Skip to Main Content

insightsarticles

Three steps to measure Medicaid Enterprise Systems outcomes

By: Christopher Davis,

Jodie is a Senior Consultant in BerryDunn’s Government Consulting Group serving on the Independent Verification and Validation (IV&V) Services team for Missouri Department of Social Services, Missouri Eligibility Determination and Enrollment System (MEDES) project. She and the team assess project health, identify potential risks and issues, and offer recommendations for mitigation. She is a Project Management Professional (PMP)® and Prosci® certified change practitioner (CCP) with over 20 years of hands-on project experience, and is proficient in systems analysis, implementation oversight, and federal standards compliance.

Jodie Earney
08.19.19

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification effort.

Measuring performance of Medicaid Enterprise Systems (MES) is emerging as the next logical step in moving Medicaid programs toward modularity. As CMS continues to refine and implement outcomes-based modular certification, it is critical that states adapt to this next step in order to continue to meet CMS funding requirements.

This measurement, in terms of program outcomes, presents a unique set of challenges, many of which a state may not have considered before. A significant challenge is determining how and where to begin measuring program outcomes―to meet it, states can leverage a trusted, independent partner as they undertake an outcomes-based effort.

Outcomes-based planning can be thought of as a three-step process. First, and perhaps most fundamental, is to define outcomes. Second, you need to determine what measurements will demonstrate progress toward achieving those outcomes. And the final step is to create reporting measurements and their frequency. Your independent partner can help you answer these critical questions and meet CMS requirements efficiently by objectively guiding you toward realizing your goals.

  1. Defining Outcomes
    When defining an outcome, it is important to understand what it is and what it isn’t. An outcome is a benefit or added value to the Medicaid program. It is not an output, which is a new or enhanced function of a new MES module. An output is the product that supports the outcome. For example, the functionality of a new Program Integrity (PI) module represents an output. The outcome of the new PI module could be that the Medicaid program continuously improves based on data available because of the new PI module. Some outcomes may be intuitive or obvious. Others may not be as easy to articulate. Regardless, you need to direct the focus of your state and solution vendor teams on the outcome to uncover what the underlying goal of your Medicaid program is.
     
  2. Determining Measurements
    The second step is to measure progress. Well-defined Key Performance Indicators (KPIs) will accurately capture progress toward these newly defined outcomes. Your independent partner can play a key role by posing questions to help ensure the measurements you consider align with CMS’ goals and objectives. Additionally, they can validate the quality of the data to ensure accuracy of all measurements, again helping to meet CMS requirements.
     
  3. Reporting Measurements
    Finally, your state must decide how―and how often―to report on outcomes-based measurements. Your independent partner can collaborate with both your state and CMS by facilitating conversations to determine how you should report, based on a Medicaid program’s nuances and CMS’ goals. This can help ensure the measurements (and support information) you present to CMS are useful and reliable, giving you the best chance for attaining modular certification.

Are you considering an outcomes-based CMS modular certification, or do you have questions about how to best leverage an independent partner to succeed with your outcomes-based modular certification effort? BerryDunn’s extensive experience as an independent IV&V and Project Management Office (PMO) partner includes the first pilot outcomes-based certification effort with CMS. Please visit our IV&V and certification experts at our booth at MESC 2019 or contact our team now.

Related Industries

Related Professionals

Principals

BerryDunn experts and consultants

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

You can listen to the companion podcast to this article, Organization development: Shortcuts for states to consider, here: 

Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

What organization development (OD) shortcuts can state Medicaid agencies consider when faced with competing priorities and challenges such as Medicaid modernization projects in flight, staffing shortages, and a retiring workforce?

The shortcuts include rapid development and understanding of the “why”. This requires the courage to challenge assumptions, especially around transparency, to allow for a consistent understanding of the needs, data, environment, and staff members’ role in impacting the health of the people served by a state’s Medicaid program. To rapidly gain an understanding of the “why”, state Medicaid agencies should:

  1. Accelerate the transparency of information and use of data in ways that lead to a collective understanding of the “why”. Accelerating a collective understanding of the why requires improved communication mechanisms. 
  2. Invest time to connect with staff. The insistence, persistence, and consistency of leaders to stay connected to their workforce will help keep the focus on the “why” and build a shared sense of connection and purpose among teams.
  3. Create the standard that planning involves all stakeholders (e.g., policy, operations, systems staff, etc.) and focus on building consensus and alignment throughout the organization. During planning, identify answers to the following questions: What are we trying to achieve, what are the outcomes, and what is the vision for what we are trying to do?
  4. Question any fragmentation. For example, if there is a hiring freeze, several staff are retiring, and demand is increasing, it is a good idea to think about how the organization manages people. Question boundaries related to your staff and the business processes they perform (e.g., some staff can only complete a portion of a business process because of a job classification). Look at ways to broaden the expectations of staff, eliminate unnecessary handoffs, and expect development. Leaders and teams work together to build a culture that is vision-driven, data-informed, and values-based.

What are some considerations when organizations are defining program outcomes and the “why” behind what they are doing? 

Keep in mind that designing system requirements is not the same as designing program outcomes. System requirements need to be able to deliver the outcomes and the information the organization needs. With something like a Medicaid Enterprise System (MES) modernization project, outcomes are what follow because of a successful project or series of projects. For example, a state Medicaid agency looking to improve access to care might develop an outcome focused on enabling the timely and accurate screening and revalidation for Medicaid providers. 

Next, keeping with the improving access to care example, state Medicaid agencies should define and communicate the roles technology and staff play in helping achieve the desired outcome and continue communicating and helping staff understand the “why”. In Medicaid we impact people’s lives, and that makes it easy to find the heart. Helping staff connect their own motivation and find meaning in achieving an outcome is key to help ensure project success and realize desired outcomes. 

Program outcomes represents one of the six major categories related to organizational health: 

  1. Leadership
  2. Strategy
  3. Workforce
  4. Operations and process improvement 
  5. Person-centered service
  6. Program outcomes

Focusing on these six key areas during the analysis, planning, development, and integration will help organizations improve performance, increase their impact, and achieve program outcomes. Reach out to the BerryDunn’s Medicaid and Organization Development consulting team for more information about how organization develop can help your Medicaid agency.
 

Article
Outcomes and organization development, part II

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts. 

The companion podcast to this article, Organization development: Preparing for Medicaid Enterprise Systems (MES) modernization, can be found in our virtual library.  


What is organization development (OD)? 

The purpose of OD is to improve organizational performance and outcomes. OD focuses on improving an organization’s capability through the alignment of strategy, structure, people, rewards, systems, metrics, and management processes.  

OD is a science-backed, interdisciplinary field rooted in psychology, culture, innovation, social sciences, quality management, project management, adult learning, human resource management, change management, organization behavior, and research analysis and design, among others.  

OD typically starts with a clear sense of mission, vision, and values that answers the question “what we are trying to be?” OD develops the culture and behaviors that reflect the organizational values.  

OD facilitates the transformation of the workplace culture to become strategic, meaning: vision-driven, values-based, and goals-aligned. This may include talent development for leaders and staff and redesigning organizational infrastructure. 

What is the scope of an OD effort? 

OD efforts are most effective when they encompass the entire organization becoming the basis for a strategic plan. OD can be just as effective when applied to a MES modernization project. In this application of OD, we facilitate stakeholder engagement with the intent of person-centered service, concurrent design for operations, processes, and training side-by-side with the systems design and development. This approach is also referred to as human-centered design (HCD).  

Regardless of the scope, OD reinforces benchmarks of high-performance organizations including: 

  • Transparent and data-informed decision making 
  • Developed leadership building connections with consistent expectations 
  • Culture of continuous improvement and innovation 
  • Team-based success and ownership for outcomes 
  • Person-centered service 

What does OD look like in action? 

We facilitate leaders to assess their organization through the eyes of stakeholders, particularly staff and people served. Collaboratively, with no blame or shame, the leaders articulate where they are today and where they need to be in the future, and build a roadmap or strategic plan to get there. In the assessment and roadmap we use the following six focal points of the organization:  

  • Excellent leadership 
  • Effective strategy 
  • A workforce that is confident, competent, consistent, and compassionate 
  • Quality operations and process improvement 
  • Person-centered service that results in a positive client experience 
  • Quality program outcomes for the communities served 

The roadmap or strategic plan typically includes talent development, and redesign of the infrastructure, including structure, processes, communication mechanisms, performance management processes, deployment of resources, and job skills development approaches.  

Talent development ensures that your leaders are aligned, prepared, and most importantly leading and inspiring their people toward that vision and the development of the workforce. Talent development provides staff with the skills, knowledge, and abilities needed, and reinforces positive attitudes, beliefs, and willingness to work together towards common goals. This might also include restructuring business process redesign, it might include expanding roles or shifting roles.  

Principles of lean are an important component of organization development when redesigning processes and helps organizations, such as state Medicaid agencies, do more with the current resources. With so many constraints placed on organizations, the lean approach is a critical component of optimizing existing resources and finding cost savings through changing “what we do” and “how we do it”, as opposed to cutting “what we do” or “changing who does it”. Resource optimization is just one of the benefits of organization development. 

Why is it important to redesign your organization and develop your staff when you're implementing a new technology system, such as a new Medicaid Enterprise System module? 

For state Medicaid Agencies, the organization goal isn't to modernize a system, the goal is for competent and compassionate staff serving clients and providers to improve health and wellness in our communities. Our goal is streamlined processes that improve accuracy and timeliness. Look at the outcomes of the program, then design the systems that enable business processes and the people who make that process happen every single day. We go back to why we are doing anything in the first place. Why do we need this change? What are we trying to accomplish? If we're trying to accomplish better service, a healthier community, and streamline processes so we are cost effective, then it leads us to modernizing our enterprise system and making sure that our people are prepared to be successful in using that system. Aligning to the organizational goals, or what we call the North Star, sets us up for success with the enterprise efforts and the human efforts. 

What can clients do to navigate some of the uncertainties of a modernization effort, and how can they prepare their staff for what's next? 

First articulate the goals or why you want the modernization, and build a foundation with aligned, and effective leaders. Assess the needs of the organization from a “social” or people perspective and a technical or systems perspective (note: BerryDunn uses a socio-technical systems design approach). Then, engage staff to develop a high-performance, team-based culture to improve lean processes. Design and develop the system to enable lean business processes and concurrently have operations design standard operating procedures, and develop the training needed to optimize the new system.  

Leaders must lead. If leaders are fragmented, if they are not effective communicators, if they do not have a sense of trust and connection with their workforce, then any change will be sub-optimized and probably will be a frustrating experience for all.  

If the workforce is in a place where staff live with suspicion or a lack of trust, or maybe some dysfunctional interpersonal skills, then they are not in a place to learn a new system. If you try to build a system based on a fragmented organizational structure or inconsistent processes, you will not achieve the potential of the modernization efforts and will limit how people view your enterprise system. The worst thing you can do is invest millions of dollars in the system based on a flawed organizational design or trying to get that system to just do what we've always done. 

By starting with building the foundation of engaging employees, not just to make people feel good, but also to help them understand how to improve their processes and build a positive workplace. Do we have the transparency in our data so that we understand what the actual problems are? Can employees articulate the North Star goals, the constraints, the reasons to update systems, then the organizations will have a pull for change as opposed to a push.

Medicaid agencies and other organizations can create a pull for change by engaging with their resources who can identify what gets in the way of serving the clients, i.e., what gets in the way of timeliness or adds redundancy or rework to the process. The first step is building that foundation, getting people leaning in, and understanding what's happening. By laying the foundation first, organizations help reduce the barriers between operations and systems, and ensure that they're working collaboratively toward organizational goals, always keeping the ‘why’ in mind and using measures to know when they are successful. 

How does a state focus on organization development when they are facing budget and staffing constraints? 

It is too easy to say, "invest in your people". In reality, the first thing that state Medicaid agencies or other organizations need do is redefine their sense of lean. Many inaccurately believe that lean means limited resources working really hard. Lean is tapping into the potential creativity and innovation of each staff member to look for ways to improve the process. Organizations should look at everything they do and ask “Does this add value to the end recipient of our service?” Even if I'm processing travel reimbursement requests, I still have a customer, I still have a need for timeliness and accuracy. If state Medicaid agencies can mobilize that type of focus with every single employee in their organization, they can achieve huge cost savings without the pain of cutting the workforce.   

In one state where BerryDunn’s organization development team provided this level and type of organizational transformation, there was a very deliberate focus on building this foundation prior to a large-scale system modernization.

By developing the leaders and training the employees in how to improve their processes, improve teamwork and trust, and align to the goal of a positive client experience, they were able to effectively implement the new system and seamlessly move to remote pandemic conditions. Once the state Medicaid agency had aligned the technical systems and the people systems to the organizational goals, they were successful and more resilient for future changes.   

You can learn more in Part II of our Outcomes and Organization Development podcast and article

If you have any questions, please contact our Medicaid consulting team. We're here to help.

Article
Outcomes and organization development 

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

Click on the title to listen to the companion podcast to this article, Medicaid Enterprise Systems certification: Outcomes and APD considerations

Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

How does the focus on outcomes impact the way states think about funding for their Medicaid Enterprise Systems (MESs)?

Outcomes are becoming an integral part of states’ MES modernization efforts. We can see this on display in recent preliminary CMS guidance. CMS has advised states to begin incorporating outcome statements and metrics into APDs, Requests for Proposals (RFPs), and supporting vendor contracts. 

Outcomes and metrics allow states and federal partners to have more informed discussions about the business needs that states hope to achieve with their Medicaid IT systems. APDs will likely take on a renewed importance as states incorporate outcomes and metrics to demonstrate the benefits of their Medicaid IT systems.

What does this renewed importance mean for states as they prepare their APD submissions?

As we’ve seen with initial OBC pilots, enhanced operations funding depends upon the system’s ability to satisfy certification outcomes and Key Performance Indicators (KPIs). 

Notably, states should also prepare to incorporate outcomes into all APD submissions—including updates to previously approved active APDs that did not identify outcomes in the most recent submission. 
 
This will likely apply to all stages of a project’s lifecycle—from system planning and procurement through operations. Before seeking funding for new IT systems, states should be able to effectively explain how the project would lead to tangible benefits and outcomes for the Medicaid program.

How do outcome statements align with and complement what we are seeing with outcomes-based or streamlined modular certification efforts?

Outcomes are making their way into funding and contracting vehicles and this really captures the scaling we discussed in our last conversation. States need to start thinking about reprocurement and modernization projects in terms of business goals, organizational development, and business process improvement and redesign. What will a state get out of the new technology that they do not get today? States need to focus more on the business needs and less on the technical requirements.

Interestingly, what we are starting to see is the idea that the certification outcomes are not going to be sufficient to warrant enhanced funding matches from CMS. Practically, this means states should begin thinking critically about want they want out of their Medicaid IT procurements as they look to charter those efforts. 

We have even started to see CMS return funding and contracting vehicles to states with guidance that the outcomes aren’t really sufficiently conveying what tangible benefit the state hopes to achieve. Part of this challenge is understanding what an outcome actually is. States are used to describing those technical requirements, but those are really system outputs, not program outcomes.

What exactly is an outcome and what should states know when developing meaningful outcomes?

As states begin developing outcomes for their Medicaid IT projects, it will be important to distinguish between outcomes and outputs for the Medicaid program. If you think about programs, broadly speaking, they aim to achieve a desired outcome by taking inputs and resources, performing activities, and generating outputs.

As a practical example, we can think about the benefits associated with health and exercise programs. If a person wants to improve their overall health and wellbeing, they could enroll in a health and exercise program. By doing so, this person would likely need to acquire new resources, like healthy foods and exercise equipment. To put those resources to good use, this person would need to engage in physical exercise and other activities. These resources and activities will likely, over time, lead to improved outputs in that person’s heart rate, body weight, mood, sleeping patterns, etc.
 
In this example, the desired outcome is to improve the person’s overall health and wellbeing. This person could monitor their progress by measuring their heart rates over time, the amount of sleep they receive each night, or fluctuations in their body weight—among others. These outputs and metrics all support the desired outcome; however, none of the outputs alone improves this person’s health and wellbeing.

States should think of outcomes as the big-picture benefits they hope to achieve for the Medicaid program. Sample outcomes could include improved eligibility determination accuracy, increased data accessibility for beneficiaries, and timely management of fraud, waste, and abuse.
 
By contrast, outputs should be thought of as the immediate, direct result of the Medicaid program’s activities. One example of an output might be the amount of time required to enroll providers after their initial application. To develop meaningful outcomes for their Medicaid program, states will need to identify big-picture benefits, rather than immediate results. With this is mind, states can develop outcomes to demonstrate the value of their Medicaid IT systems and identify outputs that help achieve their desired outcomes.

What are some opportunities states have in developing outcomes for their MES modernizations?

The opportunities really begin with business process improvement. States can begin by taking a critical look at their current state business processes and understanding where their challenges are. Payment and enrollment error rates or program integrity-related challenges may be obvious starting points; however, drilling down further into the day-to-day can give an even more informed understanding of your business needs. Do your staff end users have manual and/or duplicative processes or even process workarounds (e.g., entering the same data multiple times, entering data into one system that already exists in another, using spreadsheets to track information because the MES can’t accommodate a new program, etc.)? Is there a high level of redundancy? Some of those types of questions start to get at the heart of meaningful improvement.

Additionally, states need to be aware of the people side of change. The shift toward an outcomes-based environment is likely going to place greater emphasis on organizational change management and development. In that way, states can look at how they prepare their workforce to optimize these new technologies.

The certification landscape is seemingly changing weekly as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Outcomes and APD considerations

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

This article is based on the Outcomes-Based Certification scalability and project outcomes podcast:


Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

How might Outcomes-Based Certification (OBC) be applied to more complex areas of the Medicaid enterprise?

The question of scaling—that is, to apply the OBC process to more complex components while maintaining or increasing its level of efficiency—is an important next step in certification. OBC has been (or is being) scaled across the technical components of the MES in two primary ways. First, OBC has already successfully been scaled horizontally across similar but discrete components of the MES such as electronic visit verification (EVV), provider management, or pharmacy. The second, perhaps more interesting way we are seeing OBC scale is vertically. OBC—or what is now being referred to as Streamlined Modular Certification (SMC)—is now being scaled up and into larger and more complex components like financial management and claims processing. Beyond that, however, we are now seeing outcomes-based concepts scale a third way—across the Medicaid business.

How does the certification of one module impact the rest of the MES?

We are seeing CMS and states work through this question every day. What we know for sure is that each state is likely going to draw its own set of boxes around its business modules and service components based on its Medicaid business. Because modularity is only defined at a macro level, states have the freedom to work with their vendors to define the parameters of their modules. As a result, we have seen CMS work with states to define those boxes and in doing so, we are really seeing a three-layered approach.

The first layer represents the primary module a state is certifying. A primary module is that module that is responsible for all or most of a business process such as paying a claim. It is safe to assume that the most detailed evidence will come from the primary module. The second layer represents the module—or modules—that might not have responsibility for a business process, but provide functionality integral to that business process being performed successfully. Finally, the third layer represents the module—or modules—that feed data into the business process, but do little else when it comes to performing that business process. For the second and third layer, a state can likely expect to provide evidence that supports the successful transmission of data at a minimum. This is where we are seeing CMS and states work together to define that scope.

What is the role of business process improvement, organization development, and organizational change management in MES modernizations?

This is really the cornerstone of this fundamental shift in certification we have seen over the last 12-18 months. During the 2020 virtual Medicaid Enterprise Systems Conference (MESC), we saw that CMS appears to be signaling it is no longer going to readily accept modernization efforts that do not reflect tangible improvements to the Medicaid business. Think about it this way: a state will likely not be able to go to CMS to request enhanced funding simply because it can no longer renew its existing contract vehicles or it is trying to procure new technology that fails to represent a marked improvement over its legacy system. 

As a result, states need to start thinking about reprocurement and modernization projects in terms of organizational development and business process improvement and redesign. What will a state get out of the new technology that they do not get today? That’s the question that needs to be answered. States should begin to focus more on business needs and less on technical requirements. States are used to building a custom, monolithic enterprise, often referred to as a Medicaid Management Information System (MMIS). Today, vendors are bringing commercial-off-the-shelf (COTS) products that allow states to perform business processes more efficiently. In turn, states need to move away from attempting to prescribe how a system should perform and focus on what the system should do. That means less prescriptive requirements and more business-oriented thinking.

Additionally, the concept of outcomes management will become integral to a state’s Advance Planning Document (APD) requests, Request for Proposals (RFP) development, and certification. We are seeing that CMS is beginning to look for outcomes in procurement documents, which is leading states to look critically at what they want to achieve as they seek to charter new projects. One way that a state can effectively incorporate outcomes management into its project development is to identify an outcome owner responsible for achieving those outcomes.

The certification landscape is seemingly changing weekly, as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Scaling project outcomes

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

You can listen to the companion podcast to this article now:


Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline Medicaid Enterprise System (MES) certification. During this time, we have been fortunate enough to have been a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. 

What is outcomes-based certification (OBC)? 

OBC (or streamlined modular certification) is a fascinating evolution in MES certification. OBC represents a fundamental rethinking of certification and how we measure the success of system implementation and modernization efforts. The prior certification approach, as many know it, is centrally focused on technical capability, answering the question, “Can the system perform the required functions?” 

OBC represents a shift away from this technical certification and toward business process improvement, instead answering the question, “How is this new technology enhancing the Medicaid program?” Or, put differently, “Is this new technology helping my Medicaid program achieve its desired outcomes?” 

What are the key differences between the MECT and OBC? 

To understand the differences, we have to first talk about what isn’t changing. Technical criteria still exist, but only so far as CMS is confirming compliance with core regulatory and statutory requirements—including CMS’ Standards and Conditions. That’s about the extent of the similarities. In addition to pivoting to business process improvement, we understand that CMS is looking to generalize certification under this new approach, meaning that we wouldn’t see the same Medicaid Information Technology Architecture (MITA)-tied checklists like Provider Management, or Decision Support Systems. Instead, we might expect more generalized guidance that would allow for a more tailored certification. 

Additionally, OBC introduces outcomes statements which serve as the guiding principles for certification. Everything, including the technical criteria, roll-up into an outcome statement. This type of roll up might actually feel familiar, as we see a similar structure in how Medicaid Enterprise Certification Toolkit (MECT) criteria rolled up into critical success factors. 

The biggest difference, and the one states need to understand above all else, is the use of key performance indicators (KPIs). These KPIs aren’t just point-in-time certification measures, they are expected to be reported against regularly—say, quarterly—in order to maintain enhanced funding. Additionally, it’s likely that each criterion will have an associated KPI, meaning that states will continue to be accountable to these criteria long after the Certification Final Review. 

How are KPIs developed? 

We’ve seen KPIs developed in two ways. For more strategic, high level KPIs, CMS develops a baseline set of KPIs heading into collaborating with a state on an OBC effort. In these instances, CMS has historically sought input on whether those KPIs are reasonable and can be easily reported against. CMS articulates what it wants to measure conceptually, and works with a state to ensure that the KPI achieves that within the scope of a state’s program.  

For KPIs specific to a state’s Medicaid program, CMS engages with states to draft new KPIs. In these instances, we’ve seen CMS partner with states to understand the business need for the new system, how it fits into the Medicaid enterprise, and what the desired outcome of the particular approach is. 

What should states consider as they plan for MES procurements? 

While there might be many considerations pertaining to OBC and procurements, two are integral to success. First—as CMS noted in the virtual MESC session earlier this month—engage CMS at the idea stage of a project. Experience tells us that CMS is ready and willing to collaborate with—and incorporate the needs of—states that engage at this idea stage. That early collaboration will help shape the certification path. 

Second, consider program outcomes when conceptualizing the procurement. Keep these outcomes central to base procurement language, requirements, and service level agreements. We’re likely to see the need for states to incorporate these outcomes into contracts. 

What does this mean for MES modularity and scalability? 

Based on our current understanding of the generalization of certification, states, and subsequently the industry at large, will continue to refine what modularity means based on Medicaid program needs. Scalability represents an interesting question, as we’ve seen OBC scaled horizontally across smaller, discrete business areas like pharmacy or provider management. Now we’re seeing the beginnings of vertical scaling of a more streamlined certification approach to larger components of the enterprise, such as financial management and claims processing. 

The certification landscape is seemingly changing weekly as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Considerations for outcomes-based certification

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification effort.

On October 24, 2019, the Centers for Medicaid and Medicare Services (CMS) published the Outcomes-Based Certification (OBC) guidance for the Electronic Visit Verification (EVV) module. Now, CMS is looking to bring the OBC process to the rest of the Medicaid Enterprise. 

The shift from a technical-focused certification to a business outcome-focused approach presents a unique opportunity for states as they begin re-procuring—and certifying—their Medicaid Enterprise Systems (MES).

Once you have defined the scope of your MES project—and know you need to undertake CMS certification—you need to ask “what’s next?” OBC can be a more efficient certification process to secure Federal Financial Participation (FFP).

What does OBC certification entail?

Rethinking certification in terms of business outcomes will require agencies to engage business and operations units at the earliest possible point of the project development process to define the program goals and define what a successful implementation is. One way to achieve this is to consider MES projects in three steps. 

Three steps to OBC evaluation

Step 1: Define outcomes

The first step in OBC planning seems easy enough: define outcomes. But what is an outcome? To answer that, it’s important to understand what an outcome isn’t. An outcome isn’t an activity. Instead, an outcome is the result of the activity. For example, the activity could be procuring an EVV solution. In this instance, an outcome could be that the state has increased the ability to detect fraud, waste, and abuse through increased visibility into the EVV solution.

Step 2: Determine measurements

The second step in the OBC process is to determine what to measure and how exactly you will measure it. Deciding what metrics will accurately capture progress toward the new outcomes may be intuitive and therefore easy to define. For example, a measure might simply be that each visit is captured within the EVV solution.

Increasing the ability to detect fraud, waste, and abuse could simply be measured by the number of cases referred to a Medicaid fraud unit or dollars recovered. However, you may not be able to easily measure that in the short-term. Instead, you may need to determine its measurement in terms of an intermediate goal, like increasing the number of claims checked against new data as a result of the new EVV solution. By increasing the number of checked claims, states can ensure that claims are not being paid for unverified visits. 

Step 3: Frequency and reporting

Finally, the state will need to determine how often to report to measure success. States will need to consider the nuances of their own Medicaid programs and how those nuances fit into CMS’ expectations, including what data is available at what intervals.

OBC represents a fundamental change to the certification process, but it’s important to highlight that OBC isn’t completely unfamiliar territory. There is likely to be some carry-over from the certification process as described in the Medicaid Enterprise Certification Toolkit (MECT) version 2.3. The current Medicaid Enterprise Certification (MEC) checklists serve as the foundation for a more abbreviated set of criteria. New evaluation criteria will look and feel like the criteria of old but are likely to be a fraction of the 741 criteria present in the MECT version 2.3.

OBC offers several benefits to states as you navigate federal certification requirements:

  1. You will experience a reduction in the amount of time, effort, and resources necessary to undertake the certification process. 
  2. OBC refocuses procurement in terms of enhancements to the program, not in new functions. Consequently, states will also be able to demonstrate the benefits that each module brings to the program which can be integral to stakeholder support of each module. 
  3. Early adoption of the OBC process can allow you to play a more proactive role in certification efforts.

Continue to check back for a series of our project case studies. Additionally, if you are considering an OBC effort and have questions, please contact our team. You can read the OBC guidance on the CMS website here
 

Article
Three steps to outcomes-based certification

Read this if you use QuickBooks Online.

Let's talk about where records for products and services are used in QuickBooks Online.

To create a product or service record, you hover your mouse over Sales in the left vertical pane on the main page and click Products and services. Click New in the upper right corner and open a blank record for an Inventory or Non-inventory part, a Service, or a Bundle (assembly). Once you complete a record and save it, it will appear in the list back on the Product and services page.

Working with products and services

That’s where we’ll start today, on the Products and services screen. This is a comprehensive table, a dashboard (or home page) for your products and services. It displays real-time information about your items’ pricing and inventory levels, as well as their type and tax status. At the top of the page, you’ll see big, colorful buttons that provide a total of the number of items that are low on stock or out of stock. When you click on one, a list of those products appears.

QuickBooks Online’s Products and services page displays inventory levels and warns you when your stock is low and at zero.

Each row on this screen contains details about the item listed there, like Description, Sales Price and Cost, and Qty On Hand. If you look down at the end of the row, you’ll see options for several types of Actions: Edit, Make inactive, Run report, and Duplicate. Click the gear icon above the table to modify the columns in the table. 

The More menu at the top of the screen contains more options: Manage categories, Run reports, and Price rules. If you want to know what actions you can take on multiple items simultaneously, check the box in front of each and click the Batch actions menu, over to the right (Adjust quantity, Reorder, etc.).

Warning: Be very careful using the Adjust quantity option. There are legitimate reasons for employing it, but you need to make very sure that you understand how this will affect other areas of your accounting. Please ask us if you’re unsure.

Using products and services in transactions

Once you start using product and service records in transactions, you’ll see why we suggested that you create those early on and make them as comprehensive as possible. While you can add products and services in the process of creating an invoice, for example, it’s much easier if you have them ready to go.

Let’s look at a sales receipt to see how this works. Click +New in the upper right corner and select Sales receipt. Select a Customer in the first field and verify that the related fields on the form were filled out correctly. Check and make any changes necessary in the Sales receipt date, Payment method, and Deposit to fields. 

Once you’ve built up a list of products and services, they’ll be available when you create transactions.

Enter the Service Date, and then click the down arrow in the field under Product/Service. The top of the list has an entry labeled +Add new. Click it if you need to add a product or service on the fly, or just select the existing one that you want. QuickBooks Online will fill in the Rate, Amount, and Tax (status). You only have to enter the Qty (quantity) that you’re selling. 

If you have more items or services to add, you can do so on the next line(s). When you’re done, check the numbers in the lower right and save the transaction. QuickBooks Online will adjust your inventory to account for any items you just sold. You can see this change by going back to the Products and Services screen. Or you can run reports, including:

  • Sales by Product/Service
  • Product/Service List
  • Inventory Valuation Detail
  • Physical Inventory Worksheet

Supply chain woes?

It seems that the serious supply chain problems we were experiencing in previous months have eased up some, but you may still be having trouble stocking some items. We hope this isn’t affecting you too much. 

QuickBooks Online, though, can help ensure that you know ahead of time when you must reorder. Its inventory-tracking capabilities can also alert you to items that aren’t selling well, so you don’t get overstocked on anything. And the ability to pull up product and service records when you’re creating transactions saves time and keeps your inventory levels accurate. Please let the Outsourced Accounting team know if you need assistance with this element of your accounting or any of QuickBooks Online’s other tools.

Article
How QuickBooks Online tracks products and services

Read this if you are responsible for cybersecurity at your organization.

Cybersecurity threats aren’t just increasing in number—they’re also becoming more dangerous and expensive. Cyberattacks affect organizations around the globe, but the most expensive attacks occur in the US, where the average cost of a data breach is $9.44 million, according to IBM’s 2022 Cost of a Data Breach Report. The same report shows that the cost of a breach is $10.10 million in the healthcare industry, $5.97 million in the financial industry, $5.01 million in the pharmaceuticals industry, and $4.97 million in the technology industry.

Cyber threat actors are a serious danger to your company, and your customers, stakeholders, and shareholders know this. They expect you to be prepared to defend against and manage cybersecurity threats. How can you demonstrate your cybersecurity controls are up to par? By obtaining a SOC for cybersecurity report.

What is a SOC for cybersecurity report?

It provides an independent assessment of an organization’s cybersecurity risk management program. Specifically, it determines how effectively the organization’s internal controls monitor, prevent, and address cybersecurity threats.

What’s included in a SOC for cybersecurity report?

The report is made up of three key components:

  1. Management’s description of their cybersecurity risk management program, aligned with a control framework (more on that below) and 19 description criteria laid out by the AICPA.
  2. Management’s assertion that controls are effective to achieve cybersecurity objectives.
  3. Service auditor’s opinion on both management’s description and management’s assertion.

Why should you consider a SOC for cybersecurity report?

A SOC for cybersecurity report offers several important benefits for your organization, which include:

  • Align with evolving regulatory requirements. The cybersecurity regulatory environment is constantly evolving. In particular, the SEC’s cybersecurity guidelines are becoming stricter over time. A SOC for cybersecurity report can demonstrate you’re aligned with these guidelines. If you’re a public company or are considering going public in the future, you need to be prepared to meet not just the SEC’s guidelines of today, but their evolved guidelines in the future.
  • Keep your board of directors informed. Your board is responsible for ensuring the business is effectively addressing and mitigating risks—and that includes cyber risk. A SOC for cybersecurity report offers your board a clear and practical illustration of your organization’s cybersecurity risk management controls.
  • Attract and retain more customers. It’s becoming increasingly common for companies to require that their vendors have a SOC for cybersecurity report. Even for companies that don’t require such a report, it’s important to know their vendors are keeping their data safe. Having this report differentiates you from vendors who have not prepared one.
  • Improve your cybersecurity posture. A SOC for cybersecurity report can identify current gaps in your cybersecurity risk management program. Once you’ve addressed these gaps, you can show your customers, stakeholders, and shareholders that you’re continuously improving and evolving your cybersecurity risk management approach.

How do I prepare for my SOC for cybersecurity assessment?

There are several steps you should take to prepare for your assessment.

  1. Choose your control framework. You have several options, including the NIST Cybersecurity Framework, ISO 27002, and the Secure Controls Framework (SCF). There are multiple online resources to help you choose the framework that’s right for your organization.
  2. Determine who your key internal stakeholders are for your cybersecurity risk management program. You’ll need to select a point person to be responsible for ensuring the independent services auditor has all the documentation they need to complete their assessment and act as liaison across internal and external stakeholders.
  3. Collect all cybersecurity-related documentation in one location. Make sure you have an organizational system that makes sense to your point person so it’s easy for them to pull the appropriate materials to give to the independent services auditor.
  4. Conduct a readiness assessment. You can work with an independent services auditor to conduct such an assessment which will identify gaps you can address before performing the attestation.
  5. Select an independent services auditor to perform the attestation. SOC for cybersecurity services are provided by independent CPAs approved by the AICPA. Ideally, you’ll want to select a firm that is experienced in your industry, has a diverse and robust team of cybersecurity professionals, and is accessible when and where you need them.

As always, if you have questions about your specific situation or would like more information about SOC for cybersecurity services, please contact our IT security experts. We’re here to help.

Article
Yes, you need a SOC for cybersecurity report—here's why

Read this if you are at a Medicaid agency.

After attending this year’s NASHP Conference, I realized Seattle wasn’t the only gem I found. The city welcomed a record number of NASHP attendees, including many first timers, who brought with them a passion for the vital work they do to support Medicaid and health and human services agencies across the nation. Executive Director Tewarson led her first conference with finesse, and the entire conference exemplified her team’s passion and dedication to state health policy. 
 
The 35th annual conference was full of fresh ideas and a collaborative spirit. As I reflect over the three days of the conference, some ideas I am taking back to my team include:

  • Workforce challenges are here to stay—and are only becoming more severe, requiring states to rethink hiring, training, and staffing among healthcare providers at all levels. Actions to consider:
    • Work to help ensure we allocate appropriate funding for behavioral health and clinical staff. 
    • Encourage more diversity in the field. This means having more representation in the workforce for new hires to identify with, including recruiting and training staff, so they feel welcome and encouraged to join.
    • Increase support for highly skilled jobs like CNAs and childcare workers. Our system cannot work without these staff, and the skills they bring to the table are crucial to the field, developed over time, and indispensable.
    • Start planning now to address the potential loss of childcare dollars to avoid exacerbating the workforce shortage challenges.
    • Identify other ways to help the workforce with benefits and support that can go a long way toward recruiting and retaining experienced caregivers. 
  • Disparities in health equity were always there, and the pandemic laid them bare. 
    • We need to assess the impact of all initiatives to help ensure they aren’t creating additional health inequities and develop strategies to rectify existing barriers.
    • We should bring those experiencing health inequities to the table, listen to their struggles, and let them lead us to solutions.
    • We need to build a diverse workforce that will bring more voices and ideas into the room in this arena.
  • There is a lot of innovative work going on in child behavioral health that can impact outcomes:
    • Providing youth mental health first-aid training and trauma-informed training to school-based, nonclinical staff is crucial to addressing the children’s behavioral health crisis. Children spend so much time at school and build trust in teachers, bus drivers, custodians, and administrative staff.
    • Training school staff on the use of mobile crisis units to avoid children inappropriately becoming involved in the juvenile justice system or being treated in emergency rooms.
    • Putting clinical staff in schools, even via telehealth or part-time, has shown positive outcomes for child behavioral health.
  • We may not know when the Public Health Emergency will end. Still, we can spend this time developing and improving our plans for unwinding, setting consistent expectations with our members and meeting them where they are, developing strategies to make successful emergency provisions permanent, and engaging our legislatures now to prepare for the upcoming federal funding gap.
  • The most significant success factor in every session I attended was breaking down silos across health and human services agencies. We need to continue working across programs, agencies, and states to help ensure we are innovating, growing, and providing the best care for those our policies and programs serve.
  • Lastly, as a foster-adopt mom, I was heartened to hear the speakers consistently bring the topic back to focus on some of our most vulnerable youth: children in foster and kinship care and our justice-involved youth. The call to collaboration and partnerships across child welfare, juvenile justice, public health, county health departments, and Medicaid agencies to impact change was not lost on me, and I found my passion for improving our foster care system invigorated by the passion of those around me.

I am thankful for organizations like NASHP that help us come together to innovate and collaborate on the biggest problems facing our industry today. NASHP’s mission to support the development of policies that promote and sustain healthy people and communities, advance high-quality and affordable health care, and address health equity is needed now more than ever. The 2022 conference allowed us to collaborate and share innovations that can be used to help propel us in our essential work to improve the health and lives of the individuals we serve.
 
My biggest takeaway was that we are stronger when we work together. I’m excited to hear what your biggest takeaways were this year. It has energized me to continue this critical work to help Medicaid agencies improve the health and lives of our residents. I do not doubt that this group will take back all the lessons and work to improve the lives of the residents of their states, and we will all gather in Boston next year, excited to hear of all the new successes. See you next year!

Article
NASHP meets the Emerald City