Tilting At Windmills: Adventures In The US Healthcare System

July 28, 2014

I once worked for a healthcare company owned by three US health insurance companies, and a consulting firm I worked for had a customer building clinic management software. I am in the middle of two surgeries on my feet. Don't worry, it's all related and has a coding angle (and that's a pun).

If you are reading this from another country please feel free to laugh at any of this.

First a little overview. Then stories.

The core of the US Healthcare "system" is a triangle: Provider, Payer and Patient. Each communicates with the others. Providers are anyone who provider health care such as doctors and hospitals; Payers are insurance companies or government agencies; Patients are you and me.

In 1996 the US Congress passed the HIPAA act, strangely one of the better ideas it ever had, though it isn't perfect and is rarely enforced. Most people think of HIPAA as codifying the privacy of your healthcare information but it is much deeper than that. The part I dealt with was the standardization of the electronic data passed between the Providers and Payers.

One other thing to know about is that HIPAA describes the data formats but the actual description of services and items to be paid for is done with Coding in which each item is assigned a code that uniquely (or not) identifies what was done or sold. These codes are defined, or at least mandated, by the US Government. Currently there are something like 14,000 codes but are about to expand to ten times that many. So everything that happens to you has one or more codes associated with it. People who figure out what codes to select are called, not surprisingly, Coders.

So when you go to the doctor and have anything done, the doctor's billing department will determine what codes to assign for the service. Often the form the doctor fills out is already broken down by code, sometimes the practice management system will assign the codes, or the information is passed to a Coder if it's complicated. These codes plus meta data are now embedded in the appropriate HIPAA electronic form; these days everyone has software that does this. Now the form is sent to a specialized company that essentially acts as "plumbing", passing the data back and forth between the Providers and the Payers. I worked for such a company, it made like $.25 for each claim. The information is validated before making it to the Payer's system.

Validation is performed against the HIPAA rules which are defined in a machine-readable way; you can actually build a validator automatically but most companies use a library or service. How strict the validation is is up to the "plumbing" company and the Payer.

Once it gets to the Payer the information is checked by an army of clerks whose job is to determine if the coding is correct, and what will be paid. Incorrect coding will reject the entire claim and the Payer will need to fix the problem and resubmit.

I've always imagined the Payer clerks to be like Bob Cratchit working in Scrooge's office with no heat deciding whether to pay for Tiny Tim's crutches.

Assuming the claim is accepted the results are returned to the Provider who can then bill the Patient for the uncovered items and pocket the money the Payer sends them.

Naturally this is a gross oversimplification as in reality everything is way more ugly and complicated.

Coding errors and unoptimized codings are a major source of problems for Providers. If you screw up, it might be months before you get paid. Even worse, coding is an inexact science; if you don't choose the right combination of codes you are leaving money on the table. Sometimes it becomes a war of codes to get what you think you deserve or to maximize your profit. Really good Coders are a profit center.

The other source of maximizing income is to ensure that the patient pays as much as possible as soon as possible, since the Payer payout may be delayed. Despite everything being coded in the system, not every Provider feels the need to put detail in their bills to the patient. The detailed information itself may be so complex that you the Patient really has no idea how accurate it is.

For my first foot surgery the doctor's office estimated what I needed to pay up front by doing a preliminary lookup against the Payer's system. Of course this is an estimate on par with estimating how long software will take to write, i.e. a guess. In my case two different people calculated two different amounts. After the surgery you start seeing the claim information from the Payer's website, and get new bills from the various Providers, and of course none of the numbers match anything. It's strange that a system where the exact information passed between the Payer and Provider is mandated often has the information presented to the Patient as inexact. But don't be fooled, every last detail is known to the participants.

What is insane about HIPAA is that it doesn't define any standard to communication between the Payer and Provider to the Patient. So sometimes you get a highly detailed bill, and sometimes you get almost nothing. The surgery center sent me a bill which had a total and a number of line items marked "adjustments" but no information about what they were. None of the lines matched anything the Payer showed in the claim details; even the total is a mystery.

I remember car dealers used to add lines to invoices with things called ADP; they looked like something important but actually meant Additional Dealer Profit. They probably still do this by added things like coatings and other clearly optional items that do nothing but add more profit. It would be easy for Providers to do the same since without details you have no way to audit a bill, and with details it's so complex you can't match them to anything.

A few stories to illustrate all the fun inherent in the system.

Before the HIPAA mandate took effect around 2004, every Provider had to update or buy a new system to communicate electronically and follow the new rules. The consulting firm I worked for got a customer who was frantically trying to finish a system before the deadline.

This startup had marketed a new practice management system for certain speciality clinics with a killer feature: an expert system written by an acknowledged master of Coding. People threw money at them to be first in line just to beta test, they invested in the company to get ahead. It was nuts how desperate the customers were. All the startup had to do was deliver the software.

Oh yeah, that. Apparently they had some friends who agreed to manage the development as the company itself knew nothing of software development. Paranoia was rampant as they were afraid someone would steal the source code and they would lose their customers. Thus the development was done by 30 engineers, each of which was given a vertical slice of the application, from database to UX, but no access to anyone's else's source code, just a library. Anyone caught looking at other source code was instantly fired. Naturally this was a disaster: the earliest beta testers were horrified as the app crashed frequently and every page was different and inconsistent. So the startup came to us to ask for help, then promptly fired the whole development team.

The app had never been built from source, it took two months or so to actually build something, and when we looked at it the result was incomprehensible. We tried to fix it anyway but it was hopeless. After spending hundreds of thousands of dollars in billings the customer vanished one night leaving us completely unpaid. A few months later our entire office was laid off, probably due to the unpaid bills.

I'm sure other people were far more successful in delivering such software, which usually is not that complicated (scheduling, billing, etc). The master coding angle was the killer feature since that directly affects income. I wish we had just written our own version; the preorders for the software was tens of millions and the market was massive. Your doctor may be brilliant but you doctor's software might have been written by these folks!

When I worked for the "plumbing" company I had occasion to have phone conferences with our parent insurance companies for various projects. One guy I remember was an Enterprise Architect but in discussing a project I found he knew nothing about XML. That I had to explain what it was was baffling. "Enterprise" and "XML" go together.

We wanted to have a service for our Provider customers where they could look up the status of a claim, since the Payers routinely took forever to respond. The proposal was for us to provide a way for them to look up a claim by date or detail and we would query the Payer. When I talked with the first Payer, all they could offer was a single API that returned a fixed number (like 10) of claims by Provider in no order, and the call typically took 10 seconds or so to return.

I asked if they could at least apply a sort order but they said no. I asked if I could request more than 10 but they said impossible. I asked for a search by field but that too couldn't be done. They suggested that our customer supply a claim id and we could in background retrieve the data slowly over many hours and return the result in an email the next day. Personally I thought we could expedite it by using Pony Express with data carved into stone by a scribe. I left the job so I have no idea what happened.

The problem with Payers is that their systems are often decades old and likely impossible to change and much of the decision making is manual, like the caves in Pennsylvania where the Veteran Administration processes claims. I assume the Payers are a little more advanced than that story. I really hope so.

The overall problem is that the system is so complex it creates not only inefficiencies that sap money from the system it also create enormous opportunity to extract extra income, both legally and through fraud. It's a combination of missing government action (such as no requirements for patient billing communication), complex inflexible software at the Payers, and a system where auditing is extremely difficult especially for the Patient.

In today's political climate HIPAA itself would never pass much less any actual reform to the process itself (AHCA is basically getting Payers to cover pre-existing conditions in exchange for more guaranteed income). I have no doubt that improvements will be minimal at best. Yes the seeds of change are there since much of the process is standardized on forms and codes but the systems themselves are too clunky to change dramatically, and the potential for vast profit too easy to hide amongst the weeds. Governments are of course not always known for making great decisions, but at least they can provide a kick in the ass to an industry if they want to.

Having seen enough of this from the inside (I have more stories but enough for today) I can't help but be pessimistic for the future. The rest of the world's systems have their own issues but this one is too big, too expensive, and too complicated to recommend to anyone as an example of anything but a mess.