Healthcare Industry Key Issues kkk

Transcription

1 Healthcare Industry Key Issues Q Federal Healthcare Policy Tax Reform and Appropriations Bills Last year proved to be a case study in confusion for the often-maligned Affordable Care Act (ACA). After the legislation narrowly escaped multiple attempts to repeal it or modify and replace some of its key components, the Trump administration s focus shifted to passing comprehensive tax reform. The tax bill is slated to become one of the most important pieces of legislation affecting healthcare since the ACA, and it is important that organizations proactively plan for several items contained within it that will directly affect how normal business is conducted. Following are three key items healthcare organizations should pay considerable attention to: Corporate tax rate Organizations could potentially capture immediate savings on reduction of the corporate tax rate from 35 percent to 20 percent. Healthcare organizations pay some of the highest taxes in the nation, and they should welcome this reduction as an immediate opportunity to realize savings. Excise tax on top earners A 20 percent excise tax will be placed on the top five earners of organizations. This new tax will likely create significant stress for healthcare organizations consisting of multiple entities, as technically the top five earners could potentially double or even triple in size based on entity structure. Understanding this excise tax will be pivotal for organizations in structuring payment to all those within the hospital system, especially physicians. While salary related to the direct provision of medical services is exempt, other compensation related to administration or management is not. Tax-exempt bonds Healthcare organizations that utilize advance refunding bonds may need to seek alternative measures pertaining to how they finance their operations. This method of funding is set to no longer be valid, so hospitals will need to be steadfast in securing new methods of protiviti.com Healthcare Industry Key Issues kkk

2 financing to compete with the current speed of innovation, mergers and combinations within the industry. The U.S. House of Representatives voted on March 22 to approve an omnibus appropriations bill that would fund discretionary federal programs through September of this year. While several funds were earmarked for education and labor, there were also noticeable increases in funds for healthcare-specific programs. The following are notable items that saw a significant increase: Fighting opioid abuse As part of a continuing push to curb opioid overprescription, abuse and opioidrelated deaths, the appropriations bill provides nearly $4 billion in funding. These additional funds are specifically targeted toward rural communities, prescription surveillance activities, behavioral health and seeking alternative methods to opioid prescriptions for pain management. The Affordable Care Act (ACA) While no new funding was contributed to carry out provisions of this law, notable requirements were published within the recent appropriations bills directing the administration to publish information on the true personnel cost (i.e., number of employees, contractors and activities) involved in all facets related to implementation, administration and enforcement of the ACA. Additionally, to fight misinformation related to the purported collapse and failure of the ACA, the administration will now also be required to publish all ACA-related spending by category since its inception. Medicare appeals An additional $75 million was included in the budget to reduce the Medicare appeals backlog, which is believed to have now exceeded 500,000 appeals. Blockchain Technology Blockchain represents one of the most disruptive business technologies to emerge in the digital age. Its transformative potential for industries and companies resembles the magnitude of the internet s impact on businesses. A small yet growing number of healthcare-blockchain pilots and projects, such as MedRec and the U.S. Food and Drug Administration s electronic medical record (EMR) project with IBM, are underway. Blockchain networks replace the traditional bookkeeping system of single private ledgers kept in siloed databases and update in daily batch settlements with a chain of shared, encrypted distributed ledgers linked and validated by network consensus in real-time to enable instantaneous settlement. Blockchain transactions are consistently described as immutable because they are confirmed and validated by the network and, once that occurs, they cannot be altered. Unlike traditional databases, a blockchain ledger automatically propagates or broadcasts an up-to-date copy of itself to each network participant, creating a shared, trusted source of information across the network of participants. Five of the technology s characteristics are particularly compelling: protiviti.com Healthcare Industry Key Issues 2 Kkk 2

3 No single point of control No dependence on a central author Expandable No dependence on a third party Transparent The most common healthcare blockchain applications that have so far been discussed, tested and/or implemented tend to fall into three categories: EMR and HIE Supply chain management Improved outcomes Blockchain applications within those areas and others including billing and billing reconciliation among multiple parties could increase significantly during the next months. The speed with which healthcare industry blockchain solutions will achieve scale, however, will be determined by how well the industry and individual companies and functions address a slate of challenges. The ability to quickly view a trusted, immutable, and historic source of information, including the parties involved, is a boon for healthcare organizations, which can analyze the blockchain for irregular activities. Since all participants have a copy of the ledger, ongoing redundancy in the network exists in case a portion of it ever goes down a business continuity and disaster recovery advantage. Additionally, the immutable nature of the technology offers attractive fraudprevention benefits. However, a closer look at the technology and how it is governed and implemented also reveals that blockchain poses a number of questions, challenges and risks that demand attention. It remains to be seen how regulators may respond to growing instances of blockchain implementations. While blockchain technology has evolved to the point where its implementation can be relatively smooth, it is almost guaranteed to disrupt existing business processes and, in some cases, business models. For these and related reasons, healthcare leaders and professionals should be cognizant of blockchain impacts and be proactive in discussing potential use cases and strategies. Managing the Business Associate Process Business Associate Agreements (BAAs) have become an increased focus of the U.S. Department of Health and Human Services (HHS) in recent years. In 2016 and 2017, the HHS Office for Civil Rights (OCR) reported multiple settlement fines related to BAA noncompliance, including a $750,000 fine against a Covered Entity (CE) for providing protected health information (PHI) to a business partner without first executing a BAA. Whether an organization operates as a Covered Entity or a Business Associate, a process for managing BAAs is critical to establish accountability and awareness for the proper handling of PHI in all business processes. HIPAA requires CEs to have BAAs in place with all vendors who receive, maintain or protiviti.com Healthcare Industry Key Issues 3 Kkk 3

4 transmit PHI. When an organization lacks a formal process for managing BAAs with vendors, it runs the risk of noncompliance with HIPAA and ultimately fines or penalties. If a CE s vendors with access to PHI do not operate under a BAA, these vendors have no contractual obligation to report breaches of PHI and may not be able to be held liable for damages. By putting a BAA in place, the Business Associate will become contractually obligated to comply with HIPAA privacy and security requirements and provide the organization with reasonable assurance that the Business Associate is aware of its responsibilities. Organizations that operate as Business Associates have a similar obligation when it comes to HIPAA compliance. Business Associates are required to ensure that any of their subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions and requirements that apply to the Business Associate. Ultimately, the management of the Business Associate process is important for CEs and Business Associates. At a minimum, when organizations are contracting with new vendors or performing vendor maintenance, they should consider the following questions: Does this vendor receive, maintain or transmit PHI or have the potential to do so? If so, do we have a BAA with this vendor? If our Business Associates use subcontractors when working with PHI, are we ensuring that they have BAAs with the subcontractors? Revenue Recognition in Healthcare The new revenue-recognition standard became effective for all publicly traded companies with annual reporting periods occurring after December 15, This includes any companies that have publicly traded debt. However, as most healthcare providers are privately held, they do not have to be in compliance with the new standard until their annual financial statement reporting period occurring after December 15, All providers need to evaluate the effect of the new revenue-recognition standard on how they are currently recognizing revenue. This will include assessing their current internal controls environment to determine whether changes are needed. IT systems also should be evaluated to ensure they can produce appropriate reporting that contains necessary information for the provider to fully assess and be compliant with the new standard. In addition, all providers should expect to change their financial statement disclosures based on expanded revenue disclosure requirements. Providers will need to evaluate their contractual agreements to determine how revenue associated with their contracts should be recognized under the new standard. The following criteria must be assessed: 1. Is collection of funds probable? The provider must determine the likelihood protiviti.com Healthcare Industry Key Issues 4 Kkk 4

5 of payments based on the ability of the customer to pay. 2. What are the performance obligations? Performance obligations are the specific tasks or commitments that need to be completed in order for the contractual obligation to be met. 3. What is the transaction price? When the price is not fixed, revenue may need to be estimated based on specific guidance under the new standard. Healthcare entities with a large volume of homogeneous contracts with similar classes of customers may be able to reduce the overall evaluation effort by applying the portfolio approach and selecting a representative sample of contracts to assess, rather than assessing all their contracts. The following are common ways for healthcare providers to group contracts: 1. Type of payers government program, private insurance, uninsured, etc. 2. Type of patient responsibility copay, deductible, self-pay, etc. 3. Type of service inpatient, outpatient, emergency room, etc. From a perspective of overall impact, based on the requirements in the new revenue recognition standard, many providers are likely to see a decrease in revenue recognized and in their bad-debt expense. These changes will be driven by the fact that providers will need to determine their transaction price based on historical collectability, which should reduce revenue initially recognized. Cybersecurity Cyber response preparedness Appropriate reaction to a cybersecurity incident to enable timely and appropriate response, triage and recovery while preserving forensic evidence is becoming increasingly important. Cyber extortion continues to occur, as seen in an incident in January 2018 in which a ransomware attack on the software provider Allscripts rendered a number of its services unavailable to its customers. (The U.S. Department of Health and Human Services Office for Civil Rights released a cybersecurity newsletter in January specifically on this topic.) Healthcare organizations need to take heed and ensure not only that processes are in place but also that those processes are tested and that appropriate talent and subject-matter expertise is on retainer to assist should the unthinkable happen. Key preparedness steps also include performing detailed periodic risk analysis to understand which risks the organization is facing; creating incident response, disaster recovery and business continuity plans; and testing that the organization s workforce can carry out those plans. protiviti.com Healthcare Industry Key Issues 5 Kkk 5

6 Has your organization planned for the possibility that if it is compromised, the incident could have occurred months ago, and has it considered the effect that fact has on backups it was planning to use? Are those backups even viable or trusted? Who can find that answer for you? Do your incident responders know what to do and, more important, what not to do to keep forensic footprints intact so they can be reviewed to determine what may have been affected? Organizations should plan an ongoing and evolving effort to prepare against these risks. Topics Covered Last Quarter in This Newsletter Federal Healthcare Policy Update 2018 Cybersecurity Priorities Physician/Clinician Compliance Opioid Crisis Quality and Value-Based Care EHR and Data Utilization Trends Managing Insurance Denials Industry Contact Richard Williams Global Healthcare Industry Practice Leader Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries. We have served more than 60 percent of Fortune 1000 and 35 percent of Fortune Global 500 companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.