The Affordable Care Act has brought about many changes, one of which is laying the groundwork for new models in healthcare delivery. One of these new models includes Accountable Care Organizations (ACOs) - groups of doctors, hospitals, and other healthcare providers who come together voluntarily with the aim of providing coordinated quality care to Medicare patients. The providers are banded together contractually, separately incorporated, and frequently organized by a hospital and physician arrangements. There are also contracts with other providers such as nursing facilities, hospices, among others, to provide the care Medicare patients require.
The genesis behind the creation of the ACO model is to address skyrocketing healthcare costs by providing a continuum of care to Medicare patients. The objective is to improve the quality of care patients receive by providing coordinated care to help prevent repeat and extended hospital stays. In addition, ACOs can receive financial incentives from the government if they follow certain requirements, such as improving upon the historical track record of what it costs to take care of Medicare patients and demonstrating that the healthcare is of high quality. For example, the Centers for Medicare & Medicaid Services Center (CMS) requires that an ACO include on its board all the various constituents that represent Medicare beneficiaries and the community. In the CMS Shared Savings Program Model (SSP), an ACO board cannot be comprised of solely doctors and hospital members. It also needs to partner with community healthcare centers to demonstrate its commitment to improving the health of the community through quantifiable outcomes.
With the establishment of these ACOs both for Medicare patients and in the commercial market, there are a number of critical exposures these organizations face. We spoke with Chris Reese, Vice President of NAS Insurance Services, to find out more about the types of exposures to which ACOs are vulnerable. Founded in 1975, Encino, California-based NAS provides a full spectrum of specialty products on a wholesale, program, and reinsurance basis. NAS programs include: Abuse/Molestation, Cyber Liability, Network Security, Technology Liability, Social Services, MEDEFENSETM Plus, HIPAA Protector, Miscellaneous E&O, Tenant Discrimination Insurance, Sexual Misconduct Liability, Allied Healthcare, Non-Standard Physicians, Tax Audit and Miscellaneous Medical Malpractice.
Chris was part of the NAS team for seven years before rejoining the firm this past February after working on the retail broker side where she served the needs of the healthcare continuum. This included selling to multi-state healthcare institutions as well as taking care of the needs of two- and three-person doctor groups. Chris's experience encompasses looking at the entire gamut of exposures within the healthcare industry, including evaluating emerging liability exposures and helping to create insurance products to address them.
Annie George: What type of exposures does an ACO face?
Chris Reese (CR): "At the time an ACO incorporates, it immediately has an exposure for Directors & Officers (D&O) Liability, with one of the primary exposures being antitrust liability. Inherent in the very nature of the ACO model is that providers are contracting with one another and sharing information about prices and how they are conducting business. In theory, this appears to be detrimental to the consumer and to competitors leading to potential antitrust violations, but a Medicare ACO can structure its organization so that it falls within the safe harbors that the DOJ, FTC, CMS and other agencies have established. For example, the FTC and Justice Department have instituted an exemption, or safety zone, from antitrust scrutiny for alliances that account for up to 30% of Medicare fee-for-service business in local service areas."
"If you are not a Medicare ACO and in the commercial market, you can look at those safe harbors as guidelines. However, even if an ACO is legally operating within the safe harbors established by the government, it certainly doesn't prevent anyone from bringing about a lawsuit. In the end, judges and juries will decide whether or not an organization is actually violating antitrust law.
"To further underscore this, the whole concept of safe harbors is something we at NAS recommend from a risk management perspective, but it doesn't eliminate the exposure of antitrust liability. When securing D&O coverage, an ACO wants protection for antitrust liability.
"Another exposure arises out of the development and implementation of ACO policies and procedures to ensure quality of care across the organization's continuum of providers. An ACO develops policies and procedures for case management, quality assurance, credentialing, utilization review, etc. for all providers within its organization. It also develops policies and procedures that apply to services provided through outsourcing to other parties. With the establishment of policy, comes the need for Errors & Omissions (E&O) coverage to protect the ACO against liability exposures.
"For example, an ACO, in setting up utilization review, case management and quality assurance processes, outlines to providers in its network the course of treatment recommended for a specific disease or illness. This also includes the procedure for follow-up treatment, such as how many times a patient should be contacted to ensure medication is being taken, etc. In the event something goes wrong a patient can allege that the ACO was directing his or her care since the organization put procedures and policies in place for care and treatment. A healthcare provider can also allege that the ACO was directing the patient's care. Consequently, an ACO has vicarious medical malpractice exposure, which can be covered under E&O insurance, separate and distinct from Medical Malpractice coverage, which covers the providers themselves for their direct hands-on care."
Chris also addressed the security and privacy exposures that an ACO faces. "An ACO receives and stores patient data from each of the individual providers in its network. With so much data being housed in one location, you need robust security measures and a Security and Privacy insurance policy to protect against data breaches," explained Chris. "There is also exposure to billing fraud; and if the government alleges there were errors in the billing and levies penalties, an ACO needs coverage to pay these penalties as well as the legal defense costs involved. Billing E&O coverage will step in to provide this protection."
AG: What insurance products does NAS provide to address these exposures?
CR: "In February of this year, we launched a comprehensive professional liability insurance program for ACOs, combining core Errors & Omissions and Directors & Officers coverage with custom-tailored components to address regulatory exposures as well as cyber liability for these new healthcare delivery organizations. We offer combined E&O and D&O coverage, or an ACO can purchase a separate E&O or D&O policy. In addition, antitrust coverage is also available with our D&O product.
"Under our advanced Cyber Liability solution, e-MDTM, we have several options available. Coverage can be tailored to include Network Security & Privacy Insurance, Privacy Breach Responses Costs, Network Asset Protection, Cyber Extortion, and Cyber Terrorism. We can also include our BrandGuardTM coverage along with our e-MDTM product. BrandGuardTM is an endorsement that provides protection for lost profits as a result of a cyber breach. This is especially important as an ACO's reputation can be tarnished as a result of a breach and patients may lose faith in the organization and its providers and stop seeking services for a time. We work with a third-party experienced adjuster specializing in business interruption. They will review the insured's operation and determine how much income was lost as a result of the breach in order to pay the benefit. This involves looking at past results and estimates and evaluating the change in revenue. The insured, of course, has to maintain accurate documentation and records to show that diminished revenues were as a direct result of the breach.
"Additionally, we provide protection for billing errors and regulatory claims, including fines and penalties, with our MEDEFENSETM product, which has limits up to $1 million. HIPAA coverage is provided up to the per-claim limit of liability for no additional premium."
The NAS program for ACOs is available on a national basis and open access to agents.
Currently, there are an estimated 300 ACOs under the Medicare model, with about 200-300 ACOs established by commercial payors. For more information about NAS and its insurance products for ACOs, please contact Chris at (760) 505-4312, or via email at: firstname.lastname@example.org.