Enabling mobile Medicaid via API management and security
Amerigroup Corporation is a Fortune 500 company and the ninth largest publicly-traded healthcare company in the United States with more than 1.9 million members in 11 states nationwide. Founded in 1994, Amerigroup focuses on coordinating local Medicare and Medicaid programs for the US government. In fact, one out of every 45 Medicaid recipients is serviced by Amerigroup nationwide. With more than four thousand employees across the US, Amerigroup processes 24 million claims annually for operations, prescription drug benefits, ambulatory care and more.
Amerigroup by the Numbers
- 1.9 million members
- $5.2 billion in revenues (2009)
- 4,000 employees
- 49 offices/facilities US-wide
- 2.2 million outcalls to members, assessing their health needs
- 24 million claims processed yearly
As the US federal government’s local healthcare representative, Amerigroup accepts all eligible people (regardless of age, sex, race or disability) and does not deny coverage due to pre-existing medical conditions. To accommodate Amerigroup members who are disabled, bed-ridden or otherwise unable to get to one of Amerigroup’s offices, associates make more than two million outcalls annually, in order to assess members’ health needs and ensure they are getting the right care. While Amerigroup processes more than 80 percent of insurance claims electronically, the associates on outcalls record meetings on paper, return to the office and key in the data. As with most data entry work, this system is prone to errors that raise costs and delay processing. Bringing this aspect of the business online was a key challenge in Amerigroup's ongoing efforts to provide better, more timely care for members.
Amerigroup’s IT group headquartered in Virginia Beach, Virginia looked at various approaches that would provide a secure way for associates to manage members electronically, in real time, from any location. As a result, Amerigroup designed and developed a mobile application for the Apple® iPad® that can interactively assess and record the healthcare needs of members in their homes or other places of care.
Although this approach facilitated mobility, the iPad offered little more than a way to create islands of information if it could not connect back to Amerigroup’s datacenter where the company's systems of record resided. But transmitting member information over cost-effective public networks raised a number of security questions for Amerigroup. For example, the sensitive data had to meet stringent HIPAA patient privacy requirements entailing encryption over the wire but there were also questions around safely traversing Amerigroup’s corporate firewall in order to access its internal applications exposed as API-based Web services. The IT group considered a VPN-based approach but did not think it streamlined enough – they wanted something that would “just work.”
In late 2010, Amerigroup put out an RFP for an API management project designed to securely connect its internal applications to mobile tablets. The company obtained a number of responses from vendors that promised to coordinate the whole project – if only Amerigroup would take a back seat in the project. Amerigroup selected Layer 7 Technologies not only because of Layer 7’s ability to work collaboratively with Amerigroup’s IT team but also because of Layer 7’s impressive security credentials, ease of use and ability to adapt to the tight deadlines of the project. In fact, the Layer 7 Gateway was up and running in less than a week, providing the API security and data routing Amerigroup required, effectively firewalling its JBOSS-based enterprise service bus (ESB) while guarding it against intrusion with strict API authentication and authorization as well as comprehensive threat protection.
In production in Texas since February 2011, Amerigroup’s mobile API management solution serves approximately 80,000 Medicaid recipients throughout the state. Initially, 50 case workers were equipped with the Apple iPad in order to provide real-time interaction with members at their residences or places of treatment, but that number is growing.
Information is recorded interactively directly within the iPad application and the data synchronized back to Amerigroup’s datacenter once the associate has access to a Wi-Fi or 3G access point. When the iPad application connects over the Internet to Amerigroup, the incoming XML messages are screened for threats by the Layer 7 device located in the DMZ. The incoming user is authenticated and authorized against the local LDAP before being routed via Amerigroup’s ESB to update the appropriate system of record. Troubleshooting is streamlined by easy access to Layer 7 log files that show requests and responses as they happen, simplifying diagnosis and helping to ensure high availability.
The iPad application allows Amerigroup to improve its healthcare coverage and member services, while increasing the effectiveness and efficiency of its Medicaid program. At the same time, Amerigroup is helping Texas to manage the healthcare needs of its citizens, while keeping it more affordable for taxpayers.
The API-based solution that connects the iPad app to Amerigroup’s internal systems is key to advancing the efficiency and capability of Amerigroup’s associates, allowing them to reduce time spent on administrative tasks and increase time spent with members. And with real-time information gathered from members, Amerigroup’s time to decision making has been greatly reduced.
Going forward, Amerigroup is looking at extending the solution to business partners, which include radiologists, test and lab services and hospitals that would then be able to submit claims directly to Amerigroup, further streamlining and simplifying the claims process.