Category: Latest Thinking

BY PHYLLIS SARACENI, ESQ

When it comes to employee group health and welfare benefit plans, compliance can feel a bit like hitting a moving target. Just when you’re confident your whole program is compliant, there’s a change in the law or in a benefit. The result is a reactive, rather than proactive, approach to compliance. This approach leaves an organization open to unwanted levels of risk and audit vulnerabilities.

The reality is, compliance will always be an evolving challenge. It takes diligence and considerable resources to stay on top of constantly unfolding regulations, and plan specifics will always shift from year to year. Yet there are steps your organization can take to reinforce its compliance efforts by building a solid foundation around documentation and compliance processes.

That foundation should center on the plan documents. For all intents and purposes, virtually all organizations offering health and welfare benefit plans need plan documents. Taking the right approach to creating and maintaining these foundational documents can go a long way in minimizing compliance risk. For plan administrators focused on compliance, this report offers a deeper dive into building an effective health and welfare program around the elusive plan document.

Getting to Know ERISA

The Employee Retirement Income Security Act of 1974 (ERISA) is a federal law enforced by the Department of Labor (DOL), which looks out for participant interests. ERISA requires health and welfare plan administrators (the people who run employee benefit plans) to give plan participants, in writing, the most important facts they need to know about their benefit plans including plan rules, financial information, and documents on the operation and management of the plan. Notwithstanding the virtual absence of design requirements imposed by ERISA on employee welfare plans, ERISA does require that every welfare plan “be established and maintained pursuant to a written instrument.” Failing to comply can lead to civil and criminal penalties.

Some organizations, including public entities and church plans, are not covered under ERISA. Because they are exempt from ERISA, governmental and church health plans are not required to have a written ERISA plan document. Although ERISA may not apply to these plans, they are still subject to many of the laws that apply to private-sector plans, and still subject to plan documentation requirements under other federal laws. Therefore, the drafters of documents for ERISA-exempt plans often look to ERISA to influence plan documentation requirements under other laws. For example, ERISA-exempt plans are also subject to other federal rules that may have documentation or notice requirements such as the Internal Revenue Code (the Code); the Health Insurance Portability and Accountability Act (HIPAA); the Newborns’ and Mothers’ Health Protection Act (NMHPA); the Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA); and the Patient Protection and Affordable Care Act (PPACA).

Putting Your Docs in a Row

Exactly what constitutes an ERISA “written plan instrument” can be debated. Certain provisions are required to be in a plan document, certain provisions are wise to have in a plan document, and others have simply historically always been included. The style of a health and welfare plan will vary according to the drafter. All ERISA welfare benefit plans should have a written plan instrument (e.g., medical, life, long term disability, etc.) Most plan sponsors with insured plans think they have a plan document (and they may not). They also think they have a valid “summary plan description” or SPD also required by ERISA to provide participants with an understandable summary of the plan.

Cafeteria plans, including flexible spending accounts or “FSAs”, are another type of written plan required under the Code Section 125 rules. These plans allows employees to choose between receiving cash or taxable benefits instead of certain qualified benefits for which the law provides an exclusion from taxes. However, employers have flexibility in terms of plan documentation for cafeteria plans (including FSA) and there are multiple ways to approach how health and dependent FSAs are documented. For ERISA plans, cafeteria plan language (including FSA) can be added to a “wrap” plan document/SPD to satisfy the cafeteria plan documentation requirement. For non-ERISA plans, there are no rules that prohibit an employer from including cafeteria plan language in its plan documentation describing other employee benefits. In either case (ERISA or non-ERISA), the cafeteria plan document could also be a freestanding document that only describes the cafeteria plan.

Who Creates These Documents?

Many organizations have a combination of fully-insured and self-insured plans (e.g. medical is self-funded, vision and dental is fully-insured). In these cases, a combination of external documents and documents prepared internally are used to document the benefit offerings. Arguably, insured plans have a written instrument, typically a combination of the insurance policy between the plan sponsor and the insurance company and a booklet/certificate issued to participants.

The insurance company designs the plan it offers, determines coverage and creates communication for participants. But in many cases, the combination policy and booklet/certificate do not technically satisfy the requirements of an ERISA plan document or an SPD. Self-insured plans must also be documented, but these documents are often created by law firms or benefit professionals.

While many employers rely on insurance policies or contracts and benefit summaries issued to an employer, these documents rarely meet all the requirements of an ERISA plan document.

Many plan sponsors supplement the insurance policy and other written instruments with a wrap document. For plan sponsors with multiple welfare benefit offerings, the use of a wrap plan document provides evidence that the plan sponsor views the benefit program as one plan with different components, and supports one annual Form 5500 filing.

Killing Two Birds with One Stone

Wrap documents are drafting devices used to supplement already existing documentation. A wrap documents “wraps around” the carrier-provided documents and other written instruments to add information required under ERISA but not captured in the carrier and other documents. A wrap document provides the necessary ERISA bells and whistles by incorporating (or wrapping itself around) the insurance policy or similar third-party materials and summaries. The insurance policy and summary booklets remain part of the plan document (reflecting many of the plan’s most important terms and conditions), and the wrap document merely supplements these materials with the necessary additional information.

In instances where there are multiple plans (often with a mix of funding types and document sources), a “mega-wrap” can be used to pull everything under a single document. This mega-wrap document serves a dual purpose—it collects documents regarding more than one type of benefit together to form a single plan, and also provides the ERISA required language. For example, if multiple insured health coverage options are offered, a mega-wrap document brings all of the insurance policies together as a single plan.

Mega-wrap documents are commonly used to collect multiple welfare benefits under a single plan so that only one Form 5500 needs to be filed.

A wrap document can be used to bundle various types of benefits (e.g., medical coverage, dental coverage, LTD, and life insurance) and may include both insured and self-insured benefits. Non-ERISA benefits (like dependent care FSAs) may be bundled with ERISA benefits through a wrap document without becoming subject to ERISA; clear drafting with respect to which benefits are (and are not) subject to ERISA is recommended.

When using a wrap document, it is important to clearly describe which provisions apply to which component benefits, and to avoid conflicts or ambiguities. The mega-wrap document can also be written to include cafeteria plan language required under the Code.

 Wrapping Up Compliance

All plan documents need to be updated any time changes to plans are made, and these changes need to be communicated to employees. Maintaining a single mega-wrap document may prove to be a more straight-forward drafting device for updating the benefit plan offerings as they change year over year.

All plan documents must be stored and readily available to be properly and timely distributed to all plan participants and beneficiaries by the plan administrator. The plan administrator must make copies available at its principal office and certain other locations. The plan administrator must furnish copies of certain documents upon written request, and must have copies available for examination. The documents include the latest updated SPD, latest Form 5500, and other instruments under which the plan is established or operated.

A Strategic Approach is Key

The document requirements for group health and welfare plans are very complex. The applicability of certain requirements may depend on a number of factors, including the number of employees covered under a plan and the type of benefits offered. Additionally, a group health or welfare plan may be subject to other requirements, such as certain disclosures required by the Internal Revenue Service or under state law. Employers who have questions are encouraged to consult with their third plan administrators, benefit plan advisors or a knowledgeable employee benefit/ERISA attorney for further guidance.

Plan document compliance is an ongoing process – it is not a “set it and forget it” practice. But with a strategic approach to streamlining documents and properly communicating with participants, plan sponsors can reduce risk, maintain compliance, effectively share important, administer varied group health and welfare programs, and also properly share relevant benefit information with participants.

Click here for a printable download.

By Justin R. Ackerman and Monica Attanasi

Ways Claim Specialists Can Help Manage Catastrophic Claims

Catastrophic events can destroy homes, ruin lives, break apart communities and, of course, leave lasting damage to businesses when not handled properly.

Whether it be a hurricane, tornado, earthquake, fire or other disaster, catastrophic events are difficult to predict and can leave businesses with millions of dollars in damages.

Unfortunately, catastrophic events happen across the globe every year. In fact, 301 disasters in 2017 resulted in $144 billion in insured losses around the world, the highest global total ever recorded in history. The U.S. was far from exempt. Approximately $101.9 billion of those losses occurred in the U.S., marking a 370 percent increase from the year before.

Businesses that experience a catastrophic loss are typically facing tens of millions of dollars in expenses. Between property damage, loss of income due to business interruption, employee displacement costs and much more, a catastrophic event can easily put a company out of business without proper protection.

Even when fully insured, managing such a large claim can be a dizzying process. Filing a claim, documenting the damage and navigating your existing contracts and coverages, all while trying to keep a business afloat, can be enough to make an executive’s head spin.

Thankfully, claim specialists can ensure companies receive the full reimbursement they’re entitled to while relieving business leaders of the heavy lifting when it comes to managing the claim. In doing so, claim specialists allow business leaders to focus on what they do best – running their companies. With hurricane and tornado seasons in the U.S. right around the corner, the time is now to think about existing coverages and policies, as well as the support system each business has in place to respond to a catastrophic event. Having the backing of a claim specialist can mean all the difference in these times of need.

To go above and beyond, policyholders need to trust and be ensured that their claim specialist is able to have boots on the ground next to them at the site of the disaster.

Here’s how an effective claim specialist can manage a catastrophic claim and get businesses back on their feet after a disaster:

1. PRESELECTION OF A DESIGNATED ACCOUNT ADJUSTER – During the pre-renewal of the policy, your claim specialist will work with you on the selection of a designated independent adjuster being written into the policy. The designation of an account adjuster allows for pre-loss meetings with you, your insurance carrier and broker to discuss your business, claim adjusting and expectations in the event of a disaster, before it occurs. An independent insurance adjuster is very experienced and skilled with a long track record of assessing catastrophic-type losses. The adjuster will be responsible to work with you, your claim specialist and the insurance carrier in damage assessment and evaluation. An effective claim specialist becomes an integral part of this team approach in managing a complex claim, working with the adjuster and among the parties to ensure that you are made whole through a successful outcome of the claim.
2. ONSITE DAMAGE ASSESSMENT – Responding quickly when a catastrophic claim comes in has become table stakes for insurance carriers and claim specialists. In order to accurately assess the damage and effectively manage the claim, it is generally advantageous for a claim specialist to be onsite. This will allow the specialist to see and understand the entire scope of the damage, offer holistic advice, connect you with necessary resources, effectively assist you with the cleanup and rebuild process and deal with issues as they arise in working with you, the adjuster, various experts and the insurance company.
3. ACCESS TO FAST CASH – Claim specialists and the account adjuster work together in obtaining an initial cash infusion fast. This is critical to jumpstarting the cleanup and reconstruction processes. An effective claim specialist will know exactly what coverages the company has and will be able to see through the initial and immediate funding process. You never know what type of financial situation a company will be in when disaster strikes, and getting caught flatfooted with no access to initial funding can derail the process and exacerbate any existing cash flow or financial problems. Accessing funds straight away helps provide peace of mind at a time when stress is high and revenue is often disrupted.
4. CLAIMS MANAGEMENT FOR THE LONG HAUL – When dealing with a catastrophic loss and millions of dollars in reimbursements, no one wants to be left in the dark. Constant communication between the claim specialist and policyholder is key to keeping everyone updated on the latest developments. Setting up periodic check-in calls with key stakeholders to review ongoing construction progress, the status of funding and other relevant timelines will provide business executives with the peace of mind of knowing their claim is being handled effectively. With this confidence, they can go back to doing what they do best – running their business.

No policyholder should ever be left wondering, “What’s going on with my claim?”

TURNING A NEGATIVE INTO A POSITIVE

Obviously, a catastrophe that causes major damage is never a welcomed event. However, a claim specialist with deep expertise managing large, complex claims can make the process as positive of an experience as possible.

At Conner Strong & Buckelew, one-third of our employee base is dedicated to managing claims and implementing safety programs for our clients, and we have a long history of effectively navigating this process with businesses of all types. This expertise allows us to help our clients not only manage the fallout from a catastrophic event but come back even stronger. By preselecting an independent account adjuster, securing fast access to cash and being completely transparent throughout the process, executives can focus on keeping their company afloat.

To discuss your specific concerns and exposures and to review your current insurance package, please contact a Conner Strong & Buckelew representative.

BY KRISTINE KLEPPER

When it comes to health, no two people are the same. Each of us has a unique set of health concerns and priorities based on family history, upbringing, personal habits, medical knowledge, environmental factors and a host of other influences. Likewise, it’s no surprise that within any population of employees and dependents there are a wide range of individuals with unique health concerns. Some suffer from chronic conditions, others need treatment for an acute illness. Some are relatively healthy, while others have complex medical needs.

The practice of population health works to identify medical trends and issues within a group of participants and implement strategies to lower costs and improve health outcomes. With population health, plan elements like benefits structure, clinical resources, claims processing and wellness initiatives are all tools that can be utilized to improve the overall health of the population.

For organizations and plan administrators, population health has significant potential to streamline costs and improve employee wellbeing and satisfaction. In fact, 61 percent of employers surveyed in Deloitte’s Global Human Capital Trends report said employee wellbeing programs improve productivity and bottom-line business results.

Evolving population health strategies can be used drive a healthier workforce and balance sheet.

Better Outcomes …

Technology is connecting plan participants and providers in powerful new ways. Here’s just one example.

Patients with diabetes can be given continuous glucose monitoring devices that track blood sugar levels at all times. If the device detects a dangerous reading, it immediately alerts a designated healthcare provider. A nurse can then call the patient right away to make sure there’s no medical emergency and alert the patient to the adverse reading.

In addition to being automated, new technologies have two significant benefits for plan sponsors, participants and providers.

• Immediate action. A Healthcare professional is alerted instantly and then has a personal interaction with the patient. This drives better health outcomes – and in some cases can save an individual’s life.
• Direct Connection. Employees can be mistrustful of their employers and insurance companies when it comes to personal health information and privacy is often a concern. Technology enables a direct line between patient and provider in a private, tailored interaction.

These glucometers are just one example of how wearable devices are changing ways employers can support better connections between patient and provider. As a result, employees receive more timely, personal health interventions with less opportunity to hide behind plan bureaucracy and anonymity in realizing better health outcomes.

… Driven by Data

Rapidly evolving technology and data analysis tools are creating better opportunities for care, but administrators and providers need actionable data to determine where to focus their efforts. In addition to new sources of data like wearables and other internet-connected devices, there is plenty of actionable information in more traditional forms of data, including:

• Insurance claims
• Health risk assessments
• Employee surveys
• Pharmacy Data

A smart analysis of data from these sources can reveal gaps in care for a specific population with the most potential for return. Plan sponsors should focus on finding the right balance of employer-led initiatives, carrier tools and healthcare provider resources with the right metrics to measure impact.

One Metric is King – Employee Buy-in

At the end of the day, population health data and resources only matter if they’re creating healthier individuals. Getting participants to better manage chronic conditions, make smarter eating choices and get more exercise takes employee education and buy-in. No matter how sound the population health strategy is, it won’t work if employees don’t participate.

The gold standard for securing that buy-in remains financial incentives through lower payroll deductions for health plan coverage. Offering a tangible discount for making smart, proactive health decisions motivates employees to take those actions.

When implementing any workplace health initiative, it’s typically best to start small. See what resonates with your specific population and build on what’s effective. Potential initiatives to explore include:

• Published patient testimonials
• Health fairs and awareness events
• Encouraging contests and competitions
• Group goals and program updates

Achieving a Healthy Return on Investment (ROI)

Employers understand the value of managing and improving population health. Yet quantifying a direct ROI can be a challenge. In many cases, you’re attempting to measure what didn’t happen through negative health outcomes that were prevented. It’s no easy task.

A KPMG study points to ROI between three and four years into the program. But, to truly gauge the success of population health efforts, a broader perspective is needed.

More and more employers are recognizing the impact population health can have on participant health and the bottom line. On average, annual healthcare premiums will increase by five percent this year, according to the Kaiser Family Foundation. Using population health to identify better ways to tackle participant health can lead to direct healthcare savings and offset the consistent uptick in medical plan costs.

These savings are often amplified across the organization. Research suggests health-related productivity costs are greater than direct health costs at a rate of more than two to one. At the same time, a healthy company culture and better benefits can improve retention and recruitment – a particular concern in the competitive labor market facing many industries.

Population Health Creates Healthy Populations

Just as a rising tide lifts all ships, productive population health efforts have a positive impact on society that’s part of a meaningful ROI. Better utilization of the system helps to bend the healthcare cost curve, fostering healthier lifelong habits for employees and dependents. Advances in population health technology create a real potential for organizations with a dedicated approach to understanding the health issues and opportunities specific to their participants.

To discuss your population health opportunities at your organization, Please contact a Conner Strong & Buckelew representative.

Please click here for a printable download.

BY TERRENCE J. TRACY

The market for labor, talent and human capital remains highly competitive as companies seek to hire and also to retain skilled individuals. As part of their hiring and retention efforts, many employers offer, sponsor, and/or provide a variety of employee benefits including medical, disability, retirement, and/or profit-sharing plans. One of the challenges for an organization is the management risks associated with these benefit offerings.

In particular, administering and managing various types of benefit plans may require the employer to act in a fiduciary capacity exposing the employer to risks both within and beyond the Employee Retirement Income Security Act (ERISA).

Increased risks are highlighted by recent litigation that focuses on fiduciary obligations owed to benefit plans and their beneficiaries. Lawsuits have alleged that plans incurred excessive/unreasonable fees, included imprudent and high-cost investments, and engaged in prohibited transactions. While lawsuit headlines have involved well-known entities such as Anthem, BB&T Corporation & Northwestern University, plan sponsors, fiduciaries and decision-makers at most businesses are not immune to similar claims. Therefore, evaluating exposures and potential liabilities is essential regardless of plan size & scope.

Importantly, if your company provides employee benefit plans, significant duties of care may be imposed upon plan sponsors as well as the individuals who oversee plans and related assets. Individuals are typically designated in plan documents by name, title & role (trustee, administrator, etc.) as part of committees, while others are separately authorized to make discretionary decisions. It is best to start with the general requirements of the latter fiduciary type roles in order to understand the various exposures.

Exposures & Broad Liability

Core duties of a fiduciary, as typically outlined in plan summary documents, include maintaining accurate records, appropriately structuring and offering a menu of investments, selecting advisors, properly detailing the rights and eligibility of participants, and engaging in clear communications. Fiduciaries should be cognizant of the obligations imposed upon them by ERISA as well as their duty in prudently fulfilling their roles in the sole and best interests of the plans & beneficiaries.

These responsibilities present exposure. For example, fiduciaries may be held personally liable for breach of their duties, which could result in a lawsuit against them individually. Using third-party service providers or a bank does not diminish the fiduciaries’ ongoing duties and obligations to the plans or the fiduciaries’ potential for personal liability.

Best Practices

Strategically, there are several effective techniques to mitigate risks involving fiduciary responsibilities.

1. Obtain fiduciary liability insurance coverage

A crucial first step for employers to consider is transferring risk from plan sponsors and individuals to insurance carriers via fiduciary liability insurance. This transfer can establish a more affordable and quantifiable approach to risk, particularly when it comes to unpredictable expenses including defense costs. Policies should include insuring agreements specifically covering fiduciary and settlor capacities, including personal indemnities arising from errors or breaches, and cover both ERISA and non-qualified benefit plans.

Even though plan sponsors & individuals may believe they are covered by other types of insurance, this is not always the reality. Specifically, directors and officers liability (D&O), commercial general liability, employee benefits liability and ERISA bonds (address fraud or dishonesty by bonded individuals) may all have gaps or exclusions presenting employers and individuals with additional uninsured liabilities. Instead, plan sponsors should strongly consider fiduciary liability insurance as a layer of comprehensive, dedicated protection.

Finally, plan sponsors should also note that extensions are available with fiduciary liability insurance for inquiry expenses, voluntary settlements and certain regulatory fines and penalties under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Affordable Care Act and the Pension Protection Act.

2. Maintain compliance and consistency in plan documents

In addition to transferring risk to an insurance carrier, employers and sponsors should ensure that their plan documents are both compliant & consistent. This includes providing complete and accurate information, particularly around eligibility criteria and available benefits. Sponsors should attempt to use concise, straightforward, and well-organized language and terms throughout documents and within communications to employees. Summary plan descriptions should be distributed in a timely manner and include an outline of the terms and conditions of the plan.

Plan sponsors should also engage legal counsel in reviewing plan documents to verify ERISA compliance, especially when changes are under consideration.

3. Periodically evaluate plan operations, investments and vendors

One final key consideration for oversight of plan administration is forming an effectively structured employee benefits plan committee. A well-functioning committee should:

• meet a sufficient number of times annually;
• thoroughly document topics discussed and actions taken; and
• routinely rotate members

The committee should also thoroughly examine enrollment procedures, investment options and share classes. Additionally, committee members should assess and evaluate third-party administrators and vendors with a close scrutiny of performance and expenses.

Effectively Mitigating Risk in Employee Benefit Plans is Crucial

Employers and individuals monitoring employee benefits face a high duty of care to carry out fiduciary responsibilities and comply with ERISA regulations. Failing to do so creates considerable liabilities and exposures. By obtaining adequate fiduciary liability coverage, effectively maintaining plans, and regularly evaluating key elements of the plans, organizations and individuals can proactively reduce their risk and exposure to potential liabilities.

To discuss your specific concerns and exposures and to review your current fiduciary liability policy, Please contact a Conner Strong & Buckelew representative.

Click here for a printable download.

BY TAMMY L. BROWN

The healthcare industry has evolved a lot in the last several decades. It wasn’t that long ago that doctors made local house calls to sick patients. Today, physicians can teleconference with patients on the other side of the world. This rapid advance in technology has generated tremendous amounts of data on virtually every aspect of the healthcare industry, from patients and physicians to hospitals and insurance carriers.

There’s considerable opportunity lurking in all that data for employee benefit plan sponsors and organizations eager to maximize the impact and efficiency of their benefit offerings. But with so much data and so many sources of information, the challenge for plan administrators has become distilling all that data into actionable insights.

Those insights can be used to drive cost savings and employee satisfaction. They typically play out on two fronts:

1. improving how members utilize benefits
2. improving how carriers and providers administer care.

With the right data, administrators can adjust plan offerings, supplemental initiatives and participant communication to better match benefits programs to participant needs. At the same time, good data can drive better decisions about carrier and provider relationships.

An experienced broker or other partner can be a valuable ally in helping organizations and plan administrators advance data analytics tools and turning insights into results. These partnerships should focus on a few core areas.

1. BETTER ACCESS TO DATA

Despite the overflow of healthcare data, some organizations find accessing that information surprisingly difficult. Self-funded plans take on all the risk and therefore can access any and all of their own data. The challenge for these plans is more in wrangling the data into a meaningful structure. For large organizations, a data warehouse can be a powerful business analytics tool that effectively stores and structures data in meaningful ways. Fully insured plans, on the other hand, need to request data from an insurance company that’s assuming the risk. Insurance companies can be reluctant to share data for smaller organizations – plans with fewer 300 lives are not considered fully credible.

Brokers can often leverage existing relationships with carriers to access data sets for smaller plans. Insurance companies may be more willing to share data knowing the organization has a partner that can glean accurate insights from the reports.

2. BETTER OPPORTUNITIES FOR ACTIONABLE INSIGHT

For all employers, regardless of funding arrangement, the right partner is a key resource in determining what kind of data to request. Most employers tend to focus on data centered on claims. Rightfully so – there are powerful insights to be gleaned from reports detailing monthly claims and out-of-network costs. Within claims, there are more advanced reports brokers will recommend, like one that shows emerging high-cost claims. These reports identify individuals who have recently increased utilization of healthcare services and may benefit from carrier case management.

There are countless other data sets that offer a revealing peek behind the curtain of any employee benefits plan. One example of a next-level report is a preventative screening test. This report identifies all the participants in a population who should be receiving preventative screenings – mammogram, colonoscopy, etc. It then cross-references that list with the actual number of screenings provided during a certain period. These kinds of reports offer an opportunity to be proactive and use tools like population health, wellness programs and participant communication to reduce future claims and costs.

3. BETTER BENCHMARKING

Understanding where your organization’s benefits offering fits in within your competition is becoming an increasingly critical recruitment and retention tool. Data analytics with the right partners can offer a deeper look at how specific benefits stack up within a particular industry. It can also account for changes in pricing and services depending on the geographic area so sponsors and administrators can be sure they’re comparing apples to apples.

Benchmarking data can provide a marketable differentiator in hiring top talent based on the plan offering or contribution costs or can be used to internal analytics to verify the efficiency of claims adjudication and other processes.

A DATA-DRIVEN FUTURE

The future promises to bring more disruption to the healthcare space. New technologies from implanted health devices to robotic surgeries are changing how patients receive care. Evolving regulations around how pharmaceuticals are developed and patented are changing how new treatment innovations are advanced. New mergers in the healthcare space including Berkshire Hathaway, Apple and J.P. Morgan Chase’s partnership are changing how the industries provides services and pays for them.

All of these disruptions have the potential to change the industry in significant ways. One thing won’t change – healthcare’s growing reliance on data. Smart plan sponsors and administrators are turning to the data and using strategic partnerships to ensure plans are running efficiently and participants are empowered to make the most of their benefits.

Click here for a printable download.

BY DANIEL S. BRETTLER 

Why Patient Safety, Personal Information, and Sponsor IP is at Risk

Digital health capabilities are revolutionizing the way individuals receive healthcare. But in today’s network-connected world where data breaches and cybersecurity events are growing in frequency, the rise of digital capabilities introduces an evolving cyber risk to clinical trials that may be addressed with insurance coverage and cutting-edge protections.

Digital health encompasses wearable devices, the digitization of medical records, video conferencing between patient and doctor and drives multiple facets of a clinical trial. Digital health is being introduced to nearly every corner of the healthcare market as well. Outside investors have sunk more than $20 billion[1] into the development of digital health capabilities over the past three years, and experts expect this number to continue to climb as new applications come to light.

These capabilities are improving the accuracy and speed in which doctors can diagnose, manage, predict and prevent medical issues. They’re extending medical services to rural areas where access to treatments is sparse. Digitizing medical records provides doctors and healthcare professionals with fast access to more information they can analyze and use to make better medical decisions and recommendations.

The adoption of digital health has also coincided with a rise in cyber security events at hospitals, doctors’ offices, pharmaceutical companies and at clinical trial sites. Consulting firm Accenture predicts that approximately 25 million individuals[2], or one in every 13 patients, will have their medical or personal information compromised via a breach of their healthcare provider’s digitized records by the end of 2019.

Data breaches aren’t the only cyber threat facing the medical industry. Ransomware attacks, in which cyber criminals hold a network or database hostage in exchange for payment, have skyrocketed in recent years. Cyber criminals are even capable of hacking into a medical device currently being worn by an individual, putting patient safety at risk.

Digital innovation also introduces cyber risks to clinical trials, which are markedly exposed given the wide range of parties involved as well as the wealth of information being stored throughout the process. These risks affect the entire cast of participants. The trial sponsor, the investigators, clinical research organizations (CROs) and even human subject participants are exposed to cyber security threats.

The push for innovation through the adoption of digital health in clinical trials will not slow down anytime soon. Clinical trial players must start by identifying their risks and responsibilities. From there, those involved must decide which risks to manage themselves, and which to transfer through the use of insurance coverage.

Cyber Risks in Clinical Trials

Digital health capabilities introduce new cyber risks to the entire cast of participants in a given clinical trial. The digitization of health records puts trial participants’ healthcare information at risk as data breaches become more commonplace across the industry. These individuals can also face physical dangers if a wearable administering treatment is compromised while in use.

Sponsors, investigators and CROs can also be held liable for the heavy financial and reputational damages that may result from a large-scale breach of patients’ personally identifiable information. Suffering a data breach can cost a company $3.8 million per incident[3] after factoring in a robust response plan, offering credit monitoring to all affected and other ancillary costs. This, however, does not capture the reputational damage that can result from being associated with a cyber event. According to an Accenture analysis, healthcare providers that do not make cyber security a strategic priority will put $305 billion of cumulative lifetime patient revenue[4] at risk over the next five years.

It is clear to see why cyber criminals are targeting the healthcare industry. Medical records contain extremely sensitive personal information, which can sell on the dark web for as much as 10 or even 20 times[5] more than a Social Security number or a credit card number.

As sponsors, CROs, investigators and everyone else involved in a clinical trial continue to lean more heavily on digital tools to conduct trials, they must verse themselves with the intricacies of these risks and make cybersecurity a strategic priority. Clearly, all parties involved in clinical trials must pay close attention to the growing threat of a cyber-attack.

Cyber Insurance’s Critical Role

Insurance plays a pivotal role in protecting sponsors, CROs and investigators from losses resulting from a cyber-attack. Product liability, bodily injury, property, errors and omissions liability, directors and officers liability, business interruption and cyber coverage are all key aspects of a well-rounded insurance package that can offer financial protection from the fallout of a cyber security event. This is clearly illustrated by the impact to Merck resulting from the June 2017 “NotPetya” cyber-attack which threatened the production and supply of life-saving drugs like Keytruda for cancer, Januvia for diabetes and Zepatier for treatment of hepatitis C. In such cases the potential business income loss resulting from property damage or non-damage scenarios along with reputational injury may prove fatal to clinical stage companies.

Aside from the well-documented damages associated with a data breach, the utilization of network-connected wearable medical devices introduces the risk of bodily injury should a device be hacked while being utilized by a trial participant. For instance, a network-connected pacemaker that is hacked and manipulated by a cybercriminal while in use could lead to devastating injury or even death.

While product liability policies have not contained exclusions for cyber events, there have been recent examples of insurance companies attempting to add such endorsements to “clarify coverage.” In some cases, the endorsements may exclude cyber and then give back bodily injury, property damage or ensuing financial loss, but only if reasonable precautions can be met. Since approval of a medical product by the FDA incorporates what it decided are “reasonable precautions,” it is possible that such insurance demands may not be consistent with that approval, creating a dangerous point of potential conflict in the event of a claim. Since product liability is an essential coverage, it is important to work with your insurance agent or broker to assure that the coverage remains free of such pitfalls.

These lessons demonstrate that there are a variety of evolving risks which must be addressed with a robust mix of insurance coverage, including product liability, clinical trials, personal injury coverage and both first- and third-party cyber policies. Since cyber negligence from suppliers may lead to disputes and ultimately subrogation and recovery demands that add tension to often essential relationships, it is important to include language in contractual agreements with third-party vendors that clearly define liability and employment of reasonable risk management precautions in the event of a cybersecurity breach. Finally, it is important to select an insurer who can provide reputational damage coverage and access to experts to help manage the potential disruptions arising from a cyber-attack.

Cyber insurance, while still somewhat overlooked by many life sciences companies conducting clinical trials, is an absolutely critical component in protecting a company from the impact of a cybersecurity event. These policies are easily triggered and typically cover most, if not all, expenses related to a cyber security event, depending on the policy. Financial damage resulting from malware, ransomware, corrupted data attacks, etc. may be covered by a typical cyber policy without much need for amending policy language or negotiating exclusions.

These coverages also come with pre- and post-event mitigation services that can go a long way in preventing a breach from occurring and limiting the damage after one takes place. Cyber insurance allows policyholders to tap into the underwriters’ network of vendors that specialize in data breach forensics, response plans, public relations and loss mitigation services. Without a policy, life sciences companies would be on the hook for all of these expenses, as well as any credit monitoring services, business interruptions and customer outreach that may be necessary after an attack.

Pricing for this coverage varies widely based on an organization’s size and specific needs. But the leading underwriters with whom we speak in the insurance industry suggest that a company’s ability to demonstrate its resiliency to a cyber-attack can drastically impact cyber policy pricing. For instance, a trial sponsor that has a robust response plan in place, practices it regularly and trains its employees on a monthly basis about the latest phishing techniques will pay considerably less for the same coverage than one with limited cyber security precautions in place.

Benefits of Digitization

While there are risks involved, clinical trials are undeniably benefitting from digitization in powerful ways. For example, wearables can monitor a participant’s medical condition remotely throughout the course of a clinical trial with astonishing accuracy. These wearables are leading to the growth of both the quantity and quality of information produced throughout a trial. Electronically storing this information makes data analysis faster and more effective than ever before.

In fact, an increasing number of decentralized clinical trials are reducing the number of on-site visits a patient is required to attend and can collect data remotely from a patient’s home. I spoke to Michael O’Brien, a senior clinical research executive who has spent the last five years commercializing and promoting the benefits of decentralized trials. Through the use of wearables, video conferencing and the digital transmission of readings and data, trial sponsors that engage in these clinical trials are able to reap a number of benefits.

By eliminating the need for participants to travel and spend time at a clinical trial site, sponsors are able to vastly increase the reach of their recruitment efforts. With reduced geographical barriers, sponsors can realize a higher availability of participants from across the country who meet the study’s needs. Wearable medical devices monitor patient health information, and participants are directed to administer study drugs from their own homes. Additionally, video and data network connections can ensure that medical readings are precisely recorded, time stamped and immediately organized to limit the potential for human error.

“In reducing the burden on patients by transferring clinical research activities to the home, sponsors can increase the reach of their participant recruitment efforts, eliminate overhead costs and increase the speed, quantity and quality of clinical trial data,” O’Brien told me in an interview. “With the increasing pressure on drug pricing and elevated costs of drug development, digitally enabled approaches such as decentralized trials can contribute meaningfully to a more efficient drug development process.”

These decentralized clinical trials encompass nearly the full spectrum of digital health capabilities and have the potential to revolutionize the way clinical trials are conducted. Clearly, they offer a unique and powerful step forward in the evolution of clinical trials.

Such trials also introduce a few more areas of potential security vulnerability. For instance, personally identifiable information and the intellectual property of the sponsors must be transmitted wirelessly from a participant’s home network, which may not contain a robust cybersecurity system. This network may serve as a weak link hackers can use as avenue to exploit. Patching up this potential security weakness will require sponsors, CROs and subjects to work together to ensure the security of all participants is maintained.

While the prospect of decentralized clinical trials is a compelling concept, the fact remains that the majority of trials continue to involve more traditional sites and data collection methods. But even these formats are still markedly exposed to cyber security risks. In fact, whenever network-connected devices and equipment are introduced to a process, cybersecurity vulnerabilities inevitably also arise. While these risks can be managed, it is important for clinical trial sponsors, CROs, investigators and everyone else involved to understand where they stem from and what exactly is at stake.

Gray Areas of Liability

Digital health introduces new technology providers, third-party data maintenance and storage vendors, software developers and a litany of other parties to the clinical trial process. Given this wide cast of participants, all with varying degrees of exposure and responsibility to sensitive information and network-connected equipment, establishing liability after a cybersecurity event can be difficult.

For instance, the creation of a wearable device involves countless parties, including developers, manufacturers, installation services and maintenance professionals. Flaws or errors and omissions in the design, manufacturing, implementation or maintenance of these devices may leave behind software bugs or programming faults that can be exploited to alter treatment or the data a sponsor counts on to achieve regulatory approval.

If a wearable device is compromised and it leads to an individual being hurt or other costly consequences, determining which of these parties is liable to damages can be a difficult task. There is no handbook on this situation, and this liability gray area can lead to challenges in a claims process.

This gray area of liability is another evolving aspect of cybersecurity worth monitoring. As technology and digital capabilities evolve, the standards for establishing liability are likely to change. This fact further underscores the need for a robust insurance package to ensure each organization is protected from liabilities they may not even be aware of. With so many different parties involved, it is essential that clinical trial insurance packages include blanket contractual coverage that protects the organization from damages caused by third-party vendors. These companies must also require that vendors name them as additional insureds in their contracts to protect the sponsor’s interests in the event of a cybersecurity breach.

Heightened Regulatory and Legal Risk

Regulators and lawmakers are also taking notice to the rise of cyber security events in clinical trials and the broader healthcare industry. As a trial sponsor, investigator or CRO, there’s a lot to keep track of from a legal and regulatory perspective.

Cybersecurity and the protection of personal information has become a global issue that is attracting the attention of a wide range of governing bodies. With so many different regulators and lawmakers taking a close look at the issue, it has become difficult for trial sponsors, CROs and investigators to discern their own legal and regulatory liabilities and obligations within the context of a clinical trial.

The evolving legal and regulatory landscape as it pertains to cyber security and digital innovation in healthcare is certainly worth monitoring.

Limit the Damage

Cybercriminals are operating with increasing sophistication. Their methods of infiltrating networks are constantly evolving, and new approaches are arising regularly. The incorporation of digital health into clinical trials opens up new avenues for cybercriminals to launch an attack. Wearable devices, network-connected pieces of equipment and databases of personal information all represent entry points for hackers to gain access to internal systems.

With so much at stake, clinical trial sponsors, CROs, investigators and all other parties involved must take steps to protect themselves. The cornerstone of this protection plan is a robust insurance package led by a strong cyber policy. However, life sciences companies should not go about acquiring these coverages alone. Considering the wide range of exposure and the multiple coverages a company will need, it is important for all companies conducting clinical trials to consult an insurance broker that is well-versed in these policy intricacies before securing coverage.

While there is no surefire way to stop a cyberattack, cyber insurance is a necessary component to mitigating risk and managing the liability.

Click here for a printable download.

[1] https://www.accenture.com/t20171108T183552Z__w__/us-en/_acnmedia/PDF-57/Accenture-Health-Digital-Health-Comes-Of-Age.pdf

[2] https://www.accenture.com/t20171221T005341Z__w__/us-en/_acnmedia/PDF-54/Accenture-Health-Cybersecurity-300-Billion-at-Risk.pdf#zoom=50

[3] https://www.ibm.com/security/data-breach

[4] https://www.accenture.com/t20171221T005341Z__w__/us-en/_acnmedia/PDF-54/Accenture-Health-Cybersecurity-300-Billion-at-Risk.pdf#zoom=50

[5] https://www.reuters.com/article/us-cybersecurity-hospitals/your-medical-record-is-worth-more-to-hackers-than-your-credit-card-idUSKCN0HJ21I20140924

[6] https://healthitsecurity.com/news/fda-unveils-mitres-medical-device-security-playbook

By Carol Lapetina and Dominic Micali

5 keys to a better medical claims audit

For medical plan sponsors, the need for audits is a fact of life. (Or should be. If you’re a medical plan sponsor and you haven’t audited your claims administrator for several years – or ever – this discussion may be of particular interest to you.)

Audits are a necessary and powerful tool for sponsors to meet their fiduciary duty and ensure their third-party claims administrator (TPA) is properly processing and paying claims. After all, as plan sponsor you have turned over your benefits checkbook to an outside vendor who will pay millions of dollars of your employees’ claims over the course of the relationship. This relationship should be subject to the same level of financial scrutiny as any other vendor relationship. Sponsors must conduct audits, and TPAs have entire teams devoted to facilitating independent audits. It’s an accepted part of the relationship, and the plan sponsor’s audit rights will be specifically detailed in the agreement between the plan sponsor and the TPA.

Not all audits are created equal. There’s an art and a science to a successful audit.

Given that the TPAs have been around forever, and the prominent audit firms have been around almost as long – it’d be easy to assume that one audit isn’t all that much different from another.

Every auditor works to develop a statistically valid sample that will create an accurate and insightful picture of a sponsor’s overall medical plan spending. A good auditor then analyzes those claims line by line, dollar by dollar, benefit by benefit, onsite at the TPA’s claims office. That deep dive into the data

informs the findings that will benefit the plan sponsor through measurable improvements in plan administration.

But truly insightful and impactful audit results demand more than a solid sample and attention to detail. It takes a different mindset. It demands an approach focused on reducing risk and facilitating better outcomes.

Over the last 10 years, Conner Strong & Buckelew has, through its affiliate AIM, refined its audit approach to uncover deeper insights and actionable next steps for plan sponsors.

The Risk Reduction Audit offers an actionable plan for better, more efficient claims administration

For plan sponsors looking to maximize the impact of their medical claims audits, it’s worth understanding the critical ways in which a smarter, risk-driven approach and perspective will result in a better audit.

Here are five keys plan sponsors should consider.

1. A Better Audit Starts with a Better Administrative Services Agreement

Long before an auditor shows up on the doorstep of a TPA, many of the terms that will guide the audit process have already been established. The Administrative Services Agreement (ASA) between the sponsor and the TPA typically spells out a number of audit stipulations.

TPAs will typically include somewhat restrictive audit language in the ASA, employing their book-of-business and boilerplate language which will tilt in favor of the TPA. Sponsors may not even realize they’re putting themselves at a disadvantage right off the bat.

Give it a double check. Before signing the ASA, sponsors should review a few elements:

• Restrictions on which third-party auditors can be used
• How frequently audits can be conducted
• The scope of audits
• The sample size of audits

An overly restrictive ASA can cripple the impact of an audit and strain the relationship between the plan sponsor and TPA. It’s best to review and negotiate these terms at the start of a relationship or when renewing the ASA.

Often, getting an independent auditor’s insights on an ASA before it’s signed can help lead to a more effective audit in the future.

Through its affiliate AIM, Conner Strong & Buckelew has negotiated countless ASAs and has helped create a better audit framework for many plan sponsors. The firm’s Risk Reduction Audit approach begins with a review of the existing ASA to define the terms of the audit and make sure the TPA is delivering what’s intended – and what’s required.

2. A Better Audit Utilizes the Right Methodolog

With the right ASA in place, a better audit can take the right approach to building an effective sample and collecting data. That means creating a statistically valid sample that will accurately reflect the larger population and include claims from small to large in ratios that will parallel their distribution in the full population.

AIM’s sampling methodology:

• Stratifies the claim population using the most critical variable – the claim paid amount.
• Uses the characteristics of the claim population to determine the number of sample points required to produce statistically reliable results.
• Allocates the sample to account for the variability and the number of claims in each stratum.
• Separately examines the processing of zero-pay claims to evaluate the effectiveness of system-based edits (e.g., duplicate claims; application of deductible).
• Provides a focused review of all high-cost claims over a specific dollar threshold, where the possibility of large dollar errors is increased.

Other audit approaches use algorithms or screening software to build a sample that relies too heavily on automation. This approach won’t result in a representative and meaningful sample. Some auditors promise a 100% review of all claims, ignoring the complexity of varying claims and level of analysis required to develop truly actionable insights from the data in a reasonable amount of time. Efficiency in completing the audit is critical, as TPAs typically limit the amount of time an audit firm can be onsite.

Still other auditing firms promise large recoveries based on audits of the most expensive claims and analysis of potential overpayments. These so-called contingency audits are a short-sighted approach to evaluating TPA performance that ultimately fail to realize the long-term benefits – and potential returns – of a risk-focused audit. A Risk Reduction Audit rejects these shortcuts and short-term promises in favor of a quality sample and a focus on long-term effectiveness

AIM’s review of each sampled claim will include the following detailed analysis:

• Was the claimant eligible for medical plan benefits on the dates of service submitted?
• Do the amounts actually paid by the TPA agree with what has been calculated as payable on that claim by the AIM onsite audit team – based on the expenses that are eligible under the plan?
• Were the correct plan deductible, copayment, coinsurance levels, and plan maximum limits applied?
• Was the appropriate provider of service (facility or physician) reimbursed under the claim, and was the provider’s network status accurately determined?
• Were the correct/appropriate network discounts, negotiated fees, or usual and customary (U&C) allowances (as applicable) applied to the eligible expenses? (For network facilities, primary source contract documentation will be requested to support the network allowances.)
• Were ad-hoc fee negotiations conducted on large, out-of-network hospital claims?
• Were effective cost-management techniques such as precertification, medical necessity review and/or case management applied to the claim as appropriate?
• Does the TPA’s claim system have appropriate controls to prevent the payment of duplicate charges and other ineligible expenses?
• Was the claim paid correctly with regard to the coordination of benefits, including potential third party liability or workers compensation coverage?

In a Risk Reduction Audit, these questions are closely aligned with the plan sponsor’s focus and objectives for the audit. What’s more, a Risk Reduction Audit will go beyond a simple audit of the claims transactions to encompass a full review of the vendor relationship. It will look at all aspects of the TPA’s operations including quality assurance for claim processing, utilization management, reporting capabilities and pricing controls to identify operational or administrative issues that could lead to broader claims processing and service issues, and offer recommendations for resolution.

In many cases, a full operations review which makes these system-wide analyses a core focus is a necessary review tool. This big-picture and deep-dive approach is utilized in every AIM Risk Reduction Audit, enabling the auditors to identify the issues and opportunities that could most severely impact a TPA’s processing. This big-picture and deep-dive approach is utilized in every AIM Risk Reduction Audit, enabling the auditors to identify the issues and opportunities that could most severely impact a TPA’s processing.

3. A Better Audit is Strategic About Timing

Typically, a plan should conduct a medical claims audit every two to three years, assuming past audit results were satisfactory. But if a previous audit uncovered significant errors, a quicker follow-up may be warranted. Sponsors may want to revisit the TPA with an audit after only a year to make sure errors are corrected and to confirm that the TPA hasn’t come up with whole new ways of committing errors.

Within this general timeline, a risk-focused approach to audits is a bit more strategic. It’s critical to watch for signs that an audit may be warranted.

Often, the best place to watch for signs an audit is needed is among covered employees.

• If there’s an increase in employee complaints and appeals about benefits and payments, it may suggest the TPA is paying too slowly or is inefficiently processing claims.
• At the same time, suspiciously little feedback from employees could suggest many claims are being paid with insufficient scrutiny.

In either case, it pays to monitor employee sentiment around benefits and investigate any notable changes.

Once an audit is underway, the timeline is usually relatively predictable. The entire audit is scheduled to fit in a 90-day timeline. During the preparation and pre-audit phase, the auditor receives and scrubs data from the TPA. Then an on-site audit is conducted at the TPA, typically lasting around five days.

4. A Better Audit Lasts Until the Sponsor is Satisfied

Once the auditor drafts the findings and reviews with the TPA, they’re presented to the plan sponsor at a readout meeting. For some audit firms, the readout meeting marks the conclusion of the relationship. Such auditors present their findings, pack up and leave. With more comprehensive audits like the Risk Reduction Audit, the readout meeting is where insights become actionable. It’s not the end of the audit – it’s the beginning of the next phase.

Good auditors, such as those who conduct Risk Reduction Audits, are a lot like a dog with a bone. They don’t let go or give up until issues are resolved. That means identifying and creating value from the findings presented at the readout meeting. Auditors typically provide that value by navigating the back and forth between the plan sponsor and the TPA.

Too often, as a claim makes its way through adjudication, it’s like a game of telephone. With each step in the process, the claim deviates a little bit from the processing structure stipulated in the governing plan documents. A better audit takes the sponsor’s Summary Plan Description (SPD) as its “source of truth” and works to better align the TPA’s book of business approaches and claims guidelines with the sponsor’s SPD. For the SPD describes the Plan as it has been designed, codified, and communicated to the employees.

This is a key differentiator for AIM and its risk-centric auditing approach. Auditors should stay engaged with the sponsor until they’re satisfied with the results and the process improvement strategies that will drive more efficient and accurate claims processing.

At the same time, the auditor should engage with the TPA in a collaborative approach. The better auditor is not confrontational in a way that causes relationship issues for a client long after the audit. The focus should always be on identifying issues objectively, and having them corrected to avoid future issues or gaps.

5. A Better Audit Focuses on the Future

Too many plan sponsors and their auditors approach the audit process with a backwards mentality. They consider errors and money recouped from faulty claims administration a “win.” The reality is, the best audit results you could hope for would reveal zero issues – every claim was processed to perfection.

Of course, that’s virtually impossible. No well-executed audit has come back with zero errors – and every audit will return with a number of findings that will improve the TPA’s claims administration.

Even at well-run TPAs with a watchful plan sponsor, claims issues can fall between the cracks. The industry average for overpayments discovered in the better audit varies between 2% and 5%. In some cases, discovering issues with large claims can result in a considerable return from the TPA. But that shouldn’t be the primary goal of an audit. The real value of audits lies in their power to foster process improvements that correct existing errors and prevent them from occurring in the future. Correcting one small processing hiccup or adjudication issue may not result in a major payout immediately following the audit, but it can drive considerable savings over time as well as improve employees’ experience with the plan.

Ultimately, a Risk Reduction Audit embodies this more impactful, long-term outlook. Consequently, it makes calculating the return on investment of these solutions-oriented audits more challenging. The immediate ROI of a typical AIM audit is often 3:2 or 2:1. Though that’s not always the case. The total return realized over years or even decades could be significantly greater.

CASE STUDY
Effective Risk Reduction Auditing at Work

The Situation:

A large regional employer transitioned to a self-insured plan but failed to conduct an audit for several years after making the switch. When the company finally decided it was time to review their TPA’s practices, it discovered it had approved an Administrative Services Agreement that considerably restricted the size of the audit sample. AIM was able to effectively get the TPA to waive the sample limit, but not without considerable effort and persuasion.

The Better Audit Approach:

With the terms of the audit agreed upon, AIM developed a statistically valid, random sample claim audit. Additionally, at the client’s request, a separate review put particular emphasis on claims identified as potential duplicates.

The Better Insights:

AIM’s audit revealed that the TPA was meeting industry benchmarks for claims processing and financial accuracy. However, it also identified major errors in claims adjudication, including considerable unwarranted fees and incorrectly coded active employees. What’s more, the audit did in fact reveal gaps in the TPA’s process for identifying (and rejecting) duplicate claims.

The Better Result:

AIM’s audit resulted in $50,000 in improper fees returned to the client and $500,000 in savings from correctly coding employees. The TPA agreed to additional examiner training and system oversight to create a long-term solution to the duplicate payment issue.process for identifying (and rejecting) duplicate claims.

All told, the client’s return on investment for the audit was approximately 30:1.

Although this type of ROI is unusual, it does happen on occasion, and offers evidence of the wisdom in the “trust, but verify” approach to monitoring the Plan’s vendor relationships.

Risk Reduction Audits – A Better Audit Solution

Medical plan audits are a necessity, but shouldn’t be an afterthought. The details matter. A better audit has a better structure, focused execution and more impactful goals. Conner Strong & Buckelew, through its affiliate AIM, offers this superior approach with a Risk Reduction Audit, creating a path toward more efficient operations, lasting benefit plan savings and an employee population more satisfied with their medical benefits.

To learn more about Risk Reduction Audits, visit https://www.aim-benefits.com/ 

Click here for a printable download.

BY FRANZ WAGNER & LISA HESSER

The Department of Justice (DOJ) has been cracking down on fraud against the government for decades. Yet hospitals, insurers, drug manufacturers, pharmacies and healthcare companies of all kinds are largely unaware of this major threat to their balance sheets.

In 2018, the DOJ collected more than $2.8 billion in settlements and judgments from civil cases involving fraud and false claims against the government, $2.5 billion of which involved the healthcare industry. Since 1986, the federal government has collected nearly $60 billion in penalties from businesses.

These cases and investigations often stem from the False Claims Act, a federal law that imposes liability on persons and companies that defraud government programs. The False Claims Act has been around since Abraham Lincoln was president, but recently picked up steam in the 1980s when Congress strengthened the law by providing incentives for whistleblowers to file lawsuits.

Typically, these offenses are completely unintentional. However, the healthcare industry has found itself squarely under the DOJ’s spotlight, with multi-million-dollar False Claims Act settlements announced every year. For instance, AmerisourceBergen paid $625 million just last year to settle one of these cases. Medical device manufacturer Alere also paid $33.2 million to resolve similar allegations.

When targeted in a False Claims Act case, companies are subject to massive costs in the form of attorneys’ fees, external auditor and expert costs associated with defending these claims as well as large fines, penalties and damages. While larger corporations are better positioned to handle these massive litigation costs, smaller companies run the risk of going out of business if targeted.

Thankfully, healthcare regulatory insurance policies cover a large portion of these matters, and have become an essential coverage for all healthcare companies. It remains one of the most underutilized policies among healthcare companies, despite being relatively affordable and comprehensive.

In addition to providing coverage for False Claims Act claims, other regulatory triggers exist that the right regulatory policy will cover, such as HIPAA, EMTALA, Stark Violations and Anti-Kick Back statutes.   Given the amount of consolidation that exists for physician groups, hospitals and other organizations, the Stark and Anti-Kickback statutes are becoming more and more of a land mine for organizations with expanding affiliations or interests.

However, not all healthcare regulatory coverage is created equal, and companies must consider the following points when securing coverage.

Attorneys’ Fee Limits and Restrictions

The specialized attorneys required to fight a lawsuit related to a False Claims Act allegation do not come cheap. Lawyers who have the level of expertise necessary in these situations can charge as much as $800 per hour. However, some healthcare regulatory policies set limits on reimbursements for these expenses or require use of panel counsel. This can leave companies on the hook for hundreds of dollars per hour in attorneys’ fees that were unaccounted for when hiring counsel. By negotiating predetermined  rates on attorneys’ fees and/or obtaining pre-approval for counsel selection, healthcare companies can ensure they’re able to secure the best lawyers possible to fight these complex cases while limiting out of pocket expenses.

Policy Definitions

The contract language written into healthcare regulatory policies must be reviewed carefully. Some healthcare regulatory insurance carriers have narrowly defined terms with respect to what constitutes a “loss” or a “claim” and this can significantly limit how the policy responds if the DOJ is “questioning” a situation or considering an investigation. If the matter is not accepted as a “loss” or “claim” under the policy, the interruption to the business as well as the attorneys’ fees may not be covered. Other policies will not cover any costs until an actual lawsuit is filed, leaving the organization liable for the thousands of dollars that went into the early stages of the process. Healthcare organizations must also ensure prior acts coverage is in place to be protected from events that occur before the policy’s coverage incepts. Only an insurance broker with expertise in healthcare regulatory policy contract language can ensure each company’s specific coverage needs are met.

Fit with Existing D&O and E&O Coverage

Many healthcare companies already carry directors and officers (D&O) liability or errors and omissions (E&O) insurance coverage that they mistakenly believe fully covers them in the event of a DOJ Health Claims Act investigation or lawsuit. However, these policies are typically insufficient to respond adequately to these types of allegations and claims with significantly higher retentions, coinsurance penalties, lower limits and other coverage limitations that can leave an organization woefully underinsured in the event of a claim. Healthcare regulatory insurance policies can fill in the blanks left behind within D&O and E&O policies. A broker with intimate knowledge of a healthcare organization’s comprehensive insurance needs can help them secure a healthcare regulatory policy that fits in with existing policies to ensure all liabilities are covered.

Access to Preparation/Internal Audit Services

Like many other insurance policies, healthcare regulatory coverage often comes with preventative services that can help healthcare organizations avoid DOJ investigations and lawsuits altogether. Some carriers will bring in experts to perform audits on a company’s books to identify and address any potential discrepancies or problem areas that might attract the attention of the DOJ. Compliance is a huge issue in the healthcare industry. Some policies include assessments that help healthcare companies ensure they’re up to date and following all regulations that govern their industry.

The DOJ is clearly committed to cracking down on government fraud in the healthcare industry. The only way to protect your business fully is to secure robust healthcare regulatory coverage. An experienced broker can look at your business’ existing insurance coverage and potential exposures and match your organization with a product in the market that meets your needs at a competitive price.

Click here for a printable download.

By Terrence Tracy

As the bright Mexican sun was immediately replaced with total darkness, Tim struggled to catch his breath through the black nylon bag that had been thrown over his head.¹ Within seconds, zip ties bound his wrists, and he was shoved into what he guessed must have been the back of a van. Tim heard muffled, unfamiliar voices through the squealing of tires as he was rushed off to an unknown destination.

Tim, CEO of an international engineering firm, had traveled without incident from his corporate headquarters in New York to cities throughout Mexico dozens of times.^2,3 And though Tim was aware that areas of Mexico were dangerous, he never entertained the possibility that he would count himself among the 15,000 to 30,000 people reported kidnapped each year.⁴ (He failed to account for the fact that the actual number of kidnapping incidents is much higher; an estimated 90% of kidnappings go unreported.)⁵ Reality began to sink in as he felt the van turn off a paved road onto one of sand and gravel.

As is the case with many c-suite executives and top-level managers traveling internationally for business, Tim’s mind was focused on matters unrelated to his personal safety. The security consultant, whose services were secured through his firm’s kidnap and ransom (K&R/special crime) insurance, had provided Tim with tips to minimize the risks that accompany international travel. Among many other helpful suggestions, they had warned him to avoid carrying large sums of money, alter routes and departure times, and make copies of visas and passports to keep in a separate location.⁶ Tim had made some changes to his traveling habits but was now regretting that he had not taken each of the security consultant’s recommendations to heart.

Even in this time of crisis, Tim was very relieved that his company had made the decision to purchase kidnap and ransom insurance for the past few years. He knew that the carrier’s security consultant would be immediately dispatched to handle every aspect of the hostage recovery efforts, including negotiating with the bad actors, communicating with law enforcement, briefing his family, and delivering the ransom.⁷

He shuddered when considering the limited options his company would have been faced with in the absence of a kidnap and ransom policy and the expertise provided by the accompanying security consultants.

Would someone at his company try to negotiate directly with his captors? Would they reach out to the local authorities, and did they possess the requisite trustworthiness and expertise to arrange for his safe return? Yes, Tim was grateful that those were questions that needed no answer. As soon as Tim’s firm was made aware of the situation, the kidnap and ransom carrier was contacted, and within hours the security consultants were in touch with the captors. They expertly navigated the volatility of the crisis, arranged for the successful delivery of the $2 million ransom demanded, and quickly reunited Tim with his family, unharmed.⁸

WIDE-RANGING BENEFITS OF K&R INSURANCE

Receiving a ransom note is enough to throw anyone into a paralyzing shock. Most companies lack the expertise to independently determine the best course of action, and taking the correct steps is critical in getting a hostage home safely. Trying to locate and retain negotiators, communicate with law enforcement, and brief the victim’s family, all while running a business, is too tall a task to undertake in the midst of a crisis. A plan must be identified and experts put in place in anticipation that the unthinkable might occur.

As highlighted in the previous scenario, hostage situations are never anticipated, and having a support team available at a moment’s notice can make an enormous difference in an organization’s recovery efforts. Kidnap and ransom insurance is a critical investment for businesses across all industries. The policies provide “pre-loss” consulting services, mitigate an organization’s financial exposure during a hostage situation, and provide expertise that can exponentially increase an organization’s chances of recovering the kidnapped person. However, this cost-effective and service-rich insurance coverage remains one of the most overlooked insurance policies of businesses large and small across the U.S.

The threat of kidnapping while traveling is very real for businesses across all industries; a company and its management team cannot afford to be unprepared when a crisis occurs. Kidnapping may be low on an organization’s list of business threats, but the safety and wellbeing of a company’s employees and family members must be a top priority. Kidnapping is an unfortunate reality when traveling, especially abroad, and the optimal response comes in the form of a kidnap and ransom policy, with its emphasis on risk mitigation and crisis management, and its coverage for expenses and financial loss.

Click here for a printable download.

¹ This is a fictional example for illustrative purposes.
² Mexico ranks first globally for reported kidnappings, followed by India, Pakistan, Iraq, and Nigeria. Atlas.
³ While all businesses face the threat of kidnapping, engineering firms are among the most frequently targeted. Other fields include: aviation; oil and gas;
energy and mining; pharmaceuticals; maritime; higher education, and; charities. AXA, AIG.
⁴ Studies provide different totals for annual kidnapping incidents; 15,000 – 20,000 by one calculation, and 25,000 – 30,000 by another. AIG. Ironshore.
⁵ AIG.
⁶ Other recommendations include: be aware of your surroundings; keep a low profile and do not carry on loud
conversations; do not discuss plans or itineraries in public, and; do not advertise corporate affiliations. AIG – NYA.
⁷ Some security consultant services also include brand reputation protection, global deployment, and 24-hour
availability. Chubb.
⁸ The average ransom demand exceeds $2 million, and the estimated worldwide kidnap and ransom payments
approximate $1.5 billion. Atlas.
⁹ Many kidnap and ransom policies include coverage for directors and officers, employees, and their families, whether
traveling for business or pleasure. Beazley.