Skip to Main Content

insightsarticles

Three paths to organizational
self-care
for state public health agency survival

11.11.20

The American Public Health Association annual conference’s thematic focus on preventing violence provided an illustration of the extent of the overwhelming demands on state public health agencies right now. Not only do you need to face the daily challenges of responding to the COVID-19 pandemic, you also need to address ongoing, complex issues like violence prevention.

The sheer breadth of sessions available at APHA shows the broad scope of public health’s reach and the need for multi-level, multi-sector interventions, all with a shrinking public health workforce. The conference’s sessions painted clear pictures of the critical public health issues our country currently faces, but did not showcase many solutions, perhaps leaving state health agency leaders wondering how to tackle these taxing demands coming from every direction with no end in sight.

BerryDunn has a suggestion: practice organizational self-care! It might seem antithetical to focus maxed-out resources on strengthening systems and infrastructure right now, but state public health agencies have little choice. You have to be healthy yourself in order to effectively protect the public’s health. Organizational health is driven by high-functioning systems, from disease surveillance and case investigation to performance management, and quality improvement to data-informed decision-making.  

State health agencies can use COVID-19 funding to support organizational self-care, prioritizing three areas: workforce, technology, and processes. Leveraging this funding to build organizational capacity can increase human resources, replace legacy data systems, and purchase equipment and supplies. 

  1. Funding new positions with COVID sources can create upward paths for existing staff as well as expanding the workforce
  2. Assessing the current functioning of public health data systems identifies and clarifies gaps that can be addressed by adopting new technology platforms, which can also be done with COVID funding.
  3. Examining the processes used for major functions like surveillance or case investigation can eliminate unproductive steps and introduce efficiencies. 

So what now? Where to start? BerryDunn brings expertise in process analysis and redesign, an accreditation readiness tool, and an approach to data systems planning and procurement―all of which are paths forward toward organizational self-care. 

  1. Process analysis and redesign can be applied to data systems or other areas of focus to prioritize incremental changes. Conduct process redesign on a broad or narrow scale to improve efficiency and effectiveness of your projects. 

  2. Accreditation readiness provides a lens to examine state health agency operations against best practices to focus development in areas with the most significant gaps. Evaluate gaps in your agency’s readiness for Public Health Accreditation Board (PHAB) review and track every piece of documentation needed to meet PHAB standards.
  3. Data system planning and procurement assistance incorporates process analysis to assess your current system functioning, define your desired future state, and address the gaps, and then find, source, and implement faster, more effective systems. 

Pursuing any of these three paths allows state health agency leaders to engage in organizational self-care in a realistic, productive manner so that the agency can meet the seemingly unceasing demands for public health action now and into the future.

Related Professionals

Principals

BerryDunn experts and consultants

Truly effective preventive health interventions require starting early, as evidenced by the large body of research and the growing federal focus on the role of Medicaid in addressing Social Determinants of Health (SDoH) and Adverse Childhood Experiences (ACEs).

Focusing on early identification of SDoH and ACEs, CMS recently announced its Integrated Care for Kids (InCK) model and will release the related Notice of Funding Opportunity this fall.

CMS describes InCK as a child-centered approach that uses community-based service delivery and alternative payment models (APMs) to improve and expand early identification, prevention, and treatment of priority health concerns, including behavioral health issues. The model’s goals are to improve child health, reduce avoidable inpatient stays and out-of-home placement, and create sustainable APMs. Such APMs would align payment with care quality and support provider/payer accountability for improved child health outcomes by using care coordination, case management, and mobile crisis response and stabilization services.

State Medicaid agencies have many things to consider when evaluating this funding opportunity. Building on current efforts and innovations, building or leveraging strong partnerships with community organizations, incentivizing evidence-based interventions, and creating risk stratification of the target population are critical parts of the InCK model. Here are three additional areas to consider:

1. Data. States will need information for early identification of children in the target population. State agencies?like housing, justice, child welfare, education, and public health have this information?and external organizations—such as childcare, faith-based, and recreation groups—are also good sources of early identification. It is immensely complicated to access data from these disparate sources. State Medicaid agencies will be required to support local implementation by providing population-level data for the targeted geographic service area.

  • Data collection challenges include a lack of standardized measures for SDoH and ACEs, common data field definitions, or consistent approaches to data classification; security and privacy of protected health information; and IT development costs.
  • Data-sharing agreements with internal and external sources will be critical for state Medicaid agencies to develop, while remaining mindful of protected health information regulations.
  • Once data-sharing agreements are in place, these disparate data sources, with differing file structures and nomenclature, will require integration. The integrated data must then be able to identify and risk-stratify the target population.

For any evaluative approach or any APM to be effective, clear quality and outcome measures must be developed and adopted across all relevant partner organizations.

2. Eligibility. Reliable, integrated eligibility and enrollment systems are crucial points of identification and make it easier to connect to needed services.

  • Applicants for one-benefit programs should be screened for eligibility for all programs they may need to achieve positive health outcomes.
  • Any agency at which potential beneficiaries appear should also have enrollment capability, so it is easier to access services.

3. Payment models. State Medicaid agencies may cover case management services and/or targeted case management as well as health homes; leverage Early and Periodic Screening, Diagnostic, and Treatment (EPSDT) services; and modify managed care organization contract language to encourage, incent, and in some cases, require services related to the InCK model and SDoH. Value-based payment models, already under exploration in numerous states, include four basic approaches:

  • Pay for performance—provider payments are tied directly to specific quality or efficiency indicators, including health outcomes under the provider organization’s control. 
  • Shared savings/risk—some portion of the organization’s compensation depends on the managed care entity achieving cost savings for the targeted patient population, while realizing specific health outcomes or quality improvement.
  • Pay for success—payment is dependent upon achieving desired outcomes rather than underlying services.
  • Capitated or bundled payments—managed care entities pay an upfront per member per month lump sum payment to an organization for community care coordination activities and link that with fee-for-service reimbursement for delivering value-added services.

By focusing on upstream prevention, comprehensive service delivery, and alternative payment models, the InCK model is a promising vehicle to positively impact children’s health. Though its components require significant thought, strategy, coordination, and commitment from state Medicaid agencies and partners, there are early innovators providing helpful examples and entities with vast Section 1115 waiver development and Medicaid innovation experience available to assist.

As state Medicaid agencies develop and implement primary and secondary prevention, cost savings can be achieved while meaningful improvements are made in children’s lives.

Article
Three factors state medicaid agencies should consider when applying for InCK funding

Is your state Medicaid agency considering a Centers for Medicare and Medicaid Services (CMS) Section 1115 Waiver to fight the opioid epidemic in your state? States want the waiver because it provides flexibility to test different approaches to finance and deliver Medicaid services. The skyrocketing prevalence of substance use disorders nationwide calls for such flexibility and innovation to expand existing services for treatment and recovery. Although applying for an 1115 waiver can be daunting, here are some guidelines to help you succeed with implementation.

Be pragmatic
Be honest and pragmatic in planning discussions for the essential resources you need to have in place for a successful implementation. Ask yourselves who and how many people you need to involve to develop and execute each stage. Plan enough time to develop policies and agency protocols, make sure you have the right providers for your members, set provider rates, and then train the providers.

Ask hard questions
Once you identify key requirements to address first in your waiver, ask yourself what elements need to be in place to meet these requirements. Here are elements to consider and questions to answer:

  • Fee-for-service and managed care organization (MCO) rates — new services, such as adult residential treatment services aligned with care standards (e.g., American Society of Addiction Medicine (ASAM®) levels), may require changes to reimbursement rates. What needs to happen to develop new rates? What obstacles do you anticipate and how will you overcome them?
  • Care standards (e.g., ASAM® levels of care) and training your providers — consider what the levels mean given the range of providers in your state and the services your members receive. What is required to move to these standards? How you will work with providers to ensure adherence, including certification and training? What will this cost?
  • Policy changes — your state’s Medicaid agency will need to revamp and create policies to cover the service expansion and other changes. How will you complete all necessary policy and protocol changes early enough to inform MCO and provider actions?
  • MCO provider network adequacy — it’s worth investing the time in your application development to assess whether the MCOs serving Medicaid recipients in your state have the right mix of providers to ensure that you can fully implement the new service structure. How long should you give the MCOs for network expansion or recruitment?
  • MCO care coordination guidelines — each MCO will have its own approach. How are you going to ensure adherence to your waiver’s vision of care coordination?
  • Indicators — how will you evaluate the success of your program? How will you collect and analyze data? The earlier you determine how you will evaluate your program, the easier it will be to report on, and make improvements.

Get started
Applying for and implementing an SUD 1115 waiver is a complex and time-consuming process — but by dedicating the time up front to address the many details of time and resources, you’ll find implementation to be far smoother, and effective treatment and recovery services provided sooner for those who need it most. Our Medicaid team is here to help.

Article
Building a Strong Substance Use Disorder (SUD) 1115 waiver demonstration

Read this if you are working with an auditor.

The standard report an auditor issues on an entity’s financial statements was created in 1988, and has only had minor tweaking since. Amazing when we think about how the world has changed since 1988! Back then:

  • The World Wide Web hadn’t been invented
  • The Simpsons wasn’t yet on TV, and neither was Seinfeld
  • The Berlin Wall was still standing
  • The Single Audit Act celebrated its fourth birthday

The Auditing Standards Board (ASB), an independent board of the American Institute of CPAs (AICPA) that establishes auditing rules for not-for-profit organizations (as well as private company and federal, state, and local governmental entities) has decided it was high time to revisit the auditor’s report, and update it to provide additional information about the audit process that stakeholders have been requesting.

In addition to serving as BerryDunn’s quality assurance principal for the past 23 years, I’ve been serving on the ASB since January 2017, and as chair since May 2020. (And thanks to the pandemic our meetings during my tenure as chair have been conducted from my dining room table.)  We thought you might be interested in a high-level overview of the coming changes to the auditor’s report, which will be effective starting with calendar 2021 audits, from an insider’s perspective.

So what’s changing?

The most significant changes you’ll be seeing, based on feedback from various users of auditor’s reports, are:

  1. Opinion first
    The opinion in an audit report is the auditor’s conclusion as to whether the financial statements are in accordance with the applicable accounting standards, in all material respects. People told us this is the most important part of the report, so we’ve moved it to the first section of the report.
  2. Auditor’s ethical responsibilities
    We’ve pointed out that an auditor is required to be independent of the organization being audited, and to meet certain other ethical responsibilities in the conduct of the audit.
  3. “Going concern” responsibilities
    We describe management’s responsibility, under U.S. generally accepted accounting principles, and the auditor’s responsibility, under the auditing rules, for determining whether “substantial doubt” exists about the organization’s ability to continue in existence for at least one year following the date the financial statements are approved for issuance.
  4. Emphasis on professional judgment and professional skepticism
    We explain how an audit requires the auditor to exercise professional judgment (for example, regarding how much testing to perform), and to maintain professional skepticism, i.e., a questioning mind that is alert to the possibility the financial statements may be materially misstated, whether due to error or fraud.
  5. Communications with the board of directors
    We point out that the auditor is required to communicate certain matters to the board, such as difficulties encountered during the audit, material adjustments identified during the audit process, and which areas the auditor treated as “significant risks” in planning and performing the audit.
  6. Responsibility related to the “annual report”
    If the organization issues an “annual report” containing or referring to the audited financial statements, we explain the auditor is required to review it for consistency with the financial statements, and for any known misstatements of fact.
  7. Discussion of “key audit matters”
    While not required, your organization may request the auditor to discuss how certain “key audit matters” (those most significant to the audit) were addressed as part of the audit process. These are similar to the “critical audit matters” publicly traded company auditor’s reports are now required to include.

Yes, this means the auditor’s report will be longer; however, stakeholders told us inclusion of this information will make it more informative, and useful, for them.

Uniform Guidance standards also changing

Is your organization required to have a compliance audit under the federal Uniform Guidance standards? That report is also changing to reflect the items listed above to the extent they’re relevant.

What should you do?

Some actions to consider as you get ready for the first audit to which the new report applies (calendar 2021, or fiscal years ending in 2022) include:

  1. Ask your auditor what your organization’s auditor’s report will look like
    Your auditor can provide examples of auditor’s reports under the new rules, or even draft a pro forma auditor’s report for your organization (subject, of course, to the results of the audit).
  2. Outline and communicate your process for developing your annual report
    If your organization prepares an annual report, it will be important to coordinate its timing with that of the issuance of the auditor’s report, due to the auditor’s new reporting responsibility related to the annual report.
  3. Discuss with your board whether you would like the auditor to include a discussion of “key audit matters” in the auditor’s report
    While not required for not-for-profits, some organizations may decide to request the auditor include a discussion of such matters in the report, from the standpoint of transparency “best practices.”

If you have any questions about the new auditor’s report or your specific situation, please contact us. We’re here to help.
 

Article
A new auditor's report: Seven changes to know

Read this if you are a plan sponsor of employee benefit plans.

This article is the sixth in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here.

Plan sponsors have a fiduciary responsibility to provide oversight over the operations of employee benefit plans. This oversight involves a multitude of varying responsibilities. Failure to provide sufficient oversight can lead to non-compliance with rules and regulations. However, even if plan sponsors are providing sufficient oversight, lack of documentation of the oversight is arguably equally as severe as no oversight at all. Here are some common fiduciary responsibilities and how you should document them. 

Review of the report on service organization’s controls

Most employee benefit plans have outsourced a significant portion of the plan’s processes, and the internal controls surrounding those processes, to a service organization. Regardless of how certain plan-related processes are performed—internally or outsourced—the plan sponsor has a fiduciary responsibility to monitor the internal controls in place surrounding significant processes and to determine if these controls are suitably designed and effective. The most commonly outsourced processes of an employee benefit plan are the administration, including recordkeeping of the plan, through a third-party administrator; payroll processing; and actuarial calculations, if applicable to the plan.

When plan processes are outsourced to service organizations, generally the most efficient way to obtain an understanding of the outsourced controls is to obtain a report on controls issued by the service organization’s auditor. You should request the service organization’s latest System and Organization Controls Report (SOC 1 report). The SOC 1 report should be based on the Statement on Standards for Attestation Engagements No. 18, Reporting on the Controls at a Service Organization, frequently known as SSAE 18.

Plan sponsors should perform a documented review of the SOC 1 report for each of the plan’s service organizations. The documented review should most notably include discussion of any exceptions noted within the service auditor’s testing performed, identification of subservice organizations and consideration if subservice organization SOC 1 reports need to be obtained, and assessment of the complementary user entity controls outlined in the SOC 1 report. The complementary user entity controls are internal control activities that should be in place at the plan sponsor to provide reasonable assurance that the controls tested at the service organization provide the necessary level of internal control over the plan’s financial statements. Contact a BerryDunn professional to obtain our SOC report review template to assist in documenting your review.

Documentation of the plan within minutes

To provide general plan oversight, plan sponsors should have a group charged with the governance of the plan. This group should meet on a routine basis to review various aspects of the plan’s operations. Minutes of these meetings should contain evidence that certain matters that would be of interest to the Department of Labor (DOL) were discussed.

We recommend minutes of meetings document the following:

  • Investment performance—The plan sponsor has a fiduciary responsibility to ensure the investments offered by the plan are meeting certain performance expectations. Investment statements and the plan’s investment policy should be reviewed on a regular basis with documentation of this review retained in minutes of meetings. Any conclusions reached about the need to change investments or put an investment on a “watch-list” should also be documented in the minutes, including any additional steps that need to be taken.
  • SOC 1 report review—As noted above, the plan sponsor has a fiduciary duty to ensure all third-party service organizations utilized by the plan have suitably designed and effective internal controls. Plan sponsors should perform a documented review of the SOC 1 report for each of the plan’s service organizations. The results of these reviews should then be reported at plan oversight meetings with any subsequent actions or conclusions documented in the minutes to these meetings.
  • Reasonableness of fees—The DOL requires plan fiduciaries to determine if the fees charged under covered service provider agreements are reasonable in relation to the services provided. To determine the reasonableness of fees, the plan may (1) hire a consultant, (2) monitor industry trends regarding fees, (3) consult with peer companies, (4) use a benchmarking service, or (5) conduct a request for proposal. Failure to determine the reasonableness of the fees charged can result in a prohibited transaction. When doing such a review, the fiduciaries of the plan should document in the minutes the steps taken and conclusions reached.
  • Overall review of the plan—Plan sponsors have a fiduciary responsibility to review the activity of the plan as well as participant balances. We recommend plan sponsors implement and document monitoring procedures over the activities of the plan and participant balances. This review could be incorporated into documented self-testing procedures, by haphazardly selecting a sample of participants each quarter and reviewing their account activity and participant balances. The results of such self-testing should then be reported at plan oversight meetings with any subsequent actions or conclusions documented in the minutes to these meetings. Reach out to a BerryDunn professional to obtain our participant change review workbook to assist in performing this self-testing.

Retention of salary reduction agreements

During our audits of employee benefit plans, we often note that employee deferrals are not consistently supported by salary reduction agreements or other forms maintained in employees’ personnel files. Many third-party administrators allow participants to make changes to their elective deferral rates directly through the third-party administrators without the involvement of the plan sponsor.

We often recommend that you maintain all changes to employee elective deferral rates in employees’ personnel files using salary reduction agreements. We also recommend that employees’ elections to not participate in the plan be documented in their personnel file. If employees can elect to change their deferral rates directly with the third-party administrator, we typically recommend that management print support from the third-party administrator’s online portal as documentation to support the change in the employee’s deferral rate and retain this support in the employees’ personnel file. However, if the third-party administrator’s online portal provides adequate history of deferral election changes, the plan sponsor may be able to rely on this portal for documentation retention. In these instances, the plan auditor should request a deferral feedback report directly from the third-party administrator.  

Monitoring of inactive accounts

Inactive accounts should be monitored by the plan sponsor for unusual activity or excessive fees that may be posted to these accounts. To the extent that inactive accounts have not exceeded $5,000, consideration should be given to cashing out the accounts if allowed by the plan document. Plan sponsors should, on a periodic basis, review the accounts of inactive participants or those who have been separated from service to ascertain whether the changes and charges to those accounts appear reasonable.

Plan sponsors have many documentation responsibilities. This list is not meant to be all-inclusive. And, the facts and circumstances of each employee benefit plan will change the applicability of these items. However, this list should be used as a tool to help plan sponsors perform a deep dive of their current plan documentation processes. And, hopefully, a result of this deep dive will be a robust documentation process that deliberately documents all major decisions and review functions related to the plan.

Article
Plan documentation: Another key to successful oversight

Read this if you are a business owner.

As state and local governments look for new ways to stimulate their economies, incentivize employment and keep businesses afloat, the pressure for states to generate additional tax revenue continues. In response to this pressure, states are revisiting taxpayers’ compliance with their “nexus” rules and other tax policies and considering new taxes on digital services. In addition, many state governments are reconsidering the extent to which they are willing to conform to federal tax rules and legislation.

Taxpayers need to be aware of the tax rules in the states in which they operate. Taxpayers that cross state borders—even virtually—should review state nexus and other policies to understand their compliance obligations, identify ways to minimize their state tax liabilities, and eliminate any state tax exposure. The following are some of the state tax issues taxpayers should monitor and plan for in 2021:

  1. Passthrough entity (PTE) income tax elections
    It looks like the federal $10,000 “SALT cap” is sticking around, and more states are enacting a workaround in response. A growing number of states are allowing partnerships and S corporations to elect to be taxed at the entity level to help their resident owners get around the SALT cap. However, it is important that individuals understand the broad, long-term implications of the PTE tax election. Care needs to be exercised to avoid state tax traps, especially for nonresidents, that could exceed any federal tax savings.
  2. Impacts of federal income tax changes
    Federal tax legislation also has impact at the state level. While many states quickly settle on approaches to conform with or decouple from the federal legislation, other states have done nothing, leaving taxpayers to file state income tax returns with very little guidance on how or whether the federal changes apply.

    Now that tax years impacted by the Tax Cuts and Jobs Act are well into their audit cycles, state taxpayers that unknowingly did not correctly take federal changes into account when calculating their state taxes may be confronted by not only audit exposure, but in some cases refund opportunities. Taxpayers should review their state tax returns to identify opportunities to minimize exposure and identify refunds well in advance of state tax audits.
  3. Taxes on digital advertising services
    Maryland was the first state to enact a digital advertising services tax. Large tech companies immediately sued the state, and in response the legislature passed a bill to delay the implementation of the controversial tax until 2022. To date, several other states have introduced similar digital advertising taxes, and some states are proposing to include these services in their sales tax base. States will be closely following the litigation in Maryland as they consider their own legislation.

    The definition of digital advertising services can potentially be very broad and fact specific. Taxpayers should understand the various state proposals and plan for their potential impact.
  4. Sales and use tax nexus: Remote sellers and marketplaces
    Florida and Kansas have finally joined the ranks of states with a bright-line economic nexus threshold for remote retailers and marketplace providers. At this point, the only state without a bright-line standard or marketplace rules is Missouri.

However, retailers should not forget about physical presence. Even though most states have implemented economic nexus rules since Wayfair, the traditional physical presence rules are still alive and well. States are continuing to assess retailers that, sometimes unknowingly, have some form of physical presence in the state.

E-retailers should be sure they are in compliance with state sales and use tax laws and marketplace facilitator rules and have considered all planning opportunities. 

How we can help

We are experienced in income, franchise, gross receipts, sales and use, as well as credits and incentives. We can help taxpayers monitor state tax laws and nexus requirements, understand where they have state obligations and how to minimize them, identify and implement planning opportunities, identify and quantify tax exposures, and assist with state tax audits. 

For questions about your specific situation, please contact the State and Local Tax team. We’re here to help. 
 

Article
SALT watch: Four issues to consider in 2021

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts. 

The companion podcast to this article, Organization development: Preparing for Medicaid Enterprise Systems (MES) modernization, can be found in our virtual library.  


What is organization development (OD)? 

The purpose of OD is to improve organizational performance and outcomes. OD focuses on improving an organization’s capability through the alignment of strategy, structure, people, rewards, systems, metrics, and management processes.  

OD is a science-backed, interdisciplinary field rooted in psychology, culture, innovation, social sciences, quality management, project management, adult learning, human resource management, change management, organization behavior, and research analysis and design, among others.  

OD typically starts with a clear sense of mission, vision, and values that answers the question “what we are trying to be?” OD develops the culture and behaviors that reflect the organizational values.  

OD facilitates the transformation of the workplace culture to become strategic, meaning: vision-driven, values-based, and goals-aligned. This may include talent development for leaders and staff and redesigning organizational infrastructure. 

What is the scope of an OD effort? 

OD efforts are most effective when they encompass the entire organization becoming the basis for a strategic plan. OD can be just as effective when applied to a MES modernization project. In this application of OD, we facilitate stakeholder engagement with the intent of person-centered service, concurrent design for operations, processes, and training side-by-side with the systems design and development. This approach is also referred to as human-centered design (HCD).  

Regardless of the scope, OD reinforces benchmarks of high-performance organizations including: 

  • Transparent and data-informed decision making 
  • Developed leadership building connections with consistent expectations 
  • Culture of continuous improvement and innovation 
  • Team-based success and ownership for outcomes 
  • Person-centered service 

What does OD look like in action? 

We facilitate leaders to assess their organization through the eyes of stakeholders, particularly staff and people served. Collaboratively, with no blame or shame, the leaders articulate where they are today and where they need to be in the future, and build a roadmap or strategic plan to get there. In the assessment and roadmap we use the following six focal points of the organization:  

  • Excellent leadership 
  • Effective strategy 
  • A workforce that is confident, competent, consistent, and compassionate 
  • Quality operations and process improvement 
  • Person-centered service that results in a positive client experience 
  • Quality program outcomes for the communities served 

The roadmap or strategic plan typically includes talent development, and redesign of the infrastructure, including structure, processes, communication mechanisms, performance management processes, deployment of resources, and job skills development approaches.  

Talent development ensures that your leaders are aligned, prepared, and most importantly leading and inspiring their people toward that vision and the development of the workforce. Talent development provides staff with the skills, knowledge, and abilities needed, and reinforces positive attitudes, beliefs, and willingness to work together towards common goals. This might also include restructuring business process redesign, it might include expanding roles or shifting roles.  

Principles of lean are an important component of organization development when redesigning processes and helps organizations, such as state Medicaid agencies, do more with the current resources. With so many constraints placed on organizations, the lean approach is a critical component of optimizing existing resources and finding cost savings through changing “what we do” and “how we do it”, as opposed to cutting “what we do” or “changing who does it”. Resource optimization is just one of the benefits of organization development. 

Why is it important to redesign your organization and develop your staff when you're implementing a new technology system, such as a new Medicaid Enterprise System module? 

For state Medicaid Agencies, the organization goal isn't to modernize a system, the goal is for competent and compassionate staff serving clients and providers to improve health and wellness in our communities. Our goal is streamlined processes that improve accuracy and timeliness. Look at the outcomes of the program, then design the systems that enable business processes and the people who make that process happen every single day. We go back to why we are doing anything in the first place. Why do we need this change? What are we trying to accomplish? If we're trying to accomplish better service, a healthier community, and streamline processes so we are cost effective, then it leads us to modernizing our enterprise system and making sure that our people are prepared to be successful in using that system. Aligning to the organizational goals, or what we call the North Star, sets us up for success with the enterprise efforts and the human efforts. 

What can clients do to navigate some of the uncertainties of a modernization effort, and how can they prepare their staff for what's next? 

First articulate the goals or why you want the modernization, and build a foundation with aligned, and effective leaders. Assess the needs of the organization from a “social” or people perspective and a technical or systems perspective (note: BerryDunn uses a socio-technical systems design approach). Then, engage staff to develop a high-performance, team-based culture to improve lean processes. Design and develop the system to enable lean business processes and concurrently have operations design standard operating procedures, and develop the training needed to optimize the new system.  

Leaders must lead. If leaders are fragmented, if they are not effective communicators, if they do not have a sense of trust and connection with their workforce, then any change will be sub-optimized and probably will be a frustrating experience for all.  

If the workforce is in a place where staff live with suspicion or a lack of trust, or maybe some dysfunctional interpersonal skills, then they are not in a place to learn a new system. If you try to build a system based on a fragmented organizational structure or inconsistent processes, you will not achieve the potential of the modernization efforts and will limit how people view your enterprise system. The worst thing you can do is invest millions of dollars in the system based on a flawed organizational design or trying to get that system to just do what we've always done. 

By starting with building the foundation of engaging employees, not just to make people feel good, but also to help them understand how to improve their processes and build a positive workplace. Do we have the transparency in our data so that we understand what the actual problems are? Can employees articulate the North Star goals, the constraints, the reasons to update systems, then the organizations will have a pull for change as opposed to a push.

Medicaid agencies and other organizations can create a pull for change by engaging with their resources who can identify what gets in the way of serving the clients, i.e., what gets in the way of timeliness or adds redundancy or rework to the process. The first step is building that foundation, getting people leaning in, and understanding what's happening. By laying the foundation first, organizations help reduce the barriers between operations and systems, and ensure that they're working collaboratively toward organizational goals, always keeping the ‘why’ in mind and using measures to know when they are successful. 

How does a state focus on organization development when they are facing budget and staffing constraints? 

It is too easy to say, "invest in your people". In reality, the first thing that state Medicaid agencies or other organizations need do is redefine their sense of lean. Many inaccurately believe that lean means limited resources working really hard. Lean is tapping into the potential creativity and innovation of each staff member to look for ways to improve the process. Organizations should look at everything they do and ask “Does this add value to the end recipient of our service?” Even if I'm processing travel reimbursement requests, I still have a customer, I still have a need for timeliness and accuracy. If state Medicaid agencies can mobilize that type of focus with every single employee in their organization, they can achieve huge cost savings without the pain of cutting the workforce.   

In one state where BerryDunn’s organization development team provided this level and type of organizational transformation, there was a very deliberate focus on building this foundation prior to a large-scale system modernization.

By developing the leaders and training the employees in how to improve their processes, improve teamwork and trust, and align to the goal of a positive client experience, they were able to effectively implement the new system and seamlessly move to remote pandemic conditions. Once the state Medicaid agency had aligned the technical systems and the people systems to the organizational goals, they were successful and more resilient for future changes.   

If you have any questions, please contact our Medicaid consulting team. We're here to help.

Article
Outcomes and organization development 

Read this if you are a division of motor vehicles, or interested in mDLs.

Successful acquisition and implementation of a mobile driver’s license (mDL) program requires knowledge of the specific functional needs mDLs must satisfy to help ensure mDL programs provide security and convenience to mDL holders. These functional needs span mDL-reading equipment, issuing authorities (e.g., departments of motor vehicles), law enforcement and other mDL-reading establishments, and mDLs themselves.  

Per the American Association of Motor Vehicle Administrators (AAMVA) Functional Needs White Paper, functional needs span eight broad categories: operations, trust, identity, cross-jurisdictional/vendor use, data privacy, remote management, ease of use, and other. The table below organizes these categories, briefly explains associated functional needs, and assigns a level of criticality to each functional need. Critical functionality must be accommodated by mDL programs in some manner. Desired functionality is optional, but heavily encouraged.

Table 1: Key Terms and Definitions
mDL Functional Needs Breakdown
Category Description Required/Desired
Operation – Online and Offline mDL holders must be able to validate their identity when either the mDL holder, the mDL reader, or both lack access to the internet.  At a minimum, offline use must allow citizens to confirm their identities, driving privileges, age, and residence. Critical
Operation – Attended mDL holders and mDL-reading establishments must be physically present when an mDL holder’s identity is established as credible, typically using the mDL portrait image. Critical
Operation – Unattended mDLs must function when the mDL-reading establishment is not present during a transaction with an mDL holder. Desired
Trust mDL holders must be able to establish that data comprising the mDL was issued by the relevant issuer and that information has not been changed, unless via an update through the relevant issuer. Critical
Trust mDL-reading establishments must employ readers they trust to obtain and validate information from mDLs. Critical
Identity – Portrait Image mDLs must have portrait image of the mDL holder. Critical
Identity – Portrait Image mDLs must have the ability to retrieve the portrait image from the issuing jurisdiction using a one-time token. Critical
Identity – Portrait Image mDL readers must read portrait images from mDLs, retrieve it from the issuing jurisdiction, and display the image. Critical
Identity – Portrait Image Law enforcement must have mobile mDL readers in order to review the mDL portrait image and mDL holder simultaneously. Desired
Identity – Biometric mDL-reading establishments must have trusted equipment to obtain the mDL holder’s biometric information. Desired
Identity – Biometric mDLs and readers must support a one-to-one  comparison of the mDL and holder biometric information, executed by the mDL-reading establishment or mDL issuer. Desired
Identity – PIN mDLs must support the use of a personal identification number (PIN) to authenticate the legitimacy of an mDL and its holder. Critical
Identity – PIN mDL holders must trust that mDL readers will not compromise their PIN when entering it.

mDL readers must trust that the PIN accurately validates mDL holder information when the authentication process occurs on the mDL holder’s device.
Critical
Cross-Jurisdictional & Vendor Use mDL readers must be able to read mDLs from multiple issuing jurisdictions and multiple vendors. Critical
Cross-Jurisdictional & Vendor Use mDLs require interfacing with the relevant issuer, with the ability to control how mDL data is uploaded to holder devices and updated. Critical
Cross-Jurisdictional & Vendor Use mDLs require in-real-time interfacing with the holder’s device and the reader. Critical
Data Privacy As with physical DLs, mDLs require a process for granting holder consent prior to information release. Critical
Data Privacy mDL holders must be able to release selective information (e.g., age, driving credentials) without releasing all personal information stored on the mDL (data minimization). Critical
Data Privacy Issuing authorities must be able to allow unrestricted access to an mDL, without the holder’s consent, in cases where the holder is unconscious, nonresponsive, etc., e.g., following a major car accident, law enforcement might need to verify whether an individual is an organ donor. Desired
Data Privacy mDLs must be linkable to the government-related transactions they are used for (e.g., interacting with the DMV, law enforcement), allowing local and state officials to review the history of transactions related to a specific mDL. Desired
Data Privacy mDLs must be unlinkable from the private-industry transactions they are used for, preventing mDL-reading establishments from tying mDL holders to specific transactions. Desired
Data Privacy The mDL should grant the mDL holder visibility into all personal data contained in the mDL. Critical
Remote mDL Management1 mDL issuing authorities must have the ability to perform the following actions to mDLs remotely:
  • Add, update, and revoke (temporarily and permanently) driving privileges.
  • Update the application storing the mDL.
  • Revoke the mDL entirely (in the case of suspected fraud)
Critical
Remote mDL Management mDL holders must have the ability to remotely update their mDL data, including revoking their mDL in the case of a lost or stolen mDL. Critical
Remote mDL Management mDLs with combined offline/online functionality must expire should the mDL holder not connect their mDL to issuer’s system within a defined period of time. Critical
Remote mDL Management mDLs must support the ability to be returned to the issuer prior to the issue of a new mDL to a holder.

mDLs must support the ability to be returned to the issuer, marked as void, and returned to the holder prior to the issue of a new mDL to the holder.
Optional
Remote mDL Management mDLs must allow law enforcement officers from a holder’s home jurisdiction to suspend a holder’s mDL under specified circumstances. Critical
Remote mDL Management mDLs must support the ability for issuing authorities to change mDLs to IDs (in the case of driving privilege revocation) and change IDs to mDLs (when driving privileges are gained). Desired
Remote mDL Management mDLs must support the ability to transfer devices, either online (desired) or by visiting issuing authorities in person (critical). Desired/Critical
Ease of Use mDLs must not require mDL-reading establishments to handle the mDL holder’s device during a transaction. Critical
Ease of Use mDLs must operate during different weather conditions (rain, snow, intense sunlight, etc.) Desired
Ease of Use mDLs must function at all times, regardless of the level of ambient light. Critical
Ease of Use mDLs must function in various environments (office, traffic stop, etc.) Critical
Ease of Use mDLs must minimize the amount and cost of additional equipment that law enforcement and other mDL-reading establishments require when processing mDL transactions. Desired
Other – Processing     Time mDL readers must be able to process an mDL transaction with comparable time to physical DL transactions. Critical
Other – Non-reliance on Device Security by Consumer mDL readers must be able to authenticate mDL data without relying on the security of an mDL holder’s device (e.g., biometric readers). Critical

1Remote mDL management assumes at least a partial level of online mDL functionality. mDLs cannot be remotely managed in offline scenarios.

If you have questions about mDLs or about your specific agency, please contact the team. We’re here to help.      

Article
Functional needs for a successful mobile Driver's License (mDL) program

Read this if you are a plan sponsor of employee benefit plans.

This article is the fifth in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here.

With increasing regulations surrounding employee benefit plans, plan sponsors are under more scrutiny than ever to ensure that they meet their fiduciary responsibilities. One of the most common mistakes made by plan sponsors is failing to timely deposit employee elective deferrals into the plan’s trust (the plan). 

Employee elective deferrals: What are the regulations?

Under the Department of Labor (DOL) guidelines, employee elective deferrals should be deposited into the plan as soon as they can be reasonably segregated from the employer’s general assets. However, in no event can the deposit be later than the 15th business day of the month following the month in which the employee deferrals are received by the employer. Failure to deposit employee deferrals into the plan by the 15th business day timeframe may constitute both an operational mistake (if the plan specifies a date by which the employer must deposit elective deferrals) and a prohibited transaction.

Important to note, the 15-business day rule does not provide a safe harbor against penalties for untimely deposits of employee deferrals to the Plan. In general, employee salary deferrals and participant loan payments should be deposited into the plan within one to three business days following the payroll pay date from which withheld. 

Correcting late deposits

The best strategy is to avoid late remittances. If, however, it does happen, there are steps that plan sponsors should take to correct the error. You should first deposit any delinquent contributions to the plan as soon as possible, including lost earnings on all late contributions. Plan sponsors who opt to correct under the DOL’s Voluntary Fiduciary Correction Program (VFCP) can calculate lost earnings using the DOL’s online calculator. Alternatively, plan sponsors who opt to self-correct generally use the greater of the plan’s actual rate of return or the rate set by the IRS for underpayment. You should also consider reviewing your procedures to determine the cause of the delay, and adjust as necessary to avoid untimely deposits going forward. 

Potential tax ramifications

Internal Revenue Service (IRS) Form 5330, Return of Excise Taxes Related to Employee Benefit Plans may also be required to be completed by plan sponsors after correcting for late deposits and lost earnings. The amount of excise tax the IRS applies equals 15% of the lost earnings, and must be paid each year until the corrections are made. 

Plan sponsors who opt to self-correct should note that you forfeit the opportunity to have the IRS waive the excise tax requirement as potentially afforded under the VFCP.

Continued monitoring

Monitoring the timeliness of deferral remittances is an important step to ensure that plan sponsors are meeting their fiduciary responsibilities. If you have established procedures in place for this process, make sure to review the procedures periodically to ensure compliance.  If issues arise, take prompt corrective action under either the VFCP or self-correct options so that the errors are remediated as soon as possible.

Article
Timeliness is next to godliness: Depositing participant elective deferrals