Linnaean Regulation in Health Insurance and Information Technology

I was recently listening to Health Affairs’s “Newsmaker Breakfast with Karen Pollitz.” She gave a fascinating presentation on the challenges she faces as she develops HealthCare.Gov as a portal for information about health insurance. As I noted a few years ago, health insurers can easily mislead consumers about the nature of their coverage, and disclosure charts can be very helpful.

But even disclosure charts run up against the slipperiness of language. Pollitz noted that for some plans, a “deductible” was not really a deductible; you could easily spend much more out-of-pocket on health care than the stated “deductible level” before coverage kicked in.

How can an individual make an informed choice when words lose their meaning in a tangle of qualifications and conditions? At what point does a deductible cease being a deductible? While this might seem like a relatively technical question of insurance regulation, it is reflects a more general information-gathering problem that will confront regulators in coming years. Scientists could only predict and control aspects of the natural world when they could be named and classified. Any successful regime of healthcare reform will depend, at a bare minimum, on a flexible yet standardized classification system that can map what health insurers are doing. Like Linnaeus patiently organizing a welter of living forms, regulators will need to taxonomize pullulating permutations of insurer practices.

The Rise of Health Care’s Middlemen

The United States leads the world in payments to private insurance providers. The industry has extraordinary power over access to health care. In 2010, long-standing dissatisfaction with the sector culminated in the Patient Protection and Affordable Care Act (ACA). Congress rejected changes like a public option in healthcare, in favor of a complex and reticulated statutory scheme to better regulate insurers. There have not been dramatic changes in the way that health insurance companies are run, and their stock prices tended to rise as reform became more certain.

The ACA has set in motion dozens of regulatory proceedings. The government also allocated $20 billion toward equipping all medical offices with electronic health records in the 2009 stimulus bill, the American Reinvestment and Recovery Act. Health regulators must now try to catch up with technologically advanced intermediaries in insurance and IT fields.

Immediately after the ACA passed, naysayers on both left and right complained that divisions like OCCIO were unprepared for their new regulatory roles. Perhaps the most compelling case for repealing the ACA is a belief that regulatory agencies will inevitably be captured, or overwhelmed with information from far far better funded attorneys and lobbyists representing insurance and IT firms.*

Nevertheless, the ACA has catalyzed one very important process: the development of an infrastructure of monitoring and reporting that will be necessary for any future informed regulation. It’s shocking to consider how inadequate past reviews were here. As of 1997, the “US Department of Labor had resources to review each employer-sponsored group health plan under its jurisdiction once every 300 years.” The Bush years did not significantly address that shortage. Moreover, “state insurance department staff levels declined 11% in 2007 while premium volume increased 12%.” The personnel simply haven’t been around.

Starting essentially from scratch, Pollitz and her fellow regulators are engaging in a painstaking rebuilding of the foundations necessary for substantial regulation. Having long neglected even to closely monitor the sharp practices of health insurers, federal regulators are now beginning new programs of surveillance.**

Insurance Reporting and Classification

Reporting requirements may not seem like a notable accomplishment. Nevertheless, the trend toward monitoring the products and services offered by insurance companies is an important step toward accountability. HHS needs to impose some order, some translatable logic, on fields that have threatened to become enormously parasitic and unproductive by or masking the true nature of their commitments.

Consider the practical illegibility of the average insurance plan. A vanishingly small number of subscribers actually read such plans. A plan may have complex cost-sharing requirements that vary among in-network and out-of-network primary care doctors, specialists, surgeons, hospitals, and procedures. While a “great risk shift” makes consumers all the more responsible for their choices in health care, it’s hard to imagine anyone accurately mapping the true fiscal consequences of given disease episodes in an aggressively complex plan.

By setting “a minimum level of health benefits, called the essential health benefits, that must be offered by certain health plans.” As Jessica Mantel explains, the term “‘essential health benefits package’ means coverage that not only provides for the essential health benefits defined by the secretary, but also limits cost-sharing for coverage of the essential health benefits in accordance with the parameters specified in the statute.” The Cancer Action Network has applauded the ACA for promoting “more standardization in the scope and value of private health insurance coverage available.”

Similarly, setting a “medical loss ratio” involves a careful delineation of insurer payments and functions that actually contribute to care. As Tim Jost explained in Health Affairs:

Medical loss ratios have long been of interest primarily to investors. An insurer that could achieve a low MLR by holding down expenditures on health care for its enrollees was a good investment. . . . On November 22, 2010, the Department of Health and Human Services released its interim final rule implementing the requirements of the new section 2718 of the Public Health Services Act (added by section 10101 of the Affordable Care Act), entitled, “Bringing Down the Cost of Health Care Coverage.” This provision is usually referred to as the “medical loss ratio” (or MLR) requirement . . .

Section 2718 requires health insurers (including grandfathered but not self-insured plans) to report to HHS each year, the percentage of their premium revenue that the insurer spends on 1) clinical services for enrollees, 2) “activities that improve health care quality,” and 3) all other non-claims costs, excluding federal and state taxes and licensing or regulatory fees. . . .

Jost describes in details how the classification works, and how it is designed to encourage more responsible insurer behavior.

Setting a Standard for Electronic Medical Records

Electronic health records systems will also need to develop shared data management standards. EMR vendors long argued that they needed flexibility to innovate in order to best reflect doctors’ practices and improve the capture of medical information. However, there is a tension between untrammeled innovation by vendors at any given time and later, predictable needs of patients, doctors, insurers, and hospitals to compare their records and to transport information from one filing system to another.

One system may be able to understand “C,” “cgh,” or “koff” as “cough,” and may well code it in any way it chooses. But to integrate and to port data, all systems need to be able to translate a symptom into a commonly recognized code. Health care providers can only avoid getting “locked into” a system if they can transport their records from one vendor to another. Patients awant their providers to seamlessly integrate records.

HHS rulemaking has lain a groundwork for this type of common language of medical recordkeeping. As Sharona Hoffman and Andy Podgurski explain,

To address this problem, it is necessary for all vendors to support what we will call a “common exchange representation” (“CER”) for EHRs. A CER is an artificial language for representing the information in EHRs, which has well defined syntax and semantics and is capable of unambiguously representing the information in any EHR from a typical EHR system. EHRs using the CER should be readily transmittable between EHR systems of different vendors. The CER should make it easy for vendors of EHR systems to implement a mechanism for translating accurately and efficiently between the CER and the system’s internal EHR format.

There are also important opportunities for standardization in the security field:

As is true for a common exchange format, standardized security policies and mechanisms are unlikely to be adopted by vendors and providers without a regulatory mandate. In order to facilitate compliance and provide vendors with clear guidance, the regulatory mandate might incorporate, by explicit reference, some established and emerging security standards, such as the Internet Engineering Task Force’s Transport Layer Security (“TLS”) standard or its Public-Key Infrastructure (X.509) standard.

The discussion can quickly become technical, and it is difficult to explore all the ins and outs of the process. But the underlying purpose is clear: to develop some standard forms of interacting in a realm where “spontaneous order” is unlikely to arise and “network power” could lead to lock-in.

Of course, there are important differences between the EHR and health insurance landscapes. Symptoms refer to conditions that are, by and large, objective. (One can even imagine ubiquitous video cameras and sensors creating something like a complete patient record (or medical life log) for patients who consent to that type of monitoring.) Insurance contracts, by contrast, do not have the same “ontological firmness.” They must contemplate vague and open-ended spells of illness.

Nevertheless, a process similar to common exchange representation is now going on in the consumer affairs office of HHS. As the Office of Consumer Information and Insurance Oversight lays ground rules for ACA implementation, it must decide on some basic questions: what counts as insurance? What is a deductible? The ultimate goal is to require insurers to convey with far more precision what services they truly cover. The health insurance and health IT landscapes will only become governable when practices are nameable, classifiable, and comparable.

*The latter point does appear to be valid with respect to the public record now being compiled in dozens of rulemaking processes. In rule after rule, industry comments overwhelmingly dominate public interest or academic contributions. It’s sad to think that groups like Campaign for America’s Future, or labor unions, having spent so much time getting the ACA passed, are now ceding much of the regulatory field to insurers. On the other hand, given the Administration’s recent regulatory direction, and McSurance waivers, who knows whether good comments would have an impact.

**For more on the importance of ongoing surveillance in complex business environments, see Larry Cata Backer on SarBox, and the last part of my earlier post on high finance.

Image Credit: Charles Linnè, A General System of Nature, Vol. V. London: Printed for Lackington, Allen & Co., 1806.

Frank Pasquale

Frank is Professor of Law at the University of Maryland. His research agenda focuses on challenges posed to information law by rapidly changing technology, particularly in the health care, internet, and finance industries.

Frank accepts comments via email, at All comments emailed to may be posted here (in whole or in part), with or without attribution, either as "Dissents of the Day" or as parts of follow-up post(s). Please indicate in your comment whether or not you would like attribution, or would prefer your comment (if it is selected for posting) to be anonymous.

You may also like...