Case Management Services: Time to Pivot

Source: CMSA Today



Care/case management (CM) services have continued to evolve since the passing of the Health Maintenance Organization (HMO) Act of 1973. Viewed at first as the “pulse-check” for service-requests’ reviews for cost control, CM had to fight for carving niche skills to demonstrate value and compliance with regulatory requirements as they adhere to their standards of practice advocating for persons in their care.

CMs’ struggles to assert the specialty within the healthcare landscape necessitated wearing different hats or better yet, different capes, to speak to the value of CM services and to the delivery of quality, cost-effective care for individuals, families and communities. In the process of doing so, CM services carried different names or titles relative to the organization or “soup de jour” trends in healthcare, running the gamut of discharge planners, utilization reviewers, care coordinators, care facilitators, care connectors, care navigators…etc., as bureaucrats focused on one aspect of their role or their return on investment (ROI). Decades since their inception, CM services and entities representing the specialty demonstrated value and impact as core partners in the healthcare ecosystem to be reckoned with. This is what I plan to demonstrate in this article as we focus on, yet again, another pivot in the face of the dominance of artificial intelligence (AI) and cybersecurity risks.



My purpose in this article is to explain critical changes in the healthcare landscape that have been slowly chiseling at not only the need for case management services, but also commanding CM to perform in different ways to ascertain the value of case management services through the changing tides. Following is an accounting of historical developments in healthcare that created a tsunami of change not only with their rollout but also in their enforcement and amendments over time. CM services were calibrated over time relative to surveys or other performance metrics that were deemed necessary to demonstrate value in earning patients’ trust through coordination of care, education, support navigating the health system and facilitating safe care transitions among other CM functions. Further, the serendipitous effect of their work and dedication to patients contributed to patient satisfaction and cost control, which were major regulators’ goals to curb rising healthcare costs without compromising quality of care (Centers for Medicare & Medicaid Services [CMS], 2014).


Through continual evolution of healthcare delivery, coverage and regulation, key legislative acts not only created the need for technology but also demanded the safe use of technology. Regulatory expectations were set to regularly enforce and monitor compliance with these laws. Critical laws related to the spread of technology included:

Privacy Act of 1974. Initially, the Privacy Act limited the use of personal information for authorized reasons and prohibited the unnecessary use of information for other purposes. Furthermore, the Privacy Act required that individuals have the right to not only access their own records, but also have a copy of these records. This requirement allowed individuals to discover what information about them is being collected or shared and gave them the ability to revise or correct misinformation and control what type of information or disclosures are shared (Fremgen, 2016). The Privacy Act brought about expectations of sufficient safeguards to be put in place to prevent inappropriate sharing of personal information and/or misuse of such information (Fremgen). This law seemed to be the catalyst for creative solutions for systems to find ways for privacy protection that is often compromised by paper trails. Earlier CM work was strictly through paper records that CMs kept aside from the actual medical records. Inherent in such practices were the risks of loose safeguarding of these records, particularly with the need to have them readily available for staffing coverage and handoffs. Clearly, further safeguards of privacy and confidentiality were needed, but not much occurred until a couple of decades later, as explained next.

Health Insurance Portability and Accountability Act (HIPAA). Signed into law on August 21, 1996, HIPAA was passed to lower healthcare costs and streamline the fragmented and complex healthcare system in the U.S. HIPAA covered most entities within healthcare from patients to providers, payers/health plans, pharmacies and medical device companies. With overarching key objectives, HIPAA’s mandated compliance included:

  • Promoting continued health coverage through portability of health insurance
  • Promoting the use of health saving accounts
  • Combating fraud, waste and abuse (FWA) of healthcare resources
  • Simplifying the administration of health insurance (affects providers, health plans and clearing houses) making it cheaper and simpler to electronically transmit health information (Fremgen).

The Department of Health and Human Services (DHHS/HHS) was assigned, by Congress, the responsibility of developing detailed privacy standards that included improved efficiencies and effectiveness of health systems through electronic exchange of administrative and financial information, tight security and privacy protection of individuals’ medical information and cost reduction of transactions inclusive of paper-transactions, multiple data platforms, lost records, misuse and errors in health information (Fremgen). With this springboard to technology laid out, more regulations were passed, adding further restrictions as well as clarifications of prior legislative acts.

The Privacy Rule. The Privacy Rule went into effect on April 14, 2001, allowing healthcare organizations or covered entities, two years’ period (April 14, 2003) to become compliant with privacy, security and electronic data provisions. The compliance expectations were set for these entities to achieve key measures such as:

  • Standardized electronic medical records (EMRs) or standardized electronic health records (EHRs), administrative and financial data inclusive of claims, claim-payments, service claims status, health plans’ enrollment and disenrollment reporting, eligibility tracking and payments.
  • Unique identifiers and codes for providers, members/enrollees, employers and health plans.
  • Having confidentiality standards in place to ascertain security of the EMR and unique identifiers of individuals and their health information over time.

The Privacy Rule applied to and defined protected health information (PHI) to include name, age, gender, Social Security number, address, email, zip code, diagnosis (medical diagnosis as well as mental/behavioral health diagnosis) and other individually identifiable information relating to all past, ongoing or future diagnostics and treatments (Fremgen). Protection of PHI triggered lot of changes in CM services in different care settings as CMs were honing further navigation skills for safer and confidential care coordination and continuity of care.

For those of us working in CM during that period, it was constantly frustrating trying to get information to facilitate care or to arrange for claims’ payment among other necessary services where many interdependent providers were reluctant to share information under the premise of PHI-restricted communication. During this evolutionary struggle to deliver smooth CM services, health systems were trying to fine-tune their EMRs/EHRs, with the realization that further changes or requirements lie in wait just around the corner, so to speak.

Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH was enacted in 2009 under The American Recovery & Reinvestment Act (ARRA) to modernize the nation’s use of technology when dealing with PHI. At that time, HITECH requirements were like wielding a weapon to get necessary information for care coordination and easing patients’ journeys through the system. HITECH promoted the concept of “Meaningful Use” of health information technology, providing exceptions for health information related to treatment, payment, and health care operations (TPO), and further expanded privacy rules to include “Business Associates” in a must compliance with Privacy Rules, and not just covered entities as HIPAA stipulated (Burde, 2024, and Fremgen, 2016). HITECH also provided financial incentives to “eligible professionals” for the meaningful use of certified qualified EHR through the “Authorized testing and certification body” (ATCB). Yearly payments were set for a five-year period, gradually tapering down by the fifth year, as well as specific criteria for meaningful use throughout the stages of rollout (Burde). However, just as HITECH had positive changes and incentives for meaningful use, it also had more serious penalties for breaches of confidentiality or delays in reporting. Of note, the staging of the HITECH rollout had significant repercussions on CM services.

  1. Stage one standards of meaningful use involved electronic capture of health information in coded format to track critical clinical conditions, communicate information for smoother care coordination and quality measures. EHR had to properly capture patient demographics, insurance information, drug interactions and e-prescribing.
  2. Stage two expanded disease management, drug-management, transitions of care (TOC), and bidirectional information with public health agencies and health information exchanges.
  3. Stage three enhanced quality and safety measures, decision support for priority conditions, patient access to self-management tools and population health management.

Clearly, CM services caught in this vortex of technological advancement had to go through transformations of their own to keep up and to demonstrate value. Furthermore, CMs must embrace their professional responsibilities and scholarship, under the Standards of Practice (SOP) to identify and apply best practices in healthcare delivery (CMSA, 2016). Riding the wave of technological advancement and the impact on CM services is a natural progression for the specialty.


Regulatory mandates for patients’ privacy and confidentiality protections as well as care coordination, and information exchanges, opened wide the flood gates for technology. With no turning back, technological advances and refinements have continued since. The interest in this article is in advancements within healthcare, from medical records and health information to education, virtual simulation learning, training of clinicians and other allied health professionals, public health systems and interoperability of health systems. Key technology specs for CM services requiring recalibration, are:

Artificial Intelligence (AI). AI has been in use in different areas with the purpose of improving efficiency and effective use or dissemination of health information. Y2K was the start of voice recognition technology such as today’s Dragon software, which was adopted to allow physicians to input information by voice, in real time, on mobile devices as they assess their patients. This technology has evolved fast enough to spot inconsistencies in dictation and even has intelligence software to flag missing clarification of patient’s condition(s) such as prompting the physician to input certain biometrics to support diagnostics or treatment (Fremgen), thus allowing for accuracy of information and speed of claim-processing and payment.

AI was defined as the science and engineering of designing intelligent machines through algorithms or a set of rules depending on where the application will be used. The machine mimics human cognitive functions like problem solving or learning. These smart machines or software platforms have the capability to flag problems and patterns scanning through multimodal data sets and recalibrating as more information is added (Baiwa, Munir, Nori, and Williams, 2021). AI use in healthcare is extensive and provides efficiencies in managing multimodal data and transforming models of care and the health systems’ operational areas in many ways.

Currently, healthcare revenue cycle management (RCM) is using AI systematically to review and reject service claims through built-in algorithmic accountability to ascertain proper denials, particularly as the public views denials as means to enhance revenues. Legislators are considering an Algorithmic Accountability Act that would require health systems to regularly assess their AI tools for proper use as well as for avoidance of harmful biases in decision-making (Becker & Gamble, 2024). This could also have a profound impact on equitable access to quality care.

AI applications in different aspects of healthcare are numerous. An example of recent AI usage was the U.S. Food and Drug Administration’s approval of the Glaukos iDose TR as a new drug application for treating open-angle glaucoma through the Glaukos drug delivery implant for reducing ocular hypertension (Whooley, 2023). This smart device, amid a rising aging population, can have a tremendous impact on health-related quality of life (HR-QoL) for the older population. AI has also been widely used in promoting precision diagnostics and treatment in oncology care, particularly the advances in pathology, genomics and radiology. Built-in algorithms for disease detection, staging, precision treatment, monitoring and prognostic information have contributed to better outcomes and survival rates in oncology care (Farina, Nabhen, Dacorejo, Batalini, and Moraes, 2022). However, with such innovations and interdependencies of different platforms, there is a growing risk of PHI breaches, as discussed next.

Cybersecurity. Cybersecurity is more of a movement since the inception of technology in healthcare, and pressured demands from regulators and the public to protect privacy, confidentiality and patient information within interconnected systems. Recently, a major healthcare system, Change Healthcare, a United Healthcare newly acquired company, has been dealing with a major cybersecurity attack that resulted not only in major financial losses of over two billion dollars, but also triggered a domino effect of delayed care, unprocessed service claims, inability to pay providers and staff among many other adverse effects that crippled the system (Giles, 2024). This cybersecurity breach highlighted health systems’ vulnerabilities because of increased dependency on digital solutions, mobile devices and interdependent connectivity of platforms across different services. These vulnerabilities are further magnified with corporate mergers and acquisitions creating conglomerate systems of care.

Cybercriminals’ attacks on health systems have tremendously increased since 2016. The attacks have gotten bolder, spanning multistate systems, as demonstrated by the Change Healthcare attack. Becker and Gamble (2024) asserted that ransomware prevention and mitigation of such risks require an organized systemic effort by major stakeholders, regulators within the U.S. and globally. Such a solution is a natural path to avert further escalation of cyberattacks and broader risks for patients. A health industry cybersecurity work group, a collaborative with regulators, presents a potential solution to these problems. This Health Sector Coordinating Council (HSCC) Cybersecurity Work Group (CWG) is co-chaired by Health & Human Services (HHS) and HSCC, placing patients and their safety at the heart of their strategic plan while supporting innovations, future trends and shared responsibility across an interdependent healthcare ecosystem (Health Sector Council, 2024). With knowledge of these risks, it is critical for CM to recalibrate and find a current path for contribution to patient safety and advocacy within the new healthcare landscape.


With the advancement of technology targeting care outcomes, care coordination and care transitions, CM adaptation to this technology revolution was inevitable. Looking at the evolutionary time continuum for CM specialty, CM leadership everywhere is following the process of CM assessing, identifying needs or gaps, facilitating, coordinating, planning, monitoring, evaluating and advocating (CMSA, SOPs), to build different partnerships with stakeholders that have synergies with CM services, thus supporting CM metamorphosis and allowing CM that huge leap into future trends of care amid the technology revolution the healthcare sector is experiencing.

It is a time for looking deeply inward as well as outward to the new and projected ecosystem of healthcare so that CM work can move forward. As our patients’ care management includes fitness trackers, home monitors, patient portals with access to their records, visits’ notes, medications, etc., messaging, ChatGPT, and many more interfaces within the cloud; CM work is certainly changing. Focus shift is critical to continue making a difference. For example, the old focus on emergency room boarders can shift to care-giver collaboration instead as care moves into virtual and/or home settings.

Adaptation, or more likely, metamorphosis is not an option any longer but rather a pressing need. Generational mix within the specialty of CM adds urgency for change and adaptation. Older generations of CMs will need to ride the wave of this technology revolution to continue contributing at a level they were used to.


Legislative updates progressively shaped CM work since the start of EHR’s flags or predictive analysis of patients’ complexity and risks. Care plans and the frequency of contact with patients are defined based on patients’ risk stratification. This was clear to CMs in every care setting. However, CM services are facing paradigm shifts within a drastically changing healthcare ecosystem. Technology applications are embedded in everything within healthcare. From the starting point of admission in a care setting or enrollment in a health plan, throughout a person’s journey within the system of care, be it diagnostics or treatment, to end points like claim-processing and billing or a person’s share of cost of care, or care at home options.

Tides are shifting on every front. CMs must make their imprint through engagement in committees, task force groups, technology councils, patient-family advisory groups and every venue of collaborative effort to influence patients’ access to quality care and protection of patients’ privacy. Having a seat at the table will provide a voice for the specialty to carve a niche in future services, and give a voice for the patients, families, caregivers and communities CM serves.

Stefany Almaden, PhD, RN, MSN, CCM, CMCN, CPUM, PAHM, is a Doctor in Health Services with Health Care Management & Policy Specialization and dual master’s in: nursing administration and case management. Dr. Almaden is an established leader in health care who served in executive leadership roles for multiple major health systems. Dr. Almaden is an avid speaker about ethics and organizational accountability to protect resources, cyber-safety & privacy, climate/environment, community health, equitable access to care, and promotion of overall health and well-being for future generations. Dr. Almaden supported software and tech-engineers not only build systems and electronic medical/health records (EMR/EHR) but enhanced capturing the essence of care, communication, management, reporting, and compliance as well. Engaged in the design, beta-testing, and enhancements of systems like EPIC, Meditech, NexGen, Milliman/MCG, Access Express, and many others. Dr. Almaden also serve as associate faculty for over 19 years, is a published author, reviewer/editor, and speaker who has been honored and awarded multiple leadership and influencer awards by various professional organizations and health systems.


Baiwa, J., Munir, U., Nori, A., and Williams, B. (2021). Artificial intelligence in healthcare: Transforming the practice of medicine. Future Healthcare Journal, 8(2), e188—e194. Doi: 10.7861/fhj.2021

Becker, S., and Gamble, M. (2024). 12 key legal issues impacting health systems.

Burde, H. (2024). The HITECH Act: An Overview. AMA Journal of Ethics. Retrieved from

Case Management Society of America (CMSA). (2016). Standards of Practice for Case Management.

Centers for Medicare & Medicaid Services (CMS). (2014). Physical and Mental Health Condition Prevalence and Comorbidity among Fee-for- Service Medicare-Medicaid Enrollees.

Farina, E., Nabhen, J., Dacorejo, M.I., Batalini, F., and Moraes, F. (2022). An overview of artificial intelligence in oncology. Future Science OA, 8(4), 787. Doi: 10.2144/fscoa-2021-0074

Fremgen, B.F. (2016). Medical Law and Ethics. 5th ed. Boston: Pearson Education Inc.

Giles, B. (2024). Never let a crisis go to waste: How Change cyberattack could change healthcare.

Health Sector Council. Healthcare cybersecurity is in critical condition.

Whooley, S. (2023). FDA approves Glaukos iDose TR glaucoma-treating drug delivery implant.

The post Case Management Services: Time to Pivot appeared first on Case Management Society of America.