Enterprise Risk Management

Enterprise Risk Management: A Key Success Factor Under Value-Based Care

November 30, 2017 11:12 am

The proliferation of risk-based contracts in today’s healthcare environment has made enterprise risk management (ERM) an imperative for provider organizations and health plans.

As health plans and/or provider organizations assume more responsibility for integrating the financing and delivery of health care based upon the Affordable Care Act, it also becomes increasingly important for them to implement an integrated approach to managing risk. By doing so, an organization can progress beyond a mindset where the focus is on mitigating risk on a department-by-department basis—with redundant processes and no opportunity for sharing of resources and lessons learned—to a mindset where ERM becomes central to the strategic, tactical, and operational planning processes across all functional units. Ultimately, effective ERM—where the organization has achieved best practices in this approach—goes even further, to integrate management of both risk and returns. a

Some health plans and provider organizations have started down the path to implementing ERM, but many entities remain focused simply on limiting underwriting risk and provider contracting downside risk. Truly comprehensive ERM addresses all the major categories of risk exposure, including environmental, competitive, strategic, financial, regulatory, and operational risk, as well as risk associated with technology and reputational risk. In essence, a well-designed ERM strategy in today’s shifting payment environment can help a healthcare organization to address four areas fundamental to value-focused care: population health management, provider contracting, provider billing practices, and insurance or reinsurance.

Consideration of these four areas can help a managed care health plan, accountable care organization (ACO), or other organization that assumes risk understand what ERM really means for its particular circumstances, and ensure that it is fully prepared to take on the significant challenge of delivery value-focused health care.

Population Health Management

If the four critical components of ERM listed above were parts of an atom, population health management would serve as the nucleus. Once an enterprise assumes responsibility for delivering coordinated care to a designated population and commits to the task of population health management, it must invest in the corresponding infrastructure, personnel, and technological support. A clear prescription for disaster is to assume significant health risk for a large population and then not actively manage the overall health of that population. Providers in an integrated delivery system, such as an ACO, manage the cost and quality of care across a continuum of population needs.

Population Health Management Best Practices

Under such circumstances, best practices for assuming the risks involved with population health management can be categorized in three stages—measuring clinical operations, redesigning care delivery, and managing care delivery—as depicted in the exhibit above. The goal is to manage the health of populations across a continuum of care ranging from wellness and prevention to management of chronic conditions and complex cases, as shown in the exhibit below.

Population Health Management Continuum

An entity just embarking on assuming risk of managing a given population’s health should begin by engaging an external party to perform a comprehensive analysis of its medical management capabilities, with a focus on assessing the current utilization and case-management capabilities of the enterprise and identify how best to improve them. The objective is to adopt a cost-effective model that maintains the core values and capabilities of the organization. An external review is needed to highlight strengths and weaknesses in an independent, unbiased manner.

Predictive risk models are helpful in highlighting priorities for population health management. Predictive modeling technology uses advanced data analytics to manage financial and clinical healthcare risk for the assumed population. These models adjust for the demographics of the commercial, Medicare, and/or Medicaid populations being managed. They are essential in that they provide a cost-effective means for identifying the potential severity and frequency of catastrophic medical claims so steps can be taken to mitigate them early. (See the exhibit below for an example of predictive modeling.)

Predictive Modeling Example: Specialty Drug

Provider Contracting

Positioning for success in risk-based contracting may involve pay-for-performance or shared savings models, bundled payments, DRGs, or global capitation contracts. Full engagement requires a cultural shift from a volume-based approach to one that is wholly focused on value.

Under such circumstances, a strong provider contracting model supports an effective ERM process. Developing such a model requires understanding of and attention to details of key risk-based contracting provisions, as outlined in the exhibit below.

Key Risk-Contracting Provisions

Value-based provider payment models work best when they include the following.

Patient personal health records (electronic medical records) shared throughout the organization. Patient engagement is more successful when all health information resides in one central location for use by all attempting to navigate and coordinate the management of care.

Data analytics and data warehousing capabilities for proper risk assessment and risk stratification. These items are essential for identifying high-risk patients, managing chronic disease, and eliminating gaps in care. Data analytics and reporting capabilities support a focus on high-cost patients, particularly those with comorbidities, and assist in developing integrated patient management.

Provider Billing Practices

ERM should include the review of provider billing and pricing practices to identify instances of upcoding, unbundling, and inflated chargemasters and minimize the financial impact of such phenomena. This review is needed to ensure compliance with provider contracting terms and to verify that contract rates are well spent. Careful attention to such inappropriate charges can result in savings of 10 to 30 percent of billed charges. b

Upcoding refers to a situation where the level of services billed exceeds the actual intensity of services provided or required. The National Uniform Billing Committee has established objective standards for billing of procedure codes that are used to bill hospital room-and-board charges for care with various levels of intensity, such as ICU, CCU, nursery, and sub-acute care. Common examples of care that does not meet these standards include:

  • Unnecessarily utilizing the highest acuity revenue code for neonatal intensive care
  • Billing a higher-acuity room-and-board charge on the date a patient is discharged to home
  • Providing overlapping services on transition days from a normal hospital stay to a stepdown facility

Unbundling refers to services that are broken out and billed separately when they are normally billed together. Common examples include separately billing for regular nursing services or minor medical supplies such as gauzes and sponges in routine venipunctures, and unbundling basic nursing services and minor medical supplies from daily room-and-board charges, despite CMS payment guidelines indicating that such items are to be included in these normal daily charges. (It should be noted, however, that billing separated for these services is appropriate in outpatient settings, when they are not included as elements in the underlying standard of care.)

Upcoding and unbundling can affect provider contracting arrangements, such as DRGs and per diems. For example, as chargemaster rates increase, more payments flow to the DRG, which may have an outlier payment provision whereby the charges from a DRG subsequently revert to a percentage of billed charges.

The chargemaster is the comprehensive menu of itemized prices and billed amounts for all services, procedures, and supplies available at the hospital. It is a critical, proprietary aspect of every hospital’s revenue and expense methodology and involves thousands of services and codes. CMS regulations may limit hospitals to a single chargemaster across all insurers, although hospitals are free to update them frequently. As a response to more complex health plans or payment methodologies in risk-based payment approaches, hospitals tend to increase charges overall to ensure that they are covering their costs across all insurers (commercial, Medicare, Medicaid). A health system’s cost-to-charge ratio is typically much lower for Medicare and Medicaid than for commercial business.

Insurance and Reinsurance

Insurance and reinsurance serve as the outer layers of protection in the ERM-as-atom characterization. Hospital and physician value-based payment models increasingly require practitioners to assume greater financial risk for managing their patients’ care. Risk contracting has been shown to reduce costs and improve quality of care, but catastrophic claims can threaten providers and the long-term viability of their provider agreements. Consequently, health plans or contracted providers often need excess-of-loss protection for catastrophic medical risks.

As a health plan offers risk contracts to providers, it needs to verify compliance with Physician Incentive Plan (PIP) regulations for government risk contracts. CMS regulations mandate stop-loss protection to reduce capitated provider exposure to catastrophic risks, and these regulations put a legal obligation on health plans to ensure that their risk-bearing provider groups have appropriate coverage. Health plan offerings to their risk-contracted providers may include:

  • Medical stop-loss underwriting services where the plan retains the risk for catastrophic medical claims
  • Pricing and administering of stop-loss coverage that complies with PIP regulations.
  • Provision of medical case management support for catastrophic medical excess-of-loss risks that leak outside the provider network
  • Evaluations of the adequacy and pricing of stop-loss coverage provided through ACO, independent practice association, and/or medical group contracts
  • Integrated captive management strategies, where providers can retain more risk from provider contracts or self-funded employee benefit plans in existing captive structures

Health systems with excess capital in a hospital professional liability (medical malpractice) captive can use the captive to receive and retain additional risk exposures and types of excess-of-loss coverage, such as:

  • Provider excess specific and/or aggregate coverage for a Next Generation or Medicare Shared Savings Program ACO
  • Medical excess-of-loss coverage purchased for 
a reinsured health plan or its own employee benefit plan
  • Capitation and provider excess contracts with national payers

Reinsurance deductible and other coverage features will vary based on the organization’s risk tolerance. Some programs use the standard approach of a 12-month policy period for incurred claims, which then need to be reimbursed within 18 months from the initial effective date of coverage. Other programs may offer one full year of incurred claim accumulation for any given member or incident—i.e., an accumulation period that extends 365 days from any given trigger claim date. Such coverage is more comprehensive and, thus, more expensive than traditional coverage, but its increased cost could be mitigated by increasing the existing deductible at the same time.

If the health plan or provider organization takes an enterprisewide view of risk, its insurance/reinsurance carrier should do so as well, thereby affording the health plan or provider early access to integrated and coordinated product offerings.

Performance Scenarios as a Percentage of Benchmark

The Next Generation ACO model benchmarking approach is a cross-sectional baseline of beneficiaries who would have been aligned with the ACO in the period prior to participation in the current model year. Risk adjustment is used to compensate for the differences in health status between the baseline population and the actual population enrolled. The benchmark is established by CMS. The ACO is then responsible for losses and gains of plus or minus 15 percent. The exhibit above illustrates the downside loss/upside profit scenarios. Assuming 25,000 attributed members with a benchmark of $1,000 per person per month (i.e., $12,000 per year), the results depicted in the exhibit are possible. Aggregate stop-loss reinsurance protection can be provided to the ACO to mitigate these downside risks.

Risk is ubiquitous in health care. And that reality makes it imperative for finance leaders of both provider organizations and health plans to make effective risk management a top priority. The best way to take on risk and mitigate its effects—particularly in this time of transition to value-based care—is through a comprehensive approach that accounts for all risk across the organization. A piecemeal approach to managing risk can provide only limited benefits, no matter how well-managed each part might be. But managed capably, an ERM program can provide an unparalleled means to safeguard a healthcare organization’s financial position.

Mark Troutman is president, Summit Reinsurance Services, Inc., Fort Wayne, Ind.


a. Segal, S., Corporate Value of Enterprise Risk Management: The Next Step in Business Management, John Wiley & Sons, Inc., March 2011. 

b. This range of savings was cited in communications with the author by Ethicare Advisors, a firm engaged in hospital bill review.


googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text1' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text2' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text3' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text4' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text5' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text6' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text7' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-leaderboard' ); } );