AHM Health Plan Finance and Risk Management: Risk Management in Health Plans Risk Management in Health Plans

Course Goals and Objectives After completing this lesson, you should be able to List some of the factors that may give rise to the assumption of an agency relationship between health plans and their providers Discuss some measures a health plan might take to limit the liability associated with credentialing its providers Explain some of the ways a risk manager can reduce or eliminate risk exposures related to utilization review List some of the actions that a risk manager can take in managing the process of providing healthcare in a health plan environment Risk management has been in a period of evolution almost since it first became an important function in the healthcare setting. In the mid-1970s, the healthcare risk management profession emerged in response to the malpractice crisis surrounding the availability of liability insurance. 1 Although, the basic concepts for healthcare risk management were adopted from the insurance industry, over the past two decades the discipline of healthcare risk management has taken on many important characteristics and unique functions. Although there are clear risks associated with benefits administration, contracting, and other activities, the bulk of risks in health plans is associated with the provision of healthcare services and coverage decisions surrounding that care. In addition, providers face risks associated with health plans beyond those faced by health plans. Therefore, this lesson focuses particularly on those issues. Risk management has changed from an activity that sought solely to transfer risk through the purchase of commercial insurance or the financing of risk through the establishment of a selfinsured trust or investment fund to a profession where education, proactive risk control and risk modification, and risk financing and risk transfer are merged into a partnership. The overall goals of the partnership enable the organization to be responsive to the needs and demands of the healthcare industry and to provide safe and effective care to patients. The organizational goals of ensuring financial stability in the event of an adverse outcome are still consistent with the goals of the healthcare risk manager, but risk managers also find that their work takes them out of the finance department and into those clinical and operational areas where the risks are created. Specific objectives in risk management programs relate to the organizations desire to ensure survival, maximize efficiency, and sustain growth and effectiveness. This is accomplished through the identification, control, management, elimination, transfer, or financing of risk. Achievement of these objectives is accomplished by interacting with internal and external customers of the organization that demand low-risk, high-quality, cost-effective service. Management may have different priorities in seeking efficiency and growth, particularly as health plans continue to dominate the marketplace. The primary targets or strategies of management could relate to gaining market share, increasing the overall number of relationships and contracts with payers, increasing sales or service volume, ensuring continuity of performance, maintaining the quantity of controlled resources, or other items expected to produce desired long-term financial results. These targets may be sought

without appropriate consideration of the inherent risks that may also be assumed by adopting those strategies. The goals identified to achieve market success may not be the most efficient or effective strategies from a risk management perspective. To achieve favorable results from both a risk management and an organizational perspective, the risk manager must recognize how the internal and external changes in healthcare created by managed care influence or enhance risk. The risk manager should begin to plan a strategy by first identifying how the organization is influenced from a risk perspective due to managed care (Figure 2B-1 and Figure 2B-2). After this assessment, the risk manager should work with administration to determine critical success factors that will define risk management success for the organization (Figure 2B-3).

Once the key measures of success have been agreed upon, the risk manager can develop a plan to protect the organization and help it progress. The risk managers role and the challenges posed by that role will not differ significantly if the risk manager is employed by a health plan, a hospital that seeks to be the hub of an integrated delivery system, or a network that forms to be able to compete under health plans. Thus this lesson has been written to focus on the key risk management issues created by health plans as opposed to a specific job that a risk manager might assume given potentially differing structures. Many of the legal and risk management challenges created by managed care will exist regardless of the employer. The customers of the risk manager will include not only those in administration and finance but also physicians, nurses, and external customers. As health plans become more prevalent, risk managers must develop new knowledge and utilize existing and new skills and techniques to identify the new risks created, design creative strategies for managing those new risks, and provide education and information to an ever increasing and divergent customer base. Changes in the Healthcare Organization Related to Health Plans Health plans initially started out as "discount medicine," but it has now evolved to actual management of medical care by providing the patient with the appropriate level of care in the appropriate setting. In his book Making Managed Health Care Work: A Practical Guide to

Strategies and Solutions, Peter Boland states the following: "Managed care alter the decision making of providers of healthcare services by interjecting a complex system of financial incentives, penalties, and administrative procedures into the doctor-patient relationship. Managed care often attempt to redefine what is best for the patient and how to achieve it most economically."2 This statement implies altering and directing care to gain a cost advantage, which is risky if it is at the real or even perceived sacrifice of quality. Health plan administrators, insurance providers, and risk managers are becoming increasingly aware of the development of new case law associated with managed care, particularly how quality or access is limited by strict utilization or financial restrictions and how that limitation can pose a significant financial risk to the organization. Learning how to identify proactively these and other potential new exposures associated with managed care and how to control or eliminate them will be a challenge and will be at the core of the risk managers responsibility. This statement implies altering and directing care to gain a cost advantage, which is risky if it is at the real or even perceived sacrifice of quality. Health plan administrators, insurance providers, and risk managers are becoming increasingly aware of the development of new case law associated with managed care, particularly how quality or access is limited by strict utilization or financial restrictions and how that limitation can pose a significant financial risk to the organization. Learning how to identify proactively these and other potential new exposures associated with managed care and how to control or eliminate them will be a challenge and will be at the core of the risk managers responsibility. Historically, health plans have faced minimal professional liability exposure, especially compared with other healthcare organizations. In large part, this is the result of the broad and wellpublicized protection provided by the Employee Retirement Income Security Act of 1974 (ERISA).3 That protection includes barring jury trials and punitive damage awards, limiting compensation to medical expenses, and preempting actions against a health plan for the "administration" of an ERISA-qualified employee benefit plan. 4 The Federal Employee Health Benefits Act can also afford some protection for federal employee benefit plans. 5 These statutory protections have their limits, however, and the risk manager must develop a clear understanding of the new risks that may be created under managed care and are not afforded statutory protection and must develop strategies to manage them. The changes in the organization relative to health plans created new operational and clinical risks and opportunities for risk management. No longer are the risks contained within the walls of a provider organization; rather, the risks now follow the patients to whom the health plan has agreed to provide services. This may result in making the environment more difficult to control for the risk manager. In addition, with the movement away from high-technology specialties, many organizations may find the need to identify and engage providers with a focus on primary care and prevention. This group of professionals may include physicians but may also include nurse practitioners, physician assistants or extenders, social workers, and other healthcare professionals. Credentialing, reappointment, privilege delineation, and definition of the scope of service for an enhanced range of caregivers will be essential components of the risk managers job.

Operational Risks Under Managed Care Operational risks are enhanced under managed care. For example, a provider organization becomes more complex as it attempts to compete by becoming part of an integrated delivery system. New business risks can create corporate liability, both direct and indirect (vicarious). A risk manager whose responsibility is to manage the risks of the health plan must be mindful of the business and clinical risks created. Health plans can pose the following risk concerns that will be new challenges for the organizations risk manager:
Coordinating the appropriate amount and level of care, by appropriate providers, through Negotiating arrangements with selective providers with proven skills and competence to

utilization management activities.

provide comprehensive services identified in the contracts.

Ensuring that the financial incentives provided by the contract are sufficient to sustain the

organization and that the potential for catastrophic financial risk is understood and appropriately funded for or transferred. (Relative to financial risk management, the risk manager should also be cognizant of the potential double-edged sword created by the use of financial incentives to providers. In a positive sense, these types of incentive structures can help support the provision of efficient, effective, and appropriate service. They can also, however, be seen as a reward system that inappropriately incents physicians to deny needed care to patients in exchange for increased compensation.) Understanding the nature of the new clinical risks created and proactively designing systems or structures to eliminate or control them. Figure 2B-4 illustrates the relative risk for health plan structures based upon the degree of influence and relationships that the health plan maintains with its providers. 6 It is only through an analysis of the health plans business and an understanding of the relative risk associated with that business that one can develop a comprehensive risk management plan to ensure that all risks created are eliminated, managed, controlled, or transferred.

Direct Liability Corporate negligence claims arising from health plans pose new risks for the risk manager. Corporate liability claims are based on the premise that the healthcare entity or health plan has a legal duty to protect the patient from harm. This responsibility can be deemed to be abrogated when negligent providers are employed by the health plan and render care to patients that is

determined to be negligent. The need to develop rigorous screening procedures for potential staff members and to follow those procedures is an important risk management function in this new environment and should be carefully monitored to verify adherence. Under the doctrine of corporate negligence, a health plan and its physician administrators may be held directly liable to patients or providers for failing to investigate adequately the competence of healthcare providers whom it employs or with whom it contracts, particularly where the health plan actually provides healthcare services or restricts the patients/enrollees choice of physician. Health plans and their physician administrators may be held liable for bodily injury to patients/enrollees resulting from improper credentialing of physicians or for economic or compensatory damages to providers as a result of credentialing activities (e.g., unlawful exclusion from provider networks or staff decertification). The doctrine of corporate negligence may also apply to other health plan activities besides credentialing, such as performance of utilization review. Under the theory of negligent or improper design or administration of cost control systems, a health plan and its physician administrators may be held liable when they design or administer cost control systems in a manner that interferes with the rendering of quality medical care or corrupts medical judgment. To date, most litigation involving allegations of negligent administration of a cost control system have involved utilization review activities of health plans. Health plans and their physician administrators are also susceptible to antitrust liability for violations of federal and state laws, which generally prohibit the unlawful restraint of trade, monopolies, price fixing and discrimination, group boycotts, illegal tying arrangements, exclusive dealing, and other arrangements that are anticompetitive. Antitrust problems may arise when entities engage in collective actions that reduce competition in a given market. Antitrust problems can arise early in a market where health plans encourage the combining of the services of former competitors to facilitate service delivery. A balancing test must be performed to ensure that the benefits gained by combining outweigh the danger posed by limiting competition of those entities outside the agreement. Health plan networks are also likely to face an increased number of antitrust lawsuits from providers and competitors as they gain increased market share. The larger a health plan becomes in a particular area, the fewer opportunities available to the provider who is not part of the network. In addition, health plans and their physician administrators face corporate exposure to direct liability for various forms of discrimination, for example discrimination in benefit design, underwriting, claims adjudication, credentialing, treatment, employment, and contracting. The following pieces of legislation may give rise to of discrimination in specific health plans:

The Family and Medical Leave Act of 1993 The Americans with Disabilities Act of 1992 The Civil Rights Act of 1991 The Age Discrimination in Employment Act of 1967, including the Older Workers Benefit Protection Act of 1990 Title VI of the Civil Rights Laws of 1964, as amended (1983), including the Pregnancy Discrimination Act of 1978 The Civil Rights Act of 1966, Section 1981 The Fifth and Fourteenth Amendments of the U.S. Constitution

In addition, health plans and their physician administrators face corporate liability for invasion of privacy of providers for improper dissemination of information regarding credentials or competence to the National Practitioner Data Bank or other third parties or of patients/enrollees for improper dissemination of their records or information pertaining to their health. They may also be sued by providers, patients, or employees for defamation, particularly in connection with their peer review activities. In such an event, however, they may be entitled to qualified immunity under the Health Care Quality Improvement Act of 1986 (HCQIA). Vicarious Liability Under the theory of vicarious liability or ostensible agency, hospitals have been held vicariously liable for the acts, errors, and omissions of their independent contractors. By definition, a provider is an independent contractor in independent practice associations and direct contract models. Therefore, the health plan should not be responsible for negligent acts unless the health plan has given the impression that these providers are acting as agents of the health plan. The decisions of the courts to uphold claims based on ostensible agency depend on many factors, applicable state statutes, the ability of the plaintiffs attorney to demonstrate the apparent agency relationship, and other aspects of the provider-health plan relationship as viewed by the courts. Because "appearance" or perception seems to be the major issue driving the ostensible agency argument, it might be wise for the risk manager to consider some of the circumstances that might lead the public to assume that an agency relationship exists and to make the necessary arrangements to control these potential exposures. Factors that may give rise to the presumption of the existence of an agency relationship include:
Supplying the provider with office space Keeping the providers medical records Employing other healthcare professionals, such as nurses, laboratory technicians, and Developing promotional or marketing materials that allow a relationship to be inferred

therapists, to support the physician provider

The risk manager may wish to review documents provided to patients to ensure that the physician is described as an independent practitioner and that there is a clear distinction between those services provided by the health plan and those provided by the physician. Clinical Risks Managing clinical risks has been an activity of pivotal importance for the healthcare risk manager. This activity continues to be important, but there have been changes in its complexity under health plans. Specific risks that require control and relate to the provision of clinical care include risks associated with credentialing, risks associated with clinical decision making (e.g., rationing of care), risks associated with utilization review, and risks associated with adhering to externally imposed standards of care. Credentialing Credentialing is a risk management function that considers who the healthcare provider is in the health plan and what the provider can do.7 In an effort to facilitate the credentialing process and reduce administrative burdens and costs, some entities may choose to participate in a joint credentialing process. This process might include a consolidation of credentialing procedures and

a sharing of the information requested as part of the process. It will be important to have appropriate releases signed by the professional being credentialed so that there can be no subsequent claims for breach of confidentiality. In general, a credentialing process must be developed that allows for the successful selection and retention of high-quality providers who understand and support the mission and vision of the organization or network with which they work. Credentialing Measures that might be instituted to prevent or limit liability associated with credentialing include establishing realistic criteria, ensuring that the data being measured and evaluated are accurate, conveying and evaluating the criteria on a consistent basis, and creating a paper trail clearly tying quality to the economic credentialing process. 8 The following is a checklist for risk managers to keep in mind when setting up a credentialing process:9 Review Credentialing Policies and Procedures- Review credentialing criteria for compliance with state statutes, standards for health plans, Joint Commission on Accreditation of Healthcare Organizations standards, Medicare conditions of participation, National Committee for Quality Assurance, and court decisions. Review Application Forms Review application forms for compliance with standards and local, state, and federal regulations. Review Protocols Review protocols for investigating and verifying an applicants credentials. Do these protocols minimize the risk of inadequately screening and verifying the credentials of practitioners? Observe Methods Observe the methods by which these protocols are applied in reviewing individual applicants. Are protocols applied equally to all applicants whether they are well known or not? Evaluate Organizational Structure Evaluate the organizational structure of the credentialing process. Are checks in place to minimize the involvement of direct economic competitors in the credentialing process? Does the structure minimize the risk of creating antitrust liability? Review Due Process Provisions Review due process provisions to ensure that practitioners who are denied medical staff membership or have had privileges restricted are afforded a fair hearing in accordance with federal and state laws and standards. Require Practitioners To Report Require all practitioners to report claims, disciplinary proceedings, or adverse actions taken against them at other facilities or hospitals. Ensure risk management access to these records. Ensure HCQIA Compliance Ensure that HCQIA regulations are complied with and that information from the National Practitioner Data Bank is used appropriately in credentialing and privileging determinations. Establish Rapport Establish rapport with practitioners to facilitate open communication, education, and resourcefulness regarding risk management issues. Review Policies, Procedures, Bylaws, and Contracts Review policies, procedures, bylaws, and contracts to ensure that all credentialing criteria are clearly stated. Review credentialing policies and Procedures Review credentialing policies and procedures of other hospitals, facilities, and credentialing services whose credentialing decisions are used instead of an internal process.

Clinical Decision Making One of the most frequently verbalized fears relative to health plans is that it will create a system whereby care is predicated on a persons ability to pay or upon an externally imposed system of values that dictates which medical conditions are appropriate for specific types of intervention. In general, when these issues and concerns are voiced they relate to the denial of interventions deemed to be extraordinary or experimental to patients with terminal conditions or conditions where the treatment may not result in a cure but may only serve to delay inevitable furtherance of the disease. Although much of the discussion thus far seems to be fueled more by fear than fact, making care decisions based on reasons other than best medical judgment is risky and thus should be avoided. Risk managers can assist in limiting these types of risks by determining that policies are in place that clearly indicate that care decisions are not predicated on the ability of the patient to pay or the willingness of the payer to reimburse but rather are based on sound medical judgment that is rendered consistent with appropriate professional standards of care. Many of these decisions also are linked to an area of well-developed case law in health plans, that law related to utilization review activities. Utilization Management Issues Controlling the parameters of care through a well-detailed utilization review process is an important component of cost controls associated with health plans. Court cases have demonstrated that a plans utilization review process is an operational exposure with the potential for considerable financial risk. A well-structured utilization review program is designed to limit the potential risks associated with attempts to structure care around predetermined criteria. The program should allow for retrospective, concurrent, and prospective review of care provided under the health plan. It should be remembered that underutilization presents real threats to quality and risk just as overutilization presents threats to cost control. Merging Case Law The seminal case describing the liability that can attach to an organization with inappropriate utilization criteria is Wickline v. State of California.10 This case addressed the legal implications of preadmission certification of treatment and length of stay authorization. In this case, suit was brought against the state of California alleging that its agency for administering the medical assistance program was negligent when it only approved a 4-day extension of the plaintiffs hospitalization when an 8-day extension was requested by the physician. Plaintiffs attorney alleged that the discharge was premature, resulting in the ultimate amputation of the plaintiffs leg. The physician requesting the 8-day extension did not appeal the decision of the state agency. Neither the hospital nor the physician was the defendant in this decision. A jury returned a verdict in the plaintiffs favor on the grounds that the plaintiff had suffered harm as a result of the negligent administration of the states cost control system. The trial courts decision was reversed by the appellate court, which found that the state had not been negligent and therefore was not liable. The court held that the state was not responsible for the physicians discharge decision and that a physician who complies without protest with limitations imposed by third party payers when the physicians medical judgment dictates otherwise cannot avoid ultimate responsibility for the patients care. The court did acknowledge, however, that an entity could be found liable for injuries resulting from arbitrary or unreasonable decisions that disapprove requests for medical care. The court emphasized that a patient who requires treatment and is harmed when care that should have been provided is not provided should recover for the

injuries suffered from all those responsible for the deprivation of such care, including, when appropriate, healthcare payers. The court went on to say that third party payers can be held legally accountable when medically inappropriate decisions result from defects in the design or implementation of cost containment mechanisms. The court concluded from the facts at issue in this case that the California cost containment program did not corrupt medical judgment and therefore could not be found liable for the resulting harm to the plaintiff. In another case, Wilson v. Blue Cross of California, plaintiffs alleged that their sons suicide was directly caused by the utilization review firms refusal to authorize additional days of inpatient treatment.11 The patient had been admitted for inpatient psychiatric care for depression, drug dependency, and anorexia. His physician recommended 3 to 4 weeks of inpatient care, but the utilization review firm only approved 10 days. The patient was discharged and committed suicide less than 3 weeks later by taking a drug overdose. The trial court granted summary judgment in favor of the defendants. The appellate court reversed this decision, concluding that the insurer could be held liable for the patients wrongful death if any negligent conduct was a substantial factor in bringing about harm. Testimony of the treating physician indicated that, had the decedent completed his planned hospitalization, there was a reasonable medical probability that he would not have committed suicide. The court concluded that whether the conduct of the utilization review contractors employee was a substantial factor in the patients suicide was a question of fact precluding summary judgment and remanded the case for further review. On retrial, the jury entered a verdict in favor of the defendants. Litigation for utilization review decisions may also be brought under theories of bad faith and breach of contract based on the contractual nature of the relationship between the health plan and its patient members Reducing Utilization Management Exposure The risk manager attempting to work with providers in the organization can provide the following advice to assist physicians in the reduction or elimination of exposures related to utilization review: Devise a comprehensive utilization management program. Devise a comprehensive utilization management program that integrates with quality and risk management. Individuals performing utilization management functions should utilize patient outcome indicators as a means of identifying quality of care or risk problems. Physicians must exercise independent medical judgment that meets with the standard of care. Physicians must exercise independent medical judgment that meets with the standard of care. Utilization management decisions should not influence the physicians clinical decisions in any way that the physician would consider truly harmful to the patient. Providers must advise the health plan of their medical judgment. Providers must advise the health plan of their medical judgment. The physician needs to be aware of each plans utilization review process and to advise the plan of his or her medical judgment in clear terms. If a disagreement arises, the physician may need to support the validity of the clinical recommendations with documentation as to the medical necessity. Including diagnostic test results and providing an opinion as to the possible adverse outcomes should the request be denied will also be helpful. Develop a "fast-track" second opinion program. Develop a "fast-track" second opinion program. Providers need to support the development of a system that can quickly

render a second opinion in case of disagreement surrounding clinical judgment. Ideally, the second opinion should be rendered by a healthcare professional whose skill and training are commensurate with those of the provider whose judgment is being questioned. The patient should be informed of any issues that are being disputed. The patient should be informed of any issues that are being disputed relative to the physicians recommended treatment plan and the health plans coverage decision. Alternative approaches and the potential cost and outcome of those approaches should be discussed with the patient. Also, the patient should be informed that, if the plan continues to deny coverage, the patient may be responsible for payment. The patient should continue to be informed throughout the appeal process. Exhaust the appeals process. Exhaust the appeals process. In the event that the treating physician firmly believes that the health plan has made an incorrect decision, then the best defense in cases of treatment denials is staunch patient advocacy. The physician should request to speak to the medical director in charge of the utilization decision and explain the rationale behind the intended treatment. If a plan continues to deny coverage for a service that the physician feels is necessary, the process that allows for a second opinion fails to support treatment, and the physician continues to believe that the denial of coverage is in error, then the decision should be appealed aggressively. All avenues of appeal should be exhausted. If unsuccessful, the physician should inform the patient of treatment opinions without regard to coverage. The patient must ultimately decide whether to continue treatment at his or her cost. If the patient should wish to proceed at his or her own expense, the physician should have the patient sign an informed consent signifying awareness that such expenses may not be covered by the health plan. Ascertain that insuring agreements include coverage for utilization review activities. Externally Imposed Practice Guidelines or Standards of Care Many clinicians are particularly concerned about the development of practice guidelines that seek to define appropriate services that should be provided to a patient given a specific condition. In some instances, these guidelines are used to support utilization management decisions; in others, they may be developed in attempts to define best practice. Although developers often argue that best practice determinations are predicated on an evaluation of effectiveness, some providers believe that under health plans best practice really means lowest cost. To avoid the risks that are likely to be associated with the use of guidelines, clinicians should be assured that the existence of a guideline does not in and of itself create a standard of care and that guidelines, although they may be instructive, do not set standards of care (although well-developed guidelines should articulate agreed-upon standards of care). Risk managers should advise clinicians that, despite the existence of a guideline, their skill and judgment based on a careful assessment of the patients condition can and should preempt the recommendations of a guideline. Case law, at least to date, supports this position.

Multisite Challenges The sheer number of sites where clinical care may be provided or that have affiliation or network agreements makes it essential that the risk manager create tools that can empower staff at these sites to understand and manage their own risks. Risk management will increasingly become a responsibility of all staff who will rely on the risk manager for support and advice but will ultimately be responsible for on-site control of risks inherent in the operation of their business.

Tools that are developed should focus on those proactive strategies that enable all healthcare professionals working in a particular area to identify issues unique to their area that may give rise to risk and to modify those risks in a manner that will allow for a safer environment with staff increasingly aware of the risks inherent in providing care in a specific area or setting. Tools that contain specific questions about an area can be developed and are useful for assisting manager and clinicians in recognizing and managing their own risks. Capitation Health plan contracts create both opportunity and risk for healthcare organizations. Under many contracts the reimbursement from payers is capitated, with the healthcare organization receiving a fixed sum per member per month regardless of the intensity of services that the member receives. Understanding the financial risks assumed under these contracts and either funding for those risks or transferring them to a third party require many of the same skills that the risk manager uses to manage the clinical risks that are part of all healthcare organizations. Once the total risk being assumed is quantified, the risk manager, working with the chief financial officer or health plan administrator, can evaluate the best ways either to fund for or to transfer this risk. Financial Incentives and Cost Control Programs Incentive payment systems link provider compensation to the provision of cost effective healthcare. An incentive system is meant to encourage providers to render only care that is necessary and appropriate. Financial incentives can take a variety of forms, and depending on the outcome of care patients may view the incentive programs as having influenced their providers medical decision making. Cases are beginning to emerge that allege that physicians whose salaries are based in part on an incentive structure that predicates payment for services based on utilization of services make treatment decisions based more on their financial reward than on the well-being of the patient. It is imperative that financial incentives be structured in such a way that they do not have the appearance of encouraging this type of behavior. Whether the cost control program of the health plan creates a financial incentive for physicians to provide inadequate treatment was raised in a recent legal opinion. 12 The case involved a delay in the diagnosis of cervical cancer due to the failure of the primary care physician to order a Pap smear. In this case, a health plan participant brought suit against the health plan alleging that the contractual agreements between the health plan and its providers encouraged physicians not to refer patients to specialists. The court found that the plaintiff had offered evidence establishing that the cost control system contributed to the delay in diagnosis and treatment. A formal opinion on this issue was never rendered, however, because the case was settled during trial for an undisclosed amount. In another well-publicized case, Fox v. HealthNet, a California jury awarded nearly $90 million to the estate of a breast cancer patient arising from the refusal of the health plan to pay for a bone marrow transplant: $77 million was awarded as punitive damages.13 The health plan considered this procedure experimental and would not pay for any experimental treatment until it was proven effective. According to reports in the press, testimony at trial included that of two women for whom the health plan had approved identical treatments as proof that the treatment might have worked.14 Furthermore, it was shown that the physician executive who denied payment for the bone marrow transplant received bonuses based on the denial of costly medical procedures. The

jury concluded that the health plan acted in bad faith, breached its contract of care with its subscriber, and intentionally inflicted emotional distress. This case represents a good example of how denial of access to treatment can expose a health plan to liability. It also demonstrates how the emotional impact and negative publicity associated with the denial of treatment, even if the treatment has not been proven effective, can influence the ultimate decision and the damage award. In a health plan environment, the primary care physician, in conjunction with the health plan, acts as a gatekeeper in determining what hospital or specialty physician services should be provided. The failure to meet the applicable standard of care in making these decisions can expose the primary care physician and the health plan to liability. In the Fox case, the treating physician recommended the treatment with the support of the two other health plan physicians who had used it for the two witnesses in the case, and the health plan, as gatekeeper, refused to pay for it. These cases reveal that courts are willing to impose liability on health plans when inappropriate medical decisions result from defects in the design or implementation of the cost containment programs, breach of contract, or bad faith in the denial of payment. The impact of a health plans financial incentives to contain costs has also been tested. If financial incentives result in inadequate treatment being rendered, the health plan could be held liable. These cases indicate that members will seek redress if harmed as a result of the administration of cost control programs which deny them access to care, which delay care, or which deny payment for necessary care. Avoiding Liability Associated with Cost Control Programs The design and administration of cost control programs should promote efficient care but must not corrupt the medical judgment of the physician. If a health plan overrides the medical judgment of the physician, it could be held liable for the consequences of the treatment or discharge decision. To avoid liability in this regard, a health plan needs to ensure that its financial incentive and cost control programs include procedures that accomplish the following:

Utilize medical necessity criteria that meet acceptable standards of medical practice Review all pertinent records in determining the necessity of treatment Contact the treating physician before certification is denied Allow sufficient time to review the claim before denial Ensure that medical personnel approving payment denials are appropriately trained, have met established minimum qualifications, and have the requisite knowledge to assess the appropriateness of care Maintain policies and procedures that ensure that operations do not interfere with the physician-patient relationship regarding the duration and level of medical care Carefully document procedures used to deny certification of care (coverage restrictions need to be adequately described in materials given to health plan members, especially with respect to experimental or investigational treatments) Devise a mechanism for communication of programs to members, especially financial incentive programs Risk Financing The professional liability and business risks that are associated with health plans have fairly consistently been insurable under standard insurance contracts. Many creative products and

concepts are being developed for the control or minimization of the financial risks that are inherent in capitated contracts or for the balance sheets fluctuations that are possible during a period of time when there is considerable volatility in the financing of healthcare services. The concepts underlying the financing of all these risks are the same and are consistent with the risk financing skills that were practiced by many risk managers before the emergence of health plans. Utilizing the Risk Management Process to Control the Risks of Health Plans The risk management process is generally structured around loss reduction techniques (which include the identification of risk, the elimination of risk whenever possible, and the control or management of risk when it cannot be entirely eliminated) and loss transfer (techniques which include determining the economic risk associated with various types of loss and selection of the best methods either to finance risk internally or to transfer those risks to a third party, generally through the purchase of insurance). These processes can be successful in managing the emerging risks that are created by a managed healthcare system. Obviously, the techniques will need to be tailored to the specific needs of each organization, particularly as health plans become increasingly dominant. Because it is essential that the risk manager understand the scope of potential risk in the hospital, health network, or integrated delivery system, the first step will be to develop effective communication links with those parts of the organization that are responsible for the strategic growth of the hospital into a health plan partner or into the hub of a health plan network. Anticipating risk and being able to plan for it will greatly enhance the likelihood that risks created by the new delivery model will be capable of being controlled. Educating all staff, including administration and healthcare providers, about the emerging risks that are associated either with the delivery system created by health plans or with the clinical delivery system that is more decentralized because of health plans will be an important function for the risk manager. The risk manager may achieve the greatest success by developing tools that can be used by others to assess and manage their own risk. Making each member of the healthcare team responsible for managing the risks created by this complicated new healthcare delivery model will be the only way to ensure success. Conclusion Risk managers must continually monitor emerging risks and design comprehensive strategies for managing them. Unlike the traditional role of the risk manager in a hospital, where a single person or a designated risk management staff is central to the risk management effort, in a health plan or integrated delivery system everyone will have to become engaged in the process of proactively identifying and managing risks. A brief checklist follows that will assist the risk manager in managing the process of providing healthcare in a health plan environment:
Design department-, unit-, or function-specific assessment tools that can be used easily

by managers and clinicians to assess risks associated with specific environments or activities. Make risk management everyones responsibility! Continually monitor case law and developing trends in health plans and design a system to provide information about new developments to all staff working in the health plan or network. Never underestimate the importance of a rigorous credentialing process that allows for the careful screening of all healthcare providersphysicians and advanced practitioners.

Make certain that this process is in compliance with state and federal law and that it measures both credentials and competence. Verify that a comprehensive process exists for utilization management activities. Ascertain that decisions about patient care are based on the best interest of the patient, not primarily the financial interest of the provider or the health plan. Develop a system that allows risk managers to be involved in the assessment of potential new business opportunities or entities before their becoming part of the organization or network. This will allow for a clear understanding of the risks to be assumed and for the development of a plan to control, eliminate, or transfer those risks. Develop the risk management role as one of a consultant whose advice and expertise are sought whenever issues of potential liability arise. Endnotes 1. B. Youngberg, Essentials of Hospital Risk Management (Gaithersburg, Md.: Aspen, 1990). 2. P. Boland, Making Managed Health Care Work: A Practical Guide to Strategies and Solutions (Gaithersburg, Md.: Aspen, 1993). 3. Employee Retirement Income Security Act of 1994, 29 U.S.C. Section 1001 et. seq. 4. Corcoran v. United Healthcare, Inc., 965 F.2d 1321 (5th Cir. 1992), cert. denied, 113 S.Ct. 812 (1992). 5. Federal Employees Health Benefits Act, 56 U.S.C.A., Section 8901 et. seq. 6. R.J. Hester, Health Plan Liability Concerns, in 1992 Health Care Law Update (Florida Bar Lecture Program, 1992). 7. B. Youngberg, Managing the Risks of Health Plan (Gaithersburg, Md.: Aspen, 1996). 8. C.S. Doyle, Managing the Risks of Health Plan, Journal of Healthcare Risk Management 14 (1995): 37. 9. S. Hagg-Rickert, Medical Staff Credentialing and Privileging Determinations: The Emerging Role of the Risk Manager, Perspectives in Healthcare Risk Management 11 (1991): 24. 10. Wickline v. State of California, 192 Cal.App.3d 1630, 239 Cal. Rptr. 810 (Ct. App.); cert. granted, 727 P.2d 753, 231 Cal. Rptr. 560 (1986); review dismissed, case remanded, 741 P.2d 613, 239 Cal. Rptr. 805 (1987). 11. Wilson v. Blue Cross of California, 271 Cal. Rptr. 876 (Cal. Ct. App. 1990), review denied, No. S017315, 1990 Cal. LEXIS 4574 (Cal. 1990). 12. Bush v. Dake, File No. 86-25767 No-2 (Mich. Cir. Ct. 1987). 13. Fox v. HealthNet, No. 219692 (Cal Super. Ct. 1992). 14. Los Angeles Times (7 April 1994): D-1.