By Ronda Hefton, RN, BSN, MBA
Where The Rubber Hits The Road: A Frustrated CIO
A CIO of a large health system, that includes a payer, shared the following frustrating reality. While Centers for Medicare and Medicaid (CMS) allowed ACO executives access to their claims data, CMS refused to send that same claims data to the independent delivery networks (IDNs) within the health system. Why? All due to the lack of access controls at the IDN level. For the CIO and C-Suite team, this makes for a significant data challenge. A health system that owns an CIN/ACO and faces this common situation, hits barriers in strategic planning and data IT support across the network.
Fixing The Issue
This issue can be addressed by understanding the regulatory requirements as well as the data types being integrated.
As recently as 10 years ago, clinically integrated networks (CINs) and ACOs were struggling with the basics including:
- showing quality measure results for each provider
- proving compliance with CMS and Federal Trade Commission (FTC) regulations
- confirming each provider’s active participation
- enforcing HIPAA guidelines
Fast forward to 2018, and the success of a CIN/ACO now heavily depends on data and having the expertise to gather, manage and use it to achieve success. This two-part series will delve into common data management challenges and how technology helps these value-based organizations accomplish their goals.
Make CIN/ACO Data Useful To Stakeholders
Today’s CINs/ACOs must be data integration masters, which is no small feat. It means mastering both access to and use of data housed in disparate IT systems and files. What’s more, they must make that data easily digestible and actionable for all stakeholders to meet clinical, operational, and financial objectives.
Only a smart and well-architected technology infrastructure can handle this kind of work. A new, significant theme is emerging regarding working with large IDNs and health systems that also own CINs/ACOs as well. While doing the difficult work of integrating and providing data for population insights, managing multiple contracts, and determining network financial viability, these organizations must also shoulder the burden of legal compliance.
Technology Strategies And Compliance
Health systems that are creating strong technical success are those extending their technology strategies to their owned legal entity data warehouses and data lakes. It’s the CINs/ACOs with access to integrated electronic medical records (EMRs), health information exchanges (HIEs), consolidated clinical document architectures (CCDAs), claims, and other key types of data that are proving themselves to be game changers.
In the past, CINs/ACOs have struggled to get the data they need from their provider network participants. One might ask: What is the root issue? Are the data providers need housed in the data warehouse? Is this a compliance challenge?
Encounter data show how compliance presents unique challenges to these organizations. Access to encounter data, both clinical and financial, that occurs outside the contracted activities of the CIN/ ACO network should comply with complex and often conflicting regulations. Complex, multi-system owned organizations must best determine how to comply with – and document compliance with – all the following legal requirements:
- OMB Circular No. A-130: Management of Federal Information Resources
- Federal Information Processing Standard 200 (FIPS 200): Minimum Security Requirements for Federal Information and Information Systems
- NIST SP 800-53: Recommended Security Controls for Federal Information Systems
A Closer Look At How HIPAA Affects CINs/ACOs
Although the basics are the same, there are some crucial differences in how HIPAA must be managed by CINs/ACOs. The most significant difference lies in the responsibility of care for contracted populations.
If a CIN/ACO is providing care management to specific populations to improve quality and decrease cost of care, insight into the patient and provider behaviors both inside and outside of the network is imperative to success both clinically and financially. What makes this complicated is clinical information should only be accessed by the patient’s physician, providers, and those in CIN/ACO roles who have a “need to know” to provide care and guidance to the patient.
Challenges Presented By Financial Data
Financial data become important for managing multiple contracts as well as determining network financial viability, and it’s becoming more difficult all the time. Several years ago, the ownership lines within CINs/ACOs were more straightforward. A CIN/ACO typically included a health system-owned medical group and independent physician practices. The legal entity lines were also clearer, and because only quality data was needed, data access was easier to manage.
Flash forward to 2018 and we find CINs/ACOs are much more complex with owned medical groups, independent practice associations (IPAs), managed services organizations (MSOs), independent physician practices, and large multi-specialty groups as well as acute and post-acute providers. Add to that, in many cases, the CIN and the ACO are separate legal entities. The complex demands of contracts, care management programs, and multi-owned organizations make data access control extremely difficult for parent organizations to manage.
The most common frustration encountered in the industry is a large IDN’s IT Enterprise working to provide technology services for the various separate legal entities – acute care providers, payers, owned medical groups, and complex CINs/ACOs. For instance, once the IT Enterprise has all the data sources desired by the CIN/ACO operations, who should have access to what information? Further, is it even legal for the IT Enterprise to have access to all the data sources held in the data warehouse?
Raw claims data can be very important to a CIN/ACO’s success. It’s currently the only data set that includes a cross-continuum view, including the financial impact of encounters and of patient care received. While it’s true that claims data is old and carries its own set of concerns, it is the only data that reflects patient and provider preferences and behaviors outside of the network, as well as financial data needed to monitor cost. Therefore, while claims data is not ideal and still incomplete, a CIN/ACO can do business successfully without clinical data, but they cannot do business successfully without claims data.
Ultimately, CINs/ACOs can develop and implement the IT strategy required for compliance once the sources, types and location of data are determined and the challenges and compliance issues are identified.
As CINs/ACOs continue to mature, it’s crucial for success to understand the types of data used as well as what can be done with the data within the bounds of legal compliance. Part two in this series will explore the use of technology and strategic operations collaborations for compliance and business success.
About The Author
Ronda Hefton, RN, BSN, MBA, is an integrated care consultant and guest contributor for CitiusTech.