Partners in Risk

June 24, 2011
At first glance, last fall’s debacle at Oxford Health Plans is the classical IT horror story of an over-budget, over-deadline systems development

At first glance, last fall’s debacle at Oxford Health Plans is the classical IT horror story of an over-budget, over-deadline systems development monstrosity that brought a highly successful organization crashing to its knees. Oxford Health will be cleaning up its claims mess for a long time, but more disturbing perhaps is that the company will likely never regain the market stature it once enjoyed. And the rumor mills are churning about other large managed care companies losing money from computer glitches.

The obvious lesson here, say learned IT folks and pundits: Buy, don’t build. But it’s not that simple anymore. True, the trend in most industries is away from in-house-developed systems to the purchase of commercial systems that are cheaper, smarter and more plentiful than ever before. Yet most third-party products still need some custom development to meet an organization’s unique cultural and business needs; and then, the system must integrate with the remaining soup kettle of systems on the network. The system must be on time, within budget, and acceptable to users. Most importantly: It must deliver results. Oxford paid a high price for not only allowing a bad project to continue for years, but also for apparently failing to anticipate the rapid growth and change that would occur in its business over that time.

It’s a problem lurking everywhere in healthcare. "You’ve got a much lower level of sophistication in many places and a lack of accountability. Folks who have made bad decisions make bad decisions repeatedly and they stay in their job. In other industries… you get fired," says one industry insider.

Just as the business of healthcare is quickly evolving from loosely-run Mom and Pop shops to multifaceted, Wall Street-accountable corporate enterprises, so must the management of information technology mature. Observes long-time healthcare IT consultant Erica Drazen: "The option of saying, ’I can’t deal with it, and I’m going to hope for the best’ is not an acceptable choice." Healthcare executives are looking for tighter control over projects and more responsibility from the vendors and consultants they increasingly rely on to get things done. No longer merely "suppliers," third parties are becoming equal stakeholders in huge implementation projects and are beginning to share in the rewards--and risks--these projects bring.

Getting accountable
The Oxford story, troubling as it is, is hardly new in the information technology world--or healthcare, at that. "It’s actually very rare to run into an executive within a healthcare delivery system or a healthcare financing system who hasn’t had some disastrous experience with IT," says Drazen, vice president, emerging practices, with First Consulting Group, Boston.

Not only are systems in healthcare by nature complex and the choices vast, but there are few models to follow when so much in the industry is still experimental. The notion of clinical integration, for example, is unclear and may not translate from one organization to another, according to Dave Selman, CIO of ProMedica Health System, Toledo, Ohio. "So the complexity layer we all have where there is a thirst and a hunger to drive toward prospective outcomes management technologies, forces us to be creative with not only the funding but the selection of products," he says.

Executives are welcoming the shift from inhouse-developed to off-the-shelf systems, not only because they are much more affordable, but because it gives them an out in the event of disaster. "Our business is patient care, not software development," affirms Ed Kopetsky, senior VP and CIO at Centura Health, Inc., a large integrated delivery system in Denver. "If there’s a bug in the software that would jeopardize your core business, who’s liable?" he asks. "You have some outside remedy if it’s an outside product. You don’t really have that if it’s internal."

The days of CIOs bearing the brunt of the responsibility when things go wrong may be waning; contracts are now including clauses to ensure that an information system will, say, deliver a set of functions by a certain date. Other arrangements wedding systems to benefits go further: agreeing on a percentage of cost reductions to be achieved over time; lowering physician utilization rates; even tying the vendor’s revenue to the market share of the client.

Such risk-sharing, or "risk/reward" contracts are bringing the information systems supplier in as an equal partner: If goals are met, the supplier gets paid the full amount of the contract; if goals are exceeded, the supplier may get a bonus or share in a benefits pool; and if goals are not met--the supplier pays the healthcare organization, in the form of a discount or reimbursement.

A mutual death grip
"There is almost a mutual death grip--much more sharing with a larger range of penalties and gains for performance than I recall seeing a couple years ago," reflects John Glaser, PhD, VP of information systems and CIO at Partners HealthCare System, Boston. Although Partners has not engaged in any such agreements yet, one of its consulting firms has broached the idea. Glaser says risk sharing may make the most sense in high stakes ventures like year 2000 planning.

Kopetsky is a firm believer in the value of risk/reward-sharing in IT. His organization has worked incentive plans into projects like data center development, awarding bonuses to both outside partners and employees if economies were achieved during the process. "One of the problems is if you don’t do that, you won’t get results--or the results you do get are not long-lasting," he says. Without these contract terms, he adds, providers also run the risk of overpayment: A project may not cost what the parties originally agreed upon.

Several vendors are either actively considering or already engaged in risk-sharing contracts with customers. In some cases, whether or not a vendor is willing to share risk could make or break the deal. Says Kerry Pisano, vice president of support services at Phelps Memorial Hospital in Sleepy Hollow, N.Y.: "Those companies that aren’t going to do this are going to find fewer and fewer places to sell their systems to." (See "Vendors Dive into Risk-Sharing," below)

Accountability without authority?
Just how far vendors will or even should go to win a deal is another question. When so many internal factors play into whether a project is successful or not--such as rapid growth, change in management, change in the core business, an acquisition or other restructuring--is it fair to expect so much accountability from an outsider? "We don’t pursue the deeper risk arrangements that others do largely because I get worried that puts them in a position of being accountable at one level when they’re not fully managerially-accountable for the work," Glaser says. "At the end of the day whether this stuff works or not is fundamentally my fault, or my credit."

But with emerging technologies, the vendor may have to be prepared to offer a refund if the purchaser is not happy. In a previous job, Ward Keever, now CIO at the University of Pennsylvania Health System, Philadelphia, recouped his organization’s investment in a clinical data repository from Ameritech, Inc., because the system didn’t work as promised. The problem with the newer forms of risk/reward sharing for providers, he says, is coming up with the cash for vendor bonuses that goes beyond the capital budget for the system.

However, the powers-that-be may quickly agree to share the fruits of gain if a vendor exceeds expectations, rather than face the alternative: a failed project and the loss of millions of dollars. In a crowded and competitive marketplace, vendors too have reputations to build and maintain, and will go to great lengths for customers, says Mark Muenze, vice president of business development at Datamedic Corp., Hauppauge, N.Y. "They have a major incentive to make their product successful in an organization."

Before the contract is signed: Selecting vendors
Perhaps the most critical aspect of the vendor-provider relationship is in the very beginning, before contracts are signed. The posturing, slick demos and fast talk must all pass through the reality filter, lest you sign on the dotted line for a fabulous piece of vaporware.

What makes the vaporware problem so onerous in healthcare is the fact that many companies compete for a small amount of dollars and a handful of big deals. Says Keever: "It almost becomes a feeding frenzy… to the point where people who are probably extremely ethical in their personal lives can sometimes become unethical in their business life, promoting a product that is not yet delivered or installed."

Disappointments over what products can deliver in a live environment and a general distrust of vendors are common among CIOs and IS directors. Says Glaser: "It’s the old CIO axiom: If you want to get CIOs to talk for 24 hours, get them to comment on vendors." But in the end, it’s up to the purchaser to do the homework necessary to choose well, and the tendency to point fingers at the vendor when things go wrong may be unfair. While sellers can overstate the capability of a system and understate its complexity, buyers are also to blame by inflating expectations internally, Kopetsky says. Warns Glaser: "As a consumer, we ought to know better."

Frank Lavelle, senior VP of U.S. customer operations at Shared Medical Systems (SMS), Malvern, Pa., says the healthcare industry’s obsession with technology is a major factor in poor purchasing decisions. In his view, buyers are not taking into account how products will meet the organization’s performance objectives because of a "frenetic pursuit of technology and application elegance." Lavelle says this lack of responsibility on the part of providers is one of the biggest problems with system acquisitions today. "The idea of company stability, track record, ability to install and support, longevity of the company, and the company’s history in terms of delivering does not get near enough credence in the selection process," he explains. "We know folks taking risks with installing products that are unheard of in other industries."

The low maintenance route
To mitigate that risk, consultants can help in the selection process by evaluating the organization’s needs and giving an outside opinion of which systems could best fill them. Yet the objectivity of consultants is often a question mark. As Keever explains, consultants may not always recommend the system that is best for an organization. "These consultants almost have to go out of their way to demonstrate they’re not in anyone’s pocket by picking different vendors at different engagements," he says.

The only insurance healthcare organizations may have is to follow up on references and visit sites where the product is installed and working in a production mode. Because of the high-risk nature of purchasing and installing these core systems, some providers are looking into alternative financing arrangements that may circumvent traditional software licensing altogether.

Small providers or those without sophisticated IT knowledge are prime candidates for service contracts and outsourcing because they can help cut costs and reduce the risks of managing complex information systems projects.

For rent: Information systems
When John O’Brian, MD, went hunting for a laboratory information system for the Diabetes Institute, the central lab at the Eastern Virginia Medical School in Norfolk, he found plenty of good systems--but not one the department could afford. "The upfront costs are what you can’t do," O’Brian notes. So he turned to STAT, a local information systems services firm that researched the marketplace and found a system that met the needs of the university, and now "rents" it to the lab. For a monthly fee, STAT offers medical groups and other providers a full-service package that includes software and hardware installation, telecommunications equipment and charges, training, around-the-clock support and maintenance, systems administration and product upgrades.

The lab also has the option of purchasing the system later, and can keep the data if the contract is cancelled. Factoring in the cost of customization and upgrading to a new system every four or five years, O’Brian still thinks the lab will come out ahead over the long term. A prime benefit of such arrangements, he thinks, is a leveling of the playing field between the haves and the have-nots: "Ultimately what this does is allows many more people who need technology to acquire it."

The need STAT saw in the ambulatory care market wasn’t a new product, but help in the selection and implementation, according to Betty Fitte, president of the Virginia Beach-based company. "The ripest customer for us is a group practice that has been out shopping for six months and their eyes are crossed trying to understand the complexity of putting together a network," she says.

STAT offers a core set of third-party systems, including a multimedia email system, an electronic medical record, a practice management system, a data mining/analysis tool and a lab system; but the company will also look for alternative systems according to customer needs. "We essentially become the IS shop," Fitte says. STAT is also finding business with larger groups, such as management services organizations. "We have found them to be very eager to use our services because they are so busy with all their contractual obligations with the providers," Fitte adds.

Outsourcing of services within healthcare organizations has become increasingly popular as providers focus their staff resources on core, mission critical areas of business, and outsource others that someone else can run more effectively. In some cases, outsourcing arrangements can even include new information systems.

MedPlus, a Cincinnati-based firm that develops electronic medical record systems, has a relationship with Transcend Services, an outsourcing firm based in Atlanta. Transcend buys the system from MedPlus, then offers it to hospitals as part of an outsourcing package for the medical records department. According to Philip Present, COO at MedPlus, Transcend will either manage the medical records department for less than what the hospital pays to do it; or, for the same cost the hospital is now paying, the company will manage it and provide the information system from MedPlus. "They basically get for free an electronic patient record system," Present says.

Outsourcing in the areas of medical records, patient accounting and registration has a strong future, according to Present: "If the hospital can achieve some of the cost savings and reap the benefits of technology with no additional investment, it’s a very powerful business model."

One-stop shopping
The rise of risk-sharing, reward-sharing, outsourcing, and co-development projects points to increasingly cozy and longer-lasting relationships between healthcare organizations, information systems vendors and consulting firms. Vendors and consultants are being asked to take on greater responsibilities at client sites, and in turn, they are offering more--with everyone vying to be the "one-stop shopping mall" for products and services across the board. Vendors are trying to be consultants, consultants are reselling products: One CIO speculates that large consulting firms may begin to develop or buy up third-party systems.

Is there meaning to the madness, other than a drive to boost market share? "The general trend is toward more continuous relationships," says First Consulting’s Drazen. Where in the past, consulting firms came in periodically to review an organization’s strategy or processes, she says, the trend now is toward more regular meetings and exchange of information.

"The old collegial relationships organizations had with each other are much more difficult now," Drazen explains. "You don’t have the time to go to meetings around the country, and your local compatriots are now competitors." Drazen sees the consulting firm taking over this role, becoming a colleague. The time could not be riper for such hand-shaking, as healthcare organizations merge and grow into unfamiliar shapes that can quickly balloon out of control without outside guidance.

Consultants as colleagues
Some vendors are offering consulting services and analysis up front, before any system is purchased. MedPlus, through its consulting arm FutureCORE, Inc., will perform cost analysis studies before product selection occurs--which Present concedes is a powerful sales tool and helps to achieve buy-in after the installation. Datamedic’s Muenze reports the company is helping clients with process reengineering and positioning physician change, as an adjunct to the company’s practice management and clinical software business.

SMS regularly performs an assessment of a client or prospect’s processes before selling a system, according to Lavelle. "We’ve found in many cases that the application wasn’t going to solve the business problem," he says. SMS may instead offer work process reengineering services, or refer the organization to a consulting firm if SMS does not have the expertise in-house. Lavelle admits that expanding the company’s role is still somewhat experimental: "We’re not perfect at this. We’re a company that’s been driven by product."

3M Health Information Systems, Salt Lake City, is finding that working closely with customers helps make a better product. 3M conducts quarterly teleconferences with representatives from each customer site to get user feedback and discuss upcoming development plans "We get our priorities and much of our design from our customer base," says Melinda Costin, product manager for 3M’s patient care system.

A call for mutual respect
As vendors and providers find themselves more enmeshed in each other’s business, there is a need for balance: a need to know where to draw the line between realistic and unrealistic expectations, a need, as Glaser puts it, for a "healthy tone of respect"--lest the two parties become too dependent upon each other. "Both parties have to believe that if the other gets really mad they can hurt them--whether it’s fiscal penalties or bad market reputation, there’s almost a mutually-assured destruction that needs to be in place," he says.

For instance, asking one vendor to be the systems integrator for all the other systems in an organization may be asking too much--even though all vendors have a role in helping to integrate their system into the network.

Glaser cautions about relationships that become too entrenched: "Once there is this ’partnership’… it can be very hard to throw out, and very hard for someone new to come in and claim it, even if their pricing is better or they seem smarter."

However, the old saying, "the more things change the more they stay the same" rings true in a market with so much opportunity on every side. Talk of "partnering" is somewhat tongue-in-cheek, as Keever frankly assesses: "All of the vendors want to be your partners. At the end of the day, they’re selling and you’re buying. There is no partnership. You need to accept the relationship for what it is."

The trick for healthcare providers is knowing what you want to gain, whether the vendor can help get you there, and what are the consequences of falling short of the mark. There is no easy answer: Sharing risk in itself is a gamble of negotiating terms and betting on the future. But the effort of better managing that risk--on both sides of the equation--can only serve the companies, their users and ultimately, the patient, better.

Vendors Dive into Risk-Sharing

While risk-sharing is like an insurance clause for the healthcare organization, it can be risky for the vendor. Regardless, this may be the cost of doing business in healthcare--and not only for the small, untested software firms. Datamedic, a $25 million practice management and clinical information systems vendor with 25 years in the industry, has entered into three risk contracts that tie milestones of the project to payment. According to Mark Muenze, vice president for product development, the firm does not expect to make money on most of these deals, but there is a risk they could lose. Then why do it? In a word: competition. "Everyone would like to sign the one to five million dollar deals, so you’re very interested in negotiating." He admits that such agreements are tricky to construct, and may not work with every client: "If you don’t have a strong partnership these kinds of milestones are very difficult to achieve."

MedPlus, an electronic medical record system provider in Cincinnati, does bank on bringing in bigger profits by engaging in risk-sharing contracts, but more importantly, there may be a competitive advantage in doing so, according to Philip Present, COO at MedPlus. One of the firm’s clients, Phelps Memorial Hospital in Sleepy Hollow, N.Y., was looking at several prospects--MedPlus being one of the top contenders in terms of technology and system functionality.

However, after the hospital’s CEO asked for a guarantee of projected cost savings resulting from the system, MedPlus was the only one that stepped up to the plate, according to Kerry Pisano, vice president of support services at Phelps. Based on a cost savings assessment conducted by MedPlus’ consulting subsidiary, FutureCORE, Inc., the hospital signed a five-year risk-sharing contract that commits MedPlus to a discount on the hospital’s payments if the annual savings do not occur--and it is determined that the hospital is not at fault. "MedPlus is a relatively new player in this field--they didn’t have a lot of installations nationally," Pisano notes. "The key difference was their willingness to do risk-sharing."

Companies with huge customer bases may not feel the need to go to such lengths--at least not yet. Shared Medical Systems (SMS), Malvern, Pa., for example, already has a clause in its contracts that warrants delivery of the contract terms, according to Frank Lavelle, senior VP of U.S. customer operations for SMS. If customers want additional "insurance," SMS will offer that, but not without the price of reward-sharing if additional benefits result. SMS has offered risk/reward contracts to more than 100 customers, but has had only a couple takers, Lavelle says.

"What our customers are asking for is a high level of confidence that what we say we’re going to do we’ll actually do," Lavelle says. "Once they have that confidence, they don’t want to give us the benefit part."

Smaller, yet still significant changes in contracts are showing up in the market. For one, CIOs are no longer willing to take chances on the future of vendors and their products when mergers and acquisitions continue to upset the marketplace. At ProMedica Health System, Toledo, Ohio, four major systems at the organization are now being discontinued as the result of acquisitions, according to CIO Dave Selman. "We’ve had to invest not only capital but scarce operating funds to correct these problems." And offers by one of his vendors to bring in a replacement product do not sit well with Selman. "We’re being told by the vendor that we have no choice other than to change, and we don’t like that." As a result, Selman now includes a clause in his contracts guaranteeing compensation if the system is acquired and subsequently sunsetted.

Vendors too, are suggesting changes that can help protect their customers and keep costs fair. For instance, 3M Health Information Systems, Salt Lake City, has introduced user-based pricing rather than a flat fee for some of its systems, and recently has begun to include a "scope of work" into contracts that outlines in detail project goals, objectives and steps to get there, according to Melinda Costin, product manager for 3M’s patient care system.

"I feel very responsible to the people I’m working with in seeing that we have a successful installation," Costin says. "If we don’t, we jeopardize their jobs and they lose a lot of money."

Polly Schneider is senior editor at Healthcare Informatics.


By Maureen Willenbring Schriner

Ox-ford-pho-bi-a (aks*ferd*fo*be*a) (n)Psychiatry. An abnormal fear of a: catastrophic IS collapse b: taking a system live without testing it c: growing too fast for your systems to keep up d: building a system yourself that you should have bought off-the-shelf.

When healthcare executives think of the worst that could go wrong with their information systems, they summon Oxford Health Plans to mind--the Norwalk, Conn.-based health plan that rose on its own innovations and ultimately was buried by them.

Oxford executives aren’t giving any details about what precipitated the downfall--other than to outline the steps they’re taking to re-establish an information system that works. But healthcare technology analysts, consultants and vendors have plenty of theories about the "Oxford Incident," which they say has the potential to recur within other health systems.

At the climax of its disaster last fall, Oxford was the largest HMO in the state of New York, and at 1.9 million members, one of the fastest-growing HMOs in the country. It had a national reputation for being innovative and at the same time cost savvy. But for five years the company had struggled to create new information systems to handle the growth. The new systems failed miserably: Customers weren’t billed for premiums and providers went unpaid for months. Oxford wrote off uncollectible revenues and advanced payments to providers without knowing the real costs. On October 24 the health plan made public third quarter losses of $78 million. Wall Street cashed out: Oxford stock fell from $62 to $25 in a single day. The fourth quarter losses added up even more: $120 million or more in estimated losses, causing Oxford stock to drop even lower.

Oxford managers were ahead of their own time, according to Thomas Johnson, a healthcare consultant with Sheldon I. Dorenfest Associates in Chicago. "They had great product ideas. They had great market ideas that were very innovative. But then they didn’t manage the process."

Steve Black, vice president and CIO of Physician Health Services, next door to Oxford in Trumble, Conn., says his company has been too busy with its impending buyout by Foundation Health of California to dwell on what happened to Oxford. But he does see a problematic trend in healthcare IT. "One of the common problems that people face is they try to get their systems to do too much."

Such problems with information management are industry-wide in healthcare, says Ray Falci, healthcare IT analyst with Piper Jaffray in Minneapolis. He cites Louisville-based Humana Inc.’s reported losses in the second quarter of 1996: Humana, just like Oxford, blamed its losses on inaccurate information from its information systems. In Humana’s case, utilization ratios and pharmaceutical costs were higher than what the company had predicted, Falci says. "There is clear evidence of the lack of companies being able to fully administer their businesses."

Meanwhile, managed care companies may still be searching for the right IT systems to meet their complex, massive and ever-changing IT demands. But the market is offering more and more off-the-shelf solutions. "I understand a lot of new health plans would like to see new generations of capability" in healthcare technology, says industry consultant Bill Childs of Denver. A primary reason for the slow development, he says, is the incredible complexity. "There are so many combinations and permutations of contracting that it almost defies logic."

Jennifer Carr, healthcare technology analyst with the Gartner Group in Boston, says Oxford began developing its own IT system in 1991 for good reason. "There was not a lot of viable software you could buy," she says. But while Oxford was building its system internally, IT vendors also were developing new applications. The difference was that while the vendors could commit all their time to development, Oxford IT people also had a business to run. The result, Carr says, was that the vendors were ready with new products before Oxford had its new system ready.

"When organizations call to ask us to buy or build, we recommend buy," Carr says. There were two exceptions to that recommendation, according to the Gartner Group, and they were systems being built internally by United HealthCare and Oxford Health Plans. "We knew Oxford had moved along and had all the right tools," Carr says. "They were really comparable with vendors when they started out." But the vendors moved faster to completion.

Pulse check
Oxford executives were pushing for more powerful technology to accommodate the company’s 50 percent annual growth and its increasing complexity, according to company insiders quoted in the November 17 issue of BusinessWeek (p. 98). So Oxford began developing new systems built upon Oracle databases. But the internally-labeled "Pulse" system took far longer to build than anticipated.

Carr theorizes that Oxford’s IT personnel were under extreme pressure internally to get their new system in place by 1996 because Oxford competitors were now able to purchase comparable IT systems off the shelf. So Oxford’s new system apparently went live without the time needed for rigorous testing, she said.

The information errors that created Oxford’s technology disaster may have been rooted in initial misunderstandings of Oxford’s legacy system from Computer Sciences Corp., according to Marc Hebert, vice president of design and migration services for the Oracle Alliance Program in Redwood Shores, Calif.

Although he did not work on the Oxford project, Hebert says the errors point to database migration problems. "You have to think through what the current system does. And it often isn’t documented," he says, adding that it takes a lot of work--and time--to figure it out.

To fix its systems development problems, Oxford had at any one time about 100 outside contractors working on the project. Hebert, a former auditor with Arthur Andersen, says outside consultants can create a confrontational environment. "It’s adversarial to begin with. You’re battling IT people who don’t want you to be there. You’re hired by management to do things right, but they’re screwed up because of internal politics."

Johnson sur

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...