Volume 33



It’s Time to Take (Rural) Matters into Your Own Hands!


Phishing Can Get You Hooked!


Congratulations to Peterson Regional Medical Center


Have you seen this person?


It’s Time to Take (Rural) Matters into Your Own Hands!

Learn from big hospital systems and never go it alone

By Brant Couch, CIC, CPA

No matter how you slice it, big hospital systems always seem to have an advantage over their rural counterparts. But, the truth of the (rural) matter is, by using some big system strategies, more and more rural hospitals are able to turn challenge into opportunity.

In its role as the insurance program manager for Rural Hospital Insurance of America (RHIA: a national program sponsored by NRHA), the Texas Organization of Rural and Community Hospitals (TORCH), and the New Mexico Rural Hospital Network (NMRHN), HealthSure is constantly exploring the frontier of practical innovation. We’re always sharing ideas and strategies that actually work for rural and community hospitals.

In recent months, we have seen a growing number of rural hospitals implement what used to be big-system-only strategies. The results have been highly positive. Using these strategies, some of the most successful hospitals around the country have stopped renting their health insurance, taken back control from big insurance, and collaborated to achieve substantial and sustainable cost control.

Here are some of the strategies they have adopted.

Direct Contracting – a two-way opportunity

To reduce costs and improve health outcomes for employees, many employers are setting up direct contracting arrangements with hospitals, health systems and other medical facilities.
And now, rural hospitals with self-funded health insurance plans are getting into the game in order to maximize cost-savings for highly specialized and costly employee treatments not performed in-house.

With a direct contracting agreement in place, the employer pays claims based on a pre-negotiated method such as a percentage of Medicare. This increases their control over employee health benefit design and helps them realize savings by dealing directly with healthcare providers known for consistently delivering high-quality care.

And, for rural hospitals whose community includes a large employer, entering into a direct care contracting agreement can help increase patient volume and revenue.

Known for their independence and grit, rural hospital leaders are attracted to direct contracting because it cuts out the larger payers who typically are not known for timely innovation or flexibility.

Reference Based Pricing – transparency and savings

Like direct contracting, reference-based pricing (RBP) enables an employer to gain more control of the cost of claims. RBP uses the concept of “bottom up” pricing and is typically applied (again like direct contracting) to expensive claims for treatments not available in house.

Most often, the “bottom” is the Medicare-negotiated price for a treatment. As a healthcare provider, you know that what is billed does not always reflect the true cost of the service provided. With traditional insurance network contracts, when your employees go to network or out of network providers, the bill may exceed the market value of the treatment. In part, that’s because the insurance provider negotiates a discounted price down from each providers’ preferred (and inflated) charge.

With RBP, reimbursement is usually a little above what Medicare typically pays (most commonly between 120 and 170 percent). By comparison, it is not uncommon for providers to bill 350 percent of Medicare reimbursement.

Cost transparency is one of the most appealing benefits of RBP because it gives you more control by enabling you to manage cost increases. Again, for rural hospital leaders who want to take back control from big insurance, RBP is one way to avoid the traditional non-transparent process where insurance companies have negotiated discounts off of over-inflated charges.

Setting up a successful RBP strategy requires you to deal with a fairly high degree of complexity at first, but with the right expertise and careful planning successful implementation results in significant savings and increased independence.

Captive Coalitions Capturing Hearts

Long regarded as an effective cost control strategy for big businesses and healthcare systems, self-funding is an increasingly popular choice for rural hospitals willing to accept a calculated amount of risk. Usually, hospitals make the move because their frustration with not knowing what’s driving up premiums outweighs their reluctance to take on more risk.

Now, with the creation of new innovative coalitions, employers who self-fund their employee healthcare programs are achieving greater cost control, better health outcomes for employees, and realizing the potential of a significant cash return on their investment in risk.

One example, developed by HealthSure, is the Community Hospital Insurance Coalition (CHIC). CHIC is the first national medical stop loss insurance program in America designed exclusively for community and rural hospitals.

At its most basic, buying insurance is paying someone to take away risk. And, of course it makes complete sense to buy insurance if you view risk as a liability to be minimized… if not totally eliminated. But, what if you could turn risk into a powerful and valuable asset?

To turn risk into an asset, it must be managed. To manage the risk in your employee healthcare plan, you need full access to your plan data. With a self-funded plan, you have access to all your data. Access gives you the power to implement cost control strategies such as early intervention, customized coverage, and targeted wellness programs and, as mentioned above, direct contracting and referenced based pricing.

The Economics of Collaboration
RHIA, TORCH and NMRHN insurance program members know group purchasing is a proven strategy that helps buyers of services leverage their collective buying power. CHIC is a coalition of rural and community hospitals that gives participants the same leverage to negotiate terms and conditions large hospital systems have enjoyed for years.

The cost of reinsurance for self-funded plans is trending up (on average 11%). When an employer has a good year with fewer and smaller claims, they do not have any opportunity to recoup any of the premiums they’ve paid for stop loss coverage. CHIC changes all of that. We calculated the potential for 17 participating hospital clients over the past two years and determined just over $2 million in premiums could have been returned.




Phishing Can Get You Hooked!

Phishing scams are on the rise. We have seen a number of our rural and community hospitals fall prey to phishing attacks. Often these attacks involve email spoofing. Email spoofing is when the sender of an email, typically spam, forges (spoofs) the email ‘Display Name’ or the “From” address so the email being sent appears to have been sent from a legitimate email address that is not the spammers own address. These types of emails are hitting everyone. This type of phishing attack is more targeted and is known as a ‘spear phishing’ attack.

Earlier this year one Texas community hospital was a victim of this exact email spoofing spear phishing scam not once, not twice, but three times in two weeks. This is not a story of a hospital ignoring the serious issue of cybercrime and phishing attacks. They had strong protocols in place to prevent such scams. Below are some of the anti-phishing and cybersecurity protocols implemented and already in place:

    • The hospital educates their employees and conducts training sessions regularly with mock cyber security breaches and phishing scenarios quarterly.
      • They have an annual acceptable use policy that is to reviewed and signed by all team members annually.
      • They have a special email address with instructions for employees to send any emails that they suspect to be phishing emails.
    • They have a SPAM filter to detect viruses, blank senders, etc.

Image 1

    • The spam filter includes an alert on the top of emails not originated in the hospital.
  • [External] is indicated in the subject line of any email originating outside of the hospital.
  • The hospital’s IT team keeps all systems current with the latest security patches and updates.
  • The IT team has an antivirus solution, schedules updates, and monitors the antivirus status on all equipment.
  • The hospital’s security policy includes but isn’t limited to password expiration and complexity.
  • Firewall and a web filters are used to block malicious websites.
  • The hospital’s employees use a 3rd party email encryption solution for PHI/PII data.

With all of these protocols in place, one may wonder how a breach could happen. The answer is simple; human error.

The Incident

The scammers first attack started with spoofing the CFO’s email.

Image 2

The spoofed email was sent to a clerk in accounts payable. It appears that the CFO of the hospital has sent an email requesting her to pay an invoice; however, the invoice is not attached. The AP clerk emails the scammer, posing as the CFO, requesting the invoice. The invoice sent to the clerk appears to be from a legitimate law firm. In one email, the scammer spoofing as the CFO explains that this must be expedited today and paid electronically. The AP clerk reaches out directly to the law firm to request the W-9 so that she can proceed with wiring the money to pay the invoice. Then the scammer, pretending to be an employee from the law firm or whom may have had his account compromised through a similar phishing attack, exchanges emails with the AP clerk providing a fake W-9. The clerk then completes EFT payment, for a little less than $40,000; then confirms the payment with the scammer posing as the law firm employee.

The scammer realizes they have a good thing going and decides to try it again three days later, this time for around $50,000. This time the payment is made and the scammer tells the clerk there is an issue with the payment and requests the payment be resubmitted but to a different bank and account. At this point, the clerk alerts the COO and CFO of the issue and the fraud is discovered. The hospital contacts the authorities, opens an internal investigation, and contacts our team to help with the insurance claim.

The second payment was recovered from the criminals account. It is possible the scammers got scared and closed the account, but had not withdrawn the money yet. This hospital had insurance to help with the cost of the investigation and other expenses created by the cybersecurity incident. The insurance also will help with paying the first payment if it is unable to be recovered by the hospital.

This is a cautionary tale. The hospital actively works to prevent cybercrime. With hindsight being 20/20 it is easy to see the red flags were there and play the “if only” game. If only, when replying to the first email she had deleted the spoofing email address and typed in the CFOs actual company email. If only, she had verified the request verbally with the CFO. If only, she had checked to make sure the payment was being made to a verified vendor. It is easy to play the if only game. It is just as easy to see how these mistakes could happen to anyone.

With cybercrime on the rise, the struggle is how do we create a constant culture of vigilance in our hospitals? Hospitals must create checks and balances in their procedures. Hospitals must work to create a culture that takes the time to verify requests. Hospitals must continue to educate their employees on cybercrimes, running mock security breaches and testing phishing scenarios. Employees must develop the skills to continue to be cautious at all times. Have you created a culture of constant vigilance in your hospital?
Please contact us if you would like more information on how to prepare for a cybersecurity incident.




Congratulations to Peterson Regional Medical Center on winning the TORCH Light Award!

Peterson Regional Medical Center is one of the long-standing, independent community hospitals in Texas with a long history of self-insuring their employee and patient incidents for expenses associated with patient and employee injuries. As most of you that work with us know, HealthSure has a bias for hospitals embracing risk and managing the costs within the organization vs. just buying insurance. Peterson Regional Medical Center in Kerrville is nominated for this year’s Torch Light Award due in part to their propensity to assume and accept risk while managing the challenges that come with patient quality and safety and employee health and safety.

Some examples include the fact that they manage potentially compensable events to remain financially lower than the 5 year statewide average as compiled by the American Society of Healthcare Risk Managers; for example, liability claims for Peterson close at 19% of the 5 yr. statewide average for Patient liability claims. Peterson’s legal expenses to manage liability claims is running at 41% the 5 yr. statewide avg. The number of actual claims Peterson incurred since 2012 averages < 1% per occupied bed equivalent (OBE) whereas the statewide average is running 1.29% per OBE year for the same period or 184% less. As for employee safety, the health care industry national average for OSHA reportable injuries is 6.8 injuries per year whereas Peterson is running 1.6 injuries or 24% of the national average. The other notable successes that support Peterson’s journey to a Culture of Safety are Peterson’s Workplace of the Year status awarded by the Advisory Board, a 3-time recipient as a Top 100 Rural and Community Hospital according to The National Rural Health Association's Rural Health Policy Institute, iVantage Health Analytics and The Chartis Center for Rural Health, a Top 15% hospital by Healthgrades in Outstanding Pt. Experience for last 2 years and many other awards. Peterson’s CEO, Pat Murray, would be the first to tell you that these achievements and measures are due only to the work ethic and patient experience culture that exists within the organization yet coincidently, all under the leadership of Pat and a very supportive Board.




Have You Seen This Person!
We’re Looking for A Players!

Our purpose is to help healthcare organizations succeed in the increasingly complex world of risk and insurance, and we need to add more “A players” to our team to support the growth of our organization.

Please be on the look out for the following positions:

HealthSure offers flexible work arrangements, a strong culture of empowerment, teamwork, and support to advance your career.




Small but important print
This communication is designed to provide a summary of significant developments to our clients. Information presented is based on known provisions. Additional facts and information or future developments may affect the subjects addressed. It is intended to be informational and does not constitute legal advice regarding any specific situation. Plan sponsors should consult and rely on their attorneys for legal advice.

©2019 HealthSure. All Rights Reserved.

Subscribe to Headlines


Take the Community Hospital Insurance Coalition (CHIC) for example. With our expert support and management, more than 30 rural hospitals who have come together to own this medical stop-loss reinsurance company. They are paying less for their insurance, improving benefits program performance, and receiving their share of a significant annual surplus cash distribution (~$2.5 million since inception in 2018).