AHM Health Plan Finance and Risk Management: Risk Management in Health Plans

Risk Management in Health Plans

Course Goals and ObjectivesAfter completing this lesson, you should be able to

List some of the factors that may give rise to the assumption of an agency relationshipbetween health plans and their providers

Discuss some measures a health plan might take to limit the liability associated withcredentialing its providers

Explain some of the ways a risk manager can reduce or eliminate risk exposures relatedto utilization review

List some of the actions that a risk manager can take in managing the process ofproviding healthcare in a health plan environment

Risk management has been in a period of evolution almost since it first became an importantfunction in the healthcare setting. In the mid-1970s, the healthcare risk management professionemerged in response to the malpractice crisis surrounding the availability of liability insurance.1

Although, the basic concepts for healthcare risk management were adopted from the insuranceindustry, over the past two decades the discipline of healthcare risk management has taken onmany important characteristics and unique functions. Although there are clear risks associatedwith benefits administration, contracting, and other activities, the bulk of risks in health plans isassociated with the provision of healthcare services and coverage decisions surrounding that care.In addition, providers face risks associated with health plans beyond those faced by health plans.Therefore, this lesson focuses particularly on those issues.

Risk management has changed from an activity that sought solely to transfer risk through thepurchase of commercial insurance or the financing of risk through the establishment of a self-insured trust or investment fund to a profession where education, proactive risk control and riskmodification, and risk financing and risk transfer are merged into a partnership. The overall goalsof the partnership enable the organization to be responsive to the needs and demands of thehealthcare industry and to provide safe and effective care to patients. The organizational goals ofensuring financial stability in the event of an adverse outcome are still consistent with the goals ofthe healthcare risk manager, but risk managers also find that their work takes them out of thefinance department and into those clinical and operational areas where the risks are created.

Specific objectives in risk management programs relate to the organization’s desire to ensuresurvival, maximize efficiency, and sustain growth and effectiveness. This is accomplishedthrough the identification, control, management, elimination, transfer, or financing of risk.Achievement of these objectives is accomplished by interacting with internal and externalcustomers of the organization that demand low-risk, high-quality, cost-effective service.Management may have different priorities in seeking efficiency and growth, particularly as healthplans continue to dominate the marketplace.

The primary targets or strategies of management could relate to gaining market share, increasingthe overall number of relationships and contracts with payers, increasing sales or service volume,ensuring continuity of performance, maintaining the quantity of controlled resources, or otheritems expected to produce desired long-term financial results. These targets may be sought

without appropriate consideration of the inherent risks that may also be assumed by adoptingthose strategies.

The goals identified to achieve market success may not be the most efficient or effectivestrategies from a risk management perspective. To achieve favorable results from both a riskmanagement and an organizational perspective, the risk manager must recognize how the internaland external changes in healthcare created by managed care influence or enhance risk. The riskmanager should begin to plan a strategy by first identifying how the organization is influencedfrom a risk perspective due to managed care (Figure 2B-1 and Figure 2B-2). After thisassessment, the risk manager should work with administration to determine critical successfactors that will define risk management success for the organization (Figure 2B-3).

Once the key measures of success have been agreed upon, the risk manager can develop a plan toprotect the organization and help it progress. The risk manager’s role and the challenges posed bythat role will not differ significantly if the risk manager is employed by a health plan, a hospitalthat seeks to be the hub of an integrated delivery system, or a network that forms to be able tocompete under health plans. Thus this lesson has been written to focus on the key riskmanagement issues created by health plans as opposed to a specific job that a risk manager mightassume given potentially differing structures. Many of the legal and risk management challengescreated by managed care will exist regardless of the employer. The customers of the risk managerwill include not only those in administration and finance but also physicians, nurses, and externalcustomers. As health plans become more prevalent, risk managers must develop new knowledgeand utilize existing and new skills and techniques to identify the new risks created, designcreative strategies for managing those new risks, and provide education and information to anever increasing and divergent customer base.

Changes in the Healthcare Organization Related to Health Plans

Health plans initially started out as "discount medicine," but it has now evolved to actualmanagement of medical care by providing the patient with the appropriate level of care in theappropriate setting. In his book Making Managed Health Care Work: A Practical Guide to

Strategies and Solutions, Peter Boland states the following: "Managed care alter the decisionmaking of providers of healthcare services by interjecting a complex system of financialincentives, penalties, and administrative procedures into the doctor-patient relationship. Managedcare often attempt to redefine what is best for the patient and how to achieve it mosteconomically."2

This statement implies altering and directing care to gain a cost advantage, which is risky if it isat the real or even perceived sacrifice of quality. Health plan administrators, insurance providers,and risk managers are becoming increasingly aware of the development of new case lawassociated with managed care, particularly how quality or access is limited by strict utilization orfinancial restrictions and how that limitation can pose a significant financial risk to theorganization. Learning how to identify proactively these and other potential new exposuresassociated with managed care and how to control or eliminate them will be a challenge and willbe at the core of the risk manager’s responsibility.

This statement implies altering and directing care to gain a cost advantage, which is risky if it isat the real or even perceived sacrifice of quality. Health plan administrators, insurance providers,and risk managers are becoming increasingly aware of the development of new case lawassociated with managed care, particularly how quality or access is limited by strict utilization orfinancial restrictions and how that limitation can pose a significant financial risk to theorganization. Learning how to identify proactively these and other potential new exposuresassociated with managed care and how to control or eliminate them will be a challenge and willbe at the core of the risk manager’s responsibility.

Historically, health plans have faced minimal professional liability exposure, especially comparedwith other healthcare organizations. In large part, this is the result of the broad and well-publicized protection provided by the Employee Retirement Income Security Act of 1974(ERISA).3 That protection includes barring jury trials and punitive damage awards, limitingcompensation to medical expenses, and preempting actions against a health plan for the"administration" of an ERISA-qualified employee benefit plan.4 The Federal Employee HealthBenefits Act can also afford some protection for federal employee benefit plans.5 These statutoryprotections have their limits, however, and the risk manager must develop a clear understandingof the new risks that may be created under managed care and are not afforded statutory protectionand must develop strategies to manage them.

The changes in the organization relative to health plans created new operational and clinical risksand opportunities for risk management. No longer are the risks contained within the walls of aprovider organization; rather, the risks now follow the patients to whom the health plan hasagreed to provide services. This may result in making the environment more difficult to controlfor the risk manager. In addition, with the movement away from high-technology specialties,many organizations may find the need to identify and engage providers with a focus on primarycare and prevention. This group of professionals may include physicians but may also includenurse practitioners, physician assistants or extenders, social workers, and other healthcareprofessionals. Credentialing, reappointment, privilege delineation, and definition of the scope ofservice for an enhanced range of caregivers will be essential components of the risk manager’sjob.

Operational Risks Under Managed Care

Operational risks are enhanced under managed care. For example, a provider organizationbecomes more complex as it attempts to compete by becoming part of an integrated deliverysystem. New business risks can create corporate liability, both direct and indirect (vicarious). Arisk manager whose responsibility is to manage the risks of the health plan must be mindful of thebusiness and clinical risks created. Health plans can pose the following risk concerns that will benew challenges for the organization’s risk manager:

Coordinating the appropriate amount and level of care, by appropriate providers, throughutilization management activities.

Negotiating arrangements with selective providers with proven skills and competence toprovide comprehensive services identified in the contracts.

Ensuring that the financial incentives provided by the contract are sufficient to sustain theorganization and that the potential for catastrophic financial risk is understood andappropriately funded for or transferred. (Relative to financial risk management, the riskmanager should also be cognizant of the potential double-edged sword created by the useof financial incentives to providers. In a positive sense, these types of incentive structurescan help support the provision of efficient, effective, and appropriate service. They canalso, however, be seen as a reward system that inappropriately incents physicians to denyneeded care to patients in exchange for increased compensation.)

Understanding the nature of the new clinical risks created and proactively designingsystems or structures to eliminate or control them.

Figure 2B-4 illustrates the relative risk for health plan structures based upon the degree ofinfluence and relationships that the health plan maintains with its providers.6 It is only through ananalysis of the health plan’s business and an understanding of the relative risk associated withthat business that one can develop a comprehensive risk management plan to ensure that all riskscreated are eliminated, managed, controlled, or transferred.

Direct Liability

Corporate negligence claims arising from health plans pose new risks for the risk manager.Corporate liability claims are based on the premise that the healthcare entity or health plan has alegal duty to protect the patient from harm. This responsibility can be deemed to be abrogatedwhen negligent providers are employed by the health plan and render care to patients that is

determined to be negligent. The need to develop rigorous screening procedures for potential staffmembers and to follow those procedures is an important risk management function in this newenvironment and should be carefully monitored to verify adherence.

Under the doctrine of corporate negligence, a health plan and its physician administrators maybe held directly liable to patients or providers for failing to investigate adequately the competenceof healthcare providers whom it employs or with whom it contracts, particularly where the healthplan actually provides healthcare services or restricts the patient’s/enrollee’s choice of physician.Health plans and their physician administrators may be held liable for bodily injury topatients/enrollees resulting from improper credentialing of physicians or for economic orcompensatory damages to providers as a result of credentialing activities (e.g., unlawful exclusionfrom provider networks or staff decertification). The doctrine of corporate negligence may alsoapply to other health plan activities besides credentialing, such as performance of utilizationreview.

Under the theory of negligent or improper design or administration of cost control systems, ahealth plan and its physician administrators may be held liable when they design or administercost control systems in a manner that interferes with the rendering of quality medical care orcorrupts medical judgment. To date, most litigation involving allegations of negligentadministration of a cost control system have involved utilization review activities of health plans.

Health plans and their physician administrators are also susceptible to antitrust liability forviolations of federal and state laws, which generally prohibit the unlawful restraint of trade,monopolies, price fixing and discrimination, group boycotts, illegal tying arrangements, exclusivedealing, and other arrangements that are anticompetitive. Antitrust problems may arise whenentities engage in collective actions that reduce competition in a given market. Antitrust problemscan arise early in a market where health plans encourage the combining of the services of formercompetitors to facilitate service delivery. A balancing test must be performed to ensure that thebenefits gained by combining outweigh the danger posed by limiting competition of those entitiesoutside the agreement. Health plan networks are also likely to face an increased number ofantitrust lawsuits from providers and competitors as they gain increased market share. The largera health plan becomes in a particular area, the fewer opportunities available to the provider who isnot part of the network.

In addition, health plans and their physician administrators face corporate exposure to directliability for various forms of discrimination, for example discrimination in benefit design,underwriting, claims adjudication, credentialing, treatment, employment, and contracting. Thefollowing pieces of legislation may give rise to of discrimination in specific health plans:

The Family and Medical Leave Act of 1993 The Americans with Disabilities Act of 1992 The Civil Rights Act of 1991 The Age Discrimination in Employment Act of 1967, including the Older Workers

Benefit Protection Act of 1990 Title VI of the Civil Rights Laws of 1964, as amended (1983), including the Pregnancy

Discrimination Act of 1978 The Civil Rights Act of 1966, Section 1981 The Fifth and Fourteenth Amendments of the U.S. Constitution

In addition, health plans and their physician administrators face corporate liability for invasion ofprivacy of providers for improper dissemination of information regarding credentials orcompetence to the National Practitioner Data Bank or other third parties or of patients/enrolleesfor improper dissemination of their records or information pertaining to their health. They mayalso be sued by providers, patients, or employees for defamation, particularly in connection withtheir peer review activities. In such an event, however, they may be entitled to qualified immunityunder the Health Care Quality Improvement Act of 1986 (HCQIA).

Vicarious Liability

Under the theory of vicarious liability or ostensible agency, hospitals have been held vicariouslyliable for the acts, errors, and omissions of their independent contractors. By definition, aprovider is an independent contractor in independent practice associations and direct contractmodels. Therefore, the health plan should not be responsible for negligent acts unless the healthplan has given the impression that these providers are acting as agents of the health plan. Thedecisions of the courts to uphold claims based on ostensible agency depend on many factors,applicable state statutes, the ability of the plaintiff’s attorney to demonstrate the apparent agencyrelationship, and other aspects of the provider-health plan relationship as viewed by the courts.

Because "appearance" or perception seems to be the major issue driving the ostensible agencyargument, it might be wise for the risk manager to consider some of the circumstances that mightlead the public to assume that an agency relationship exists and to make the necessaryarrangements to control these potential exposures. Factors that may give rise to the presumptionof the existence of an agency relationship include:

Supplying the provider with office space Keeping the provider’s medical records Employing other healthcare professionals, such as nurses, laboratory technicians, and

therapists, to support the physician provider Developing promotional or marketing materials that allow a relationship to be inferred

The risk manager may wish to review documents provided to patients to ensure that the physicianis described as an independent practitioner and that there is a clear distinction between thoseservices provided by the health plan and those provided by the physician.

Clinical Risks

Managing clinical risks has been an activity of pivotal importance for the healthcare riskmanager. This activity continues to be important, but there have been changes in its complexityunder health plans. Specific risks that require control and relate to the provision of clinical careinclude risks associated with credentialing, risks associated with clinical decision making (e.g.,rationing of care), risks associated with utilization review, and risks associated with adhering toexternally imposed standards of care.

Credentialing

Credentialing is a risk management function that considers who the healthcare provider is in thehealth plan and what the provider can do.7 In an effort to facilitate the credentialing process andreduce administrative burdens and costs, some entities may choose to participate in a jointcredentialing process. This process might include a consolidation of credentialing procedures and

a sharing of the information requested as part of the process. It will be important to haveappropriate releases signed by the professional being credentialed so that there can be nosubsequent claims for breach of confidentiality.

In general, a credentialing process must be developed that allows for the successful selection andretention of high-quality providers who understand and support the mission and vision of theorganization or network with which they work.

CredentialingMeasures that might be instituted to prevent or limit liability associated with credentialing includeestablishing realistic criteria, ensuring that the data being measured and evaluated are accurate,conveying and evaluating the criteria on a consistent basis, and creating a paper trail clearly tyingquality to the economic credentialing process. 8 The following is a checklist for risk managers tokeep in mind when setting up a credentialing process:9

Review Credentialing Policies and Procedures- Review credentialing criteria forcompliance with state statutes, standards for health plans, Joint Commission onAccreditation of Healthcare Organizations standards, Medicare conditions ofparticipation, National Committee for Quality Assurance, and court decisions.

Review Application Forms Review application forms for compliance with standards andlocal, state, and federal regulations.

Review Protocols Review protocols for investigating and verifying an applicant’scredentials. Do these protocols minimize the risk of inadequately screening and verifyingthe credentials of practitioners?

Observe Methods Observe the methods by which these protocols are applied inreviewing individual applicants. Are protocols applied equally to all applicants whetherthey are well known or not?

Evaluate Organizational Structure Evaluate the organizational structure of thecredentialing process. Are checks in place to minimize the involvement of directeconomic competitors in the credentialing process? Does the structure minimize the riskof creating antitrust liability?

Review Due Process Provisions Review due process provisions to ensure thatpractitioners who are denied medical staff membership or have had privileges restrictedare afforded a fair hearing in accordance with federal and state laws and standards.

Require Practitioners To Report Require all practitioners to report claims, disciplinaryproceedings, or adverse actions taken against them at other facilities or hospitals. Ensurerisk management access to these records.

Ensure HCQIA Compliance Ensure that HCQIA regulations are complied with and thatinformation from the National Practitioner Data Bank is used appropriately incredentialing and privileging determinations.

Establish Rapport Establish rapport with practitioners to facilitate open communication,education, and resourcefulness regarding risk management issues.

Review Policies, Procedures, Bylaws, and Contracts Review policies, procedures,bylaws, and contracts to ensure that all credentialing criteria are clearly stated.

Review credentialing policies and Procedures Review credentialing policies andprocedures of other hospitals, facilities, and credentialing services whose credentialingdecisions are used instead of an internal process.

Clinical Decision Making

One of the most frequently verbalized fears relative to health plans is that it will create a systemwhereby care is predicated on a person’s ability to pay or upon an externally imposed system ofvalues that dictates which medical conditions are appropriate for specific types of intervention. Ingeneral, when these issues and concerns are voiced they relate to the denial of interventionsdeemed to be extraordinary or experimental to patients with terminal conditions or conditionswhere the treatment may not result in a cure but may only serve to delay inevitable furtherance ofthe disease. Although much of the discussion thus far seems to be fueled more by fear than fact,making care decisions based on reasons other than best medical judgment is risky and thus shouldbe avoided. Risk managers can assist in limiting these types of risks by determining that policiesare in place that clearly indicate that care decisions are not predicated on the ability of the patientto pay or the willingness of the payer to reimburse but rather are based on sound medicaljudgment that is rendered consistent with appropriate professional standards of care. Many ofthese decisions also are linked to an area of well-developed case law in health plans, that lawrelated to utilization review activities.

Utilization Management Issues

Controlling the parameters of care through a well-detailed utilization review process is animportant component of cost controls associated with health plans. Court cases havedemonstrated that a plan’s utilization review process is an operational exposure with the potentialfor considerable financial risk. A well-structured utilization review program is designed to limitthe potential risks associated with attempts to structure care around predetermined criteria. Theprogram should allow for retrospective, concurrent, and prospective review of care providedunder the health plan. It should be remembered that underutilization presents real threats toquality and risk just as overutilization presents threats to cost control.

Merging Case Law

The seminal case describing the liability that can attach to an organization with inappropriateutilization criteria is Wickline v. State of California.10 This case addressed the legal implicationsof preadmission certification of treatment and length of stay authorization. In this case, suit wasbrought against the state of California alleging that its agency for administering the medicalassistance program was negligent when it only approved a 4-day extension of the plaintiff’shospitalization when an 8-day extension was requested by the physician. Plaintiff’s attorneyalleged that the discharge was premature, resulting in the ultimate amputation of the plaintiff’sleg. The physician requesting the 8-day extension did not appeal the decision of the state agency.Neither the hospital nor the physician was the defendant in this decision.

A jury returned a verdict in the plaintiff’s favor on the grounds that the plaintiff had sufferedharm as a result of the negligent administration of the state’s cost control system. The trial court’sdecision was reversed by the appellate court, which found that the state had not been negligentand therefore was not liable. The court held that the state was not responsible for the physician’sdischarge decision and that a physician who complies without protest with limitations imposed bythird party payers when the physician’s medical judgment dictates otherwise cannot avoidultimate responsibility for the patient’s care. The court did acknowledge, however, that an entitycould be found liable for injuries resulting from arbitrary or unreasonable decisions thatdisapprove requests for medical care. The court emphasized that a patient who requires treatmentand is harmed when care that should have been provided is not provided should recover for the

injuries suffered from all those responsible for the deprivation of such care, including, whenappropriate, healthcare payers. The court went on to say that third party payers can be held legallyaccountable when medically inappropriate decisions result from defects in the design orimplementation of cost containment mechanisms. The court concluded from the facts at issue inthis case that the California cost containment program did not corrupt medical judgment andtherefore could not be found liable for the resulting harm to the plaintiff.

In another case, Wilson v. Blue Cross of California, plaintiffs alleged that their son’s suicide wasdirectly caused by the utilization review firm’s refusal to authorize additional days of inpatienttreatment.11 The patient had been admitted for inpatient psychiatric care for depression, drugdependency, and anorexia. His physician recommended 3 to 4 weeks of inpatient care, but theutilization review firm only approved 10 days. The patient was discharged and committed suicideless than 3 weeks later by taking a drug overdose. The trial court granted summary judgment infavor of the defendants. The appellate court reversed this decision, concluding that the insurercould be held liable for the patient’s wrongful death if any negligent conduct was a substantialfactor in bringing about harm. Testimony of the treating physician indicated that, had thedecedent completed his planned hospitalization, there was a reasonable medical probability thathe would not have committed suicide. The court concluded that whether the conduct of theutilization review contractor’s employee was a substantial factor in the patient’s suicide was aquestion of fact precluding summary judgment and remanded the case for further review. Onretrial, the jury entered a verdict in favor of the defendants.

Litigation for utilization review decisions may also be brought under theories of bad faith andbreach of contract based on the contractual nature of the relationship between the health plan andits patient members

Reducing Utilization Management Exposure

The risk manager attempting to work with providers in the organization can provide the followingadvice to assist physicians in the reduction or elimination of exposures related to utilizationreview:

Devise a comprehensive utilization management program. Devise a comprehensiveutilization management program that integrates with quality and risk management.Individuals performing utilization management functions should utilize patient outcomeindicators as a means of identifying quality of care or risk problems.

Physicians must exercise independent medical judgment that meets with thestandard of care. Physicians must exercise independent medical judgment that meetswith the standard of care. Utilization management decisions should not influence thephysician’s clinical decisions in any way that the physician would consider truly harmfulto the patient.

Providers must advise the health plan of their medical judgment. Providers mustadvise the health plan of their medical judgment. The physician needs to be aware of eachplan’s utilization review process and to advise the plan of his or her medical judgment inclear terms. If a disagreement arises, the physician may need to support the validity of theclinical recommendations with documentation as to the medical necessity. Includingdiagnostic test results and providing an opinion as to the possible adverse outcomesshould the request be denied will also be helpful.

Develop a "fast-track" second opinion program. Develop a "fast-track" secondopinion program. Providers need to support the development of a system that can quickly

render a second opinion in case of disagreement surrounding clinical judgment. Ideally,the second opinion should be rendered by a healthcare professional whose skill andtraining are commensurate with those of the provider whose judgment is beingquestioned.

The patient should be informed of any issues that are being disputed. The patientshould be informed of any issues that are being disputed relative to the physician’srecommended treatment plan and the health plan’s coverage decision. Alternativeapproaches and the potential cost and outcome of those approaches should be discussedwith the patient. Also, the patient should be informed that, if the plan continues to denycoverage, the patient may be responsible for payment. The patient should continue to beinformed throughout the appeal process.

Exhaust the appeals process. Exhaust the appeals process. In the event that the treatingphysician firmly believes that the health plan has made an incorrect decision, then thebest defense in cases of treatment denials is staunch patient advocacy. The physicianshould request to speak to the medical director in charge of the utilization decision andexplain the rationale behind the intended treatment. If a plan continues to deny coveragefor a service that the physician feels is necessary, the process that allows for a secondopinion fails to support treatment, and the physician continues to believe that the denialof coverage is in error, then the decision should be appealed aggressively. All avenues ofappeal should be exhausted. If unsuccessful, the physician should inform the patient oftreatment opinions without regard to coverage. The patient must ultimately decidewhether to continue treatment at his or her cost. If the patient should wish to proceed athis or her own expense, the physician should have the patient sign an informed consentsignifying awareness that such expenses may not be covered by the health plan.

Ascertain that insuring agreements include coverage for utilization review activities.

Externally Imposed Practice Guidelines or Standards of Care

Many clinicians are particularly concerned about the development of practice guidelines that seekto define appropriate services that should be provided to a patient given a specific condition. Insome instances, these guidelines are used to support utilization management decisions; in others,they may be developed in attempts to define best practice. Although developers often argue thatbest practice determinations are predicated on an evaluation of effectiveness, some providersbelieve that under health plans best practice really means lowest cost. To avoid the risks that arelikely to be associated with the use of guidelines, clinicians should be assured that the existenceof a guideline does not in and of itself create a standard of care and that guidelines, although theymay be instructive, do not set standards of care (although well-developed guidelines shouldarticulate agreed-upon standards of care). Risk managers should advise clinicians that, despite theexistence of a guideline, their skill and judgment based on a careful assessment of the patient’scondition can and should preempt the recommendations of a guideline. Case law, at least to date,supports this position.

Multisite Challenges

The sheer number of sites where clinical care may be provided or that have affiliation or networkagreements makes it essential that the risk manager create tools that can empower staff at thesesites to understand and manage their own risks. Risk management will increasingly become aresponsibility of all staff who will rely on the risk manager for support and advice but willultimately be responsible for on-site control of risks inherent in the operation of their business.

Tools that are developed should focus on those proactive strategies that enable all healthcareprofessionals working in a particular area to identify issues unique to their area that may give riseto risk and to modify those risks in a manner that will allow for a safer environment with staffincreasingly aware of the risks inherent in providing care in a specific area or setting. Tools thatcontain specific questions about an area can be developed and are useful for assisting managerand clinicians in recognizing and managing their own risks.

Capitation

Health plan contracts create both opportunity and risk for healthcare organizations. Under manycontracts the reimbursement from payers is capitated, with the healthcare organization receiving afixed sum per member per month regardless of the intensity of services that the member receives.Understanding the financial risks assumed under these contracts and either funding for those risksor transferring them to a third party require many of the same skills that the risk manager uses tomanage the clinical risks that are part of all healthcare organizations. Once the total risk beingassumed is quantified, the risk manager, working with the chief financial officer or health planadministrator, can evaluate the best ways either to fund for or to transfer this risk.

Financial Incentives and Cost Control Programs

Incentive payment systems link provider compensation to the provision of cost effectivehealthcare. An incentive system is meant to encourage providers to render only care that isnecessary and appropriate. Financial incentives can take a variety of forms, and depending on theoutcome of care patients may view the incentive programs as having influenced their providers’medical decision making.

Cases are beginning to emerge that allege that physicians whose salaries are based in part on anincentive structure that predicates payment for services based on utilization of services maketreatment decisions based more on their financial reward than on the well-being of the patient. Itis imperative that financial incentives be structured in such a way that they do not have theappearance of encouraging this type of behavior.

Whether the cost control program of the health plan creates a financial incentive for physicians toprovide inadequate treatment was raised in a recent legal opinion.12 The case involved a delay inthe diagnosis of cervical cancer due to the failure of the primary care physician to order a Papsmear. In this case, a health plan participant brought suit against the health plan alleging that thecontractual agreements between the health plan and its providers encouraged physicians not torefer patients to specialists. The court found that the plaintiff had offered evidence establishingthat the cost control system contributed to the delay in diagnosis and treatment. A formal opinionon this issue was never rendered, however, because the case was settled during trial for anundisclosed amount.

In another well-publicized case, Fox v. HealthNet, a California jury awarded nearly $90 millionto the estate of a breast cancer patient arising from the refusal of the health plan to pay for a bonemarrow transplant: $77 million was awarded as punitive damages.13 The health plan consideredthis procedure experimental and would not pay for any experimental treatment until it was proveneffective. According to reports in the press, testimony at trial included that of two women forwhom the health plan had approved identical treatments as proof that the treatment might haveworked.14 Furthermore, it was shown that the physician executive who denied payment for thebone marrow transplant received bonuses based on the denial of costly medical procedures. The

jury concluded that the health plan acted in bad faith, breached its contract of care with itssubscriber, and intentionally inflicted emotional distress.

This case represents a good example of how denial of access to treatment can expose a healthplan to liability. It also demonstrates how the emotional impact and negative publicity associatedwith the denial of treatment, even if the treatment has not been proven effective, can influence theultimate decision and the damage award. In a health plan environment, the primary carephysician, in conjunction with the health plan, acts as a gatekeeper in determining what hospitalor specialty physician services should be provided. The failure to meet the applicable standard ofcare in making these decisions can expose the primary care physician and the health plan toliability. In the Fox case, the treating physician recommended the treatment with the support ofthe two other health plan physicians who had used it for the two witnesses in the case, and thehealth plan, as gatekeeper, refused to pay for it.

These cases reveal that courts are willing to impose liability on health plans when inappropriatemedical decisions result from defects in the design or implementation of the cost containmentprograms, breach of contract, or bad faith in the denial of payment. The impact of a health plan’sfinancial incentives to contain costs has also been tested. If financial incentives result ininadequate treatment being rendered, the health plan could be held liable. These cases indicatethat members will seek redress if harmed as a result of the administration of cost controlprograms which deny them access to care, which delay care, or which deny payment fornecessary care.

Avoiding Liability Associated with Cost Control Programs

The design and administration of cost control programs should promote efficient care but mustnot corrupt the medical judgment of the physician. If a health plan overrides the medicaljudgment of the physician, it could be held liable for the consequences of the treatment ordischarge decision. To avoid liability in this regard, a health plan needs to ensure that its financialincentive and cost control programs include procedures that accomplish the following:

Utilize medical necessity criteria that meet acceptable standards of medical practice Review all pertinent records in determining the necessity of treatment Contact the treating physician before certification is denied Allow sufficient time to review the claim before denial Ensure that medical personnel approving payment denials are appropriately trained, have

met established minimum qualifications, and have the requisite knowledge to assess theappropriateness of care

Maintain policies and procedures that ensure that operations do not interfere with thephysician-patient relationship regarding the duration and level of medical care

Carefully document procedures used to deny certification of care (coverage restrictionsneed to be adequately described in materials given to health plan members, especiallywith respect to experimental or investigational treatments)

Devise a mechanism for communication of programs to members, especially financialincentive programs

Risk Financing

The professional liability and business risks that are associated with health plans have fairlyconsistently been insurable under standard insurance contracts. Many creative products and

concepts are being developed for the control or minimization of the financial risks that areinherent in capitated contracts or for the balance sheets fluctuations that are possible during aperiod of time when there is considerable volatility in the financing of healthcare services. Theconcepts underlying the financing of all these risks are the same and are consistent with the riskfinancing skills that were practiced by many risk managers before the emergence of health plans.

Utilizing the Risk Management Process to Control the Risks of Health Plans

The risk management process is generally structured around loss reduction techniques (whichinclude the identification of risk, the elimination of risk whenever possible, and the control ormanagement of risk when it cannot be entirely eliminated) and loss transfer (techniques whichinclude determining the economic risk associated with various types of loss and selection of thebest methods either to finance risk internally or to transfer those risks to a third party, generallythrough the purchase of insurance). These processes can be successful in managing the emergingrisks that are created by a managed healthcare system. Obviously, the techniques will need to betailored to the specific needs of each organization, particularly as health plans becomeincreasingly dominant.

Because it is essential that the risk manager understand the scope of potential risk in the hospital,health network, or integrated delivery system, the first step will be to develop effectivecommunication links with those parts of the organization that are responsible for the strategicgrowth of the hospital into a health plan partner or into the hub of a health plan network.Anticipating risk and being able to plan for it will greatly enhance the likelihood that risks createdby the new delivery model will be capable of being controlled. Educating all staff, includingadministration and healthcare providers, about the emerging risks that are associated either withthe delivery system created by health plans or with the clinical delivery system that is moredecentralized because of health plans will be an important function for the risk manager. The riskmanager may achieve the greatest success by developing tools that can be used by others to assessand manage their own risk. Making each member of the healthcare team responsible formanaging the risks created by this complicated new healthcare delivery model will be the onlyway to ensure success.

Conclusion

Risk managers must continually monitor emerging risks and design comprehensive strategies formanaging them. Unlike the traditional role of the risk manager in a hospital, where a singleperson or a designated risk management staff is central to the risk management effort, in a healthplan or integrated delivery system everyone will have to become engaged in the process ofproactively identifying and managing risks. A brief checklist follows that will assist the riskmanager in managing the process of providing healthcare in a health plan environment:

Design department-, unit-, or function-specific assessment tools that can be used easilyby managers and clinicians to assess risks associated with specific environments oractivities. Make risk management everyone’s responsibility!

Continually monitor case law and developing trends in health plans and design a systemto provide information about new developments to all staff working in the health plan ornetwork.

Never underestimate the importance of a rigorous credentialing process that allows forthe careful screening of all healthcare providers—physicians and advanced practitioners.

Make certain that this process is in compliance with state and federal law and that itmeasures both credentials and competence.

Verify that a comprehensive process exists for utilization management activities.Ascertain that decisions about patient care are based on the best interest of the patient, notprimarily the financial interest of the provider or the health plan.

Develop a system that allows risk managers to be involved in the assessment of potentialnew business opportunities or entities before their becoming part of the organization ornetwork. This will allow for a clear understanding of the risks to be assumed and for thedevelopment of a plan to control, eliminate, or transfer those risks.

Develop the risk management role as one of a consultant whose advice and expertise aresought whenever issues of potential liability arise.

Endnotes

1. B. Youngberg, Essentials of Hospital Risk Management (Gaithersburg, Md.: Aspen,1990).

2. P. Boland, Making Managed Health Care Work: A Practical Guide to Strategies andSolutions (Gaithersburg, Md.: Aspen, 1993).

3. Employee Retirement Income Security Act of 1994, 29 U.S.C. Section 1001 et. seq.4. Corcoran v. United Healthcare, Inc., 965 F.2d 1321 (5th Cir. 1992), cert. denied, 113

S.Ct. 812 (1992).5. Federal Employees Health Benefits Act, 56 U.S.C.A., Section 8901 et. seq.6. R.J. Hester, “Health Plan Liability Concerns,” in 1992 Health Care Law Update (Florida

Bar Lecture Program, 1992).7. B. Youngberg, Managing the Risks of Health Plan (Gaithersburg, Md.: Aspen, 1996).8. C.S. Doyle, Managing the Risks of Health Plan, Journal of Healthcare Risk Management

14 (1995): 3–7.9. S. Hagg-Rickert, Medical Staff Credentialing and Privileging Determinations: The

Emerging Role of the Risk Manager, Perspectives in Healthcare Risk Management 11(1991): 2–4.

10. Wickline v. State of California, 192 Cal.App.3d 1630, 239 Cal. Rptr. 810 (Ct. App.); cert.granted, 727 P.2d 753, 231 Cal. Rptr. 560 (1986); review dismissed, case remanded, 741P.2d 613, 239 Cal. Rptr. 805 (1987).

11. Wilson v. Blue Cross of California, 271 Cal. Rptr. 876 (Cal. Ct. App. 1990), reviewdenied, No. S017315, 1990 Cal. LEXIS 4574 (Cal. 1990).

12. Bush v. Dake, File No. 86-25767 No-2 (Mich. Cir. Ct. 1987).13. Fox v. HealthNet, No. 219692 (Cal Super. Ct. 1992).14. Los Angeles Times (7 April 1994): D-1.