Monthly Archives: October 2016

Compliance Isn’t Enough: Improving Governance, Risk Management, Compliance


Post by Jaimin Patel


Vice President IAM Program Management, Caradigm

Change is the new normal in healthcare, which can come in many forms. Mergers and acquisitions, the formation of accountable care organizations and clinically integrated networks, having new groups of physicians arrive at a teaching hospital, or even the replacement of an EMR are just a few examples. From an IT perspective, the impact is that you constantly have new clinicians needing access as quickly as possible because it impacts patient care. IT and security professionals also understand that access has to be granted and managed in a manner compliant with the HIPAA Security Rule. However, with the increase in motivated and persistent security threats, healthcare as an industry has to move beyond the notion that our goal is only HIPAA compliance.

I recently heard Mac McMillan, CEO of CynergisTek, talk about this at the Caradigm Customer Summit where he stressed that compliance with HIPAA does not equal security. McMillan explained that HIPAA was designed to protect the privacy and security of certain health information. It was not intended to cover all forms of information or to be a complete standard for data protection.

A major part of the problem is that the HIPAA Security Rule, initially conceived in 2001, pre-dates many of today’s technology advancements. It did not envision cloud computing, mobile devices, networked medical devices, wearables, population health applications and many other advancements seen since that time. It also pre-dates many of today’s evolving threats such as cyber-extortion (e.g. ransomware), cyber-espionage, hacktivism, and specific threats such as phishing and zero day attacks. Consequently, if healthcare organizations are focused solely on compliance, then their security is inadequate.

McMillan called on healthcare organizations to think and act differently when it comes to data security and privacy. It’s about greater due diligence, day in and day out and aligning with your organization’s broader Governance, Risk Management and Compliance strategy. For identity and access management risk, greater security can involve improvements such as the following:

  • Employing a role-based security model to enable more precise granting of access
  • Automating provisioning and deprovisioning so that role changes are made efficiently and accurately
  • Using analytics to proactively search for potential risk such as orphaned accounts or mismatched entitlements
  • Streamlining workflows to evaluate and remediate threats faster across many applications
  • Performing audits more efficiently by empowering managers to review and attest to their direct reports’ entitlements

When I speak to healthcare organizations, I recommend that they consider getting the tools in place now so they can be prepared for when change hits their organization. It’s going to happen eventually. Having the right tools not only makes your organization more secure, it makes your staff far more efficient, and will deliver to your clinicians timely and accurate access. There’s not many IT projects that can claim this trifecta of wins for your organization. If you’d like to learn more about the value provisioning and identity management tools can bring to your organization, please download this whitepaper here.

How Bundled Payments is Driving Care Transformation and Patient Engagement


Post by David Lee


Product Marketing Manager, Caradigm

Bundled payments was one of the most discussed topics at the recent Caradigm Customer Summit, our annual gathering of industry leaders to share best practices in population health and information security. Matt Stevens, Senior Director with The Advisory Board highlighted bundled payments in his presentation as a program that CMS believes will push the needle in reducing cost variability while improving outcomes for high volumes of patients. He said more mandatory bundles (e.g. cardiac, expansion of Comprehensive Care for Joint Replacement) could be coming and that the intersection between bundled payments and MACRA is only likely to grow as it could become tied to the Advanced Alternative Payment Model (APM) track in the future. Matt recommended that hospital systems prepare to deliver both a broad clinically integrated network as well as excellence in individual bundles that can be decoupled and offered to patients in ways that offers them greater value.

We also heard a number of provider organizations (St. Luke’s University Health Network, United Surgical Partners International, Genesis HealthCare and Greenville Health System) explain why bundled payments is one of the most important pieces of their overall value-based strategy. The bundled payment program drives operational learning and experimentation so that expertise and care process improvements can be built, which then trickles down to other parts of the organization and to multiple populations of patients (e.g. Medicare, commercial populations). As that expertise grows, workflows improve and patient quality metrics improve (e.g. reduced readmissions, lower utilization), Our customers said this helped them gain confidence to scale their programs and also engage in additional value-based initiatives.

Another key aspect of bundled payments discussed was that it pushes providers to develop a high-touch patient engagement model. We heard from everyone that developing patient relationships is not easy, and that they take time. Not only is it a major change for patients to communicate more frequently with providers, the conversations are also different. For example, providers are now discussing with patients why it could be beneficial in certain situations to recover in their own homes rather than stay in a skilled nursing facility. We also heard one customer say that patients often hang up on them during a follow-up call thinking it’s a solicitation call. In this shifting dynamic, providers are trying to establish the groundwork for deeper patient relationships earlier in the care process so they can set the right expectations ahead of time.

Overall, it was exciting to hear that the bundled payments program is having a meaningful impact on patient outcomes and is helping organizations achieve financial success in value-based initiatives. We heard throughout the Caradigm Customer Summit that population health is where healthcare has to go to improve the health of the highest-risk patients. Bundled payments is a key program that will help healthcare providers advance down the path to population health. If you’d like to learn more about how Caradigm is supporting bundled payment initiatives through its enterprise care coordination software, then please send us a note here.

MACRA Final Rule: Empowering Physicians and Health IT


Post by Corinne Stroum (Pascale)


Director, Program Management – Healthcare Analytics, Caradigm

It’s the moment that Medicare Part B clinicians and healthcare administrators have been waiting for. The final release of the MACRA Quality Payment Program! Health & Human Services released the rule amidst much publicity, a response to thousands of comments and industry feedback throughout the year.

I would summarize the theme of the final ruling as, “Empowering physicians to achieve the Triple Aim through choice and health IT”.  My colleague Dr. Brad Miller, who contributed to the ideas in this post, also said it well in this recent blog post: “CMS’ ultimate goal with MACRA is to move healthcare further to a system based on quality, and to accelerate the shift in how providers use technology to improve patient care and outcomes.” Here are some of our key takeaways on the final release:

  • Per the earlier “Pick your Pace” communique from acting CMS administrator Andy Slavitt, clinicians can still choose one of three participation pathways for Performance Year 2017:

      – Submit minimum data by March 2018 to avoid a negative payment adjustment

      – Submit partial data to earn neutral or minimal positive payment adjustment

      – Submit complete data to earn a moderate payment adjustment

  • Clinicians will not be scored on the Resource Use category until 2018. In the absence of Resource Use, the Quality category raises to 60% of the MIPS composite score for PY2017.

– Overall, while choosing which quality measures to choose will remain a challenge, by pushing out the Resource Use category until 2018, CMS is giving providers more time to analyze their data and intelligence to drive the necessary practice changes for improved Resource Use performance.  Identifying these areas for RU and enacting change represents a significant practice and workflow re-design effort for providers and this extra year represents a more realistic timeframe under which providers can adapt.

  • Clinical Practice Improvement Activities have been renamed to the simpler, “Improvement Activities” category.
  • CMS has provided much clearer guidance on how existing alternative payment models (APMs) will qualify for different categories:

 – As previously assumed, CMS established the quality reporting requirements for Medicare Shared Savings Plan (MSSP) Track 1 as sufficient for the Quality category.

– Medical Homes, and advanced APMs, will earn full credit for the Improvement Activities category; MSSP Track 1 and Oncology Care will receive points based solely on their APM participation.

  • Advancing Care Information requirements differ based on EHR edition:

– Patient-generated health data is an opportunity for those reporting prior to the 2017 edition to start learning from the copious amount of wearable and patient-reported data now in the marketplace.

  • CMS has supplied the healthcare public with fantastic, easy-to-use resources on the new CMS Quality Payment Program (QPP) site.  Users can select and export their a la carte activities or measures for easy tracking.

Taken together, these changes reflect the ability of healthcare organizations to choose how they adopt MACRA.  First, providers have been given a little more breathing room to gather their understanding and strategy for MACRA overall.  This helps with the widespread sentiment that providers were overwhelmed on how and what to report in the first year.  Second, there is a more gradual focus of scoring on smart fiscal skills and slowed rollout of large downward payment adjustments which aims to decrease overall MACRA performance and financial anxiety.  Finally, CMS motivates providers to get ahead of the rule by supplying incentive bonuses for underrepresented types of quality measures or for demonstrating advanced registry usage.

2017 represents a time for providers to get educated on MACRA’s subtleties, gather needed data and intelligence and develop go-forward strategies to effectively evolve with MARCA.  This includes the hefty task of experimenting and training their practitioners, support staff and their tools like software solutions needed to succeed in future years.  This means organizations now have an opportunity to get ahead of the requirements by creating a MACRA strategy in the remaining 2016 and beginning of 2017 to establish a flexible foundation for MACRA success.  More directly and simply, CMS has listened to providers and given them more space and time to develop practice responses and strategies to adapt to this brave new MACRA world.