A Little Thing About Insurance: A Strange Butterfly Effect Around Consolidation?
Everyone’s heard of the so-called “butterfly effect”; as the Wikipedia article on the subject explains it, “In chaos theory, the butterfly effect is the sensitive dependence on initial conditions in which a small change in one state of a deterministic nonlinear system can result in large differences in a later state. The term is closely associated with the work of mathematician and meteorologist Edward Norton Lorenz. He noted that butterfly effect is derived from the metaphorical example of the details of a tornado (the exact time of formation, the exact path taken) being influenced by minor perturbations such as a distant butterfly flapping its wings several weeks earlier. Lorenz originally used a seagull causing a storm but was persuaded to make it more poetic with the use of butterfly and tornado by 1972. Lorenz discovered the effect when he observed runs of his weather model with initial condition data that were rounded in a seemingly inconsequential manner. He noted that the weather model would fail to reproduce the results of runs with the unrounded initial condition data. A very small change in initial conditions had created a significantly different outcome.”
And that concept came to mind for me recently when reading an article by Tanya Albert Henry, a contributing news writer at the American Medical Association, entitled “Nearly 30% of medical liability insurance premiums rose in 2021.” In that article, published to the AMA’s website on March 30, Henry wrote that, “After nearly a decade of fairly stable rates, the proportions of medical liability insurance premiums that have increased year-to-year over the past three years have reached highs unseen since the turn of the century. In 2019, the share of premiums that increased from 2018 jumped to 26.5%, nearly double the 13.7% that had increased between 2017 and 2018. Then in 2020, the share of premiums that increased went up again when more than 30% of premium changes were in the upward direction. And in 2021, nearly 30% of premiums rose from 2020,” she wrote.
Indeed, Henry noted, physicians in some states saw eye-popping med-mal insurance rate increases between 2020 to 2021, from 20 percent in Oregon, to 29.6 percent in Missouri, to 41.7 percent in West Virginia, to a mind-blowing 58.9 percent in Illinois. And she noted that, among the 12 states with 10-percent-or-higher rate increases during that one-year period, “Eight of these 12 states have experienced large premium increases for at least the last two years: Illinois, Missouri, Oregon, South Carolina, Kentucky, Michigan, Texas and Georgia.” As Henry wrote, “The numbers are broken down in an AMA Policy Research Perspectives report published in March, ‘Prevalence of Medical Liability Premium Increases Unseen Since 2000s Continues for Third Year in a Row.’” And she quoted AMA president Gerald E. Harmon, M.D., as stating that “The medical liability insurance cycle is in a period of increasing premiums, compounding the economic woes for medical practices that struggled during the past two years of the pandemic. The increase in premiums can force physicians to close their practices or drop vital services. This is detrimental to patients as higher medical costs can lead to reduced access to care.”
Meanwhile, in another corner of the healthcare industry, Angela Rivera, a principal in The Chartis Group, the Chicago-based consulting firm, wrote in a report last year entitled “Skyrocketing Cybersecurity Insurance Costs and Rise of Attacks: 4 Considerations Senior Healthcare Executives Should Know,” that, “According to a leading commercial risk solutions company, premiums are expected to increase 20 to 50 percent throughout 2021. However, considering healthcare is a higher-risk industry, some health systems have already reported increases of 50 to 100 percent for the same or less coverage. Because there is limited actuarial data on the financial impact of cyberattacks, insurance companies are tightening up cyber insurance policies and revising pricing strategies to cover their own risk.”
Rivera told readers to “Face the facts: a cyber incident is ‘when,’ not ‘if,’” writing that, “The day will likely come when your organization will experience a cyberattack or major breach: even the most trusted organizations have succumbed to this inevitability. These types of incidents typically create a new urgency with leadership and most often result in an evaluation of what could have been done differently. In some cases, this heightened awareness leads executives to invest in new technologies that could have significantly minimized the risk. It is important to recognize that insurance companies do not pay for the cost to upgrade or install internal security systems after a cyber event,” she emphasized. “Therefore, waiting for the pressure to invest in security-mitigating technology after an event has occurred will likely end up costing your organization much more overall, given the total cost a healthcare organization assumes because of an incident.”
How are these two seemingly unrelated developments/trends actually related? Here’s how. This ongoing, dramatic increase in medical malpractice liability insurance is continuing to convince many physicians in private practice to flee solo practice or even small-group practice for the financial protection of large-group practice or direct employment by hospitals health systems, and in some cases, even health plans. The financial risks are simply too great now, and physicians in the U.S. are becoming far, far less willing to fight for practice “independence,” while continuing to take on such medical practice-killing risks. Meanwhile, smaller and standalone hospitals, faced with the potentially catastrophic impact of a successful ransomware attack, are finding that remaining standalone or independent is becoming less and less worth the financial risk, and are fleeing into the arms of existing multi-hospital systems, in order to be able to survive system-killing cyber attacks. The costs of cybersecurity insurance are simply becoming to high for smaller, standalone, and independent hospitals to sustain any longer.
So these two insurance developments, though technically unrelated, speak to a very important reality in today’s healthcare industry: being small, as an individual clinician or as an organization, is simply no longer viable in many situations now, in U.S. healthcare. The financial risks, whether involving medical malpractice insurance for practicing physicians, or involving cybersecurity insurance for patient care organizations, are becoming overwhelming. And while there are many who routinely decry the “corporatization of U.S. healthcare,” the days of “Marcus Welby, M.D.” are well and truly over, now. Sure, some physicians wax nostalgic about the days when a doctor could “hang out a shingle” and happily practice in isolation as a solo practitioner. But even as the medical malpractice landscape has shifted inexorably, all the other elements in medical practice have shifted as well. No solo practitioner could possibly engage in robust care management, partly because the staff that that physician would need to surround her/himself with in order to execute on care management, would simply be financially exorbitant.
But physicians in large, primary care and multispecialty groups are flourishing in population health management and care management work, and they’re finding some of the burdens that had fallen on them are being at least partially lifted, as physician assistants and nurse practitioners, nurse case and care managers, clinical social workers, and dieticians, are providing them with the multi-faceted support they need, and are addressing their patients’ chronic disease issues in ways that truly extend their care capabilities.
And, perhaps analogously, formerly standalone hospitals, when they join multi-hospital systems, are coming into team-based organizations with large, highly skilled health IT teams, including IT security teams, and are benefiting from being part of those large integrated health systems. What standalone hospitals can afford to engage in the most advanced health IT security strategies—behavioral monitoring, advanced network segmentation, and the engagement of security operations centers (SOCs)? When it comes to smaller standalone hospitals, the frank answer is, virtually none.
So the reality of the current landscape in U.S. healthcare is this: consolidation is moving forward, not just because of purely business strategic reasons, but also because the cost calculuses around these two different types of insurance are inexorably shifting, making being small and detached far less viable than ever before—and, increasingly, over time, likely totally non-viable. The world is moving forward, and smallness and detachedness are becoming increasingly impossible. As the Wikipedia article states, “While the "butterfly effect" is often explained as being synonymous with sensitive dependence on initial conditions of the kind described by [Edward Norton] Lorenz in his 1963 paper (and previously observed by Poincaré), the butterfly metaphor was originally applied to work he published in 1969 which took the idea a step further. Lorenz proposed a mathematical model for how tiny motions in the atmosphere scale up to affect larger systems.” Yes—that.