Late week update

Yesterday, the Centers for Medicare and Medicaid Services released their report on U.S. healthcare expenditures in 2014. Cost curve up.

Stars and Stripes reports on a Congressional hearing about TRICARE which provides health benefits to military family members and retirees. The report caught the FEHBlog’s eye because a blue ribbon panel had recommended replacing TRICARE with a program similar to the FEHBP.  The article indicates that Congress is more likely to seek to fix and not scrap TRICARE. Attention appears to be focusing on “a blended system that would direct more [TRICARE] beneficiaries to base hospitals, rely more on clinics in places with smaller military populations, and offer guard and reserve troops insurance plans like ones offered to federal workers.

Healthcare Data Management reports on findings stemming from a mock cyberattack involving twelve insurers conducted this past summer.

Identification and response gaps by the health plans during the attacks were revealing. Some of the plans, Gelinne said, did not even know who had authority to order taking down the claims processing system during the attack. That’s one reason it is important to establish formal integrated cyber response plans across the organization, he added. “It truly is a team sport.”
Other findings included: 

* As the attack unfolded, HITRUST shared intelligence with the plans, but participants—who were to share information such as threat indicators among themselves and with HITRUST—were reluctant to do so. That aligns with a recent HITRUST survey that found 85 percent of organizations use their own threat indicators but only five percent share the data.

* Participants were uncertain about how to quantify losses and submit insurance claims, and what to expect after reporting an attack. “Each insurer is likely to have distinct processes,” according to information from HITRUST. “Incident response plans should include information on how to engage insurers.”

* Only two of the 12 health plans referenced their organization’s incident response plan while responding to the attack. “While the pace of a live situation may make strict adherence to documented plans impractical, having ready access to key information and adhering to roles and responsibilities defined in the plan can improve efficiency,” according to HITRUST.

* Organizations need to bring in law enforcement at the appropriate time; several health plans engaged police before evidence of a crime had been established. “Law enforcement can aid in compiling and preserving evidence, but acting too soon may distract efforts from aspects of the investigation and recovery process,” HITRUST cautioned.

A valuable drill.


Leave a Reply

Your email address will not be published.