Skip to Main Content

insightsarticles

States transition to
Outcomes-Based
Certification: Considerations and recommendations

By:

Nora is a Senior Consultant in BerryDunn’s Medicaid Practice Group. She is currently leading federal certification and systems security efforts for the West Virginia Department of Health and Human Resources’ Integrated Eligibility System implementation.

Nora’s experience has centered on social policy issues affecting low-income families and youth. From analyzing workforce development opportunities within the City of Oakland, California to advising states on innovative uses of Temporary Assistance for Needy Families (TANF) funds for families experiencing homelessness, Nora has developed subject matter expertise across a range of human services programs.
 

Nora Gilligan
08.06.21

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on State Medicaid Enterprise System (MES) certification or modernization efforts.

As states transition to the Centers for Medicare & Medicaid Services' (CMS) Outcomes-Based Certification (OBC), many jurisdictions are also implementing (or considering implementation of) an Integrated Eligibility System (IES). Federal certification for a standalone Medicaid Enterprise System (MES) comes with its own challenges, especially as states navigate the recent shift to OBC for Medicaid Eligibility and Enrollment (E&E) services. Certification in the context of an IES creates a whole new set of considerations for states, as Medicaid eligibility overlaps with that of benefit programs like the Supplemental Nutrition Assistant Program (SNAP), Temporary Assistance for Needy Families (TANF), and others. We’ve identified the following areas for consideration in your own state's IES implementation: 

  • Modernizing MES 
    It's likely your state has considered the pros and cons of implementing an IES, since CMS' announcement of increased federal funds for states committed to building new and/or enhanced Medicaid systems. Determining whether an IES is the right solution is no small undertaking. From coordinating on user design to system security, development of an IES requires buy-in across a wider range of programs and stakeholders. Certification will look different from that of a standalone MES. For example, your state will not only need to ensure compliance with CMS' Minimum Acceptable Risk Standards for Exchanges (MARS-E), but also account for sensitive data, such as medical information, across program interfaces and integration. 

    BerryDunn recommends one of the first steps states take in the planning phase of their IES implementation is to identify how they will define their certification team. Federal certification itself does not yet reflect the level of integration states want to achieve with an IES, and will require as much subject matter expertise per program included in the IES as it requires an understanding of your state's targeted integration outcomes and desired overlap among programs.
  • Scale and scope of requirements
    Once your agency commits to designing an IES, the scope of its solution becomes much broader. With this comes a wider range of contract requirements. Requirements can be program-specific (e.g., relevant only to Medicaid) or program-agnostic (e.g., general technical, "look-and-feel", and security requirements that apply throughout the solution). Common requirements across certain programs (e.g., certain eligibility criteria) will also need to be determined. Requirements validation and the development of Requirements Traceability Matrixes (RTM) per program are critical parts of the development phase of an IES implementation.

    BerryDunn recommends a comprehensive mapping process of requirements to OBC and other federal certification criteria, to ensure system design is in compliance with federal guidance prior to entering go/no-go for system testing phases.
  • Outcomes as they apply across programs
    CMS' transition to OBC changed the way states define their Medicaid program outcomes. Under this new definition outcomes are the value-add, or the end result, a state wishes to achieve as the result of its Medicaid eligibility solution enhancements. In the context of an IES, Medicaid outcomes have to be considered in terms of their relation to other programs. For example, presumptive eligibility (PE) between SNAP and Medicaid and/or cross-program referrals might become more direct outcomes when there is an immediate data exchange between and among programs.

    BerryDunn recommends consideration of what you hope to achieve with your IES implementation. Is it simply an upgrade to an antiquated legacy system(s), or is the goal ultimately to improve data sharing and coordination across benefit programs? While certification documentation is submitted to individual federal agencies, cross-program outcomes can be worked into your contract requirements to ensure they are included in IES business rules and design.
  • Cost allocation
    In the planning phase of any Design, Development, and Implementation (DDI) project, states submit an Advance Planning Document (APD) to formally request Federal Financial Participation (FFP), pending certification review and approval. This APD process becomes more complex in an IES, as states need to account for FFP from federal programs in addition to CMS as well as develop a weighted cost allocation methodology to distribute shares equitably across benefit programs.

    BerryDunn recommends States utilize the U.S. Department of Health & Human Services (HHS), Administration for Children & Families (ACF), Office of Child Support Enforcement's (OCSE) Cost Allocation Methodologies (CAM) Toolkit to inform your cost allocation model across benefit programs, as part of the APD development process
  • Timeline
    A traditional MES implementation timeline accounts for project stages such as configuration sessions, requirement mapping, design validation, testing, CMS' Operational Readiness Review (ORR), etc. The project schedule for an IES is dependent on additional factors and variables. Scheduling of federal certification reviews for OBC and/or other programs might be held up by project delays in another area of the implementation, and project teams must be agile enough to navigate such changes

    BerryDunn recommends development of a thoughtful, comprehensive project schedule allowing ample time for each project phase across programs. We also recommend states cultivate relationships with federal partners including, but not limited to, CMS, to communicate when a development delay is anticipated. Engaging federal partners throughout the DDI phases will be a critical part of your IES implementation.

In theory, an IES benefits stakeholders on both sides of the system. Caseworkers avoid duplication of efforts, reduce administrative costs, and ensure program integrity, while individuals and families on the receiving end of public benefit programs experience a more efficient, streamlined application process. In practice, the development of a comprehensive business rules, case management, and workflow system across human services programs can prove to be a heavy lift for states, including but not limited to considerations around certification to secure FFP. Planning for the implications of an IES implementation ahead of time will go a long way in preparing your agency and state for this comprehensive certification effort.
 
For further reading
Keep an eye out for the next blog in this series, highlighting certification guidelines across an IES implementation (for CMS and other Federal programs). You can read more on OBC here

If you have questions about your specific situation, please contact the Medicaid Consulting team. We’re here to help. 

Related Industries

Related Professionals

Principals

BerryDunn experts and consultants

Read this if you are at a state Medicaid agency. 

As the end of the Public Health Emergency becomes more likely, much attention has been paid to the looming coverage cliff as state Medicaid agencies re-determine eligibility for their programs. The impacts can be mitigated in part by planning and taking proactive steps.

In the unsettling initial days of the COVID-19 Public Health Emergency (PHE), the Centers for Medicare and Medicaid Service (CMS) temporarily increased federal matching funds for state Medicaid programs. In exchange, states would suspend redeterminations of enrollees’ eligibility for the duration of the PHE. 

For Medicaid, states were in effect prohibited from disenrolling an individual from Medicaid programs. The result, according to CMS data, is 14.8 million more people were enrolled in Medicaid as of late 2021 than before the pandemic, reaching a total of nearly 79 million Medicaid enrollees.  According to one estimate, the end of the PHE could bring a decline in the number of Medicaid enrollees by as many as 15 million. This number includes an estimated 8.7 million adults and 5.9 million children. 

Local and state government eligibility staff will need to review the submitted documents and determine if these members qualify for continued Medicaid coverage. The potential exists for members to lose coverage, due to factors such as having moved, not realizing their circumstances have otherwise changed, or being unable or unaware to return the required paperwork within appropriate timeframes.

State Medicaid agencies strive to maintain an equitable program while remaining trusted stewards of public funds. With a large base of beneficiaries, this change is expected to impact the community and the healthcare market, with broad implications for public health. Similarly, the federal requirement for continuous health coverage has also helped state Medicaid agencies by easing the strain on organizations during pandemic-related disruptions. 

For these reasons state Medicaid agencies may search for routes to limit the loss of coverage. This can be accomplished through finding policy levers to retain members, establishing routes to alternative forms of insurance, and mitigating the risk of coverage loss for members. 

Mitigating the likelihood of becoming uninsured

State Medicaid agencies can reduce the risk that members lose their coverage and become uninsured through a number of steps. 

  • Designing comprehensive, multi-pronged, and targeted communication strategies. States can help Medicaid members understand the requirements and timelines required to maintain their coverage.
  • Updating systems to automate and reduce administrative burden. Maximizing ex parte renewals through the use of existing data that is stored in integrated systems.
  • Making key decisions early. States can minimize coverage loss by carefully planning the unwinding process and their approach to resuming Medicaid eligibility renewals.
  • Coordinating with other forms of coverage. Confirm or design user-friendly pathways by which a member is transferred or referred to other alternatives like the Marketplace or CHIP.
  • Leveraging their health plans. Particularly when it comes to coordinating outreach and updating member information. Managed care plans are also able to refer members who are losing coverage to other qualified health plans.

Policy levers for retaining members

States may consider reviewing emergency state plan amendments and appendix k amendments completed during the PHE to determine what flexibilities are possible to continue under existing authorities. At the same time, states should consider what other policy options may help retain coverage for existing members- for example:

  • Adopt 12 months continuous eligibility. This can be done for children via a State Plan Amendment (SPA), for adults through an 1115 waiver, and for individuals enrolled in BHP (via BHP Blueprint revision) 
  • Establish 12 months of postpartum coverage. This can be done through several paths, including SPAs 
  • Review operational policy for efficiencies. For example, a State could consider modifying the frequency of periodic data matching 

Next steps

The US Department of Health and Human Service has previously indicated its intention to provide notification to states of the end of the PHE 60 days before its scheduled end. The PHE was renewed in April 2022, and as of this writing will last until mid-July, meaning enrollees could lose Medicaid coverage as soon as August 1. The enhanced FMAP and the Maintenance of Eligibility (MOE) requirements are in place until the end of the quarter in which the PHE ends. In the case of a July 2022 end date to the PHE, the enhanced FMAP would last through September 30, 2022. 

Regardless, Medicaid agencies will need to begin reviewing all enrollees’ eligibility, performing outreach, and designing system updates this summer. In terms of next steps, states should consider the following:

  • Evaluate your program and identify initiatives to prioritize in the coming year. Ask your CMS contact about the latest applicable guidance. 
  • Develop Advanced Planning Documents (APDs) to help fund technology needs for initiatives, along with training your SMA team and providers. 
  • Implement a communications management approach to engage stakeholders, and inform affected Medicaid members.
  • Marshal project management resources and develop a realistic and achievable roadmap to success.  
  • Explore agency contracting vehicles, cooperative contracts, and other procurements tools. 

We’re here to help. If you have more questions or want to have an in-depth conversation about your specific situation, please contact the Medicaid consulting team.

Article
Medicaid coverage gap: Tools and strategies for Medicaid agencies to help retain members

Read this if you have a cybersecurity program.

This week President Joe Biden warned Americans about intelligence that indicated Russia may be preparing to conduct cyberattacks on our private sector businesses and infrastructure as retaliation for sanctions applied to the Russian government (and the oligarchs) as punishment for the invasion of Ukraine. Though there is no specific threat at this time, President Biden’s warning has been an ongoing message since the invasion began. There is no need to panic, but this is a great time to re-visit your current security controls. Focusing on basic IT controls goes can make a big difference in the event of an attack, as hackers tend to go after the easy, low hanging fruit. 

  1. Access controls
    Review and understand how all access to your networks is obtained by on-site employees, remote employees, and vendors and guests. Make sure that users are maintaining strong passwords and that no user is connecting remotely to any of your systems without some form of multi-factor authentication (MFA). MFA can come in the form of a token (in hand or built-in) or as one of those numerical codes you have delivered to your phone or email. Poor access controls are simply the difference between leaving your house unlocked versus locked when you leave to go somewhere. 
  2. Patching
    One of the most common audit findings we have to date and one of the biggest reasons behind successful attacks is related to unpatched systems. Software patches are issued by software providers to address vulnerabilities in systems that act as an unlocked door to a hacker, and allow hackers to leverage the vulnerability as a way to get into your systems. Ensuring your organization has a robust patch management program in place and that systems are up-to-date on needed patches is critical to your security operations. Think of an unpatched system like a car with a broken window—sure the door is locked, but any thief can reach through the broken window and unlock the car. 
  3. Logging 
    Account activity, network traffic, system changes—these are all things that can be easily logged and with the right tools, configured to alert you to suspicious activity. Logging that is done correctly can alert management to suspicious activity occurring on your network and notifies your security team to investigate the issue. Consider logging and alerting like your home’s security camera. It may alert you to the activity outside, but someone still needs to review the footage and react to it to mitigate the threat.  
  4. Test backups and more
    Making sure that your systems are successful backed up and kept separate from your production systems is a control we are all familiar with. Organizations should do more than just make sure their backups are performed nightly and maintained, but need to make sure that those data backups can be restored back to a useable state on a regular basis. More so than backups, we also often hear in the work we do that our client’s test only parts of their disaster recovery and failover plans—but have never tested a full-scale fail-over to their backup systems to determine if the failover would be successful in the event of an event or disaster. Organizations shouldn’t be scared to do a full-scale failover test, because when the time comes, you may not have the option to do a partial failover and just hope that it occurs successfully. Not testing your backups is like not test driving a car before you buy it. Sure it looks nice in the lot, but does it actually run? 
  5. Incident Management Plan 
    We often review Incident Management Plans as part of the work we do, and often note that the plans are outdated and contain incorrect information. This is an ideal time to make sure your plans are current and reflect changes that may have occurred, like your increasingly remote work force, or that systems have changed. An outdated Incident Management Plan is like being sick and trying to call your doctor for help only to find out your doctor has retired. 
  6. Training—phishing attacks
    Hackers’ most common approach to gain access to systems and deploy crippling ransomware attacks is through phishing campaigns via email. Phishing campaigns trick a user into either providing the hacker with credentials to log into systems or to download malware that could turn into ransomware through what appears to be legitimate business correspondence. Training end-users on what to look for in verifying an email’s authenticity is critical and should be seen as an opportunity that benefits the entire organization. Testing users is also critical so management understands the current risk and what is needed for additional training. Security teams should also have other supporting controls to help prevent phishing emails and detection tools in place in case a user does fall for an email. Not training your employees on security is like not coaching your little league team on how to play baseball and then being surprised you didn’t win the game because no one knew what to do. 

In the current environment, information security is an asset to any organization and needs to be supported so that you can protect your organization from cyberattacks of all kinds. While we can never guarantee that having controls in place will prevent an attack from occurring, they make it a lot more challenging for the hacker. One more analogy, and then I’m done, I promise. Basic IT controls are like speedbumps in a neighborhood. While they keep most people from speeding (and if you hit them too fast they do a number on your car), you can still get over them with enough motivation. 

If you have questions about your cybersecurity controls, or would like more information, please contact our IT security experts. We’re here to help.

Article
Cyberattack preparation: A basics refresher

When we meet with hospital boards to review the results of their audit, we are most often asked to share what we are seeing in the industry—and how their hospital compares with others in our client base. As we (hopefully) emerge from the COVID-19 pandemic, I wanted to see where we are as an industry after two challenging years. In reviewing our own benchmarking data, and reading this very comprehensive CFO Outlook Survey by BDO, it reinforced that these are challenging times indeed. 

The pressures of top line sustainability, cost containment, and recruitment and retention of talent are very real. And while healthcare providers are seasoned to the continual challenges and opportunities, the difference going forward, post-pandemic, will be what this looks like for rural providers without the influx of stimulus funds and beyond the initial surge of postponed surgeries. Based on the BDO survey, 69% of healthcare organizations surveyed expect an increase in profitability. Is your organization prepared to take the steps to make it happen? What is your financial resilience outlook?

You can read the survey here. If you would like to discuss further, please contact our Hospital Consulting team. We’re here to help.
 

Article
Healthcare survey: A comprehensive look at the industry

Read this if you work in finance or accounting or rely on financial reporting information.

Does your financial close process provide the information you need to make educated business decisions? 

Timely reporting of financial results is key to stakeholder decision making. As a result of market and regulatory obligations, companies and organizations are confronted with increasingly strict guidelines for the delivery of timely, accurate reports. Enormous amounts of information on transactions must be processed in a limited timeframe. This requires a great deal of effort on the part of your accounting and finance teams. 

The typical financial close process can be broken down into the following segments:

While this workflow seems straightforward enough, the financial close is not a single flat process, but the combination of many interrelated and often codependent processes—each with its own stages. The closing and reporting process is complex, and involves many different data suppliers and dependencies. Think your billing department, accounts payable, cash receipt, procurement, and more. All of these areas are likely to have data inputs that go into your financial close.
 

It often ends up looking like this when you consider each task:


 
To make the situation more challenging, as companies and organizations grow, the closing process can become more onerous and take longer to complete. Tasks in the financial close process are often added to an existing process—a process that may be more reactionary and based in historical practice, and may not have been well thought-out or planned for the current environment. Adding these tasks and increasing data inputs and outputs adds additional pressure to an incredibly important, but often forgotten task: analysis.

The majority of finance departments spend the bulk of their time on the financial close itself. Unfortunately, this can lead to delays, uncovering mistakes well after the fact, and reports lagging behind current business operations. The later the analysis is performed and the reports are distributed, the less useful they become for decision making. 

Financial close optimization

The good news? There is a strategy to optimize your financial close process, called financial close optimization, or fast closing. Fast closing is the periodic and structured closing and reporting process, in which all knowledge about the financial facts is collected and distributed to stakeholders more quickly.

There is an emerging trend for more frequent financial reporting, which allows companies and organizations to be more nimble and responsive to financial results, especially when facing an unprecedented crisis like the COVID-19 pandemic. Optimizing the financial close process allows for quicker reporting of business results to give stakeholders a more timely financial picture.

We understand the scarcity of human and financial resources continues to prove challenging to financial teams. Creating a culture of continuous improvement is a challenging task for almost any finance team—but given the benefits of a fast closing and the increased costs of a longer close, is this something that can be ignored any longer?

Look out for our next article on tips and strategies to optimize your financial close, which can lead to:

  • Freeing up resources to provide finance teams more time for a deeper analysis of operating performance and other strategic objectives
  • Providing more accurate and timely reporting
  • Improving the organization’s audit readiness 
  • Lessening the need for traditional routine tasks 
  • Increasing focus on clients, patients, and customers by spending more time looking ahead to possible opportunities. 

If you have any questions on how to improve your financial close, please contact us. We’re here to help.

Article
Financial close: Increasing complexity calls for improving processes  

Read this if you are at a public health agency.

As public health workforce challenges worsen through retirements, burnout, and added need for public health workers highlighted by the COVID-19 pandemic, funding levels for public health remain increased for the time being. This provides opportunities for states to leverage federal programs and funding streams to help ensure a strong and capable public health workforce to meet the needs of all communities. An important consideration for states is the level of cultural competence among their public health workforce.

Cultural competence: Definition and benefits

Cultural competence refers to the capacity to function effectively, both as an individual and an organization, in relation to community members’ cultural beliefs, behaviors, and needs. It allows public health professionals to provide more effective public health services to individuals and communities with cultures different from their own—through awareness, respect, and willingness to learn about cultural differences. The necessity of cultural competence in public health is especially timely due to new and existing disparities that have been highlighted by COVID-19 outcomes and the ripple effects of the pandemic.

Benefits of a culturally competent public health workforce include greater public trust in the public health system, more equitable and effective public health services, improved understanding of existing barriers and community health status, and the potential to reduce disparities and improve both healthcare access and health outcomes in historically marginalized communities.

As many states face significant workforce gaps and challenges in recruiting, training, and retaining staff, it is important to leverage best practices and key indicators of success to inform a sustainable and effective approach for workforce development. States may benefit from assessing gaps in cultural competence and related skills, and by identifying specific cultural competency areas and abilities they aim to achieve in the workforce. A strategic approach is necessary for maximizing the sustainability and long-term benefit of federal funding opportunities, such as those for public health workforce development in rural areas. 

Strategies and best practices for developing a culturally competent public health workforce 

There are many steps you can take toward building cultural competence in your agency. Some of them include:

  • Develop and implement a periodic assessment of workforce cultural competence, and training to measure improvement and incorporate up-to-date best practices
  • Recruit diverse staff to reflect the culture and demographics of communities, including the provision of linguistic support
  • Create and improve pipeline training programs by collaborating with local colleges, universities, and schools of public health and identifying existing gaps in the workforce and in public health educational opportunities 
  • Support inter-professional education and teams for community-based interventions, to foster collaboration between public health and healthcare professionals in the community to better meet needs 

Important first steps to improve and foster cultural competence in the public health workforce include setting goals related to building community partnerships and what those partnerships will achieve. 

Other steps for building cultural competence 

Additionally, collecting diversity data and demographic characteristics of the public health workforce, measuring and evaluating performance of the public health workforce and public health services, and reflecting community diversity within the workforce are necessary for developing a workforce that supports community cohesion and trust of community members. These steps can help you assess where you can strengthen services and how communities can be better reflected in the public health services they receive. Effective communication and language access are also critical steps to improve and foster cultural competence in the public health workforce.

BerryDunn can provide state public health and human services agencies with strategic policy and programmatic guidance and management support to maximize the benefits of federal programs to facilitate public health workforce development. 

If you have any questions about your specific situation, or would like more information, please contact our Public Health Consulting team. We’re here to help.

Article
Developing a culturally competent public health workforce

Read this if your State Medicaid Agency is planning Medicaid Enterprise System enhancements.

Are you a system integrator (SI) or a State Medicaid Agency (SMA) implementing or enhancing a Medicaid system or specific module? Have you considered how decisions made during design and implementation could impact the federal Payment Error Rate Measurement (PERM) reviews for SMAs?

The goal of PERM is to measure and report an unbiased estimate of the true improper payment rate for Medicaid and Children’s Health Insurance Program (CHIP). Every state is reviewed once every three years using a sample that includes both fee for service (FFS) and managed care (MC) payments. A state assigned error rate is not the only consequence resulting from the PERM review; there are also financial implications.

Risk reduction from PERM review

Maintaining a focus on PERM review factors when making decisions during design and implementation can protect states by reducing the risk of:

  • Submitting change requests (CR) during implementation, which can result in additional cost and time
  • Implementing changes to existing Medicaid systems during maintenance and operations
  • Findings reported during certification efforts
  • Refunding federal dollars due to improperly paid claims
  • A reduction in federal match on all claims paid

It is also important to understand the benefits of a dedicated PERM team within the state organization that includes members from the system vendor and outside PERM experts. These benefits include providing states an additional level of security to help ensure a positive outcome to the federal PERM review, helping to protect federal funding.

Having a dedicated team will help ensure all decisions made during system updates and/or implementations are made while keeping focus on PERM requirements and the further impacts of PERM reviews, saving time and remaining compliant.

Plan ahead for best results

When planning for a new module or Medicaid system request for proposal (RFPs), consider PERM-related requirements to help ensure all PERM needs are met to prevent errors and repayment of federal funds. Including PERM requirements can also help your agency ensure federal compliance and successful PERM audits. Doing so will likely reduce the amount of time system integrators spend re-working earlier development decisions and help ensure claim payments are processed, and eligibility determinations are made in accordance with federal and state regulations.

If you have questions about PERM or your specific situation, please contact our Medicaid Consulting team. We’re here to help.

Article
PERM success for Medicaid agencies through system implementations

Read this if you are a behavioral health agency leader looking for solutions to manage mental health, substance misuse, and overdose crises.

As state health departments across the country continue to grapple with rising COVID-19 cases, stalling vaccination rates, and public heath workforce burnout, other crises in behavioral health may be looming. Diverted resources, disruption in treatment, and the mental stress of the COVID-19 pandemic have exacerbated mental health disorders, substance use, and drug overdoses.

State agencies need behavioral health solutions perhaps now more than ever. BerryDunn works with state agencies to mitigate the challenges of managing behavioral health and implement innovative strategies and solutions to better serve beneficiaries. Read on to understand how conducting a needs assessment, redesigning processes, and/or establishing a strategic plan can amplify the impact of your programs. 

Behavioral health in crisis

The prevalence of mental illness and substance use disorders has steadily increased over the past decade, and the pandemic has exacerbated these trends. A number of recently released studies show increases in symptoms of anxiety, depression, and suicidal ideation. One CDC study indicates that in June 2020 over 40% of adults reported an adverse mental or behavioral health condition, which includes about 13% who have started or increased substance use to cope with stress or emotions related to COVID-19.1 

The toll on behavioral health outcomes is compounded by the pandemic’s disruption to behavioral health services. According to the National Council for Behavioral Health, 65% of behavioral health organizations have had to cancel, reschedule, or turn away patients, even as organizations see a dramatic increase in the demand for services.2,3 Moreover, treatment facilities and harm reduction programs across the country have scaled back services or closed entirely due to social distancing requirements, insufficient personal protective equipment, budget shortfalls, and other challenges.4 These disruptions in access to care and service delivery are having a severe impact.

Several studies indicate that patients report new barriers to care or changes in treatment and support services after the onset of the pandemic.5, 6 Barriers to care are particularly disruptive for people with substance use disorders. Social isolation and mental illness, coupled with limited treatment options and harm reduction services, creates a higher risk of suicide ideation, substance misuse, and overdose deaths.

For example, the opioid epidemic was still surging when the pandemic began, and rates of overdose have since spiked or elevated in every state across the country.7 After a decline of overdose deaths in 2018 for the first time in two decades, the CDC reported 81,230 overdose deaths from June 2019 to May 2020, the highest number of overdose deaths ever recorded in a 12-month period.8 

These trends do not appear to be improving. On October 3, the CDC reported that from March 2020 to March 2021, overdose deaths have increased 29.6% compared to the previous year, and that number will only continue to climb as more data comes in.9  

As the country continues to experience an increase in mental illness, suicide, and substance use disorders, states are in need of capacity and support to identify and/or implement strategies to mitigate these challenges. 

Solutions for state agencies

Behavioral health has been recognized as a priority issue and service area that will require significant resources and innovation. In May, the US Department of Health and Human Services' (HHS) Secretary Xavier Becerra reestablished the Behavioral Health Coordinating Council to facilitate collaborative, innovative, transparent, equitable, and action-oriented approaches to address the HHS behavioral health agenda. The 2022 budget allocates $1.6 billion to the Community Mental Health Services Block Grant, which is more than double the Fiscal Year (FY) 2021 funding and $3.9 billion more than in FY 2020, to address the opioid epidemic in addition to other substance use disorders.10 

As COVID-19 continues to exacerbate behavioral health issues, states need innovative solutions to take on these challenges and leverage additional federal funding. COVID-19 is still consuming the time of many state leaders and staff, so states have a limited capacity to plan, implement, and manage the new initiatives to adequately address these issues. Here are three ways health departments can capitalize on the additional funding.

Conduct a needs assessment to identify opportunities to improve use of data and program outcomes

Despite meeting baseline reporting requirements, state agencies often lack sufficient quality data to assess program outcomes, identify underserved populations, and obtain a holistic view of the comprehensive system of care for behavioral health services. Although state agencies may be able to recognize challenges in the delivery or administration of behavioral health services, it can be difficult to identify solutions that result in sustained improvements.

By performing a structured needs assessment, health departments can evaluate their processes, systems, and resources to better understand how they are using data, and how to optimize programs to tailor behavioral health services and promote better health outcomes and a more equitable distribution of care. This analysis provides the insight for agencies to understand not only the strengths and challenges of the current environment, but also the desires and opportunities for a future solution that takes into account stakeholder needs, best practice, and emerging technologies. 

Some of the benefits we have seen our clients enjoy as a result of performing a needs assessment include: 

  • Discovering and validating strengths and challenges of current state operations through independent evaluation
  • Establishing a clear roadmap for future business and technological improvements
  • Determining costs and benefits of new, alternative, or enhanced systems and/or processes
  • Identifying the specific business and technical requirements to achieve and improve performance outcomes 

Timely, accurate, and comprehensive data is critical to improving behavioral health outcomes, and the information gathered during a needs assessment can inform further activities that support programmatic improvements. Further activities might include conducting a fit-gap analysis, performing business process redesign, establishing a prioritization matrix, and more. By identifying the greatest needs and implementing plans to address them, state agencies can better handle the impact on behavioral health services resulting from the COVID-19 pandemic and serve individuals with mental health or substance use disorders more efficiently and effectively.

Redesign processes to improve how individuals access treatment and services

Despite the availability of behavioral health services, inefficient business and technical processes can delay and frustrate individuals seeking care and in some cases, make them stop seeking care altogether. With limited resources and increasing demands, behavioral health agencies should analyze and redesign work flows to maximize efficiency, security, and efficacy. Here are a few examples of process improvements states can achieve through process redesign:

  • Streamlined data processes to reduce duplicative data entry 
  • Automated and aligned manual data collection processes 
  • Integrated siloed health information systems
  • Focused activities to maximize staff strengths
  • Increased process transparency to improve communication and collaboration 

By placing the consumer experience at the core of all services, state health departments can redesign business and technical processes to optimize the continuum of care. A comprehensive approach takes into account all aspects that contribute to the delivery of behavioral health services, including both administrative and financial processes. This helps ensure interconnected activities continue to be performed efficiently and effectively. Such improvements help consumers with co-occurring disorders (mental illness and substance use disorder) and/or developmental disorders find “no wrong door” when seeking care. 

Establish a strategic plan of action to address the impact of the COVID-19 pandemic

With the influx of available dollars resulting from the American Recovery Plan Act and other state and federal investments, health departments have a unique opportunity to fund specific initiatives to enhance the delivery and administration of behavioral health services. Understanding how to allocate the millions of newly awarded dollars in an impactful and sustainable way can be challenging. Furthermore, the additional reporting and compliance requirements linked to the funding can be difficult to navigate in addition to current monitoring obligations. 

The best way to begin using the available funding is to develop and implement strategic plans that optimize funds for behavioral health programs and services. You can establish priorities and identify sustainable solutions that build capacity, streamline operations, and promote the equitable distribution of care across populations. A few of the activities state health departments have undertaken resulting from the strategic planning initiatives include: 

  • Modernizing IT systems, including data management solutions and Electronic Health Records systems to support inpatient, outpatient, and community mental health and substance use programs 
  • Promoting organizational change management 
  • Establishing grant programs for community-driven solutions to promote health equity for the underserved population
  • Organizing, managing, and/or supporting stakeholder engagement efforts to effectively collaborate with internal and external stakeholders for a strong and comprehensive approach

The prevalence of mental illness and substance use disorder were areas of concern prior to COVID-19, and the pandemic has only made these issues worse, while adding more administrative challenges. State health departments have had to redirect their existing staff to work to address COVID-19, leaving a limited capacity to manage existing state-level programs and little to no capacity to plan and implement new initiatives. 

The federal administration and HHS are working to provide financial support to states to work to address these exacerbated health concerns; however, with the limited state capacity, states need additional support to plan, implement, and/or manage new initiatives. BerryDunn has a wide breadth of knowledge and experience in conducting needs assessments, redesigning processes, and establishing strategic plans that are aimed at amplifying the impact of state programs. Contact our behavioral health consulting team to learn more about how we can help. 

Sources:
Mental Health, Substance Use, and Suicidal Ideation During the COVID-19 Pandemic, CDC.gov
COVID-19 Pandemic Impact on Harm Reduction Services: An Environmental Scan, thenationalcouncil.org
National Council for Behavioral Health Polling Presentation, thenationalcouncil.org
The Impact of COVID-19 on Syringe Services Programs in the United States, nih.gov
COVID-19 Pandemic Impact on Harm Reduction Services: An Environmental Scan, thenationalcouncil.org
COVID-19-Related Treatment Service Disruptions Among People with Single- and Polysubstance Use Concerns, Journal of Substance Abuse Treatment
Issue Brief: Nation’s Drug-Related Overdose and Death Epidemic Continues to Worsen, American Medical Association
Increase in Fatal Drug Overdoses Across the United States Driven by Synthetic Opioids Before and During the COVID-19 Pandemic, CDC.gov
Provisional Drug Overdose Death Counts, CDC.gov
10 Fiscal Year 2022 Budget in Brief: Strengthening Health and Opportunity for All Americans, HHS.gov

Article
COVID's impact on behavioral health: Solutions for state agencies

Read this if you are a division of motor vehicles, or interested in mDLs.

It can be challenging to learn about the technical specifications that must be met to safely acquire, implement, and use emerging technologies. And why wouldn’t it be? Technical specifications are full of jargon only a technical expert can understand, and seem to appear out of thin air. Well, BerryDunn is here to help. When it comes to mobile driver’s licenses (mDLs), we’ve got the scoop.

Technical standards are developed by a few large international organizations. The International Organization for Standardization (ISO) is a Swiss-based organization responsible for the development of international standards for technical, industrial, and commercial industries in 165 countries. The International Electrotechnical Commission (IEC) is an international standards organization that develops and publishes standards for electronic technologies. The ISO and IEC have been collaborating on international technical standards for mDL technology. Recently, the ISO/IEC finalized and published these standards, which can be purchased on ISO’s website for $198 Swiss francs (about $213 US).

These technical standards cover three key components: 

  • Data exchanged during an mDL transaction
  • Security during online and offline mDL transaction scenarios
  • mDL data model to ensure mDL interoperability 

Data exchange/transaction

Data exchange is the process by which an mDL device is used to provide credentials (e.g., verify age or identity) to an mDL reader. Broadly speaking, data exchange consists of three phases: initialization (activating your device at a store to confirm your identity), device engagement (the mDL device creates a connection with the mDL reader), and data retrieval (the mDL reader requests the appropriate data to continue a transaction). The process can occur when the mDL has an internet connection (online retrieval) or when it does not have an internet connection (offline retrieval). Offline data retrieval can be conducted using a combination of Bluetooth Low Energy (BLE), Near-Field Communication (NFC), or Wi-Fi Aware technologies. These are all methods by which an mDL can connect to mDL readers at short ranges, functionally similar to Apple Pay. Online Data retrieval can be conducted using a web-based application programming interface (WebAPI) or OpenID Connect (OIDC). These are methods by which mDLs connect with the mDL issuer, confirm the mDL holder’s identity, and allow the mDL issuer to transfer data to the mDL reader. In short, an mDL transaction might look something like this:

  1. Initialization: An mDL holder attempts to purchase alcohol from a local store. The mDL holder opens their device, enters their mDL application using a PIN or biometric security feature, and uses NFC or a QR code to initiate a connection between the mDL and mDL reader.
  2. Device engagement: The mDL and mDL reader connect using NFC or a QR code.
  3. Data retrieval: The mDL reader either asks the mDL for data to confirm the holder’s age, or asks the mDL issuer to confirm the mDL holder’s age. Either the mDL or mDL issuer sends appropriate data to the mDL reader to confirm the holder’s age. Once validated, the mDL-reading establishment and mDL holder are free to complete the transaction. 

Security for mobile driver’s licenses 

mDL security aims to protect against four primary threats.

  1. mDL forgery/forgery of data elements
  2. mDL cloning/cloning of data elements
  3. mDL communication eavesdropping
  4. Unauthorized mDL access 

mDL security needs to cover online scenarios, in which an mDL-holder’s device is connected to the internet, as well as offline scenarios, when an mDL holder’s device does not have internet connectivity. Potential mDL security options include: 

  • Authentication of mDL data to protect against data cloning
  • Authentication of the legitimacy of the mDL reader to prevent alteration of communications between the mDL and mDL reader 
  • Session encryption to preserve mDL data confidentiality and prevent mDL data alteration or unauthorized data access
  • Issuer data authentication to ensure the mDL data originates at a legitimate issuing authority

During online retrieval scenarios, mDLs can employ transport layer security (TLS) to preserve the confidentiality of mDL data, or use a JavaScript Object Notation (JSON) Web Token (JWT) to authenticate mDL data origin.  

mDL technical specifications: Key terms and definitions

Technical specifications are an important, yet confusing aspect of IT system implementations, particularly for emerging technologies where expertise has not yet been established within the market. The same holds true for mDLs. Understanding mDL technical specifications requires understanding the specific terms used to describe the technical specifications along with general mDL terminology. Here’s a list of mDL-related and technical specification terms and definitions.

Key terms and definitions
 

Terms Definitions
Bluetooth Low Energy (BLE) A form of Bluetooth that provides a wireless connectivity of similar range to traditional Bluetooth at reduced device power consumption.
IEC International Electrotechnical Commission
ISO International Organization for Standardization
JavaScript Object Notation (JSON)  An open standard file format and data interchange format that uses human-readable text to store and transmit data objects.
JSON Web Token (JWT) An object used to transfer information between two parties over the web.
mDL issuer  The department of motor vehicles or bureau of motor vehicles responsible for administering rights to, and overseeing distribution of, mDL data to mDL holders.
mDL holder The person whose data is contained in, and represented by, the mDL.
mDL reader The hardware technology used to consume mDL data from an mDL holder’s device.
mDL-reading establishment The institution consuming mDL data via an mDL reader (e.g., law enforcement, liquor store, Transportation Safety Administration).  
Near-Field Communication (NFC) Communication protocols that allow electronic devices to communicate over distances of 1.5 inches or less (e.g., Apple Pay).
Offline retrieval The mDL holder’s device is not directly connected to an internet network via Wi-Fi or cellular data, requiring the mDL device to hold some mDL data—behind security features (e.g., PIN, or biometric lock)—and, at a minimum, confirm holder identity, driving privileges, age, and residence.
Online retrieval  The mDL holder’s device is connected to an internet network via Wi-Fi or cellular data. Upon request, the mDL holder can initiate a transfer of mDL data using a QR code or web token to approve the sharing of mDL data between the mDL issuer and mDL reader. 
OpenID Connect (OIDC) OpenID Connect is an authentication protocol that allows for the verification of end user identity.
Transport Layer Security (TLS) A cryptographic protocol that provides communication security over a computer network (e.g., between an mDL reader and mDL issuer).
Web Application Programming Interface (API)   An interface for a web server or web browser.
Wi-Fi Aware A Wi-Fi capability that allows devices to discover potential Wi-Fi connections nearby without connecting to them. Wi-Fi Aware runs in the background, and does not require users to have current Wi-Fi or cellular connections.


If you have any questions regarding mDLs and technical requirements, please contact us. We’re here to help. 

Article
mDL technical specifications: Background, terms, and topics