Tap 22 — TAPs <<<Documents<<<Home

CHAPTER V

The Management Information System

This chapter focuses on contractual issues related to the exchange of information and the application of technology to support a public managed care initiative. It addresses the following MIS-related topics:

• The managed care purchaser's expectations of an MIS;
  
• Characteristics of an "ideal" MIS for a managed care system;
  
• Data generated by stakeholders in a managed care system;
  
• Basic MIS operational features;
  
• Confidentiality considerations;
  
• Ownership and use of data;
  
• Technical requirements for an MCO's MIS; and
  
• Procurement of an MIS by a purchaser for its own use.

A. The Managed Care Purchaser's Expectations of an MIS

The process of selecting an MCO to operate a managed behavioral health care program is much different from the process of selecting a vendor to supply technology to a State or county government for a managed care system. The legal requirements and contract terms governing the exchange of information between purchasers, MCOs, and providers are different from the legal requirements and contract terms governing a State's purchase of technology from an MIS company.

The requirements of a contract between a purchaser and an MCO will vary depending on the degree of influence the purchaser wishes to exert on the way the system is used. The primary concern of some public purchasers may be to ensure that the MCO provides information that allows the purchaser to monitor and evaluate the MCO's performance and to provide reports to the Federal Government and other authorities. Other public purchasers may want to direct the way the MCO manages communications between providers, the MCO, and the purchaser.

As discussed later in this chapter, several basic MIS operational issues related to information processing must be addressed before the managed care system is established. Provisions governing these MIS operating issues (e.g., exchange of information required to verify eligibility), along with a few fundamental legal considerations related to the exchange of information (e.g., as protection of patient confidentiality) are common to all managed care contracts. These MIS operational issues arise regardless of the purchaser's role in the day-to-day operations of the MIS.

B. Characteristics of an "Ideal" MIS for a Managed Care System

To best support an efficient and clinically effective managed care program, an "ideal" MIS should be a "person-centered,"  integrated, and "operational" system. The discussion of an ideal MIS here is intended to illustrate the optimal use of technology to support managed care initiatives. It is not intended to suggest that acquisition of a system having all of the characteristics discussed is necessary for an effective managed care system.

The ideal MIS is a system that could be used by providers, provider-sponsored service systems, MCOs, or government organizations, or by all four working in collaboration with one another. The system is intended to be a truly integrated system with the capacity for many organizations to share the information required to perform interdependent functions. The system should integrate different types of information (e.g., clinical, social, financial, and administrative), interactively process changes in data elements to trigger action in accordance with user-defined parameters (e.g., fax, request for treatment report, outcomes measurement, clinical consultation), intelligently "push" information to users, and allow individual users to view information and enter and edit data.

The ideal MIS also should reinforce cooperative relationships among the purchasers, the MCO, and provider organizations. The system will support risk-sharing arrangements in which providers assume clinical responsibility and financial risk associated with service decisions. This places day-to-day decisionmaking in the hands of those who know the consumers best. It also places financial incentives as close as possible to direct service providers, lessens time and resources devoted to MCO utilization review of providers' treatment decisions, reduces conflict between the MCO and providers, and minimizes distribution of confidential information.

1. A "Person-Centered" MIS

The ideal MIS will support individualized treatment planning and continuity of care as a person moves in and out of treatment and from program to program. Whereas a "program-centered" MIS will focus only on the performance of a particular function and will "lose" consumers as they pass from one program to another, a "person-centered" MIS will be able to capture all clinical, social, and financial information related to an individual consumer and track the person across the full continuum of services and programs. (An integrated MIS will be able to group data by program--or by any other function--as a secondary feature of a person-centered MIS.)

2. An Integrated MIS

The MIS must create a comprehensive data set containing the relevant information collected from various domains--enrollees, the MCO, and network providers. The data set should include clinical, demographic, financial, utilization management, and any other data produced from the operation of the system. Different users of the system--clinicians, utilization managers, financial analysts, and evaluators--need to look through different windows that allow them to view and manipulate information in the way that best meets their needs. The system must be capable of integrating data from different domains within the data structure and arranging the information in ways that are useful to those with different roles, tasks, and technical expertise.

3. An "Operational" MIS

In the past, the primary function of an MIS was to provide data (e.g., periodic reports or budget information) for retrospective analysis that would help administrators and others carry out planning functions. Essentially, the MIS was used as an electronic filing cabinet. Although retrospective analysis continues to be critical, current MIS designers are aiming toward more "operational" systems.

In an "operational" MIS, data collected in the performance of routine tasks are integrated and made available on a real-time basis so the data are accessible and usable by staff. An operational system is designed to support the daily workflow of the system, facilitate the exchange of information between organizations and people who perform complementary functions, and facilitate performance of specific tasks. For example, a utilization manager may use the MIS to review a person's previous episodes of care, receive information from the treating clinician regarding the person's progress, and review the cost of services to date relative to the benefits available. All the data required to make such decisions are current and available on the MIS without the need for research or special procedures. Additionally, the system might include clinical decision support technology to alert the utilization manager to the need for a medical consultation about a possible adverse medication interaction, then automatically alert the consulting physician and route the consumer's file for review. In this way, the MIS saves time, increases efficiency, and enhances accountability, leading to improved clinical service.

C. Data Generated by Stakeholders in a Managed Care System

Within a service system, the information that must be available to support the work of a direct provider of treatment mirrors that required by an MCO. Both require information about benefit plan design, member eligibility, provider credentials, reimbursement terms, authorization of payment for specific services, clinical outcomes, and financial performance. Both require information from enrollees regarding clinical and social history, expressed needs, functional status, and diagnostic tests. Both providers and MCOs may accumulate highly confidential information regarding a person's status as a patient, personal history, diagnosis, and treatment plan. In a fully integrated system, a common data set will be established, and data will be exchanged in a manner that facilitates clinical operations. However, such exchanges increase the risk of violation of consumer confidentiality. (This issue is discussed further in Chapter VIII.)

It is important to note that the nature of the information processing requirements of MCOs and providers has changed over time. In the early days of managed behavioral health care, MCOs and providers had a fairly adversarial relationship. MCOs were focused on cost control and engaged in utilization review of treatment decisions for the purpose of cost containment. They did not share information, decisionmaking, or financial risk with providers. Provider-sponsored service systems did not exist. Recently, however, MCOs and provider organizations have moved toward more collaborative relationships. Local provider systems increasingly work in partnership with MCOs and perform managed care functions such as utilization review. MCOs and provider systems sometimes share financial risk and work from a common set of clinical decision support protocols. Both provider systems and MCOs are under increased pressure to demonstrate clinical effectiveness and control costs.

Exhibit V-1 lists the types of data supplied by the MCO, providers, and enrollees in the course of operation of a managed care program. Purchasers also supply some information (eligibility data, benefit limits) essential to managed care operations. Purchasers also generate information essential to analysis of the success of the managed care program (actuarial projections, payments to MCOs, clinical grievance reports, and audit reports).

D. Basic MIS Operational Features

The contract between a public purchaser of managed care and the MCO must address "nuts and bolts" operational questions about the data to be supplied, who will supply it, how the data will be exchanged, what data will be maintained, and how the data will be kept secure. The contract must enable the MCO to support daily operations and monitor the integrity of the service system and the performance of network providers. The purchaser must ascertain whether the MCO has the capacity to perform required functions by ensuring that the contract provides for the continued management and improvement of essential functions. This section reviews 13 basic MIS operational features that must be addressed regardless of the purchaser's role in the day-to-day operations of the MIS.

1. Management of Eligibility Information

The MCO, network providers, and the purchaser share a strong interest in maintaining a current roster of individuals eligible for coverage under the plan. The set of individuals eligible to receive services is likely to change frequently, and the purchaser controls this information. The managed care contract should include provisions describing the manner and frequency with which the purchaser will provide eligibility information to the MCO. Such information is usually provided through a tape-to-tape transfer every 30 days, but updates could be provided more frequently. In Medicaid programs, eligibility can change frequently, and these changes need to be reflected in the eligibility records. These data may be provided electronically through a direct download of data from the State Medicaid agency to the MCO. Alternatively, the MCO or a provider may install a special computer terminal in its offices with direct access to the eligibility database maintained by the purchaser. Different approaches will be used depending on the technical capabilities of purchasers and MCOs. Often, the optimal approach is not used because the cost of establishing direct electronic linkages between the State system and the MCO is prohibitive. These issues should be considered when establishing the startup budget for the managed care system.

The choices made for transferring and maintaining information on eligibility will have an impact on the financial terms of the agreement. Providers, the MCO, or the purchaser may have financial responsibility for mistakes in verification of a person's eligibility. (Some MCO-provider contracts disclaim responsibility for verification of eligibility until claims are paid--effectively transferring to the provider the financial risk of treatment of an uninsured person.) The purchaser may wish to hold the MCO financially responsible by requiring verification of eligibility at the point of initial contact--that is, by the intake and case management staff. If electronic access to current eligibility data is not available, it is difficult to transfer that risk to the MCO.

The MCO should have a strategy for systems control of eligibility determination and for tracking eligibility over the course of treatment. Such a strategy requires software to support the collection and maintenance of enrollee information. The MCO must ensure that the enrollee is uniquely identified (see section below on confidentiality considerations). As disputes may arise based on eligibility for specific services at a particular time, the MCO must maintain eligibility records detailing the service array and eligibility criteria for a period of time defined by the purchaser.

Management of Eligibility Information. Purchasers may wish to address the following in RFPs and contracts:

Identify eligibility information management as a required capability, setting the proposed solution as a minimum standard for contract compliance.

Define the manner in which eligibility information will be provided to the MCO and to the providers.

Define any work to be done during the startup phase of implementation of the plan, including custom programming by the MCO and/or the purchaser, milestones for completion of work, and compensation (if any) for startup costs.

Allow for changes to and upgrades of the MCO's eligibility information management capability.

Specify for whom and when (such as at the enrollee's first contact) eligibility can be determined.

Specify a time period for which the MCO must maintain electronic records of eligibility determinations, so that the purchaser can review dispute resolutions.

If the MCO will be asked to implement algorithms in software that calculate eligibility, reference these algorithms as an addendum to the contract, subject to change by the purchaser on notice and within a specific timeframe.

Require the MCO to use a unique purchaser-defined identifier for each enrollee.

Specify a timeframe within which the MCO must respond to providers regarding the eligibility of an individual presenting for treatment.

2. Provider Credentialing

The MCO's MIS should maintain data on the credentials of individuals providing services to consumers. The purchaser may require that the MCO verify providers' credentials with "primary sources" such as licensing bodies, educational institutions, and malpractice insurance carriers. Primary source verification of provider credentials is required by the National Committee on Quality Assurance (NCQA) and the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), both of which accredit MCOs.⁽¹⁾ In addition, the MCO should maintain data on each provider's expertise, office locations, hours of operation, specialized programs, and so forth, to facilitate referrals by case managers and intake staff.

The purchaser may wish also to require the MCO to demonstrate that all provider information has been verified periodically. The purchaser may require online access to the MCO's provider database to verify provider information and credentialing.

Provider Credentialing. Purchasers may wish to address the following in RFPs and contracts:

Require the MCO's MIS to maintain data on individual providers' (1) licensure status; (2) professional affiliations; (3) hospital privileges (if applicable); (4) education and training; and (5) board certification.

Require primary verification of credentials.

Require the MCO's MIS to maintain data on individual providers' (1) office locations; (2) basic demographic information (e.g., age, gender, staff characteristics, cultural/ethnic background); (3) days and hours of operation; (4) intake and/or contact number; (5) fee structure (e.g., sliding scale); (6) Medicare/Medicaid participation; and (7) scheduling availability.

Require the MCO's MIS to maintain data for individual providers on (1) services provided; (2) specialization by patient age group, disorder, gender and/or sexual orientation; (3) specialty programs; and (4) treatment patterns.

Require the MCO's MIS to maintain data for individual providers on (1) malpractice insurance coverage; and (2) reported incidents.

3. Exchange of Data Between Providers and the MCO

The MCO is often involved in the referral of enrollees to different levels of care, monitoring treatment for appropriateness and medical necessity, and monitoring the quality of care delivered by network providers. Much of the information required to fulfill these responsibilities will come from providers. This raises privacy and confidentiality issues, which are discussed briefly in the section below on confidentiality considerations and in more detail in Chapter VIII.

Purchasers should specify the basic information about all enrollees that must be gathered by the MCO. This information is required to satisfy the State's need to monitor the success of the managed care program and its obligations to report to the Federal Government and others. At a minimum, this information would include a unique enrollee identifier, diagnosis, treatment provided by billing (or CPT) code, and fees paid for treatment. In addition, the MCO could be required to secure a sample of data so that clinical outcomes and consumer satisfaction can be analyzed.

The RFP should solicit information from potential vendors on their ability to gather and manage essential information. Means of information exchange may be over the telephone, through written reports, via fax, or through electronic transfer of data between a provider and the MCO. In assessing the viability of the system proposed by the MCO, the purchaser should consider practical issues, such as the cost to providers of compliance with the MCO's system and the availability of the required technology.

It is also important to determine whether the system proposed by the MCO actually works. There is often a huge gap between a written description of a system's technological capabilities and how the system works in real life.

Purchasers should consider whether or not they wish to establish technology standards that mandate that MCOs and providers exchange information in a particular manner. The ideal MIS would require the MCO and provider organizations to maintain the technical ability to exchange data electronically. Data exchange can be done in a variety of ways. Ideally, the providers and the MCO would have access to a common software system that integrates clinical and financial data. The capacity of provider organizations to participate in electronic data exchange should be considered by purchasers.

Exchange of Data Between Providers and the MCO. Purchasers may wish to address the following in RFPs and contracts:

Specify the core set of information that must be gathered by the MCO for all enrollees, including a unique client identifier, diagnosis(es), treatment provided by billing (or CPT) code, and fees paid for treatment.

• Require the MCO to systematically obtain data that can be used to analyze consumer satisfaction, clinical processes, and clinical outcomes.
• Establish technology standards mandating that MCOs and providers exchange information in a particular manner.

Require that the MCO use a software system that integrates clinical and financial data.

Require the MCO to build the capacity of provider organizations to participate in electronic data exchange.

4. Standardization of Clinical Assessments

A standardized clinical assessment containing key indicators of enrollees' functioning and status should be used whenever possible. The MIS must be capable of maintaining and managing assessment data that supports initial placement, continuing-stay reviews, and attainment of desired outcomes. In several currently available systems, the assessment interview is conducted with the assistance of a computer, and the entire assessment is captured electronically. While not entirely necessary, raw data from the assessment relating to clinical status and level of care could be maintained on the MIS so that the MCO or purchaser could use those data for analysis. The MIS requirements to support this activity include collection and maintenance of data on clinical criteria and assessment events as well as analytic and online data retrieval capabilities.

Standardization of Clinical Assessments. Purchasers may wish to address the following in RFPs and contracts:

Require that key data elements from assessments be maintained on the MIS.

Require that the MIS be capable of retrieving these data as needed.

Require that the MIS maintain data from discrete assessments for use in comparative analysis.

5. Outcome Evaluation

A managed care program must be evaluated in terms of the value it offers--that is, the extent to which it provides appropriate, high-quality services at a reasonable price. Judgment of the effectiveness of a managed care program solely on the basis of cost may lead to the denial of necessary treatment. As noted in Chapter VI, managed care systems are increasingly making efforts to evaluate clinical outcomes and managed care consumers' satisfaction with the care and services they receive.

Typically, outcomes programs will measure changes in clinical status as measured by standard clinical assessment tools and indicated by critical events (relapse, readmission to inpatient treatment) and functional status (ability to work, attend school, and maintain family relationships), as well as consumer satisfaction. Outcome measurement includes baseline measures using standardized assessment tools and followup assessments during and after completion of treatment.

The RFP should solicit input from vendors about the design of the outcomes measurement system. The contract should then require the MCO to collect and store outcome data. It should specify measures to be used, sampling methodologies, the manner in which data will be accumulated, analyses to be conducted, reports to be provided by the MCO, and raw data to be shared with the purchaser. With regard to information processing, the MCO contract should identify the manner in which enrollees, providers, and MCO staff will supply data. It is usually necessary to transfer data from various sources (claims processing, clinical case management, provider assessments, consumer self-evaluation, and satisfaction reports) to establish and maintain an outcomes database. The contract should specify that such a database will be established and should set a schedule for updating it. The contract should address questions related to the transfer of data from the MCO to the purchaser and specify standard data analyses and reports to be shared with the purchaser, providers, and recipients.

Outcome Evaluation. Purchasers may wish to address the following in RFPs and contracts:

Establish the fundamental MIS requirements needed to support evaluation of clinical outcomes and consumer satisfaction.

Develop or refine the capacity to measure changes in clinical status as measured by standard clinical assessment tools and indicated by critical events (relapse, readmission to inpatient treatment) and functional status (ability to work, attend school, and maintain family relationships).

Establish baseline measures in key areas using standardized assessment tools and followup assessments during and after completion of treatment.

Establish minimum capacity requirements for the MCO to collect and store outcome data.

Specify the measures to be used, sampling methodologies, manner in which data will be accumulated, analyses to be conducted, reports to be provided, and raw data to be shared with the purchaser.

Identify the system and processes through which enrollees, providers, and MCO staff will supply data.

Establish and maintain a database to which data from various sources (e.g., claims processing, clinical case management, provider assessments, consumer self-evaluation, and satisfaction reports) can be transferred.

Specify a standard set of data analyses and reports designed to be shared with the purchaser, providers, and recipients.

6. Utilization Management and Treatment Authorization Process

Service authorization allows for the individual management of each case by MCO staff. The MCO's MIS must efficiently support utilization management (UM) personnel in monitoring treatment and outcomes, performing periodic continuing-stay reviews, authorizing payment, and effectively managing the care of enrollees. Providers must be informed about the authorization for each case to support billing and establish limitations on funding for treatment. Purchasers may require that recipients also receive hard copies of service authorizations.

Utilization Management and Treatment Authorization Process. Purchasers may wish to address the following in RFPs and contracts:

Require that the MCO's MIS links utilization data with clinical data.

Ensure flexibility to record and easily access text describing clinical issues.

Ensure capacity to input complex clinical data in an efficient manner.

Ensure that clinical standards used to determine appropriate utilization be available electronically.

Ensure that the MIS has the capability to verify that standards have been applied appropriately.

Ensure that the payment authorization process uses precertification and continuing-stay determinations as criteria for payment.

Ensure capacity to provide recipients and providers with hard copies of authorization decisions.

7. Case Management

Case managers (also called service coordinators) work with individuals to ensure that they gain access to all necessary services and that services they receive from different providers are coordinated. The MIS should give the case manager access to the information needed to coordinate care, and the contract should specify the manner in which this information will be provided. MIS requirements to support case management involve the collection and maintenance of substantial information about the needs of the individual, resources available from the provider network, the individual's treatment plan, comments from treating providers, and information on the benefits remaining under the terms of the plan. The case manager needs timely access to this wide variety of information. Case management functions can be performed by the MCO, providers, or specialized personnel. Case managers may also need information about the availability of wraparound services to meet the client's needs (see Chapter III).

Case Management. Purchasers may wish to address the following in RFPs and contracts:

Establish MIS requirements to support case management functions involving the real time collection and maintenance of substantial information about the needs of the individual, the individual's treatment plan, and comments from current service providers.

Establish MIS requirements regarding access standards for obtaining all necessary information about service providers and other resources available from the provider network and about wraparound services.

Establish minimum requirements regarding the maintenance of up-to-date information on the benefits remaining under the terms of the plan.

Establish minimum requirements regarding the different case management functions that can be performed by the MCO, providers, or specialized personnel.

8. Services Tracking

It is essential that the MCO develop a method to capture information on the provision of services to eligible enrollees. These data must be accumulated regardless of whether the MCO pays a provider a fee for each service event or uses some other payment method (see Chapter VII). Service events must be comparable throughout the service system so that standardized measures of intensity and patterns of service provision and associated costs can be determined. Data on service events are used to identify services individual consumers are receiving, allow analysis of patterns of treatment by different providers, support clinical outcomes research and quality assurance efforts, and support the purchaser's reporting responsibilities.

Services Tracking. Purchasers may wish to address the following in RFPs and contracts:

Require the MCO to use a standardized method to collect service event data that supports comparison of these events across the provider network.

Require that the method used for collecting service event data supports the analysis of clinical practice.

Specify standards for service event data (particularly important if the purchaser contracts with more than one MCO). Include definitions of services, units of measure regarding time and frequency, and the format for data collection.

Require that service tracking data be available to case management staff.

Require that the MCO be able to associate costs with each category of service provided.

Require that the MIS maintain detailed data on service events for a purchaser-specified period of time sufficient to allow for retrospective analysis by the purchaser and authorized research organizations.

Require that the MCO transmit service event data to the purchaser and specify the formats and frequencies of transmittals.

Require the MCO to ensure that the transfer of records complies with Federal confidentiality statutes and regulations (42 C.F.R. Part II).

9. Claims Processing

Claims processing supports the flow of funds to the provider network from the MCO; it also supports service monitoring and cost analyses. As a provider system must have cash flow to operate effectively, claims processing is a critical issue.

The purchaser may retain financial risk associated with provision of service beyond the scope of the managed care contract. For example, the purchaser may be responsible for payment for a service that is not covered under the managed care plan, continued treatment after the limits of coverage have been exceeded, or payment for service to individuals who are not eligible for treatment under the managed care program. The MCO may have agreed to accept full financial risk through a capitation contract, or risks associated with achievement of performance targets. The MCO and provider-sponsored service systems may have agreed to share financial risk associated with treatment of a subset of the eligible population.

Adjudication of claims in a managed behavioral health care system is a complex enterprise, heavily dependent upon the MIS. Many MCOs have encountered difficulties in the efficient handling of claims payments. Proper claims adjudication requires the system to have access to information about the following:

Coverage available under the managed care plan, which requires detailed tables to allow precise definition of covered services; limitations of payment by service (i.e., 20 outpatient visits, 30 days of inpatient treatment); excluded services (e.g., "Rolfing" therapy, biofeedback); and annual or lifetime limits on coverage;

Consumer eligibility status at the time of treatment (by referencing the eligibility files);

Provider status as a member of the network, qualifications to provide services for which claim was submitted, affiliation with larger provider organization or service system, tax identification, payment address (by referencing the provider database and credentialing files);

Fee schedule for payment for services rendered (by referencing the benefit plan and provider files);

Utilization review authorization of payment for service rendered, by reference to number of units of treatment, level of care, and period of time during which treatment was to be provided (by referencing the utilization review files);

Coordination of benefits (by referencing the eligibility files and records of alternative coverage); and

Fund to be charged (by referencing MCO financial accounting files).

Claims processing software is among the most expensive that an MCO will maintain. The RFP should solicit information from the vendors on the software system that will be used to support this function. The MCO's claims system should be able to exchange information electronically with its clinical management system to ensure proper adjudication of claims and to apprise case managers, providers, and enrollees of financial resources available to support planned treatment.

Claims Processing. Purchasers may wish to address the following in RFPs and contracts:

Ensure that the MCO has the capacity to accept claims from providers in a variety of forms--i.e., via paper, electronic media, and electronically (EDI, or electronic data interchange, a telecommunication standard).

Specify a timeframe for the processing of claims that will ensure cash flow to the provider network and possible penalties for noncompliance.

Specify that claims processing data be available and able to be readily formatted into desired reports.

Require that claims processing data be transmitted to the purchaser in an acceptable form that meets the requirements for the purchaser's analysis and external reporting.

Require that the MCO support providers' electronic monitoring of claims received, processed, and adjudicated.

10. Implementation of Performance Criteria

The purchaser must establish performance criteria to measure the MCO's effectiveness in implementing and managing the contract. Once criteria are established and key performance indicators are determined, the purchaser must ensure the capabilities of the MCO's MIS to collect, manage, and maintain these critical data. Because much of the information must be collected from network providers, the MCO should be required to show how the information will be collected and managed and how accuracy will be maintained via review activities (e.g., audits).

Implementation of Performance Criteria. Purchasers may wish to address the following in RFPs and contracts:

Specify standards for the evaluation of performance measures.

Identify key data elements needed to derive the measures.

Identify algorithms used to calculate the measures.

Indicate the method of transfer of data between the provider and the MCO.

Identify facilities needed by the MCO and the provider to collect, transmit, manage, and secure the data.

Specify time intervals for transmission of or availability of data.

Specify the reports required and the time intervals for submission of such reports to the purchaser.

11. Reporting

The MCO should be expected to produce a wide variety of reports to support management decisionmaking, quality management, and quality improvement. The contract should specify the nature of the reports the MCO will be required to prepare, the schedule for preparation of reports, and the groups to whom various reports will be distributed.

Different reports may be prepared for the purchaser, network providers, enrollees, and the public. For example, the purchaser may require comprehensive reports regarding all aspects of operation of the managed care program. Such reports would include claims data, estimates of claims incurred but not yet reported, patterns of utilization at each level of care, utilization by provider or provider system, utilization by age category, utilization by diagnostic category, readmission rates, clinical outcomes indicators, consumer satisfaction, and so forth.

The purchaser may require the MCO to share information with network providers to create a "feedback loop" regarding each provider's patterns of treatment and cost of service relative to other providers. A feedback loop is particularly important if the MCO makes "economic credentialing" a condition of continuing provider participation in the network (see Chapter IV).

The MCO may be required to prepare a standard "report card" on its own performance, as measured by consumer satisfaction, number of people receiving treatment, pattern of treatment across the entire network, and clinical outcomes. The MCO may also be required to produce similar information on specific providers or case managers to assist enrollees in their choices.

The RFP should solicit information from bidders on the manner in which they will produce reports and ask them to submit sample reports. Many MCOs use software programs that are specifically designed for statistical analysis of data and production of complex reports. The MCO should be able to produce a number of standard reports upon demand and have the flexibility to produce custom reports.

Reporting. Purchasers may wish to address the following in RFPs and contracts:

Specify the standard reports that will be required.

Attach samples of standard reports to the contract as exhibits.

Include the schedule for production of standard reports.

Describe the scope of distribution of standard reports.

Specify timeframes for production of custom reports requested by the purchaser and any charges by the MCO for custom reports.

Identify data that will be maintained and available for the purpose of producing custom reports, including any aggregation formulas to be applied in analyzing data.

Allow modification of reporting requirements as needed, subject to adjustment of MCO fees in the event that the purchaser demands material changes.

12. Quality Assurance

As discussed in detail in Chapter VI, an effective quality assurance program is an essential aspect of an MCO's operations. Quality management requires regular review of operations and outcomes to determine the effectiveness of services and to ensure that avoidable treatment omissions are not made. A comprehensive, integrated MIS is an excellent tool for implementing such a program.

Quality Assurance. Purchasers may wish to address the following in RFPs and contracts:

Require that the MIS maintain assessment and outcome data electronically for a specified period.

Ensure the capability of the MIS to compare baseline assessment data with periodic reassessment data.

Require the MCO to implement software-driven triggers that alert quality management staff to out-of-the-ordinary occurrences for enrollees or providers or to predetermined markers of quality (e.g., insufficient followup after inpatient hospitalization).

Require the MCO to report actions taken as a result of quality assurance triggers.

13. Incident Reporting

Reporting and tracking critical incidents, such as assaults, suicides, and homicides, is an important aspect of the quality management function of the MCO. Timely reporting of critical incidents should be mandated in the contract with appropriate timeframes and level of detail to be reported. Contract provisions addressing MIS needs in this area are related to the MCO's ability to accept electronic input from providers of the incident report, maintain and analyze data on the occurrence of these incidents, report them to the purchaser on a timely basis, and provide the purchaser online access to current information. RFP and contract provisions should address all of these issues.

Incident Reporting. Purchasers may wish to address the following in RFPs and contracts:

Require the MCO to have the capacity to report and track critical incidents.

Require the MCO to have the capacity to maintain and analyze the occurrence of these incidents, report them to the purchaser on a timely basis, and record input by providers.

E. Confidentiality Considerations

One of the most important elements and expectations of the therapist-patient relationship is confidentiality. Only an individual who pays cash for all clinical services, however, can reasonably expect that the therapist will not reveal anything about the patient to third parties, including the fact that he or she is receiving treatment. This expectation of confidentiality is embodied in State and Federal law. Exceptions are allowed only in circumstances in which a patient gives the therapist reasonable cause to believe that the patient is likely to harm himself/herself or a third party, or cases of suspected abuse or neglect. (See Chapter VIII for a discussion of laws governing confidentiality of clinical information.)

When a third party is obligated to pay for the patient's treatment, confidentiality issues are not as clear cut. Even in a fee-for-service system, an insurance carrier or government agency has access to information indicating that an identified individual received a particular type of treatment. Federal regulations governing substance abuse records strongly protect the confidentiality of this information by requiring that patients authorize its release to third-party payers. State laws govern confidentiality of information relating to mental health treatment. Most State laws allow release of information without specific written authorization to the extent necessary to enable payment of health benefits (e.g., see New York State Mental Hygiene Law §33.13).

The risk of breaches of confidentiality are far greater in the context of managed care. Under managed care systems, a third party may demand access to highly personal information for the purpose of deciding that treatment is "medically necessary" and therefore reimbursable (see discussion of medical necessity in Chapter III). This creates a conflict for providers, who wish to protect the confidentiality of those being served but who know that if personal information about consumers is not shared, the MCO will not reimburse the provider for services rendered. There are many situations in which consumers have terminated treatment rather than allow their deepest secrets to be shared with third parties. Thus, it is important that MCOs be required to establish policies and procedures requiring network providers to inform patients about their confidentiality rights. It is also important that a standard form, approved by the purchaser, be used by an MCO's providers to inform patients of their rights and to secure a patient's permission to release confidential information.

The issue of confidentiality is particularly critical in the context of an MIS because confidential information may be released to the MCO. In a fully integrated service system, using the "ideal" MIS, confidential information may be passed electronically among a number of parties. Confidential information could even be stored on server computers that are accessible through the Internet.

To ensure confidentiality of clinical information, each enrollee should be given a unique identifier--that is, an alphanumeric code designed so that no two people in the system have the same identifier and so that all clinical data collected for an individual can be compiled--which is virtually indecipherable. Such an identifier may be the only means of ensuring confidentiality, because data and information from the MCO's and providers' files can be shared across networks with case managers and other State systems. In a system for substance abuse and mental health treatment records, it is critically important that unique identifiers be used, that they be secure, and that they are not easy to decipher. The use of entire identifiers such as a Social Security number or name should be avoided. Nevertheless, claims adjudication usually requires the use of name or social security number for accumulating benefits properly and for sending an explanation of benefits to enrollees.

Confidentiality Considerations. Purchasers may wish to address the following in RFPs and contracts:

Require the MCO to establish policies and procedures requiring network providers to inform patients about their confidentiality rights.

Require the MCO to adopt a standard form, approved by the purchaser, that can be used by its providers to inform patients of their rights and to secure a patient's permission to release confidential information.

Require the MCO to maintain policies and procedures to ensure that identifying and clinical information about patients is not shared within the MCO, except as necessary to enable the MCO to carry out clinical functions.

Require the MCO's MIS to have security clearances built in to limit access to patient identifying information and clinical information to only those persons whose job requires such access.

Require the MCO to establish a virtually indecipherable unique identifier coding system for enrollees that permits the sharing of data collected on enrollees while preserving their confidentiality.

Require that MCO reports not include any information that identifies individual patients (with the exception of reports on critical incidents or purchaser audits of individual records).

Require that to the extent that the MCO's managed care system requires the electronic exchange of confidential information over the Internet or other public data transfer systems, all files will be encrypted, using an encryption system that is commercially available and approved by the purchaser.

Require that any servers maintained by the MCO will have "firewalls" built in and require multiple levels of security clearances to protect against breaches of security and leakage of confidential information.

Require that the MCO agree to abide by all applicable provisions of State and Federal law relating to the release of confidential information in the same manner as the direct provider of treatment services.

Require that the MCO notify a consumer in the event of any subpoena of confidential information about him or her to give the consumer the opportunity to seek a court order prohibiting the release of confidential information.

Require that the MCO have all its employees sign agreements to be bound by the provisions protecting the confidentiality of information about patients, including information about the consumer's identity.

Require that the MCO will pay liquidated damages in an agreed-upon amount for every breach of confidentiality discovered by the purchaser.

Require that the MCO and its network providers maintain compliance with the Federal substance abuse confidentiality regulations.

F. Ownership and Use of Data

An MCO will accumulate a vast amount of data about the delivery of substance abuse and mental health services in the State or county. These data will have value to the MCO, because they can be used to improve operations. The data may also have potential value to third parties, such as large drug companies, which could learn about the impact of use of their medications in treatment. Drug companies may also want information about prescription patterns by individual providers to be used for direct marketing purposes.

Purchasers should protect against the unauthorized use of data generated in the course of operation of their managed care program. The contract should indicate that the data generated in the course of administration of the program is the property of the purchaser. The MCO may be allowed to use the data for internal purposes.

It is important to distinguish between data that apply specifically to the purchaser's managed care program and data that are accumulated by the MCO in the ordinary course of its business. For example, the MCO may have a list of network providers, including their areas of specialization, office locations, and so forth. These data may belong to the MCO. On the other hand, data about the cost of treatment of enrollees are clearly the property of the purchaser.

The following provides example text for contract language covering the ownership of data:

Purchaser shall be and remain the sole and exclusive owner of any and all data pertaining to the operation of the managed care program(s) that are operated by the MCO on behalf of the Purchaser. (Such data are hereafter referred to as the "Purchaser Data.") This includes all Purchaser Data entered into the MCO's MIS System (including without limitation, all Client information, Eligibility data, Claims reports, Utilization reports, and any information from Purchaser's present data processing and information system which shall be transferred and converted, pursuant to the Implementation Plan, to operate on the MCO's MIS System). Neither the MCO nor any of its employees, agents, consultants, or assigns shall have any rights in any of the Purchaser Data in any form including, but not limited to, raw data, stripped data, cumulated data, usage information, and statistical information derived from or in connection with the Purchaser Data. The parties agree that the Contractor shall promptly download for and provide to the Purchaser, at no cost to the Purchaser, all such Purchaser Data in an electronically accessible form upon the termination of this Agreement. This provision shall survive the term or termination of this Agreement (Litwak, 1997).

Ownership and Use of Data. Purchasers may wish to address the following in RFPs and contracts:

Identify data that belong to the purchaser (such as claims data, standard reports, custom reports, and service utilization data). Also identify any data that will remain the property of the MCO.

Prohibit any release of the purchaser's data to third parties without the written permission of the purchaser.

Prohibit any publication of analyses of purchaser's data without the written permission of the purchaser.

Prohibit any commercial use of purchaser's data.

Prohibit aggregation of the purchaser's data with other data maintained by the MCO, except for the purpose of academic research relating to public health and operation of substance abuse and mental health treatment systems.

Prohibit any release of data in any form that tends to allow third parties to learn the identity of patients or reveals confidential information about patients.

G. Technical Requirements for an MCO's MIS

Unless a purchaser is attempting to develop an ideal information processing environment for managed care programs in its State or county or is acquiring an MIS for its own use, it need not attempt to control the exact manner in which the MCO operates its MIS. Nonetheless, it is necessary for the purchaser to be assured that the MIS used by the MCO will function properly and comply with contractual requirements. The purchaser has the right to identify a number of technical requirements that the MCO's MIS will be expected to meet. Some of the technical requirements are discussed below.

1. Industry Standards and Open Architecture

In determining the acceptability of an MCO's MIS, the concept of "open architecture" is central. The information systems industry has defined very specific standards for systems design supporting transfer of data and communication protocols between computers. The standards determine the ways that data are structured and communicated, that hardware and software operate, and that security of data is maintained. When a system adheres to industry standards, it can be said to have an open architecture.

In general, for purposes of the contract, the purchaser should ensure that the MCO's MIS meets industry-established standards and has the ability to negotiate and experiment with new or more refined standards. In setting standards, the purchaser should obtain inhouse or other consultation, especially in determining whether and when standards for systems design should conform to those used by State and other agencies in the geographic area. Because purchasers may contract for services with several MCOs, it is crucial that the purchaser can communicate in the same way with each and that the data the MCOs collect are standardized for analysis and comparison.

Industry Standards and Open Architecture. Purchasers may wish to address the following in RFPs and contracts:

Ensure the MCO's MIS adheres to industry standards for open architecture.

If contracting with several MCOs, standardized methods of communicating are used and standardized data are collected.

2. Access to Data

To carry out the monitoring function, the purchaser must have access to data on the ongoing operations of the MCO and network providers. By means of contract provisions, the purchaser should require that all data contained in the MCO's MIS be easily retrievable either by direct access or by standard format extractions.

a. Direct Access

Many purchasers have begun to require direct online access to data maintained on the MCO's MIS. If this is desired, the contract should identify all data sets and elements to which such access is required, including a definition of screens, reports, and specific files. For example, at a minimum the purchaser should have appropriate access to utilization data (such as the number of persons served), and cost data (such as the per person cost per 1,000 enrollees or costs per service unit).

However, most MCOs regard such data as proprietary and will wish to restrict online access in certain areas. In this case, it is important that the purchaser require the MCO to have an MIS that is sophisticated enough to allow the purchaser access to specified data sets while protecting the rest of the system. As security is a significant issue, substantial restrictions on direct access may be appropriate for some purchaser staff (see below).

b. Standard Format Extractions

Without requiring direct access to the MCO's MIS, the purchaser can require that defined data sets be made available at certain specified intervals or on demand in a manner that meets the file format requirements of the purchaser's MIS. Typical industry standard file formats to electronically exchange text include ASCII text, C-ISAM, or DBMS-specific constructs available from independent manufacturers. The purchaser must then specify the data to be provided in these files and the method of communication (i.e., electronic transfer via standard tape sent by courier or transfer through a specified telecommunications structure).

Access to Data. Purchasers may wish to address the following in RFPs and contracts:

Specify all data sets and elements for online access.

Specify file formats for standard format extractions of data.

3. Data Storage Requirements

The MCO must have the capability to provide online access to sufficient data to perform necessary operational functions and analyses. Rather than specify the amount of storage required in terms of hardware capacity for the MCO's MIS, the purchaser should require the MCO to demonstrate that its hardware provides a sufficient capacity to store data online for a defined period. The MCO will know the size of the data set based on the number of members served, the transactions recorded, and system maintenance storage. When the purchaser specifies a period of time for which these data must be available, the MCO can calculate the amount of storage required.

Online availability of data is often required for the current fiscal year and for a defined period before and after the fiscal year to allow for necessary comparative analysis and evaluation. For example, a purchaser may require online storage of 2 years' worth of data (i.e., not archived). Given some defined period, the MCO will be able to calculate its hardware requirements. Archived information should be accessible within a timeframe defined by the purchaser, and the system must be capable of accommodating loading and use of archived data by auditors and other evaluators.

Data Storage Requirements. Purchasers may wish to address the following in RFPs and contracts:

Require the MCO to demonstrate that its hardware provides sufficient capacity to store data online for a defined period.

Specify the timeframe for retrieving archived data.

4. Data Backup

The purchaser should require the MCO to protect against loss of the purchaser's data. It can do this by requiring daily, weekly, and monthly backups by the MCO of portions of the data used to operate the managed care program. Backup data should be maintained offsite at a secure location. Similarly, the purchaser should require the MCO to ensure that it maintains offsite backup copies of the software systems used in its operations.

Many purchasers also require MCOs to maintain backup power generators in the event of a power failure, or to establish redundant operating systems at multiple locations to ensure that service to enrollees is not interrupted.

Data Backup. Purchasers may wish to address the following in RFPs and contracts:

Specify backup requirements for data.

Specify backup power requirements for the MCO's MIS.

5. Security Standards

Security is a primary concern in networked systems. Both MCO employees and third parties (including employees of the purchaser) must give careful consideration to security regarding access to the MCO's MIS. The contract should include provisions requiring strict enforcement of industry security standards and technology. Because of the confidential nature of information about behavioral health care treatment, only authorized persons should have access to data about patients. The contract should require the MCO to demonstrate its capability to adhere to industry-established security standards, with multiple levels of security clearance related to user category and point of access. Security clearances should be tied to specific system functions, data elements, screens, and reports.

Security Standards. Purchasers may wish to address the following in RFPs and contracts:

Require adherence to industry security standards and technology.

Specify security clearances tied to specific system functions, data elements, screens, and reports.

6. Telecommunications Capabilities

Telecommunications is a critically important part of the managed care information processing system. The RFP should solicit information about the telecommunications capabilities of the bidders. The MCO telecommunications system should be capable of handling a large volume of telephone calls, appropriately transferring calls within the MCO system, and monitoring the source of calls, the number of rings before a call is answered, the "call abandonment" rate (hang ups before a call is answered), and the duration of calls by MCO employees. The MCO should be able to provide detailed reports in each of these areas. This information can be invaluable in monitoring the responsiveness of the MCO to enrollees and providers and the nature and quality of the work performed by the MCO's clinical staff.

Many MCOs are now connecting telephone switching systems with computer systems. When the phone rings, the computer automatically calls up records that tie to the phone number of the caller. This allows more personal interaction with the caller. If the caller is transferred to another staff member of the MCO, the computer file is automatically transferred as well.

The RFP and contract should establish minimum criteria for the telecommunications capability of the MCO. In addition, they should define expectations related to the transfer of electronic data between the purchaser and the MCO, between the MCO and network providers, and specified government agencies. Some purchasers may require MCOs to maintain dedicated high-speed telecommunications lines for that purpose. The MCO's telecommunications system should be installed and tested well before the startup date of the managed care program.

Telecommunications Capabilities. Purchasers may wish to address the following in RFPs and contracts:

Require that the MCO's MIS meet industry-established standards and be able to negotiate and experiment with new or more refined standards.

Require that all data contained in the MIS be easily retrievable either by direct access or by standard format extractions.

Require that hardware provides a sufficient capacity to store data online for a defined period.

Require that archived information be accessible within a timeframe defined by the purchaser.

Require that the archiving system be capable of accommodating the loading and use of archived data by auditors and other evaluators.

Require protection against loss of the purchaser's data through a purchaser approved backup schedule.

Require adherence to industry-established security standards, with multiple levels of security clearance related to user category and point of access.

Establish minimum criteria for the telecommunications capability, including the capability of handling (and reporting on) the management of a large volume of telephone calls, including appropriately transferring calls within the MCO system, monitoring the source of calls, the number of rings before a call is answered, the "call abandonment" rate (hang ups before a call is answered), and the duration of calls by MCO employees.

Establish minimum expectations related to the transfer of electronic data between the purchaser and the MCO, between the MCO and network providers, and the MCO and specified government agencies.

Require dedicated high-speed telecommunications lines for the transfer of electronic data.

H. Procurement of an MIS by a Purchaser for its Own Use

This chapter is not intended as a comprehensive guide for purchasers wishing to acquire an MIS for their own use or as a standard for use by providers in their jurisdiction. However, some State and county governments may be interested in acquiring an MIS to enable them to play an active role in the operation of a managed substance abuse and mental health service system.

Federal financial participation in the cost of design and procurement of "Automatic Data Processing" (ADP) systems used to manage public assistance programs (including Medicaid) is available to State and county governments. Procedures for Federal approval of MIS plans developed by States and counties, and conditions of Federal participation are described in the Code of Federal Regulations (45 C.F.R. 95.601 et. seq.).

Federal funds are available to offset the cost of MIS planning, MIS design, and procurement of MIS software and equipment. The Health Care Financing Administration must approve in advance any plans involving an Medicaid expenditure greater than $5 million dollars ($5,000,000.00).

Federal regulations require that States or counties will have all ownership rights in all software or software modifications (including documentation) that is custom developed for the State or county, and for which Federal financial participation is claimed. In addition, the Federal Government reserves a royalty free, perpetual license to use the software to support Federal operations. These requirements do not apply to pre-existing software sold to the State or county at established prices. Federal financial participation is not, however, available to offset the cost of purchasing proprietary software "developed specifically for the public assistance programs covered under this section."

The "ideal" MIS described in this chapter is attainable. It requires a cost commitment, a great deal of planning, and a commitment to install the system in cooperation with key agencies and provider organizations over an extended period of time. However, the more sophisticated the system is, the more difficult it will be to attain the ideal. Complex systems will be more dependent on data standards. Nevertheless, most of the objectives of the ideal system are obtainable.

Reliable software designed to support "mission critical" functions is usually the hardest piece of the MIS to find. Mission critical functions are functions that enable an organization to complete essential work processes. The capabilities necessary include recording essential clinical information about service recipients, maintaining financial information about the mental health and/or substance abuse health benefit plan, accessing and analyzing data about the service system, and allowing those who work together in the service system to communicate effectively and work more efficiently. In addition to meeting technical requirements, the software licensing agreement should include the elements shown in Exhibit V-2.

Though mission critical software is an important component and may be quite expensive, software represents a fraction of the cost of implementing a complex MIS. Hardware, local and wide area network communications systems, training, and local system maintenance are the most expensive to develop and maintain. Implementation planning and the technical ability to maintain systems locally are critically important to successful deployment of a new MIS.

Procurement of an MIS. Purchasers may wish to address the following in RFPs and contracts:

Require software vendors to use an "open systems" architecture to allow easier exchange of data with other systems.

Require software vendors to use a system built on a relational database to ensure that it can be scaled upwards to meet the requirements of the purchaser.

Require software vendors to be in compliance with JCAHO, American Hospital Association, and other accreditation standards applicable to health care software systems.

Require software vendors to be in compliance with various generally accepted standards for software design, including: HL7, OLE 2.0, MAPI 1.0, TAPI 2.0, and SAPI 1.0 standards.

Require software vendors to maintain the ability to generate all reports required by the NCQA, including HEDIS (the Health Employer Data and Information Set) 3.0 and successors.

• Require the software vendor's software license agreements include appropriate provisions pertaining to the scope of the license, acceptance testing, performance standards, ownership of the product, maintenance, indemnification, data integrity, year 2000 functionality, documentation, and "help" systems.

The decision by a State or local governmental agency to purchase an inhouse MIS rather than to purchase the MIS services of an MCO is a critical one. The purchase of an inhouse MIS means that all of the functions described in this chapter should be considered during the procurement of a vendor to provide software, hardware, and/or telecommunications products and support. The purchase of an inhouse MIS puts much more control of the process into the hands of the purchaser but also brings with it accountability and responsibility for the end result.

^1. JCAHO accreditation and NCQA review are voluntary. The purchaser may wish to require primary source verification independently.

Last Updated 11-7-02