Midweek update

The FEHBlog nearly launched out of his breakfast nook yesterday when he read in the Wall Street Journal that the government has changed the computer protection password rules in NIST Special Publication 800-63-3, issued June 22.  Of course, we are all familiar with the existing requirements — 8-20 characters, at least one capital letter, one number, one special character and revise it frequently. Under the new rules,

Long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S.

Academics who have studied passwords say using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers. 

In a widely circulated piece, cartoonist Randall Munroe calculated it would take 550 years to crack the password “correct horse battery staple,” all written as one word. The password Tr0ub4dor&3—a typical example of a password using Mr. Burr’s old rules—could be cracked in three days, according to Mr. Munroe’s calculations, which have been verified by computer-security specialists.

Live and learn.

The International Foundation of Employee Benefit Plans reports that the IRS has posted for public comments draft Forms 1095B and C that are used to report employee compliance with the individual mandate and employer compliance with  the employer mandate on employers with 50 full time employees or more.  The FEHBlog thought that we would be done with this by now.

The National Business Group on Health yesterday released its annual survey of large employers on health care costs.  Those employers are expecting a 5% bump in costs in 2018.  The FEHBlog notice the following tidbit in the press release:

Telehealth utilization surging:  Virtually all employers (96%) will make telehealth services available in states where it is allowed next year. More than half (56%) plan to offer telehealth for behavioral health services, more than double the percentage this year. Telehealth utilization is on the rise, with nearly 20% of employers experiencing employee utilization rates of 8% or higher.

Employee utilization still seems low.

Med City News informs us that U.S. News and World Report has issued its annual hospital survey.   “Unsurprisingly, this year’s Honor Roll is practically a recycling of last year’s major players.”

Beckers Hospital Review informs us about a Protenus survey of health care data breaches. Here are few tidbits from that survey:

  • The two most common causes of breaches were hacking (53 percent) and insider wrongdoing or error (41 percent).
  • Eighty percent of data breaches in the first and second quarters were reported by healthcare providers, as opposed to health plans (11 percent) or third-party vendors (6 percent).
  • It took organizations an average of 325.6 days to discover a breach.
Employee Benefit News offers some useful advice on how to explain health savings accounts to employees. 

Finally, Highmark, a Pennsylvania based Blue Cross licensee, announced today that

Centerbridge Partners, L.P. (Centerbridge) and HVHC Inc. (HVHC), a wholly-owned subsidiary of Highmark Inc. (Highmark), today announced that they reached a definitive agreement, whereby Centerbridge will purchase Davis Vision, Inc. (Davis Vision), HVHC’s managed vision care subsidiary. As part of the agreement, Davis Vision will be combined with Centerbridge’s existing managed vision care portfolio company, Superior Vision, and Highmark will acquire a minority ownership interest in the combined Davis Vision-Superior Vision company.
In a separate transaction, Centerbridge will acquire a minority equity stake in Visionworks, HVHC’s optical retail subsidiary. Highmark will retain a controlling ownership interest in Visionworks.
The transactions are expected to close in the fourth quarter of 2017, subject to regulatory approval.