The Commonwealth Fund Blog

State Flexibility in Risk Adjustment Under the Affordable Care Act

July 26, 2011

Tags: Affordable Care Act health insurance health insurance marketplaces

Mark HallBy Mark Hall

Much anticipation greeted the U.S. Department of Health and Human Service's (HHS) proposed rule for the new state health insurance exchanges. But after wading through its 244 pages, few people (other than Tim Jost) had the fortitude to continue on with the companion set of proposed rules governing risk adjustment, reinsurance, and risk corridors. As the policy wonks among us know, these "three R's" are the Affordable Care Act provisions designed to deal with problems of adverse selection, market uncertainty, and skewed risk distribution under the Act's new insurance market structures.

Other blog posts nicely describe the exchange provisions, so I will attend to risk adjustment, which is the more permanent of the "three R's," and the one posing the most unresolved issues. I will further limit myself to just a couple of points under risk adjustment, in view of Tim Jost's more comprehensive summary.

The Affordable Care Act requires risk adjustment within the individual and small-group markets in order to level the competitive playing field both within and outside the exchanges. Putting insurers on a more equal footing encourages them to compete based more on managing the costs and quality of care than on techniques of risk selection or avoidance. These issues arise because the Affordable Care Act requires insurers to accept all applicants and prevents them from varying premium rates based on health status. This elimination of "medical underwriting" leaves insurers vulnerable to adverse selection (attracting a higher-than-average risk pool), which creates incentives for insurers to adopt indirect or covert forms of risk avoidance. Adverse selection against exchanges might also threaten their effectiveness or viability, especially in the employer market.

In order to counteract these tendencies, risk adjustment measures each insurer's average risk pool (in a given market segment) and requires those with a lower risk profile to subsidize insurers with a higher risk profile. That might sound simple enough, but accomplishing effective risk adjustment is a big undertaking, as we have learned already with Medicaid and Medicare managed care plans. There are many different ways to do risk adjustment, each with its particular nuances and competing sets of advantages and disadvantages. It would be a tall order for HHS to pick one method in particular, so it set that hot potato aside for now and focused on the process of picking and administering a risk adjustment method. Shifting from substance to process, however, does not avoid all the difficult questions, so the proposed rule has to grapple with two key process issues:

1) Who picks and administers the adjustment method? The Affordable Care Act gives HHS the authority to pick the method, but requires states to administer it. Consistent with the exchange rule, HHS opted for the greatest degree of state latitude that is reasonable. Honoring states' legitimate concerns about sovereignty, the rule does not require them to administer risk adjustment. Instead, they can either turn over to the federal government both the exchange and the risk-adjustment function, or keep the exchange and opt out of doing the risk adjustment. The only choice not offered is to default to the federal government on the exchange but keep the risk adjustment function.

As for adjustment methods, HHS will certify one or more, which states may pick among, and if a state doesn't see what it likes, it can propose its preferred method for federal certification. It appears almost certain that HHS will opt for adjustment methods that use diagnostic and treatment data, rather than merely demographics, since diagnostic risk adjustment is several times more accurate. That likelihood raises next the question: who manages the data?

2) Who will control the data? HHS also deals intelligently with the second hot potato of who controls the clinical data used for risk adjustment. There are two competing issues: patient privacy and verifying the accuracy of risk scores. On privacy, some people might object to government collecting medical data about privately insured people. Although government already has clinical data for treatment it pays for through Medicare and Medicaid, as do private insurers for the people they cover (which is why we have HIPAA's stringent rules and tough penalties), impressions and emotions matter, whether right or wrong.

To mitigate this possible concern, the proposed rule allows states to collect the necessary clinical and demographic data and turn them over to HHS for risk-adjustment purposes only after identifying information has been removed. HHS considered not collecting these data in any form, leaving it entirely to insurers to calculate their own risk profiles using the federal or state algorithm. But keeping all sensitive info out of government hands (except for spot auditing) would not fly with all insurers. Some insurers simply wouldn't trust others to get it right, when the stakes are one competitor having to write a large check that goes to another competitor based on the accuracy of reported risk scores under a complex formula.

The neat solution of state collection and federal calculation is a smart way to balance all the competing concerns through a combination of privacy firewalls and accuracy checks. Moreover, this local-control approach gives states one more good reason to operate their own exchanges. In short, HHS appears in this initial round to step deftly through the minefield of potential problems, as well as could be hoped for.

Post Comment Read or Post Comments

Raymond Ramos of Raymond Engineering says:
September 29, 2011

It is quite interesting that there is now a need for a highly convoluted system to deal with the new health care program, whereas, if we had a truly market-oriented program, the need for the federal government to get involved in auditing insurance companies to insure "fairness" would not be necessary or would at best require a minimum amount of oversight.

It is already a fact that large entities are unable to manage private data securely. There are daily reports of databases being hacked and causing untold harm to the individuals whose information has been compromised. HHS is saying they will not develop a database that will contain sensitive medical and/or personal information, but the only way such data can be validated is that it be linked to the source data, which will have such information.

The argument for having this data sounds so much like the ones used for gun registration. The criminals are the ones who do bad things with guns, but the government thinks the solution to gun crime is have every legal gun holder register his/her gun, which does nothing in getting guns out of the hands of criminals since they will never register. This smells just as bad. HHS' collection methodology skirts HIPAA by claiming they have not collected sensitive data but in reality, they can access the data at any time under the pretext that they need it to support the certification process. What they have done with the health care law is force the states to develop the database they need.