HIPAA requirements concern small health-plan CEO
By Charles Rathmann, SBT Reporter
Large and small HMOs alike are preparing for the regulatory onslaught represented by the privacy and security provisions of the Health Insurance Portability and Accountability Act.
Small HMOs, however, just may feel more of a hit than larger ones — at least that is the suspicion of Pat Jerominski, president and CEO of Independent Care, Inc. (iCare) — a Milwaukee-based health plan for the disabled.
“I am surprised that there hasn’t been more reaction by the insurance community related to these new requirements,” Jerominski said. “A lot of them are right now kind of stunned and evaluating the impact. The idea behind it is probably a positive one. But I am not quite sure that there was a lot of thought given to the economic impact of this and the civil rights impact with confidentiality.”
iCare is a comprehensive Medicaid health care and social services program for Milwaukee County residents who receive Supplemental Security Income (SSI) benefits. The organization provides medical, behavioral health, dental, vision and prescription drug insurance coverage to its 4,500 members through a care coordination model. Case management and intervention on the part of iCare helps Medicaid helps eliminate problems associated with duplication of or conflicting medical treatments — and hopefully achieves some cost savings as well.
The HMO was initiated as the result of a 1994 research project that suggested that the disabled poor would do well under managed care. At that point iCare — unique in the nation according to Jerominski — could be formed only by jumping through several legal and regulatory hoops. Partnerships had to be formed with both a nonprofit — Milwaukee Center for Independent Living — and a for-profit licensed HMO — in this case, Humana.
“We started out as shared risk,” Jerominski said. “If we had 2% profit, anything above that would be shared with the state — same thing for losses. This was in effect since 1997.”
Shared risk refers to a system of insurance where the administrator of a plan receives compensation based on reduced cost and usage of services by patients. Part of the money not used goes into a shared risk pool.
However, over time, iCare demonstrated stable-enough fiscal returns to convince the state to allow it to operate as a more traditional HMO.
“We now receive a per-member per-month fee for all state-provided services excluding chiropractic,” Jerominski said. “We are the only one with full-risk capitation.”
Ensuring quality care and black-ink fiscal results has been a challenge, Jerominski said, because of the nature of the population served.
“The population is different than we supposed,” Jerominski said. “In addition to physical problems, 42% have chronic mental illness. There are also co-morbid illnesses like diabetes, hypertension and musculo-skeletal issues. Of our premium revenue, over 25% goes to pharmacy costs. In traditional settings, pharmacy costs are rising but of premium revenue, it is still only 10% to 15%.”
So Jerominski has enough on her hands even before she starts worrying about the privacy and security provisions of HIPAA.
HIPAA headaches
Jerominski said iCare hired a consultant to analyze the impact the privacy and security requirements of HIPAA would have on our operations.
“We will be bearing significant administrative loads,” Jerominski said. “This will significantly affect all our internal systems — including our network infrastructure — one of our core assets. The security and the documentation standards that need to be developed and followed are significant. We are beginning the process of the cost analysis. We need to identify the budget impact.”
To complicate matters further, iCare used to outsource many of the functions that would be regulated under the HIPAA security rule, but recently opted to take on those functions themselves.
“We made a system conversion as of March 1 — we had subcontracted with the Humana network — but pulled it in-house,” Jerominski said. “We now have more control, but we only have 15 employees. In the meantime, we have the same standards as a Humana, which has thousands of employees.”
But there is an upside, according to Jerominski. HIPAA will also require health-care organizations — providers, insurance carriers and others — to utilize a standard format for information interchange. Jerominski said iCare will probably benefit from this requirement.
“Up front, there will be a lot of cost,” Jerominski said. “But because we are in the regulatory environment and we deal with Medicare and Medicaid … Medicare has different requirements than Medicaid. Right now, the identifiers for services rendered can be different and the documentation can be different. One reason the feds did this was to bring these two programs together. But still, consultants will have a field day with this.”
While efficiencies should be gained by streamlining documentation between Medicare and Medicaid, substantial work must be done on the federal and state levels to make those efficiencies a reality.
I called the Department of Health and Human Services, and when we ask them about this — that say ‘we don’t know yet.’ They are not even preparing for it yet,” Jerominski said. “Provider files and codes are not up to date yet for Medicaid.”
Apart from the IT and aspects of the privacy and security rules that affect hardware and software, another challenge will be re-educating iCare’s wetware — the people.
“We have situations — because of the clients we serve — where we have care coordinators and case managers that talk in the hallways about a certain case,” Jerominski said. “How do we train people to understand you can not talk in an elevator or outside your cubicle? People with this privacy act might focus on the systems side — but they also have to concentrate on their personnel issues.”
Nov. 9, 2001 Small Business Times, Milwaukee