Hospital and Health System Value-Based Care Strategy Update: Lightning Round with Practitioners in the Trenches

June 20, 2024
21:44 minutes

On this Ropes & Gray podcast, join health care partner Stephanie Webster as she moderates a discussion with fellow health care attorneys David Ault, Ben Wilson and Devin Cohen on the evolving landscape of value-based care programs for health care providers. They address the financial viability of Accountable Care Organizations (ACOs), the implications of transactions on ACO participation, whistleblower allegations within ACOs, the necessity of separate legal entities for program participation, data sharing compliance, leveraging AI for ACO administration, and new compliance risks in value-based care arrangements.


Stephanie Webster: Welcome to Ropes & Gray’s podcast called “Hospital and Health System Value-Based Care Strategy Update: Lightning Round with Practitioners in the Trenches.” This podcast is a follow-up to our webinar on this topic from a few weeks ago in which we discussed recent trends, new programs, and other considerations in value-based care. My name is Stephanie Webster—I’m a partner in Ropes & Gray’s health care practice group based in Washington, D.C. I represent health care clients in federal program reimbursement matters focusing on hospitals and health systems. I would like to introduce the panelists:

  • Dave Ault brings over a decade of experience spent at the U.S. Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), advising hospitals and health systems on value-based contracting.
  • Ben Wilson counsels health system clients on strategy, critical business transactions, and health care regulatory matters.
  • Devin Cohen advises health systems on transactions and compliance considerations for health plan transactions, physician alignment, and risk delegation.

With that behind us, let’s delve into the questions. The first one, which is actually for Dave: We’ve never really made money in an Accountable Care Organization (ACO)—is there anything on the horizon from CMS that would change that?

Dave Ault: The short answer is yes. Your struggles are real and not unique to you—this is very common. CMS is making program changes to try to make the programs more viable for hospitals and health systems. In response to frustration from providers regarding prior initiatives and current ongoing ones, CMS is trying to expand value-based care to have a broader portfolio of alternative payment models that is broad enough so that there can be an option for everyone—for all hospitals, all health systems, all providers. And, of course, this goes to their goal of getting everyone into value-based contracts by 2030. Choosing which programs to participate in ultimately depends on the strengths, weaknesses, and strategic goals of each individual organization. The approach isn’t one size fits all, and that’s what CMS now seems to get and really wants to try to work with to find options for all.

There are three ways I frequently advise health systems to participate in some of the current and new offerings from CMS to see improvements within their organization:

  • Looking at options with new payment arrangements is the first thing I advise patients on in this space. Look at Upfront Shared Savings payments, additional payments for health-related social needs (HRSN), including payments for consults and referrals.
    • For instance, whether it’s the Advanced Investment Payments (AIP) in Medicare Shared Savings Program (MSSP) or the new Primary Care (PC) Flex payments in the Medicare Shared Savings Program, ACOs are again able to receive upfront capital that you can use to invest in your care strategies.
    • And CMS’s push to drive health equity is creating new revenue streams around health-related social needs, which brings me to the second way of driving financial success for hospitals and health systems, and this is maybe the most important.
  • Don’t limit yourself to one program. Make your strategy one that looks across the entire portfolio.
    • Split your hospitals, practice groups, other providers, and other partners into multiple programs. Are you in the MSSP? That’s great. Should you have multiple ACOs in the MSSP? You very well may want to. Do you have an option to participate alongside MSSP to diversify some of that risk and leverage those opportunities? So, not only does it diversify your risk, but also allows you to match the providers to the program most likely to drive revenue.
    • Put your best performing hospitals and providers in high upside, higher risk models, like MSSP Enhanced (or if you’re in it already, the ACO Realizing Equity, Access, and Community Health (REACH) model). If you want up-front payments and you can create or have a low-revenue ACO, and you want low downside risk, you form a low-revenue ACO with your providers that are new to value-based care, and then train them up and then move them to one of the higher risk, higher upside ACOs.
    • Also, the new AHEAD model is a Medicare-Medicaid model, announced last fall, where states are contracting as the primary partners with CMS and then partnering with hospitals, health systems, and others to provide ACO-like care. Something that’s really interesting is a new opportunity, because in addition to being a multi-payor, it really drives payments for health-related social needs and also will put hospitals on a hospital global budget, which is something that has been beneficial to many hospitals in Maryland and other states where this has been prominent for a number of years.
    • And as you make these decisions, be intentional with your choices—be deliberate. Use your data analysis—not guesswork on what you think might be successful or pressure to be in value-based care just because you think you should be—use the data to drive your decisions. If you know from your data where the savings are going to be generated, then take that and pair it with the CMS program options that allow you to maximize those savings—you have a much greater chance of success.
  • And third on my list of key strategies to drive revenue is reevaluate your provider contracts. In working with ACOs, we talk a lot about downstream contracts. Are some providers dragging down your performance? If so, you should either not include those providers in your ACO or change your provider agreements to properly incentivize performance. I spend a lot of time helping craft downstream agreements that mirror the ACO’s plan for success by building in compensation arrangements that will drive providers to perform. Is it coding they need to do better? Is it screening for health-related social needs? Providing additional touches to the highest cost/highest risk patients? You have levers to drive these metrics and make sure you use them.

Stephanie Webster: Thanks very much, Dave. We’re going to move on to another question now, and this time the question is for Ben: We’re merging with another health system, and we have different ACOs—can we participate in both, and which option is better?

Ben Wilson: That’s a really great question, and it’s one we’re getting all the time in the context of hospital and health system transactions. In most cases, the answer is that you probably don’t have to pick one—you can continue to participate in both—and that you don’t have to make a final decision in advance of closing. Let’s unpack that very briefly just to illustrate some of the considerations. You said you “have” different ACOs, which tells me that probably each health system has established an ACO that it owns. If instead the answer is that both health systems “participate” in someone else’s ACO, then it’s a bit easier. You effectively have a payor contract assignment question. You treat that just like you would usually in any transaction. But let’s say it is the trickier question of owning two separate ACOs. In most cases, the entities that are actually merging won’t be the ACOs themselves. The ACOs will probably be in subsidiaries under the entities that are merging. They will continue in existence with their own separate tax ID numbers post-closing. In that case, you can continue to have both ACOs post-closing if you want to, and you may well want to continue at least for some time post-closing so that you don’t wind up with weird issues around contract years and the like.

Stephanie Webster: Thanks, Ben. Shifting gears: What do we do if an employee whistleblower alleges systemic fraud, abuse, or patient harm within an ACO? Devin, this one’s for you.

Devin Cohen: This really is a great example of why an ACO needs a strong compliance program in place in the first instance. The Health and Human Services Office of the Inspector General (HHS-OIG) and the Department of Justice (DOJ) both expect that any whistleblower can anonymously report suspected violations of law, without fear of retribution, consequences from an employer, or otherwise. So, the first question that a general counsel or chief compliance officer should ask in this type of situation—hopefully before an issue trickles in—is, “What is our whistleblower policy, and is it consistent with regulatory expectations?” This should not just be a paper policy, particularly given the implications under the False Claims Act (FCA), since any employee who faces repercussions because of reporting suspected non-compliance may have an opportunity to have whistleblower rights under the FCA. Now, once a report is actually in-hand, the chief compliance officer will naturally need to scope the issues and undertake a fulsome review and investigation. If you have not brought in outside counsel or otherwise ensured that allegations related to coding or billing are reviewed under privilege, now is the time. There will still need to be interviews, documentation review, and reports to a compliance committee, and ultimately, the matter could require referral to human resources and potentially result in termination. But then what—what institutionally should happen? A few things:

  • First, review your payor contracts to determine whether any supplemental review or reporting guidelines apply, depending on the nature and outcome of the investigation. It’s important to catch the implications of even a minor compliance deficiency: (i) across the health system (for example, identifying whether it’s siloed only in the inpatient department); and (ii) across compensation arrangements with health care practitioners and third-party providers.
  • Next, identify whether there are any repayment implications to CMS or state Medicaid, or any contractual arrangement needs to be revised.
  • Finally, identify how your program can operationally improve. At minimum, training and policy updates, and go-forward auditing and monitoring changes will likely be required—and can be identified through annual or even interim risk assessments.

An effective program, set up to withstand risk exposure in this ACO context, effectively implements feedback loops that ensure each of these boxes are ticked every time a material complaint arises.

Stephanie Webster: Thanks very much, Devin. On to another question: Do we need—or want—a separate legal entity to participate in a different program, and what are some of the operational and contracting considerations we should consider in making that decision? Dave, back to you.

Dave Ault: Generally, yes. You do need—or at least will want—another entity to participate either in a different program or, as I mentioned before, as another entity in the same program, so having two ACOs in the Medicare Shared Savings Program. Typically, you would want a separate legal entity for each ACO, and if the ACO is also going to have providers participating in other initiatives—like a primary care initiative or a specialty care initiative—you will want to strongly consider using multiple entities. For one thing, in the ACO context, the ACO must have a governing body that is unique to the ACO, with a fiduciary duty to that ACO and with board members that meet specific CMS requirements (such as 75% participating provider control, inclusion of beneficiaries, etc.). These requirements may not be suitable to your business objectives in participating in multiple programs.

It’s also important to understand the Corporate Practice of Medicine (CPOM) laws in each state that the ACO is operating in. Different states have different regulations when it comes to Corporate Practice of Medicine, so it is important to really evaluate the regulations in each state to minimize that risk. Oftentimes, we advise CMS program participants in how to leverage a “friendly PC” model to remain compliant with Corporate Practice of Medicine laws.

Stephanie Webster: Great—thanks, Dave. Another question: In a clinically integrated network or Independent Physician Association (IPA), can we cap our community network physicians’ downside losses under a value-based care contract?

Ben Wilson: Yes, in most cases—and that’s actually a pretty common thing to do. How you can go about doing it will obviously depend on the terms of the underlying participation agreements with the payor. Let’s assume that they don’t prevent it. You will need to do the fraud and abuse analysis under Stark and the Anti-Kickback Statute. You won’t be able to rely on the employment exception and safe harbor, obviously, for IPA. But thankfully, you may find quarter in the risk-sharing arrangements Stark Law exception, which provides for bonuses, etc., to be paid by an independent practice association or Independent Physician Association to a physician.

Stephanie Webster: Thanks, Ben. How do we handle sharing of patient data within the ACO and its primary care participants? This one’s for Devin.

Devin Cohen: It is extremely important to make sure that your organization is in compliance with their state and federal privacy laws when sharing patient information—HIPAA is a key one, but not the only one. CMS separately mandates that any data that it shares with ACOs is conditioned on the fact that the ACO, its ACO participants, and its contractors observe all relevant regulatory and statutory requirements regarding the appropriate use of data, confidentiality of data, and privacy of individually identifiable health information.

Now, when it comes to sharing data within the ACO and its community primary care participants, many organizations and physicians use health information exchanges (HIEs) to share patient data for care coordination purposes, and many states have actually established policy with regards to patient consent to have their data shared within a health information exchange. Some states have chosen to adopt the Opt-Out standard, where patients must affirmatively Opt-Out of participation in the health information exchange, otherwise, their data can be shared by providers in an HIE. While others have adopted the Opt-In standard, where patients must affirmatively Opt-In to have their data shared on a health information exchange, that’s not always the case. It is very important for an ACO to be informed of the data privacy laws that govern the states in which it operates in, as they can really vary across jurisdictions, which means that some activities that may be perfectly acceptable in one state may not be permitted in another.

Stephanie Webster: Thanks, Devin. Moving back to Dave: Can we leverage AI vendors to help with the administrative mess associated with an ACO?

Dave Ault: Yes, you can, and that’s a great idea to do so. As we all have been hearing in the media, artificial intelligence (AI) is the hot topic of the day—it can be applied to a wide range of industries and applications. One might not think of AI as being applicable directly to the ACO world, but there are ways to leverage the rapidly expanding tool. For starters, AI can be used to analyze complex data for identifying patient risk levels, patterns, and variations of health care services, costs, and utilization. AI can rapidly and effectively analyze compiled data from multiple sources—genetic data, utilization, clinical data, costs—and this aligns well with value-based care. Providers in ACOs, and ACOs themselves, are using AI to develop personal treatment plans that are catered towards a particular patient or a particular group of patients that may be higher cost or higher risk. AI can also help compare costs of procedures and work with specialists to reduce variations, to address persistent poor control in patients with chronic conditions, and to target patients for clinical review based on medication regimens. This will also keep costs down and increase value for patients. One final area where AI can be leveraged is in the area of risk adjustment. AI can automate the sometimes-tedious task of the data analysis process, by looking through large clinical datasets to extract the important information necessary to expedite risk adjustment and to make sure that risk adjustment is appropriate and proper. AI also enables ACOs to use predictive analytics, forecasting potential risks by analyzing historical and real-time data from clinical notes, lab reports, and claims documents, which can help in staging preemptive interventions for patients that ultimately will lower overall costs.

Stephanie Webster: Thank you, Dave. This next one is also for Ben: How do we tackle conflicts of interest issues of physician leaders that have financial stakes in various health care entities that are part of an ACO?

Ben Wilson: The good news is that the answer for an ACO is mostly the same as for other parts of a health system. Often, individuals will serve in leadership positions at multiple different organizations or have financial interests at various entities that can raise conflict issues. Given that, it’s important to have a formal written policy adopted by the board that requires regular and ongoing disclosure of conflicts and potential conflicts. The policy should call on management and the governing body, as appropriate, to keep an eye out for potential conflicts of interest before problems actually arise. If potential conflicts are disclosed or detected, the policy describes how to determine whether a conflict exists and how to address it. For example, the conflicted individual would typically be recused from any discussions or decisions relating to entities that they have a financial stake in. Finally, the policy should address remedial action for failures to comply with the policy. All this should sound familiar to you as a matter of ordinary health system governance. For ACOs, specifically, CMS will ask you to disclose whether the ACO’s governing body has just such a conflict-of-interest policy in place—easy. CMS also requires that the beneficiary member of the ACO’s governing board not have any conflicts of interest—for example, that beneficiary member must not be a provider or supplier for the ACO. Different states may also have conflict-of-interest policy in handling requirements for ACOs. In general, however, the policies and process will be quite familiar to those who deal with health system governance generally.

Stephanie Webster: Now, to our last question, which is for Devin: What are some of the new compliance risks that value-based care arrangements pose that hospitals and health systems should be aware of?

Devin Cohen: Value-based reimbursement models, they really use an array of financial incentives to change behavior in health management and also in care delivery. Many laws have developed over the past several decades specifically to prevent financial incentives from impacting care decisions, payment, or patient choice. This collision of approaches inherently creates tension and a number of compliance questions. Now, there have been recent exceptions to this where we’re pivoting to, including exceptions to the Stark Law and safe harbors to the federal Anti-Kickback Statute (for instance, the Sprint Rules)—they have really tried to soften that tension and provide more flexibility in compensation arrangements, particularly where providers are assuming risk. But compliance with the Value-Based Enterprise (VBE) exceptions and safe harbors really require a lot of attention to detail, and a minor foot-fault could trigger strict liability in the case of the Stark Law.

Next, value-based relationships, they really do encourage continuity of care in order to limit “leakage” of care to out-of-network providers, and to encourage patient engagement to exercise choice and autonomy in clinical decision-making. That said, patient inducement restrictions under the Civil Monetary Penalties Law, and especially nominal gift guidelines, really do require close review and consideration in advance of engaging patients to make certain care choices or otherwise managed care.

Third, value-based care models rely greatly on value metrics when determining when providers should receive payments, in what amounts, really from a payor or an ACO. From a compliance perspective, errors with respect to that information can carry both revenue exposure and compliance risk. With regards to fraud and abuse risk specifically, the Medicare Shared Savings Program and some other programs developed by the Center for Medicare and Medicaid Innovation (CMMI) include a number of waivers to fraud and abuse laws that apply to certain value-based payment arrangements. Now, this, to me, is a sign that there is an imperfect match between current regulation and developing models of provider interaction and patient engagement prompted by value-based reimbursement systems, and although CMS is slowly developing opportunities really to address the disconnect, ACOs need be aware of the risks and compliance structures to be compliant from the outset.

Stephanie Webster: Thanks, Devin, and thanks also again to Dave and to Ben. And thanks to all of you for taking the time to listen to this podcast. For those of you listening who would like more information on the topics discussed today or our health care group, please don’t hesitate to contact any of us. You can also, of course, subscribe and listen to other Ropes & Gray podcasts wherever you regularly listen to your podcasts, including Apple and Spotify. Thank you again for listening.

Subscribe to RopesTalk Podcast