What bearing will healthcare reform have on healthcare risk? Here Janet Hale and Katherine Laws from Alliant Healthcare Solutions offer their view of the changing landscape.
Healthcare reform will change the healthcare industry risk landscape in many ways. It is likely to foster significant merger and acquisition activity, it will require new physician strategies, it will promote newly-formed relationships short of actual ownership, and it will create new exposures through financial incentive arrangements.
From a risk financing perspective, the insurance industry has responded to these challenges by launching several new products and risk transfer solutions. These include new insurance programs wrapped around accountable care organization (ACO) liability, standalone regulatory risk insurance policies, and new options for addressing physician tail liability arising out of the acquisition of physician groups.
Of concern, however, are multiple new and emerging risk issues that are not properly addressed under traditional insurance policies or standard risk management protocols.
Some key problem areas include business practice errors and omissions exposure that does not fall under hospital professional liability coverage triggers; insured versus insured exclusions for new organizations with multiple participants; financial errors and omissions exposure arising out of incentive based arrangements; and enhanced privacy risk with new venues for shared information.
Other issues of concern include the existence of ‘fuzzy’ new relationships without clearly defined indemnification or insurance contract provisions; significantly increased regulatory risk to include fines and penalties and significant defense and administrative costs (excluded by most insurance policies); social media initiatives to drive communications and market strategies; and new revenue streams or operational changes without a coverage analysis of the existing insurance portfolio.
Expanded risk might also include a more robust research initiative, expansion of telemedicine and telehealth strategies, or new affiliations to promote population health management.
These issues create complex risk exposure that needs a thorough examination from both risk finance and risk management perspectives.
Traditional insurance policies either do not clearly respond to, do not respond well to, or specifically exclude many of the new and emerging risks for healthcare. As risk transfer products develop and evolve around these new risks, it is important to do a ‘gap’ analysis (to determine what needs to be done to move from its current state to its desired, future state) within your current insurance portfolio to determine your exposure, to analyze whether your policies can be broadened to respond, or to decide whether a standalone insurance product is needed or optimal. What follows is a sample checklist that may assist in the initiation of this process.
HEALTHCARE RISK FINANCING: NEW AND EMERGING RISKS
Check your HPL
Check your hospital professional liability (HPL) coverage trigger and pertinent definitions. Many traditional HPL policies have a ‘medical incident’ or ‘professional healthcare services’ trigger that is narrowly defined and does not address new and emerging risks. Review your policies and determine whether your coverage trigger addresses your healthcare organization’s strategic initiatives.
Consider new products
Consider new insurance products to address increased regulatory scrutiny. Standalone risk transfer products are currently available for statute specific claims (Medicare fraud and abuse, billing errors and omissions, the Emergency Medical Treatment and Active Labor Act [EMTALA], Stark, etc). These policies cover defense, indemnity, shadow audits, investigation expense, and fines and penalties.
Use an LPT
Analyze the use of the favorable loss portfolio transfer (LPT) market to remove past liabilities from the balance sheet. This can be particularly effective in addressing prior acts liability in an acquisition.
Review ‘partial’ ownership
Reassess your insurance policies regarding how they apply to ‘partial’ ownership situations. Additional areas to evaluate include the application of insured versus insured exclusions and other insurance clauses regarding ACOs and other new multi-entity organizations.
Consider cyber liability
Consider or re-evaluate existing cyber liability coverage to address participation in exchanges or other affiliations where private information is shared with multiple third parties.
HEALTHCARE RISK MANAGEMENT: NEW AND EMERGING RISKS
Most healthcare systems have ‘traditional’ risk (such as medical malpractice) under control. However, risk management programs need to continually evolve to address some of the new healthcare risk scenarios. Samples for new risk assessments include:
Do new relationships short of ownership create ostensible agency liability? An entity may be found liable where it holds out a person as its agent or employee and a patient relies on that representation to his or her detriment. For example, advertising including non-employed physicians as ‘our doctors’ may create ostensible agency exposure unless steps are taken to clarify the true nature of the relationship.
Privacy and security policies and procedures should be reviewed to determine compliance with Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act (HIPAA/HITECH) changes announced in January 2013. A comprehensive review of data security encryption practices should include all mobile exposures including laptop computers, cell phones and portable drives. A similar assessment should be required of those with whom data is shared to include physician offices, payers and health information exchange members.
Assess new risks
As hospitals acquire physician practices, hospitals take on new risks. Physician practices should be assessed with respect to human resources practices including employee background checks and competencies, billing and coding, medical record documentation, medication/sample security and distribution practices, processes for follow-up on patient lab and radiology results and general liability office issues.
Risk management should be part of all contract reviews for the purposes of identifying risks created by the contract, determining organizational compliance with insurance requirements, and advising the organization on insurance to be required of the other party to the contract. The compliance department should review contracts for any Stark Act, anti-kickback or other regulatory exposures. Contracts should be maintained in a contract administration database which ensures appropriate renewals and signatures are maintained.
Review social media
Risk management review of social media practices should include social media policies and procedures and employee education regarding employee use of social media. Policies and procedures should include specific prohibitions against any protected health information (PHI) disclosure including photographs. Marketing and risk management should work cooperatively to minimize risk created by social media marketing by the entity including exposure related to misrepresentation, deceptive trade practices, and ostensible agency.
Update internal corporate auto protocols for those employees driving on business for technology concerns such as texting while driving or the use of hand-held cell phones.
Financial pressure and new opportunities connected to healthcare reform are definitely making ‘strange bedfellows’ as organizations partner with competitors, strangers, and uniquely formed entities to address financial survival and quality of care. The risk manager’s role is crucial in this process to proactively evaluate and address risk issues that are evolving and mostly untested.