[Main Page of Report | Contents of Report]
Contents
Confidentiality is clearly essential to effective mental health and substance abuse treatment. Our review of the status of privacy-sensitive approaches to collecting personal health information for managed care suggests there are steps that the Department of Health and Human Services (HHS) could take to advance current information-sharing practices so that they are more privacy-sensitive. First, we review the option and possible consequences of “doing nothing.” We then discuss what HHS might consider if it decides to develop or facilitate the development of a standard set of minimum necessary information. Finally, we discuss how the information in this report might be used by the health plan community to further privacy-sensitive approaches to collecting the minimum amount of personal health information needed to manage care.
The general trend in the managed care industry towards collecting less data to manage mental health and substance abuse outpatient services may mean that, absent any action, health plans that still collect very detailed personal health information will eventually begin to collect less information. Furthermore, the consumer advocates and managed care groups in our study did not view the issue of how much information is shared by providers with payers as a high priority item at the time of our study.
However, the APA’s release of its Minimum Necessary Guidelines for Third-Party Payers in December 2001 shows that the issue remains a significant concern for providers. Also, the absence of a national standard for what constitutes the “minimum necessary” information that providers should be sharing with MCOs has resulted in very different privacy protections for consumers depending on their health plan. In addition, our interviews with providers suggest that clinicians vary widely in how specific they are with their patients about what information is transferred to MCOs. This variation exists because from a legal perspective, many mental health providers rely on a general patient consent as a basis for transferring personal health information to a payer for purposes of payment and health plan operations.
We are left with a somewhat troubling picture in which many consumers receiving mental health services are consenting to the transfer of personal health information only in general terms and perhaps months prior to these services and before the record even exists. At the same time, health plans that work toward similar care management goals request vastly different amounts of personal health information. This picture seems inconsistent with the HIPAA emphasis on ensuring consumer awareness of and control over the flow of personal health information. We are not aware of any legal action to date that has challenged either the current practices surrounding informed consent or the appropriateness of MCOs’ information requirements. However, it seems to us that such legal challenges could arise if no action is taken to better standardize or limit personal health information collection for managed care.
One way to increase the use of privacy-sensitive approaches to the sharing of personal health information is to develop a national standard for what constitutes “minimum necessary” information. Such a standard could both help consumers understand what information MCOs need and why and eliminate the wide, plan-to-plan differences in the information that is collected. Moreover, the minimum necessary information set could be implemented through a common treatment request form. This would reduce the burden, still faced by providers in most states, of responding to many different types of health plan requests. However, developing a nationally applicable “minimum necessary” set of information is not an easy task.
For purposes of discussion, we will assume that if a nationally applicable minimum necessary information set were to be developed, HHS would lead the effort. Clearly, given the differences of opinion among stakeholders, some party that is viewed as neutral and outside of the managed care, advocacy, and provider communities must lead the effort so that the stakeholders can view the outcome as legitimate.
One important consideration in developing a minimum necessary information set is what role scientific or other research results can play in helping to define what information is needed to manage care. Unfortunately, the research is sufficient to serve only as an aid to, not a primary basis for, establishing a set of minimum necessary information. That said, the criteria for patient placement for substance-related disorders developed by the American Society for Addiction Medicine (see Chapter IV) provide more support for identifying the information needed to managed substance abuse care than anything that is readily available to support the information needed to manage mental health care. More specifically, the ASAM criteria could be a source against which proposals for minimum necessary information might be reviewed to rule out irrelevant information related to substance abuse disorders. But because the criteria are very detailed, they may not help to isolate the most important pieces of information to collect.
Our understanding is that there is no similar set of criteria for mental health treatment, and that, in fact, there is little consensus among mental health care providers with regard to what and how much treatment is necessary under many circumstances. Despite this lack of consensus, managed care plans or other interested parties (such as researchers) could develop a series of examples of how personal health information can be used in conjunction with information from research studies to perform evidence-based quality and utilization checks. This exercise may point to specific data elements that are critical to many types of well-supported checks.
A second critical consideration is whether HHS might be able to establish a set of minimally necessary information that can be shared between providers and payers. HHS might establish this set of information, with relevant stakeholders providing input during the process. Alternatively, HHS might choose to convene a set of experts to reach a consensus on what information should be considered minimally necessary, as was done in Maryland in the development of the Uniform Treatment Plan Form, and adopt this consensus as the official minimally necessary set of information.
Insight into Constructive Participation by Stakeholders. Providers do not agree on whether personal health information should support routine care management by MCOs. Some do not even view compromise on this issue as an appropriate option. This group—a subset of the providers who hold the “administrative data only” view described in Chapter III—would not be expected to participate constructively in an effort to generate a set of minimum necessary information by consensus. As noted in Chapter III, other providers hold less extreme views, finding it acceptable to share certain information beyond administrative data with MCOs. Still others acknowledge privately that the sharing of information that supports utilization and quality management overall benefits the consumer by avoiding fraudulent and unnecessary treatment and offering some protections regarding quality of care. Because they agree with providing some personal health information to MCOs for the purpose of care management, these two groups of providers might be expected to contribute to the effort to develop a minimum necessary information set by consensus.
On the other side of the equation are the MCOs, which may or may not buy into the idea that a common set of minimally necessary information would benefit them. The extent of their participation may depend on the extent to which they view the specifics of how they use personal health information as proprietary—a component of their corporate strategy that allows them to keep costs lower than their competitor. However, one health plan respondent we spoke with supported the concept of a single set of minimum necessary information collected through a standardized form, and in fact told us of some overtures he had made to advance the concept. A nationally applicable form that captures the minimum necessary information set could benefit MCOs and providers alike by reducing the burden on both parties. For instance, such a form could reduce provider errors, since providers would become accustomed to responding to the items on the form. This could, in turn, help to reduce the need for MCO follow-up, which taxes both MCO staff and providers. The burden of responding to follow-up could also be lessened for providers if MCO follow-up were voluntarily or otherwise restricted as a result of a carefully considered process to identify the minimally necessary information for managing care. Moreover, the routine completion of a standardized form should simplify the administrative burden on providers; in addition, to the extent that the form would be less extensive or require less narrative than many current forms, it would reduce providers’ workload. The resulting lower burden on providers could enhance their relationship with MCOs. Finally, the development of a standard set of minimum necessary information would offer plans a way to ensure that they are abiding by the “minimum necessary” information principle articulated in HIPAA.
HHS’ Role. While providers and MCOs, as well as consumer advocates, must participate in development of a standard set of minimum necessary information, HHS has at least two options for defining its role in the effort. One option is for the agency to act as a facilitator, convening representatives from the various stakeholders and securing a commitment to developing a group product, which HHS could decide to adopt or help disseminate. Based on our interview with a respondent who was heavily involved in Maryland’s development of its Uniform Treatment Plan Form, a legislative mandate or deadline for producing such a product may be a prerequisite to the success of this type of strategy. Alternatively, HHS could consult with representatives of the provider, advocacy, and managed care communities, using the resulting information to establish guidelines for what constitutes minimum necessary information under its own authority.
Some Potential for Unintended Consequences. A standardized set of minimum necessary information could inadvertently increase the amount of personal health information collected by those plans that now collect the least information. However, as discussed in Chapter IV, the amount of data collected routinely must be interpreted in the context of how much follow-up information a plan collects. If, as in Maryland, the standardized set represents all of the information a plan may collect outside a formal appeals process, then more personal health information may be collected routinely. However, the net effect of this approach may be the same or better for the consumer than if less information is collected routinely and follow-up is open-ended—that is, if free-form discussions between case managers and providers lead to the sharing of more personal details for some cases.
Legislation that requires the development of a minimum necessary set of information could help HHS achieve a consensus or near-consensus-based product that also explains information sharing to consumers and allows MCOs to manage care. As noted above, a respondent heavily involved Maryland’s development of its Uniform Treatment Plan form by consensus of relevant stakeholder groups believed this effort would probably not have been possible without the legislation that required its development.
On the other hand, raising the issue with Congress could possibly lead lawmakers to establish a minimum necessary information set that may be different from what would be achieved through an HHS-led process involving a balanced set of stakeholders. For example, the provider community could prevail on Congress to adopt the DC or New Jersey models or the APA guidelines.
The gulf between the APA’s minimum necessary guidelines and typical MCO information requests is clearly wide. Although the MCO representatives we spoke with do not believe the information set out in the APA guidelines will allow them to manage care effectively, the health plan trade associations had not focused on articulating a response to the guidelines at the time of our study. It may be that these organizations do not believe they need to attend to this issue. If they view the patients’ general consent as a sound legal basis for MCOs to continue requesting information as they now do, then the trade associations may see little reason to be concerned with providers’ views of what is minimally necessary. However, these organizations may not have focused on this issue simply because of other priorities. In that case, the information in this report on the large gap between the APA’s guidelines and current MCO practice may draw their attention to the issue. Also, given the public backlash toward managed care in recent years, the managed care industry could benefit from better conveying the value of care management to the public by explaining in more specific terms why the personal health information they collect benefits consumers.
Also, the report could help health plans review their information-collection routines. More specifically, they can use the report to identify what information is collected under several privacy-sensitive approaches, what information is especially controversial with providers and why, and whether the items they collect are similar to or different from most of the other organizations whose forms and protocols we were able to obtain.