Tag Archives: health insurance plans

All Employers CAN Reduce The Cost Of Health Care

What health plans and brokers don't want you to know….

Sometimes it's humbling to admit what you don't know. It's even worse to realize that you don't know what you don't know (YDKWYDK – pronounced, yidick-widick). Well, last fall I was hit square in the face with an embarrassing case of YDKWYDK. Silly me, I presumed that within certain boundaries, actuarial science is, well, a science. Based on the experience/characteristics of a population, and the design of a plan, there was a narrow range within which premiums would be assessed. Not exactly.

Informed Purchasers Can Get Better Coverage And A Lower Cost
I advise employers about how to manage health care costs. That's what I do for a living. Well, I discovered there is a process for uncovering available savings of which I've been unaware. Let's call it the informed purchaser discount. It turns out if you:

  • Learn more about how rates get set (not necessarily based on actual claims risk), and
  • Discover where fees might be hidden (many places), and
  • Inform yourself on calculations health plans use to forecast cost and protect themselves from exposure (quite conservatively), and
  • Partner with someone who has the data platform and predictable process to uncover available savings, and
  • Design a new plan that aligns patient and provider interests,

You can pay a lot less for coverage.

Why Don't You Already Know About This?
Well, it turns out there are incentives built into the system such that:

  • Most brokers — who are paid by the plans — are reluctant to push back on plans for better prices, and
  • Brokers who do push back may get penalized by the plans with worse quotes or slower service, and
  • The timing of quotes are manipulated to rush decisions and leave less time for deliberations, and
  • Because it's a hassle to price many different designs, the plans and brokers often choose a favorite and don't bother to tailor it to specific client needs, and
  • All plans tend to operate this way, so you won't detect over-charging by simply comparing among them.
  • Thus, benefits managers are left reporting to the executive team, honestly: “This is the best I could find.”

Sigh. In other words, circumstances are stacked against the individual employer, especially small ones that are fully-insured. The traditional industry process is meant to keep us in the dark.

Worse yet, as traditional benefit professionals, we don't know what we don't know. There are many reasons not to rock the boat. Perhaps there is a long-term, trusted relationship with the broker; they've become our friends. Brokers won't tell you that they think you can get a better deal — otherwise you would question why they aren't getting it. Perhaps there is fear that getting a different broker or an outside advisor will be looked upon as a sign that we have made poor choices in the past. Perhaps it is simply easier to do what we always do. Perhaps we assume we will get the best deal through the competitive bidding process. Perhaps we assume that because we are smart and capable in other areas, the same approach applies in health coverage. Whatever the reason, the vast majority of businesses don't have the insight to demand and get the informed purchaser discount.

So, you ask, how much can that discount be? (Are you sitting down?) $1,000 to $3,000 per employee, every year. For a 500 person company, that equates to overpaying between a half a million and 1.5M dollars on health care over the past five years. It's shocking, it's appalling, it's something I would not have believed … but folks, it's real. And you can do something about it.

I have spent my professional benefit career advising employers about plan design, corporate policy, health care quality, and health interventions. All the while, I should have been encouraging them to partner with an experienced purchaser who knows the process and can share understandings of risks and incentives.

Stop Paying A Penalty Simply For NOT Being Informed
The only way to get an informed purchaser discount is to make the process transparent and work with someone who only has a financial incentive to save you money. This doesn't mean you fire your broker (unless you want to), only that you insist on having a broker who will partner with an independent plan reviewer/designer. You want someone who is not threatened by complete transparency — something you will learn is not welcomed by plans or most brokers. (If your broker resists, I can recommend a few who do advocate transparency and are open-minded).

What should the independent party do?

  1. Review your current plan and experience at no charge.
  2. Assess the savings opportunity at no charge.
    Explain your design options and confirm you are comfortable with specific types of changes. The savings should not be solely derived from making the plan less desirable, such as:

    • restricting access to providers
    • shifting large increases in cost to employees
    • design changes that discourage employees from choosing coverage
  3. If savings are not likely, state that fact, shake hands and part ways.
  4. Charge a reasonable fee, most of which is contingent upon meeting a minimum savings (e.g. $1000 per employee).

In other words, there should be no cost or risk to assess your opportunity, and the group who guarantees savings should get paid after the savings are achieved.

Does such an organization exist? Yes. It's not a brokerage, but a small, independent consulting group called Incenta, that is saving its clients a lot of money. Do I work for them? No, but I am introducing them to my clients because it feels bad not to. Will I be partnering with them in the future to bring this solution to more employers? Absolutely.

What Now?
This article is a stark departure from my usual analytical or policy-oriented discussion. Readers who know me know that I investigate topics thoroughly and thoughtfully. Despite this, all of us encounter situations where yidick-widick, and we discover new solutions to old problems. It's not a sin to find out we didn't know — but I've decided it's inexcusable to ignore it now that I do know.

Never have I been more convinced that a different sort of expert is needed. Plus, in this case it happens to be very low risk — no cost to assess potential savings, and the vast majority of fees contingent upon achieving $1000 to $3000 of savings per employee.

So, I encourage every benefits manager to become one of the (few) informed purchasers. Don't wait until your renewal is approaching. And don't be afraid to admit YDKWYDK — better to learn this now than continue paying the penalty for remaining uninformed. Call or email me or the others listed at the bottom of this article. Become informed. Your bottom line, and your company executives will thank you.

For those interested in following up, talking it though, or getting started toward a better process of getting health care coverage, feel free to contact:

Wendy Lynch
Send Email to Wendy

Dennis Kelly
Send Email to Dennis

Dave Dias (one of the transparency-advocating brokers I know)
Send Email to Dave

Restated HIPAA Regulations Require Health Plans To Tighten Privacy Policies And Practices

Health plans, their insurers, employer and other sponsors, and business associates have work to do. Health care providers, health plans, health care clearinghouses and their business associates will need to review and update their policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the omnibus restatement of the Department of Health & Human Services (“HHS”) Office of Civil Rights (“OCR”) of its regulations (the ” 2013 Regulations”) implementing the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Rulemaking announced January 17, 2013 may be viewed here.

Since 2003, HIPAA generally has required that health care providers, health plans, health care clearinghouses and their business associates (“Covered Entities”) restrict and safeguard individually identifiable health care information (“PHI”) of individuals and afford other protections to individuals that are the subject of that information. The 2013 Regulations published today complete the implementation of changes to HIPAA that Congress enacted when it passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 as well as make other changes to the prior regulations that the Office of Civil Rights found desirable based on its experience administering and enforcing the law over the past decade.

Since passage of the HITECH Act, Office of Civil Rights officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While the Office of Civil Rights had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating the Office of Civil Rights' HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR's interpretation and enforcement of HIPAA.

Highlights Of Changes
Among other things, the 2013 Regulations:

  • revise the Office of Civil Rights' HIPAA regulations to reflect the HITECH Act's amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA's civil and criminal penalties for violating HIPAA's Privacy, Security, and Breach Notification rules;
  • update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose personally identifiable health care information is breached, the Department of Health & Human Services and in some cases, the media when a breach of unsecured information happens;
  • update interim enforcement guidance the Office of Civil Rights previously published to implement increased penalties and other changes to HIPAA's civil and criminal sanctions enacted by the HITECH Act
  • implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose personally identifiable health care information for marketing and fundraising purposes and prohibit Covered Entities from selling an individual's health information without getting the individual's authorization in the manner required by the 2013 Regulations;
  • update the Office of Civil Rights' rules about the individual rights that HIPAA requires that Covered Entities afford to individuals who are the subject of personally identifiable health care information used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic personally identifiable health care information in electronic form;
  • revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of personally identifiable health care information protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
  • clarifies and revises other provisions to reflect other interpretations and information guidance that the Office of Civil Rights has issued since HIPAA was passed and to make certain other changes that the Office of Civil Rights found appropriate based on its experience administering and enforcing the rules.

Covered Entities And Business Associates Must Act To Review And Update Policies And Practices
The restated rules in the 2013 Regulations make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. The Office of Civil Rights, even prior to the regulations, has aggressively investigated and enforced the HIPAA requirements.

The commitment of the Office of Civil Rights to enforcement most recently was demonstrated by its recent settlement with Hospice of North Idaho (HONI). On January 2, 2013, the Office of Civil Rights announced that the Hospice of North Idaho will pay the Office of Civil Rights $50,000 to settle potential HIPAA violations that occurred in connection with the theft of an unencrypted laptop computer containing electronic personally identifiable health care information. The Hospice of North Idaho settlement is the first settlement involving a breach of electronic personally identifiable health care information affecting fewer than 500 individuals.

While the Hospice of North Idaho settlement marks the first settlement on a small breach, this is not the first time the Office of Civil Rights has sought sanctions against a covered entity for data breaches involving the loss or theft of unencrypted data on a laptop, storage device or other computer device. Rather, the Office of Civil Rights continues to roll out a growing list of enforcement actions demonstrating that the potential risks of HIPAA violations are significant and growing. See also:

Coupled with statements by the Office of Civil Rights about its intolerance, the Hospice of North Idaho and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration the Office of Civil Rights' investigation and enforcement actions, emerging litigation and other enforcement data, their own and reports of other security and privacy breaches and near misses, and other developments to decide if additional steps are necessary or advisable.