This report describes the experience of selected state governments in regulating provider-owned health care delivery systems that accept insurance risk for the provision or arrangement of health care services. We refer to these entities as Provider-Sponsored Organizations (PSOs). The primary sources of the information used for this report were interviews with regulators, hospital and physician association representatives, and managed care industry representatives in nine selected states. The states included in the study are: California, Colorado, Illinois, Iowa, Minnesota, Ohio, Pennsylvania, Texas and Washington.
States are just beginning to consider questions involved in provider assumption of insurance risk in evolving compensation systems (Exhibit A). Many states currently lack legislation specific to this issue, with official policy being dictated by regulatory addenda or the issuance of bulletins or letters from state regulators. Furthermore, in those states where relevant regulation or legislation exists, the policies reflected in these measures continue to be in flux and debated by regulators and market participants.
Direct Contracting PSOs
While nearly all the states investigated are making some attempt to regulate the activities of PSOs contracting directly with purchasers of health care (e.g., employers), the mechanism used to regulate these relationships vary. The two main models for regulating direct risk contracting PSOs were uniform licensing, where state officials sought to regulate the assumption of risk in the same way regardless of whether the entity agreeing to assume risk was provider owned or not, and the creation of a separate licensing category for risk-assuming PSOs. Regulators in the states using the former model claimed that their job was to regulate the activity of risk assumption and, in some cases, simply applied regulation pertaining to non-provider managed care entities to all organizations seeking to provide or arrange for health care delivery. Other states are considering adopting legislation which would explicitly grant the state authority to regulate the transactions involving insurance risk for health care, provider owned or not. Among the states where insurance risk-bearing PSOs are licensed separately from other managed care organizations, differences in the standards required for PSOs varied. There was little consistency among states with separate licensing categories as to the rationale for separate categories.
Downstream Risk Assumption
The states also vary substantially in their regulation of PSOs that assume risk from self-funded, ERISA exempt employer plans. Most states considered a PSO that enters into a risk-sharing arrangement with a self-funded plan is engaging in the business of insurance, and therefore, the relationship is subject to regulation by the state, even with ERISA. Other states consider such an arrangement off limits as long as the risk is 'ultimately' borne by the self-funded employer. Similarly, states differ widely in their position on regulating PSOs accepting risk downstream from licensed insurance carriers or MCOs, with some states leaving these relationships unregulated, others requiring special licensing for PSOs assuming downstream risk under certain arrangements (e.g., global capitation), and yet others impose lengthy lists of requirements governing risk transfer agreements between traditional insurers/MCOs and PSOs.
Common issues described by market participants and regulators in each of the nine study states include:
- Regulatory authority within the state: In many states the regulatory prerogative with regard to PSOs, and other managed care organizations, was a subject of contention. In several states, regulatory authority had recently been passed between the Departments of Insurance and Health. In others, both departments were concurrently involved in regulating PSOs and MCOs. Many interviewees suggested a need for unification of regulatory authority. One common theme in this regard was a general lack of confidence in the ability of Health Departments to regulate issues of financial solvency.
- Limited risk assumption: Many states apply standards regulating risk-bearing PSOs only to providers that accept risk for services they arrange, rather than provide themselves. In some states, regulatory standards governing risk assumption apply only when PSOs accept global capitation.
- Medicare/PSO risk contracts: Questions regarding Medicare risk contracting elicited interesting responses from various market participants. Representatives from licensed managed care organizations voiced opposition to allowing PSOs to risk contract with Medicare without being held to the same regulatory requirements as other Medicare risk contracting entities. Some PSO interviewees indicated mixed feelings about the possibility of directly contracting with Medicare under separate regulatory jurisdiction. Many PSOs serve Medicare risk enrollees downstream from licensed managed care organizations, and are therefore wary of legislation that could negatively affect current Medicare risk contractors.
IMPLICATIONS OF THE FINDINGS
Because state policy towards PSOs is still in the early stages of development, the lessons to be drawn by federal policymakers are limited. There is wide variation in state approaches toward PSOs, but the laws and policies are still new and there is not sufficient experience with them to understand their impacts. Despite this limitation, we can draw some implications for federal policymakers considering policies affecting health insurance markets and health plan regulation:
- Many interviewees indicated a need for consumer protections when PSOs assume substantial direct risk. States that have developed separate licensing for PSOs have applied HMO-type standards, showing concern in the areas of financial solvency, network adequacy and access, quality assurance, and utilization review. States in some cases have applied lower capital standards for PSOs.
- Many interviewees stressed the need for more emphasis on the quality of care provided by managed care plans and for more information to be made available to regulators and consumers about all types of managed care plans. The role that accrediting organizations (NCQA, JAHCO, URAC) and national data efforts (HEDIS) can play in these areas was acknowledged in a number of interviews.
- The uncertainty about how ERISA might affect a state's jurisdiction over PSOs directly contracting with employer health plans is affecting the development of policy towards PSOs at the state level. Until more clarity is provided, either by Congress or through the courts, it will be difficult for states and market participants to understand the parameters of potential state regulatory activities relating to PSOs.
- Regulators and market participants in several states raised concerns about differences in consumer protection standards applied to different types of managed care plans. In particular, they have concerns that PPOs offered by indemnity insurance carriers are not subject to the same regulation for quality, utilization review, and network adequacy as HMOs (and PSOs in states with licensing laws). It is possible that NAIC efforts to develop more uniform laws for managed care plans may reduce this variation over time, but federal policymakers should consider this variation when developing policy that relies on, or otherwise affects, state regulation of managed care plans.