PHOENIX—Accountable care organizations are a top priority for health care risk managers and the insurance industry as risks and exposures emerge.

ACOs, introduced as part of the Patient Protection and Affordable Care Act of 2010, are a network of health care providers that will be accountable for the overall care of Medicare beneficiaries beginning January 2012.

Individual physicians, physician groups, health care systems and health care insurers can form an ACO, and there are financial incentives for ACOs to improve quality and reduce costs by allowing participants to share in any savings achieved as a result of these efforts.

Through various sessions at the American Society of Healthcare Risk Management's Annual Conference and Exhibition in Phoenix, panelists identified and detailed various concerns for risk managers surrounding ACOs.

The hiring of self-employed physicians by hospital groups has increased since the passing of PPACA and is one of the biggest concerns facing hospital risk managers, said panelist Kirsten Faria, senior vp and health care product line manager at Allied World Assurance Co. Holdings A.G. in Pembroke, Bermuda.

According to the Medical Group Management Assn., more physicians are joining hospitals and health care systems rather than going into private practice, Ms. Faria said during the session “RX for Emerging Risks: Insurance Solutions.” Exposures for physicians have increased 45% in the past year, compared with an 8% increase in institutional exposures, she said.

Physicians are joining hospitals for various reasons, Ms. Faria said. These include wanting the structure of formal employment and seeing their private-practice income being squeezed by Medicare reimbursement rate cuts. And under an ACO, doctors and hospitals receive bonuses for meeting the criteria of improving patient health and reducing costs.

But as hospitals increase their efforts to hire more physicians to bolster their referral base to capture admissions and market share, recent news headlines highlight the risks from the behaviors of rogue physicians, panelists at the ASHRM conference said.

A rogue physician is described as a vicious and solitary doctor operating outside the normal controls of a health care organization, said panelist Linda E. Jones, managing director of the health care practice at consulting firm Riggs, Counselman, Michaels & Downes in Baltimore, during a session.

Some common behaviors of a potential rogue doctor include disruptiveness, patient complaints, sexual misconduct and billing fraud, among others, Ms. Jones said.

Exacerbating the problem is a high level of tolerance for disruptive or inappropriate conduct from hospital clinicians, said Susan D. McDonald, director of risk management at Peninsula Regional Medical Center in Salisbury, Md., during the session “Dealing with Rogue Physicians.”

“There's been a long standard of tolerance in health care” where “nurses have been making excuses for the doctors,” Ms. McDonald said.

Insurance coverages to deal with problematic physicians are available, but health care organizations may be declined coverage under their polices for various reasons, such as whether the physician is employed with the hospital or is a contractor, Ms. Jones said.

These coverages include directors and officers liability insurance, professional liability, crime, and electronic discovery coverages.

“It's important to work with the carrier” and notify them as soon as an investigation from the U.S. Department of Health and Human Services' Office of Inspector General is launched, Ms. Jones said.

PPACA also has made electronic medical records a requirement, and organizations looking to join an ACO must have an EMR system in place, panelists said.

“It can be painful moving to EMRs,” said Joseph P. Sullivan, senior vp and head of health care products for Zurich North America Commercial in Schaumburg, Ill., during the session “RX for Emerging Risks: Insurance Solutions.”

According to the Healthcare Information and Management Systems Society's Analytics 2011 database, the EMR adoption rate is 46.3%, he said.

While EMRs can be beneficial for health care organizations, “it is a different way of working,” Mr. Sullivan said.

But there are systemic risks associated with EMRs, such as false reliance on the system, extremely disruptive inaugurations and systems that may not “talk” to each other, among others, Mr. Sullivan said.

“Like any system, they're bound to fail,” he said, so hospital risk management needs a plan or backup procedure to lessen any damage.

Mr. Sullivan suggests health care organizations purchase data security and privacy coverage to address data breach liabilities, which can be significant.

As health care organizations prepare to join ACOs, the risk management considerations are familiar, “they're just going to be in a different context,” Deana E. Allen, senior vp of the national health care practice for Willis North America in Atlanta, said during the session “Protecting Your HCO: Know Your ACOs Risks and Impacts.”

Risk retention and risk transfer decisions may be more complex because ownership and operational structures may be more intricate, as ACOs can be solely owned or have multiple owners, Ms. Allen said.

Also, Ms. Allen suggested that health care risk managers quickly involve themselves in potential discussions regarding their hospitals' plans to join an ACO.

The Centers for Medicare & Medicaid Services require ACOs to employ a chief medical officer and a compliance officer, but CMS does not mandate that risk management be involved in the process.

CMS “missed the boat” by not bringing risk management to the table, Ms. Allen said.