Caradigm Population Health Solutions Support Care Coordination Institute’s 3-Year NCQA Case Management Accreditation

Post by Cindy Friend, RN, BSN, MSN, MBA/HCA

Vice President of Clinical Population Health Solutions & Transformation

The Care Coordination Institute (CCI), based in Greenville, SC, was awarded a three-year Case Management Accreditation from the National Committee for Quality Assurance (NCQA). To achieve accreditation, CCI passed NCQA’s rigorous and comprehensive independent review of their policies, procedures and the Caradigm Care Management software that CCI uses to support their care management program. This accreditation demonstrates CCI’s commitment to providing the highest level of care for the patients they serve.[1],[2] Not only did CCI achieve the highest level of accreditation from NCQA, they did so in notable time. CCI and Caradigm attribute this success to the preparation and collaboration of their respective teams.

The Accreditation Preparation Process

The NCQA Case Management Accreditation evaluates policies, procedures, and systems that define and support the applicant organization’s care management programs. CCI had to demonstrate their ability to:

  • Evaluate and identify care needs
  • Assess and manage patient interactions
  • Track and report on the outcomes of patient populations

Preparing for the NCQA site visit was no simple feat and was almost a year in the making. CCI submitted their application to NCQA in March 2017. CCI began an intensive gap analysis of their current practices, and refined their policies and processes to address accreditation requirements.

Simultaneously, the Caradigm team evaluated the NCQA Case Management Accreditation requirements related to the population health management system and discovered that half of the accreditation points are attributed to the use of technology. The requirements to assess the population, document care management, and track and report outcomes are supported by Caradigm applications, with most covered by Caradigm Care Management. To support the application process, Caradigm provided CCI with a comprehensive crosswalk document detailing how the Caradigm applications support the various NCQA Case Management Accreditation requirements.

On October 10, 2017, CCI submitted their policies, procedures and other documentation to NCQA as required. They completed two preliminary calls with the NCQA by the end of November, and performed the chart review for a six-month look-back period from April to October 2017.

“The Caradigm Care Management software was one of the key components to our success in demonstrating compliance with the rigorous NCQA Case Management Standards. We appreciate the support the Caradigm team brought to our NCQA survey preparation.”

Nancy Markle, RN
Vice President of Care Transformation, CCI

The Result

The audit component of the NCQA survey went very smoothly. That success is attributed to the collaboration of the CCI and Caradigm teams in ensuring that the care management program and systems incorporate all the key components for optimal population health management.

“The auditor indicated Caradigm assessments included everything required for accreditation.”

Christin Evans, RN
Training & Systems Manager, CCI

In Summary

As healthcare transformation continues to mature, accreditation standards and guidelines will also evolve. A major component of accreditation is the use of population health management solutions since half of the available points for Case Management Accreditation are attributed to technology supported capabilities. Health IT provides the means to efficiently document assessments, automate workflows and generate care plans.

Accreditation organizations require the use of population health solutions to demonstrate that care management organizations are equipped to manage large cohorts of diverse patient populations. This requirement is due to the vast amounts of data maintained in disparate systems that organizations need to aggregate, analyze, measure and report. Maintaining accreditation demonstrates an organization’s competency and proves their compliance with quality standards.

When Frost & Sullivan gave Caradigm the Health IT Leadership Award they noted that Caradigm strives to ensure that its healthcare clients thrive amid the ongoing transformation of the core realm of value-based care (VBC) in the US healthcare marketplace.[3]  Caradigm is committed to developing solutions that lead innovation in population health management and proud to be a partner with CCI in their continued success.


[1] National Committee for Quality Assurance.  Care Coordination Institute:  Accreditations, Certifications, & Distinctions Earned by This Organization.

[2] Care Coordination Institute.  (2017).  CCI Receives NCQA Case Management Accreditation

[3] Caradigm.  (2017).  Caradigm Named Recipient of 2017 Frost & Sullivan Product Leadership.

Quality Reporting Season

Post by Josh Schwartz

Healthcare Analytics Program Manager

As you prepare to submit your organization’s clinical quality data, let us take a look back at the changes the Centers for Medicare and Medicaid (CMS) implemented this year and some strategies for success with quality reporting and ongoing quality improvement efforts.

Consolidation and Simplification of Reporting

The end of calendar year 2017 (CY 17) marked the completion of the first year of the Quality Payment Program (QPP). QPP consolidates the various innovative payment models with the intent to move Medicare physician reimbursement away from fee-for-service and towards a value-based care model. As all Medicare physicians move towards value-based reimbursement, a two-year transitionary period (CY 17 & 18) allows reporting providers to ramp up to the ultimate levels of cost savings and quality improvement goals in 2019 that they will be accountable for moving forward. The chart below breaks down the percentages of reporting categories by weight, with payments being adjusted two years following the calendar year of the reporting period. In CY 17 the quality category made up 60% of the payment calculation and after the transition to more cost accountability it will remain equally important, representing nearly one-third of the total cost calculation.

Calendar Year Payment Year Quality Cost
2017 2019 60% 0%
2018 2020 50% 10%
2019 2021 30% 30%

Already during this transition period, CMS has received a lot of feedback in consolidating and simplifying its payment and reporting programs to use the same reporting options. In CY 17 the CMS Web Interface replaced the Group Practice Reporting Option (GPRO) of the Physician Quality Reporting System (PQRS) as the “self-service” reporting mechanism for group practices. It is in this interface that CMS uploads a list of patients for which clinical data points and quality measures must be reported. On January 8th these lists were uploaded, with the submission window running from January 22nd until 5pm PST on March 16th. Providers need to prepare immediately to ensure that their data is validated and reported in a timely manner.

Best Practices for Reporting and Performance Analysis

Quality reporting is an involved process that requires data documentation, data validation, and audits to capture and populate thousands of clinical data fields. Having a plan in place for a systematic approach to completing the web interface template will go a long way towards a successful reporting effort.

  1. Start early. The window from the time the patient sample is provided to the deadline for reporting is 10 weeks. You may have to perform hundreds if not thousands of chart audits to complete this process, so give yourself some extra time.
  2. Divide and conquer. If you have multiple clinics reporting together, make sure to delegate responsibilities in an effective manner.
  3. Develop a timeline. Establish internal check points, milestones and deadlines to ensure progress is on track.
  4. Review your work. Leave time to complete spot checks and conduct self-auditing before submission.

While these steps will guide an efficient and accurate quality reporting effort, regular analysis of clinical quality data remains a keystone of population health. Evaluating quality measure performance at the provider group, facility, and individual provider level enables you to identify areas that need performance improvement and learn from established best practices that can be replicated across provider networks. Incorporating performance review into regular workflows and quality practices will help avoid scrambling at the end of the year to improve performance and serve as the foundation for improvement year over year.

Caradigm Quality Improvement and CMS Web Interface Extract

To facilitate quality management, we have continued to iterate on our quality improvement application, Caradigm Quality Improvement. Leveraging the power of the application’s Advanced Computation Engine, quality measure performance can be evaluated across your organization at all levels. Empowered with this information and the ability to conduct root cause analysis, you can use the application to conduct quality improvement campaigns. The highly configurable solution integrates with the workflows of quality managers and clinicians.

We take our commitment to quality management a step further with the Web Interface Extract. This feature provides an extract of the clinical variables required by CMS for the reporting of quality measures. We do this by running the patient sample list provided by CMS against the Caradigm Intelligence Platform, and then extract and translate the data into the format required by CMS. This extract is then transmitted back to you to serve as the basis for your organization’s reporting.

While clinical quality is top of mind during the reporting period, it is important to remember that quality is the responsibility of everyone involved in the delivery of healthcare for the sake of patients. Good luck with your submission and happy Quality Reporting Season!


For more information on the content or author, please contact us.

Weathering Change and the Promise of Digital Transformation in Healthcare

Post by Neal Singh

Chief Executive Officer, Caradigm

Providers are among those most impacted by the turbulence in today’s healthcare landscape – whether it be adding facilities, covering more patients, changing leadership, providing additional services, or entering new value-based programs such as MACRA, Bundled Payments, or DSRIP. The “Quadruple Aim” was put forward to address the experience of providers in delivering care that is increasingly tied to cost and quality metrics. The so-called, second wave (post-EHR) of digital technology might be their greatest hope as providers manage this massive transformation to new value-based care and reimbursement models.

With clinicians supporting new populations, managing multiple data sources, and being tasked with additional processes, the burden of administrative tasks should be eased through the availability of resources that drive efficiency and enable a community-oriented, risk-based care approach. Paradoxically, it seems the introduction of new technology and processes can often be an added weight for clinicians to learn and adapt to. As we continue down the path of digital transformation, these tools should evolve to smoothly integrate into workflows and yield quick, measurable benefits for teams.

So how do organizations scale activities and enable their teams to deliver care more efficiently and consistently throughout this period of rapid change?

Weather the Uncertain Regulatory Environment

While lawmakers continue to battle it out we should face one fact: value-based care is here to stay.  Providers should push forward with a “no regrets” strategy. Prioritize efforts to drive more consistent, efficient and coordinated care, integrate your IT systems to support accurately forecasting patient risk, lowering cost structures, and building deeper relationships and loyalty with patients. Providers should not miss out this is an incredible time of innovation in healthcare that I believe is going to accelerate even more as healthcare organizations build off their early successes and learnings. With uncertainty in legislative direction for healthcare (ACA, Value Based Payment Reforms, etc.), providers may feel uncertain about their IT buying decisions. Rather than feel uncertain, I suggest providers should continue moving forward, with a keen focus on flexible and extensible solutions to support any outcome of legislative direction.

Quick Time to Value with an Eye for the End Game

Healthcare organizations need strong capabilities to aggregate data from across the community to connect all clinicians responsible for a targeted population. Providers should demand short implementations to ensure rapid time to value. Beyond this, seeking a flexible and configurable solution “future proofs” the organization to accommodate new programs that may be launched. This “future proofing” will provide organizational agility to rapidly configure to meet continuously evolving payment reforms and legal requirements. Selecting a population health tool should include an evaluation of the vendor’s ability to meet organizations where they are and grow with them across programs, such as Medicare Shared Savings Program, Comprehensive Primary Care Plus, Bundled Payments, etc.

Intelligent Analytics and Sophisticated Tools

Finding tailored software applications that enable clinicians to streamline workflows will drive positive results throughout your organization and help achieve scalability. Tools that facilitate targeted care management activities for prioritized patients will support care team efficiency. Interoperability is especially key in the case of mergers and acquisitions, considering the critical need to bring together data from potentially dozens of systems. Sophisticated risk stratification tools that consider clinical and claims data, financial information, social determinants, behavioral factors, and that employ predictive analytics will further help organizations determine where to focus constrained resources to achieve the highest return and greatest impact on patient outcomes. These are all factors to consider when searching for the right IT solutions to support your organization’s growth and goals, while advancing the health of the population.

Application Integration into Clinical Workflows –  They Can Only Use It if They Can Find It

While many providers recognize the value of using data and analytics to improve the quality of care and lower costs, there are many that have not yet integrated these directly into clinical workflows to realize the greatest impact and efficiency. This integration is especially important for accountable care organizations (ACOs) and clinically integrated networks (CINs). Timely access to data is critical when you are responsible for the health of a population of patients who may be geographically dispersed and receiving care from several hospitals or specialists. IT solutions should be leveraged to surface gaps in care, risk scores, and full medication histories so that a clinician can make educated care decisions while in the presence of the patient.

Value-based care initiatives should be addressed as a series of interconnected activities rather than as distinct, siloed efforts. A successful strategy takes a team-based approach and engages staff across different facilities to focus not only on individual patients with individual diagnoses, but also the health and wellness of the community. IT solutions need to create a unified user experience to support the interconnectedness that plays an integral role in an organization’s evolving strategy. ACOs and CINs should integrate an enterprise solutions portfolio encompassing the capabilities critical to success in value-based care programs, including: data control, healthcare analytics, and care coordination and engagement. Providers should also partner with vendors that have deep industry experience to provide advisory services. The pace of change in our industry continues to accelerate, and no organization should feel they are navigating these waters alone.


For more information on the content or author, please contact us.

The CMS and NAACOS results are in… What they are really telling us…

Post by Cindy Friend, RN, BSN, MSN, MBA/HCA

Vice President of Clinical Population Health Solutions & Transformation

Earlier this month, the Centers for Medicare and Medicaid Services (CMS)  released the 2016 shared savings results for the Pioneer and Next Generation (Next Gen) accountable care organizations (ACOs).  In addition, the National Association of ACOs (NAACOS) released the findings of its annual survey.  The results give us hope that this whole “let’s work together to make it better” attitude might just actually work, but we must evaluate the findings a little deeper to better understand correlations between the results and where ACOs need to focus to be successful in value-based risk arrangements.

While CMS did not post the quality results for the Next Gen program participants, it is likely that a few did not have good insight to their financial performance as they must share in losses.  CMS did publish the overall quality score for the Pioneer program participants.  Most notably, a couple of Pioneer ACOs that did not receive shared savings had outperformed many of their counterparts in quality.  As a case in point, Partners Healthcare ranked 3rd with an overall quality score of 94.51% and while it appears that they did not generate losses, they may not have met the minimum savings rate (MSR) required to share in savings.  Michigan Pioneer, on the other hand, had the lowest overall quality score, though still commendable, at 88.93% and achieved a shared savings of almost $7.5M!  These are impressive results and give optimism to others that are on the cusp.  An interesting statement from the introduction of the NAACOS survey:

“Overall, we found that a large number of ACOs are currently considering or have firm plans to participate in future risk-based contracts (47 percent planning for shared savings/shared risk and 38 percent planning for capitation), although care management strategies are largely unchanged. This and the data below suggest that ACOs are slowly becoming willing to accept increased financial risk, but they are largely still learning how to actually manage populations.”

Many organizations spend years focused on building governance, engaging physicians, and talking about what to do – what they fail to or wait too long to focus on are the key items for which they will be measured.  I understand that gaining buy-in and establishing governance are important when you’re first putting an ACO together, but the CMS shared savings results illustrate why ACOs must focus on two additional core tenets to help drive their success – analytics and improved care management strategies.  A few tips to help you advance your analytics and care management efforts are outlined below.

    Successful ACOs have acquired and adopted some sort of analytics technology, but those that are most successful identify IT systems that are able to provide insight across three domains: 1) population risk, 2) quality measure, and 3) cost. ACOs must evaluate their current data analytics capabilities, identify any gaps, and determine the best approach to resolving these gaps.  In some instances, an organization may choose to implement a new enterprise platform; in others, it may be most efficient to integrate a solution to fill the need.  Regardless of the system architecture approach, for a complete view of the population’s health an organization must have the following analytic capabilities:

    • Risk stratification – This type of system will integrate an industry-accepted risk adjustment scoring methodology that will stratify the entire population, while also providing additional data points for analysis. Ideally, the system allows the user to electronically assign these patients to care management for intervention.
    • Clinical quality measures – A clinical quality measures system will provide insight to performance at the quality program level (e.g., HEDIS, CPC+, MIPS, etc.). The system must allow drill down through the measure into the practice, to the provider, and to the patient level.  As patients with gaps in care or measure compliance issues are identified, the system should allow the patient to be electronically transitioned into care management.
    • Financial and utilization insights – These systems provide analytic views of integrated clinical and claims data to reveal, in real time, utilization patterns across populations, care settings, networks, and payers. Systems that can track and trend utilization and cost information, including drill down to the per member per month, is key.  As with the other systems above, the user should be able to electronically forward patients directly  into a care management system.

The capabilities of population health analytics tools have grown significantly over the past several years.  ACOs and other clinically integrated networks, as well, have a tremendous opportunity to position themselves for success by securing the tools and systems that will equip them with the information and insights needed to manage their patient population.  Failure to leverage the power of a complete view (including cost and quality data) analytics platform will have a detrimental impact on an ACO in a risk-based arrangement because they may succeed in quality but not have visibility to their costs and vice versa.

    Organizations that are thinking ahead will select an analytics system that enables users to electronically send patients identified for care management during the analytics process directly to a care management system. ACOs must have the proper tools to support care management activities to effectively manage and measure performance and drive patient outcomes.  ACOs need to carefully evaluate and select a system that can support workflows and processes across the care management paradigm including:

    • Care management – The system must provide the clinician with a holistic view of the patient’s health information including, though not limited to: past medical history, problems, medications, allergies, vitals, personalized goals, etc. The system needs to allow the care team to efficiently document care management activities such as conducting assessments, performing medication reviews, developing care plans, etc.
    • Care coordination – The care management system should allow the clinician to track tasks and follow-ups (e.g., consult notes, patient call, etc.). The system should permit the care team to coordinate care amongst themselves, as well, such as assigning a task like a nutrition or social work consult, for example.  In addition, the care manager can electronically transmit a summary of care documents to another provider that is involved in the patient’s care.
    • Care transitions – The system should alert to the care manager regarding a change in care setting (i.e., ADT feed), and automatically create a task for the care manager to follow-up and support the patient in receiving the right care, at the right time, in the right location.

Organizations that opt to adopt care management technology tools will feel the effects in operational efficiency, team job satisfaction, and quality results.  It is practically impossible to manage the vast, complex, and diverse healthcare needs of a population without technology.

The NAACOS survey results express that many organizations that have not started any risk arrangements are very uncertain and feel as though it will be an average of three years before they are ready.  This uncertainty is likely spawned from the unknown but just remember while uncertainty is expected, avoidance is not an option – ultimately, it’s the right thing to do to improve quality outcomes and address unsustainable costs.  Those making a move today have it a little better than their predecessors with the advancement of population health technology for analytics and care management.  With these advanced tools, organizations are better equipped to take on the risk because they have a deeper insight to their population with the ability to identify and act on those patients who will benefit most from care management intervention.


On a final note, as a nurse, I couldn’t be more delighted as I read the section in the NAACOS piece about the value that the care manager role brings to improving healthcare.  It’s been years in the waiting as nurses have always held education, prevention, and wellness as core to our practice – and the recognition is heartfelt for all nurses.  While we have probably only begun to scratch the surface on improving our industry, it makes me proud to be a part of the transformation.

 For more information on the content or author, please contact us.


Becker’s Hospital Review.  2017.  How the Pioneer ACOs stacked up on shared savings, quality in 2016

Becker’s Hospital Review.  2017.  How the Next Generation ACOs compared on shared savings in 2016

Health Affairs Blog.  2017.  The 2017 ACO Survey: What Do Current Trends Tell Us About The Future Of Accountable Care?


When Compliance Dashboards and Annual Audits are Not Enough

Post by Christine Roecker

Senior Program Manager

Compliance officers can review data, search audit logs, and monitor areas of concern with most IAM products on the market.  In fact, in 2015 it was reported that eighty-two percent of organizations undertake enterprise-wide compliance risk assessment and two-thirds of those organizations conduct assessments annually, if not more frequent.[1]  However, risk assessment processes can be labor-intensive, complicated, and expensive, while barely breaking the surface of vulnerabilities and risk. Without the right tools in place, it would be a nearly impossible task for a compliance officer to know the intricate details of every position in the hospital and, further, every position’s dependencies on medical software applications.

Caradigm Provisioning Identity Management is more than just a compliance and identity management dashboard.  It also offers the checks and balances to manage and protect a hospital’s infrastructure, as well as the staff’s and patient’s PHI.  Using Caradigm Provisioning Identity Management’s compliance task feature, a review task can be scheduled or run ad-hoc to generate a real-time data report. The report can be assigned to managers across the organization to confirm their direct reports’ access permissions within assigned applications.  Imagine taking any set of data you wish to have reviewed – orphaned accounts, mismatched access, inactive users – and assign it.  The process is simple, intuitive, and deeply connected to the existing needs of the IT infrastructure given that it is all built into the same tool.

There is still a gap left in this periodic review process: “If access reviews are performed every six to 12 months, as is common in most organizations, what happens in-between the reviews? People change roles or leave the organization. Projects end. Yet those privileges remain longer than is necessary, even if good certifications result in accurate revocations every six months.”[2] With the ability to see user creation, modification and removal, review tasks can be created and assigned to managers to confirm inaccurate or lingering permissions and accounts that are no longer necessary. If a manager forgets to complete their task, reminder emails can be automatically sent. If a manager cannot review all tasks at one time, he or she can simply save their progress and come back to complete it at a more convenient time.  Further, the compliance task administrative view will let IT and compliance staff quickly determine which managers are out of compliance on their review.  Tasks can easily be reassigned and escalated if necessary to ensure all are completed in a timely manner.  In the future, if access needs to be reviewed, a manager can simply search for the review task and pull up the audit, comments, and complete access for a user.

Who has time to set aside months to prepare for auditors and their requested documents? With Caradigm Provisioning Identity Management, a compliance team can grant auditors access to read-only compliance task administrative dashboards and let them review full historic audit logs, user access reports and entitlement records, including the data output that was review, comments, timestamps and acknowledgements for the report in question.  This information can be easily shared and accessed, without any additional work by staff – allowing hospital teams to stay focused on their workloads and daily responsibilities.

Pairing the information revealed by Caradigm Provisioning Identity Management with Caradigm Single Sign-On & Context Management audit data, a user can find mismatched access privileges, unauthorized access to patient data, as well as inactive accounts. The power of an integrated identity management and access management solution allow compliance and security officers to have an easy view into potential risk areas within the organization and allow remediation with just a few clicks. Healthcare IT is rapidly changing to support continual risk assessment tasks, such as: monitoring for protocol breaches, maintaining role and application access, and facilitating frequent managerial review across the organization. A hospital’s IT compliance teams should seek and support the integration of tools that provide stronger monitoring and protection across the organization, saving them previous time in the process.



What to Look for in an Identity Governance and Administration Solution for Healthcare

Post by John Lammers

Vice President and General Manager of Identity and Access Management, Caradigm

In my previous post, I discussed the unique challenges that healthcare organizations face in the arena of identity governance and administration. In this follow-up post, we will review what to look for when choosing a solution for your healthcare organization.

First, let’s review what we mean by identity governance and administration. Gartner’s Magic Quadrant Report for Identity Governance and Administration[i] defines this as a set of identity management capabilities including: managing identity life-cycles, managing entitlements, and handling access requirements.

There are many supporting capabilities that are required to go from a set of point technologies to a fully-integrated solution for your organization, for instance: workflow orchestration, data validation, auditing, and reporting. In the healthcare IT environment, reach is quite important as well given that healthcare organizations utilize many disparate systems to provide the best possible patient care. Integrating those systems into a common process while automating as much of the identity management and identity governance activity as possible is essential, both to guard against breaches and to ensure that clinicians have secure and appropriate access to the applications they need from day one.

The following are identity governance challenges presented by the healthcare environment and what you can look for in a solution to address each of these.

Complex Staff and Identity Lifecycles

If you’re a typical hospital, change is your new normal. You have visiting specialty practitioners, students who come and go in waves and roles changing regularly. In recent years, we’ve seen a 70% increase in merger and acquisition (M&A) activity.[ii] All of this adds up to complex staff and identity life cycles. To mitigate the one-off and not-so-one-off changes, a strong solution is needed to support your organization’s control.

What to look for:

  • Workflow capabilities that help you orchestrate all of the activities within your processes
  • Unification of the human and automated parts of the process, so that you avoid identity management activity happening outside of and invisible to your process
  • Support for large inflow or outflow of staff in a short time
  • Support for staff members with changing roles or multiple roles

Flexible and Scalable Role Requirements

We see it over and over in our work with healthcare organizations. Different specializations, different sites, different systems and processes. It all adds up to a need for strong role management.

What to look for:

  • Ability to handle large numbers of roles
  • Ability to model your organizations roles and policies
  • Ability to detect outliers and inconsistency in roles
  • Ability to take action to resolve inconsistencies

Diverse and Continuously Evolving Technology Ecosystems

Healthcare IT organizations strive to deliver the highest quality, most capable systems to clinical staff. Taking advantage of innovative and best-of-breed tools leads to a diverse and continually evolving ecosystem of technologies. It’s critical that your identity management and identity governance solution encompass all your systems. One-off approaches to access control, auditing, and provisioning/de-provisioning accounts leads to situations where a clinical user has access to some of the applications they need; or when leaving the organization, have their access removed from some of those applications. This results in lost visibility, but also the potential for lost productivity and even security breaches. You need a solution that puts all your systems under a single identity governance process, and because that’s always easier said than done, the solution needs to give you a way to cover the basics right away, and then deepen integration (i.e., add automation) as time allows and based on ROI.

What to look for:

  • Ability to integrate with multiple HR systems
  • Ability to integrate with diverse IT support management ticketing systems
  • Flexible integration with of a diverse set of EHR (Electronic Health Record) systems, including systems that don’t provide easy remote access, such as systems without APIs, pre-accessibility era web applications, native apps, and even green screen systems
  • Facilities allowing you to handle operations manually and automate on your own timetable, while incorporating manual operations within a single, unified identity management process
  • Tools that put automation in the hands of your staff by making it easier to integrate applications
  • Services available to augment the capabilities of your staff

Scale and Criticality

Scale and high-availability matter to everyone, but every organization is unique in its specific needs. You need options that cover your scenarios today and will flex to accommodate changing needs.

What to look for:

  • Ability of the vendor to articulate their approach to high availability
  • Flexibility in the approach to disaster recovery and to services to guide you as you build your disaster recovery plan
  • Horizontal scaling (more capacity at a single location)
  • Geographical scaling (distributing capacity so that it’s near the users)
  • Throughput scaling (ability to handle bursts of high demand on the system)
  • A history of operating at scale in real production environments

Proactive Risk Mitigation and Breach Defense

No one wants to be in the news as the organization that just experienced a breach. No one wants to sideline valuable employees digging out information in response to an audit. Healthcare organizations must integrate risk mitigation into their day-to-day operations, and your identity governance solution can facilitate that.

What to look for:

  • Risks presented in a way compliance officers and managers can understand
  • Ability of take immediate action on a risk
  • Ability to leverage data to cross-check access that should be happening with access that’s truly occurring
  • Ability to integrate with complementary products, such as Fair Warning
  • Ability to create your own reports to surface risks unique to your organization
  • Audited workflow for all account actions
  • Support for scheduled, system-mediated and audited reviews of user privileges by managers and compliance staff


Over these last two posts, we’ve discussed the special challenges that identity management and identity governance present for healthcare organizations and what you should consider when evaluating solutions. Formulating your strategy for identity management and identity governance requires that you solve a multi-dimensional problem. At Caradigm, we address healthcare identity holistically. The importance of this approach is that we’re able to ensure that each aspect of the solution works with and complements the others. We have two decades of experience in healthcare identity and have assembled the industry’s only single-vendor identity and access management suite that covers the entire scope of identity management, secure access, and identity governance. To learn more about Caradigm’s solution to healthcare identity and access management, visit us at



Evaluating an Identity Governance and Administration Solution for Healthcare

Post by John Lammers

Vice President and General Manager of Identity and Access Management, Caradigm

In this post, we’ll explore the unique challenges that healthcare organizations face in the arena of identity governance and administration and in a follow-up post we will review what to look for when choosing a solution for your healthcare organization.

Before we discuss challenges, let’s lay out what we mean by identity governance and administration. Gartner’s Magic Quadrant Report for Identity Governance and Administration[1] defines this as a set of identity management capabilities including: managing identity life-cycles, managing entitlements, and handling access requirements.

Accomplishing these objectives effectively requires more than just these goal-centric capabilities. There’s a set of supporting capabilities that you need to enable your organization to accomplish identity governance and administration effectively: for instance, workflow orchestration, mechanisms to certify the correctness or appropriateness of the data, and a rich set of auditing, reporting, and analytics capabilities. In the healthcare environment, where change is the norm, it is key to automate and unify as much of this as possible.

Gartner’s Magic Quadrant for Identity Governance and Administration and the Healthcare Providers Context

Many people rely on Gartner for guidance when searching for technology providers and the go-to report is Gartner’s Magic Quadrant, which ranks customers along two axes: ability to execute and completeness of vision. But did you know that the Magic Quadrant for Identity Governance and Administration only evaluates horizontal technology vendors? This means that, if you’re only looking at the Magic Quadrant, you’re missing companies that focus solely on a single vertical, such as healthcare.

Recognizing the unique needs of the healthcare vertical, Gartner has included a “Healthcare Providers Context” section in their Magic Quadrant Report for Identity Governance and Administration, and Caradigm is included as a “notable vendor”—the only one on the list that focuses exclusively on healthcare. This section of the report discusses the regulatory and integration challenges that set healthcare apart and provides guidance on what to look for when evaluating identity governance and administration solutions in a healthcare context. At Caradigm, we believe that our choice to focus solely on healthcare is our strength and one of the key differentiators of Caradigm Identity and Access Management.[2]

What Makes Healthcare Unique?

The nature of a healthcare organization’s workforce, processes, and information systems presents unique challenges. On top of this, healthcare organizations face an evolving regulatory environment, an ever-increasing threat from data breaches, and the cost of compliance and continual risk assessment.

Complex Staff and Identity Lifecycles

Change has become the new norm for healthcare organizations. In recent years, we’ve seen a 70% increase in merger and acquisition (M&A) activity.[3] Even outside of M&A activity, many healthcare organizations have staff members that come and go or change roles over time. For example, it’s common in teaching hospitals to have a large number of staff entering or leaving the organization or changing roles over a short span of time. Similar issues can be observed in the use of specialty practitioners. All of this adds up to complex identity life cycles in the healthcare space.

Flexible and Scalable Role Requirements

Healthcare isn’t an industry where you can cover your organization with a half-dozen roles. Organizations can have hundreds or even thousands of roles representing different specializations and different parts of the business. Just as M&A activity complicates identity lifecycles, it can result in an explosion of roles until the organizations involved reconciles them.

Diverse and Continuously Evolving Technology Ecosystem

Healthcare organizations are notorious for being late adopters of technology. But they’re also known for finding a way to react to emerging needs without disrupting reliable, critical systems. The result is a diverse technical landscape. A survey of accountable care organizations found that nearly 60% used multiple EHRs, and nearly 40% of medical practices have replaced or are considering replacing their existing EHR.[4] The mix of old and new systems means that your identity management solution must integrate with a wide breadth of technologies. Initiatives to standardize on large, increasingly-capable EHRs has reduced the number of applications in use, but most organizations continue to utilize many applications due to the value of specialty applications and best-of-breed approaches in areas strategic to the organization.

Proactive Risk Mitigation and Breach Defense

Healthcare continues to be hit hard by data breaches, and while incidents of hacking dominate the news, the most frequent cause of breaches is not hacking but inappropriate access by insiders.[5]

Against this backdrop, it’s critical that your organization have measures in place to guard against this. Rapid and complete de-provisioning of accounts is essential, as is conducting periodic reviews of the privileges assigned to roles or individuals and taking a proactive approach to detecting and remediating anomalies.

Selection of a Technology Partner is Key

A strong identity governance and administration strategy enables you to evolve your organization while maintaining compliance and preventing breaches. Selection of a technology partner is key, and looking to industry analyst reports and rankings can be great first step. For an industry as unique and complex as healthcare, it’s essential to read the fine print before shortlisting your vendor search. In a follow-up post, I will review some of the key features and functions of the capabilities needed to safeguard your organization and establish a quality identity governance and administration strategy for your teams.







MIPS and the Business of Healthcare

Post by Vicki Harter, BA, RRT

Vice President, Care Transformation

At this year’s Healthcare Information and Management Systems Society (HIMSS) conference, representatives from the Centers for Medicare & Medicaid Services (CMS) held multiple sessions where they reinforced the message that the Quality Payment Program and value-based programs are moving forward. Jean Moody-Williams, deputy director of the center for clinical standards and quality at CMS said “As we build the program, our goal is to achieve a 90 percent participation rate by all clinicians. That includes small practices as well.”[1] Other CMS officials touted tangible results that value-based care has been delivering, such as a “17 percent reduction in hospital acquired conditions across all measures from 2010 to 2013, to savings of $37 million from providers participating in the advanced ACO Pioneer program.”[2]

As about nine out of ten providers are expected to fall under the Merit-Based Incentive Payment System (MIPS) track of the Medicare Access and CHIP Reauthorization Act (MACRA), many providers are asking themselves whether they should fulfill MIPS’ minimum requirements or strive for more. Said another way, should their organization strive to be a MACRA All-Star? Is it worth it to commit the effort and investment required to max out potential bonuses?

There are four main inputs to consider as you create your data-driven strategy for performing under MIPS. The first is the amount of Part B Reimbursements that you are expecting currently, how much you have received in the past, and how much you expect to receive in the future. That is going to drive your bonus potential as a practicing system, which is the second input to consider. Your bonus potential is going to help you understand the amount of resources that you have available to make the necessary changes in your care team. This third factor is critical in driving your organization’s MIPS strategy as you may decide to change the workflows of your nurses and physicians or add a data analyst to help you take care of the populations that are now transforming your practice. And finally, consider the amount of data analytics you have in your practice. In the past, where have you performed? Where do you stand to gain? How much of a gap do you have to close to become a MACRA All-Star?

Providers should think about these key inputs they will need to evaluate for their MIPS strategy. What is my Medicare Part B Revenue today? What impact does MACRA have on it? Do I need to get ahead of payment rates that will remain basically flat? How many resources will be impacted by MACRA reporting requirements this year, next year, in two years? Can I earn a bonus that makes a difference to my business?

If you’d like to continue the discussion, please send a note here.



Have You Adopted Electronic Prescriptions for Controlled Substances?

Post by Jaimin Patel

Vice President IAM Program Management, Caradigm

When regulations for Electronic Prescriptions for Controlled Substances (EPCS) were introduced in 2010, more than 12 million people reported using prescription painkillers non-medically, and the number of painkillers being prescribed could have medicated every American adult for a month straight. [1] In response to the volume of both the abuse and prescribing of controlled substances, the Drug Enforcement Agency (DEA) set several regulatory requirements for healthcare practitioners and organizations that want to prescribe controlled substances by electronic means.

Initially, many providers were concerned about the strict security mandates. To be able to prescribe controlled substances electronically, the DEA requires a secure, auditable chain of trust for the entire process. In addition, the financial and IT resources required to implement the appropriate solutions for EPCS can be challenging for smaller organizations.

With only 1% of e-prescribers being enabled for EPCS as of December 2013, adoption was a concern as prescription abuse remained a prominent societal issue. [2] In 2014, almost 50,000 people died of drug-induced causes in the United States. [3] In 2015, opioids alone killed more than 33,000 people. [4] The unavoidable reality of opioid abuse in society led to additional state laws and regulations following the DEA mandate in 2010, which resulted in broader EPCS adoption. As of September 2016, 20.2% of e-prescribing providers were enabled for EPCS. [5]

Caradigm offers an integrated and comprehensive solution for EPCS workflows that is a seamless extension of our industry-leading Identity and Access Management (IAM) portfolio. Caradigm’s Multi-Factor Authentication (MFA) solution for EPCS offers a variety of integrated authentication options ranging from biometric fingerprints, hard & soft token authentication, as well as mobile authentication. These options allow your organization to implement the best authentication solution to meet your prescribers’ needs.

The DEA requires identity proofing for prescribers that access EPCS controls within an electronic medical record (EMR). Caradigm Provisioning Identity Management ensures that appropriate checks and balances are applied for an organization before granting a prescriber EPCS rights within an EMR. Further, when the prescriber no longer needs EPCS privileges, Caradigm Provisioning Identity Management can seamlessly update these permissions in the EMR while notifying appropriate members in the organization. This integrated solution ensures that no unauthorized access is granted for prescribers.

Caradigm’s EPCS solution has been deployed at number of sites where users are benefiting from integrated Single Sign-On for fast and efficient access into their applications and MFA for EPCS workflows.

Overall, it’s hard to argue that EPCS is anything but a positive for the healthcare industry, and any organizations that have not adopted a solution for EPCS should act now. E-prescribing is a tool that increases efficiency, prevents the likelihood of fraud, and reduces the risk of controlled prescription errors. For additional information, please visit our EPCS page.







Embedding Evidence-Based Medicine into Transitions of Care

Post by Vicki Harter, BA, RRT

Vice President, Care Transformation

Population health is a journey over time and provider organizations understand they must begin with the most impactful programs. Providers have to prioritize and focus initial efforts to quickly bend the needle on patient outcomes such as reducing readmissions. When organizations ask me where others are seeing tangible initial success, I often tell the following story.

An outpatient care manager at one of Caradigm’s existing customers shared with me that the value of population health technology became clear for her after getting a real-time alert one day that one of her patients was in the ED. She called the ED and was told that the patient’s blood glucose levels were extremely high, and the ED nurse thought the patient should be admitted. However, the care manager informed the nurse that the patient’s numbers were actually the patient’s baseline, and recommended that the patient did not have to be admitted, which saved an unnecessary admission. The outpatient care manager was able to devise and implement an effective plan of care to address a variety of contributing barriers to care, and the patient outcome was improved.

This story is about taking the right action, in the right time frame, in the right care setting. In other words, how do you embed best practices into workflows to reduce variation in care? How do you help patients move through a confusing and disjointed healthcare system that can be overwhelming to navigate? Transitions of care is an area central to population health that for many organizations is an excellent place to focus your population health efforts. The following are a few best practices to think about as you develop your strategy.

Facilitate access to primary care

Coordinated care is a proven value for high-risk patients, however, it is often a challenge for patients to access primary care soon after being discharged. Some organizations have found it effective to enroll high-risk patients into a Patient Centered Medical Home (PCMH) as a standard practice to get them better connected to primary care, a care coordinator and other community resources. Another approach is to partner closely with primary care clinics and even embed a care manager, a transition focused mid-level practitioner or social worker into the clinic to specifically serve high risk transitions patients. Even offering telephonic transitions of care support to coordinate scheduling for patient can help.

Standardize interdisciplinary care

When multiple levels of clinicians partner effectively with defined pathways and shared information, it’s amazing to see the impact. For example, psychiatrists and social workers going to a PCP’s office to speak to patients. Pharmacists calling physicians to say a prescription ordered is far more expensive than other options. Home health that directs patients back to lower acuity centers if needed, and works with patients to prevent unnecessary ED stays. Some provider organizations have had success identifying non-employed physicians interested in adding home visits as an additional revenue opportunity. Population health is truly a team sport and technology can help support transparency and care traffic control, making patients more confident in a team based delivery model.

Embed practices into workflows

After establishing your care protocols and pathways, care management tools can help ensure they’re followed consistently. Intelligent plans of care can have pathways embedded in the patient care plan, assuring that steps aren’t missed. Role-based tasking can help a team of clinicians take the right steps, in the right sequence, all while working at top-of-license. As mentioned in the story earlier, alerts can let the appropriate care team member know when a patient has a change in status, whether an ED visit, observation stay or inpatient admission. Lastly, as it is common for patients to be managed in multiple EMRs, technology can play a big role in streamlining medication review and in overall information sharing by aggregating data from multiple EMRs. Performing standardized readmissions assessments can help determine root cause, support an automated plan of care to mitigate barriers and perhaps even identify patterns or discharge practices of care that require change.

Improving transitions of care, supports long term success in advancing quality, patient experience of care as well as managing the cost of care. Organizations should be thinking about strategies for scaling, risk stratification, solving for social determinants and reducing variations in care. Wherever your organization is today, if you focus on meeting patients where they’re at and guiding them through what is a complex healthcare system, you will have succeeded in a foundational strategy for long term success.