HIStalk Interviews Russ Thomas, CEO, Availity

Russ Thomas, JD is CEO of Availity of Jacksonville, FL.

Tell me about yourself and the company.

Availity connects health plans and providers for their critical business workflows. Most people would call that a clearinghouse, but we think of it as a 21st century clearinghouse because we add a lot of intelligence around the workflows that we facilitate between providers and payers.

We’ve been doing that for almost 25 years. The company started in 2001. Today, we serve well over 3 million providers around the country. We will process $3.5 trillion of claims through our network this year.

We are big believers in what we call multi-modality. We take providers however we find them. If they are sophisticated providers working in their Epic environment, we love that. We are deeply integrated with Epic with our revenue cycle product. At the same time, we have literally millions of providers who access their payer information through Essentials, our real-time, multi-payer portal. That gives them the vast majority of the information that they need, day in day out, to run their business. It serves all types of providers, not just physicians, but anyone who’s providing healthcare to a patient and getting reimbursed by health plan. Think about Medicaid, which includes atypical providers — ramp builders, transportation companies, or somebody’s aunt or uncle or mom or dad who is getting reimbursed for providing care to them.

What are the most urgent opportunities in improving communication between providers and payers?

The most urgent opportunity is quality of information. We are very good at building and deploying technology to facilitate the exchange of information in a timely way to the right person with the right information that they need. The underlying quality of the content has to continue to improve. Authorization workflow is facilitated today between most health plans and providers. Trying to figure out that translation of provider-speak to payer-speak often involves phone calls and faxes, and wait times for authorization are still long.

In that example, we have found a way to automate that workflow. We acquired a company about a year ago called AuthAI and have implemented that with one payer, with others in process. We are literally creating a real-time exchange of authorization information, facilitating that authorization workflow in under 90 seconds, all the way through a medical necessity determination. It’s a huge provider satisfier and works great for the payers as well, bringing value to both sides of the equation.

Right or wrong, I assume good intent. I assume that providers only want to perform procedures that are appropriate, medically necessary, and good for patient care. I assume that payers want to pay the fair contracted rate for that care. If the administrative workflow is slowing that down, creating obstacles, or getting in the way of good medical practice and good reimbursement practice, it can be more trouble than it’s worth.

We focus on eliminating those administrative workflows that just get in the way and aren’t providing any value. They were put in place with good intentions at some point in the past, but now they are not helping to improve either patient quality or the relationship between providers and payers.

What impact will patients see from federally mandated payer-to-payer APIs?

We have launched that. We have our first cohort of payers implementing now. I think it’s three or four that we’re starting with and our second cohort is right behind it. Transparency, right? Interoperability.

Availity is in Jacksonville, FL. We have been a Florida Blue company for a long time for our health coverage. If we decide to move to somebody else, my data shouldn’t be siloed in the Florida Blue environment. There’s tons of opportunity to improve patient care, to improve transparency, and to make the provider’s job easier by mandating the exchange of that information between payers when either I individually or my company makes a decision to make a switch. It’s freeing up data, which is what I love about it.

What are your biggest takeaways from the Change Healthcare cyberattack?

I anticipated that question, but I still don’t know that I have the best answer to but a couple of things.

Security is paramount. We talk about it in terms of resiliency. Resiliency means that you have a you have a really good Plan A, which is to maintain the highest possible level of information security to protect your network. You’re going to see us advocating for this as a company.

The bar is higher for firms who do what we do. The bar for clearinghouses needs to be higher, for both the level of information security that we maintain and for the resiliency or redundancy of our networks, because the alternative to that is to try to figure out how to protect millions of endpoints. I don’t think that’s a fair burden to put on providers in particular, who are already stressed and trying to run businesses that are financially struggling in some cases.

We have been advocating aggressively in the last couple of months with CMS. Congress has gotten involved and should be focused on hardening the network itself, so that physicians and payers can continue to collaborate effectively.

Information security has to be your Plan A. You have to be world class at it, and it needs to be a culture within your organization. It certainly is for us.

Then, candidly, you need a redundancy plan. Your Plan B that assumes plan A fails at some point. When there is an attack, and when there is an impact from attack, you have to be able to bring the network back to full strength in time periods that are measured in days, if not hours, not in months or quarters.

The takeaway for us is that as good as we think we are from an information security perspective, we have to continue to get better, better, and better. Invest more and bring more resources to bear. Challenge ourselves to think differently about how to protect our network. We have to make sure that our redundancy plan remains strong. We’re doing things today to make sure that we are fully cloud migrated, so that when or if something happens, we are able to move environments really, really quickly and have as little impact on our clients as possible. Those are the key takeaways.

I’m at a large health system today where we extended the Availity Lifeline. Not to brag, but I think we’ve done a really nice job of helping providers get back in business. We’ve stood up 300,000 providers in the last 65 days and moved over $160 billion of claims that would have otherwise been stuck. As you can imagine, that has allowed us to make some really good relationships. One of the things that we are hearing from these providers is that we have to have a backup plan. Being on our own and having one system has worked for a long time, but we really need to think about how to create redundancy in our own network with a solid backup plan. That’s a takeaway not just for Availity, but for a lot of providers.

We were at our annual client conference in Arizona when the cyberattack started on February 21. We took the correct immediate step to disconnect from anything with a “U” in front of it, not just Change, but all of the Optum environments and all the UnitedHealth Group environments that we were connected to. We then said to ourselves, we don’t know how long this is going to last, but there will be providers and payers who need some help. We created this program called Availity Lifeline to bring claims and remits back up. We stripped down our revenue cycle product into a really simple, fundamental version of it that was just claims and remits, which are the lifeblood of the business relationship between a health plan and the provider.

We went out to the market and said, we’ll make this available to anyone who needs it, free and with no strings attached. You can terminate it with five days notice. You never pay us a nickel, but in the short term, this at least will help you as a health system to get claims and remittance flowing again so that you can continue to run your business while you figure out what you want to do. It’s been very successful, with 300,000 providers and 150 or 160 actual systems that have implemented Lifeline. As I mentioned, we have moved $160 billion of otherwise stuck claims between payers and providers.

UnitedHealth Group paid the hacker’s demanded ransom, but was still down for many weeks. Oracle’s Larry Ellison said that they could have come up quickly if they were running Oracle Cloud. Is it harder to recover a complex network than to restore a health system, and does cloud provide a lot of extra recovery benefit or just a head start?

Cloud gives you a ton of extra benefit. If you listen to UHG CEO Andrew Witty’s testimony to Congress, there was a lot of older technology behind the scenes of Change. That created some real challenges, based on what they have said, in terms how the bad guys got into the network and had the ability to root around for a week and half before they actually pulled the lever on the actual ransomware attack.

Being cloud-enabled absolutely is advantageous in getting networks back up faster when there’s an event. I don’t know whether Larry’s right that it would happen in minutes. From the Availity perspective, we are completing our cloud migration. We run two data centers, but we never have them both processing transactions at the same time for that very reason. One is primary and one is redundant.  If we had to move from A to B, we can do that in three to six hours. We also do some other things to protect our core data with things like immutable backups that nobody can touch. It’s a journey, but we are absolutely counting on our cloud migration to give us even further redundancy and resiliency against a cyberattack.

You’ve acquired Diameter Health and the Olive’s utilization management business since we last spoke. How did those acquisition round out your portfolio?

The first thing that we do, even in due diligence, is cyber audits and cyber reviews. Before we close, what do we need to do to bring an acquisition up to our standards for information security? We don’t do anything to combine, from a technical perspective, those kinds of capabilities until we have brought them up to standard if needed.

Diameter was a great acquisition. The best analogy that I can give is that it’s a refinery for clinical data. Unlike administrative data, a lot of clinical data has no structure. There are no standard terminologies that everyone uses. You get a lot of data in, but aren’t able to use it and apply it to business workflows in an automated fashion. Diameter upcycles – we use that term – and refines clinical data from a lot of different sources into consumable data elements that can then be implemented in an automated workflow. We are very happy with that acquisition. It is really core to our broader clinical data, clinical interoperability standard today.

AuthAI, likewise, has been great. We bought it with one client. We’ve now sold it to multiple clients. It is a true delighter. The difference between AuthAI and Diameter is that Diameter is more of an internal technology, while AuthAI has a user experience. We can walk into provider’s office and say, “We we have automated your auth workflows for the vast majority of the ‘ologies’ that you work with. Now you can get a response in 90 seconds, all the way through medical necessity determination.” That’s a difference-maker to a provider.

How will AI affect your business?

AI is going to give us new capability. We are pretty committed to it at this point. AuthAI is built on the premise that analytic AI is a great tool to apply in complex healthcare workflows. We’ve certainly seen that with our AuthAI solution. Internally, we are leveraging AI to simplify both our own workflows and our relationship with our providers and health plans and other customers.

I’ll say one thing as an example. I got demos yesterday from two really cool companies, not startups, but sort of earlier stage. One that is on the provider side is leveraging AI in clinical documentation to help providers by essentially transcribing their clinical conversation into an application, then leveraging AI to create a true clinical note and applying what the AI believes are the proper billing codes, ICD codes, to that note.  Great. That could be a real time saver for providers.

The other demo later in the day was an early-stage AI company that was building what you and I would call, from our experience, fraud, waste, and abuse capabilities for payers. They use AI to look at the pattern of how claims come in and the documentation behind a claim to make sure that the claims are appropriate and medically necessary and therefore should be paid.

If you think about those two conversations individually, on both sides, they are cool, save time, save energy, and drive efficiency. However, you have to make sure that you achieve true transparency and enhanced decision-making to get to the right result. I don’t want to arrive in a year or two at a scenario where payer AI and provider AI are arguing with each other over whether a claim should have been a denied or whether a code should have been paid.

To the extent that AI can be applied like we’ve applied it with AuthAI to automate a workflow, in the end, between a payer and provider, where everybody’s agreeing to the rules of the road and you are leveraging the AI to drive a more efficient, effective process, the promise of that is just spectacular. That gets me really excited.

CMS’s pay-and-chase policies and perhaps its lack of sophisticated technology allow seemingly obvious fraud to take place over years before someone might be brought to justice. Couldn’t technology detect outliers more quickly?

I think there’s a great opportunity there, 100%. We sell our Advanced Editing Services product into Medicare through the MACS. It is built in with as a real-time editing capability so that you can continue to learn where games are being played or where there’s potential for fraud, waste, or abuse. You can build new edits in real time and deploy those prospectively. Why are you paying this and going after it? What you should be doing is applying the rules prospectively to deny the activity or to prevent the activity in the first place. That is 100% where we are focused as a company.

I don’t think that’s just to protect from bad activity. We are focused on it in terms of shifting left. Availity serves as the gateway for payers that are representing well over 100 million covered lives in the US. Generally, all claims and all activity flow through Availity. We believe that through the application of technology, including AI, we can make our gateway smarter, so that by the time we pass a claim onto the payer, It can be screened for nefarious activity, but it can also be screened for clinical appropriateness, proper documentation, and all the things that are required to pay a claim accurately and in a timely fashion.

What are the key points of the company’s strategy over the next five years?

We have a good thing going at Availity. We have a pretty unusual capital structure in that some of my largest customers in our health plans are investors in the company. We have a really good culture at the organization, with people who really believe in our mission. In the next five years, we will continue to do what we’re doing today to drive better collaboration, better partnership, and more transparency of information between payers and providers.

Then, to eliminate some of these lagging, complex, administrative problems that drive hundreds of billions of dollars of inefficiency in healthcare and just piss everybody off. No patient wants to stand at the MRI counter waiting an hour for their auth to be approved or to be told that even though you have a scheduled appointment, you have to come back tomorrow because I can’t get your auth approved.

Good, bad, or otherwise, we have just scratched the surface on some of these super complex challenges in healthcare. Availity has in important role to play over the next five or 10 years in simplifying the process of healthcare.