Category: Uncategorized

Data Protection in All States

Data must be protected in all states, when in use, in motion, and at rest. Data in use is data that is actively being accessed, processed, or updated. Data in motion is data that is being transmitted from one source to another. Data at rest includes any data that is stored and not actively transmitting from one source to another.

Data Loss Prevention

HealthEdge understands how critical it is to protect data, in all states, with a layered security strategy. As part of this strategy, we deploy Data Loss Prevention, or DLP, tools that monitor sensitive data, which alerts our security operations team to any potential findings. We also implement continuous training for everyone on the HealthEdge team. DLP ensures sensitive data is not exfiltrated from managed to unmanaged sources, such as transferring data from our corporate cloud storage to a personal storage and/or device. DLP policy configurations are designed to discover and protect data in real-time on the corporate network, endpoints and the cloud.

• Protecting the Network – DLP monitors data in all states on the corporate network and prevents data from being transmitted internally if it violates any HealthEdge information security policy.
• Hardening Endpoints – DLP monitors company endpoints and prevents data misuse and loss from endpoints both on and off the corporate network, including web traffic or email usage.
• Securing the Cloud – DLP monitors data on authorized cloud applications and prevents unauthorized and unsecure data transmission and unauthorized access.

Security Information Event Management and User Behavior Analytics

Security information and event management, or SIEM, collects logs and events from the HealthEdge environment. This capability allows our security operations team to analyze threats that have been identified by correlating data from different log sources. “Normal” behavior, such as where a user authenticates from and accesses data, are used to establish baselines. If the logs indicate a change in the baseline, an alert will trigger, and our security team will investigate further. This process is known as user behavior analytics, or UBA.

Log and event correlation can detect changes in access, authentication, or account changes. If a user attempts to access sensitive data using an unauthorized account, such as an employee account versus an administrative account, an alert will trigger additional analyses. If a user attempts to override established privileges, access will be blocked, and the attempt will be recorded in the user logs. Users are assigned risk scores based on role and privilege. When users attempt unauthorized access, even if blocked, the user’s risk score will increase. The greater the risk score, the greater the monitoring.

User Education and Awareness

The security operations team utilizes a hands-on approach, ensuring users with an increase in risk are aware of responsibilities to be good stewards of data. Humans make mistakes and the tools we deploy to prevent data loss work in conjunction with good cyber hygiene. In addition to notifications letting the user know the access or transmission has been blocked, security operations will reach out to the user directly to review information security policy requirements and answer any questions they may have regarding DLP. Security education and awareness is a continuous process and the HealthEdge team is the first line of defense when protecting data.

Medical necessity is one of the hardest things for both payers and providers to get right due to the complexity these policies usually require. However, medical necessity serves an important role in patient safety and fraud prevention, so it must be verified.

Medical necessity is a determination that a particular healthcare service, procedure, or treatment is appropriate, reasonable and necessary for the diagnosis or treatment of a patient’s medical condition.

For payers, getting it wrong can mean thousands, if not millions, of dollars wrongfully paid or wasted on downstream work associated with excess claim denials and recoupments. Getting it right means providers are reimbursed accurately the first time; patients receive the appropriate level of care and correct medications; and payers minimize overhead costs associated with claims review and rework.

To help payers get it right and be compliant with CMS National Coverage Determinations (NCD) and Local Coverage Determination (LCD) policies, MediQuant, a partner in the Source ecosystem, offers the full range of medical necessity edits, including:

• Procedures and diagnosis codes
• Add-on procedures
• Primary and secondary LCDs
• Covered and non-covered diagnosis codes
• Denied codes
• Frequency limitations
• I/P restricted CPT/HCPCS
• Effective dates
• Commentary on rule changes with every update

Making Medical Necessity Easier for Source Customers

As a transformative payment integrity solution for payers, Source has developed partnerships with many different best-of-breed vendors, including MediQuant. As part of the Source ecosystem, MediQuant is able to leverage advanced APIs from Source to deliver pre-built integrations between the two systems. This not only eliminates the IT burden for payers who want to use both solutions, but it also creates a more seamless user experience. Plus, it’s easy to configure, as Source automatically indicates if/why a policy impacts a claim.

The result of Source + MediQuant?

Results include streamlined clinical policy maintenance, prior authorizations, coverage determination, and claims processing.

Payers are also able to minimize provider abrasion related to wrongful denials while also better managing utilization across all care settings, including hospitals, physician offices, labs, and imaging centers.

To learn more about how Source + MediQuant can help your health plan dramatically reduce denials due to improper or incomplete documentation of medical necessity, visit the Source third-party integrations page here.

With the ease of shopping on Amazon and proliferation of curbside, delivery, and pickup options, consumers want options, the best deal, and fastest delivery/pickup.

With modern digital transformation, it’s no surprise that consumers want and expect the same for their healthcare. Several key trends are shaping this:

• Consumer buying behaviors being influenced by retail experiences
• New market entrants setting new standards for consumer-friendly experiences
• Increasing availability of data sources and maturing interoperability standards facilitating line of sight
• Growing participation in Medicare Advantage, Medicaid, and individual marketplaces

Customers are starting to exert their power

Customers expect to be treated the same way they are accustomed to in their daily interactions with retailers. American health consumers primarily value these 5 categories:

1. Convenience
2. Quality
3. Support
4. Personalization
5. Communication

Source: Healthcare Consumer Experience Trends 2021 | Press Ganey

Becoming a digital payer

With modern digital transformation solutions in place, health plans are leading the way to a more connected, consumer-centric healthcare marketplace. Digital health payers turn to technology to help:

1. Improve end-user and member centricity
2. Achieve higher levels of quality
3. Increase transparency
4. Advance customer service
5. Reduce transaction costs

Click here to read The Digital Payer Journey to Achieve a Coherent Individual Healthcare Experience white paper.

 

Medicare Advantage brings affordable, comprehensive healthcare coverage to nearly 30 million Americans. This program serves diverse American communities, including 3.7 million rural Americans. 40% of Americans making less $25K per year choose Medicare Advantage, and 32% of Medicare Advantage members are racial/ethnic minorities.

Medicare Advantage has had 8-10.5% YOY growth, and 60% of all Medicare beneficiaries will be in Medicare Advantage by 2030. The growth of Medicare Advantage brings opportunity for health plans to expand their member base. However, the diversity of the communities served by Medicare Advantage presents significant challenges for health plans. Furthermore, competition is rapidly growing for health plans in the Medicare Advantage space.

HealthEdge customer SummaCare is a local, self-funded, provider-owned health plan with 62,000 covered lives. Operating in Summit County, OH, SummaCare is part of one of the most competitive Medicare Advantage markets. In 2023, they are expecting members to have over 90 plans to choose from.

How does SummaCare stay competitive in the Medicare Advantage space, especially against national competitors?

We recently sat down with SummaCare’s VP of Operations, Melissa Rusk, to learn how health plans can compete and grow in the increasingly competitive Medicare Advantage space. Her five top tips for health plans are:

1. Understand your customer needs: Listen to the voice of the customer and take action on it. 
2. Meet your customer where they are: Be available to your customers when and where they need you. Don’t make them call if they’d prefer to use an app. 
3. Improve workflow automation: Leverage technology to optimize and automate your workflows to increase efficiency.
4. Regulatory compliance: Partner with experts that understand regulatory requirements to ensure compliance.
5. Real-time, accurate data: Leveraging technology platforms and partnerships that make access to real-time, accurate data possible. 

SummaCare has achieved success by leaning into becoming a digital payer to meet the growing consumerism demands in healthcare. Learn more about becoming a digital payer here.

 

Cyber Threat Intelligence (intel) is an important component of our security operations strategy. We believe it is critical to gather intel from multiple trusted sources and use it as a force multiplier. Our security operations team uses this data across multiple tools in our security portfolio. Enabling us to proactively identify and prevent cybersecurity incidents.

Industry Intel Feeds

While we have multiple Intel sources, one of our most valuable is the Health Information Sharing and Analysis Center (H-ISAC). H-ISAC is comprised of critical infrastructure operators and owners within the Health and Public Health sector, that share information in real time such as indicators of compromise (IOCs), tactics, techniques and procedures (TTPs), best practices, recommendations, as well as mitigation strategies. In additional to intel feed access, our H-ISAC membership also provides resources such as white papers, information and awareness videos, sector relevant news, and more.

Automated Endpoint Defense

Utilizing the data from our intel feeds, we can leverage automation to proactively update our endpoint controls to block communication with potentially risky sites and prevent malicious downloads from even reaching the machine. We can update our firewalls with ever changing list of malicious and suspicious IP addresses. We are also able to leverage these feeds while triaging security events from the endpoint, to determine if a file, process, or action needs to be quarantined or blocked. This streamlined process not only cuts down response time, but also ensures timely remediation and a complete review of the detection.

Automated Log Detection

Log sources from endpoints, firewalls, and network access points are collected and stored for analyses. Log collection allows us to categorize log events into different severity levels. Rules are then set on these events to trigger a notification to the security operations team, and other alerting tools in order to perform a remediation. Because logs are fed into a single source, if one malicious event is detected, our security operations team is able to quickly determine the scope of the detection. The scope analysis can identify changes in permissions, leaked credentials, and other events that would be considered changes in normal behavior. If abnormal behavior is detected for a specific user, additional steps would trigger to reflect the increased risk.

Bringing It All Together

When multiple intel feeds are used, HealthEdge is able to validate intel and make informed decisions on how to keep our network safe. We don’t rely on a single source for intel, but rather take full advantage of reputable external resources and internal resources that provide us with a complete picture. Our goal is to bring all the information together to ensure our security strategy is comprehensive and robust.

 

As it has been in the last several years, 2023 has significant regulations in play – predominantly revolving around interoperability and transparency, making it strategically critical for health plans to understand the life cycle of their data. Enrollment data, Provider Contracting & Participation data and Cost Sharing transparency will all see changes in the next few years. It is no longer enough to simply have the data and extract it – health plans need to understand where data comes from and how it’s used. They need to completely understand what data is being extracted, the intent of the data, and how it’s being reported and how it is presented to their members.

Data Granularity & Health Equity

The Covid-19 pandemic shined a glaring light on inequity in health outcomes. We knew that social economics plays a role in health outcomes, but we weren’t looking at race, ethnicity, and other stratifications or at least not at the right level of granularity. For example, during Covid, health outcomes for those of African American descent were dramatically less – regardless of economic level.

It is critical that we look at the data in more granularity – and look at race, ethnicity, gender, and gender identity. We need to identify outcomes and start improving them. We need to ensure that some segments of society aren’t being undermanaged or underserved due to insufficient/too broad data.

Race & Ethnicity Stratification

Health plans are required to report race and ethnicity. However, we’ve never separated the two, meaning a patient would be listed as Black and Hispanic. By getting more granular with the data – for instance by separating these two data points we can improve individual and population health.

Another example – today, a patient would be listed as multi-race/Hispanic. But what if we got more granular and note that this patient is Puerto Rican, Black, and Hispanic. With this more granular data, we can start to see what needs to be improved, such as better communication methods or increased education. We can approach patients with more knowledge gleaned from this data granularity and improve care.

Currently, there are no codes for Middle Eastern descent – but we know that people of Middle Eastern descent have their own genetic markers. What information could we glean from this population if that code and subsequent data existed? How could it improve the health of this population?

Protecting Sensitive Data

There remains a hesitancy in some parts of the population to share their information. Race, sexual orientation, and gender identity can be sensitive topics to certain members of the population, and with this sensitivity sometimes comes a hesitancy to share this information. For instance, SOGI has been hit or miss around transgender and how transgender people are treated.

This is a stumbling block we need to acknowledge and manage. We need to be sensitive to the increasingly granular data we store, its sensitivity, societal triggers, and patient/populations outcome/treatment. We need to protect this data and keep vulnerable populations safe/comfortable to share their information.

Federal & State Regulations

Health plans need to get to the level of granularity required by these regulations.

In 2023, NCQA’s health plan ratings include commercial, Medicare, and Medicaid health plans. The rating is a weighted average of a plan’s HEDIS® and CAHPS® measure ratings and accreditation status as of June 30, 2023.

Furthermore, in 2023, HEDIS is requiring additional reporting stratification  for  five key measurements:

• Colorectal Cancer Screening
• Controlling High Blood Pressure
• Hemoglobin A1c Control for Patients with Diabetes
• Prenatal and Postpartum Care
• Child and Adolescent Well Care Visits.

HealthEdge – Enabling Transparent Data

The member centric goals of interoperability and transparency efforts hinge upon the industry’s approach to understanding data characteristics, from the business perspective, beyond data mapping and formatting. As regulations evolve and standards are adopted, we begin to see alignment of data standards and transaction formats for these data elements.

The HealthEdge suite of products is so adaptable – it can create the mechanism to allow our customers to collect, store, use, and extract the data in any way necessary to improve their member health and meet regulatory compliance requirements.

Learn more about HealthEdge’s accurate, real-time data here.