Member-centric risk management: A new approach for Medicare-based health plans

Regulatory enforcement is on the rise for Medicare-based health plans, increasing the risk and impact of noncompliance. Many plans attempt to treat regulatory issues as isolated problems, but this approach is not sufficient. Instead, plans should adopt a member-centric approach, which will improve compliance and enterprise-wide risk management.

Show transcript

Member-centric risk management A new approach for Medicare-based health plans


Chicago Mike Connolly Senior Partner +1-312-578-4580 mike.connolly Akshay Jindal Principal +1-312-578-4601 akshay.jindal

New York Gil Irwin Senior Partner +1-212-551-6548 gil.irwin Sundar Subramanian Partner +1-212-551-6651 sundar.subramanian Joyjit Saha Choudhury Partner +1-212-551-6871 joyjit.sahachoudhury

San Francisco Thom Bales Partner +1-415-653-3476 thom.bales



About the authors

Sundar Subramanian is a partner with Strategy& based in New York. He specializes in business and operating model transformations in health, and also co-leads the firm’s Medicaid/Medicare Center of Excellence. Akshay Jindal is a principal with Strategy& based in Chicago. His areas of expertise include healthcare payor effectiveness and efficiency improvement with a focus on sustainable Medicare business and technology operations. Ashwin Badrinarayan is a senior associate with Strategy& based in Chicago. He specializes in healthcare payor operations with a focus on technology-enabled capability development. Hector Rincon was formerly a senior associate with Strategy&.

This report was originally published by Booz & Company in 2013.

Animesh Ghosh, Indro Pathak, and Deepak Tilani also contributed to this report.



Executive summary

Regulatory enforcement is on the rise for Medicare-based health plans, particularly for member-facing issues such as enrollment and grievances. As the plans themselves grow larger, the risks and impact of noncompliance will grow further still, putting both patient perceptions and the bottom line in jeopardy. Unfortunately, the approach that many plans have typically used to mitigate regulatory concerns — addressing individual problems at the level of individual business functions — will not be sufficient. Instead, plans should adopt a member-centric approach, in which they design compliance and enterprise-wide risk management based on member experience. Member-centric risk management aligns with the way the Centers for Medicare & Medicaid Services (CMS) looks at regulatory compliance, and hence it offers several clear advantages over the traditional approach. For example, it can predict “hot spots,” or future areas of concern, before they become full-blown citations. It can also help management prioritize the allocation of both financial and nonfinancial resources to the measures that will have the greatest impact. Most fundamentally, it helps companies identify and address root causes that may span organizational boundaries and business units. As a result, companies that employ member-centric risk management can achieve operational excellence and differentiate themselves in the market by providing a better member experience. To get started, plans need to (1) assess all member touch points to determine which ones present the greatest likelihood of noncompliance, along with the greatest corporate impact; (2) tailor enterprise-wide solutions to solve the most probable and highest-impact issues first; and (3) build a culture of continuous improvement. This report discusses how to deploy such a methodology to reduce the risk of CMS noncompliance and improve the overall member experience. (A subsequent report will address managing and excelling in the star ratings issued by the CMS.)



Greater enforcement and increasing plan size

Medicare-based health plans are experiencing several market shifts that substantially affect their business and call into question their traditional approach to regulatory compliance and risk management. Many plans have grown significantly larger recently, in an attempt to gain scale and compete more effectively in an environment characterized by shrinking profit margins. At the same time, the number of regulatory enforcement actions is rising, particularly in member-facing areas like enrollment and grievances. Together, these trends demand a better approach to regulatory compliance. Consider the recent expansion in plan size. The Medicare business is growing far more rapidly than employer-based insurance, thanks to baby boomers entering the market and a potential increase in penetration of Medicare Advantage programs (see Exhibit 1, next page). Despite this growth from new members, plans are experiencing decreased profit margins due to smaller reimbursement payouts. Cost-effective operations are a necessity to prevent further margin compression. Unfortunately, reduced profits are not the only shifts under way in the healthcare industry. As noted above, regulations and enforcement are also rising, with an emphasis on member experience. In extreme cases, exceedingly poor performance has resulted in financial sanctions and potential enrollment bans. For example, Health Net was forced to suspend marketing and the enrollment of new patients into its prescription drug and Medicare Advantage plans, due to improperly administering drug benefits. The government also imposed sanctions on Medicare Advantage plans sponsored by Arcadian Management Services and Universal American when sales agents for the two companies were found to be misleading beneficiaries about network providers and drug plan formularies. Sanctions included suspended payment for new Medicare patients,



Exhibit 1 Expected change in profit pool and membership by segment, 2012–17

Expected membership growth (CAGR %) Individual (~36M lives)

19 18 4 3 2 1 0 -1 -3.5 -3.0 Small group (~24M lives) -2.5 -2.0 -1.5 Medicare (~58M lives)

Note: Assumes no Medicaid expansion in 13 states following Supreme Court ruling. Small group is 2–50 members, medium group is 51–199 members, and large group is 200 or more members.
Medicaid (~65M lives)

Large group (~99M lives)

Medium group (~22M lives) -1.0 -0.5 0.0 0.5 1.0 Expected change in profit pool (in US$ billions)

Source: Membership projections based on Strategy& analysis; margin projections based on Goldman Sachs managed care report on industry outlook and Strategy& analysis; Kaiser Employer Health Benefits 2009; Census 2007; Congressional Budget Office; market interviews; Strategy& analysis



temporary management of the companies by a provider appointed by the Centers for Medicare & Medicaid Services (CMS), guided correction plans, and civil monetary penalties. Even in more routine instances, regulatory citations carry both direct and indirect costs. They are an immediate drain on financial resources, often require substantial executive time, generate negative publicity, and undermine employee motivation and morale. Compounding the impact, not only are these citations costly at the time they are issued, but they serve as a drag on the company’s subsequent compliance performance scorecard. Compliance is a major factor in how the government allocates contract renewals, service area expansions, and bonus payments. We estimate that every 1,000 members lost can reduce the top line to the order of US$12 million annually, and the bottom line by roughly $600,000. Thus far, the response to increasing regulatory scrutiny of Medicarebased plans has simply not been sufficient. Companies have typically limited their approach to a series of short-term tactical fixes aimed at rectifying the most immediate compliance issues, often only after they have become full-fledged citations. Worse, companies often consider problems solely at the level of individual business units, instead of adopting a broader perspective. The problem with this approach becomes clear when looking at corrective action plans (CAPs). Nearly 141 CAPs generated during a recent threeyear period were related to member-facing areas such as policies/ procedures and enrollment/disenrollment. For example, some Medicare beneficiaries encounter problems like poor customer service or support during an appeal, or missed disenrollment periods due to a plan’s delayed mail intake. These are common issues that typically cross functional boundaries and, as a result, are hard to solve. In fact, nearly 15 percent of CAPs are generated in areas with previous CAPs (see Exhibit 2, next page). In light of current challenges in the industry, senior executives must make difficult choices in prioritizing management attention and capital investments. Ideally, plans should focus their assets on increasing size and operational prowess. Yet when management teams find themselves in permanent reaction mode, forced to put out repeated regulatory fires, they are distracted from initiatives that would help them win in the market. In the near term, Medicare-based health plans have little choice but to revamp their approach to compliance. This report outlines a member-centric methodology for improving risk management and regulatory compliance. (A subsequent report will address managing and excelling in the star ratings issued by the CMS.)



Exhibit 2 Key areas of Medicare compliance issues (July 2009–July 2012)

Number of CAPs by area and repeats
CAPs 80 Repeats 25%



15% 40 78 63 20 47 42 38 35 33 10%

31 16


0 Policies & Enrollment & Claims procedures disenrollment processing Compliance plan Grievances & appeals Coordination of bene ts Ad hoc events Quality assurance Marketing


CAPs Repeats

Note: Individual CAPs can be assigned to more than one area. Source:; Strategy& analysis



The case for member-centric risk management

We believe that the solution to improving compliance is to adopt a member-based methodology to risk management that rises above the current focus on individual business units and spans the full enterprise. As an example, when a new member enrolls in a Medicare plan, CMS has a specific compliance requirement: The member should receive a welcome package including his or her proof of coverage and an overview of prospective charges within 10 days. Plans that get cited for failing to meet this requirement typically try to fix the problem by investing in individual processes, such as print, fulfillment, or data entry. Yet because the companies lack visibility across units, such investments (even when significant) do not identify associated causes outside of those functions — such as the sales process, IT, customer service, and enrollment materials — and ultimately do not fix the problem. In addition, the overly precise nature of these investments often puts them at odds with other initiatives across the organization. A member-based methodology avoids such problems by inverting the process. Instead of attempting to improve enrollment compliance by fixing individual functions, it assesses the entire enrollment process from the perspective of a new user. Such an approach offers a number of advantages. First, it aligns the company’s efforts to the way that the federal government currently analyzes and scores plan performance, through the use of past performance scorecards and star ratings. As CMS explains in its past performance methodology, “The number of potential negative points corresponds to the risk to the program and our beneficiaries from deficient performance in that particular area.” By looking at the process holistically, companies can see that there is often no single cause of a problem, and no single solution. Instead, there are multiple areas to address and improve (see Exhibit 3, next page). For example, plans can encourage members to enroll through electronic channels that transmit data automatically at the point of service, accelerating the enrollment process and reducing errors compared to traditional paper enrollment. Similar solutions arise throughout the



enrollment process, from exchanging files with CMS, handling errors or exceptions, dealing with the fulfillment vendor, and mailing. More important, plans that adopt a member-centric approach will be better equipped to manage operational risks. By changing the methodology for measuring risk — to consider the impact on member experience instead of past citations — they can align investments in process, technology, and culture to better solve member problems. As a result, they will more effectively mitigate compliance risk, eliminate unnecessary siloed investments, reduce regulatory costs, improve the experience for members, and, at a fundamental level, improve their operational performance based on the metrics that truly matter.

Exhibit 3 A member-based methodology for enrollment

Educate member At the point of sale, encourage members to utilize an electronic channel for easy enrollment.

Submit form If the enrollment came through a manual touch point, ensure that a sales agent provides an accurate plan overview to the member and submits the form on the day of enrollment.

Send welcome package to member Once the transmission is approved by CMS, incorporate the correct information into the welcome package and mail it out on time.

2 1
Process enrollment Ensure that enrollment data is properly entered and processed at headquarters.




Correct errors If there are any missing or incorrect data fields, make sure a customer service representative reaches out to the member to validate the enrollment.


Submit form to CMS Once all information is confirmed, submit new member data to CMS electronically.

Source: Strategy& analysis



Three steps to implementing a member-centric approach

A member-centric approach to risk management consists of three steps: 1. Evaluate member touch points to identify the greatest risk areas for noncompliance 2. Systematically address the most probable and highest-impact areas 3. Build a culture of continuous improvement 1. Evaluate member touch points Begin by identifying all member touch points within a health plan (such as payment, access to drugs, customer disputes, access to provider services, and so on). Next, determine which ones have the highest probability of creating a negative member experience and measure the relative impact of noncompliance on the member. To do so, consider both external and internal factors. For example, internal processes for premium payments are complex, involving multiple departments. The level of internal monitoring, including audits and controls, is typically not sufficient to effectively manage this activity at most plans. Given this complexity, CMS has identified premium payments as a focus area. Therefore, any continued operational problems stand a high likelihood of getting noticed. Another internal driver, and perhaps the most important, is the degree of member impact from failures across enrollment, billing, and claims processes or systems — for example, inaccurate reconciliation across claims and billing. Failures that put the biggest burden on members, such as access restrictions or financial mistakes in the plan’s favor, are scored higher, meaning they deserve more immediate attention from management. Evaluating the external (CMS focus areas) and internal drivers — based on available market data and input from subject matter experts —
Strategy& 11

results in a score indicating the probability and impact of noncompliance for each identified member interaction, which the plan can plot along a two-by-two matrix (see Exhibit 4, next page). A key element of the methodology is that it is predictive in nature. It evaluates the probability that noncompliance issues may soon lead to CMS citations. The predictive aspect helps health plans stop reacting to issues and get ahead of the problem, by focusing on areas that are most risk-prone, have the greatest negative impacts on members, and are most financially damaging. The predictive element comes from an assessment of a broad set of data — metrics, grievance information from CMS’s Complaints Tracking Module (CTMs), and publicly available information from external sources, such as regulatory focus areas. The output is a simple set of metrics identifying the highest-risk process areas, often issues that would have gone unseen by traditional approaches until they triggered a full-blown citation. Once the grid is complete, plans can group and address similar highpriority member activities accordingly. For example, all payment-related processes — such as co-pays, premiums, and claims activities — can be evaluated together. 2. Systematically address the most probable and highest-impact areas Once the plan has a set of priority touch points to work with, it can determine the root causes of problems and develop end-to-end solutions. For example, a plan that wanted to improve its performance in premium payments started by designing a target-state member experience, with input from key stakeholders across the organization. The focus was twofold: First, the plan ensured that all basic interactions such as billing, enrollment setup, and claims processing occur without any problems. Second, it focused on improving customer satisfaction and convenience by offering access to member-preferred payment options and channels. This target state was compared to the current state for premium payments to identify critical gaps. The company decided that the solution lay in improving the appropriate payment channels, educating members on automatic payments, and establishing backup payment options to avoid problems. Other aspects included services such as concierge-style support through the initial enrollment setup, mobile apps to track payment notifications, and multiple ways to resolve premium issues (including the ability to support split or partial payments). The plan then developed an implementation road map for enhancing payment and claims activities, with benchmarks at key intervals.
12 Strategy&

Exhibit 4 Member touch points can be ranked based on the probability and impact of noncompliance

Probability Medium priority High priority Member activities 1 2 7 1 2 3 3 4 5 6 4 5 6 7 Receive ID card Enroll in wellness programs Lodge complaints Complete and submit application
High-priority member activities Low-priority member activities

Make premium payments File claims manually Pay drug co-pays

# #

Low priority Impact

Medium priority

Source: Strategy& analysis



Similarly, a large payor was having difficulty in generating timely and accurate member ID cards, leading to a high risk of noncompliance. After undergoing a detailed root cause analysis, this payor performed an end-to-end review of its processes responsible for member ID cards, and identified opportunities such as incentivizing members to use electronic channels and enabling proactive member calls to eliminate any gaps or non-answers in applications. In addition, appropriate management controls and continuous improvement processes were put in place to ensure that these problems were never repeated, thereby mitigating compliance risk. 3. Build a culture of continuous improvement To sustain the impact of any corrective measures, plans must identify, prioritize, and mitigate risks on an ongoing basis, with a strong emphasis on continuous improvement. In the above example for payment-related activities, management was able to measure the success of operational changes by developing compliance scorecards that evaluate quality on a periodic basis (weekly, monthly, quarterly) against CMS benchmarks. Over time, these measures will become ingrained throughout the organization, so that it will be able to accurately determine — and improve — the quality of member experiences on its own, instead of constantly reacting to external assessments. Several other measures will also help. For example, organizations should establish a separate internal quality department, with the goal of embedding continuous quality evaluations into plan operations. In addition, the company can tie incentives for key leaders to these measures.




There is no better time than now for health plans to gain a substantial competitive edge in the disruptive Medicare landscape, and investing in risk management is a critical step on this path. Shifting from a reactive stance, in which management is repeatedly facing regulatory crises, to a more systematic, member-based approach will help in several critical ways. Specifically, it will help plans identify high-priority compliance risks and design effective solutions that apply across the value chain. Management will be able to better allocate resources proactively to the most likely and highest-risk problems, and resolve them before they result in regulatory citations. In the long term, plans will not only reduce their compliance issues, but also deliver a better experience to members, strengthen their financial and operational performance, and differentiate themselves from the competition.



Strategy& is a global team of practical strategists committed to helping you seize essential advantage. We do that by working alongside you to solve your toughest problems and helping you capture your greatest opportunities.

These are complex and high-stakes undertakings — often game-changing transformations. We bring 100 years of strategy consulting experience and the unrivaled industry and functional capabilities of the PwC network to the task. Whether you’re

charting your corporate strategy, transforming a function or business unit, or building critical capabilities, we’ll help you create the value you’re looking for with speed, confidence, and impact.

We are a member of the PwC network of firms in 157 countries with more than 195,000 people committed to delivering quality in assurance, tax, and advisory services. Tell us what matters to you and find out more by visiting us at

This report was originally published by Booz & Company in 2013.
© 2013 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. Disclaimer: This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.