VideoStill, while the financial risk of self-insuring might be readily absorbed by some companies, managing internal controls can be a far thornier matter since self-funded plans don't tend to administer the plans themselves. More often, they outsource that job to a third-party administrator (TPA), which handles such things as doctor and hospital payments, claims processing, and benefit reimbursements for a fee.
Splitting the funding off from the administration has made it tough for self-insured employers to get a coherent picture of their payment flows. A big part of the problem, suggest participants, is drawing a straight billing line from the health-care provider to the TPA to finance. "The trickiest part is getting all the different data to line up," says Aldrich.
Pactiv is about 60 percent self-insured, according to the compensation manager (other employees and retirees are covered through fully insured health maintenance organizations). Pactiv's finance managers write checks based on claims the company receives from providers, but Aldrich says that it's hard to reconcile the company's own claims data with the data he gets from Blue Cross/Blue Shield, one of the company's TPAs. The BCBS data, for instance, might contain more-up-to-date information on discounts negotiated with health-care providers than Pactiv itself has on hand.
Indeed, many companies have a fragmentary view of their health-benefit payouts, says Potarazu of VitalSpring Technologies. At some companies, transactions with doctors and hospitals may not be automatically reported in the corporation's general ledger, creating a situation ripe for errors. The software executive says that he's seen cases where HR employees risk redundant reporting by first subtracting the costs of self-insurance from a company's books, then delivering the data on spreadsheets to the finance department to record as corporate expenses.
Furthermore, says Potarazu, TPAs might fail to invoice an company for care provided to its employees, or they might aggregate invoice information and thus cloud the details of services provided. Under Sarbox 404, he notes, the inability to tie a transaction to an invoice — and provide an adequate audit trail — might be seen as a breakdown in internal controls.
Misplaced Incentives
Another question for many self-insured employers is one confronted by every outsourcer: How do you assess that the internal controls of your third-party administrator — which have, essentially, become an extension of your own — are shipshape?
A common solution is for the company's auditor to test the TPA for benefits-related errors. At Consolidated Edison, controller Ed Rasmussen says that the New York-based utility's auditors, PricewaterhouseCoopers, "have to be comfortable" with the internal controls of ConEd's benefits administrator. PwC performs an audit according to the Statement on Auditing Standards No. 70 (SAS 70), which governs examinations of the internal controls of outsourcing providers generally.
The effectiveness of SAS 70 audits is limited, however. Service providers must report control failures themselves, but not the scope or exact substance of the audits that uncovered them.
Further, routine spot-checks of benefit claims aren't likely to uncover broader internal-controls failures. The probability that a claims audit "would identify a systemic problem, and therefore help [an employer] manage the risk, is very low," says David McSweeney of Healthcare Data Management. According to the chief operating officer of the Wayne, Pennsylvania-based health-plan auditor, spot-checks are unlikely to pick up a coding error that generates claim overpayments or one that results in payments that were never intended.
To avoid such broad problems, risk management experts suggest, finance executives should take a hard look at their companies' contracts with third-party administrators. A company's outsourced claims processors should have contractual incentives to focus less on speed and more on accuracy, says George Aldhizer, an associate professor of business and accounting at Wake Forest University.
Today, a TPA might be held to handling 90 percent of an employer's claims accurately within 10 days of receiving them; such an agreement can provide little motivation for a claims processor to uncover and report fraud and systems errors. "The administrator has no financial incentive to carefully monitor the bills that come in from hospitals, physicians, and clinics. There is no downside risk for them" in foregoing such care, says Aldhizer.
Better, then, for an employer to build more such incentives into the services contract and to keep a tight grip on the right to monitor the TPA's adherence to its terms. Instead of fussing over the cost of the services, says McSweeney, employers should pay greater heed to holding claims processors accountable for such things as fraud control and the protection of employee privacy.
Most important, he says, finance executives of self-insured companies should be especially chary of surrendering their contractual right to audit the TPA in exchange for a cheaper price. "I can't emphasize that the review of that agreement and the rights ceded and enforced is critical," adds McSweeney.
Reader Comments» Post a comment