New structures come with new rules and health insurance exchanges (HIX) are no exception. That said, health insurers need to know more than the new rules — they need to understand the protocols and priorities regulators intend to use in building out this new regulatory regime.
This is a significant compliance challenge, but it does not begin with a blank page. Other government programs’ (Medicare and Medicaid) compliance capabilities that may already be in place serve as useful models for the analogous requirements of HIX participation. In fact, many of the exchange compliance priorities the Centers for Medicare and Medicaid Services (CMS) shared in March 2014 are similar to those used to regulate Medicare Advantage and Part D plans. Following that logic, it is likely that enforcement measures on HIX plans may mimic these other existing federally-funded programs.
Complying with the line-by-line requirements for plans participating in federal- and state-based exchanges will be enabled through the development of detailed compliance frameworks, customized to the jurisdictional differences in which each insurer operates. However, certain compliance capabilities should be common across all players in this new market. The Office of the Inspector General (OIG) of the Department of Health and Human Services (HHS) has identified a number of requirements that health plans should implement to satisfy the definition of an “effective compliance program.” These include written compliance policies, dedicated compliance officers, training and education programs, communication, provision for internal and external audits and vigorous means to both prevent and respond to potential non-compliance events. Creating and maintaining accurate records will be crucial in areas such as enrollment, eligibility, notifications and especially coverage termination and regulators will hold plans accountable for the behavior of their third-party contractors as well.
In this complex and evolving landscape, first steps form a critical foundation before evolution to a more systematic approach. Health plans that participate in exchanges should consider focusing on building frameworks that permit real-time monitoring and rapid response. Another consideration would be to implement ongoing risk assessment processes to allow for more dynamic prioritization of the day’s key issues. And they should also consider — early on — stand up organizations to take a strategic approach to compliance.
What does a strategic compliance program look like for HIX participants? It is one that proactively manages the full scale of risk across the organization, eliminating silos and thoughtfully allocates resources against the most critical risks each company faces. Plans will have to use these compliance ‘systems’ while building and maturing them at the same time. Making that work will require speed, flexibility and a supportive executive team.
Posted by Kelly Sauders, Partner, Deloitte & Touche LLP and Ian Waxman, Senior Manager, Deloitte & Touche LLP