Compliance, Data, And Success In A Complex CIN/ACO World

As CINs/ACOs expand as a strategy for value-based care, these organizations depend ever more heavily on data – and the expertise to gather, manage and use it – to achieve success. Part 1 of this two-part series, Knock Down Barriers and Achieve CIN/ACO Success, detailed the significant data challenges for integrated delivery systems that include separately owned legal entities. Part 2 outlines how health systems with an owned ACO/CIN provide the usable data, clinical support, proof of compliance, and strategic guidance required for an unwavering focus on care quality and patient experience. While simple to say, only the select few have mastered providing the right care in the right place at the right time – the holy grail for delivering high quality care at lower cost.

Start By Buddying Up With The Legal Team

Your legal team is your friend. Let them safely guide you through the tricky and often treacherous waters of ACO/CIN compliance. Their expertise is critical for considering and understanding legal entity boundaries, organizational ownership (CMS ACO, Commercial CIN/ACO, Medicare Advantage, Employee Health plan) and the compliant ways to navigate them.

This became crystal clear recently when the NIST 800-53 published the requirements for Organizations (CMS ACOs) working with Federal Systems. This not only increased the urgency, but it also highlighted data governance issues that had not yet been at the forefront of compliance attention in the CIN/ACO world. Successfully caring for a population requires a broad mix of claims, financial, clinical and cross-continuum setting data to both support clinical care and prove compliance – no small task for any organization.

Master “Actionable” CIN/ACO Data Your Stakeholders Need

Harness the power of your CIN/ACO data to make it useful to stakeholders. First, the foundational data for successful operations is insight into your contract terms and the populations served within those agreements. Quality measures, clinical outcomes and financial performance are typically addressed in the contract terms. Second, real improvement results from data that provides actionable opportunities, so get clear on what “actionable” really means for your organization. “Actionable” translates into meaningful communication with all stakeholders, specifically health system executives, network operational leaders, participating providers, care managers and patients.

Different stakeholders need different communication from “actionable” data to perform well within your contracts. Typically, the key stakeholders include:

• Health system executives: Executives monitor financial and operational measures at the highest aggregate level by network and by type of care population.
• ACO/CIN leadership: Leadership needs data at both the aggregate and drill-down levels. When drilling down to detailed data, leadership needs access to outliers to determine how to guide operations from a clinical, financial and quality perspective.
• Physicians: Physicians need support to meet quality compliance, while staying on top of ever-changing details. For example, a physician may not be aware that the post-acute facility where they typically refer patients has a higher cost, poorer outcomes or longer length of stay. Arming them with actionable data at the point of decision enables them to make informed decisions and substantially multiplies their power to provide ever-improving patient care.
• Care Managers: Care Managers need insight into high-risk patients that will benefit from care navigation or disease-specific collaboration. Knowing, in real time, which patients are at the most risk tends to be the greatest challenge yet has the greatest value.
• Patients: Patients’ confidence in their care and wellness choices increases with access to a trusted care team. Equipping the primary care provider, care managers and other members of the team with data that informs a cross-continuum view facilitates patient education, navigation and self-care empowerment.

Winning In A World Of Competing Priorities

It’s no longer surprising that today’s patients want instant care, great customer service and quick answers to their concerns. This is important because they are also less concerned about having a relationship with a primary care physician. Hence, if the network does not have access to data from encounters that occur beyond their purview, such as outside the network, hospital, clinic, outpatient diagnostic facility and pharmacy, it is very difficult to identify which patients are truly at risk and need care urgently. Consider that the data required by each of the stakeholders may reside in multiple EHRs, HIEs and registries, or within pre- and post-adjudicated claims. While everyone is supposedly on the same team, some stakeholders can see all data and others cannot.  

Here is where the legal entity boundaries become so important. Not only are there data compliance challenges within the CIN/ACO entity but even bigger data compliance challenges exist between the IDN and their owned CIN/ACO.

Requirements Versus Compliance: Who Sees What Data?

CINs/ACOs must understand data governance issues that arise, even when accepted strategies like using a separate server or creating a data warehouse with dedicated data marts are employed:

• Cross-network data issues: If the IDN is the operator of a data warehouse/data mart, there are non-CIN/ACO employees managing and accessing the data. This approach is not compliant if the data included contains information outside of the network. Addressing these issues will require a mix of people, process and technology, especially when we consider the types of data that are included in the warehouse/mart, such discreet clinical, diagnostics, pharmacy, EHR, HIE, registry, and pre- and post-adjudicated claims.
• Clinical data issues: Just because technology can separate data does not change HIPAA requirements. For a clinician to access patient-level data there must be a need to know. Similarly, when an administrator needs to call a patient to provide service recovery or help with a bill, they can have access to demographic data needed to support their role. However, access to a patient’s clinical data is only appropriate if there is a clear and direct need to know.
• Financial data issues: While aggregate financial data is appropriate for monitoring activities by the board and leadership, detailed financial data cannot be shared across legal entity lines. Specifically, financial information about amounts paid for care that originates from care provided outside of the network cannot be included in data viewed by the hospital, other physician practices and payers. However, the CIN/ACO entity needs to see the cost for care that occurs outside of the network in order to drive the right care at the right time to the right place. To further complicate matters, if the population is an employee population, there may be protected behavioral health data as well protected disease data to be managed appropriately.

Proving Compliance Across People, Process And Technologies

The issues outlined above barely scratch the surface. Considering the complex relationships and data access needs, CINs/ACOs are well-advised to consider these recommendations to prove and document that technologies, people and processes are compliant:

• Partner with a technology vendor that understands the subtle, yet crucial, nuances of the separate legal entities that exist in a large IDN.
• Select a technology with multi-tenancy functionality, auditing and reporting capabilities.
• Put the appropriate data sharing agreements in place between the IDN and the CIN/ACO.
• Consider separate operational staff for the CIN/ACO. If the IDN/Payer/and CIN/ACO must share staff, document the roles and percentage of time staff are “outsourced” to the CIN/ACO for operations.

As more and more IDNs, CINs, ACOs, IPAs and Payers acquire, merge and partner, data integration, proof of compliance, and appropriate access to data will become more complex. Long-term data governance strategies that allow for growth, technology improvements, and successful management of risk bearing agreements are critical. Take steps now to ensure your long-term success in this complex environment.

About The Author

Jeffrey Springer - Sr. Vice President, Healthcare Solutions, CitiusTech