Provider Data Management - A Niche but Important Problem

TL;DR

It’s hard to know whether a doctor is actually in-network or not. A big part of this issue is that every payer has to keep an up-to-date provider roster that has all the correct attributes about the doctor, where they practice, and the contract details. This is a surprisingly hard problem because all the relevant data lives in totally separate places, they update at different cadences, or they aren’t up to date at all.

CertifyOS is a provider data infrastructure company that aggregates data from hundreds of primary sources (rosters, CAQH, state licensing boards, credentialing systems, the providers themselves, and more). Their aim is to create a single source of truth on each provider in a health plan's network. 

We’ll talk today about the provider data management problem, look under the hood at CertifyOS, and discuss some of the headwinds and tailwinds and even bellywinds for a business like this.

—

‍This is a sponsored post. You can read more about my rules/thoughts on sponsored posts here. 

Company name - CertifyOS

Today we’re talking about CertifyOS, a company that helps payers manage their provider data. There was a period of time where everyone wanted to call their companies operating systems because just saying “software” or “platform” was beneath them. But I was thinking other things that the OS in CertifyOS could stand for:

• Out-of-date Spreadsheet, for obvious reasons
• Ohmygod Stopit, for when you see how payers manage this today
• Open Sesame, as an homage for the data unlock from siloed systems
• Obviously Stoned, an homage to whoever thought of this entire process

What are some better ones I’m missing?

What is provider data management?

When you go to your health plan's provider directory and search for an in-network dermatologist within 10 miles, how confident are you that the results are accurate? Because I’m so not confident…that an online pharmacy startup would give me a beta blocker.

In order to make those directories accurate, payers have to maintain databases of all of their clinicians, care settings, and contracts with them. This is colloquially called provider data management (PDM).

Provider data management is basically the entire lifecycle of keeping track of who providers are and what they do. That sounds simple until you realize that a single provider can:

• Practice at multiple locations - Dr. Reyes is at both the Heart Center Mon/Wed/Fri and the Brooklyn Cath Lab Tue/Thu.
• Be part of multiple groups - She’s under Brooklyn Wellness Care AND Metro Cardiology Associates, each with their own Tax Identification Number.
• Hold multiple specialties - Internal medicine, cardiovascular disease, interventional cardiology, critical care.
• Have multiple personalities - mostly the psychiatrists, ironically
• Participate in multiple networks- PPO, EPO, and Medicare Advantage (each with different contract terms and effective dates)
• Be in multiple states - New York and New Jersey, each with their own licensing board
• Need to hold multiple different certificates, licenses, etc. - have to be confirmed and up to date (DEA registration, board certs, hospital privileges)
• Change any of these things at basically any time without telling anyone

Providers, groups, locations, specialties, and networks are similar to the average Portland relationship - many to many. If Dr. Reyes is in two groups at four locations across three networks with four specialties, that's potentially 96 unique rows on a roster. That’s for a single doc! Now multiply that by every provider in a health plan's network - the average provider contracts with 20+ health plans (telemedicine providers are even more promiscuous). 

So you can see how this data problem can get thorny, especially because things can change and then every payer has to be notified. And everyone loves calling the payers right?

This provider data ends up being the foundation for a lot of downstream processes. Things like:

• Claims Processing: If you want to make sure it’s the same doctor you have a contract with, their core data has to be right. This ends up leading to downstream denials and arguing back and forth.
• Network Adequacy: Payers are required to have a certain number of physicians in-network in a given state for patients to access care. In order to prove that, you actually have to keep the data about your physicians up to date (otherwise risking penalties).
• Contract Management and Fraud, Waste, and Abuse: Hard to know if you’re paying the right amount to a provider if you’re not sure it’s the right provider.
• Care Navigation and Referral Routing: If you want patients to go to lower cost care settings, then you can’t have patients show up and find out the clinic doesn’t exist anymore, right?

So, getting the core data right is important if you want your downstream processes to be done correctly.

What is the pain point that’s being solved? What does CertifyOS do?

In order to deal with this, payers have implemented a bunch of processes that were impressive in 1999. 

• Giant Excel rosters - this is particularly painful when dealing with providers that have “delegated credentialing” (aka credential their own providers according to the payers rules). The rosters they send will be in all sorts of wonky formats and have tons of duplicate physicians.
• CAQH ProView - to get access to credentialing data. That is…if the provider actually remembers to update their info. Go on, ask your doc if they updated it recently. I’ll wait.
• Manual verification processes - where provider relations teams literally fax providers to verify their information and then hand-key the responses into 3-4 different systems.
• Custom-built internal platforms - these often took 2-3 years to implement, cost eight figures, and are now maintained by a team of four people who are the only ones who understand how it works (one of whom, Brenda, is about to retire).

If a payer’s system thinks Dr. Reyes is at Location A when she's been at Location B for eight months, then the claim is going to have the wrong info and get denied. This is a bad experience for the provider, the member, and the payer that now needs to deal with the fallout.

CertifyOS is a platform that ingests provider data from everywhere. Delegate rosters, CAQH, NPPES (pronounced “En-Pez” instead of “Nips”, learned that the hard way), state licensing boards, and the providers themselves. It normalizes these feeds into a single standardized data model, and then makes that clean data available to every downstream system that needs it. 

You upload the monthly roster dump and then… can you guess what technology is used to help with formatting and validation? The AI helps get everything together - does the National Provider Identifier (NPI) have the right amount of numbers? Can similar entities be combined e.g. PCP and primary care? 

By the end you have a golden record that shows one view with the data. You can see Dr. Reyes's full web of relationships: four locations, two groups, three networks. It also can show:

• History - a full audit log of every change, who made it, when, and from what source. "Where did this cardiology specialty come from?" "Nigel Thomas updated it manually on March 3rd, and CAQH and NPPES both confirmed it.
• Lineage - which sources are reporting what for this specific attribute. Maybe CAQH, NPPES, and the credentialing data all agree this provider is a cardiovascular disease specialist. 
• Survivorship - when sources conflict, configurable rules determine which source "wins." You can set it so that for specialty, you trust CAQH first, then NPPES, then the roster. For network participation, you trust the contracts team. For addresses, maybe you trust the provider's own attestation.

On the provider side, there's a portal where providers log in, see what every health plan has on file for them, and do their 90-day, No Surprises Act attestation. They review, update, confirm, and sign, after which the health plan can review and confirm. Kill the damn faxes.

Payers can then pipe the cleaned provider data out via API or scheduled exports to wherever it needs to go. For example the member-facing directory, the claims system, network adequacy reports, etc. It also gives the payer a geographic lens into what their networks look like.

What Is The Business Model And Who Is The End User?

CertifyOS’s primary customers are health plans. Specifically they target the users that are managing provider networks - think Director of Provider Data Management, VP of Network Operations, or the Provider Relations team that's currently spending their lives cleaning rosters and chasing attestations. At smaller plans this might be a single person wearing multiple hats, at large nationals this is an entire department.

ProviderHub is modular. You can buy just the core PDM piece (roster ingestion, normalization, golden record), just the credentialing workflow, just the provider self-service portal, or the full platform end-to-end. Most customers start with one module and expand as they get comfortable with the data quality and the workflow changes. Pricing is per-member-per-month or per-provider, depending on the use case.

Job Openings

CertifyOS is hiring for a few positions:

• Implementation Leader
• Team Lead, Cred
• Director of Product Mgmt
• provider data management specialist 

And more here

Out-Of-Pocket Take

There are a lot of things I think are interesting about CertifyOS. A few things in particular that stood out as I was going down the rabbit hole.

Ghost networks are becoming a legal issue - It’s bad enough your dates are ghosting you, your doc shouldn’t be too. 

If you’re a payer you can pay penalties if your directories are out of date. You can be violating ERISA and considered not doing your fiduciary duty - a recent $5.7M settlement against Cigna established this. The No Surprises Act requires plans to verify their directories are up to date every 90 days and penalties can reach $10,000 per violation for providers and $100/day per affected individual for plans. There’s a big class action suit moving along against Carelon for having ghost networks (when they say your doc is in-network on the site but they aren’t). 

In general there’s a legal and penalty reason to keep this provider data up to date. This seems to be ramping up quickly - this administration is focused on enforcing more of these rules that have not been enforced and are popular with the people. If there’s more reason to get your provider data in order, that works in CertifyOS’s favor.

A clear AI use case targeting admin issues - When people talk about healthcare having too much admin…this problem is like the final boss of admin. Managing provider directories today requires a LOT of people doing manual, repetitive work. It’s like working the mines, but excel. AI is getting particularly good at this work, like column mapping, auto-correcting formatting issues, remembering historical decisions, etc. There’s no personal health information involved and maintaining provider directories is not exactly a core differentiator for health plans.

Feels like a slam dunk use case for large language models. 

Going the payer route - You can tackle this credentialing and provider management problem from multiple angles. You can do it from the provider angle and make it easier for them to fill out a million forms. Or you can go the payer angle where you manage the process of receiving the information. CertifyOS has chosen to go down the payer route.

Since payers are largely the ones that are setting a lot of these credentialing rules, if you go deep enough into the payer realm and get critical mass you can actually change the process itself. One part of this might be helping payers coordinate data sharing - if one payer verifies the doctor address changes, it could share the data with all the other payers and update their rosters

At its most extreme form, you could create a shared credentialing process that acts like a common app across the different payers. That way providers can just give all the information in one place and it’s disseminated across all the payers. This would reduce cost and admin spend for everyone.

–

As with any company, I think CertifyOS will have certain challenges as they grow as well.

How much do payers care? Provider data has been a mess for decades and everyone has kind of just... accepted it. Like that one closet in your house you don’t show guests. Payers have known their directories are inaccurate, the issue is that there hasn’t exactly been a lot of pressure to change it. Will these new penalties and regulations be enough for them to care, or are they fine with just eating the cost? If you’re allocating resources internally, how does it stack against more visible priorities like medical cost management or Star Ratings. 

It’s possible that this issue continues to be a lightning rod and the cost of fixing it (esp with AI tools) comes down enough that the operational lift isn’t as high.

Competition - There’s a few vectors of competition. 

• Tools that help providers credential faster. If it becomes really easy for providers to fill out a bunch of different forms, then there’s less pressure for payers to change their own processes. 
• There are other companies that offer services to help payers manage their provider directories, credentialing, etc.
• What if entities that already have some of the underlying data (e.g. CAQH, NPPES, etc.) offer some version of this themselves?
• And how much do payers believe they can just do this themselves or throw bodies against the problem to solve it?

CertifyOS’s bet is that AI tools are a meaningful differentiator when it comes to cleaning the data, adding complex rules to figure out the truth, etc. And that those AI tools get better as they work with more payers that enable their systems to get smarter and update the provider info across customers. They believe there’s more leverage working across payers and data sources to fix the problem.

Is the underlying data good? - This problem really only gets solved if the underlying data is actually good. Are providers actually going to fill all the correct details? Will they update it regularly when changes are made? I’ll be honest, when I started Out-Of-Pocket I registered the business to my home address. I moved a few months later and for two years I was changing the address in various different places - so I understand why providers don’t do it either. But getting this info on a recurring basis is key to solving the provider data problem.

Conclusion And Parting Thoughts

I actually had a chance to speak at CertifyOS’s conference earlier this year where they brought together a bunch of people from health plans that manage provider directories. I was pretty stunned at how many different slices of the provider data they needed, what they needed to keep it organized, and challenges they had in getting the data. 

Then I got on stage and started talking about peptides and Medicaid divorces to some horrified onlookers.

My takeaway though is that provider data management is a combination of a coordination problem between the payers and a data normalization problem. CertifyOS is making the bet that it can solve both, and attempting to get the payers to get on board with them.

All I know is that this is an admin beast we can and must defeat.

Thinkboi out,

Nikhil aka. “Ghost in the (insurance) Machine” aka. “CheeriOS”

Twitter: ​@nikillinit​

IG: ​@outofpockethealth​

Other posts: ​outofpocket.health/posts​

‎If you’re enjoying the newsletter, do me a solid and shoot this over to a friend or healthcare slack channel and tell them to sign up. The line between unemployment and founder of a startup is traction and whether your parents believe you have a job.