CMS Roadmap to 2025 – Part II

Part I is here.

Following up on my last blog, I am now going to discuss several other key policy trends that will impact CMS over the next five years. They are as follows:

1. The Evolvement of Program Integrity Away from Fee-for-Service
2. Medicare Advantage Risk Adjustments Solely Based on Encounter Data
3. Continuing Challenges of Privacy and Security
4. Health IT-Interoperability and Patient Engagement

I will briefly discuss why policy changes in each area will have major impacts on CMS operations.

1. Evolution of CMS Program Integrity – The traditional CMS business models for program integrity have been focused on Medicare fee-for-service (FFS), and these models often aimed the majority of their attention at overutilization issues. Recently, the CMS Center for Program Integrity (CPI) put out two RFIs requesting information on new technologies and business areas. CMS now recognizes that their focus must become broader, and thus, several areas will likely be scrutinized even further. This new approach, partly spurred from a recent increase in Congressional interest, shows a recognition by CMS of a need for a new approach to deal with the changing healthcare landscape. These changes include:
   1. CMS moving toward a value-based payment system. As value becomes the major criteria for payment decisions, the PI focus will shift more to validating outcomes and the supporting data for those outcomes.
   2. Congress will continue to push CMS to do more to limit fraud in Medicaid, especially as the program continues to expand and new criteria is added for eligibility and care models. Recently, there has been a much-publicized push to recognize the role of social determinants on a person’s health. This initiative will bring new players into the arena of healthcare payment models and care management, furthering the playing field for attempts at fraud.
   3. Medicare Advantage (MA) and prescription drug plans are other areas where Congress is asking CMS to do more. Over a third of Medicare beneficiaries are now using MA plans, and that number is expected to grow further in the coming years as Baby Boomers continue to choose the Medicare Advantage option. CMS has not provided the same level of review to MA payments and risk models but will be under increasing pressure to do so. The prescription drug aspect will also be under greater scrutiny, not only because of pricing but also because of the greater use of medications to treat different health conditions today. New, expensive cancer drugs will create a need to monitor the coverage and use of certain medications.
2. Medicare Advantage Risk Adjustments Solely Based on Encounter Data – CMS has traditionally used Medicare FFS data to set risk adjustments for MA risk Nowadays, the agency has been trying to move towards an approach that strictly uses Medicare Advantage Encounter data. Plans have pushed back against this initiative – the move has been delayed and diluted for several years. Finally, however, CMS has recently indicated that this will indeed happen within the next several years. Major changes in the risk scores, and even how the MA plans develop various medical management programs, could result from this strict use of MA Encounter data. Health Affairs has published several terrific articles which discuss the possible impact of these changes. One article in particular,was partly authored by Sean Creighton, a former CMS MA executive.
3. Privacy/Security – Technology’s omnipresence of innovation, the addition of new healthcare entities, and a change in business practices have all rendered many existing privacy and security policies obsolete, as well as the practices therein. At the very best, they are inadequate to properly protect patients’ data in the current IT environment. If any new legislation were proposed that, in some way, involves a change in the privacy and security of healthcare data, CMS and other federal agencies could be greatly impacted. In terms of privacy, the administration has been looking at several ways to improve privacy protections, including:
   1. Updating HIPAA/HITECH to reflect new entities and other changes to data collection and use
   2. Revisiting the issue of a patient identifier with Congress
   3. The role of the FTC in today’s environment

   Security issues are equally daunting. The industry is moving away from the traditional concept of structured data stored in data warehouses, behind organizational firewalls. Data to support healthcare payments and care decisions is coming from a diverse new range of sources and used in new ways. While this is exciting, this new range of uses complicates how to best protect and secure PHI. In addition, the growth of cloud, APIs, mobile computing, and smart devices create new layers of risk. Some of these issues will fall under the FDA’s jurisdiction, while others are caught by Homeland Security, but ultimately CMS will be a major player in determining policies and strategies.

   Congress recognized the growing challenges in data security with the passage of the Cybersecurity Act of 2015. Section 405 of that Act dealt specifically with healthcare security, calling for a push for greater awareness and promotion of best practices, mainly by HHS. Now, barely 4 years later, many are asking if the legislation went far enough. Increasing attacks on healthcare entities, especially hospitals, along with the growing value of healthcare data to bad actors, could continue this momentum to tighten healthcare data security. This, in turn, could potentially impact CMS efforts to promote more open data.

4. Health IT
   This area has gotten a lot of attention over the past several years with the passage of the 21^st Century Cures Act and subsequent CMS and ONC regulations dealing with interoperability and information blocking. These issues will continue to be important to CMS regardless of upcoming election results. Congress is also looking at a potential “Cures 2.0,” to deal with issues that some feel were not adequately addressed in the initial legislation.In addition, CMS has also become grown as an industry leader in both interoperability and patient-engagement with their support for the FHIR standard and open APIs. This area will only continue to grow and influence CMS policies in the coming years.In my last two blogs, I have looked at eight key policy areas which will impact CMS over the next 5 years. In my next blog, I will look at two more issues that will also have huge impacts on CMS: bringing in new entities like Amazon and Walmart, and the issue of the recent push to control medical costs and the increasing industry consolidation.