Skip to Main Content

insightsarticles

Three steps to
outcomes-based
certification

12.04.19

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification effort.

On October 24, 2019, the Centers for Medicaid and Medicare Services (CMS) published the Outcomes-Based Certification (OBC) guidance for the Electronic Visit Verification (EVV) module. Now, CMS is looking to bring the OBC process to the rest of the Medicaid Enterprise. 

The shift from a technical-focused certification to a business outcome-focused approach presents a unique opportunity for states as they begin re-procuring—and certifying—their Medicaid Enterprise Systems (MES).

Once you have defined the scope of your MES project—and know you need to undertake CMS certification—you need to ask “what’s next?” OBC can be a more efficient certification process to secure Federal Financial Participation (FFP).

What does OBC certification entail?

Rethinking certification in terms of business outcomes will require agencies to engage business and operations units at the earliest possible point of the project development process to define the program goals and define what a successful implementation is. One way to achieve this is to consider MES projects in three steps. 

Three steps to OBC evaluation

Step 1: Define outcomes

The first step in OBC planning seems easy enough: define outcomes. But what is an outcome? To answer that, it’s important to understand what an outcome isn’t. An outcome isn’t an activity. Instead, an outcome is the result of the activity. For example, the activity could be procuring an EVV solution. In this instance, an outcome could be that the state has increased the ability to detect fraud, waste, and abuse through increased visibility into the EVV solution.

Step 2: Determine measurements

The second step in the OBC process is to determine what to measure and how exactly you will measure it. Deciding what metrics will accurately capture progress toward the new outcomes may be intuitive and therefore easy to define. For example, a measure might simply be that each visit is captured within the EVV solution.

Increasing the ability to detect fraud, waste, and abuse could simply be measured by the number of cases referred to a Medicaid fraud unit or dollars recovered. However, you may not be able to easily measure that in the short-term. Instead, you may need to determine its measurement in terms of an intermediate goal, like increasing the number of claims checked against new data as a result of the new EVV solution. By increasing the number of checked claims, states can ensure that claims are not being paid for unverified visits. 

Step 3: Frequency and reporting

Finally, the state will need to determine how often to report to measure success. States will need to consider the nuances of their own Medicaid programs and how those nuances fit into CMS’ expectations, including what data is available at what intervals.

OBC represents a fundamental change to the certification process, but it’s important to highlight that OBC isn’t completely unfamiliar territory. There is likely to be some carry-over from the certification process as described in the Medicaid Enterprise Certification Toolkit (MECT) version 2.3. The current Medicaid Enterprise Certification (MEC) checklists serve as the foundation for a more abbreviated set of criteria. New evaluation criteria will look and feel like the criteria of old but are likely to be a fraction of the 741 criteria present in the MECT version 2.3.

OBC offers several benefits to states as you navigate federal certification requirements:

  1. You will experience a reduction in the amount of time, effort, and resources necessary to undertake the certification process. 
  2. OBC refocuses procurement in terms of enhancements to the program, not in new functions. Consequently, states will also be able to demonstrate the benefits that each module brings to the program which can be integral to stakeholder support of each module. 
  3. Early adoption of the OBC process can allow you to play a more proactive role in certification efforts.

Continue to check back for a series of our project case studies. Additionally, if you are considering an OBC effort and have questions, please contact our team. You can read the OBC guidance on the CMS website here
 

Related Industries

Related Professionals

Principals

BerryDunn experts and consultants

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

You can listen to the companion podcast to this article, Organization development: Shortcuts for states to consider, here: 

Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

What organization development (OD) shortcuts can state Medicaid agencies consider when faced with competing priorities and challenges such as Medicaid modernization projects in flight, staffing shortages, and a retiring workforce?

The shortcuts include rapid development and understanding of the “why”. This requires the courage to challenge assumptions, especially around transparency, to allow for a consistent understanding of the needs, data, environment, and staff members’ role in impacting the health of the people served by a state’s Medicaid program. To rapidly gain an understanding of the “why”, state Medicaid agencies should:

  1. Accelerate the transparency of information and use of data in ways that lead to a collective understanding of the “why”. Accelerating a collective understanding of the why requires improved communication mechanisms. 
  2. Invest time to connect with staff. The insistence, persistence, and consistency of leaders to stay connected to their workforce will help keep the focus on the “why” and build a shared sense of connection and purpose among teams.
  3. Create the standard that planning involves all stakeholders (e.g., policy, operations, systems staff, etc.) and focus on building consensus and alignment throughout the organization. During planning, identify answers to the following questions: What are we trying to achieve, what are the outcomes, and what is the vision for what we are trying to do?
  4. Question any fragmentation. For example, if there is a hiring freeze, several staff are retiring, and demand is increasing, it is a good idea to think about how the organization manages people. Question boundaries related to your staff and the business processes they perform (e.g., some staff can only complete a portion of a business process because of a job classification). Look at ways to broaden the expectations of staff, eliminate unnecessary handoffs, and expect development. Leaders and teams work together to build a culture that is vision-driven, data-informed, and values-based.

What are some considerations when organizations are defining program outcomes and the “why” behind what they are doing? 

Keep in mind that designing system requirements is not the same as designing program outcomes. System requirements need to be able to deliver the outcomes and the information the organization needs. With something like a Medicaid Enterprise System (MES) modernization project, outcomes are what follow because of a successful project or series of projects. For example, a state Medicaid agency looking to improve access to care might develop an outcome focused on enabling the timely and accurate screening and revalidation for Medicaid providers. 

Next, keeping with the improving access to care example, state Medicaid agencies should define and communicate the roles technology and staff play in helping achieve the desired outcome and continue communicating and helping staff understand the “why”. In Medicaid we impact people’s lives, and that makes it easy to find the heart. Helping staff connect their own motivation and find meaning in achieving an outcome is key to help ensure project success and realize desired outcomes. 

Program outcomes represents one of the six major categories related to organizational health: 

  1. Leadership
  2. Strategy
  3. Workforce
  4. Operations and process improvement 
  5. Person-centered service
  6. Program outcomes

Focusing on these six key areas during the analysis, planning, development, and integration will help organizations improve performance, increase their impact, and achieve program outcomes. Reach out to the BerryDunn’s Medicaid and Organization Development consulting team for more information about how organization develop can help your Medicaid agency.
 

Article
Outcomes and organization development, part II

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts. 

The companion podcast to this article, Organization development: Preparing for Medicaid Enterprise Systems (MES) modernization, can be found in our virtual library.  


What is organization development (OD)? 

The purpose of OD is to improve organizational performance and outcomes. OD focuses on improving an organization’s capability through the alignment of strategy, structure, people, rewards, systems, metrics, and management processes.  

OD is a science-backed, interdisciplinary field rooted in psychology, culture, innovation, social sciences, quality management, project management, adult learning, human resource management, change management, organization behavior, and research analysis and design, among others.  

OD typically starts with a clear sense of mission, vision, and values that answers the question “what we are trying to be?” OD develops the culture and behaviors that reflect the organizational values.  

OD facilitates the transformation of the workplace culture to become strategic, meaning: vision-driven, values-based, and goals-aligned. This may include talent development for leaders and staff and redesigning organizational infrastructure. 

What is the scope of an OD effort? 

OD efforts are most effective when they encompass the entire organization becoming the basis for a strategic plan. OD can be just as effective when applied to a MES modernization project. In this application of OD, we facilitate stakeholder engagement with the intent of person-centered service, concurrent design for operations, processes, and training side-by-side with the systems design and development. This approach is also referred to as human-centered design (HCD).  

Regardless of the scope, OD reinforces benchmarks of high-performance organizations including: 

  • Transparent and data-informed decision making 
  • Developed leadership building connections with consistent expectations 
  • Culture of continuous improvement and innovation 
  • Team-based success and ownership for outcomes 
  • Person-centered service 

What does OD look like in action? 

We facilitate leaders to assess their organization through the eyes of stakeholders, particularly staff and people served. Collaboratively, with no blame or shame, the leaders articulate where they are today and where they need to be in the future, and build a roadmap or strategic plan to get there. In the assessment and roadmap we use the following six focal points of the organization:  

  • Excellent leadership 
  • Effective strategy 
  • A workforce that is confident, competent, consistent, and compassionate 
  • Quality operations and process improvement 
  • Person-centered service that results in a positive client experience 
  • Quality program outcomes for the communities served 

The roadmap or strategic plan typically includes talent development, and redesign of the infrastructure, including structure, processes, communication mechanisms, performance management processes, deployment of resources, and job skills development approaches.  

Talent development ensures that your leaders are aligned, prepared, and most importantly leading and inspiring their people toward that vision and the development of the workforce. Talent development provides staff with the skills, knowledge, and abilities needed, and reinforces positive attitudes, beliefs, and willingness to work together towards common goals. This might also include restructuring business process redesign, it might include expanding roles or shifting roles.  

Principles of lean are an important component of organization development when redesigning processes and helps organizations, such as state Medicaid agencies, do more with the current resources. With so many constraints placed on organizations, the lean approach is a critical component of optimizing existing resources and finding cost savings through changing “what we do” and “how we do it”, as opposed to cutting “what we do” or “changing who does it”. Resource optimization is just one of the benefits of organization development. 

Why is it important to redesign your organization and develop your staff when you're implementing a new technology system, such as a new Medicaid Enterprise System module? 

For state Medicaid Agencies, the organization goal isn't to modernize a system, the goal is for competent and compassionate staff serving clients and providers to improve health and wellness in our communities. Our goal is streamlined processes that improve accuracy and timeliness. Look at the outcomes of the program, then design the systems that enable business processes and the people who make that process happen every single day. We go back to why we are doing anything in the first place. Why do we need this change? What are we trying to accomplish? If we're trying to accomplish better service, a healthier community, and streamline processes so we are cost effective, then it leads us to modernizing our enterprise system and making sure that our people are prepared to be successful in using that system. Aligning to the organizational goals, or what we call the North Star, sets us up for success with the enterprise efforts and the human efforts. 

What can clients do to navigate some of the uncertainties of a modernization effort, and how can they prepare their staff for what's next? 

First articulate the goals or why you want the modernization, and build a foundation with aligned, and effective leaders. Assess the needs of the organization from a “social” or people perspective and a technical or systems perspective (note: BerryDunn uses a socio-technical systems design approach). Then, engage staff to develop a high-performance, team-based culture to improve lean processes. Design and develop the system to enable lean business processes and concurrently have operations design standard operating procedures, and develop the training needed to optimize the new system.  

Leaders must lead. If leaders are fragmented, if they are not effective communicators, if they do not have a sense of trust and connection with their workforce, then any change will be sub-optimized and probably will be a frustrating experience for all.  

If the workforce is in a place where staff live with suspicion or a lack of trust, or maybe some dysfunctional interpersonal skills, then they are not in a place to learn a new system. If you try to build a system based on a fragmented organizational structure or inconsistent processes, you will not achieve the potential of the modernization efforts and will limit how people view your enterprise system. The worst thing you can do is invest millions of dollars in the system based on a flawed organizational design or trying to get that system to just do what we've always done. 

By starting with building the foundation of engaging employees, not just to make people feel good, but also to help them understand how to improve their processes and build a positive workplace. Do we have the transparency in our data so that we understand what the actual problems are? Can employees articulate the North Star goals, the constraints, the reasons to update systems, then the organizations will have a pull for change as opposed to a push.

Medicaid agencies and other organizations can create a pull for change by engaging with their resources who can identify what gets in the way of serving the clients, i.e., what gets in the way of timeliness or adds redundancy or rework to the process. The first step is building that foundation, getting people leaning in, and understanding what's happening. By laying the foundation first, organizations help reduce the barriers between operations and systems, and ensure that they're working collaboratively toward organizational goals, always keeping the ‘why’ in mind and using measures to know when they are successful. 

How does a state focus on organization development when they are facing budget and staffing constraints? 

It is too easy to say, "invest in your people". In reality, the first thing that state Medicaid agencies or other organizations need do is redefine their sense of lean. Many inaccurately believe that lean means limited resources working really hard. Lean is tapping into the potential creativity and innovation of each staff member to look for ways to improve the process. Organizations should look at everything they do and ask “Does this add value to the end recipient of our service?” Even if I'm processing travel reimbursement requests, I still have a customer, I still have a need for timeliness and accuracy. If state Medicaid agencies can mobilize that type of focus with every single employee in their organization, they can achieve huge cost savings without the pain of cutting the workforce.   

In one state where BerryDunn’s organization development team provided this level and type of organizational transformation, there was a very deliberate focus on building this foundation prior to a large-scale system modernization.

By developing the leaders and training the employees in how to improve their processes, improve teamwork and trust, and align to the goal of a positive client experience, they were able to effectively implement the new system and seamlessly move to remote pandemic conditions. Once the state Medicaid agency had aligned the technical systems and the people systems to the organizational goals, they were successful and more resilient for future changes.   

If you have any questions, please contact our Medicaid consulting team. We're here to help.

Article
Outcomes and organization development 

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

Click on the title to listen to the companion podcast to this article, Medicaid Enterprise Systems certification: Outcomes and APD considerations

Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

How does the focus on outcomes impact the way states think about funding for their Medicaid Enterprise Systems (MESs)?

Outcomes are becoming an integral part of states’ MES modernization efforts. We can see this on display in recent preliminary CMS guidance. CMS has advised states to begin incorporating outcome statements and metrics into APDs, Requests for Proposals (RFPs), and supporting vendor contracts. 

Outcomes and metrics allow states and federal partners to have more informed discussions about the business needs that states hope to achieve with their Medicaid IT systems. APDs will likely take on a renewed importance as states incorporate outcomes and metrics to demonstrate the benefits of their Medicaid IT systems.

What does this renewed importance mean for states as they prepare their APD submissions?

As we’ve seen with initial OBC pilots, enhanced operations funding depends upon the system’s ability to satisfy certification outcomes and Key Performance Indicators (KPIs). 

Notably, states should also prepare to incorporate outcomes into all APD submissions—including updates to previously approved active APDs that did not identify outcomes in the most recent submission. 
 
This will likely apply to all stages of a project’s lifecycle—from system planning and procurement through operations. Before seeking funding for new IT systems, states should be able to effectively explain how the project would lead to tangible benefits and outcomes for the Medicaid program.

How do outcome statements align with and complement what we are seeing with outcomes-based or streamlined modular certification efforts?

Outcomes are making their way into funding and contracting vehicles and this really captures the scaling we discussed in our last conversation. States need to start thinking about reprocurement and modernization projects in terms of business goals, organizational development, and business process improvement and redesign. What will a state get out of the new technology that they do not get today? States need to focus more on the business needs and less on the technical requirements.

Interestingly, what we are starting to see is the idea that the certification outcomes are not going to be sufficient to warrant enhanced funding matches from CMS. Practically, this means states should begin thinking critically about want they want out of their Medicaid IT procurements as they look to charter those efforts. 

We have even started to see CMS return funding and contracting vehicles to states with guidance that the outcomes aren’t really sufficiently conveying what tangible benefit the state hopes to achieve. Part of this challenge is understanding what an outcome actually is. States are used to describing those technical requirements, but those are really system outputs, not program outcomes.

What exactly is an outcome and what should states know when developing meaningful outcomes?

As states begin developing outcomes for their Medicaid IT projects, it will be important to distinguish between outcomes and outputs for the Medicaid program. If you think about programs, broadly speaking, they aim to achieve a desired outcome by taking inputs and resources, performing activities, and generating outputs.

As a practical example, we can think about the benefits associated with health and exercise programs. If a person wants to improve their overall health and wellbeing, they could enroll in a health and exercise program. By doing so, this person would likely need to acquire new resources, like healthy foods and exercise equipment. To put those resources to good use, this person would need to engage in physical exercise and other activities. These resources and activities will likely, over time, lead to improved outputs in that person’s heart rate, body weight, mood, sleeping patterns, etc.
 
In this example, the desired outcome is to improve the person’s overall health and wellbeing. This person could monitor their progress by measuring their heart rates over time, the amount of sleep they receive each night, or fluctuations in their body weight—among others. These outputs and metrics all support the desired outcome; however, none of the outputs alone improves this person’s health and wellbeing.

States should think of outcomes as the big-picture benefits they hope to achieve for the Medicaid program. Sample outcomes could include improved eligibility determination accuracy, increased data accessibility for beneficiaries, and timely management of fraud, waste, and abuse.
 
By contrast, outputs should be thought of as the immediate, direct result of the Medicaid program’s activities. One example of an output might be the amount of time required to enroll providers after their initial application. To develop meaningful outcomes for their Medicaid program, states will need to identify big-picture benefits, rather than immediate results. With this is mind, states can develop outcomes to demonstrate the value of their Medicaid IT systems and identify outputs that help achieve their desired outcomes.

What are some opportunities states have in developing outcomes for their MES modernizations?

The opportunities really begin with business process improvement. States can begin by taking a critical look at their current state business processes and understanding where their challenges are. Payment and enrollment error rates or program integrity-related challenges may be obvious starting points; however, drilling down further into the day-to-day can give an even more informed understanding of your business needs. Do your staff end users have manual and/or duplicative processes or even process workarounds (e.g., entering the same data multiple times, entering data into one system that already exists in another, using spreadsheets to track information because the MES can’t accommodate a new program, etc.)? Is there a high level of redundancy? Some of those types of questions start to get at the heart of meaningful improvement.

Additionally, states need to be aware of the people side of change. The shift toward an outcomes-based environment is likely going to place greater emphasis on organizational change management and development. In that way, states can look at how they prepare their workforce to optimize these new technologies.

The certification landscape is seemingly changing weekly as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Outcomes and APD considerations

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

This article is based on the Outcomes-Based Certification scalability and project outcomes podcast:


Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

How might Outcomes-Based Certification (OBC) be applied to more complex areas of the Medicaid enterprise?

The question of scaling—that is, to apply the OBC process to more complex components while maintaining or increasing its level of efficiency—is an important next step in certification. OBC has been (or is being) scaled across the technical components of the MES in two primary ways. First, OBC has already successfully been scaled horizontally across similar but discrete components of the MES such as electronic visit verification (EVV), provider management, or pharmacy. The second, perhaps more interesting way we are seeing OBC scale is vertically. OBC—or what is now being referred to as Streamlined Modular Certification (SMC)—is now being scaled up and into larger and more complex components like financial management and claims processing. Beyond that, however, we are now seeing outcomes-based concepts scale a third way—across the Medicaid business.

How does the certification of one module impact the rest of the MES?

We are seeing CMS and states work through this question every day. What we know for sure is that each state is likely going to draw its own set of boxes around its business modules and service components based on its Medicaid business. Because modularity is only defined at a macro level, states have the freedom to work with their vendors to define the parameters of their modules. As a result, we have seen CMS work with states to define those boxes and in doing so, we are really seeing a three-layered approach.

The first layer represents the primary module a state is certifying. A primary module is that module that is responsible for all or most of a business process such as paying a claim. It is safe to assume that the most detailed evidence will come from the primary module. The second layer represents the module—or modules—that might not have responsibility for a business process, but provide functionality integral to that business process being performed successfully. Finally, the third layer represents the module—or modules—that feed data into the business process, but do little else when it comes to performing that business process. For the second and third layer, a state can likely expect to provide evidence that supports the successful transmission of data at a minimum. This is where we are seeing CMS and states work together to define that scope.

What is the role of business process improvement, organization development, and organizational change management in MES modernizations?

This is really the cornerstone of this fundamental shift in certification we have seen over the last 12-18 months. During the 2020 virtual Medicaid Enterprise Systems Conference (MESC), we saw that CMS appears to be signaling it is no longer going to readily accept modernization efforts that do not reflect tangible improvements to the Medicaid business. Think about it this way: a state will likely not be able to go to CMS to request enhanced funding simply because it can no longer renew its existing contract vehicles or it is trying to procure new technology that fails to represent a marked improvement over its legacy system. 

As a result, states need to start thinking about reprocurement and modernization projects in terms of organizational development and business process improvement and redesign. What will a state get out of the new technology that they do not get today? That’s the question that needs to be answered. States should begin to focus more on business needs and less on technical requirements. States are used to building a custom, monolithic enterprise, often referred to as a Medicaid Management Information System (MMIS). Today, vendors are bringing commercial-off-the-shelf (COTS) products that allow states to perform business processes more efficiently. In turn, states need to move away from attempting to prescribe how a system should perform and focus on what the system should do. That means less prescriptive requirements and more business-oriented thinking.

Additionally, the concept of outcomes management will become integral to a state’s Advance Planning Document (APD) requests, Request for Proposals (RFP) development, and certification. We are seeing that CMS is beginning to look for outcomes in procurement documents, which is leading states to look critically at what they want to achieve as they seek to charter new projects. One way that a state can effectively incorporate outcomes management into its project development is to identify an outcome owner responsible for achieving those outcomes.

The certification landscape is seemingly changing weekly, as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Scaling project outcomes

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

You can listen to the companion podcast to this article now:


Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline Medicaid Enterprise System (MES) certification. During this time, we have been fortunate enough to have been a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. 

What is outcomes-based certification (OBC)? 

OBC (or streamlined modular certification) is a fascinating evolution in MES certification. OBC represents a fundamental rethinking of certification and how we measure the success of system implementation and modernization efforts. The prior certification approach, as many know it, is centrally focused on technical capability, answering the question, “Can the system perform the required functions?” 

OBC represents a shift away from this technical certification and toward business process improvement, instead answering the question, “How is this new technology enhancing the Medicaid program?” Or, put differently, “Is this new technology helping my Medicaid program achieve its desired outcomes?” 

What are the key differences between the MECT and OBC? 

To understand the differences, we have to first talk about what isn’t changing. Technical criteria still exist, but only so far as CMS is confirming compliance with core regulatory and statutory requirements—including CMS’ Standards and Conditions. That’s about the extent of the similarities. In addition to pivoting to business process improvement, we understand that CMS is looking to generalize certification under this new approach, meaning that we wouldn’t see the same Medicaid Information Technology Architecture (MITA)-tied checklists like Provider Management, or Decision Support Systems. Instead, we might expect more generalized guidance that would allow for a more tailored certification. 

Additionally, OBC introduces outcomes statements which serve as the guiding principles for certification. Everything, including the technical criteria, roll-up into an outcome statement. This type of roll up might actually feel familiar, as we see a similar structure in how Medicaid Enterprise Certification Toolkit (MECT) criteria rolled up into critical success factors. 

The biggest difference, and the one states need to understand above all else, is the use of key performance indicators (KPIs). These KPIs aren’t just point-in-time certification measures, they are expected to be reported against regularly—say, quarterly—in order to maintain enhanced funding. Additionally, it’s likely that each criterion will have an associated KPI, meaning that states will continue to be accountable to these criteria long after the Certification Final Review. 

How are KPIs developed? 

We’ve seen KPIs developed in two ways. For more strategic, high level KPIs, CMS develops a baseline set of KPIs heading into collaborating with a state on an OBC effort. In these instances, CMS has historically sought input on whether those KPIs are reasonable and can be easily reported against. CMS articulates what it wants to measure conceptually, and works with a state to ensure that the KPI achieves that within the scope of a state’s program.  

For KPIs specific to a state’s Medicaid program, CMS engages with states to draft new KPIs. In these instances, we’ve seen CMS partner with states to understand the business need for the new system, how it fits into the Medicaid enterprise, and what the desired outcome of the particular approach is. 

What should states consider as they plan for MES procurements? 

While there might be many considerations pertaining to OBC and procurements, two are integral to success. First—as CMS noted in the virtual MESC session earlier this month—engage CMS at the idea stage of a project. Experience tells us that CMS is ready and willing to collaborate with—and incorporate the needs of—states that engage at this idea stage. That early collaboration will help shape the certification path. 

Second, consider program outcomes when conceptualizing the procurement. Keep these outcomes central to base procurement language, requirements, and service level agreements. We’re likely to see the need for states to incorporate these outcomes into contracts. 

What does this mean for MES modularity and scalability? 

Based on our current understanding of the generalization of certification, states, and subsequently the industry at large, will continue to refine what modularity means based on Medicaid program needs. Scalability represents an interesting question, as we’ve seen OBC scaled horizontally across smaller, discrete business areas like pharmacy or provider management. Now we’re seeing the beginnings of vertical scaling of a more streamlined certification approach to larger components of the enterprise, such as financial management and claims processing. 

The certification landscape is seemingly changing weekly as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Considerations for outcomes-based certification

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification effort.

Measuring performance of Medicaid Enterprise Systems (MES) is emerging as the next logical step in moving Medicaid programs toward modularity. As CMS continues to refine and implement outcomes-based modular certification, it is critical that states adapt to this next step in order to continue to meet CMS funding requirements.

This measurement, in terms of program outcomes, presents a unique set of challenges, many of which a state may not have considered before. A significant challenge is determining how and where to begin measuring program outcomes―to meet it, states can leverage a trusted, independent partner as they undertake an outcomes-based effort.

Outcomes-based planning can be thought of as a three-step process. First, and perhaps most fundamental, is to define outcomes. Second, you need to determine what measurements will demonstrate progress toward achieving those outcomes. And the final step is to create reporting measurements and their frequency. Your independent partner can help you answer these critical questions and meet CMS requirements efficiently by objectively guiding you toward realizing your goals.

  1. Defining Outcomes
    When defining an outcome, it is important to understand what it is and what it isn’t. An outcome is a benefit or added value to the Medicaid program. It is not an output, which is a new or enhanced function of a new MES module. An output is the product that supports the outcome. For example, the functionality of a new Program Integrity (PI) module represents an output. The outcome of the new PI module could be that the Medicaid program continuously improves based on data available because of the new PI module. Some outcomes may be intuitive or obvious. Others may not be as easy to articulate. Regardless, you need to direct the focus of your state and solution vendor teams on the outcome to uncover what the underlying goal of your Medicaid program is.
     
  2. Determining Measurements
    The second step is to measure progress. Well-defined Key Performance Indicators (KPIs) will accurately capture progress toward these newly defined outcomes. Your independent partner can play a key role by posing questions to help ensure the measurements you consider align with CMS’ goals and objectives. Additionally, they can validate the quality of the data to ensure accuracy of all measurements, again helping to meet CMS requirements.
     
  3. Reporting Measurements
    Finally, your state must decide how―and how often―to report on outcomes-based measurements. Your independent partner can collaborate with both your state and CMS by facilitating conversations to determine how you should report, based on a Medicaid program’s nuances and CMS’ goals. This can help ensure the measurements (and support information) you present to CMS are useful and reliable, giving you the best chance for attaining modular certification.

Are you considering an outcomes-based CMS modular certification, or do you have questions about how to best leverage an independent partner to succeed with your outcomes-based modular certification effort? BerryDunn’s extensive experience as an independent IV&V and Project Management Office (PMO) partner includes the first pilot outcomes-based certification effort with CMS. Please visit our IV&V and certification experts at our booth at MESC 2019 or contact our team now.

Article
Three steps to measure Medicaid Enterprise Systems outcomes

Read this if you are a division of motor vehicles, or interested in mDLs.

Successful acquisition and implementation of a mobile driver’s license (mDL) program requires knowledge of the specific functional needs mDLs must satisfy to help ensure mDL programs provide security and convenience to mDL holders. These functional needs span mDL-reading equipment, issuing authorities (e.g., departments of motor vehicles), law enforcement and other mDL-reading establishments, and mDLs themselves.  

Per the American Association of Motor Vehicle Administrators (AAMVA) Functional Needs White Paper, functional needs span eight broad categories: operations, trust, identity, cross-jurisdictional/vendor use, data privacy, remote management, ease of use, and other. The table below organizes these categories, briefly explains associated functional needs, and assigns a level of criticality to each functional need. Critical functionality must be accommodated by mDL programs in some manner. Desired functionality is optional, but heavily encouraged.

Table 1: Key Terms and Definitions
mDL Functional Needs Breakdown
Category Description Required/Desired
Operation – Online and Offline mDL holders must be able to validate their identity when either the mDL holder, the mDL reader, or both lack access to the internet.  At a minimum, offline use must allow citizens to confirm their identities, driving privileges, age, and residence. Critical
Operation – Attended mDL holders and mDL-reading establishments must be physically present when an mDL holder’s identity is established as credible, typically using the mDL portrait image. Critical
Operation – Unattended mDLs must function when the mDL-reading establishment is not present during a transaction with an mDL holder. Desired
Trust mDL holders must be able to establish that data comprising the mDL was issued by the relevant issuer and that information has not been changed, unless via an update through the relevant issuer. Critical
Trust mDL-reading establishments must employ readers they trust to obtain and validate information from mDLs. Critical
Identity – Portrait Image mDLs must have portrait image of the mDL holder. Critical
Identity – Portrait Image mDLs must have the ability to retrieve the portrait image from the issuing jurisdiction using a one-time token. Critical
Identity – Portrait Image mDL readers must read portrait images from mDLs, retrieve it from the issuing jurisdiction, and display the image. Critical
Identity – Portrait Image Law enforcement must have mobile mDL readers in order to review the mDL portrait image and mDL holder simultaneously. Desired
Identity – Biometric mDL-reading establishments must have trusted equipment to obtain the mDL holder’s biometric information. Desired
Identity – Biometric mDLs and readers must support a one-to-one  comparison of the mDL and holder biometric information, executed by the mDL-reading establishment or mDL issuer. Desired
Identity – PIN mDLs must support the use of a personal identification number (PIN) to authenticate the legitimacy of an mDL and its holder. Critical
Identity – PIN mDL holders must trust that mDL readers will not compromise their PIN when entering it.

mDL readers must trust that the PIN accurately validates mDL holder information when the authentication process occurs on the mDL holder’s device.
Critical
Cross-Jurisdictional & Vendor Use mDL readers must be able to read mDLs from multiple issuing jurisdictions and multiple vendors. Critical
Cross-Jurisdictional & Vendor Use mDLs require interfacing with the relevant issuer, with the ability to control how mDL data is uploaded to holder devices and updated. Critical
Cross-Jurisdictional & Vendor Use mDLs require in-real-time interfacing with the holder’s device and the reader. Critical
Data Privacy As with physical DLs, mDLs require a process for granting holder consent prior to information release. Critical
Data Privacy mDL holders must be able to release selective information (e.g., age, driving credentials) without releasing all personal information stored on the mDL (data minimization). Critical
Data Privacy Issuing authorities must be able to allow unrestricted access to an mDL, without the holder’s consent, in cases where the holder is unconscious, nonresponsive, etc., e.g., following a major car accident, law enforcement might need to verify whether an individual is an organ donor. Desired
Data Privacy mDLs must be linkable to the government-related transactions they are used for (e.g., interacting with the DMV, law enforcement), allowing local and state officials to review the history of transactions related to a specific mDL. Desired
Data Privacy mDLs must be unlinkable from the private-industry transactions they are used for, preventing mDL-reading establishments from tying mDL holders to specific transactions. Desired
Data Privacy The mDL should grant the mDL holder visibility into all personal data contained in the mDL. Critical
Remote mDL Management1 mDL issuing authorities must have the ability to perform the following actions to mDLs remotely:
  • Add, update, and revoke (temporarily and permanently) driving privileges.
  • Update the application storing the mDL.
  • Revoke the mDL entirely (in the case of suspected fraud)
Critical
Remote mDL Management mDL holders must have the ability to remotely update their mDL data, including revoking their mDL in the case of a lost or stolen mDL. Critical
Remote mDL Management mDLs with combined offline/online functionality must expire should the mDL holder not connect their mDL to issuer’s system within a defined period of time. Critical
Remote mDL Management mDLs must support the ability to be returned to the issuer prior to the issue of a new mDL to a holder.

mDLs must support the ability to be returned to the issuer, marked as void, and returned to the holder prior to the issue of a new mDL to the holder.
Optional
Remote mDL Management mDLs must allow law enforcement officers from a holder’s home jurisdiction to suspend a holder’s mDL under specified circumstances. Critical
Remote mDL Management mDLs must support the ability for issuing authorities to change mDLs to IDs (in the case of driving privilege revocation) and change IDs to mDLs (when driving privileges are gained). Desired
Remote mDL Management mDLs must support the ability to transfer devices, either online (desired) or by visiting issuing authorities in person (critical). Desired/Critical
Ease of Use mDLs must not require mDL-reading establishments to handle the mDL holder’s device during a transaction. Critical
Ease of Use mDLs must operate during different weather conditions (rain, snow, intense sunlight, etc.) Desired
Ease of Use mDLs must function at all times, regardless of the level of ambient light. Critical
Ease of Use mDLs must function in various environments (office, traffic stop, etc.) Critical
Ease of Use mDLs must minimize the amount and cost of additional equipment that law enforcement and other mDL-reading establishments require when processing mDL transactions. Desired
Other – Processing     Time mDL readers must be able to process an mDL transaction with comparable time to physical DL transactions. Critical
Other – Non-reliance on Device Security by Consumer mDL readers must be able to authenticate mDL data without relying on the security of an mDL holder’s device (e.g., biometric readers). Critical

1Remote mDL management assumes at least a partial level of online mDL functionality. mDLs cannot be remotely managed in offline scenarios.

If you have questions about mDLs or about your specific agency, please contact the team. We’re here to help.      

Article
Functional needs for a successful mobile Driver's License (mDL) program

Read this if you are a division of motor vehicles, or interested in mDLs.

You drive to the airport, and are pulled over by law enforcement. They check your driver’s license. You arrive at the airport, and rush through the TSA checkpoint. They check your driver’s license. You buy a drink in the airport bar to calm your nerves. They check your driver’s license. You board your plane, take off, land in your destination, and rent a car. They check your driver’s license. You drive to the hotel and check yourself in. They check your driver’s license. From run-ins with law enforcement, to traveling, to purchasing alcohol, driver’s licenses are necessary and versatile parts of every citizen’s identification arsenal—and soon, they will be mobile. But this new frontier of electronic identification—despite widespread applicability and increased holder convenience—brings challenges for mDL issuers and mDL-reading establishments.

The mDLs must function in a range of scenarios, each of which with distinct business processes, differing levels of holder data control, and various levels of online functionality. The widespread applicability of mDLs mean that state, county, and local issuing authorities need to simultaneously anticipate the range of mDL holder scenarios, identify the functionality required to meet these scenarios, and anticipate implementation challenges.     

Additionally, understanding mDL functionality requires understanding the specific terms used to describe that functionality, and these terms vary. From the participants in mDL transactions, to the kinds of transactions occurring, to the various screens and data validation methods, this terminology quickly becomes complicated. 

Table 1, Key Terms and Definitions below contains a list of mDL-related terms and definitions used within this blog, and accompanying future functional needs blogs.

Table 1: Key Terms and Definitions
Terms Definitions
mDL issuer The department of motor vehicles or bureau of motor vehicles responsible for administering rights to, and overseeing distribution of, mDL data to mDL holders.
mDL holder The person whose data is contained in, and represented by, the mDL.
mDL reader The hardware technology used to consume mDL data from an mDL holder's device.
mDL-reading establishment The institution consuming mDL data via an mDL reader, e.g., law enforcement, liquor store, Transportation Safety Administration.
Portrait image The image of the mDL holder used to verify the holder's ownership of the mDL by visual means.
Attended operation The mDL-reading establishment is physically present when the mDL holder is certified as the owner of the mDL data. E.g., checking in at a hotel, buying alcohol at a liquor store, verifying ID during a traffic stop scenario.
Unattended operation The mDL-reading establishment is not physically present when the mDL holder is certified as the owner of the mDL data. E.g., verifying age during an internet transaction.
Personal Identification Number (PIN) A number (usually 4 digits) created by an mDL holder and used to validate their identity during transactions.
Use Case A situation in which a holder will rely upon an mDL to convey their data to mDL-reading establishments, for a defined purpose.


Table 2, mDL Use Cases below lists situations in which mDL transactions are common, called use cases, and marks them as primary or future mDL use cases. Table 2 also categorizes whether the transactions occur with online/offline functionality (or both); and whether the transactions require both parties to be present during the transaction (attended), do not require both parties to be present during the transaction (unattended), or both. 

Note that mDL use cases are ever evolving, as is the functionality required to complete them. For the most up-to-date content, consider reviewing resources developed by the American Association of Motor Vehicle Administrators (AAMVA) or the International Organization for Standardization (ISO).

Table 2: Standard mDL Use Cases
Use Case Online/Offline Functionality Attended v. Unattended Operation
Primary Use Cases
mDL holder is involved in a traffic stop with law enforcement. Both Both
mDL holder goes through a Transportation Security Administration (TSA) checkpoint at an airport. Both Attended
mDL holder purchases alcohol in person. Both Attended
mDL holder rents a car. Both Both
mDL holder checks into a hotel. Both Both
mDL holder confirms identity with financial institutions. E.g., banks. Both Attended
mDL holder obtains social services. Both Both
mDL holder confirms identity when voting. Note: This use case might not be required in all jurisdictions. Both Attended
mDL holder confirms identity to gain access to federal facilities (if appropriate). Both Attended
Future Use Cases
mDL holder proves age for age-restricted purchases via the internet. Online Unattended
mDL holder signs a document electronically.  Online Unattended
mDL holder opens a bank account online.  Online Unattended


If you have questions about mDLs or about your specific agency, please contact the team. We’re here to help. 

Article
Mobile Driver's License (mDL) functional needs: Definitions and use cases