Change, Opportunities, and Threats: Our State of the Industry Survey

Jan. 17, 2023
The January-February cover story of Healthcare Innovation offers readers a glimpse of the current landscape around value-based contracting, the leveraging of analytics to support population health management, the state of cybersecurity, and much more

Change is happening in patient care organizations across the U.S healthcare system—not revolutionary or rapid change, but gradual change that is over time shifting the shape of how patient care organizations work. In our annual State of the Industry Survey, we asked survey participants to respond to a wide range of questions around infrastructure, analytics, health information exchange (HIE), analytics, value-based contracting, cybersecurity, and several other topics. In this article, we share some of the highlight results from our annual survey, with analysis of those results by industry leaders and observers.

Value-based contracting: stuck in neutral?

When it comes to one of the key areas of interest for senior leaders healthcare system-wide—participation in value-based contracting—we found a range of responses from participants, who represent senior leaders in hospitals, medical groups, and integrated health systems nationwide.

Asked which types of value-based contracts their organization is involved in, the following were the results: Medicare Shared Savings Program (MSSP): 31.82 percent; Next Generation ACO Program: 18.18 percent; Medicaid ACO: 25 percent; Private health insurer ACO or contract: 31.82 percent; Medicare Direct Contracting Program (now ACO REACH): 13.64 percent; and None of the above: 27.27 percent

A year ago when we surveyed health system leaders, 32.67 percent were in organizations participating in the MSSP; 14.85 were participating in the Next Gen ACO program (which has since been closed down); and 37.62 percent were participating in private ACOs.

What percentage of respondents’ organizations’ value-based contracting involves two-sided or downside risk? Among those for whom the question applied, here were the results: 0-5 percent: 50 percent; 5-10 percent: 15.3 percent; 10-15 percent: 7.7 percent; 15-20 percent: 7.7 percent; and More than 20 percent: 19.2 percent.

Last year, these figures were as follows: 0-5 percent, 32.67 percent; 5-10 percent, 9.9 percent; 10-15 percent, 10.89 percent; and more than 20 percent, 5.94 percent.

When asked what percentage have performed health risk assessment across broad populations? The respondents’ results were as follows: Yes: 45.45 percent; Not yet, but are planning to do so soon: 20.45 percent; No: 25 percent; and Not sure: 9.09 percent.

When asked what percentage of organizations are working to incorporate the social determinants of health (SDOH) elements into their population health and care management work? The respondents’ results were as follows: 56.82 percent: yes; 15.91 percent: not yet, but are planning to do soon; 22.73 percent: no plans to do so; and 4.55 percent: not sure.

With regard to the survey results around the value-based contracts that patient care organizations are involved in, Sandeep Sabharwal, managing partner and board member at the Naperville, Ill.-based Impact Advisors consulting firm, says that “I think those findings are pretty accurate. I’ll just add that I would have expected a higher level of participation in the Direct Contracting program [now ACO REACH], seeing that the highest level of traction in the market is really in the Medicare space, whether it's in the Shared Savings Program or the Direct Contracting Program. And if you look at the Medicare value-based programs, they’ve been around now since 2010”—since the passage of the Affordable Care Act. “And with the passage of MACRA”—the Medicare Access and CHIP Reauthorization Act of 2015, which ushered in the MIPS (Merit-based Incentive Payment System) program for physician payment under Medicare—in every subsequent year since the passage of MACRA, CMS officials have basically expanded the scope of the Medicare incentive-payment programs, adding in the MIPS APMs”—Alternative Payment Models—for providers interested in pursuing alternative payment. “At the same time,” he says, “we’re also seeing traction in the private health insurer contracting space. This is really based on the changes that came because of Obamacare. And the last would be the Medicaid, which is really the government contracts. I think there's a lot of talk in the Medicaid space, but very less action. But I think I will say that Medicare, followed by private health insurance ACO, followed by Medicaid, that's the order” of adoption of value-based contracting.

“I’m curious to see how the value-based programs under Medicare will evolve into the future,” says Melanie Matthews, president and CEO of PSW, a Population Health Company based in Olympia, Washington, and which administers what was the Direct Contract ACO but on Jan. 1 [2023] became the REACH ACO, and the MSSP contract, for MultiCare, the Tacoma-based health system, and which helps manage risk-based contracts for health systems in several states. Meanwhile, says Matthews, per the social determinants of health question, “I’m going to assume that those who responded that they have no interest in SDOH are probably not that interested in value-based contracting. If you were to cross-reference respondents whose organizations are participating in value-based contracting, they are more likely to be working with the social determinants of health as well. There certainly is a correlation with concepts around health equity in that regard.”

With regard to work being pursued to incorporate social determinants data into population health management and care management work, PSW’s Matthews says that “I would assume that those respondents” with no plans to do so, “are also not as engaged in value-based contracts. My guess is that if you cross referenced the respondents whose organizations are already involved in value-based contracting, that there would be a high correlation with those that are also equally making investments and utilizing services to address social determinants of health, because the evidence and literature would certainly suggest that health equity is very much an issue today and a policy priority for our health care policy.”

Meanwhile, with regard to the policy side of all of this work, Matthews says that “I think that strong signals have been sent out, with CMMI developing refreshed models, including, for example, the value-based oncology care model, with all of them addressing health equity issues,” referencing the Center for Medicare & Medicaid Innovation at CMS, the Centers for Medicare and Medicaid Services.

Meanwhile, with regard to two-sided risk, Impact Advisors’ Sabharwal emphasizes that “It’s really that accountability” that makes models based on two-sided risk so challenging. A range of issues, including quality reporting, resource utilization, readmissions reduction work, all come into play; and specifically, any “lack of alignment” among an ACO’s or contract’s participants, becomes exposed.

And what about hospital-at-home programs, whose adoption seems to be accelerating now? Our survey found that, among hospital-based organizations capable of developing a hospital-at-home program, 26 percent have fully implemented such a program; 13 percent have gone live in some form with such a program, and 34.7 percent are in the planning stages of developing such a program; but 26 percent reported that they have no plans to do so.

“The uncertainty of the long-term implications of hospital-at-home models may be a factor there,” comments PSW’s Matthews. “Those programs were scaled up during COVID, but it takes a while for newer care delivery models to get everything in place in order for them to be fully … Anytime you do anything transformational, it takes all oars moving in the same direction, and that can be challenging. And the concept wasn’t uniformly applied by all payers, and there wasn’t a lot of data on those programs; so it does take a while for adoption to take place.

Meanwhile, we also asked our readers for what uses they are leveraging health information exchange (HIE) participation, and they reported the following uses: Clinical queries/querying: 43.18 percent; Public health alerts: 36.36 percent; Exchange of diagnostic images: 34.09 percent; ADT (admissions, discharge, transfer) alerts: 27.27 percent; Behavioral health-related alerts and communications: 31.82 percent; Prescription drug monitoring programs: 31.82 percent; DIRECT messaging: 29.55 percent; ED visit alerts: 27.27 percent; and Other: 11.36 percent.

“I think that querying makes sense” as a core use for HIE interoperability, Sabharwal says, “but an area where we're beginning to see probably the biggest lift is actually around behavioral health-related alerts and communications. Overall, I would say the biggest areas of growth we’re seeing are in communications around behavioral health and home health.”

Analytics as a foundation for population health work

Survey respondents were asked where their organizations were in their development of analytics to support population health management and care management. Here’s what we learned: 31.82 percent said that their organizations were advanced in their analytics development; 47.73 percent said they were early on in their analytics journey; 9.09 percent have not used data analytics until now for that work; and 6.82 percent have no plans to use data analytics on any level of scale.

Interestingly, this year’s results strongly mirror those of last year, when 31.68 percent of respondents described their organizations as advanced; 42.57 percent said they were early on in their journey; and 6.93 percent described no plans to use data analytics.

As for the leveraging of artificial intelligence (AI) and machine learning tools in their operations, the following results were revealed:43.18 percent who are leveraging AI and machine learning are doing so in clinical areas—for patient care delivery and clinical transformation; 36.36 percent are using AI for operational and administrative purposes; 25 percent are using AI for financial purposes, including for revenue cycle management; and 38.64 percent are not yet using AI.

Per the first set of results, Liam Bouchier, vice president of analytics at Impact Advisors, says that “Those results look really on point. That said,” he says, the responses to the two questions don’t fully align. “You found that nearly 48 percent say they’re early on in their analytics journey, yet 43 percent said they’re leveraging AI in clinical areas. AI has become widely adopted, and it’s more than just a buzzword.” The challenge, he says, is “going to scale”—activity around which he believes will accelerate dramatically in the next three years. “I am kind of surprised that adoption is not yet higher on the revenue cycle side of things, because that’s one of the early use cases for AI.” But, he adds, the use case for leveraging AI for administrative purposes is clear, as AI can help health system leaders and managers to “write for any sort of repeatable task that can just run that process again and again and again.” He sees AI adoption accelerating rapidly in the near future.

Indeed, per that, Bouchier adds, “The analytics world has changed pretty dramatically in the last five years, and part of the reason for that is the entry of big tech into healthcare. But the other thing that has really has changed that is that the responsibility for data and analytics and health systems is now falling to a chief data officer or chief analytics officer,” individuals who stand outside of the traditional health IT organization, and that shift is changing the dynamic. That traditional dynamic, he notes, tends to involve “pre-canned reports that don't tend to be invested in a broader analytics strategy or roadmap; and in the majority of the work that I know that we do, we work closely with either chief analytics officers or CFOs. CIOs are sometimes people we work with as well,” he adds.

Cybersecurity concerns continue to intensify

Even as the leaders of patient care organizations across the U.S. healthcare system are moving forward along so many dimensions, in terms of participating in value-based contracting, advancing their population health management and care management work, and sharpening their use of analytics tools—including AI tools—to support their work to improve care management, they continue to be dogged by cybersecurity threats.

Indeed, a core set of survey results was around the cybersecurity challenges that patient care organizations are facing these days. Asked whether their recent experience of cybersecurity threats and attacks has been more or less challenging, 47.73 percent told us that their experience has been more challenging than a year ago, while 27.27 percent said it’s about the same, and only 4.55 percent reported that it’s less challenging (and 20.45 percent weren’t sure). Looking at that set of results, “What was really interesting about the answers to this survey is not so much what [survey respondents] said, but what they also didn't say, and sometimes, the negatives can be just as powerful as the positives,” says Mac McMillan, founder and advisor of the Austin, Tex.-based CynergisTek, a Clearwater Company. “In this particular case, 50 percent said it was more it was more challenging, while the other 50 percent said it was about the same or they weren't sure, which is kind of scary. But you realized that hardly anyone said it was less. So absolutely, nobody thinks that the environment that they're in today is less challenging than the one they were in a year ago. And it’s important that 100 percent think that the environment is still challenging, or more challenging than it used to be. And that's, that's no surprise at all. It because it absolutely is.” But here’s the catch: that level of threat “still hasn't changed their behavior or their or their sense of priority with respect to cybersecurity. And that's the part that's really troubling in this thing, is that you've got more than half the people who absolutely say it's more challenging, and the rest say is just as challenging. And yet, they're still spending pretty much what they've been spending. And those two things just don't align.”

One interesting set of results was this one: asked whether their organization had experienced  a malware attack, ransomware attack, or other form of cyber breach that has led to a significant disruption of EHR (electronic health record) and clinical information systems usage, 18 percent said yes, but nearly 66 percent said they had not, while 16 percent weren’t sure. Dave Bailey, vice president of security services at CynergisTek, a Clearwater Company, says that “There two ways of looking at that. To begin with, we have to at least assume that those organizations are experiencing downtime. So they're experiencing issues, but for some reason, those downtimes and issues are not being attributed to attacks. Why is that?” he asks. “Maybe those organizations aren’t developing reports” on the breaches. “Maybe they don’t know they’ve been extorted”—yet.

As for the cybersecurity threats, which experts across the industry agree are intensifying, Bailey says that “In my experience, what we're seeing is a very sophisticated adversary that recognizes that they can take advantage of an industry, and they take advantage of it because they're successful at it. And if you look at if you look at the top malware families that are out there, like what are the threat actors using in order to attack organizations, they’re really all geared in some fashion towards stealing your credentials, towards gaining a foothold in order to access your date, and ultimately, be able to extort you for that data.” Further, Bailey says, there are now organizations all across the world that are increasingly targeting the U.S. healthcare industry, because it is so vulnerable to attack; and that set of threats will only continue to intensify.

With regard to responding to the threat landscape, we asked participants whether their organizations have yet implemented significant network segmentation, including around their EHRs, medical devices, and other critical infrastructure. In response, 43.18 percent said that they had; 18.18 percent had not yet, but were planning to do so; 11.36 percent had no plans to do so; and 27.27 percent weren’t sure what their organizations were doing.

Per that, McMillan says that these results are significantly better than they've been in the past. There was a time not too long ago that the number of people who were actually doing real segmentation was less than 10 percent. So to see 50 percent say that they've either done it, or they're planning to do it, is a huge difference from where these numbers once were, and that's a good thing. And the reason that's so important is really simple: if you go without segmentation, the incoming threat has the ability to move through the organization very rapidly; when a threat attacks, it finds a way to get in, finds a foothold, and does its reconnaissance, moving laterally through the network to exploit the entire network.” Strong segmentation will allow for a far quicker identification of an intrusion in order that it can be addressed, he stresses.

Cybersecurity experts industry-wide agree that it will be important to hire more chief information security officers (CISOs) into hospitals and health systems, as well as to give those individuals budgets and staff. Per that, 36.36 percent of respondents—pretty much identical to a year ago—said that they’ve hired a CISO, while a further 18.18 percent plan to hire one; while fully 45.45 percent have no plans to hire a CISO.

Meanwhile, per budgets and budgeting, fully 50 percent of respondents told us that their organization’s IT budget has increased over the past two years, while 20.45 percent reported that it has stayed the same, and only 11.36 percent said it had decreased. Also, with regard to the COVID-19 pandemic, 38.64 percent reported that the pandemic has caused their budget to increase, while 29.55 percent said it has stayed the same across the past two years, and only 15.91 percent said it has decreased as a result of the pandemic.

Sponsored Recommendations

2024's Healthcare Buyer Journey: New Research and Insights

Join us on April 30th for a webinar unveiling insights from the latest study on the Healthcare IT Buying Journey! Discover evolving challenges, effective health data management...

Improving care with AI-powered solutions

Don't miss our April 23rd webinar delving into the transformative impact of AI-powered solutions on healthcare. Join industry leaders Reid Conant and Dr. Patrick McGill as they...

Shield your health system against cyber threats

You won't want to miss out on this imperative April 4th webinar about how you can protect your healthcare organization. Join us to learn how to fortify your health system against...

Healthcare Trends 2024: Trends & Strategies for Future Success

Explore the future of healthcare in 2024 with insights from the Healthcare Industry Trends Report. Stay ahead of the curve as we delve into the latest industry developments and...