BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI

WORK INTEGRATED LEARNING PROGRAMMES (WILP)

COURSE NAME IT INFRASTRUCTURE PROJECTS & PROCESS

COURSE CODE CSIWZG511
FACULTY NAME PRAVEEN KAMATH
GROUP ID H
IT INFRASTRUCTURE An insurance TPA
(Third party-administrator)
PROCESS Stage 4: Service Operations

SNO BITS ID NAME

1 2019WA86217 ANJITHA N
2 2019WA86232 DEENAN P
3 2019WA86466 HARINEE AANAAND
4 2019WA86370 MADDU LAKSHMI SAI KEERTHANA
5 2019WA86234 NARENDRAN NAREN
6 2019WA86953 PAUL VIAY THANGADURAI
7 2019WA86226 RONGALI PRIYANKA
8 2019WA86169 SHALVI TRIVEDI
9 2019WA86150 UPPARI ARUNA
 CONTENTS

1) Intro to TPA for Health Insurance

2) Why is there a need for Third Party Administrators

3) Revenue model of Third-Party Administrators

4) Challenges galore

5) Example of the Third-Party Administrators in India

6) What is the role of TPA in Health Insurance

7) Basic FAQs regarding TPA

8) IT incident with regards to TPA for Health Insurance

9) Problem Management with regards to TPA for Health Insurance

10) Event Management with regards to TPA for Health Insurance

11) Access Management with regards to TPA for Health Insurance

12) Service Request Fulfilment with regards to TPA for Health Insurance

13) Conclusion
 THIRD PARTY ADMINISTRATORS FOR
HEALTH INSURANCE
TPA or Third Party Administrator (TPA) is a company/agency/organization holding
license from Insurance Regulatory Development Authority (IRDA) to process claims -
corporate and retail policies in addition to providing cashless facilities as an
outsourcing entity of an insurance company.

TPAs function as an intermediary between the insurance provider and the insured. The
stakeholders involved are as follows:

 Insurance companies
 Healthcare providers
 Policyholders

Introduced by the IRDA in 2001, TPAs handle various pertinent aspects of insurance
as listed below:

 Processing of claims and settlement

 Utilization review
 Provider network
 Enrolment
 Premium collection
 Cashless processing (if and when a policyholder is admitted to a listed hospital
of an insurance provider, the latter pays the bill)
 Value added services such as the following:
o Ambulance services
o Specialised consultation
o Availability of beds
o 24-hour toll-free helplines
o Lifestyle management
o Wellbeing programmes
o Medicine supplies
o Health facilities
 Database maintenance

According to experts, providing cashless hospitalization of the insured should be the

primary service offered by TPAs. It is important to note that some insurance companies
have a separate department which performs the functions of TPA instead of
outsourcing it to another entity.

Why is there a need for Third Party Administrators?

According to industry observers, TPAs can bring in the following changes:

 Greater efficiency/quality (delivery of services)

 Improved standardisation (procedures and due diligence)
 Increase knowledge base of healthcare services
 New management system
 Greater penetration of health insurance
 Minimize costs/expenditure
 Develop protocols to streamline investigation and avoid unnecessary delays
 Pave way for lower insurance premiums

Challenges galore:

According to experts, there are several impediments to the effective functioning of

TPAs. Some of the problem areas in the health insurance sector in the country
adversely affecting TPA-related services are listed below:
  Information asymmetry
 Weak networking
 Inordinate delay in the issuance of identity cards to the insured
 Lack of strong standardisation procedures in terms of billing
 Under-reporting across hospitals
 Nexus between corporate hospitals and insurance companies (i.e., low claim
ratio for individual insurance and high claim ratio for corporate insurance)
 Low awareness about TPAs amongst general public/policyholders. According to
reports, many policyholders are unaware of the extra premium charged by
insurance companies for TPA services. Likewise, pertinent information related
to cashless hospitalization and exclusions listed in insurance policies is not
examined by many policyholders.
 Policyholders' dependence on insurance agents rather than TPAs. In many
cases, policyholders do not see TPAs as distinct entities vis-a-vis their insurance
agents and intriguingly place more faith in the latter.
 Most hospitals have no substantial evidence to prove that TPAs increased their
patient turnover
 Experts point out that TPAs need to invest in developing human capital to
improve their delivery of services and rein in costs.
 Inadequate knowledge about the provisions and benefits of TPAs amongst
policyholders
 look for well-trained TPAs to effectively deal with the operational inadequacies
in the system. Poorly developed and half-baked protocols and systems instil
little confidence amongst stakeholders. TPAs should have several in-house
experts such as legal experts, IT professionals, doctors, management consultants
and hospital managers among others given that claims management and
settlement requires bargaining power and negotiation skills, i.e., combination of
technical and management skills
 Hospitals which already have robust delivery mechanisms in place are more
likely to pave way for hassle-free claims settlement and other related services
offered by TPAs.
 While the primary purpose of outsourcing claims settlement is to minimise the
claim period, claims processing, in several cases, is riddled with delays.
 The insured do not have adequate knowledge about empanelled hospitals for
cashless services
 Many hospitals also report additional expenditure incurred by them in terms of
smooth coordination with TPAs for efficient delivery of services to the
policyholders

Example of the Third Party Administrators in India:

Medi Assist India TPA Pvt. Ltd || United Healthcare Parekh TPA Pvt. Ltd || Meditek
(TPA) Services Ltd

What is the role of TPA in Health Insurance

The role of TPA in health insurance can be understood by the following points:

1. Link between insurance company and policyholder: In most of the hospitaliation

claim cases, the policyholder directly or indirectly meets the TPA. The TPA
provides the policyholder with Unique Identification Number and ID card which
aids in claim settlement.
2. Record maintenance: TPA helps in maintaining crucial records related to
policyholders when they are admitted as patients.
3. Claim settlement: TPA ensures smooth co-ordination between the hospital and
insurance company during cashless claim settlement. The back-end support is
offered by TPA in such cases.
4. Full-time support: Most of the TPAs have a 24x7 customer support system
where the policyholders can raise their queries and get feedback.
 5. Additional services: Most of the TPA also provide additional services like extra
beds, ambulances, medical supplies, etc. to policyholders.

Basic FAQs regarding TPA

1. Who hires the TPA - The TPA is hired by the health insurance providing
company to aid in claim settlement process.
2. What is the difference between a TPA and a health insurance company -
The TPA acts as a link between the policyholder and insurance company, and
helps in smooth claim settlement process.
3. Is TPA mandatory in insurance - No, the TPA is not mandatory in insurance
and the insurer has the right to discontinue TPA service.
4. Does the policyholder have to pay money to TPA - No, the policyholder does
not have to pay money to TPA.
IT INCIDENT MANAGEMENT WITH REGARDS
- TPA FOR HEALTH INSURANCE
IT INCIDENT:

An IT incident is any disruption to the health insurance organization's IT services that

affects anything from a single user or the entire business. In short, an incident is
anything that interrupts business continuity.
IT INCIDENT MANAGEMENT:

Incident management is the process of managing IT service disruptions and restoring

services within agreed service level agreements (SLAs). The scope of incident
management starts with an end user reporting an issue and ends with a service desk
team member resolving that issue.

THE STAGES IN INCIDENT MANAGEMENT:

 With proper incident management in place, collecting information about

incidents is streamlined and less chaotic without having emails fly back and
forth for the purpose.

 Service desk teams can publish forms in user self-service portal to ensure that
all relevant information is collected right at the time of ticket creation.

 The next stage in incident management is incident categorization and

prioritization.

 This not only helps sort incoming tickets but also ensures that the tickets are
routed to the technicians, most qualified to work on the issue.

 Incident categorization also helps the service desk system apply the most
appropriate SLAs to incidents and communicate those priorities to end users.

 Once an incident is categorized and prioritized, technicians can diagnose the

incident and provide the end user with a resolution.

 Incident management process when enabled with the relevant automations

allows service desk teams to keep an eye on SLA compliance, and sends
notifications to technicians when they are approaching an SLA violation;
technicians also have the option to escalate SLA violations by configuring
automated escalations , as applicable to the incident.

 After diagnosing the issue, the technician offers the end user a resolution, which
the end user can validate.
HOW TO CLASSIFY IT INCIDENTS:

Incidents in an IT environment can be categorized in several different ways such as:

 Some factors that influence incident categorization include the urgency of the
incident and the severity of its impact on users or the business in general.

 Classifying and categorizing IT incidents helps identify and route incidents to

the right technician, saving time and effort. For example, incidents can be
classified as major or minor incidents based on their impact on the business and
their urgency.

 Typically, major incidents are the ones that affect business-critical services, thus
affecting the entire organization, and need immediate resolutions.

 Minor incidents usually impact a single user or a department, and might have a
documented resolution in place already.

WHO USES IT INCIDENT MANAGEMENT:

Incident management practices are widely used by the IT service desk teams. Service
desks are usually the single point of contact for end users to report issues to IT
management teams.

The incident management process can be summarized as follows:

 Step 1: Incident logging.
 Step 2: Incident categorization.
 Step 3: Incident prioritization.
 Step 4: Incident assignment.
 Step 5: Task creation and management.
 Step 6: SLA management and escalation.
 Step 7: Incident resolution.
 Step 8: Incident closure.
INCIDENT MANAGEMENT ROLES AND RESPONSIBILITIES

To execute the Incident Management process efficiently, it is important to have well-

defined roles and responsibilities which includes the following:

1. FIRST-LEVEL SERVICE DESK SUPPORT

Here, first desk techs are the point of contact with the users who want to raise an
incident ticket. They can log incoming requests, assign tickets to second-level
support technicians, analyze and resolve incidents if possible, or escalate an
unresolved incident.

2. SECOND-LEVEL SUPPORT TECHNICIANS

Second-level support technicians are equipped with advanced knowledge of Incident

Management and can resolve incidents that the first-level service desk technicians
were unable to do. They can also interact with users and third-party experts to help
resolve the incident quickly.
3. INCIDENT MANAGER

The Incident Manager plays an important role in the process of Incident

Management and keeps it running and updated continually by monitoring its
processes, recommending changes, and ensuring that the process of Incident
Management is followed properly.

MERITS OF HAVING INCIDENT MANAGEMENT:

 Keep track of all the reported IT incidents in a central repository,

 Categorize and classify incidents automatically based on urgency, priority, and
department,
 Link the respective SLAs with the incident tickets,
 Assign tickets to second-level support technicians,
 Help identify resolutions and workarounds,
 Document resolutions in knowledge scripts,
 Provide live reports based on help desk reports to handle incidents better at the
user-end.
DEMERITS OF NOT HAVING INCIDENT MANAGEMENT:

Incident management covers every aspect of an incident across its life cycle. It speeds
up the resolution process and makes ticket management transparent. Without incident
management, handling tickets can be a hassle. Some of the key problems that can arise
include:
 Lack of transparency on ticket status and expected timelines for end users.
 No proper record of past incidents.
 Inability to document solutions for repeat or familiar issues.
 Higher risk of business outages, particularly with major incidents.
 Stretched resolution times
 Lack of reporting abilities.
 Decreased customer satisfaction

BEST PRACTICES OF INCIDENT MANAGEMENT:

 Offer multiple modes for ticket creation including through an email, phone call,
or a self-service portal.
 Publish business-facing, custom IT incident forms for effective information
gathering.
 Automatically categorize and prioritize IT incidents based on ticket criteria.
 Associate SLAs with IT incidents based on ticket parameters like priority.
 If all technicians, are of the same skill levels, auto-assign tickets to technicians
based on algorithms like load balancing and round robin.
 Associate IT asset data, IT problems, and IT changes with IT incident tickets.
 Ensure that incidents are closed only after providing a proper resolution by
confirming with end user and applying the appropriate closure codes.
 Configure a custom end-user communication process for every step in an IT
incident life cycle
 Create, and maintain a knowledge base with appropriate solutions
 Provide role-based access to end users and technicians based on the complexity
of the solutions.
 Handle major incidents by creating unique workflows.
 PROBLEM MANAGEMENT WITH REGARDS -
TPA FOR HEALTH INSURANCE
WHAT IS PROBLEM MANAGEMENT?
Problem Management is the process to identify, prioritize, and systematically
resolve these underlying issues. It provides the end-to-end management of problems
from identification to elimination.

THE PURPOSE OF PROBLEM MANAGEMENT:

 The purpose of this document is to describe the key activities that are required
to execute the
 Technology Transformation (TT) Problem Management process and related
controls to ensure the
 process generates the expected outputs, based on established accountability and
responsibility.

SCOPES OF PROBLEM MANAGEMENT:

WHAT ARE IN SCOPE FOR PROBLEM MANAGEMENT?

 Problems related to services provided by Technology Transformation (TT)

where the supporting
 Configuration Items (CI’s) have been on boarded into the TT Configuration
Management Database (CMDB)

WHAT ARE NOT IN SCOPE aka OUT OF SCOPE FOR PROBLEM

MANAGEMENT?
 Problems related to services /CI’s that have not been on boarded onto the TT
Configuration, Management Database (CMDB).

OBJECTIVE OF PROBLEM MANAGEMENT:

 The objective of the Problem Management process is to reduce the likelihood

and impact of incidents by identifying actual and potential causes of incidents,
managing workarounds, and known errors.
 Based on how the problem investigation relates to incidents, problem
management is classified either as proactive or reactive as below:

PROACTIVE PROBLEM MANAGEMENT:

Proactive problem management helps to prevent incidents from occurring the first
time.
REACTIVE PROBLEM MANAGEMENT:

Reactive problem management helps to prevent incidents from recurring and may help
to resolve open incidents.
Through proactive and preventative actions aimed at addressing root causes of
incidents, resultant service availability and performance is improved and service
reliability is increased.
INPUTS FOR PROBLEM MANAGEMENT:

1. Problem investigation triggered from Incident Management

2. Problem investigation triggered from failed changes
3. Problem investigation triggered from repeat events
4. Problem investigation triggered from Release & Deployment Management
5. Problem investigation triggered from Service requests Historical service
performance data (including but not limited to Incident and Event trend
analysis, customer satisfaction feedback and availability reports)

OUTPUTS FROM PROBLEM MANAGEMENT:

1. Root Cause Analysis (RCA) and/or completed Corrective & Preventative

Actions (CAPA).
2. Known Error.

BENEFITS OF PROBLEM MANAGEMENT:

The main benefits of problem management are improved service quality and
reliability. As incidents are resolved, information about their resolution is captured.
This information is used to identify and quickly resolve similar incidents in the future,
and then to identify and fix the root cause of those incidents.

 Preventing service Disruptions.

 Maintaining service levels.
 Meeting service availability requirements.
 Increasing staff efficiency and Productivity.
 Improving user satisfaction.

PROCESS FLOW OF A PROBLEM MANAGEMENT:

 EVENT MANAGEMENT WITH REGARDS
- TPA FOR HEALTH INSURANCE
WHAT IS EVENT MANAGEMENT?
Event management is monitoring the events that occur through changes and
improvements in IT infrastructure. Doing this lets normal operations continue while
also detecting 'exception conditions' or 'exceptional events'.

THE SCOPE AND BENEFITS OF EVENT MANAGEMENT:

 Event management can be applied to any aspect of service management that
needs to be controlled and which can be automated — from networks, servers,
and applications all the way to environmental conditions like fire and smoke
detection and security and intrusion detection.
 Since event management can be applied to just about every aspect of service
management in your IT organization, the benefits are widespread. In general,
effective event management practices can:

 Provide a strong foundation to automate key components of your IT

operation
 Improve detection and response times to incidents, changes, exceptions, etc.
 Reduce downtime as a result of the above

THE KEY ACTIVITIES OF EVENT MANAGEMENT:

During the design phase of your IT services, you should define which types of events
need to be generated, and how they will be generated, for each type of configuration
item (CI) involved in delivering the service. The typical event lifecycle is:

EVENT OCCURRENCE:
Events occur 24 x 7 x 365. In ITIL Event Management, the key is defining the types of
events that are significant to your operation and ensuring you have a system in place to
detect them.

EVENT NOTIFICATION:
Notifications are typically sent by monitoring tools or CIs (configuration items). At
this stage, these are simply notifications that an event has happened — and have
typically not yet been interpreted or correlated to understand the meaning or impact.

EVENT DETECTION:
In this step, a monitoring system, automated agent, or systems management solution
receives the notification and determines the meaning of the event.

EVENT LOGGED:
A record of the event is made, along with any subsequent actions taken. This may be
done by your systems management solution, or by the individual applications / services
/ hardware that triggered the event.
EVENT FILTERING AND CORRELATION:
Can the event be ignored, or does it need to be passed on to the events management
system? Often, information events are ignored. Warnings and exceptions often require
additional action, though. So the first step of this process — called first-level
correlation and filtering — is simply filtering which events should be ignored versus
passed on to the event management system.In the second level of correlation, a
correlation engine uses predefined business rules to determine the significance of
warning and exception events, and decide the appropriate next steps.

EVENT RESPONSE / FURTHER ACTION:

Remember, all events (and responses) should be logged. In addition, based on the event
type and severity, the correlation engine may determine it is appropriate to escalate the
event to a team or individual, or in the case of more severe warnings and exceptions,
even automatically create an incident, problem, or change.

CLOSING THE EVENT:

If an event results in an incident, problem, or change being created, event closure
should be handled through those respective processes. They can be “closed” in the
event management system by ensuring the event is properly logged as well as the
subsequent action taken, and including a link to the corresponding incident, problem,
or change request.Like most other ITIL process, event management doesn’t live in a
bubble. While event management primarily interfaces with incident, problem, and
change management (for dealing with exceptions), it also interfaces with:
Capacity and availability management for understanding the significance of events,
thresholds, etc.
Asset Management for managing the status of assets
Configuration Management, for managing the status of CIs.

DIFFERENT TYPES OF EVENTS BY THE DEFINITION ITIL:

1. Information. These events typically don’t require a response of any type,

since they are basic status updates, or data generated to aid with reporting,
etc. Logs and reports are great examples.

2. Warning. Warnings are indicators of activity that outside the norm — like
a threshold being approached. Like a hurricane or tornado warning, a
warning means that you should monitor conditions to make sure they do not
worsen — or take action to prevent them from worsening when appropriate.
An example of this type of event would be server capacity reaching 75%, or
a standard transaction taking 15% longer to complete than normal.
3. Exception. Exception events are indicators that something is wrong. The
services (and business they support) may be negatively impacted. A
network or server being down (as opposed to just approaching capacity) is
an example of an exception.
EVENT MANAGEMENT FLOW CHART
 ACCESS MANAGEMENT WITH REGARDS
- TPA FOR HEALTH INSURANCE
IDENTITY AND ACCESS MANAGEMENT (IAM)

Access management makes sure people are granted access to the right resources and
nothing more. Because even verified users can pose a threat to an enterprise,
customerand corporate data need to be protected. For example, you don't want third-
party contractors to have the same access and privileges as senior management. In
addition to protecting access to data, IAM solutions can also allow you to set
different levels of privileges, so some users can view information while others can
edit it.

Cloud identity and access management (cloud IAM) is a flexible solution

that allows you to authenticate users wherever they are, at any time, and secure access
to resources across cloud, SaaS, on-prem and APIs. IAM solutions are available for
customers, employees and partners, and can be integrated to provide a complete
solution for insurers while increasing your speed, agility and efficiency.
 HOW CIAM CAN ASSIST INSURANCE COMPANIES:

ACCESS MANAGEMENT:

Create and manage secure IDs for your prospective consumers for easy, frictionless
access to insuranceinformation across all platforms and touchpoints.

• With single sign-on and multi-factor authentication, you can simplify and secure
access to digital assets.

• With extensive preferences and consent management solutions, you can improve
consumer connections.

• Use real-time consumer profile information to provide customized user experience

SECURE CONSUMER DATA:

With complete authentication, access management, and data governance capabilities, you
can safeguard your company's reputation. Reliable CIAM software follows the industry's
best security and privacy best practices.

•Multi-factor authentication demands an extra layer of security for additional

safeguard.

• Rigorous data analysis and scoped permissions, such as role-based and

attribute-based access control(RBAC/ABAC), can help reduce risk.

• The consumer care portal's features can streamline user provisioning, consumer
service, and consumer support.

BENEFITS OF CIAM

• Automated user lifecycle management based on reliable identity sources.

• Accurate management of user rights performed by operational staff.

• Monitor compliance with the security policy regarding the target applications.

• Toxic combinations eradicated, reducing risks.

• Enhanced security with reinforced password policies and identity governance.

• Web access and single sign-on to enforce the access security and increase user
productivity.

• Reduced helpdesk costs with self-service password reset.

• Improved user experience with non-intrusive technology.

• Reporting capabilities for administrators, internal audit, and regulatory

compliance
SERVICE REQUEST FULFILMENT REGARDS -
TPA FOR HEALTH INSURANCE
WHAT IS SERVICE REQUEST?

• Users raise a variety of IT requests every day. It might be a request for new
software, the replacement of old hardware, access to applications, or a change
in the component of an asset.

• A Service Request is raised when the user needs something new or replaced.

• The simple way to distinguish service requests from incidents is to understand

that service requests are requests that the user can choose from a service
catalog, such as a request for a password reset or for a new employee's
onboarding

Example - Service Request is when a user wants to upgrade software to a higher

version. This type of service request is low risk, so it does not need multiple approvals
and the technician can take their time to fulfill the request.

SERVICE REQUEST STATUS:

SERVICE REQUEST WORKFLOW:

WHY SERVICE REQUEST IS REQUIRED:

CONCLUSION:

The objective of ITIL Service Operation is to make sure that IT services are delivered
effectively and efficiently. The Service Operation lifecycle stage includes the fulfilling of
user requests, resolving service failures, fixing problems, as well as carrying out routine
operational tasks. Hence we should have ITIL Service Operation for all our services