KPMG is involved in the introduction of Horizontal Monitoring in hospitals and KPMG also issues assurance reports. This means that serious work is being done on the internal control of hospitals in order to meet the operational requirements. This does not only mean process improvement, but also improvement in the management and use of IT. In this article we explain what Horizontal Monitoring is, and in particular what role IT plays in it and what challenges hospitals are faced with.
In the recent past the relationship between Dutch healthcare insurance providers and Dutch hospitals was not based on trust, and it still isn’t. Health insurance companies were checking and reviewing hospital care invoices, resulting in a lot of corrections. And, if that was not enough, a large number of these correction tasks had to be executed manually adding up to the administrative work load of the hospital. The insurer was, in turn, again strictly controlled by the Dutch Healthcare Authority (Nederlandse Zorgautoriteit). The accountability that the insurer had to provide to this authority forms the basis for the strict controls they imposed on the hospitals.
This situation did not benefit the relationship between the hospitals and health insurance companies, causing a lot of frustration and distrust. The Horizontal Monitoring project was set up in order to improve this relationship. The concept of Horizontal Monitoring was introduced in the healthcare sector1 in 2016, primarily for medical specialist care (MSC). It is an initiative of three parties: Nederlandse Vereniging van Ziekenhuizen (NVZ, Dutch Association of Hospitals), Zorgverzekeraars Nederland (ZN, Association of Dutch Health Insurers), and Nederlandse Federatie van Universitair medische centra (NFU, Dutch Federation for University Medical Centers).
The slogan on the official website of Horizontal Monitoring reads: ‘Horizontal Monitoring focuses on the legitimacy of care expenses within medical specialist care. This concerns registering and declaring correctly on the one hand, and the appropriate use of care on the other.’2 The text emphasizes the most important issues that health insurance companies are facing, namely: legitimacy of the invoices and the appropriateness of care. Legitimacy is complicated due to a lot of very specific and detailed rules to which hospitals have to comply. Therefore, within the framework of Horizontal Monitoring, the hospitals are challenged to invoice correctly, which in its turn should lead to fewer controls from the health insurance provider. Additionally a trusted third party is there to issue an assurance report ISAE 3000, that would confirm the measures (all included in a so called control framework) taken by the hospital to mitigate the risks and achieve correct invoicing. This would provide the healthcare insurance provider comfort in order to reduce the usual and necessary checks and reviews.
In this article we would like to shed some light on the concept of Horizontal Monitoring in healthcare, what it has to offer in the day to day practice and, within this concept, what challenges the participating hospitals will face in the area of IT.
Horizontal Monitoring practice
Horizontal Monitoring is not a new concept in the Netherlands. It has already been used for the tax billing process. The basis for Horizontal Monitoring is mutual trust. Cooperation is the key word within the concept of Tax Horizontal Monitoring. By making arrangements between the tax authority and a company, that is the company involved in the reporting process, an improved quality of the tax returns can be maintained and improved. This will prevent unnecessary additional work. Naturally, transparency plays an important role within Horizontal Monitoring. Horizontal Monitoring in health is different, because a hospital makes arrangements with multiple authorities instead of just one (health care insurance provider).
The scope of Horizontal Monitoring is legitimacy. The legitimacy of medical expenses consists of correct registration and billing, and effective care and medical necessity.
Legitimacy is based on three principles:
- ensure proper spending of current and future healthcare expenditures;
- give account of the social responsibility of these expenses;
- provide certainty about these expenses to all chain parties in an efficient, effective and timely manner.
The concept of correct registration and invoicing is a straightforward concept, which is covered by controls put in place by hospitals in order to prevent incorrect invoices to the healthcare insurance provider. The use of a specific set of controls makes it clear and testable.
The effective care and proper use on the other hand has more ambiguous characteristics, and is therefore more challenging to test. For instance, a Diagnosis Treatment Combination (DBC) contains a set of painkillers. Sometimes the patient does not need these (e.g. no pain), but receives them anyway, since it is being covered by the health insurance provider. The prescription for painkillers is unnecessary and hence not appropriate. But to detect and make a ruling of such cases takes time and effort.
DBC stands for Diagnosis Treatment Combination. A DBC is a care package with information about the diagnosis and treatment that the patient is receiving. In the hospital care and geriatric revalidation care the DBC is also being called a DBC-care product.
Another example of proper use of healthcare is an early discharge of patients after a clinical operation with the use of proper nursing support at home. This form of care is much cheaper than care in hospital.
Due to the presented complexity of the appropriate usage a growth model will apply in the coming years. Starting from 2020 the control framework of ‘appropriate usage’ will be ready as a part of Horizontal Monitoring. During this period the elements of the appropriate usage will be added to the control framework.
Contractual agreements, such as agreements about the quality of the delivered medical care, fall outside the scope of the Horizontal Monitoring, at least for now.
Figure 1. The scope of Horizontal Monitoring. [Klik op de afbeelding voor een grotere afbeelding]
In 2016 a pilot was started with a few hospitals and healthcare insurance providers to implement Horizontal Monitoring. In 2016 and early 2017 two of the pioneering hospitals worked closely with KPMG on the evaluation of their control framework. Together the healthcare insurance providers, KPMG and these pioneering hospitals have carried out extensive work to delve into the control framework evaluation. A specially dedicated working group for Horizontal Monitoring was initiated on the national level, in which obstacles and nuances were discussed, and agreements were made appropriately. The pilot resulted in an assurance report type I (design of the control framework) for these two hospitals. At this time, these two hospitals are in phase two, to put in place the type II assurance report on the operational working of the controls. The other pilot hospitals will follow later.
Benefits of Horizontal Monitoring
Once Horizontal Monitoring has been properly implemented, it results in major benefits for the involved parties. Firstly and most importantly, the relationship between the hospitals and healthcare insurance providers will be improved, which should be the basis for a higher level of trust. These two parties will be able to work together towards the solutions, instead of finger pointing (principle one of Horizontal Monitoring is after all well-founded trust).
Figure 2. Ten principles of Horizontal Monitoring. [Klik op de afbeelding voor een grotere afbeelding]
Secondly, the healthcare insurance providers will withdraw controls on the invoices submitted by the hospitals, resulting savings in resources due to a lower control load.
Thirdly, for the hospitals, the discussion with the healthcare insurance providers about the correctness of the invoices will become easier because less errors will be made. This way they can focus on improving the process of registration and invoicing, preventing the possibility of incorrect registration even further. This means achieving the first-time-right registration.
Fourthly, another benefit of Horizontal Monitoring is that the internal processes and mainly process inefficiencies are becoming more visible to the hospitals. That means that there is room for improvement and the use of more automated controls instead of manual ones.
A lot of the manual controls can be automated and even be executed in real time mode, slowly but surely shifting the focus from detecting registration and billing errors to improving the registration process. Hospitals can implement projects that will contribute to improving the registration process. This will further contribute to the first-time-right registration, correct registration at the source, and well-managed IT systems and solutions.
Finally, when Horizontal Monitoring is completely settled, less monitoring will be required. The healthcare insurance providers might settle for a looser form of assurance, depending on the policies and agreements they made with the national supervisory authority.
The starting point for hospitals to achieve these benefits is admitting and facing the fact that real cultural and organizational changes are necessary to ensure correct and complete registration (first time right).
Horizontal Monitoring challenges
An assurance report from an independent auditor is more than merely testing the risks and control measures that the hospitals and insurance companies agreed upon, the reliance on IT becomes crucial, hence the topic of IT.
In order to address the different topics in Horizontal Monitoring, a so called entry model was introduced. The function of this model is that in order for a hospital to participate in Horizontal Monitoring, a certain level of organizational maturity and internal control should reached. Based on the COBIT and COSO principles, the Horizontal Monitoring entry model provides a 5-level3 scoring system on topics such as strategy, enterprise stakeholders, soft controls, and the General IT Controls (GITCs). The hospital should score at least a level ‘3’ (on average), with no score of ‘1’ on any of the topics, in order to be able to enter the Horizontal Monitoring process with the healthcare insurance provider.
A lot of the control measures within the process of registration and invoicing can either be manual or automated. When speaking of the automated controls, the role of the IT components becomes very important. On the one hand the automated controls are time and manpower saving, but on the other the GITCs should provide a certain level of control in order to be able to rely on these automated control measures.
One of the challenges that hospitals are facing is being in control of IT, there where the current state of IT maturity in hospitals is rather low. Therefore, a lot of processes and tasks are executed manually or rely on many manual actions in processes.
In the next section we will focus on the parties that can play an important role in helping the hospitals to achieve a higher level of IT maturity.
The cast of Horizontal Monitoring
In this section we will name the actors in Horizontal Monitoring and their roles within Horizontal Monitoring. So far we have already introduced insurance companies and hospitals. Along with these parties we also have the auditors and the software providers. We will elaborate on each of them separately.
As described above the management of a hospital is responsible for the correct, complete and timely registration and billing of the delivered care. The risks that have to be considered, must be mitigated by adequate control measures (first and second line of defence). The management will then be able to declare to the medical insurance companies that they have set up the system of control measures adequately and that it also functions as such, and that in this way the risks are under control. The first role of an external auditor is therefore to carry out the earlier mentioned assurance investigation on this system of internal control measures, so that additional security is provided to the medical insurance company.
Furthermore there is a possibility where a hospital has a so-called ‘third line of defence’. This line of defence is usually carried out by an Internal Audit Department (IAD) or a special Internal Control Department (ICD). An external auditor can then still carry out an assurance investigation, for which the character of his activities will be different, because they then focus more on the execution of the work activities of this ‘third line of defence’.
A third role that can be carried out by the auditor lies closer to that of advisor, for which the auditor can support the hospitals with the effective structuring of the system of internal control measures for Horizontal Monitoring. In particular, the IT Auditor can offer added value by recognizing and structuring more automated control measures (application controls).
Currently we see that the software suppliers of the ZIS-EPDs (electronic patient record system) do not program their software solutions in an explicit and structured manner with specific automated control measures focused on covering the risks within Horizontal Monitoring. This terrain is still undeveloped. There is no common national framework in which the various automated control measures are included. Therefore, it is understandable that the software developers do not exactly know which application controls they should develop.
If we want to help the hospitals reduce the pressure of internal controls, particularly with the implementation of Horizontal Monitoring, there will have to be a broadly supported framework containing the maximum possible set of automated control measures. So implementing this in the registration and billing processes at the hospitals automatically contributes to the ‘first time right’ principle, because incorrect registrations are hardly possible anymore.
There is an important role here for software developers to program these automated controls that support the control framework, but there is also a clear task for the IT Auditors (NOREA) to develop a broadly supported management framework that serves as a foundation for the software developers. This still to be developed framework can then be the basis for a quality mark that software developers can achieve if they have incorporated automated control measures for Horizontal Monitoring.
The improvements in IT
When there is a more efficient relationship between automated and manual controls at hospitals, the question concerning the quality of IT General Controls becomes even more important. The correct functioning of the IT general controls is of course a condition for the reliable operation of these automated measures. As we have already mentioned above, most hospitals will have to make improvements in this area.
So, have we achieved this with Horizontal Monitoring? In our opinion the answer is ‘no’. The next step certainly lies in improving the system of internal control measures, making use of more automated controls. In addition, developments in IT will influence Horizontal Monitoring.
We also expect that new IT technologies (robotics, eHealth etc.) will play a role. There are currently ongoing ‘proof of concepts’ during which intelligent and learning software (machine learning) scan the EDPs via ‘text mining’, and on the basis of all this data independently derive the diagnosis and the provided care. The first tests are promising, and the time when the quality of this is better than the manual registrations by the care professional is close at hand. This is good news, because the care professional must provide ‘care’. We then leave the management to robots. If this improves the quality of registration and billing and reduces the time that professionals spend on administrative tasks, then nobody can be against this. Horizontal Monitoring can then be seen in a new light with these future perspectives.
Horizontal Monitoring is and will remain a challenge. At this moment the involved parties are struggling to state whether Horizontal Monitoring is a blessing or a curse. However, once this stage is over, they will benefit greatly from this project.
A few citations of Henry Ford
‘Don’t find fault, find remedy.’
Right now the main goal is to prevent the risks for errors, but eventually it should be improving the process to attain better risk prevention.
‘Quality means doing right when no one is looking.’
Eventually when the hospitals and the healthcare insurance providers have stabilized the Horizontal Monitoring path, the hospitals will be able to process the correct registration and billing on their own, reducing the need for constant monitoring and opening the door for improvement.
- Further in the text we only talk about the Horizontal Monitoring in healthcare.
- The quote is translated from www.horizontaaltoezichtzorg.nl.
- The categories are from one to five: 1) initial; 2) informal; 3) standardized; 4) controlled; 5) optimized.