Cybersecurity Saturday

David Ermer

I am an attorney who practices law in Washington DC. My practice has involved the Federal Employees Health Benefits Program since 1983.

Cybersecurity Saturday

David ErmerCybersecurity

From the cybersecurity policy front —

The Wall Street Journal reports

The Biden administration said it would pursue laws to establish liability for software companies that sell technology that lacks cybersecurity protections, concluding that market forces alone aren’t sufficient to guard consumers and the nation.

Free markets and a reliance on voluntary security frameworks have imposed “inadequate costs” on companies that offer insecure products or services, according to a national cybersecurity strategy released Thursday. It says the administration would work with Congress and the private sector to create liability for software vendors, sketching out in broad terms what such legislation should entail. * * *

In addition to making a forceful call for expanded liability, the plan reiterates several top priorities that have frequently been listed by various senior cybersecurity officials in recent years, such as urging more collaboration and threat-intelligence sharing with the private sector, forging international partnerships to develop cyber norms, and modernizing federal technology. While much of it is consistent with the goals of past administrations, the focus on liability and mandates on critical infrastructure largely depart from President Biden’s predecessors.

The strategy also emphasizes the need for persistent use of offensive cyber capabilities, such as those housed at the U.S. Cyber Command, to disrupt and dismantle cyber threats to the U.S. The strategy’s language effectively endorses steps taken during the Trump administration to allow the military to be more active with offensive cyber weapons. Mr. Biden’s strategy replaces one issued by former President Donald Trump in 2018.

Security experts and former officials said establishing liability for software manufacturers was the most significant—if hardest to achieve—element of the strategy.

Security Week offers insider observations on the new strategy.

Here are links to the White House’s fact sheet and an informative report from Health IT Security.

The document is divided into five pillars, representing key focus areas: defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships to pursue shared goals.

Each pillar has significant implications for critical infrastructure entities, including those in the healthcare sector. Namely, the National Cybersecurity Strategy highlights the need to further prioritize Internet of Things (IoT) device security and to transfer some cyber responsibilities away from software users and onto vendors.

“We must make fundamental changes to the underlying dynamics of the digital ecosystem, shifting the advantage to its defenders and perpetually frustrating the forces that would threaten it,” the document states.

“Our goal is a defensible, resilient digital ecosystem where it is costlier to attack systems than defend them, where sensitive or private information is secure and protected, and where neither incidents nor errors cascade into catastrophic, systemic consequences.”

Cybersecurity Dive discusses the path to implementing this strategy.

From the cyber breaches front, Security Week points out four recent healthcare sector data breaches.

From the cyber vulnerabilities front —

Cybersecurity Dive informs us

  • Nearly one-third of companies lost money following a phishing attack in 2022, Proofpoint research found. 
  • The 76% year-over-year increase in phishing attacks resulting in a wire transfer or invoice fraud reflects threat actors’ resolve to narrow their scope and steal money more quickly, according to Proofpoint’s annual State of the Phish report released Tuesday.
  • “We saw a significant jump in the direct financial loss,” said Sara Pan, team manager of product marketing at Proofpoint. “What that really implies is that we’re seeing attackers being more impatient and really wanting to claim their trophy right after a successful phishing attack.”
  • The Cybersecurity and Infrastructure Agency (CISA) added one more known exploited vulnerability to its catalog.

From the ransomware front —

  • Bank Info Security reports on an FBI report on ransomware attacks against critical infrastructure in 2022.
  • Bank Info Security adds,
    • Based on known ransomware attacks, security researchers say the volume of such attacks seems to have remained constant in recent years. Ransomware incident response firm Coveware and cryptocurrency intelligence firm Chainalysis last month reported that blockchain analysis revealed a notable decline of 40% in the dollar volume of ransom being paid to criminals.
    • Coveware ascribed the decline directly to the FBI, which has “subtly but effectively shifted strategy from pursuing just arrests to putting a focus on helping victims, and imposing costs to the economic levers that make cybercrime so profitable.” Making a particular impact, Coveware says, is FBI agents quickly landing on-site to assist, including by helping senior executives and boards of directors understand their options.
  • The FBI and CISA issued an alert on Royal Ransomware.
    • Today [March 2, 2023], the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Royal Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware variants. FBI investigations identified these TTPs and IOCs as recently as January 2023.
    • Royal ransomware attacks have spread across numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.
    • CISA encourages network defenders to review the CSA and to apply the included mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
  • The Bleeping Computer’s Week in Ransomware is back!

From the cyber defense front —

CISA announced

Today [February 28, 2023], CISA released a Cybersecurity Advisory, CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks. This advisory describes a red team assessment of a large critical infrastructure organization with a mature cyber posture. CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders proactive steps to reduce the threat of similar activity from malicious cyber actors. 
  
As detailed in the advisory, the CISA red team obtained persistent access to the organization’s network, moved laterally across multiple geographically separated sites, and gained access to systems adjacent to the organization’s sensitive business systems. This cybersecurity advisory highlights the importance of early detection and continual monitoring of cyber assets.  
  
CISA encourages critical infrastructure organizations to apply the recommendations in the Mitigations section of this CSA to ensure security processes and procedures are up to date, effective, and enable timely detection and early mitigation of malicious activity.

Cybersecurity Dive observes

  • The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure providers to harden their defenses and enable phishing resistant multifactor authentication, after conducting a red team assessment of a large organization over a three-month period in 2022.
  • During the voluntary assessment, a CISA red team was able to gain access to workstations at separate geographic locations using spearphishing emails. The red team leveraged that access to move laterally around the network, gaining root access to multiple workstations adjacent to specialized servers. 
  • The organization largely failed to detect multiple actions by the red team, including lateral movement, persistence and command and control activity. However, the use of strong service account passwords and MFA prevented the red team from accessing a sensitive business system.

The American Hospital Association adds,

“This highly detailed and technical report is an excellent guide to help implement specific cybersecurity tools that will help detect a cyberattack in the early stages and significantly reduce its spread and impact,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The ‘red team’ or penetration test used a common combination of voice and email social engineering techniques to gain trust of the end users and compromise their credentials, which reaffirms government and AHA cybersecurity guidance that relatively low-cost basics such as establishing phishing-resistant multi-factor authentication are essential to reduce cyber risk. I would strongly encourage hospitals and health systems to explore the possibility of leveraging CISA’s authority and capacity to provide free technical assistance, including red team penetration testing.” 

Also, an ISACA expert explains why “LastPass Hack Highlights Importance of Applicable Acceptable Use Policies.”

Friday Factoids

David ErmerCOVID-19, Federal employment benefits, Rx coverage, U.S. Healthcare
Photo by Sincerely Media on Unsplash

Here are links to the CDC’s Covid Data Tracker and its last weekly interpretative review of those statistics. From now until the interpretative review ends, the interpretative review will be offered every other week, except when that Friday is the beginning of a federal three-day weekend. Good timing for this change because we just started the three-day weekend drought, which ends with Memorial Day.

The summary notes, “At this point in the pandemic, COVID-19 caseshospitalizations, and deaths have been decreasing for several weeks, and much of the country has protection against circulating strains either through vaccination, previous infection, or a combination of both.” Nevertheless, the CDC urges folks to be vaccinated or stay current on vaccinations because the virus can change.

The CDC’s Fluview says, “Seasonal influenza activity remains low nationally.”

From the Rx coverage, Ed Silverman writing in STAT News comments

Now that Eli Lilly slashed the price for some of its insulin products, the moves raised questions about what will happen to other efforts to provide low-cost insulin, Kaiser Health News explains. Civica, a nonprofit, plans to begin selling biosimilar insulin for roughly $30 per vial by 2024 — $5 more than the new price of Lilly’s generic insulin. And the Mark Cuban Cost Plus Drug Co. plans to sell low-cost insulin. But drug pricing experts predict Lilly’s moves will not undercut those efforts. And these other initiatives to bring lower-cost insulin to market, in turn, would put pressure on Lilly to keep its prices down.

The FEHBlog agrees with these comments. Cost curve down.

From the U.S. healthcare business front, Healthcare Dive informs us

  • VillageMD, the clinical network majority owned by Walgreens, has acquired a medical group in Connecticut that operates more than 30 locations across the state.
  • On Friday, VillageMD said it snapped up Starling Physicians, which operates primary care and multi-specialty practices, for an undisclosed sum.
  • The acquisition expands VillageMD to more than 700 medical centers, as Walgreens continues to invest in expanding its clinical footprint.

Tammy Flanagan, writing in Govexec, points out irrevocable benefits decisions, e.g., FEHBP, that a federal or postal employee must make at the time they decide to take a CSRS or FERS retirement

Thursday Miscellany

David ErmerCongress, Medicare, NCQA, Rx coverage, U.S. Healthcare
Photo by Josh Mills on Unsplash

From Capitol Hill, the Wall Street Journal reports that “Sen. Joe Manchin, who has been a crucial vote in shaping major pieces of President Biden’s agenda, urged Democratic colleagues to hold talks with Republicans on cutting federal spending, ahead of a summer deadline to reach a deal on raising the country’s debt ceiling.”

From the public health front —

The Wall Street Journal informs us

A larger share of people are being diagnosed with colorectal cancer at a younger age and at a more dangerous stage of the disease, a report showed. Doctors aren’t sure why.

The American Cancer Society said Wednesday that about 20% of new colorectal cancer diagnoses were in patients under 55 in 2019, compared with 11% in 1995. Some 60% of new colorectal cancers in 2019 were diagnosed at advanced stages, the research and advocacy group said, compared with 52% in the mid-2000s and 57% in 1995, before screening was widespread.   

Cases and death rates for colorectal cancer have continued a decadeslong decline overall thanks to screening, better treatments and reductions in risk factors such as smoking, the ACS report’s authors said. But the shift of the burden toward younger people and diagnoses at more advanced stages has oncologists on alert. 

“The improvements have slowed, and they’ve slowed because of this opposite trend we’re seeing in young people,” said Kimmie Ng, director of the Young-Onset Colorectal Cancer Center at Dana-Farber Cancer Institute in Boston. “More and more are getting diagnosed with cancer that might not be curable.” 

The U.S. Preventive Serves Task Force is routinely reevaluating its 2018 grade A recommendation to screen pregnant women/persons for syphilis.

From the medical device front —

MedTech Dive tells us

  • The number of remote patient monitoring (RPM) reimbursement claims hit a new high in 2022, according to a report by Definitive Healthcare.
  • By November, the volume of claims across the 10 Centers for Medicare & Medicaid Services’ codes for RPM was already 27% above the total for all of 2021, adding to the growth seen since the start of 2019.
  • Cardiologists are the main users of RPM devices, with blood pressure diagnoses accounting for more than half of all claims made in 2021. Diabetes, which accounts for 16% of claims, is the next most active area.

and

Medicare will cover continuous glucose monitors for a broader group of patients, starting in April, according to an updated policy published by the Centers for Medicare and Medicaid Services. 

The policy change included broader language and also came earlier than expected, making it a “welcome surprise,” and could double the market for the devices, J.P. Morgan analyst Robbie Marcus wrote in a research note. * * *

In an earlier draft of coverage guidelines, CMS had suggested covering the devices for people with diabetes who take daily insulin, or who have a history of problematic hypoglycemia. Now, the policy includes people withnon-insulin treated diabetes and a history of recurrent level 2 or at least one level 3 hypoglycemic event.

From the Rx coverage front, the Congressional Research Service issued an “In Focus” report about “Selected Issues in Pharmaceutical Drug Pricing.”

From the healthcare quality front, NCQA posted slides and a recording from its latest Future of HEDIS webinar on February 28.

From the U.S. healthcare business front —

Healthcare Dive relates

  • The Cleveland Clinic reported a $1.2 billion net loss for 2022 as expenses climbed from the prior year. Expenses ticked up in every key category in 2022, including salaries and wages, supplies and pharmaceuticals, Cleveland Clinic’s latest financial report shows.    
  • Cleveland Clinic grew 2022 revenue roughly 5% to $13 billion from the prior year, but didn’t outpace expenses as costs increased nearly 14% to $12.4 billion before interest, depreciation and amortization.    
  • Investment income helped pull the Midwest provider into the red as non-operating losses totaled $1 billion.  

and

Oak Street Health’s losses grew in 2022 to almost $510 million as the value-based primary care company, which is pending an acquisition by CVS Health, continued to aggressively pursue growth.

In comparison, Oak Street, which operates a network of clinics for seniors on Medicare, reported a loss of $415 million in 2021.

The company opened 40 new centers over 2022 and ended the year with 169 facilities in 21 states, serving some 224,000 patients.

STAT News reports

In what may well be the latest fad in hospital consolidation, two not-for-profit health systems located across the country from one another are seeking to link up — this time, to create a system with roughly $11 billion in revenue.

UnityPoint Health and Presbyterian Healthcare Services announced Thursday they’ve inked a letter of intent to explore a merger. Hospital mergers often involve partners in the same region so they can gain leverage with insurers, but in this case, UnityPoint is in the Midwest, whereas all nine of Presbyterian’s hospitals are several states away in New Mexico.  

The deal illustrates not only health systems’ insatiable desire to get bigger in a tough operating environment, but their evolving strategy for doing so. Antitrust regulators have sunk deals involving partners they said would command too much market share in a given region, so hospitals are doing the next-best thing: seeking partners in far-flung states. 

Healthcare Dive adds

  • Walmart plans to expand its network of medical centers in 2024, including a launch into two new states, as retail health giants race to build out their primary care footprints.
  • The company announced Thursday it plans to open 28 new Walmart Health centers in 2024, bringing its number of total locations to more than 75.
  • Walmart Health will open clinics in Missouri and Arizona for the first time, while deepening its presence in Texas by expanding in the Dallas area and growing into Houston, according to the announcement.

Call Letter Released

David ErmerFederal employment benefits, OPM, Rx coverage, U.S. Healthcare
OPM Headquarters a/k/a the Theodore Roosevelt Building

On Tuesday, March 1, OPM issued its call letter for 2024 FEHB Program benefit and rate proposals. The benefit and rate proposal submission deadline is May 31, 2023. For sports fans, the call letter issuance is akin to the beginning of the NFL’s League Year. The only difference is that the FEHB Programs year begins sometime in the first quarter, while the NFL’s League Year begins on March 15.

The next step is for OPM to issue its technical guidance, which allows the carrier to begin drafting its benefit and rate proposal. The technical guidance comes out two or three weeks after the call letter. ,The sooner the better for carriers.

Happily, OPM moved its FEHB carrier conference from late April to late March, which better coincides with the call letter and technical guidance release. The carrier conference was moved from late March to late April in the pandemic years of 2021 and 2022.

The FEHBlog is pleased with the call letter’s substance. OPM called for assisted reproductive coverage across the FE. Asam, and as previously mentioned, OPM provided guidance on implementing the agency’s January 2023 decision to allow carriers to offer Part D EGWPs for 2024. Part D EGWPs allow carriers to integrate their prescription drug benefits with Medicare Part D for Medicare Part A only and Medicare Parts A and B annuitant members. Sweet.

The other big news for today, according to Forbes, is that

Pharmaceutical giant Eli Lilly announced Wednesday that it’s reducing prices of its most commonly prescribed insulin products by 70% and capping out-of-pocket costs for patients to $35 per month. The company has taken heat in recent years over the pricing of the life-saving drug for diabetics and the move follows action by Congress to reduce the cost of insulin for Medicare patients in the Inflation Reduction Act.

Eli Lilly’s website adds

People who rely on insulin to manage diabetes care deserve affordable access, but systemic barriers stand in the way. Through significant investments in research and solutions that offer more affordable options, we’re working to help. 

In 2020, we launched the Lilly Insulin Value Program—allowing anyone eligible to purchase their monthly prescription of Lilly insulin for $35 or less. Now, we’re announcing updates that make accessing $35-a-month Lilly insulin even easier, including:

  • An automatic $35 max out-of-pocket monthly cost for people with commercial insurance at the majority of retail pharmacies 
  • An easy-to-download savings card that provides a $35 max out-of-pocket monthly cost for people who are uninsured or need to use a non-participating retail pharmacy 

Those who need a savings card can visit our Insulin Value Program site, answer two questions, and immediately download it. The only exclusions to this $35 Lilly insulin solution are people enrolled in federal government insurance programs. Federal law provides that Medicare Part D beneficiaries also pay no more than $35 per month for insulin.

Beyond the changes listed above, we’ve also made significant price reductions to our branded and non-branded insulins.

The exclusion for federal government insurance programs stems from the federal health programs anti-kickback act, which does not include the FEHB Program because it is an employer-sponsored program. The Lilly site does not include the FEHB Program in its nonexclusive list of those government insurance programs — “Medicaid, Medicare, Medicare Part D, Medigap, DoD, VA, TRICARE®/CHAMPUS, or any State Patient or Pharmaceutical Assistance Program.” OPM does allow members to receive patient assistance for drug coverage as discussed in the call letters discussion of copay accumulator and maximizer programs.

STAT News offers more details on this development.

In other Rx coverage news —

  • Becker’s Hospital Review discusses a manufacturing issue causing a shortage in the asthma inhaler drug, albuterol.
  • The Institute for Clinical and Economic Research published an “Evidence Report on Lecanemab [Brand Name Leqembi] for Alzheimer’s Disease. ”
    • Currently available evidence is rated as promising but inconclusive to determine whether lecanemab provides a net health benefit over supportive care; the evidence suggests the drug would achieve common thresholds for cost-effectiveness if priced between $8,900 – $21,500 per year —
    • At the March 17 virtual public meeting, ICER’s independent appraisal committee will review the evidence, hear further testimony from stakeholders, and deliberate over the treatment’s comparative clinical effectiveness, other potential benefits, and long-term value for money
  • Eisai charges $26,000 per month for this drug with FDA approval, while its Medicare coverage is limited to clinical trials.

House Republicans have launched an investigation into the companies that manage drug benefits, dialing up the scrutiny of the middlemen who play an important role in how much medicines cost.

The House Oversight and Accountability Committee said Wednesday that it has sent letters to CVS Health Corp.’s CVS Caremark, Cigna Group’s Express Scripts and UnitedHealth Group Inc.’s OptumRx—the largest pharmacy-benefit managers—seeking documents about the drug-price rebates they negotiate and fees they charge.

The committee also said it has sent requests to the Centers for Medicare and Medicaid Services and other federal agencies asking for their contracts with the PBMs.

“Greater transparency in the PBM industry is vital to determine the impact that their tactics are having on patients, the pharmaceutical market and healthcare programs administered by the federal government,” said Rep. James Comer (R-Ky.), who chairs the oversight committee.

The committee is especially interested in how PBMs affect drug costs overall and the prices patients pay at the pharmacy counter and in their health-insurance premiums in particular, according to a committee staffer.

From the artificial intelligence front, Forbes informs us

Every week, Eli Gelfand, chief of general cardiology at Beth Israel Deaconess Medical Center in Boston, wastes a lot of time on letters he doesn’t want to write — all of them to insurers disputing his recommendations. A new drug for a heart failure patient. A CAT scan for a patient with chest pain. A new drug for a patient with stiff heart syndrome. “We’re talking about appeal letters for things that are life-saving,” says Gelfand, who is also an assistant professor at Harvard Medical School.

So when OpenAI’s ChatGPT began making headlines for generally coherent artificial intelligence-generated text, Gelfand saw an opportunity to save some time. He fed the bot some basic information about a diagnosis and the medications he’d prescribed (leaving out the patient’s name) and asked it to write an appeal letter with references to scientific papers.

ChatGPT gave him a viable letter — the first of many. And while the references may sometimes be wrong, Gelfand told Forbes the letters require “minimal editing.” Crucially, they have cut the time he spends writing them down to a minute on average. And they work. * * *

The fax machine isn’t going away anytime soon, says Nate Gross, cofounder and chief strategy officer of Doximity, a San Francisco-based social networking platform used by two million doctors and other healthcare professionals in the U.S. That’s why Doximity’s new workflow tool, DocsGPT, a chatbot that helps doctors write a wide range of letters and certificates, is connected to its online faxing tool.

“Our design thesis is to make it as easy as possible for doctors to interface with the novel digital standards, but also be backwards compatible with all the old stuff that healthcare actually runs on,” says Gross.

Often referred to as a “LinkedIn For Doctors,” Doximity has a $6.3 billion market cap and generates most of its revenue ($344 million in its fiscal year 2022) from pharma companies looking to advertise and health systems looking to hire. But it also offers a range of tools for doctors to help “cut through the scut” – medical slang for reducing administrative burden. The basic versions are generally free with upsells for enterprise integrations, says Gross.

Health plans use form letters too.

Tuesday’s Tidbits

David ErmerCOVID-19 vaccine
Photo by Patrick Fore on Unsplash

From our Nation’s capital, the Wall Street Journal reports

President Biden said Tuesday he would nominate Julie Su, the No. 2 official at the Labor Department, to lead the agency, maintaining continuity within a department that played a prominent role in averting a rail strike last year.

Ms. Su, the current deputy secretary, was widely seen as the leading candidate to succeed departing Secretary Marty Walsh. Asian-American lawmakers and advocacy groups threw their support behind her, lobbying Mr. Biden to tap his first Asian-American cabinet secretary. Ms. Su, age 54, is Chinese-American.

The nomination now heads over to the Senate for its approval. The Secretary of Labor, the HHS Secretary, and the Treasury Secretary / IRS form the agencies responsible for the overseeing the Affordable Care Act.

From the Food and Drug Administration (FDA) front —

Endpoint News informs us

Pfizer and BioNTech are seeking full [FDA marketing] approval for their Omicron-targeted bivalent Covid shot, and they’re following an FDA advisory committee’s advice on “harmonizing” vaccine compositions.

The partners have filed a supplemental BLA for their Omicron BA.4/BA.5-adapted bivalent Covid-19 vaccine as both a primary dose or a booster for patients over the age of 12. That means unvaccinated children and adults could skip the original primary series and receive a bivalent shot first.

The move is in response to an FDA Vaccines and Related Biological Products Advisory Committee (VRBPAC) vote last month, intended to clear up confusion around varying primary and booster dose formulations and utilize vaccines that better target currently circulating strains of Covid.

MedPage Today relates

In two somewhat close votes, an FDA panel of outside experts recommended the agency approve Pfizer’s respiratory syncytial virus (RSV) vaccine for older adults, despite concerns over the potential risk for Guillain Barré syndrome.

By a tally of 7-4 for safety and efficacy (with one abstention in each case), the Vaccines and Related Biological Products Advisory Committee (VRBPAC) said the evidence favors the RSV prefusion F protein vaccine (RSVPreF) — which carries a proposed trade name of Abrysvo — for reducing RSV-related lower respiratory tract infections in adults 60 and up.

However, VRBPAC members showed reservations ranging from the largely health study population, rather than the more vulnerable group of older adults who need the vaccine most, to the limited number of events for the main outcomes.

The Wall Street Journal reports

Federal regulators approved a drug to treat a debilitating disease using data collected about patients over decades, creating an opening for researchers of other rare conditions who often struggle to prove their treatments work.

The Food and Drug Administration on Tuesday approved Reata Pharmaceuticals Inc.’s drug Skyclarys, or omaveloxolone, for treating the neurological disorder Friedreich’s ataxia in adults and adolescents age 16 and older.

The FDA last year said results from a single clinical trial didn’t sufficiently demonstrate the drug slows the progression of a disease that causes progressive damage to the spinal cord, muscle weakness, and movement problems and often kills people by age 35Instead of running another trial, Reata submitted additional data including an analysis from a so-called natural history study that has continued to collect information about patients for more than two decades.

“Data created by patient communities can be regulatory grade,” said Annie Kennedy, chief of policy, advocacy and patient engagement at the EveryLife Foundation for Rare Diseases, a nonprofit advocacy group. “This approval is proof of that principle.”

MedPage Today adds

The FDA issued an import alert Tuesday to clamp down on the illegal importation of xylazine, an animal tranquilizer showing up more and more in illicit drugs.

“This action aims to prevent the drug from entering the U.S. market for illicit purposes, while maintaining availability for its legitimate uses in animals,” the agency said in a press release.

Veterinarians legitimately use drug products containing xylazine to sedate large animals such as horses and deer, but it is not safe for use in people and may cause serious and life-threatening side effects, the FDA noted. However, “it has been identified as a contaminant found in combination with opioids such as illicit fentanyl, and in combination with other illicit products that contain stimulants such as methamphetamine and cocaine. People who use illicit drugs may not be aware of the presence of xylazine.”

From the U.S. healthcare front —

The American Health Association points out

Hospitals continue to experience the same challenges that made 2022 the worst financial year since the start of the COVID-19 pandemic, including higher labor expenses and lower patient volumes, according to the latest report on hospital finances from Kaufman Hall. Hospital operating margins fell from -0.7% in December 2022 to -1% in January 2023, following persistent negative margins throughout last year. Notably, drug expenses have increased 12% compared to YTD 2020. 

“While we have seen a stabilization in operating margins over the past several months, the trendline continues to show that hospitals will be in a tough spot financially for the foreseeable future,” said Erik Swanson, senior vice president of data and analytics for Kaufman Hall. “With future COVID surges possible and challenging financial months ahead for hospitals, managing cash on hand will be critical to weathering the storm.”

The Wall Street Journal explains how doctors are diagnosing patients with artificial intelligence.

From the mental health care front —

  • The Kaiser Family Foundation provides good news about the rapidly growing use of the 988 National Suicide Prevention and Crisis Hotline. “Since the launch of 988, Lifeline has received over 2.1 million contacts—consisting of over 1.43 million calls, over 416,000 chats, and more than 281,000 texts.” But, of course, the KKF study also notes some problems.
  • MedCity News tells us about a newly formed collaboration consisting of Bicycle Health, Wellpath and the Federal Bureau of Prisons that will provide virtual opioid use disorder services to those living in the Bureau’s residential reentry centers in 42 states.
  • STAT New discusses the downfall of Mindstrong, a mental health care tech / app company.
  • The Washington Post offers an intriguing look at how the human brain ages.

Monday Roundup

David ErmerCMS, COVID-19, Mental health care, Rx coverage, Telehealth, U.S. Healthcare
Photo by Sven Read on Unsplash

From the end of the public health emergency front –

CMS issued a comprehensive fact sheet titled “CMS Waivers, Flexibilities, and the Transition Forward from the COVID-19 Public Health Emergency.” Notwithstanding the title, the fact sheet includes sections on how the end of the PHE impacts

Private Health Insurance

Vaccines: Most forms of private health insurance must continue to cover COVID-19 vaccines furnished by an in-network health care provider without cost sharing. People with private health insurance may need to pay part of the cost if an out-of-network provider vaccinates them.

Testing: After the expected end of the PHE on May 11, 2023, mandatory coverage for over-the- counter and laboratory-based COVID-19 PCR and antigen tests will end, though coverage will vary depending on the health plan. If private insurance chooses to cover these items or services, there may be cost sharing, prior authorization, or other forms of medical management may be required.

Treatments: The transition forward from the PHE will not change how treatments are covered, and in cases where cost sharing and deductibles apply now, they will continue to apply.

Private Health Insurance and Telehealth

As is currently the case during the PHE, coverage for telehealth and other remote care services will vary by private insurance plan after the end of the PHE. When covered, private insurance may impose cost-sharing, prior authorization, or other forms of medical management on telehealth and other remote care services.

For additional information on your insurer’s approach to telehealth, contact your insurer’s customer service number located on the back of your insurance card.

Fierce Healthcare reports

Telehealth providers and advocates are balking at proposed telemedicine rules released by the Drug Enforcement Administration (DEA) late Friday. If made permanent, the rules would be a marked change from the suspension of the  Ryan Haight Online Pharmacy Consumer Protection Act, which propelled a telepsychiatry boom during the COVID-19 pandemic.

Under the proposed rule released by the DEA, developed in concert with the U.S. Department of Health and Human Services (HHS) and in coordination with the U.S. Department of Veterans Affairs, some medications would require an in-person doctor’s visit. Controlled substances including stimulants like Adderall and opioids such as oxycodone and buprenorphine used to treat opioid use disorder (OUD) would require at least one in-person visit.

The DEA created a 30 day public comment period for this proposed rule.

From the U.S. healthcare business front, STAT News tells us about this surprising twist

On Friday, the Food and Drug Administration issued an emergency authorization for the first at-home test that can detect flu and Covid-19 — but for the test’s maker, Lucira, the long-anticipated authorization may have taken too long. The company filed for bankruptcy on Feb. 22, directly blaming the “protracted” FDA authorization process for the over-the-counter combination test for its financial troubles. * * *

The company’s lawyers indicated in the bankruptcy hearing that Lucira was not able to find anyone willing to buy the company prior to the Chapter 11 filing. With the only authorized at-home flu test on the American market, it’s an open question whether the company’s continued operations will allow the company to survive or will entice another party to buy Lucira.

The FEHBlog’s guess is that drug manufacturers will be lined up at the bankruptcy courthouse door to place a bid on the company if allowed.

BioPharma Dive informs us

  • “Cancer drug developer Seagen is in early talks to be acquired by Pfizer, according to The Wall Street Journal, which cited people familiar with the situation. A deal still may not be reached, the Journal said.
  • “Last summer, the Journal reported Seagen, a Washington-based company currently worth more than $30 billion, was considering selling to Merck & Co. for upwards of $40 billion. But as Bloomberg would later report, the deal stalled out because of disagreements over price. Since then, Seagen has brought on a new CEO, the longtime Novartis executive David Epstein, who played an integral role in ramping up the Swiss pharmaceutical giant’s cancer drug division.
  • “Should Pfizer acquire Seagen, it would gain access to a slate of experimental medicines as well as four marketed products that, together, generated $2 billion in revenue last year. Pfizer recorded $100 billion in product revenue in 2022, but estimates sales from its COVID-19 vaccine and Paxlovid therapy will fall significantly in the coming months. It also expects to lose around $17 billion in annual revenue between 2025 and 2030 due to the expiration of key patents.”

From the Rx coverage front —

  • The Wall Street Journal fills us in on the side effects of the new semaglutide weight loss drugs. For example, “Semaglutide spurs weight loss by stimulating the release of insulin and lowering blood sugar. It also delays stomach emptying, which causes people to feel full quickly and stay sated for longer stretches. When a patient comes off the drug, their normal appetite returns. * * * “People who stopped taking semaglutide gained back, on average, two-thirds of the weight they lost within a year, according to a study published in August 2022 in the journal Diabetes, Obesity, and Metabolism.”
  • The Journal also reports that “Amyloid Gains Converts in Debate Over Alzheimer’s Treatments; Dispute has far-reaching consequences, including whether Medicare will pay for new anti-amyloid drugs [e.g., Aduhelm and Leqembi].” Nevertheless, “Dr. [David] Knopman [,a Mayo Clinic neurologist,] said that Leqembi’s success is only a partial vindication of the amyloid hypothesis, which in the minds of many doctors promised to stop Alzheimer’s in its tracks or even reverse certain symptoms.” 

From the mental health care front, David Leonhardt, the New York Times Morning columnist, “examines the raging debate about smartphones and teenage mental health.”

I called Lisa Damour last week and asked what advice she would give to parents. Damour is a psychologist who has written two best-selling books about girls and just published a new book, “The Emotional Lives of Teenagers.” She is no anti-technology zealot. She thinks social media can have benefits for teenagers, including connections with peers. But she also sees reason for concern.

Her first piece of advice is not to blame teenagers. They didn’t invent smartphones, and earlier generations would have used those phones in the same ways that today’s teens are.

Her second piece of advice might be summarized as: less. She believes teenagers should rarely have their phones in their bedrooms, especially not at night. A phone is too disruptive to sleep, and sleep is too important to mental health.

Parents can also introduce digital technology in stages, recognizing that a 13-year-old brain is different from a 17-year-old brain. For younger teens, Damour suggests a phone that can send and receive texts but does not have social media apps.

From the miscellany department –

  • Beckers Hospital Review provides details on the business model of One Medical, which became part of Amazon last week.
    • The company employs primary care providers across more than 125 clinics in 19 markets, according to its website. One Medical then partners with local hosptials and health systems to provide specialty care.
    • One Medical offers a subscription-based membership — for $199 a year (though Amazon is now offering a promotion for $144 annually) — that gives patients access to its digital health platform, with 24-7 access to virtual care and online appointment booking and prescription renewals. The company still bills those patients’ insurance for the visits.
  • Govexec reports “The federal employees appeals board is setting new precedents restricting when agencies can fire employees who were injured on the job, issuing new rulings on cases that languished for years while the agency was rendered partially incapacitated.”
  • The Wall Street Journal tells us “The White House said there is no consensus within the Biden administration over the origins of the Covid-19 virus, a day after the disclosure of an Energy Department assessment that the pandemic likely originated with a leak from a Chinese lab.” 

Weekend update

David ErmerCongress, COVID-19, Electronic health records, FDA, SDOH
Photo by JOSHUA COLEMAN on Unsplash

The Senate and the House of Representatives will be in session this week for Committee business and floor voting.

As we close out Black History Month, let’s join the Trust for American Health in celebrating notable African American in public health.

From the Covid front, the Wall Street Journal reports

The U.S. Energy Department has concluded that the Covid pandemic most likely arose from a laboratory leak, according to a classified intelligence report recently provided to the White House and key members of Congress.

The shift by the Energy Department, which previously was undecided on how the virus emerged, is noted in an update to a 2021 document by Director of National Intelligence Avril Haines’s office.

The new report highlights how different parts of the intelligence community have arrived at disparate judgments about the pandemic’s origin. The Energy Department now joins the Federal Bureau of Investigation in saying the virus likely spread via a mishap at a Chinese laboratory. Four other agencies, along with a national intelligence panel, still judge that it was likely the result of a natural transmission, and two are undecided.

From the miscellany department —

  • Fortune Well provides us with insights on how to manage a life-threatening diagnosis.
  • Health Payer Intelligence tells us what payers can expect to find in the proposed CMS electronic prior authorization rule. The public comment deadline on the rule is March 13, 2023

Cybersecurity Saturday

David ErmerCybersecurity, Uncategorized

From the cybersecurity policy front —

Cyberscoop reportsPort

A forthcoming White House cybersecurity strategy document aims to force large companies to shoulder greater responsibility for designing secure products and to redesign digital ecosystems to be more secure, Camille Stewart Gloster, the deputy national cyber director for technology and ecosystem security, said at a CyberScoop event Thursday. 

By “shifting the burden back from the smaller players” and toward larger players “that can build in security by design” the strategy aims to deliver broad security gains, Stewart Gloster said. The strategy documents also looks at how to “rearchitect our digital ecosystem” so “that we are creating future resilience,” she said. 

According to an early draft of the document obtained by Slate — which White House officials have emphasized is not a final document — the strategy includes a wide range of mandatory regulations on American critical infrastructure companies to improve security and authorizes law enforcement and intelligence agencies to take a more aggressive approach to hack into foreign networks to prevent attacks or retaliate after they have occurred. 

The strategy document is expected to broadly abandon the mostly voluntary approach that has defined U.S. policy in recent years in favor of more comprehensive regulation.

PortSwigger delves into the National Institute of Standards and Technology (NIST) plans for “significant changes to its Cybersecurity Framework (CSF) – the first in five years, and the biggest reform yet” as first noted here last week.

From the cyber vulnerabilities front —

The Cybersecurity and Infrastructure Security Agency (CISA) offers this alert

CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia’s 2022 invasion of Ukraine. CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat.

Security Week adds the perspective of “Several cybersecurity companies’ reports [that published] in the past week summarizing what they have seen in cyberspace since the start of the war.”

Cybersecurity Dive reports

  • “Phishing remained the top initial access vector for security incidents last year with more than 2 in 5 of all incidents involving phishing as the pathway to compromise, IBM research found.
  • “Three in 5 of all phishing attacks were conducted through attachments last year, according to IBM Security X-Force’s annual threat intelligence report released Wednesday. Phishing via links accounted for one-third of all phishing attacks. 
  • “One-quarter of attacks involved the exploitation of public-facing applications and 16% abused valid accounts for access. Just 1 in 10 involved external remote services.”

and

  • “Threat actors are shifting tactics and embracing new tools to run more efficient and impactful operations.
  • “Attackers are now often looking to build an economy of scale,” Wendi Whitmore, SVP of Unit 42 at Palo Alto Networks said Wednesday during a keynote at the company’s annual user summit.
  • “Instead of using one attack vector against one company, threat actors are targeting an entire supply chain.
  • “Likewise, instead of encrypting data, then decrypting it on the back end, ransomware groups can just steal the information and threaten to release it publicly if their ransom demand isn’t met.”

CISA added three more known exploited vulnerabilities to its catalog on February 21. It’s worth noting that CISA refreshed its website. As a result, CISA’s known exploited vulnerabilities reports now identifies the additions rather than require the reader to click over to the catalog. Bravo.

From the ransomware front, the Bleeping Computer provides no Week in Ransomware this week, but it does inform us about “A threat actor [that] has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains.”

HHS’s healthcare sector cybersecurity coordination center (HC3) released the following alert

Russia-linked ransomware group Clop reportedly took responsibility for a mass attack on more than 130 organizations, including those in the healthcare industry, using a zero-day vulnerability in secure file transfer software GoAnywhere MFT. Cybersecurity & Infrastructure Security Agency (CISA) added the GoAnywhere flaw (CVE-2023-0669) to its public catalog of Known Exploited Vulnerabilities. This Sector Alert follows previous HC3 Analyst Notes on Clop (CLOP Poses Ongoing Risk to HPH Organizations and CLOP Ransomware) and provides an update on its recent attack, potential new tactics, techniques and procedures (TTPs), and recommendations to detect and protect against ransomware attacks.

The American Hospital Association adds

“The Russia-linked Clop ‘ransomware-as-a-service’ gang has been targeting health care since 2019, evolving its tactics to effectively combine ransomware and data theft in novel ways,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Last month HC3 reported that Clop was infecting files disguised to look like medical documents, submitting them to providers and requesting a medical appointment. The objective is to deceive the recipient into clicking on the malicious document and infecting the organization with highly disruptive ransomware. Health care organizations should immediately apply the security patches recommended in these alerts and review the scope, security and necessity of secure file transfer systems.”

For more from the AHA click here, and Health IT Security discusses this Alert here.

To mitigate risk, HC3 urged organizations to patch the GoAnywhere MFT vulnerability where applicable. HC3 also encouraged healthcare organizations to “acknowledge the ubiquitous threat of cyberwar against them” and focus on educating staff and assessing enterprise risk against all potential vulnerabilities.

“Prioritizing security by maintaining awareness of the threat landscape, assessing their situation, and providing staff with tools and resources necessary to prevent a cyberattack remains the best way forward for healthcare organizations,” HC3 concluded.

HC3 posted an Analyst Note about MedusaLocker ransomware yesterday.

Ransomware variants used to target the healthcare sector, from relatively well-known cyber threat groups, continue to be a source of concern and attention. (See HC3 reports on Royal Ransomware and Clop Ransomware). Likewise, the threat from lesser known but potent ransomware variants, such as the MedusaLocker, should also be a source of concern and attention by healthcare security decision makers and defenders.

The Wall Street Journal sums it up with encouraging news

Extortion payments from ransomware, a hacking scourge that has crippled hospitals, schools and public infrastructure, fell significantly last year, according to federal officials, cybersecurity analysts and blockchain firms.

After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware. With ransomware, hackers lock up a victim’s computer network, encrypting hard drives until victims pay.

Alphabet Inc.’s Mandiant cybersecurity group said it had responded to fewer ransomware intrusions in 2022—a 15% decrease from 2021. CrowdStrike Holdings Inc., another U.S. cybersecurity firm, said it saw a drop in average ransom-demand amounts, from $5.7 million in 2021 to $4.1 million in 2022, a decline the company attributed to disruption of major ransomware gangs, including arrests, and a decline in crypto values. Ransomware payments are generally made using cryptocurrency.

The blockchain-analytics firm Chainalysis Inc. says that payments that it tracked to ransomware groups dropped by 40% last year, totaling $457 million. That is $309 million less than 2021’s tally.

“It reflects, I think, the pivot that we have made to a posture where we’re on our front foot,” Deputy Attorney General Lisa Monaco said in an interview. “We’re focusing on making sure we’re doing everything to prevent the attacks in the first place.”

Friday Factoids

David ErmerCDC, COVID-19, Electronic health records, FDA, Mental health care, No Surprises Act, Rx coverage, U.S. Healthcare
Photo by Sincerely Media on Unsplash

Errata — In Thursday’s post, the FEHBlog’s item on the CDC action concerning Alzheimer’s Drug coverage in Medicare should say that the CDC was NOT changing its position that such coverage is limited to clinical trials.

From the No Surprises Act front, U.S. District Judge Jeremy Kernodle modified the NSA’s independent dispute resolution (IDR) arbitration rule on February 6 so it does not skew in favor of the statutory qualifying payment amount. The FEHBlog personally marked up the relevant portion of the IDR rule to show the edits. The FEHBlog, who represents health plans, does not find the edits earthshaking.

The NSA regulators sensibly told the NSA arbitration community to stop issuing arbitration awards while considering the next steps. This afternoon, the American Hospital Association tells us that an interim step was announced.

Effective Feb. 27, certified independent dispute resolution entities will resume issuing payment determinations for payment disputes involving out-of-network services and items furnished before Oct. 25, 2022, the Centers for Medicare & Medicaid Services announced. CMS has posted guidance for certified IDRs issuing payment determinations for items and services furnished before Oct. 25, 2022.
 
“The standards governing a certified IDR entity’s consideration of information when making payment determinations in these disputes are provided in the October 2021 interim final rules, as revised by the [February 2022] opinions and orders of the U.S. District Court for the Eastern District of Texas ” CMS said. [This refers to the FEHBlog’s edited portion of the IDR rule without the Judge’s Feburary 6, 2023 edits.]
 
The agency said IDRs will hold issuance of payment determinations for items or services furnished on or after Oct. 25, 2022 until the departments of Health and Human Services, Labor,The and the Treasury issue further guidance.
 

There you go.

From the public health front, the CDC’s Covid Data Tracker new cases, hospitalizations, and deaths continue their downward trend, while the CDC’s weekly interpretative review of its Covid data notes that “As of February 23, 2023, there are 67 (2.1%) counties, districts, or territories with a high COVID-19 Community Level, 655 (20.3%) with a medium Community Level, and 2,498 (77.6%) with a low Community Level [of the disease].

Sign of the times — the CDC Weekly Review is moving to a bi-weekly schedule.

The CDC’s FluView, which will shut down at the traditional end of the flu season, reports, “Seasonal flu activity is low nationally.”

Meanwhile, the Food and Drug Administration announced issuing

an emergency use authorization (EUA) for the first over-the-counter (OTC) at-home diagnostic test that can differentiate and detect influenza A and B, commonly known as the flu, and SARS-CoV-2, the virus that causes COVID-19. The Lucira COVID-19 & Flu Home Test is a single-use at-home test kit that provides results from self-collected nasal swab samples in roughly 30 minutes. 

In other public health news

  • Healio informs us
    • People with many low-risk sleep factors had reduced all-cause, CV and cancer mortality risk vs. those with one or no low-risk sleep factors, according to data slated for presentation at the American College of Cardiology Scientific Session.
    • “We saw a clear dose-response relationship, so the more beneficial factors someone has in terms of having higher quality of sleep, they also have a stepwise lowering of all cause and cardiovascular mortality,” Frank Qian, MD, an internal medicine resident physician at Beth Israel Deaconess Medical Center and a clinical fellow in medicine at Harvard Medical School, said in a press release. “These findings emphasize that just getting enough hours of sleep isn’t sufficient. You really have to have restful sleep and not have much trouble falling and staying asleep.”
  • The Washington Post reports
    • One in five Americans will experience major depressive disorder in their lifetime, and many will not find relief from current therapies. But now researchers have identified an unexpected source of the problem: inflammation.
    • Inflammation in the body may be triggering or exacerbating depression in the brains of some patients. And clinical trial data suggests that targeting and treating the inflammation may be a way to provide more-precise care.
    • The findings have the potential to revolutionize medical care for depression, an often intractable illness that doesn’t always respond to conventional drug treatments. While current drug treatments target certain neurotransmitters, the new research suggests that in some patients, depressive behaviors may be fueled by the inflammatory process.
  • The Powerline Blog shares eye-catching charts on the U.S. population’s gray wave.

From the wearables front —

  • mHealth Intelligence relates
    • In 2023, about 40 percent of U.S. adults are using healthcare-related applications, and 35 percent are using wearable healthcare devices, a new survey shows.
    • Released by Morning Consult, the survey polled 2,201 adults between Jan. 23 and Jan. 25. The results were compared to a previous Morning Consult poll conducted in December 2018 among 2,201 adults.
    • The 2023 survey shows gains in health app and wearables use. While health app use jumped 6 percentage points from 2018, wearables use increased by 8 percentage points.
    • Health app and wearables use varied across age groups, according to the survey. Forty-seven percent and 40 percent of respondents aged 18 to 34 used health apps and wearables, respectively, compared to 30 percent and 25 percent of adults over 65.
    • Of those who said they used health apps and wearables, most use them daily.
  • Bloomberg adds that “Apple Makes Major Progress on No-Prick Blood Glucose Tracking for Its Watch.” Completion of the moonshot project remains “years away.”

From the miscellany department

  • Beckers Hospital Review relies on the Harvard Business Review to identify “four measures needed to create shoppable healthcare beyond price transparency.”

Strap Yourself In

David ErmerFDA, Federal employment benefits, Medicare, No Surprises Act, Rx coverage, Telehealth, U.S. Healthcare
Photo by Josh Mills on Unsplash

In the 1980s and 1990s, the Washington Post had a television critic named John Carmody who would warn readers at the beginning of his column to “strap yourselves into your breakfast nook” when he had big news. So strap yourselves in, and here goes. (The photo to the right is a rough approximation of a breakfast nook, a concept which has fallen out of style evidently.

Over the next 18 to 24 months, according to the Wall Street Journal, Humana will withdraw from the employer health benefits market to focus on the government health programs market.

Humana, which currently offers many FEHB HMO plans, placed the FEHB Program in the “bye-bye” employer health benefits market even though the employer is the federal government. The FEHBlog, and Congress for that matter, prefer to view the FEHB Program as part of the employer market.

In short, Humana could have justified staying in FEHB but chose not to do so. The decision is worth pondering, particularly if you have a long-term perspective.

In other U.S. healthcare business news —

  • Healthcare Dive reports on earnings announcements from telehealth vendors Teladoc and Amwell.
    • In related telehealth news, Forbes informs us about a “new survey out from Rock Health.”
      • “While 80% of respondents said they had used telemedicine, there were only two categories where a majority of people preferred telemedicine over in-person care: prescription refills and minor illnesses. More than 60% of people surveyed preferred in-person visits for mental health and chronic condition care, while more than 70% wanted an in-person annual wellness visit. The starkest divide was on physical therapy: 80% of people preferred in-person visits, while only 20% preferred telemedicine.”
  • Biopharma Dive reports on Moderna’s earnings announcement.
    • In other vaccine news, CNN tells us
      • “The independent vaccine advisers to the US Centers for Disease Control and Prevention voted unanimously Wednesday in favor of the two-dose Jynneos mpox vaccine for adults at risk of catching the disease during an outbreak.”
      • “If the CDC agrees with the committee’s recommendation, there will be a recommendation in place to give the vaccine to people who are at risk for mpox during future outbreaks.”
      • “Even as mpox cases continue to fall, the CDC is encouraging people who are at risk to get vaccinated.”

From the preventive services front —

  • The U.S. Preventive Services Task Force issued for public comment a draft research plan regarding preventive interventions for perinatal depression. The public comment deadline is March 22, 2023.
  • The Mercer consulting firm offers useful observations on how employers and health plans can optimize their investments in preventive care.

From the Rx coverage front, Beckers Hospital Review tells us that the Centers for Medicare and Medicaid Services will not change its Medicare coverage policy on Aduhelm, an Alzheimer’s Disease treatment, based on the recent FDA approval of Leqembi.

CMS said in April 2022 that it would limit Aduhelm coverage to clinical trials only, which partly blocked the drugmaker’s efforts to sell the drug it once deemed a blockbuster. Leqembi will be subject to the same coverage plan. 

“We recognize that these medications are a unique, new class of drugs, and we regret that the decision could not be more favorable,” CMS said in a Feb. 22 statement. “After careful review of the request and supporting documentation, we are making this decision because, as of the date of this letter, there is not yet evidence meeting the criteria for reconsideration.”

If “any new evidence” becomes available or an amyloid-targeting Alzheimer’s drug receives traditional approval, CMS said it may reconsider its coverage decision.  

As readers know, CMS’s Medicare coverage decision on these drugs effectively controls the market for these drugs.

From the miscellany department

  • Affordable Care Act FAQ 57 was issued yesterday. This FAQ concerns implementation guidance for the No Surprise Act’s anti-gag clause provision.
  • FedSmith identifies five milestones toward federal retirement.
  • Kaiser Family Foundation has created federal and state litigation trackers regarding reproductive rights.