Explain the pros and cons of four provider payment methods: (a) fee-for-service; (b) capitation; (c) global capitation; and (d) bundled payment. • Based upon your review on the above payment methods, what is your recommendation for the mainstream of provider payment(s)? Be sure to include a detailed account of the benefits and risks

Answer:

Explanation for the four provider payment methods are as follows:

1. Fee-for-service:

Fee-for-service (FFS) is a payment model where services are unbundled and paid for separately. In health care, it gives an incentive for physicians to provide more treatments because payment is dependent on the quantity of care, rather than quality of care.

2. capitation

the payment of a fee or grant to a doctor, school, etc., the amount of which is determined by the number of patients, pupils, or customers that are served.

3. global capitation

Global Capitation is a payment arrangement for health care service providers such as physicians or nurse practitioners. It pays a physician or group of physicians a set amount for each enrolled person assigned to them, per period of time, whether or not that person seeks care.

TPPs and GAs should implement and regularly review a formal security policy for payment account access services.
1.1 KC The security policy should be properly documented and regularly reviewed (in line with KC 2.4) and approved by senior management. It should define security objectives and the risk appetite.
1.2 KC The security policy should define roles and responsibilities, including the risk management function with a direct reporting line to board level, and the reporting lines for the payment account access services provided, including management of sensitive payment data with regard to the risk assessment, control and mitigation.
1.1 BP The security policy could be laid down in a dedicated document.

TPPs and GAs should carry out and document thorough risk assessments with regard to the security of payment account access services, both prior to establishing the service(s) and regularly thereafter.
2.1 KC TPPs and GAs should carry out and document detailed risk assessments for payment account access services. These assessments should also include potential risks to the account-servicing PSP from the performance of payment account access services that may result from the TPP’s own organisation, procedures and systems. The assessment should consider e.g. risk concentrations as well as possible threats to the confidentiality, integrity, authenticity and availability of the account-servicing PSP’s data/systems.
2.2 KC TPPs and GAs should consider the results of the ongoing monitoring of security threats relating to the payment account access services they offer or plan to offer, taking into account: (i) the technology solutions used by them; (ii) services outsourced to external providers; and (iii) the customers’ technical environment. TPPs and GAs should consider the risks associated with the chosen technology platforms, application architecture, programming techniques and routines on their side,
5 the side of the account-servicing PSP and the side of their customers,6 as well as the results of the security incident monitoring process (see Recommendation 3).
2.3 KC On this basis, TPPs and GAs should determine whether and to what extent changes may be necessary to the existing security measures, the technologies used and the procedures or services offered. TPPs and GAs should take into account the time required to implement the changes (including customer roll-out) and take the appropriate interim measures to minimise security incidents and fraud, as well as potential disruptive effects.
2.4 KC The assessment of risks should address the need to protect and secure sensitive payment data.
2.5 KC TPPs and GAs should undertake a review of the risk scenarios and existing security measures after major incidents affecting their services, before a major change to the infrastructure or procedures and when new threats are identified through risk monitoring activities. In addition, a general review of the risk assessment should be carried out at least once a year. The results of the risk assessments and reviews should be submitted to senior management for approval.
Recommendation 3: Incident monitoring and reporting
TPPs, GAs and account-servicing PSPs should ensure the consistent and integrated monitoring, handling and follow-up of security incidents, including security-related customer complaints. TPPs and GAs should establish a procedure for reporting such incidents to management, to concerned account-servicing PSPs and, in the event of major security incidents,7 to the competent authorities.
3.1 KC TPPs and GAs should have a process in place to monitor, handle and follow up on security incidents and security-related customer complaints and report such incidents to the management.