State Laws and Regulation

25 State Laws and Regulation

Objectives After completing this module, you will be able to: identify the key requirements of the NAIC HMO Model Act, list the main state laws governing other (non-HMO) entities, and list the main NAIC models for health plan accountability. In the last module we discussed various federal laws that govern health plans in their roles as business entities and as participants in the delivery and financing of healthcare. But the bulk of health plan regulation exists at the state level, and although the new federal Affordable Care Act (ACA) will have an enormous impact on health plans, the states will continue to take the leading role in regulating them. Moreover, as the provisions of ACA go into effect in the coming years, states will be taking regulatory and administrative actions to implement elements of the Act and address issues and problems that arise in relation to it. Because health plans evolved within the indemnity insurance environment, many of the provisions of early health plan laws mirrored traditional indemnity insurance laws. As prepaid health plans emerged, state regulatory authorities faced the task of developing new laws that more appropriately addressed health plans. Two state agencies shared much of the responsibility for this: the insurance department and the health department. The insurance department, with the support of the National Association of Insurance Commissioners (NAIC), handles most of the regulation related to financial issues, and the health department addresses healthcare delivery and quality assurance issues.

Regulation of HMOs
Before passage of the federal HMO Act of 1973, health insurance plans were subject to laws designed to regulate the operations of insurance companies or hospital and medical service corporations, and these laws often restricted the development of HMOs. The federal HMO Act encouraged states to develop statutes that would facilitate rather than hinder the establishment and operation of HMOs. One of the most important steps in this movement was the NAICs development of its Health Maintenance Organization Model Act (HMO Model Act). Today almost every state has laws that address HMOs, many patterned after the Model Act. The NAIC HMO Model Act regulates HMO operations in two critical areas: financial responsibility and healthcare delivery. The Model Act addresses financial responsibility through licensing requirements and financial standards. It addresses healthcare delivery by establishing requirements for network adequacy, quality assurance, and grievance procedures. The Act also includes filing and reporting requirements.

Page 1 of 8

State Laws and Regulation

Financial Responsibility Requirements As you recall from an earlier module, an HMO that wishes to begin operations in a state is required to obtain a certificate of authority (COA), or license, from that state. The COA provides proof that the organization has met the states licensing requirements and has demonstrated that it is dependable, fiscally sound, and able to meet specified quality standards. HMOs are also required to meet financial standards related to net worth or capital, financial reporting, liquidity, and accounting and investment practices. For example, in order to obtain a COA, an HMO must have an initial net worth of $1.5 million, and thereafter it must maintain a minimum net worth specified by the state. These financial standards are designed to protect plan members from the risk of an HMO becoming insolvent. Insolvency occurs when an organizations assets or resources are not adequate to cover its debts and obligations. An HMO is considered to be insolvent when it does not have enough resources to pay for its members current and future healthcare needs. If the state insurance commissioner finds that an HMO is or is likely to become insolvent, the commissioner can intervene by monitoring a corrective plan developed by the HMO, reducing the volume of new business the HMO can accept, taking steps to reduce the HMOs expenses, or prohibiting the HMO from writing new business for a specified period of time. If these interventions are inadequate, the HMO Model Act grants the state commissioner the authority to take over the management of the HMO. In some cases, HMO insolvency can be handled through administrative supervision, which involves placing HMO operations under the direction and control of the insurance commissioner or a person appointed by him or her. Such action can be ordered by the commissioner or agreed to by the commissioner and the HMO. If more serious action is necessary, the HMO can be placed in receivership. Receivership is a situation in which the commissioner, acting for a state court, takes control of and administers an HMOs assets and liabilities. The primary goal of receivership is to rehabilitate the HMOthat is, return the organization to normal operation. In this case, the HMOs business continues to exist. If rehabilitation is not possible, the commissioner can liquidate the organization by transferring all of the its business and assets to other carriers or by selling its assets to satisfy its obligations. Liquidation terminates the HMOs business. Healthcare Delivery Requirements The HMO Model Act focuses on three key aspects of healthcare delivery: Network adequacy is typically measured by the geographic distribution of providers within the HMOs service area and by the availability of adequate numbers and types of providers based on enrollment. State regulators determine network adequacy by examining the description of the HMOs service area and the list of network providers names, addresses, and license numbers included in the HMOs COA application. Quality assurance requirements focus on an HMOs procedures for facilitating the delivery of healthcare services to plan enrollees. The Model Act requires that

Page 2 of 8

State Laws and Regulation

healthcare delivery procedures follow reasonable standards for quality of care and be consistent with prevailing professionally recognized standards of medical practice. An HMOs quality assurance program must include a statement of the HMOs goals and objectives for evaluating and improving enrollees health status; documentation of all quality assurance activities; and a system for periodically reporting program results to the HMOs board of directors, its providers, and regulators. Grievance procedures. The Model Act requires HMOs to maintain records of all complaints received by the organization and to make these records available to the appropriate regulatory authority for review. In addition, the Model Act requires HMOs to file a description of the internal procedures they follow to resolve member complaints. Reporting Requirements The NAIC HMO Model Act requires HMOs to satisfy a variety of filing and reporting requirements. For example, HMOs must submit copies of proposed provider and group contract forms, evidence of coverage forms, and premium rate methodology as part of the COA application process. Changes to any of these forms must also be filed with the appropriate state agency. In addition, HMOs must file annual reports with state regulators describing their finances and operations. Annual reports must be filed on state-approved forms and verified by at least two of the HMOs principal officers. To protect the interests of HMO enrollees, the Model Act authorizes state insurance departments to conduct periodic examinations to verify an HMOs compliance with financial, service delivery, and reporting requirements. HMO operations, quality assurance programs, and provider networks are examined at least once every three years.

Regulation of Other Entities

Preferred Provider Arrangements In addition to HMO laws, all states have laws to regulate health plans that include preferred provider arrangements. These laws define a preferred provider arrangement (PPA) as a contract between a healthcare insurer and a healthcare provider or group of providers who agree to provide services to persons covered under the contract. Preferred provider organizations (PPOs) and exclusive provider organizations (EPOs) are examples of health plans that include a preferred provider arrangement. Laws governing PPAs of course vary by state, and they also differ according to the structure of a health plan. For instance, an HMO offering a POS product and a PPO both provide enhanced network benefits and lesser non-network benefits, but a state may regulate the HMO under its HMO law and the PPO under state insurance laws. Likewise, a traditional HMO and an EPO may both exclude benefits for out-of-network care, but the HMO falls under the HMO law and the EPO under insurance laws. This can be important, as differences between a states HMO law and its insurance code can result in differences in premiums, covered services, and benefit levels, even though the product concept is the same. Finally, it should be noted that a significant number of PPAs are self-funded employer plans, which are not subject to state insurance laws.

Page 3 of 8

State Laws and Regulation

In an effort to establish minimum standards for preferred provider arrangements and the health plans that include these arrangements, the NAIC has proposed a Preferred Provider Arrangement Model Act (PPA Model Act). This model requires PPAs to: clearly identify any differences in benefit levels for services of preferred providers and non-preferred providers, establish the amount and manner of payment to preferred providers, include mechanisms for minimizing the cost of the health plan, and provide plan members with reasonable access to covered services. In addition, health plans under a PPA must include an adequate number of preferred providers to deliver covered services and provide benefits for emergency care by a nonpreferred provider if needed. Although only a few states have enacted laws based closely on the NAIC PPA Model Act, most states have enacted legislation to regulate PPOs. Point-of-Service Products State laws regulating other types of health plans are far less uniform than those governing HMOs and PPAs. For instance, state statutes traditionally prohibited HMOs from offering point-of-service (POS) products, but recent pressure from consumers has led to an increasing number of state mandates requiring existing HMOs to offer a POS option. In some states an HMO can offer a POS product directly, but in others it can offer it only as an indemnity wraparound policyan out-of-plan product that a health plan offers through an agreement with an insurance company. The introduction of POS products has created a regulatory challenge for most states, because these products have features of both HMOs and indemnity insurance and as such they can be subject to either state HMO laws or state insurance laws. Utilization Review Entities that perform utilization review (UR) are called utilization review organizations (UROs). They can be in-house departments of health plans or external entities. Utilization review is generally subject to regulation if the recommendations affect a health plans decision to cover a specific service. Although UR laws vary widely, most states require UROs to be licensed and to obtain some form of certification. For a URO to be certified, its personnel must satisfy certain criteria related to education, training, and experience. UROs must also typically meet standards for accessibility and confidentiality of medical information. UROs that fail to comply with state laws are subject to fines and penalties levied. The NAIC has adopted a Utilization Review Model Act. Provisions of the Model Act specify that all health carriers that provide or perform utilization review must: implement a written utilization review program (including data sources, review criteria, and appeals processes) and report annually on the program;

Page 4 of 8

State Laws and Regulation

use and make publicly available upon request documented clinical review criteria; use qualified health professionals, including clinical peers where appropriate, to administer the program; establish written procedures for adverse determinations and appeals; not tie reviewer compensation to the number of adverse determinations; cover, without preauthorization, emergency services necessary to screen and stabilize a covered person, if a prudent layperson would believe an emergency exists. Health carriers are required to pay noncontracting providers for such services if a prudent layperson would believe that using a contracting provider would result in delays that would worsen the emergency or if federal, state, or local law requires the use of a specific provider. Third-Party Administrators1 Third-party administrators (TPAs) are companies that provide administrative services to health plans, employers, or other plan sponsors. Some of these administrative services, such as underwriting and claims, are classified as insurance activities and as such are subject to state regulation. Most of the state laws regulating TPAs are modeled on the NAIC Third-Party Administrator (TPA) Model Act. These laws typically specify that to act as a TPA an organization must obtain a certificate of authority from the state insurance department designating the organization as a TPA. A TPA must also maintain, as a business record for each client organization, a written agreement describing the duties the TPA will perform, the compensation it will receive, and the standards that pertain to the business the TPA will administer. Regardless of the terms of any TPA agreement, the health plan remains responsible for determining all premium rates, benefits, underwriting criteria, and claim payment procedures, and for ensuring that the plan is administered properly. The TPA serves primarily as a fiduciary. As such, it must hold all funds it receives on behalf of the health plan in trust and must provide the plan with an accounting of all transactions performed on behalf of the health plan. The TPA is required to notify the state insurance department of any material changes in ownership, control, or qualification for a certificate of authority. The TPA Model Act specifies mandatory suspension or revocation of a TPAs certificate of authority if the TPA is financially unsound, is using practices that are harmful to insured persons or the public, or has failed to pay any judgment rendered against it within 60 days. The state insurance department has discretionary authority to suspend or revoke a TPAs certificate of authority if the TPA has violated the states insurance laws; refused to be examined or to produce its records for examination; refused, without just cause, to pay claims or perform services under its agreement; or been placed under suspension or revocation in another state.

Page 5 of 8

State Laws and Regulation

Health Plan Accountability

The NAIC has developed several health plan accountability model acts, paving the way for the creation of state statutes. Credentialing The NAICs Health Care Professional Credentialing Verification Model Act specifies requirements that health plans must satisfy to ensure that network providers meet minimum standards of professional qualification. These requirements include the following: verification of the credentials of all contracted healthcare professionals in accordance with written procedures that must be disclosed, on written request, to any applying healthcare professional; collection of a minimum set of credentialing information by either primary or secondary verification, with recredentialing required every three years; and establishment of a process by which providers can review and correct credentialing information. Although credentialing is required for all health plans, meeting a plans credentialing criteria does not ensure a providers selection by that plan. Quality Management Legislatures continue to express interest in creating, expanding, or rewriting quality standards for health plans, and numerous states have enacted laws, many of which are patterned after the NAICs Quality Assessment and Improvement Model Act. This model requires health plans to establish and report on systems for assessing the quality of care and services they provide. In particular, quality assessment laws require health plans to: establish an appropriate system for assessing the quality of healthcare services provided by each type of network, report to the appropriate licensing authorities any problems that would offer grounds for provider termination, file a written description of quality assessment programs with the state insurance commissioner or the secretary of the state health department, describe quality programs to consumers through marketing and educational materials, and meet specified data confidentiality requirements.

Page 6 of 8

State Laws and Regulation

The model also requires closed plans to implement a quality improvement program to identify the best and worst outcomes and utilization patterns and the providers responsible for each. Closed plans are defined as health plans that require covered persons to use participating providers. Closed plans are required to develop treatment protocols, practice guidelines, and other quality improvement strategies and to report annually on the impact of these strategies. Network Adequacy The NAICs Health Plan Network Adequacy Model Act requires all health plans to: meet specified adequacy and accessibility standards; hold covered persons harmless against provider collections and provide continued coverage for uncompleted treatment in the event of plan insolvency; develop standards to be used in the selection of providers; adhere to specified disclosure requirements, including 60-day written notice to providers before terminating a contract without cause and 15-day notice to patients of a providers contract termination; and file written access plans and sample contract forms with the state insurance commissioner. In addition, under this Model Act plans may not: induce providers to deliver less than medically necessary care, prevent providers from discussing treatment options with patients, or penalize providers for whistleblower activities against plans. Grievance Procedures The NAICs Health Carrier Grievance Procedure Model Act calls for the development of written procedures for handling subscriber grievances. All health carriers are required to maintain an internal first-level grievance review and a second-level review panel and to allow covered persons to review relevant information, attend review panel meetings, and have representation. Privacy of Information As you recall from the last module, the Gramm-Leach-Bliley (GLB) Act called on the states to enact laws governing specific financial services entities, and the NAIC responded by proposing a Privacy of Consumer Financial and Health Information Model Regulation to govern the activities of healthcare organizations and insurers. Whereas the GLB Act focused on the use and disclosure of nonpublic financial information, the NAICs Model Act covers personally identifiable health information as well. Rules governing the use and disclosure of health information are included under Article V of the Model Regulation and describe:

Page 7 of 8

State Laws and Regulation

when authorization is required for disclosure of nonpublic personal health information, the procedures a consumer may use to opt out of otherwise permissible information-sharing between health plans and other related business entities, requirements for a valid authorization, and conditions under which authorization requests and authorization forms must be delivered to customers. This model applies to all licensees of the state insurance department, including health plans. The model does not preempt or supersede any existing state laws related to medical records or the privacy of health or insurance information. Note
1

Adapted from Harriett E. Jones, Regulatory Compliance: Companies, Producers, and Operations (LOMA, 1998), p. 63. Used with permission; all rights reserved.

Page 8 of 8