Category: Uncategorized

The good news: COVID-19 numbers across the country have gotten low enough (daily reported cases are down 92%[1]) that the Federal government feels the Public Health Emergency status issued in March 2020 that enabled the government to weather the worst of the virus, is no longer needed. The bad news for the American healthcare system: Estimates show up to 18 million Americans will lose their health insurance coverage through Medicaid within 14 months[2].

The Medicaid line of business grew more than 17% from February 2020 to September 2022 from an increase in the unemployment rate as well as the Continuous Enrollment Provision as part of the Public Health Emergency. That growth may now tumble downward as states begin to comply with CMS and State guidelines for Medicaid eligibility.

[3]

While the current Federal guidelines give states up to 14 months to resume normal income eligibility for Medicaid enrollees, many states can choose to do so more rapidly. What this all means for health insurers is a renewed need for outreach to potential Medicaid members who are in danger of being disenrolled to communicate options for Marketplace coverage. This can become increasingly complex for states with federally facilitated Marketplaces that can oftentimes operate in siloes.  Others losing Medicaid may become eligible for Medicaid Premium Assistance in the Employer Sponsored Insurance (ESI), but while employment levels nationally have returned to pre-pandemic levels, it can vary widely from state to state.

But amidst this looming unrest lies an opportunity for an often-broken healthcare system to work as it should. States are encouraged to partner with health plans, MCOs, community health centers, ancillary care providers, and other health care partners to reach out to enrollees to conduct their annual Medicaid renewal application. Each entity plays a role in ensuring the fewest number of Americans become uninsured. With HealthEdge’s family of products, modern health plans can operate Medicaid lines of business with maximum efficiency while staying compliant with state-specific frequently changing regulations. To learn more visit: https://healthedge.com/lines-of-business/government/medicaid/

 

[1] https://www.hhs.gov/about/news/2023/02/09/fact-sheet-covid-19-public-health-emergency-transition-roadmap.html

[2] https://www.urban.org/sites/default/files/2022-12/The%20Impact%20of%20the%20COVID-19%20Public%20Health%20Emergency%20Expiration%20on%20All%20Types%20of%20Health%20Coverage_0.pdf

[3] https://www.kff.org/medicaid/issue-brief/10-things-to-know-about-the-unwinding-of-the-medicaid-continuous-enrollment-provision/

Data Protection in All States

Data must be protected in all states, when in use, in motion, and at rest. Data in use is data that is actively being accessed, processed, or updated. Data in motion is data that is being transmitted from one source to another. Data at rest includes any data that is stored and not actively transmitting from one source to another.

Data Loss Prevention

HealthEdge understands how critical it is to protect data, in all states, with a layered security strategy. As part of this strategy, we deploy Data Loss Prevention, or DLP, tools that monitor sensitive data, which alerts our security operations team to any potential findings. We also implement continuous training for everyone on the HealthEdge team. DLP ensures sensitive data is not exfiltrated from managed to unmanaged sources, such as transferring data from our corporate cloud storage to a personal storage and/or device. DLP policy configurations are designed to discover and protect data in real-time on the corporate network, endpoints and the cloud.

• Protecting the Network – DLP monitors data in all states on the corporate network and prevents data from being transmitted internally if it violates any HealthEdge information security policy.
• Hardening Endpoints – DLP monitors company endpoints and prevents data misuse and loss from endpoints both on and off the corporate network, including web traffic or email usage.
• Securing the Cloud – DLP monitors data on authorized cloud applications and prevents unauthorized and unsecure data transmission and unauthorized access.

Security Information Event Management and User Behavior Analytics

Security information and event management, or SIEM, collects logs and events from the HealthEdge environment. This capability allows our security operations team to analyze threats that have been identified by correlating data from different log sources. “Normal” behavior, such as where a user authenticates from and accesses data, are used to establish baselines. If the logs indicate a change in the baseline, an alert will trigger, and our security team will investigate further. This process is known as user behavior analytics, or UBA.

Log and event correlation can detect changes in access, authentication, or account changes. If a user attempts to access sensitive data using an unauthorized account, such as an employee account versus an administrative account, an alert will trigger additional analyses. If a user attempts to override established privileges, access will be blocked, and the attempt will be recorded in the user logs. Users are assigned risk scores based on role and privilege. When users attempt unauthorized access, even if blocked, the user’s risk score will increase. The greater the risk score, the greater the monitoring.

User Education and Awareness

The security operations team utilizes a hands-on approach, ensuring users with an increase in risk are aware of responsibilities to be good stewards of data. Humans make mistakes and the tools we deploy to prevent data loss work in conjunction with good cyber hygiene. In addition to notifications letting the user know the access or transmission has been blocked, security operations will reach out to the user directly to review information security policy requirements and answer any questions they may have regarding DLP. Security education and awareness is a continuous process and the HealthEdge team is the first line of defense when protecting data.

Medical necessity is one of the hardest things for both payers and providers to get right due to the complexity these policies usually require. However, medical necessity serves an important role in patient safety and fraud prevention, so it must be verified.

Medical necessity is a determination that a particular healthcare service, procedure, or treatment is appropriate, reasonable and necessary for the diagnosis or treatment of a patient’s medical condition.

For payers, getting it wrong can mean thousands, if not millions, of dollars wrongfully paid or wasted on downstream work associated with excess claim denials and recoupments. Getting it right means providers are reimbursed accurately the first time; patients receive the appropriate level of care and correct medications; and payers minimize overhead costs associated with claims review and rework.

To help payers get it right and be compliant with CMS National Coverage Determinations (NCD) and Local Coverage Determination (LCD) policies, MediQuant, a partner in the Source ecosystem, offers the full range of medical necessity edits, including:

• Procedures and diagnosis codes
• Add-on procedures
• Primary and secondary LCDs
• Covered and non-covered diagnosis codes
• Denied codes
• Frequency limitations
• I/P restricted CPT/HCPCS
• Effective dates
• Commentary on rule changes with every update

Making Medical Necessity Easier for Source Customers

As a transformative payment integrity solution for payers, Source has developed partnerships with many different best-of-breed vendors, including MediQuant. As part of the Source ecosystem, MediQuant is able to leverage advanced APIs from Source to deliver pre-built integrations between the two systems. This not only eliminates the IT burden for payers who want to use both solutions, but it also creates a more seamless user experience. Plus, it’s easy to configure, as Source automatically indicates if/why a policy impacts a claim.

The result of Source + MediQuant?

Results include streamlined clinical policy maintenance, prior authorizations, coverage determination, and claims processing.

Payers are also able to minimize provider abrasion related to wrongful denials while also better managing utilization across all care settings, including hospitals, physician offices, labs, and imaging centers.

To learn more about how Source + MediQuant can help your health plan dramatically reduce denials due to improper or incomplete documentation of medical necessity, visit the Source third-party integrations page here.

With the ease of shopping on Amazon and proliferation of curbside, delivery, and pickup options, consumers want options, the best deal, and fastest delivery/pickup.

With modern digital transformation, it’s no surprise that consumers want and expect the same for their healthcare. Several key trends are shaping this:

• Consumer buying behaviors being influenced by retail experiences
• New market entrants setting new standards for consumer-friendly experiences
• Increasing availability of data sources and maturing interoperability standards facilitating line of sight
• Growing participation in Medicare Advantage, Medicaid, and individual marketplaces

Customers are starting to exert their power

Customers expect to be treated the same way they are accustomed to in their daily interactions with retailers. American health consumers primarily value these 5 categories:

1. Convenience
2. Quality
3. Support
4. Personalization
5. Communication

Source: Healthcare Consumer Experience Trends 2021 | Press Ganey

Becoming a digital payer

With modern digital transformation solutions in place, health plans are leading the way to a more connected, consumer-centric healthcare marketplace. Digital health payers turn to technology to help:

1. Improve end-user and member centricity
2. Achieve higher levels of quality
3. Increase transparency
4. Advance customer service
5. Reduce transaction costs

Click here to read The Digital Payer Journey to Achieve a Coherent Individual Healthcare Experience white paper.

 

Medicare Advantage brings affordable, comprehensive healthcare coverage to nearly 30 million Americans. This program serves diverse American communities, including 3.7 million rural Americans. 40% of Americans making less $25K per year choose Medicare Advantage, and 32% of Medicare Advantage members are racial/ethnic minorities.

Medicare Advantage has had 8-10.5% YOY growth, and 60% of all Medicare beneficiaries will be in Medicare Advantage by 2030. The growth of Medicare Advantage brings opportunity for health plans to expand their member base. However, the diversity of the communities served by Medicare Advantage presents significant challenges for health plans. Furthermore, competition is rapidly growing for health plans in the Medicare Advantage space.

HealthEdge customer SummaCare is a local, self-funded, provider-owned health plan with 62,000 covered lives. Operating in Summit County, OH, SummaCare is part of one of the most competitive Medicare Advantage markets. In 2023, they are expecting members to have over 90 plans to choose from.

How does SummaCare stay competitive in the Medicare Advantage space, especially against national competitors?

We recently sat down with SummaCare’s VP of Operations, Melissa Rusk, to learn how health plans can compete and grow in the increasingly competitive Medicare Advantage space. Her five top tips for health plans are:

1. Understand your customer needs: Listen to the voice of the customer and take action on it. 
2. Meet your customer where they are: Be available to your customers when and where they need you. Don’t make them call if they’d prefer to use an app. 
3. Improve workflow automation: Leverage technology to optimize and automate your workflows to increase efficiency.
4. Regulatory compliance: Partner with experts that understand regulatory requirements to ensure compliance.
5. Real-time, accurate data: Leveraging technology platforms and partnerships that make access to real-time, accurate data possible. 

SummaCare has achieved success by leaning into becoming a digital payer to meet the growing consumerism demands in healthcare. Learn more about becoming a digital payer here.

 

Cyber Threat Intelligence (intel) is an important component of our security operations strategy. We believe it is critical to gather intel from multiple trusted sources and use it as a force multiplier. Our security operations team uses this data across multiple tools in our security portfolio. Enabling us to proactively identify and prevent cybersecurity incidents.

Industry Intel Feeds

While we have multiple Intel sources, one of our most valuable is the Health Information Sharing and Analysis Center (H-ISAC). H-ISAC is comprised of critical infrastructure operators and owners within the Health and Public Health sector, that share information in real time such as indicators of compromise (IOCs), tactics, techniques and procedures (TTPs), best practices, recommendations, as well as mitigation strategies. In additional to intel feed access, our H-ISAC membership also provides resources such as white papers, information and awareness videos, sector relevant news, and more.

Automated Endpoint Defense

Utilizing the data from our intel feeds, we can leverage automation to proactively update our endpoint controls to block communication with potentially risky sites and prevent malicious downloads from even reaching the machine. We can update our firewalls with ever changing list of malicious and suspicious IP addresses. We are also able to leverage these feeds while triaging security events from the endpoint, to determine if a file, process, or action needs to be quarantined or blocked. This streamlined process not only cuts down response time, but also ensures timely remediation and a complete review of the detection.

Automated Log Detection

Log sources from endpoints, firewalls, and network access points are collected and stored for analyses. Log collection allows us to categorize log events into different severity levels. Rules are then set on these events to trigger a notification to the security operations team, and other alerting tools in order to perform a remediation. Because logs are fed into a single source, if one malicious event is detected, our security operations team is able to quickly determine the scope of the detection. The scope analysis can identify changes in permissions, leaked credentials, and other events that would be considered changes in normal behavior. If abnormal behavior is detected for a specific user, additional steps would trigger to reflect the increased risk.

Bringing It All Together

When multiple intel feeds are used, HealthEdge is able to validate intel and make informed decisions on how to keep our network safe. We don’t rely on a single source for intel, but rather take full advantage of reputable external resources and internal resources that provide us with a complete picture. Our goal is to bring all the information together to ensure our security strategy is comprehensive and robust.