Weekend update

Congress returns to Washington this week to address the Medicare Part B payment fix issue and the Ukraine according to the Hill’s Floor Action blog. The Floor Action blog recaps the FEHBlog’s expectation:

Earlier this month, House Republicans tried to permanently kill the SGR formula in a bill that would also delay the individual mandate under ObamaCare for five years. The House passed that bill with 12 Democrats, but it’s seen as a dead letter in the Senate, and the Obama administration has threatened to veto it.  That means Congress has little choice but to agree on some short-term patch once again this week. The House seems likely to pass it by the middle of the week, and the Senate is likely to follow through soon afterwards.

The FEHBlog being an old guy reads two newspapers everyday. He reads the Wall Street Journal for international and national news and the Washington Post for federal employee news, local news, and local sports. (Also the New York Times on Sunday for old time sake.) The FEHBlog also gets a charge out of reading the Washington Post’s massive reports on the front page of the Sunday paper. Today’s deep dives concerned GWU’s admissions process and OPM’s retirement claim processing service located in a limestone mine in Boyers, PA (rented as it turns out by the Iron Mountain document storage company) — the “Sinkhole of Bureaucracy.”  The Post shellaced OPM for continuing to process retirement claims on paper. But as the article as points out, the root problem is a hideously complex retirement systems (two systems actually). The Post notes the the State of Texas can process a state employee retirement claim in two days. Congress should consider modelling the federal system on Texas if it wants to solve this problem instead pushing OPM to pound a square peg into a round hole.

The FEHBlog did his own deeper dive on the AvMed breach of privacy class action settlement that he discussed in the most recent mid-week update. The class action stems from the theft of two AvMed laptops containing unencrypted protected health information. A National Law Review article reviewed the terms of the settlement as follows:

Under the agreement’s terms, AvMed will establish a $3 million fund to pay the following:
1.Class members whose personal information was actually on the stolen laptops, but who have not suffered identity theft, can receive $10 for each year they paid AvMed for health insurance coverage before the December 2009 incident, up to a maximum recovery of $30. This relief is intended to compensate class members for that portion of their premiums that plaintiffs contend AvMed should have devoted to adequate data protection protocols and procedures.  This group comprises the “Premium Overpayment Settlement Class.”
2.Those class members who actually suffered identity theft will be reimbursed for the amount of any proven monetary loss that is shown by that member to have occurred “more likely than not” as a result of the December 2009 breach. Members of this class may also claim under the Premium Overpayment Settlement Class.  The parties have allocated $250,000 to cover identity theft claims by this sub-class.
3.An incentive award of $10,000 to be split evenly among the two class representatives (for their efforts in serving as class representatives).
4.Attorneys’ fees and costs for the plaintiffs’ class attorneys, in the amount of $750,000.
5.The costs of sending notices to the settlement classes as well as all costs of settlement administration.

Emphasis added. The settlement thus does include a small per capita  payment to everyone affected by the breach to reimburse them for a portion of their premiums that should have been spent on protecting the informaiton. This Premium Overpayment Settlement Class” is eligible to receive tiny slivers of about two thirds of the settlement fund. Clearly the class action plaintiff attorneys were interested in establishing a precedent for this type of relief.  (This aspect of the settlement also allowed those attorneys to beef up the attorneys fee recovery tranche of the settlement fund.) The legal pendulum is swinging in a troubling direction for entities that hold protected health information. Take cover — e.g, purchase adequate cyber liability insurance, keep your risk assessment up to date, and encrypt protected health information held on a mobile device.

Finally, the FEHBlog also is looking forward to attending the big OPM AHIP FEHBP carrier conference later this week.