive them after hours, and that you’ll respond within one business day during business hours. 

You have some flexibility in defining whether you'll respond via telephone or other electronic methods.  Just make sure your P&P is clear on this point.

URAC Accreditation Tips

This standard is weighted 4.  The first element is primary, while the other two are secondary.

The documentation to be submitted for this standard at the AccreditNet phase is merely the applicable P&Ps.  During the onsite review, the reviewer not only will talk to your staff members about their understanding of the communications requirements, but also observe them in action at their desks.  

The applications we’ve seen more frequently leave out the “after hours” component of the P&Ps more than anything else, so don’t overlook it!

To the tortoise goes the race.

Last month, URAC achieved “deemed status” as a recognized accreditation organization (“AO”) in CMS’s Medicare Advantage (“MA”) program. What this means is that URAC-accredited health plans and health networks who also seek URAC’s accreditation under its “Medicare Module” will be deemed to be in compliance with significant aspects of CMS’s MA program without the need of regulatory oversight in those areas.

URAC joins NCQA in this “deemed status” category. JCAHO and AAAHC had that status for a while, but no longer do, ceding the turf to the “big two”.

All I have to say is, “phew!”.

URAC made a strategic decision not to jump right into the fray when the program was announced several years ago, but launched its efforts in late 2003. For much of the process, I consulted as project manager and worked closely with URAC’s staff on the creation of the crosswalk comparing URAC’s health plan and health network standards to the CMS regulations, then writing the Medicare Module to fill in the gaps where URAC did not have a standard to correlate with specific regulatory requirements.

So, some of the delay was the result of this executive decision at URAC. However, oddly, some of the delay is directly attributed to the Medicare Modernization Act (“MMA”). It just happens that URAC’s timing was bad, colliding with the enormous pressures on CMS’s staff to implement the prescription drug program mandated by the MMA. URAC’s application simply sat on overworked regulators’ desks throughout the summer and fall of 2004, so long, in fact, that the window of opportunity for CMS to conduct the site visit that is part of the AO deemed status process closed. URAC was forced to resubmit its application when things cooled down at CMS and they were able to coordinate the requisite site visits with a beta applicant.

Things were further slowed down when changes in responsible personnel at CMS seemed to lead to changing review requirements. Language and processes that had been approved in 2004 were no longer good enough in 2005. URAC’s staff navigated the changing landscape skillfully, completed the site review process in March, and crossed the finish line in June.

In the weeks since the approval, calls have started to come in, both to URAC and to Integral Healthcare Solutions, with inquiries about the application process.

Sounds like some URAC applicants consider it to have been worth the wait!