This article explores:

  • How employer group health plan sponsors can achieve greater transparency, improve cost and quality outcomes, and strengthen their payer positions.
  • How using the existing health plan data-regulating frameworks can allow employers to design better group health plans.
  • Why employers should not sign away their plans’ data ownership and usage rights.

These are exciting times for employers sponsoring group health plans. A survey of recent news related to employer-sponsored medical plans reveals that some of the biggest employers in the United States are seeking more control over the trajectory of their plan spending and participant outcomes. The 40-plus major corporations that are members of the Health Transformation Alliance and other companies including Amazon, JPMorgan Chase and Berkshire Hathaway have committed themselves to disrupting the traditional self-insurance model in which plans partner with third-party administrators (TPAs) to access the TPAs’ existing network and pricing infrastructures. These companies are concerned they are paying too much for what their employees are receiving, want to improve the quality of the healthcare that is provided and want to be more informed in their decision-making. Similarly, major health and welfare benefit plan consultants are spending time and money studying single-employer plan initiatives to identify and manage high-cost conditions. These consultant studies describe plans that seek to build partnerships with providers and participants to improve cost and quality outcomes.

So what do the activities of these large employers and consultant studies reveal about the state of group health plan sponsorship and the provision of group health plan benefits? They tell us that there is incredible value in the data held by the health plans, and it is through analysis of that data that sponsors can achieve transparency, strengthen their position as payers, and gain greater certainty as to quality and cost outcomes. An exciting time indeed.

Navigating Complex Regulatory Frameworks

The road to greater transparency, payer strength, and greater certainty of cost and quality outcomes is not, however, without its challenges. Group health plan sponsors have long grappled with the necessary yet cumbersome strictures of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its very narrow rules for the use and disclosure of protected health information (PHI). The United States Department of Health and Human Services’ Office of Civil Rights actively monitors and enforces this front through its Privacy, Security and Breach Notification Rules. For private-sector plans, the Employee Retirement Income Security Act of 1974 (ERISA) imposes on plan administrators and other fiduciaries a responsibility to act only in the interest of plan participants and beneficiaries, which certainly implicates how the data of participants and beneficiaries is collected, analyzed and shared. The United States Department of Labor’s Employee Benefits Security Administration monitors this front, while participants and beneficiaries act as a third control through the private right of action under ERISA.

Plan sponsors and administrators seeking to realize the value of their plans’ data while navigating these challenges can do so in a few ways. First, there are tools within HIPAA to facilitate the use and disclosure of health plan data for quality and outcome improvement purposes. Plan administrators of health plans often operate only within the “payment” provision of HIPAA’s Privacy Rule, which authorizes the use and disclosure of PHI to facilitate the adjudication and payment of claims. But that same Privacy Rule provision also permits health plans to use and disclose PHI for “health care operations” – a term including activities such as “conducting quality assessment and improvement activities,” “population-based activities relating to improving or reducing health care costs,” and “evaluating practitioner and provider performance, health plan performance.” Such HIPAA-sanctioned activities have long been undertaken on the provider side of the healthcare delivery system, and employer-sponsored plans arguably should be able to use that same legal basis for the identification and study of plan cost drivers and case management initiatives.

Similarly, HIPAA’s provisions governing the use and disclosure of limited data sets enable plans to analyze and share meaningful plan information with potentially less risk than uses and disclosures involving full PHI, because limited data sets, by definition, are stripped of most direct identifiers. By using limited data sets, employer-sponsored plans can conduct population studies and draw broad-based conclusions regarding plan cost drivers and case management techniques while protecting the most sensitive identifying data held by the plan. Employer-sponsored plans should embrace this opportunity for greater visibility into the reasons for plan spending and participant outcomes without the heightened risk of using full PHI.

Navigating Service Provider Relationships

Plan sponsors also should rethink their approach to the negotiation of TPA service agreements. TPA agreements are typically drafted by the TPAs and typically cover only the confidentiality and proprietary interests of the TPAs, particularly their pricing and other trade-secret interests. But as we explore the idea of the value of the plan data to plans, plan administrators and plan sponsors, let us not underestimate the value of plan data to third parties, such as TPAs and data warehouses. Plan sponsors should be vigilant to not let plan data be exploited by third parties. How often do plan sponsors enter into TPA agreements that allow TPAs to freely use and disclose de-identified information? True enough, de-identified PHI is not PHI; however, there still is proprietary value in that information. Plan sponsors should carefully review and negotiate such provisions and the definitions of “proprietary information” and “confidential information” in service agreements and work to retain ownership interests in plan data wherever possible.

Finally, there are myriad data analytics opportunities available to plans and their fiduciaries and sponsors. Data warehousing vendors that once provided rudimentary analytic services now offer cutting-edge artificial intelligence services that can reveal plan trends that can shape the future of plan design based on real, actionable data analysis. But where there is opportunity, there also is risk. Relationships with data analytics vendors should be carefully vetted, and once a vendor is selected, the data that is supplied to the vendor, the way that data is manipulated and analyzed, the form of the information provided back to the plan sponsor and administrator, and the agreements in place between the parties all must be reviewed in light of HIPAA and fiduciary considerations.