Skip to Main Content

insightsarticles

COVID-
19 and opportunities to reboot managed care

09.16.20

Read this if you are a state Medicaid agency, state managed care office, or managed care organization (MCO). 

The COVID-19 pandemic and resulting economic downturn has led to increased Medicaid member enrollment and has placed a strain on state budgets to support Medicaid and other health and human services programs. It has also impacted traditional Medicaid utilization patterns and has challenged provider reimbursement models, forcing managed care programs and supporting MCOs to:

  • rethink the control of program costs, 
  • seek MCO program flexibilities to expand coverage such as telehealth, and 
  • make operational changes to support their growing member populations.

Managed care opportunities

While COVID-19 has created many challenges, at the same time it has given managed care programs the opportunity to restructure their delivery of services not only during the public health emergency, but for the longer term. Flexibilities sought this year from the Centers of Medicare & Medicaid Services (CMS) put in place through waivers and state plan amendments have helped expand services in areas such as the delivery of COVID-19 testing, medical supplies, and behavioral health services via telehealth. 

These flexibilities have relieved the administrative burden on Medicaid programs, such as performance and reporting requirements outlined under federal law and 42 CFR §438. Although these flexibilities have helped managed care programs expand services during the pandemic, the benefits are temporary and will require MCOs to make programmatic changes to meet the demands of its population during and after the public health emergency.

A recent study by Families USA cited 38 states reporting 7% growth in member enrollment since February. As the Medicaid population continues to grow in 2020 and beyond, managed care programs have numerous opportunities to consider: 

Managing care coordination and establishing efficiencies with home- and community-based services (HCBS)

The increased risk of adverse health outcomes from COVID-19 due to older age and chronic illness, and the demands on providers and medical supplies, has forced Medicaid programs to seek waiver flexibilities to expand HCBS. As part of HCBS delivery, MCOs may focus on the sickest and most costly of their member populations to control costs and preserve quality. 

MCOs will most likely monitor cost drivers such as chronic conditions, catastrophic health events, and frequent visits to primary care providers and hospitals. MCOs have the opportunity to establish efficiencies and improve transitions across different providers and multiple conditions to better manage the over-utilization of services for members in skilled nursing facilities, and for those who receive HCBS and outpatient services.

Adjusting and monitoring Value-Based Payment (VBP) models

With the continued transition to VBP models, Medicaid programs face the challenge of added costs and adapting plan operations and services to address pandemic-related needs, chronic conditions, and comorbidities. 

Building on the latest guidance to state Medicaid directors from CMS on value-based care, Medicaid programs can look at COVID-19 impacts on provider reimbursement prior to the rollout of VBP models. Medicaid programs can continue establishing payment models that improve health outcomes, quality, and member experience. States can adjust contracts and adherence to local and state public health priorities and national quality measures to advance their VBP strategy. Managed care programs may need to consider a phased rollout of their VBP models to build buy-in from providers transitioning from traditional fee-for-services payment models, and to allow for refinements to current VBP models.

Continued stratification and the assessment of risk

By analyzing COVID-19’s impact on the quality of care and member experience, improved outcomes, and member and program costs, managed care programs can improve their population stratification methodologies factoring as population demographic analysis, social determinants of health, and health status. Adjustments to risk stratification during and after the COVID-19 pandemic will inform the development of provider networks, provider payment models, and services. Taking into account new patterns of utilization across its member population, managed care programs may need to refine their risk adjustment models to determine the sickest and most costly of their populations to project costs and improve the delivery of services and coordination of care for Medicaid members.

Telehealth

As providers transition back to their traditional structures, MCOs can continue to expand telehealth to improve service delivery and to control costs. Part of this expansion will require MCOs to balance the mentioned benefits of the telehealth model with the risk of over-utilization of telehealth services that can lead to inefficiencies and increased managed care program costs. In addition, because of the loosening of federal restrictions on telehealth, managed care programs will most likely want to update program integrity safeguards to reduce the risk of fraud, waste, and abuse in areas such as provider credentialing, personal identifiable information (PII), privacy and security protocols, member consent, patient examinations, and remote prescriptions. 

Continued focus on data improvement and encounter data quality

Encounter data quality and data improvement initiatives will be critical to successfully administer a managed care program. As encounter data drives capitation rates for MCOs, a continued focus on encounter data quality will likely enable Medicaid programs to better leverage actuarial services to establish sound and adequate managed care program rates, better aligning financial incentives and payments to their MCOs. 

States have pursued a number of flexibilities to establish a short-term framework to support their managed care programs during the COVID-19 pandemic. However, the current expansion of services and the need for MCOs to rapidly identify additional areas for operational improvements during the pandemic have allowed Medicaid programs to further analyze longer-term needs of the populations they serve. These developments have also helped programs increase their range of services, to expand and manage their provider networks, and to mature their provider payment models. 

If you would like more information or have questions about opportunities for adjustments to your managed care program, please contact MedicaidConsulting@BerryDunn.com. We’re here to help.
 

Related Industries

Related Services

Related Professionals

Principals

BerryDunn experts and consultants

Read this if you are a state Medicaid agency, state managed care office, or managed care organization (MCO).

The November 9, 2020 announcement by the Centers for Medicare & Medicaid Services (CMS) outlines updates to the 2016 Medicaid & Children's Insurance Program (CHIP) Managed Care Final Rule (Final Rule), which present new challenges to state Medicaid and CHIP managed care programs to interpret the latest CMS guidance that attempts to relieve current administrative burdens and federal regulatory barriers.

Although the latest guidance by CMS attempts to provide potential relief to states to administer their managed care programs, states will need to coordinate with federal and state partners to further understand the latest updates to federal regulations that are presented by the updated Final Rule.

By providing relief for current reporting requirements for program costs, provider rates, network adequacy, and encounter data, this latest change by the administration enables state managed care programs to reassess current operations to update and improve their current service delivery. The updated Final Rule continues CMS’ efforts to transition state managed care and CHIP programs from a fee-for-service delivery system, and to urge state Medicaid and CHIP agencies to continue to implement payment models to improve quality, control costs, and promote innovation.  

Impacts on Medicaid managed care operations 

Changes for states to consider that impact their Medicaid managed care operations based on the latest Final Rule include:

  • Coordination of benefits agreements (COBA): States will have the option to leverage different methodologies for crossover claim distribution to managed care plans, and the updated Final Rule indicates that managed care plans do not have to enter into COBA directly with Medicare.
  • Rate setting and ranges, and development practices: CMS provides the option for states to develop and certify a rate range and has provided clarification and different options for rate setting and development practices.
  • Network adequacy: CMS will allow for states to set quantitative network standards, such as provider to enrollee ratios, to account for increases in telehealth providers and to provide flexibilities in rural areas.
  • Provider directory updates: CMS will allow for less than monthly updates to provider directories due to the increased utilization of digital media by enrollees, emphasizing decreased administrative burden and the costs for state managed care plans. This update also indicates that completion of cultural competency training by providers will no longer be required.
  • Provider termination notices: The latest update increases the length of provider termination notice requirements to 30 calendar days (previously 15 calendar days).
  • Member information requirements: The latest update outlines flexibilities for enrollee materials as it relates to font size and formatting.
  • Quality Rating System (QRS): CMS will be developing a QRS framework in which states must align with, but will be able to develop uniquely tailored approaches for their state.
  • External quality review: States that exempt managed care plans from external quality review activities must post this information on their websites for public access on an annual basis.
  • Grievance and appeal clarifications: The latest update provides clarification that the denial of non-clean claims does not require adverse benefit determination notices and procedures; adjustments and clarification to State Fair Hearing enrollee request timeframes to align with recent Medicaid fee-for-service requirements

CHIP to Medicaid regulatory cross-references

CMS clarifies several CHIP to Medicaid regulatory cross-references. These cross-references include the continuation of benefits during State Fair Hearings, changes to encounter data submission requirements, changes to Medicaid Care Advisory Council (MCAC) requirements, grievance and appeals requirements, and program integrity standards.

Changing demand on managed care programs

The November 9 announcement follows a series of efforts by CMS during the past few years to modify the Final Rule in an attempt to help states meet the changing demands on their managed care programs. For the 2016 Final Rule, CMS formed a working group with the National Association of Medicaid Directors (NAMD) and state Medicaid directors to review current managed care regulations. The recommendations from the group led to public comment in November 2018 with state Medicaid and CHIP agencies, advocacy groups, health care providers and associations, health insurers, managed care plans, health care associations, and the general public. As a result of this public comment effort, the latest Final Rule seeks to streamline current managed care regulations.

The new Final Rule announcement comes after a series of efforts by CMS to offer guidance and make changes to their provider payment models, including its recent September 15 letter to state Medicaid directors that further promotes a strategic shift towards value based payments to transform the alignment of quality and cost of care for Medicaid beneficiaries.

The effective date for the new regulations will be 30 days after publication of the new Final Rule in the Federal Register (target date November 13, 2020), except for additions §§ 438.4(c) and 438.6(d)(6) for Medicaid managed care rating setting periods, which are effective July 1, 2021.

If you would like more information or have questions about interpreting the Final Rule for changes to your managed care program, please contact us.

Article
The 2020 Final Rule—Understanding new flexibilities to control costs and deliver care

Read this if you are at a state Medicaid agency.

The COVID-19 PHE has raised many questions for Medicaid programs across the country. The Centers for Medicare & Medicaid Services (CMS) and other healthcare organizations have been providing guidance on how to best manage the PHE since it began. In particular, CMS has provided recommendations on how Medicaid programs can implement new processes and rules into their Medicaid Enterprise Systems (MES) for individuals to remain under continuous enrollment until the end of the PHE. 

Strategies for MES

BerryDunn has been working with many states and territories to develop strategic plans to comply with specific rules and requirements throughout the PHE. Some of these strategies involve changes to the original designs of the MES. Examples include:

  • Updating system rules to maintain individuals enrolled in continuous coverage throughout the PHE
  • Retesting system rules to confirm systems are working properly once PHE rules are removed
  • Revamping system notifications so reminders keep individuals informed about ongoing changes
  • Training staff on the new system updates so they can manage calls and orient individuals on changes regarding their eligibility

CMS continues to release updated guidance on how Medicaid programs can best prepare for the end of the PHE in order to resume normal operations. These recommendations indicate that Medicaid programs adopt strategies to maintain coverage of eligible individuals as the continuous enrollment requirements come to an end, following the conclusion of the PHE, while allowing coverage for ineligible individuals to terminate. Medicaid programs must ensure their systems are prepared for the transition, but some of these updates and changes to the systems may pose greater challenges: 

  • Since there are no precedents to compare with the current PHE unwinding event, Medicaid programs will need to execute changes within a limited timeline and work with the issues that may arise as they execute unwinding
  • For some Medicaid programs, system rules, both current and updated ones, are not able to run simultaneously
  • Medicaid programs may need to hire additional staff, train new employees, and retrain or cross train current employees within a small window of time
  • Medicaid programs will need to perform additional MES testing to confirm those systems are working as required
  • Medicaid programs will incur additional costs to cover additional operational efforts
  • System vendors will incur extra work that may affect project timelines and other priorities

If you have any questions or would like to learn more about how BerryDunn can assist you with the PHE unwinding efforts, please contact the Medicaid consulting team.

Article
Design, Development, and Implementation (DDI) and project impacts resulting from the Public Health Emergency (PHE)

Read this if you work for a not-for-profit organization. 

Our annual not-for-profit Recharge event provides attendees with an opportunity to hear about hot button issues in the not-for-profit industry. We polled registrants from across the country to see where they are focusing their attention in the current landscape. 

Employee retention

Overwhelmingly, employee retention is a number one concern for organizations, with 78% of respondents saying they were strongly focused on it in 2022. Not surprisingly, financial stability (67%), cybersecurity (50%) and concerns about access to government funding (43%) were of common concern among respondents.


 
Remarkably, employee retention in 2022 weighed more heavily on respondents than concerns around the remote workplace in 2021. While over 57% of respondents were concerned about the remote workforce in 2021, employee retention did not even make it into the top four concerns for organizations. This shift is consistent with what we are seeing in our client base, as organizations embraced hybrid and remote working arrangements and are well into codification of and adherence to the policies in place. Organizations reported taking significant efforts toward employee retention, most commonly looking at increasing salaries and allowing hybrid and flexible work arrangements as methods to help retain employees.

Financial stability

The concern around financial stability is slowly starting to decline. While financial stability was a top concern for 83% of organizations in 2021, that percentage dropped to 67% of respondents listing it as a top concern in 2022, While multiple factors certainly contribute to these results (availability of COVID relief funds, for example), the decline is significant, especially in this time of inflationary growth and demands on the labor market. This decline may be reflective of the continued transition away from short-term emergency response and toward a more future-oriented mindset. 

Other concerns

Both cybersecurity and government funding concerns held relatively steady in 2022 compared to 2021, with 45% of respondents concerned with cybersecurity and government funding in 2021, compared to 50% and 43% in 2022, respectively. 

Participants also reflected on the perceived top concerns for their board members, with employee retention and recruitment and overall financial stability leading in top importance. These mirrored concerns are of no surprise, but speak to the continued need for regular and reliable reporting to boards to allow for continued rapid response by those charged with governance.

If you have any questions about your specific concerns or situation, please don’t hesitate to contact our not-for-profit team. We’re here to help.

Article
Employee retention and other concerns: NFP outlook for the year ahead

What the C-Suite should know about CECL and change management

Read this if you are at a financial institution. 

Some institutions are managing CECL implementation as a significant enterprise project, while others have assigned it to just one or two people. While these approaches may yield technical compliance, leadership may find they fail to realize any strategic benefits. In this article, Dan Vogt, Principal in BerryDunn’s Management and IT Consulting Practice, and Susan Weber, Senior Manager and CECL expert in BerryDunn’s Financial Services Practice, outline key actions leaders can take now to ensure CECL adoption success.  

Call it empathy, or just the need to take a break from the tactical and check in on the human experience, but on a recent call, I paused the typical readiness questions to ask, “How’s the mood around CECL adoption – what’s it been like getting others in the organization involved?” The three-word reply was simple, but powerful: “Kicking and screaming.”  

Earlier this year, by a vote of 5-2, the FASB (Financial Accounting Standards Board) closed the door to any further delays to CECL adoption, citing an overarching need to unify the industry under one standard. FASB’s decision also mercifully ended the on-again off-again cycle that has characterized CECL preparation efforts since early 2020. One might think the decision would have resulted in relief. But with so much change in the world over the past few years, is it any wonder institutions are instead feeling change-saturated?  

Organizational change

CECL has been heralded as the most significant change to bank accounting ever, replacing 40+ years of accounting and regulatory oversight practices. But the new standard does much more than that. Implementing CECL has an effect on everything from executive and board strategic discussions to interdepartmental workflows, systems, and controls. The introduction of new methods, data elements, and financial assets has helped usher in new software, processes, and responsibilities that directly affect the work of many people in the organization. CECL isn’t just accounting—it’s organizational change. 

Change management

Change management best practices often focus on leading from optimism—typically leadership and an executive sponsor talk about opportunities and the business reasons for change. Some examples of what this might sound like as it relates to CECL might include, by converting to lifetime loss expectations, the institution will be better prepared to weather economic downturns; or, by evolving data and modeling precision, an institution’s understanding and measure of credit risk is enhanced, resulting in more strategic growth, pricing, and risk management. 

But leading from optimism is sometimes hard to do because it isn’t always motivating—especially when the change is mandated rather than chosen.  

Perhaps a more judiciously used tactic is to focus on the risk, or potential penalty, of not changing. In the case of CECL, examples might include, your external auditor not being able to sign-off on your financials (or significant delays in doing so), regulatory criticism, inefficient/ineffective processes, control issues, tired and frustrated staff. These examples expose the institution to all kinds of key risks: compliance, operational, strategic, and reputational, among them.

CECL success and change management

With so much riding on CECL implementation and adoption going well, some organizations may be at heightened risk simply because the effort is being compartmentalized—isolated within a department, or assigned to only one or two people. How effectively leadership connects CECL implementation with tenets of change management, how quickly they understand, then together embrace, promote, and facilitate the related changes affecting people and their work, may prove to be the key factor in achieving success beyond compliance.  

One important step leaders can take is to perform an impact assessment to understand who in the organization is being affected by the transition to CECL, and how. An example of this is below. Identifying the departments and functions that will need to be changed or updated with CECL adoption might expose critical overlaps and reveal important new or enhanced collaborations. Adding in the number of people represented by each group gives leaders insight into the extent of the impact across the institution. By better understanding how these different groups are affected, leaders can work together to more effectively prioritize, identify and remove roadblocks, and support peoples’ efforts longer term.           

 
No matter where your institution is currently in its CECL implementation journey, it is not too late to course-correct. Leadership—unified in priority, message, and understanding—can achieve the type of success that produces efficient sustainable practices, and increases employee resilience and engagement.

For more information, visit the CECL page on our website. If you would like specific answers to questions about your CECL implementation, please visit our Ask the Advisor page to submit your questions. For more tips on documenting your CECL adoption, stay tuned for our next article in the series, revisit past articles, or tune in to our CECL Radio podcast. You can also follow Susan Weber on LinkedIn.

Article
Implementing CECL: Kicking and screaming

Read this if you are at a state Medicaid agency.

The Covid-19 Public Health Emergency (PHE) placed US state and territory Medicaid programs on the front line of reorganizing what healthcare looks like for millions of Medicaid enrollees. Each Medicaid program shifted automation and manual procedures in order to comply with and benefit from the increased federal funding in early 2020. With the PHE winding down, every Medicaid program must look at how to return to regular operations and unwind, or undo, the continuous coverage requirement temporarily put in place by the Centers for Medicare and Medicaid Service (CMS). BerryDunn has collaborated with Medicaid programs to identify best practices and consider new opportunities to implement rollback methods in an effort to lower risk during the unwinding period and beyond. 

New learning programs considered

Administrators who have been assessing their staff and operational readiness to support the expected influx of renewals, policy changes, and staffing changes are considering launching learning programs ahead of the unwinding efforts. Using this time to engage with staff has uncovered the need to redeploy fundamental learning programs to prepare for the anticipated high volume of two-years of renewals. Administrators have also begun to engage with community leaders and health plan organizations in ways that provide coordinated and complete communication to beneficiaries. Many programs have looked at expanding benefits within the guidelines of CMS, such as extending post-partum coverage to a full 12 months and increasing reasonable compatibility to a larger percentage, recognizing the economy has evolved since 2020.

Other outreach efforts

During the pandemic, many beneficiaries moved without notifying the Medicaid program of the address change. Proactive Medicaid programs are working directly with health programs and medical facilities to ensure the most updated addresses are captured, and are using public transportation advertisements, online website reminders, and email notifications to encourage beneficiaries to update addresses.

In other locations with a high rate of unemployment in specific industries, Medicaid programs are working with identified outreach partners like unions and industry associations to communicate messaging of Medicaid benefits. Thousands of employees may have lost full-time employment during the pandemic and have returned to work with reduced hours and less benefits. As a sign of changing times, some programs are employing social media campaigns to connect with existing and new enrollees. 

Medicaid programs across the states and territories are finding creative ways to reach impacted communities. Program administrators are organizing staff and systems to be well positioned to undo the effects of the temporary policies. The dismantling of the two-plus years of PHE is expected to be performed within a 12-month period. As administrators eagerly anticipate the announcement of an extension or the pending PHE unwinding start date, one thing is certain: US states and territories are preparing to support an extensive population of Medicaid beneficiaries post pandemic.

BerryDunn is partnering with many states and territories to help ensure a successful unwind of temporary services and return to normal operations. If you would like to discuss how BerryDunn can support your needs, contact the Medicaid consulting team.
 

Article
How Medicaid programs are preparing for the operational challenges of the PHE unwinding

Read this if you are a Police Executive, City/County Administrator, or elected government official responsible for a law enforcement agency. 

Are your officers overwhelmed with workload? Have you been asked to do more with less? Is your agency struggling with maintaining sworn staffing levels? Has your community been questioning why the police respond to things that might be more appropriately handled by others?

If you answered yes to one or more of these questions, your agency might benefit from a comprehensive analysis of your police call-for-service (CFS) response model. 

Increasing CFS workloads

Many police agencies in the US have been struggling with increasing CFS workloads, while simultaneously facing ever-tightening budgets and unprecedented attrition and vacancy rates. As a result of these challenges and national trends calling for police response reform, many police departments have started to ask a very simple question: “Is there a better way?”

Considering alternatives to police CFS response is not new. In fact, many agencies already use some form of CFS diversion, whether through a telephone response unit (TRU), online reporting, mobile apps, or the use of non-sworn personnel. What is different and new in the most recent discussion is the understanding that this conversation is not simply about providing these alternatives as possible options.

It is about considering fundamental changes to how police departments do business, including identifying collaboration opportunities with other organizations and in some cases outsourcing certain CFS types entirely.

Despite growing interest among police agencies in identifying alternatives to the traditional police CFS model, many have struggled to deliver an objective process that can produce meaningful results, and in some cases, suggested revisions have met with resistance from staff, elected officials, and community members.   

Best-practices approach to call for service response model

The best-practices approach to conducting an Essential CFS Evaluation should be one that is highly collaborative, but also expand beyond the walls of the police department. The 21st Century Policing Task Force final report explains:

Law enforcement agencies should work with community residents to identify problems and collaborate on implementing solutions that produce meaningful results for the community… and do things with residents in the co-production of public safety rather than doing things to or for them. 

Determining possible alternatives to traditional CFS police response requires substantial data collection and analysis to inform and guide outcomes and recommendations. It also requires a thorough and comprehensive process that considers:

  • Legal mandates
  • Immediate response needs
  • Potential risk
  • Workload volumes by CFS type
  • Operational policies and training
  • Alternative resources, whether or not they currently exist
  • Community priorities and expectations
  • Fiscal impacts

The cost of providing consistent and effective public safety services is one of the more critical reasons for considering CFS response alternatives. Although officer salaries vary by state, region, or department, the cost of staffing a non-sworn position is typically 40%-45% of the cost of a sworn officer.  

There is a common reason why the legal profession has attorneys and paralegals, the medical profession has doctors and physician’s assistants, and why many ambulance companies have moved to a paramedic and emergency medical technician (EMT) team, as opposed to staffing two paramedics in one ambulance. Cost is a driving force in these examples and the same circumstances are present in the law enforcement industry (among others). A well-trained non-sworn police staff member can handle a variety of CFS that do not require the presence of a sworn officer—likely at half the cost. Shifting the work burden from sworn to non-sworn personnel benefits officers by freeing them up to perform tasks that require an officer to respond, and it benefits the department and community by reducing costs. 

Beyond the issue of cost, there is also increasing conversation about the effectiveness and appropriateness of using police personnel to manage a variety of CFS types, including mental health incidents and those involving the unhoused, for example. Regardless of the CFS type, it is critical to use a process that involves influential participation by both providers and consumers. 

Making changes to the traditional police CFS response model is involved and it requires a thoughtful approach. BerryDunn has developed an Essential CFS Evaluation process that considers numerous critical factors to produce data that police staff, community and elected leaders can rely upon in making critical decisions about future public safety needs. 

If you are curious or have questions about our Essential CFS Evaluation process, our dedicated Justice & Public Safety team is available to discuss your organization’s needs.

Article
Challenge accepted: Fixing the traditional call-for-service model

Read this if you are at a state Medicaid agency. 

As the end of the Public Health Emergency becomes more likely, much attention has been paid to the looming coverage cliff as state Medicaid agencies re-determine eligibility for their programs. The impacts can be mitigated in part by planning and taking proactive steps.

In the unsettling initial days of the COVID-19 Public Health Emergency (PHE), the Centers for Medicare and Medicaid Service (CMS) temporarily increased federal matching funds for state Medicaid programs. In exchange, states would suspend redeterminations of enrollees’ eligibility for the duration of the PHE. 

For Medicaid, states were in effect prohibited from disenrolling an individual from Medicaid programs. The result, according to CMS data, is 14.8 million more people were enrolled in Medicaid as of late 2021 than before the pandemic, reaching a total of nearly 79 million Medicaid enrollees.  According to one estimate, the end of the PHE could bring a decline in the number of Medicaid enrollees by as many as 15 million. This number includes an estimated 8.7 million adults and 5.9 million children. 

Local and state government eligibility staff will need to review the submitted documents and determine if these members qualify for continued Medicaid coverage. The potential exists for members to lose coverage, due to factors such as having moved, not realizing their circumstances have otherwise changed, or being unable or unaware to return the required paperwork within appropriate timeframes.

State Medicaid agencies strive to maintain an equitable program while remaining trusted stewards of public funds. With a large base of beneficiaries, this change is expected to impact the community and the healthcare market, with broad implications for public health. Similarly, the federal requirement for continuous health coverage has also helped state Medicaid agencies by easing the strain on organizations during pandemic-related disruptions. 

For these reasons state Medicaid agencies may search for routes to limit the loss of coverage. This can be accomplished through finding policy levers to retain members, establishing routes to alternative forms of insurance, and mitigating the risk of coverage loss for members. 

Mitigating the likelihood of becoming uninsured

State Medicaid agencies can reduce the risk that members lose their coverage and become uninsured through a number of steps. 

  • Designing comprehensive, multi-pronged, and targeted communication strategies. States can help Medicaid members understand the requirements and timelines required to maintain their coverage.
  • Updating systems to automate and reduce administrative burden. Maximizing ex parte renewals through the use of existing data that is stored in integrated systems.
  • Making key decisions early. States can minimize coverage loss by carefully planning the unwinding process and their approach to resuming Medicaid eligibility renewals.
  • Coordinating with other forms of coverage. Confirm or design user-friendly pathways by which a member is transferred or referred to other alternatives like the Marketplace or CHIP.
  • Leveraging their health plans. Particularly when it comes to coordinating outreach and updating member information. Managed care plans are also able to refer members who are losing coverage to other qualified health plans.

Policy levers for retaining members

States may consider reviewing emergency state plan amendments and appendix k amendments completed during the PHE to determine what flexibilities are possible to continue under existing authorities. At the same time, states should consider what other policy options may help retain coverage for existing members- for example:

  • Adopt 12 months continuous eligibility. This can be done for children via a State Plan Amendment (SPA), for adults through an 1115 waiver, and for individuals enrolled in BHP (via BHP Blueprint revision) 
  • Establish 12 months of postpartum coverage. This can be done through several paths, including SPAs 
  • Review operational policy for efficiencies. For example, a State could consider modifying the frequency of periodic data matching 

Next steps

The US Department of Health and Human Service has previously indicated its intention to provide notification to states of the end of the PHE 60 days before its scheduled end. The PHE was renewed in April 2022, and as of this writing will last until mid-July, meaning enrollees could lose Medicaid coverage as soon as August 1. The enhanced FMAP and the Maintenance of Eligibility (MOE) requirements are in place until the end of the quarter in which the PHE ends. In the case of a July 2022 end date to the PHE, the enhanced FMAP would last through September 30, 2022. 

Regardless, Medicaid agencies will need to begin reviewing all enrollees’ eligibility, performing outreach, and designing system updates this summer. In terms of next steps, states should consider the following:

  • Evaluate your program and identify initiatives to prioritize in the coming year. Ask your CMS contact about the latest applicable guidance. 
  • Develop Advanced Planning Documents (APDs) to help fund technology needs for initiatives, along with training your SMA team and providers. 
  • Implement a communications management approach to engage stakeholders, and inform affected Medicaid members.
  • Marshal project management resources and develop a realistic and achievable roadmap to success.  
  • Explore agency contracting vehicles, cooperative contracts, and other procurements tools. 

We’re here to help. If you have more questions or want to have an in-depth conversation about your specific situation, please contact the Medicaid consulting team.

Article
Medicaid coverage gap: Tools and strategies for Medicaid agencies to help retain members

Read this if you have a cybersecurity program.

This week President Joe Biden warned Americans about intelligence that indicated Russia may be preparing to conduct cyberattacks on our private sector businesses and infrastructure as retaliation for sanctions applied to the Russian government (and the oligarchs) as punishment for the invasion of Ukraine. Though there is no specific threat at this time, President Biden’s warning has been an ongoing message since the invasion began. There is no need to panic, but this is a great time to re-visit your current security controls. Focusing on basic IT controls goes can make a big difference in the event of an attack, as hackers tend to go after the easy, low hanging fruit. 

  1. Access controls
    Review and understand how all access to your networks is obtained by on-site employees, remote employees, and vendors and guests. Make sure that users are maintaining strong passwords and that no user is connecting remotely to any of your systems without some form of multi-factor authentication (MFA). MFA can come in the form of a token (in hand or built-in) or as one of those numerical codes you have delivered to your phone or email. Poor access controls are simply the difference between leaving your house unlocked versus locked when you leave to go somewhere. 
  2. Patching
    One of the most common audit findings we have to date and one of the biggest reasons behind successful attacks is related to unpatched systems. Software patches are issued by software providers to address vulnerabilities in systems that act as an unlocked door to a hacker, and allow hackers to leverage the vulnerability as a way to get into your systems. Ensuring your organization has a robust patch management program in place and that systems are up-to-date on needed patches is critical to your security operations. Think of an unpatched system like a car with a broken window—sure the door is locked, but any thief can reach through the broken window and unlock the car. 
  3. Logging 
    Account activity, network traffic, system changes—these are all things that can be easily logged and with the right tools, configured to alert you to suspicious activity. Logging that is done correctly can alert management to suspicious activity occurring on your network and notifies your security team to investigate the issue. Consider logging and alerting like your home’s security camera. It may alert you to the activity outside, but someone still needs to review the footage and react to it to mitigate the threat.  
  4. Test backups and more
    Making sure that your systems are successful backed up and kept separate from your production systems is a control we are all familiar with. Organizations should do more than just make sure their backups are performed nightly and maintained, but need to make sure that those data backups can be restored back to a useable state on a regular basis. More so than backups, we also often hear in the work we do that our client’s test only parts of their disaster recovery and failover plans—but have never tested a full-scale fail-over to their backup systems to determine if the failover would be successful in the event of an event or disaster. Organizations shouldn’t be scared to do a full-scale failover test, because when the time comes, you may not have the option to do a partial failover and just hope that it occurs successfully. Not testing your backups is like not test driving a car before you buy it. Sure it looks nice in the lot, but does it actually run? 
  5. Incident Management Plan 
    We often review Incident Management Plans as part of the work we do, and often note that the plans are outdated and contain incorrect information. This is an ideal time to make sure your plans are current and reflect changes that may have occurred, like your increasingly remote work force, or that systems have changed. An outdated Incident Management Plan is like being sick and trying to call your doctor for help only to find out your doctor has retired. 
  6. Training—phishing attacks
    Hackers’ most common approach to gain access to systems and deploy crippling ransomware attacks is through phishing campaigns via email. Phishing campaigns trick a user into either providing the hacker with credentials to log into systems or to download malware that could turn into ransomware through what appears to be legitimate business correspondence. Training end-users on what to look for in verifying an email’s authenticity is critical and should be seen as an opportunity that benefits the entire organization. Testing users is also critical so management understands the current risk and what is needed for additional training. Security teams should also have other supporting controls to help prevent phishing emails and detection tools in place in case a user does fall for an email. Not training your employees on security is like not coaching your little league team on how to play baseball and then being surprised you didn’t win the game because no one knew what to do. 

In the current environment, information security is an asset to any organization and needs to be supported so that you can protect your organization from cyberattacks of all kinds. While we can never guarantee that having controls in place will prevent an attack from occurring, they make it a lot more challenging for the hacker. One more analogy, and then I’m done, I promise. Basic IT controls are like speedbumps in a neighborhood. While they keep most people from speeding (and if you hit them too fast they do a number on your car), you can still get over them with enough motivation. 

If you have questions about your cybersecurity controls, or would like more information, please contact our IT security experts. We’re here to help.

Article
Cyberattack preparation: A basics refresher