04/14/2014

Infographic: ICD-10 Delay: How is the industry reacting?


On Tuesday, April 1, 2014, President Barack Obama signed into law the Protecting Access to Medicare Act of 2014 to patch the sustainable growth rate formula for Medicare physician pay. Section 212 of the law delayed ICD-10 implementation until at least October 1, 2015.

To many in the health care industry, this delay falls into the category of unexpected news; after two previous delays, many were operating under “full steam ahead” plans. 

Below is a snapshot of how approximately 1,250 health care industry professionals responded to live polling questions during a recent Deloitte Center for Health Solutions Live from the Center webcast. For more information on this webcast, or to view the on-demand archive, please visit: www.deloitte.com/us/livefromthecenter.

 Deloitte | DeloitteHealth | ICD10 Delay Infographic | #CHSBlog | #mHealthConsumers

04/10/2014

No time to slow down: looking forward to 2015 open enrollment


by Bill Copeland, Vice Chairman, U.S. Life Sciences & Health Care Leader, Deloitte LLP

For the most part, the 2014 open enrollment season is now over. With last week’s deadline of March 31, we have reached a major milestone in the implementation of the Affordable Care Act (ACA). Initial estimates suggest that more than 7 million individuals are now enrolled in coverage through the federally-facilitated or state-based health insurance exchanges (HIX). And, that total may rise during special enrollment extensions being granted by some exchanges through the end of April. 

Unfortunately, there is little time for executives to catch their breath. While what’s gone right and wrong will continue to be debated in the halls of Congress, discussed in company board rooms and highlighted in the media, stakeholders now need to begin focusing on the future.

The race to the beginning of 2014 open enrollment was an expensive and time consuming marathon, but now the industry needs to consider switching gears and focusing on the long road ahead. There are several short-term deadlines approaching that will likely require stakeholders to think broadly and strategically about their desired long-term positioning (see timeline below).

States: If contemplating a switch in the operational status of its HIX, states should consider not just how important short-term economic and political goals might be achieved with a new exchange model, but also whether that new model will be sustainable given other resource and investment priorities. States that faced challenges are likely to focus on how to make technology better and how to more effectively reach eligible enrollees. In addition, health care stakeholders will be paying increased attention to alternative models of Medicaid expansion that have begun to emerge from states such as Arkansas, Iowa, Pennsylvania, Michigan and, more recently, New Hampshire. As asked in the February 4, 2014, Health Care Current—have these states found a way to reduce the effects of churning by allowing health care consumers a choice in the matter? The result could be more cost savings for states and greater quality for consumers and other states could follow.

Employers: Employers are expected to optimize health benefit packages for their employees in ways that take advantage of developing opportunities and that make sense for their business in terms of the bottom line and attracting and retaining employees. They could be doing this while managing federal requirements for employers that continue to evolve. In February, the IRS delayed again the requirement for mid-sized employers to offer insurance to their employees until January 2016, while keeping the January 2015 deadline for employers with more than 100 employees. Also, Congress continues to wrestle with the definition of “full-time,” as the House of Representatives voted last week to increase the required hours from 30 to 40. These very complex and ever-changing issues are impacting many other operational and strategic choices.

Health plans: In thinking about whether they will participate in the exchanges during the 2015 benefit year, health plans may need to assess whether their products and pricing were on target this year and whether they will modify what they offer and raise premiums in the next go-round—despite having only a few months of data (i.e., spending patterns, disease burden) on their new customers. And, if the health plan still has a significant legacy individual pool of “grandmothered” products, how should the overall portfolio of risk be managed from a risk and pricing perspective? The continued growth in Medicaid and Medicare and the move toward defined contribution plans are prompting many health plans to think more generally about how best to attract, acquire, serve and retain members who can choose among options. This shift in focus is leading them to look closely at whether their current capabilities—designed and optimized to sell and serve group plans—are adequate for business success in the individual market. Lastly, for some plans, the promised performance of their new narrow networks has their group customers asking for a quote. 

A new Deloitte report suggests that health plans are focusing on meeting regulatory requirements and strengthening retention capabilities in the near term, but are expecting to widen their priorities in the longer term to address consumer preferences, consumer experience and distribution capabilities.1 Among the 46 health plans surveyed, nine out of 10 said investments in two areas—product development and pricing and consumer experience—will be critical or highly important for improving their company’s competitive position in the commercial individual market over the next three years.

Making these strategic decisions is especially challenging because of new and evolving uncertainties:

  • Consumer attitudes and behaviors: Will new enrollees stay enrolled and continue paying premiums? Why are some individuals still uninsured and what might it take to get them to enroll? Are subsidies and penalties sufficient incentives? Did people manage to stay unaware of their options? Is the reluctance to enroll a matter of attitude or affordability? 
  • Variation across states in operational approaches, eligibility requirements and technical difficulties: How will the various health care stakeholders manage while marketplace characteristics continue to evolve amidst shifting political climates?
  • The ever-present possibility of regulatory and legislative changes and the potential for judicial appeals: For example, what will the outcome be if the U.S. Supreme Court rules that individuals in the federally-facilitated HIX do not qualify for subsidies?
  • Increased patient load: Will providers be able to handle the increase in patients expected with greater access to insurance coverage? Will narrowing networks have an effect on patient loads or the prices providers are willing to accept? 
  • Exceptions to drug formularies and increased utilization management controls: What effects might these approaches have on the use and spending on prescription medications for health plans in the HIXs?
  • “Copper” benefit design products that would offer less coverage at a lower premium: Are they a good idea? Clearly the uninsured consumer still on the sidelines continues to be the largest individual market segment. A competitor offering a cheaper “copper” product might be successful with this segment.

Though the future ahead is filled with a great deal of uncertainty, it is expected to take shape in part through the cascading decisions that different stakeholders make in response to upcoming deadlines.

It’s not yet clear where the future will take us, but, one thing feels certain: turning our attention to preparing for the possibilities that lie ahead seems critical for success. This could mean placing some bets—even if the return is uncertain.

Read the entire Health Care Current here and subscribe at: www.deloitte.com/centerforhealthsolutions/subscribe

 Bill

Email | LinkedIn

Source: 1Deloitte, “Survey Says...Health Plans Advance Retail Capabilities,” 2013

 Bill Copeland, Vice Chairman, U.S. Life Sciences & Health Care LeaderBill Copeland is the U.S. Life Sciences and Health Care Leader for Deloitte LLP and the sector leader of the practice's health plans group. Bill's near-term focus is helping companies and governments better address the direct challenges and extended ramifications caused by new developments with ICD-10, electronic health records, health insurance exchanges and accountable care organizations. 

 

Timeline for 04082014 My Take

04/07/2014

2014 open enrollment is over, so what’s next? Health Plans invest to improve “retail” capabilities


by Paul Lambdin, Director, Health Plans, Sector Solution Leader for Retail Services and Health Insurance Exchanges, Deloitte Consulting LLP and Susan Novak, Senior Manager, Health Plans Retail Initiatives Leader, Deloitte Consulting LLP

As health insurance exchange marketplaces hit a key milestone – the “official” end of open enrollment, the work is not yet over, and, in some ways, is just beginning. Current headlines are filled with stories of the work the federal and state exchanges need to do, as well as the efforts health plans are making to unravel membership records and subsidy eligibility. But less is being publicized on the much larger, and longer-term efforts of health plans to transform their business models from employer-centric to individual consumer-centric, or “retail” organizations.  

Consumerism has long been a trend and buzzword among health plans, but what’s changed? Why “retail”? Why now? With the anticipated growth in the commercial individual market, the continued growth in the Medicare and Medicaid lines of business, and the growing trend of private exchanges among employer-sponsored businesses, there is little denying that consumer-choice is trending upward. As a result, health plans are paying more attention than ever to improving their capabilities that serve to attract, acquire, and retain the individual consumer. 

An increasing number of plans are asking how they can educate and align executives around retail trends in both the retail and health care industries, develop strategies to drive growth specifically in their “retail” (individual) lines of business, improve their understanding of and ability to serve the individual consumer, redesign their distribution channels, and craft retail IT strategies. And there is much work to be done. The health insurance industry ranks 14 out of 14 industries in Forrester’s Customer Experience Index.1 That’s dead last.  

In this context, we launched the Deloitte Health Plan Retail Capability Survey to expand our understanding of the health insurance industry’s current capabilities to serve, and future investment priorities for the most dramatically changing segment of the market – the commercial individual market. We asked health plans leaders about their plans for growth in the commercial individual market, what capability investments they believe are critical for commercial individual market success, and their organization’s current capabilities and future investment plans. We explored 100 business and technology capabilities across five larger areas: 1) product and pricing, 2) branding and marketing, 3) distribution, enrollment and renewal, 4) consumer experience and 5) health and wealth management. We received an overwhelming response. Forty-six health plans representing 60% of the commercial individual marketplace2 and spanning national, regional, Blue Cross and Blue Shield, provider-sponsored, established, and new-entrant plans participated in the online survey at the end of 2013.   

An analysis of the results revealed that health plans intend to acquire a significant number of retail capabilities by 2017 that will likely set the stage for a “new normal” in the way plans address the commercial individual market. This will be characterized by a deeper understanding of the consumer, more savvy use of consumer analytics to drive marketing, product, pricing, distribution, service, and engagement models, more sophisticated health system navigation tools, and more robust use of CRM and digital technologies to automate consumer interactions. 

Other key takeaways include:

  • Product, pricing, and consumer experience are health plans most critical investment priorities over the next three years. The most popular product and pricing capability investments relate to improving an understanding of consumers, including their lifetime value, and applying more sophisticated analytics to inform product design and pricing decisions. Within consumer experience, consumer insight and analytics were also key themes, with the integration of customer data and the operational application of more advanced, predictive customer analytics included as priorities. More tactical consumer experience priorities included web chat and automated bill payment reminders.  
  • Distribution, enrollment, and renewal capabilities are also common areas of investment. The single most frequently cited investment over the next three years was in this set of capabilites – to “use a thorough understanding of the consumer’s purchase process and preferences to inform channel strategy and design,” in which 63% of respondents are planning new investments, bringing the market prevalence to 91% of the market by 2017. Other popular capability investments in this category include retention strategies, systematic touch points to reinforce the relationship, guided selling tools, and CRM integration.  
  • Branding and marketing capabilities and health and wealth management capabilities were lesser priorities. However, by 2017 branding and marketing for retail plans will likely be analytics-driven, personalized, and digital, as more than 90% of health plans aspire to possess these less common capabilities today. In health and wealth management we are likely to see more sophisticated cost transparency tools, predictive analytics to identify and engage members in health programs, and increased integration between clinical and customer service functions to improve targeting and intervention.    
  • Technology investments aren’t an option; they’re an imperative. A key to achieving the most common business capability investments is making investments in the right technologies to support. The five most popular technology investment categories out of the 19 technologies surveyed are related to: 1) transparency, 2) mobile, 3) CRM, 4) data and analytics, and 5) consumer engagement technologies (i.e., quantified-self, gamification). 

Taking a step back from the survey results, health plans have a lot on their plates. Most have ambitious plans for the number of capabilities they will add over the next three years  adding 38 capabilities on average out of the 100 capabilities surveyed. Will they get it all done and be able to deliver the basic “blocking and tackling” of enrolling new members, answering calls, and paying claims?  Place your bets. However, one message is clear from both the survey response rate and the detailed responses shared by participating health plans: health plans are getting “ready to retail.” 

For more on this survey, check out the paper “Survey Says…health plans advance retail capabilities.  Highlights from Deloitte’s 2013 Health plan retail capability survey.” 

Sources: 1Forrester. The Customer Experience Index, 2014.  January 21, 2014. 

2Deloitte analysis of 2012 year end and 2013 Q2 NAIC state filing data via SNL database, December, 2013. 

Paul Lambdin, Director, Health Plans, Sector Solution Leader for Retail Services and Health Insurance Exchanges, Deloitte Consulting LLP

Paul Lambdin joined Deloitte’s Life Sciences & Health Care industry practice and the Health Plans sector as a Strategy & Operations director in 2010, after 25 years in the insurance and health care industries. Paul is a thought leader in health plans go-to-market functions, and focuses on growth strategy in today’s era of health care reform. A leader of Deloitte’s health insurance exchange (HIX) initiative, Paul develops solutions to prepare organizations for strategic, market, and operational exchange readiness.

Susan Novak, Senior Manager, Health Plans Retail Initiatives Leader, Deloitte Consulting LLP

Susan Novak is the Health Plans Retail Initiatives Leader for Deloitte Consulting, LLP. She is a Senior Manager in Deloitte’s Life Sciences and Health Care practice with more than a dozen years of Health Plan strategy and operations consulting experience in strategic planning, business model transformation, distribution strategy, product & pricing strategy and readying clients for Health Insurance Exchanges and the growing retail market. Her clients include large national health plans, Blue Cross Blue Shield plans, and regional health plans. Susan was the engine behind Deloitte’s 2013 Retail Capability Survey and has contributed to publications on consumerism and retail topics such as exchanges, healthcare consumers, segmentation, rewards programs and more.

04/02/2014

ICD-10: dealing with uncertainty when the stakes are high


by Mitch Morris, MD, Vice Chairman and National Healthcare Provider Lead, Deloitte LLP

As a physician I often gave my patients news they expected. But sometimes I delivered things they did not expect to hear. Yesterday, Congress passed (64-35) a short-term, one-year solution to override the scheduled 24 percent cuts to the Medicare sustainable growth rate (SGR) by passing the Protecting Access to Medicare Act of 2014. Under the short-term fix, physician pay in the Medicare program will increase 0.5 percent for the remainder of the year. This came mostly as expected news to many in the health care industry.

But, tucked away in the 120-page bill was a provision that delays the transition to ICD-10 by at least one year to no earlier than October 1, 2015:

 “The Secretary of Health and Human Services may not, prior to October 1, 2015, adopt ICD–10 code sets as the standard for code sets under section 1173(c) of the Social Security Act (42 U.S.C. 1320d–2(c)) and section 162.1002 of title 45, Code of Federal Regulations.”1

To many in the health care industry, this delay falls into the category of unexpected news; after two previous delays, many were operating under “full steam ahead” plans. Now, and over the next several months, industry stakeholders will begin to move through various stages in accepting this news. Some will quickly move straight through to acceptance, while others may still deny this has happened. Many, especially those who were ready to convert, are likely to be frustrated about putting other priorities on hold, only to have this last minute surprise.

For those moving forward, the question now becomes how to deal with uncertainty when the stakes are high. So what is next?

Health care providers: provider organizations should consider developing a plan that addresses how the new timeline will impact budgeted resources, technology updates and testing, collaboration timing, training plans and overall connection to organization-wide initiatives. Those who are further along in the transition should consider whether it is possible to continue technology testing in light of potential future system changes as well as vendor readiness. This updated timeline could also allow for additional testing waves for system upgrades, integration testing and an end-to-end evaluation including payer collaboration. Additionally, an evaluation of other initiatives originally placed on hold, such as a new revenue cycle system implementation or computer-assisted coding tools, may now be a possibility with the delayed date.

Provider organizations could also use this extended period for additional training and practice using the new code set. Until now, timelines for these elements have typically been compressed for many organizations. Entities that have completed early code adoption have encountered challenges with code selection quality and have experienced initial productivity impacts of up to 70 percent. To stay nimble in light of this change, organizations should consider developing a plan to capitalize on the additional time for further training and practice. Providers should consider keeping the training plan on target to increase user experience with the new code set. This may help reduce the need for so many external coding resources through increased productivity. Additionally, organizations could repurpose resources on clinical documentation efforts that are focused on both ICD-9 and ICD-10 to improve documentation and incorporate such elements into the electronic health record.

Health plans: many in the health insurance industry have grown familiar to sudden change and re-planning efforts; the reaction to this delay is not expected to be much different. Health plans should consider updating their ICD-10 remediation strategy and supporting plans and making calculated decisions on how to proceed. New plans could include an evaluation of development and testing efforts that should be completed and deployed versus those that may be slowed to free up funding and resources for initiatives. Those who are in the process of finalizing business and deployment readiness plans may now need to evaluate if these efforts should proceed considering the need to maintain a core set of resources or mobilize new resources at a specified date. Health plans could use the time to expand their provider collaboration testing and modeling the impacts to Medicare and commercial risk adjustment―two areas that many plans have just started. This delay also presents an opportunity to review corporate funding priorities and determine if new initiatives, such as retail/consumer-focused initiatives, should be started now instead of waiting for ICD-10 to be complete.

State Medicaid plans: states should consider how this delay impacts state budgets as well as requests for federal matching funds. Similar to providers and health plans, the delay could impact contracts with vendors (e.g., fiscal agents, care/utilization management companies, managed care organizations). States working to procure new Medicaid Management Information Systems (MMIS) could assess whether to discontinue efforts to update legacy systems and implement ICD-10 in their new MMIS solutions. Lastly, states that are updating their MMIS in multiple releases may need to reassess release strategies – especially if ICD-10 updates are intertwined with other updates.

As in many other areas of life, when we get news that is unexpected, we often lean on others. We rely on their strengths and weaknesses to come through whole on the other side. With this delay there could be an opportunity for health plans and providers to support each other. This is something they couldn’t do so easily given the previous timeline, which required many organizations to drive full-speed ahead independently toward the transition. Both stakeholders should consider extending collaboration and testing opportunities to exchange sample claims that will enable additional coding practice and data analysis and further refine claim accuracy.

I gave news many times throughout my career in medicine. Often times, as soon as a patient hears a diagnosis, his or her mind starts whirling and they miss everything else—including the next steps.

I offer the same advice in this situation: slow down, take a breath, get all of the facts and start planning.

 Read the entire Health Care Current here and subscribe at: www.deloitte.com/centerforhealthsolutions/subscribe.

Mitch

Email | LinkedIn

 P.S. For more information about the ICD-10 delay and what it might mean for your organization:

Source: 1http://www.gpo.gov/fdsys/pkg/BILLS-113hr4302eh/pdf/BILLS-113hr4302eh.pdf

Mitch Morris, MD, Vice Chairman and National Healthcare Provider Lead, Deloitte LLP

Mitch Morris is the National Leader for the Health Care Provider sector at Deloitte including Consulting, Audit, Tax, and Financial Advisory Services. Dr. Morris has more than 30 years of health care experience in consulting, health care administration, research, technology, education, and clinical care.

04/01/2014

Upcoming webcast: Interoperability - breaking down barriers in health information technology


Dbrief blog

April 8, 2014 | 1 PM ET

Register Now

As the health care industry moves forward with breakthroughs in health information technology, interoperability is becoming top of mind to optimize care. How can collaborative technology promote a connected health experience and support patient engagement? We’ll discuss:

• What health care companies can learn from other industries that have addressed the         technical and business challenges of systems communications?
• How industry and technology standards impact innovation and business development in     health information technology.
• Considerations and smart steps towards interoperability in the health care industry.

Explore potential impacts that interoperability could have in improving health information exchange and realizing meaningful use of electronic health records.

Presenting speakers:

Kelly Patrick, Specialist Leader in the Health Information Technology Solutions, Deloitte Consulting LLP Kelly Patrick is a Specialist Leader in the Health Information Technology Solutions practice at Deloitte Consulting LLP. She leads the technical implementations of Revenue Cycle and Clinical Information Systems for large healthcare institutions. Her focus areas include planning and managing activities related to infrastructure, interfaces and conversions, testing, environment planning, change control and release management, and IT operations.

Quinn Solomon, Senior Manager, Deloitte Consulting LLP
Quinn Solomon is a Senior Manager in Deloitte Consulting LLP, focused on Digital Technologies in the Health Care industry, leading Deloitte Digital’s Health Plan and Provider sectors. With over 15 years of experience he focuses on the intersection of digital technologies and health care: specifically how these technologies can be used across to improve the patient/member experience while reducing costs.

Erik Pupo, Principal, Deloitte Consulting LLPErik Pupo, a key expert on standards and interoperability, works with federal health agencies, providing expertise on standards and interoperability, and serves as the lead for standards and interoperability efforts on the DOD/VA through the Interagency Program Office. Erik has over 14 years of experience, including working in senior positions for federal, state, and commercial healthcare programs.

Andy Weisenthal joined Deloitte after a 28-year career with Kaiser Permanente, where he built the quality management capability of KP’s Colorado Region from scratch, and led the implementation of that region’s electronic health record. At the national level, he lead their deployment of an electronic health record nationwide. Completed in March 2010, the project was the largest PHR currently available in the world, with more than 4 million Kaiser Permanente members actively using it.

Moderator:

Harry Greenspun, Senior Advisor for Healthcare Transformation and Technology, Deloitte LLP

Harry Greenspun, MD is the senior advisor for health care technology and transformation at the Deloitte Center for Health Solutions. He has held a diverse range of clinical and executive roles across the health care industry, giving him a unique perspective on current and future challenges.You can follow him on Twitter via @HarryGreenspun.

 

03/31/2014

Secure, vigilant, and resilient: three pillars of health care cyber risk protection


by Mark Ford, principal, Deloitte & Touche LLP

It is prime time for health care hackers. With the advent of big data and a sharp rise in the amount of health care data being collected, stored, and exchanged, opportunities to steal sensitive information and wreak serious damage across the health care spectrum are escalating.

In September 2013, the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule came into effect. Among other provisions, it strengthens regulatory protections of patient information; increases penalties for breaches; and places greater emphasis on covered entities, making sure business partners, associates, or other third-party vendors are doing all they can to protect sensitive information. Regulatory rules are the primary means by which our government attempts to get the attention of commercial business. Regulations are very important; however, they are not enough to address the rapidly changing and increasingly sophisticated threats the health care industry is facing. It’s time to see beyond compliance.

What’s especially troubling is the relative ease with which health data is stolen or compromised, even if an organization is ”HIPAA compliant.” In many cases, the industry’s cyber risk exposure can be attributed to lack of focus, commitment, and sufficient resources. Too few health care enterprises can detect and prevent cyber-attacks before they occur. They are then forced to respond only after the threat has taken root, making a meaningful response to a breach that much more challenging.

Since HIPAA’s Breach Notification Rule was published in 2009, more than 800 large-scale breaches, defined as those affecting 500 or more individuals, have been reported. They include disclosures of protected health information (PHI) and denial of patient access to PHI.1

If a major insurer suffers a massive breach, it’s a pretty good bet it won’t be the third-party business partner responsible for it whose failure is splashed across the front page. When crisis hits, public sentiment doesn’t distinguish between contractual responsibilities – the party with the highest profile usually takes the hit. Can that same payer rely on a “business associate agreement” to keep their name out of the newspaper? I doubt it. 

So, health industry leaders are understandably anxious and unsettled about cyber security. Recently, I attended a health care CIO conference. The theme was health information exchanges, and nearly all of the questions these leaders asked touched on security – how their data could be more safely managed and how protection systems can be reactive and preventative.

One way to think about how to defend from evolving cyber risks is to understand the various types of threats health industry leaders face. Let’s take a look at three main types of threat actors:

Center_Health_Solutions_Cyber_Risk

Of these three, the classic hacker is typically the most common and of paramount concern to leaders in the health care and life sciences industries. To defend against the classic hacker and the other categories of threats, you need an approach that takes into account the nature of the threat.

A comprehensive use of real-time (or near-real-time) “threat intelligence” informs the most effective multi-tiered approach, and is embodied in three key operational buckets – security, vigilance, and resilience. Each is an essential pillar in the development of a comprehensive strategy. Health care leadership should make sure that controls are put in place at every critical step of system development. Operational deployment is even more important — not after the fact, and not only when a disruptive attack has occurred.

Many strategies deployed in health care have not adequately addressed cyber-threat risk, likely because their focus has been primarily on compliance. Data breaches have become more targeted in recent years. Those who commit intentional breaches have become more sophisticated. Many companies are struggling to understand how their protections need to be adaptive to today’s evolving threats. Hackers are always adapting to exploit vulnerabilities. The health care sectors have shown mixed results in keeping up.

Of the three major health care sectors, life sciences companies tend to have invested the most in cyber security and are considered to be the most prepared and most forward-thinking. Their products and services carry enormous value (such as the intellectual property of a new drug), and their industry is highly competitive. They are often better equipped to understand and address potentially catastrophic cyber-attacks. They arguably have the most at stake and tend to apply more resources to meet the challenge.

Providers are motivated largely by compliance. Ask most hospital officials what they’re doing about cyber risk and they’ll often frame it only in terms of how they’re meeting HIPAA requirements. They have a significant amount of sensitive data at stake (such as PHI) and by comparison, few resources to protect it. In this highly vulnerable environment, that could spell trouble.

There’s no easy remedy, no silver bullet that will end cyber-attacks once and for all. Data protection will only become more challenging in the years ahead. Employing the right tactics is important and essential. Steady regulatory compliance and investing in additional resources including people, processes, and the latest in technology, are all necessary steps. However, these tactics are only as good as the strategy that guides them. When addressing the pervasiveness of cyber risk, it is essential that your strategy be secure, vigilant, and resilient.  
 
 

Mark Ford, principal, Deloitte & Touche LLP

Mark Ford is a principal in Deloitte’s Cyber Risk Services practice and serves as the lead for the Life Sciences & Health Care industry. In this role, Mark has consulted with more than 60 health care organizations incorporating the Health Insurance Portability and Accountability Act of 1996 (HIPAA)/Health Information Technology for Economic and Clinical Health (HITECH) rules, implementing new electronic medical records and/or applying for meaningful-use certification. Before taking on the health care leadership role, Mark established Deloitte’s Identity & Access Management (IAM) practice and led the service line for approximately 10 years. The IAM practice is recognized as the largest IAM consulting practice in the world.

1Department of Health and Human Services, Office of Civil Rights, Health Information Privacy, Breach Notification Rule: Breaches Affecting 500 or More Individuals. Accessed via http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

03/28/2014

Live from the Center webcast: What’s next for ICD-10?


A discussion of legislative events and smart next steps for health care organizations to consider

April 2, 2014 | 12:30 p.m. – 1:30 p.m. ET

Register now

What's next for ICD-10? Live from the Center webinar

On Thursday, March 27, the U.S. House of Representatives passed legislation that will potentially postpone the ICD-10 compliance date. The Senate is scheduled to vote on the bill Monday, March 31, at 5 p.m. ET.

Regardless of the outcome, health care organizations need to consider their go-forward plans and what to prioritize now.  On Wednesday, April 2, Deloitte leaders will discuss:

  • Implications from the legislation for health care providers, health plans, and state and   federal organizations
  • Strategic and tactical approaches organizations should consider
  • Scenario planning, including impacts, opportunities, and challenges
  • Post-go-live planning organizations should consider to facilitate a smooth transition

Join us to gain insight on next steps to consider for ICD-10 – whether the implementation date is 2014 or beyond.

Register now

Christine Armstrong, Principal,Deloitte Consulting LLP Christine Armstrong is a principal for Deloitte Consulting LLP and has more than 25 years of health care experience within industry and consulting organizations. She has extensive international experience with operational improvement projects including ICD-10 coding quality improvement and training projects in the Middle East and Europe. She is a national speaker on many topics such as coding, documentation, compliance, revenue cycle improvement and ICD-10 readiness.

 

Kimberly Beckendorf,Director,Deloitte Consulting LLP Kimberly Beckendorf is a director in Deloitte’s Public Sector State Health practice. She has more than 25 years of experience in health care consulting with significant experience in health plan operations and strategy for both public sector and private sector health care payers. Her experience includes providing claims and operational reviews, operations recovery and improvement, medical management, managed care, MMIS implementation, and HIPAA consulting services. Kim leads Deloitte’s State Health ICD-10 practice and is a frequent speaker at industry meetings on the topic of ICD-10..

 

Melinda Reno,Principal,Deloitte Consulting LLP Melinda Reno is a principal in Deloitte Consulting LLP’s health plans technology practice. She leads Deloitte’s overall ICD-10 services nationally. Melinda has more than 17 years of experience in the health care industry and specializes in technology-enabled business for health plans core administrative functions. Melinda has been leading the ICD-10 impact assessment and financial risk assessment and leading the development of Deloitte’s provider-payer collaboration solution.

 

 

Sarah Thomas, Director of Research, Deloitte Center for Health Solutions, Deloitte LLP Sarah Thomas is a director with Deloitte Services LP and the director of research for Deloitte's Center for Health Solutions. Sarah has experience in public policy, ranging from reimbursement to addressing issues such as quality in Medicare, Medicaid and the private health insurance market, including health insurance exchanges and marketplaces.She has more than 13 years of government experience.

 

 

 Moderator:

Harry Greenspun, Senior Advisor for Healthcare Transformation and Technology, Deloitte LLP

Harry Greenspun, MD is the senior advisor for health care technology and transformation at the Deloitte Center for Health Solutions. He has held a diverse range of clinical and executive roles across the health care industry, giving him a unique perspective on current and future challenges.You can follow him on Twitter via @HarryGreenspun.

 

03/27/2014

Fixing an unsatisfactory equilibrium in health care: riding the new wave of social entrepreneurship


by Reynold W. (Pete) Mooney, Deloitte Touche Tohmatsu Limited (DTTL) Global Managing Director, Life Sciences and Health Care

In 2007, Roger Martin and Sally Osberg attempted to describe “social entrepreneurship” in an article for the Stanford Social Innovation Review. They pointed out that social entrepreneurship often addresses an “unsatisfactory equilibrium.”1 Pierre Omidyar and Jeff Skoll identified an unsatisfactory equilibrium in geographically-based markets, and as a result, eBay was born. Before Omidyar and Skoll created eBay, individuals had to rely on phonebooks and garage sales to get the exact (or close to it) products and materials they sought. This isn’t the only example. Martin and Osberg go on to describe the unsatisfactory equilibriums that led to the creation of the Snugli, FedEx and the personal computer.

Today, more than 250 million people who live in urban slums around the world suffer from chronic diseases.2 But, the funding that goes to global health care improvement efforts is mostly focused on infectious diseases. There seems to be an unsatisfactory equilibrium between what care is needed and where funding goes.

Creating solutions to address this imbalance was the challenge presented to MBA students participating in this year’s Hult Prize—an annual competition sponsored by the Hult Foundation and the Clinton Global Initiative. In 2009, Time Magazine identified the Hult Prize as “one of the top five ideas changing the world.”3 Through this competition, more than 200 teams of graduate students dedicate a tremendous amount of time and energy to creating effective and sustainable solutions to complex social problems. The prize to the winning team is $1 million in start-up capital. Earlier this month, I had the pleasure of participating on an executive jury in London tasked with reviewing the 2014 regional submissions. Nearly every team had individuals with diverse professional backgrounds hailing from different countries of origin, which brought unique points of view and a multinational perspective to the proposals.

The Hult Prize is an example of how the traditional philanthropic approach of giving financial aid to those in need is evolving. Funding is now being infused with technology and business strategy to spark innovative business-based, socially-focused enterprises that seek to solve some of today’s toughest problems. Importantly, solutions are designed to be self-sustaining and focused on return on investment (ROI).

The scope and scale of this year’s Hult Prize proposals are amazing to consider. All are innovative, with the potential to lead to significant improvements either through incremental steps or maybe even disruptive strides. Some ideas are narrowly focused, while others are more broad-based solutions hoping to impact multiple areas. The regional winners spanned that spectrum. Attempting to address the health problems plaguing many slums around the world, the students presented possible solutions ranging from “Sweet Bites,” a proposal to locally manufacture chewing gum that can improve oral health, to “NanoHealth,” an approach to create micro-insurance health networks, to “Dox-in-Box,” a device to support diagnosis and connect patients to providers who can provide adherence plans.4

As I listened to the presentations, it occurred to me that the efforts and themes baked into this competition present a few important lessons for the health care industry:

  • Pull ideas from a broader base: Good ideas can come from anywhere, and the industry needs to be ready to recognize promising ideas from unexpected sources. Non-traditional players such as Google are entering the health care space, and crowdsourcing approaches like prize competitions can be an especially productive way to solicit creative contributions.
  • Pressure test ideas in a systematic way: Applying the same rigorous evaluation process to every proposal could illuminate the relative merits and shortfalls of each. Hult Prize participants had only ten minutes to pitch their solution and two minutes to respond to questions. This required them to be clear about the essential elements of their proposal.
  • Consider new investment opportunities: Only one team will receive financing through the Hult Prize to pursue their solution, yet there were many more promising ideas brought to the table. These could be financed through other sources, including health care and life sciences companies interested in investing in innovative social enterprises. Hackathons are continuing to show innovative ways to connect the health care industry to new technologies and approaches.
  • Think about ROI: Metrics that are typically used to assess the ROI in business ventures may not directly apply to social enterprises aiming to address major social challenges, but that doesn’t mean their ROI should go unmeasured. Given the growing emphasis on sustainability, evaluating the extent to which social enterprise solutions meet their objectives and outcomes given specific levels of investment will be a key step to determining long-term viability and success.

Leading organizations could learn how to contribute to and benefit from this new wave of social entrepreneurship. I am excited to see where this new direction will take us.

Read the entire Health Care Current here and subscribe at: www.deloitte.com/centerforhealthsolutions/subscribe

Pete

Email | LinkedIn

P.S. For more information about the 2014 Hult Prize visit their website: http://www.hultprize.org 

Sources: 1 Roger Martin & Sally Osberg, “Social Entrepreneurship: The Case for Definition,” 2007, http://www.ssireview.org/articles/entry/social_entrepreneurship_the_case_for_definition 2Hult Prize, “Social Enterprise Challenge: Improving Chronic Disease Care in Slums by 2019,” http://media-hult.ef.com/~/media/Hult%20Case%20Global%20Challenge/2014%20Hult%20Prize%20Challenge 3http://www.hultprize.org/   4 Hult Prize, “Meet the Six,” http://www.hultprizesix.com/

Reynold W. (Pete) Mooney, Deloitte Touche Tohmatsu Limited (DTTL) Global Managing Director, Life Sciences and Health Care

Reynold W. (Pete) Mooney is the Managing Director for the Global Life Sciences and Health Care Industry Practice of Deloitte Touche Tohmatsu Limited. He is a corporate strategy consulting professional with a background in manufacturing and operations in process industries. With over 30 years of international consulting career, he has assisted senior executives take advantage of growth opportunities in business segments undergoing dramatic change, transition and globalization.

03/24/2014

Six trends in the big data revolution: expanding connectivity


Expanding connectivity: rethinking the engagement model between patients and providers

Big data revolution: Part 4 of a 6-part series

by Dan Housman, Director and Chief Technology Officer, Recombinant By Deloitte, Deloitte Consulting LLP

Balancing

Last month, while wandering around the HIMSS annual conference trade show floor and learning about the latest in health IT, I was simultaneously racking up extra steps for a fitness competition that monitored activity using Fitbit, Jawbone, and other fitness monitoring devices. This competition is indicative of the fast-emerging trend of providing care that can leverage the expanded connectivity that continues to increase among patients each year.  People are more connected to the Internet and information than ever before through their mobile devices, home networks, and specialized devices like wearables. This translates to a wide variety of new patient data sources that will likely act as key inputs toward supporting patient care that extends far beyond the historical paper medical chart. The result is not only a major opportunity to offer better, lower-cost care, but also a big shift in how to think about the engagement model between patients and providers.

While anyone can use a fitness tracker, many devices are emerging to help evaluate one's health status for more complex situations. Diabetes progression and management can be monitored with glucometers connected to smartphones. Pill bottles are becoming digitized to detect usage in order to estimate medication adherence. Patients with early stages of dementia or individuals who are suspected of having concussions can use specialized surveys to evaluate disease progression. Medical devices increasingly are including network-enabled features that report back on details of their uses. Furthermore, a number of patient-reported inputs are available through unstructured formats like public social media content and structured formats like EHR patient portals.

This trending influx of connected medical data is just beginning to become integrated into the process of providing patient care. In some cases, a device can act as a better monitor of emergent risk than provider visits to highlight a potential situation where action is required. For example, the risk of a heart attack can be monitored using weight measurements for patients with congestive heart failure who also have a rapid increase in body mass index, which can be detected from fluid retention. So a wireless scale can become a life saver if it can alert a care team of a sudden weight gain. The first phase of leveraging the increased potential of new devices is to move the device data into the view of health care professionals to support patients. Bridging this gap requires working out the model for patient consent, reimbursement, and technical integration. All of these are rapidly being overcome through initiatives to push key patient data from connected devices into the hands of health care professionals who can act on that data. 

But, as of today, physicians aren’t equipped or rewarded for monitoring every click, beep, or Tweet from highly connected patients. So, analytics are being called upon to translate the many noisy inputs available from each patient into actionable information. These new analytics engines must handle both the integration of the many data types and also work through the ambiguity of patient-reported data coming from uncontrolled systems with the potential for messy data and possible false signals. New forms of alerting systems using predictive algorithms borrowed from other industries, such as finance, are looking across many types of messy data at once to sort out which ones are predictive for each individual and when to trigger actions. These actions can scale into the view of both the connected patient for lower-priority activities and for care teams where their knowledge and experience can be leveraged.

Machine learning tools are also needed to make sense of the data entered by patients in their own language. In the case of a patient’s point of view, they may enter into Twitter or a patient-reported form that a sleeping medication made them ‘googly eyed.’ Machine learning and classification systems can translate that into an event of ‘visual impairment’ that can later be accessed in a physician-friendly view or incorporated into analytics. With the semantic translation from patient language into medical terms, it is possible to evaluate if a neurological adverse reaction to the drug has occurred and if additional laboratory testing or physician review is needed.

It is a two-way street regarding information as patients become more connected. Patients who are able to enter data frequently are also searching the Internet for information about their disease and planning their care based on information that is beyond the view of their physicians. Search engines are unable to provide a filter regarding the specific accuracy or value of information.  So, physicians are now being asked to integrate information that patients obtain directly from websites into their recommendations. Health systems with leading approaches are creating either private search engines, using knowledge bases within their institutions, or partnering among many groups to provide an enriched knowledge base to offer safer and more curated sources of information on specific ailments as a part of patient portals.

Overall, the engagement model between providers and patients is evolving to accommodate mobile devices. This means that patient information is going to be shared between a patient and physician, and that physicians are going to have access to key information on their mobile devices. The benefit could be that it allows a physician to see a patient's MRI even while out of the office. But, this could also include chat, email, and an image of a mole taken from a smartphone camera. The resulting connectivity comes with a need to provide increased security to encrypt messages and images transmitted between these devices. Furthermore, the data from these exchanges can become part of the overall medical record as another source input enriching medical records for analytics.

The overall impact of expanding connectivity is that traditional approaches to calculating risk and identifying new treatment interventions that rely on highly reliable structured data are not designed to handle the opportunities and the expectations that could come from patient-generated data. Also, the ethical boundaries of what is private versus. part of an EHR need to be sorted out both from a regulatory perspective and within each patient and provider relationship. Over the next five years a steady stream of data from connected patients will likely emerge as standard inputs into how physicians and patients engage.

As for me, I'm hoping to win my fitness competition and have found it to be a fully rewarding intervention to get active this year. I’d be excited to share a stream of the information with my physician if she is interested. I also want my dentist to know that I really did floss four times last week, but I don’t have an Internet-enabled floss dispenser … yet!

 

Dan Housman, Director and Chief Technology Officer, Recombinant By Deloitte, Deloitte Consulting LLP

Dan Housman is a director with Deloitte Consulting. He is a software veteran with a demonstrated track record of providing valuable and innovative decision support systems to large, complex organizations. Dan leads ConvergeHEALTH’s product innovation efforts with a focus on translational research, bioinformatics and innovative approaches to data capture, analysis, and reporting for clinical quality and performance improvement. He conceived and delivered successful web-based analytical solutions for clients including clinical performance dashboards, analytic and reporting solutions for performance metrics such as Meaningful Use and Physician Quality and Reporting System (PQRS), and clinical research and disease management registry systems.

03/20/2014

Is compliance enough? Five steps for managing cyber threats in an ever-evolving risk landscape


By Russ Rudish, Global Health Care Leader, Deloitte Touche Tohmatsu Limited

Almost daily, it seems we are hearing of new technologies that can make our lives easier or more enjoyable. Our cellphones can lock our doors and change channels on our TV sets. We can now plug devices into our car to track driving habits in exchange for lower insurance rates. But, with these new technologies come greater risks to our security and privacy. Stronger protections need to be deployed, so we lock our cellphone screens with passcodes and set our car alarms when we run into the store.

Our personal lives aren’t the only ones affected: new information technologies and innovative business models are transforming the health care industry in exciting ways. The industry is beginning to focus on creating seamless interoperability among organizations, greater efficiencies in the delivery of care and increased consumer engagement through access to electronic health records and use of mobile health devices and apps. While creating forward movement and excitement in the industry, the very innovations that are driving growth and system improvement may also expose organizations to potentially more threats to security and privacy.

Huge amounts of data are moving back and forth beyond organizational walls between health plans, providers, non-traditional business partners and consumers. The frequency of cyber attacks is steadily increasing, and likewise, regulators are moving to increase the level of security and privacy of health information. Health care organizations and their business associates are expected to comply with protections that were strengthened last year in the Omnibus Final Rule for the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and providers participating in the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program must have completed a security risk analysis as part of Meaningful Use requirements for Stages 1 and 2.

But, will compliance with these safeguards be enough to manage cyber risk in this quickly evolving landscape? Possibly not—and the stakes are rising:

Breaches of security and privacy can cause real harm: misuse or theft of confidential personal information may have serious consequences for individuals, including miscommunication of diagnostic and treatment details, inappropriate or undesired sharing of health information with employers and others, and identity theft. For businesses, a breach may cause immediate damage to critical infrastructure, disrupt business operations, expose core business strategies and open the door for theft and fraud—all of which may diminish consumer trust and damage brand reputation. And, health care executives cite potential breaches as one of the top hindrances to investments in mobile health.

Financial penalties are increasing: organizations must come into compliance with provisions of the HIPAA Omnibus Final Rule that went into effect on September 23, 2013, or could face penalties up to $1.5 million per violation.

Comprehensive checklists, like the audit protocol established by the U.S. Department of Health and Human Services (HHS), can be useful to assess whether an organization has processes, controls, and policies in place related to privacy, security, and breach notifications. But checking off requirements might not be enough to prepare for potential breaches and attacks. Health care organizations—including all of their employees, contractors, suppliers and other business associates—should recognize that they could still be at risk even if they meet compliance requirements. All possible sources of risk should be considered across the full spectrum of a company’s relationships, systems, processes, and products (including mobile medical devices), as risk can occur at each point that protected health information exchanges hands.

To move beyond compliance and become strategic about risk, companies should become secure, vigilant and resilient. Many companies are already focusing on becoming secure by working to establish protections around critical assets and information. Companies should also become vigilant by raising threat awareness throughout the organization and developing the capability to identify patterns of behavior that may detect a compromised position or even predict threats. To become resilient, companies should strengthen their capacity to recover quickly when breaches occur (or a disaster happens), which means mobilizing the diverse resources that may be needed to minimize business disruption, costs and impact on brand reputation.

What might it take to become strategic about cyber risk? Here are five steps to consider:

1. Hold senior management accountable: appoint one respected senior executive to lead and embed cyber risk management goals into the evaluation process of top executives

2. Establish purpose and direction: clearly articulate your cyber risk strategy and support it by requisite action through funding and resourcing

3. Break down silos: cyber risk is an enterprise level issue, and lack of information-sharing is a top inhibitor for effective risk management

4. Trust but verify: conduct monthly or quarterly reviews about key risks and risk metrics and address roadblocks

5. Be creative about cyber risk awareness: consider the human factor in your organization and try war-gaming, tablet applications, or other creative ways to raise awareness across the enterprise

Preparing for potential cyber threats isn’t as easy as locking a cellphone with a passcode or setting a car alarm with the push of a button. But companies that manage cyber risk more strategically – in a secure, vigilant and resilient way – could be in a better position to significantly limit damage by quickly detecting and dealing with any compromise.

 Read the entire Health Care Current here and subscribe at:  www.deloitte.com/centerforhealthsolutions/subscribe

Russ

Russ Rudish, Global Health Care Leader, Deloitte Touche Tohmatsu Limited

Russ Rudish is the Global Health Care Sector Leader for Deloitte Touche Tohmatsu Limited (DTTL). He has more than 30 years of experience in serving the health care industry, both in the United States and abroad. In his role as a practice leader, Russ serves many of our largest client across the US and globally. Russ also is an active speaker and contributor to thought leadership on today’s most pressing health care business issues.

A view from the Center
#CHSBlog

Powered by the Deloitte Center for Health Solutions and Deloitte's Health Care Providers, Health Plans, and Life Sciences practices, A view from the Center is a forum for sharing timely insights, research, and forward thinking around health care, reform, and what lies ahead for the industry and its stakeholders. Subscribe to receive updates when new content is posted, and share your opinions on these top-of-mind subjects.

Get to know our contributing bloggers.