Monday Roundup

David Ermer

I am an attorney who practices law in Washington DC. My practice has involved the Federal Employees Health Benefits Program since 1983.

Monday Roundup

David ErmerCOVID-19, COVID-19 vaccine, FDA, OPM, Rx coverage, SCOTUS, SDOH, Telehealth, U.S. Healthcare
Photo by Sven Read on Unsplash

From the Omicron and siblings front, the Wall Street Journal reports

Most people would get one Covid-19 shot annually—as they do with the flu shot—under Food and Drug Administration proposals for simplifying the nation’s Covid-19 vaccine procedures.

The drug regulator also proposed that people getting vaccinated for the first time receive vaccines that target both Omicron and the original strain of the coronavirus. 

The proposals, outlined in materials the FDA released Monday, would mark the biggest changes to Covid-19 vaccinations since boosters rolled out and are a sign of the nation’s shift to a more endemic-like approach to the coronavirus.

Vaccine experts who advise the FDA are scheduled to meet Thursday to discuss the proposals. The advisers are scheduled to vote on whether to give the bivalent shot as the initial inoculation, as is already allowed in Europe.

Makes sense to the FEHBlog.

From the OPM front, the House Oversight and Reform Committee Chairman James Comer (R-Ky.) has sent OPM Director Kiran Ahuja a letter demanding documents and a staff briefing on the recent GAO report criticizing OPM’s internal controls over family member eligibility in the FEHBP. Here’s a little free advice for my favorite agency. Rather than coming up with your own solutions, adopt solutions that have been proven to work in the private sector — the HIPAA 820 standard enrollment transaction which ties premium payments to enrollees and dependent eligibility verification audits based on statistical sampling.

From the U.S. healthcare business front —

Fierce Healthcare informs us

Elevance Health has inked a deal to acquire Blue Cross and Blue Shield of Louisiana, with the Pelican State insurer joining the Anthem Blue Cross affiliated plans.

The acquisition builds on an existing partnership between the two insurers, according to the announcement. The two jointly own Healthy Blue, a plan that serves Medicaid and dual-eligible beneficiaries. 

The combination will also allow BCBSLA to accelerate its push toward improved access, affordability and quality for its 1.9 million members, thanks to the capabilities of Elevance Health’s Carelon subsidiary, the companies said. More than $4 billion has been invested in Carelon over the past several years, building out its behavioral health, complex and chronic care programs and digital health models.

and

CVS Health has named two key leaders for its pharmacy and consumer products business, including a returning face to the company, according to a report from Bloomberg.

David Joyner, a former executive at the company, will make a return as the leader of its pharmacy services segment, which includes the Caremark pharmacy benefit manager, people familiar with the matter told the outlet. Joyner left CVS three years ago and will succeed Alan Lotvin, M.D., who is set to retire.

In addition, former Express Scripts President Amy Bricker will join the company as the chief product officer for the consumer segment, which centers on developing new products for CVS’ consumer health brands, Bloomberg reported.

Fierce Healthcare points out a twist in the second story.

That Bricker had departed Express Scripts, a subsidiary of Cigna, was revealed last week when the PBM announced it had named a new president, veteran supply chain leader Adam Kautzner. What was next for Bricker, however, was conspicuously absent from the announcement.

The FEHBlog often counsels clients on Family and Medical Leave Act issues. He had no idea until today that the Labor Department offers helpful information to healthcare provider and employees on this law. For example,

This background information can fill knowledge gaps for employers too.

From the Rx coverage front —

  • The Washington Post reports on the reaction to “the American Academy of Pediatrics guidelines, based on decades of scientific research, call[ing] for early and aggressive treatment, instead of “watchful waiting.” They urge intensive therapy for children as young as 6, weight loss drugs for those as young as 12 and surgery for teens as young as 13.”
  • The Institute for Clinical and Economic Research released a

Final Evidence Report on Fezolinetant for Vasomotor Symptoms Associated with Menopause

— Independent appraisal committee voted that evidence is not yet adequate to demonstrate a net health benefit for fezolinetant when compared to no pharmacological treatment —

—  Using point estimates from short-term clinical trials, analyses suggest this drug would achieve common thresholds for cost-effectiveness if priced between $2,000 – $2,600 per year for women who cannot or choose not to take menopausal hormone therapy —

— All stakeholders have a responsibility and an important role to play in ensuring that women have access to effective new treatment options for symptoms of menopause

The ICER upshot is “Given that many patients may benefit from readily available, effective, and low cost [menopausal hormone therapy] MHT, clinical experts agreed that it would be reasonable for payers to require prescriber attestation that patients are not appropriate candidates for MHT prior to prescribing fezolinetant.”

From the SDOH front, Health Leaders Media tells us about new ICD-10 diagnosis codes with an SDOH emphasis which will take effect on April 1, 2023.

From the telehealth front, U.S. News reports,

Despite distance and occasional technical glitches, a new study finds that most patients like seeing a surgeon for the first time via video.

The study was published Jan. 19 in the Journal of the American College of Surgeons. * * *

The study included 387 patients who participated in first-time visits between May 2021 and June 2022 at general surgery clinics across the Vanderbilt system. Researchers used a standard questionnaire to look at the quality of shared decision-making and asked patients and surgeons open-ended questions about their consultations.

In all, 77.8% of patients had an in-person visit, while 22.2% saw their doctor remotely.

Both groups reported high levels of quality communication during these appointments.

Levels of shared decision-making and quality of communication were similar between remote visits and in-person care, the study found.

In responding to the open-ended questions, patients praised the convenience and usefulness of telehealth appointments. Researchers received some negative comments about technical difficulties and not being physically present.

Weekend update

David ErmerCongress, COVID treatment, COVID-19, COVID-19 testing, Mental health care

Congress is back in our Nation’s capitol this week. The House is considering legislative business but is not holding hearings. The Senate is holding hearings and floor votes.

The Wall Street Journal reports

A deeply divided Congress will return to work this week, pushing ahead with partisan priorities in the Senate and House while also gearing up for a fight over how lawmakers will address raising the debt ceiling before a potential default later this year.

The Senate, narrowly controlled by Democrats as it opens its new session, is expected to focus primarily on confirming President Biden’s executive and judicial nominees in the coming weeks. Immigration is emerging as one area of possible compromise after a group led by Sen. Kyrsten Sinema (I., Ariz.) and Sen. John Cornyn (R., Texas) co-hosted a bipartisan delegation of senators to the Texas and Arizona borders during the January recess. 

House Republicans, back from a weeklong break, will dive into investigations focused on Mr. Biden, his family and his administration, starting with a hearing on border security early next month that will feature testimony from border patrol agents.

The American Medical Association outlines its wish list for improvements in the Medicare payment system.

From the Omicron and siblings front

The American Medical Association tells us about what doctors wish their patients knew about Covid reinfections. Oddly the article does not mention the availability of Paxlovid treatment.

Medscape informs folks over age 65 about what they need to know about taking Paxlovid.

The message from infectious disease experts and geriatricians is clear: Seek treatment with antiviral therapy, which remains effective against new covid variants.

The therapy of first choice, experts said, is Paxlovid, an antiviral treatment for people with mild to moderate covid at high risk of becoming seriously ill from the virus. All adults 65 and up fall in that category. If people can’t tolerate the medication — potential complications with other drugs need to be carefully evaluated by a medical provider — two alternatives are available.

The upshot is the older Americans and immunocompromised American should create a treatment plan in consultation with their primary care providers before Omicron shows up at the door.

NPR offers us an update on the state of rapid Covid testing

As the COVID-19 pandemic enters its fourth year, a negative result on a little plastic at-home test feels a bit less comforting than it once did.

Still, you dutifully swab your nostrils before dinner parties, wait 15 minutes for the all-clear and then text the host “negative!” before leaving your KN95 mask at home.

It feels like the right thing to do, right?

The virus has mutated and then mutated again, with the tests offering at least some sense of control as the Greek letters pile up. But some experts caution against putting too much faith in a negative result.

The NPR article provides the details.

In other public health news, Fortune Well reports

A so-called “super strain” of gonorrhea—against which many types of antibiotics are less effective or not effective at all—has been identified in the U.S. for the first time, health officials said Thursday, [January 19] raising further concern that a post-antibiotic era is approaching.

The case, identified in Massachusetts, was successfully treated with ceftriaxone, an antibiotic recommended to treat the disease, state health officials said in a news release. A higher-than-recommended dose wasn’t required to clear the infection, a state public health spokesperson tells Fortune, though the U.S. Centers for Disease Control and Prevention recently doubled the recommended dose.

The newly identified strain showed reduced susceptibility to three types of antibiotics and resistance to an additional three, including penicillin. It marks the first U.S. case in which all recommended drugs were less effective or completely ineffective, the state health department said in a Thursday bulletin to clinicians.

The case serves as “an important reminder that strains of gonorrhea in the U.S. are becoming less responsive to a limited arsenal of antibiotics,” health officials said in a statement.

The U.S. is experiencing “a rising epidemic of sexually transmitted disease,” Dr. Georges Benjamin, executive director of the American Public Health Association, tells Fortune, with some experts referring to the issue as a “hidden epidemic.” 

No bueno.

From the mental health care front

  • NPR Shots discusses when patients can opt for chat therapy from a free chatbot., e.g., Wysa .
  • Bloomberg Prognosis calls our attention to a dementia quiz.

Most cases of dementia aren’t linked to lifestyle. But in as many as four in 10 cases, external risk factors — everything from educational level, brain injury and hearing loss to excessive drinking and smoking — may play a role, a report by The Lancet Commission found in 2020. This week, Alzheimer’s Research UK, a charity that funds science and education about dementia, launched an online quiz that draws on that study to help people zero in on what they could change in their own lives to help improve the health of their brains. 

“Much of this is about helping people understand that they can be empowered to affect their risk of Alzheimer’s disease,” Paul Matthews, director of the UK Dementia Research Institute at Imperial College London, said in a briefing hosted by the Science Media Centre. “We need to give people the knowledge to make these choices.” 

For what it’s worth, The FEHBlog took the quiz which is offered by the British Alzheimers Disease Association. The FEHBlog found it worthwhile.

Cybersecurity Saturday

David ErmerCybersecurity

    From the cyberpolicy front —

    Cyberscoop reports

    The Government Accountability Office said Thursday that U.S. federal departments have implemented just 40% of the cybersecurity recommendations the watchdog agency has issued since 2010.

    The lethargic pace in which government agencies put in place cybersecurity precautions and best practices underlines the need for the Biden administration to “urgently” release a comprehensive national cybersecurity strategy with effective oversight, the GAO said in its report.

    The GAO said that the updated national cybersecurity strategy, which the administration is reportedly planning to release soon, should address key “desirable characteristics of national strategies” such as performance measures that was missing in President Trump’s 2018 cybersecurity strategy.

    “We stressed that moving forward, the incoming administration needed to either update the existing strategy and plan or develop a new comprehensive strategy that addresses those characteristics,” the report noted. 

    The GAO noted that only about 145 of its 335 recommendations have been put in place. The agency recommended such actions establishing the national cyber director and the General Service Administration updating their security plans.

    The Cybersecurity and Infrastructure Security Agency released a report on 2022 year in review. Health IT Security examines the CISA report from the standpoint of the healthcare sector.

    The FEHBlog noticed that two Federal Acquisition Regulation proposed rules that he has been tracking are now pending review at OMB’s Office of Information and Regulatory Affairs.

    DOD/GSA/NASA (FAR)

    AGENCY: FAR RIN: 9000-AO34 Status: Pending Review
    TITLE: Federal Acquisition Regulation (FAR); FAR Case 2021-017, Cyber Threat and Incident Reporting and Information Sharing
    STAGE: Proposed Rule ECONOMICALLY SIGNIFICANT: Yes
    RECEIVED DATE: 12/19/2022 LEGAL DEADLINE: None

    AGENCY: FAR RIN: 9000-AO35 Status: Pending Review
    TITLE: Federal Acquisition Regulation (FAR); FAR Case 2021-019, Standardizing Cybersecurity Requirements for Unclassified Information Systems
    STAGE: Proposed Rule ECONOMICALLY SIGNIFICANT: No
    RECEIVED DATE: 12/19/2022 LEGAL DEADLINE: None

    Should these regulations clear OIRA review, then the next step will be published in the Federal Register.

    From the cyberbreach front,

    Cybersecurity Dive reports

    T-Mobile on Thursday said a threat actor accessed personal data on about 37 million current customers in an intrusion that went undetected since late November.

    The wireless network operator identified the malicious activity on Jan. 5 and during a subsequent investigation determined the unauthorized access began on or around Nov. 25, the company said in a filing with the Securities and Exchange Commission.

    T-Mobile said it was able to trace the source of the malicious activity to an application programming interface and stop it with the help of cybersecurity consultants. 

    This incident marks the eighth publicly acknowledged data breach at T-Mobile since 2018, including a massive data breach in August 2021 that exposed personal data of at least 76.6 million people.

    The investigation is ongoing, but T-Mobile said there is no evidence its systems or network were breached during the incident.

    From the cyber vulnerabilities front —

    Cybersecurity Dive reports

    • Potential cyber incidents and business interruption remained the two leading worldwide corporate risk concerns for the second year in a row, according to a report published Tuesday by Allianz Group’s corporate insurance unit, Allianz Global Corporate & Specialty. 
    • Both cyber and business interruptions were the top concerns among 34% of respondents in the annual Allianz Risk Barometer. The study measured the responses of 2,712 risk management experts in 94 countries and territories, including CEOs, risk managers, brokers and other insurance experts. 
    • Respondents were concerned about a range of potential incidents, from ransomware to data breaches and IT outages. The report noted ransomware remains a frequent threat and cited IBM data showing the average cost of a data breach hit a record of $4.35 million, with the cost expected to surpass $5 million this year.

    Health IT Security tells us

    Cloud security concerns settled into the number five spot on ECRI’s list of “Top 10 Health Technology Hazards for 2023,” a report that the organization has released annually for the past 16 years. ECRI is a nonprofit organization that focuses on healthcare technology and safety.

    The organization’s annual health tech hazards list is compiled by a team of clinicians, healthcare management experts, and biomedical engineers. Last year, ECRI identified cyberattacks as the number one health tech hazard.

    CISA added one more known exploited vulnerability to its catalog.

    The Healthcare Sector Cybersecurity Coordination Center issues three reports this week:

    • Healthcare Cybersecurity Bulletin for Q4 2022 “Ransomware attacks, data breaches, and often both together, continued to be prevalent attacks against the health sector,” the bulletin notes. “Ransomware operators continued to evolve their techniques and weapons for increasing extortion pressure and maximizing their payday. Vulnerabilities in software and hardware platforms, some ubiquitous and some specific to healthcare, continued to keep the attack surface of healthcare organizations wide open. Managed service provider compromise continued to be a significant threat to the health sector, as did supply chain compromise.”
    • December Vulnerabilities of Interest to the Health Sector “In December 2022, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for this month are from Microsoft, Google/Android, Apple, Intel, Cisco, SAP, Citrix, VMWare, and Fortinet.”
    • Artificial Intelligence and Its Current Potential to Aid in Malware Development Artificial intelligence (AI) has now evolved to a point where it can be effectively used by threat actors to develop malware and phishing lures. While the use of AI is still very limited and requires a sophisticated
      user to make it effective, once this technology becomes more user-friendly, there will be a major paradigm shift in the development of malware. One of the key factors making AI particularly dangerous for the healthcare sector is the ability of a threat actor to use AI to easily and quickly customize attacks against the healthcare sector.

    In this regard CSO offers a feature on how ChatGPT changes the phishing game. “The Microsoft-backed free chatbot is improving fast and can not only write emails, essays but can also code. ChatGPT is also polyglot and that could facilitate and increase exponentially phishing attacks.” Wonderful.

    From the ransomware front —

    • An ISACA expert explains why ransomware looms large on the third party risk landscape. “As adoption of cloud datacenters and software as a service grows, so does reliance on complex and global supply chains that introduce a multitude of potential vulnerabilities that can be exploited by cybercriminals. In this blog post, we will explore some key strategies for identifying and mitigating supply chain risks, with a special emphasis on ransomware risks in the supply chain.”
    • In Cybersecurity Dive, a ransomware negotiator shares three tips for victim organizations.
    • Dark Reading adds “in another sign that the tide may be finally turning against ransomware actors, ransom payments declined substantially in 2022 as more victims refused to pay their attackers — for a variety of reasons.”

    From the cyber defenses front, Tech Republic explains that while the cybersecurity implications of ChatGPT are vast, especially for email exploits, putting up guardrails, flagging elements of phishing emails that it doesn’t touch and using it to train itself could help boost defense. Ah, a double edged sword.

    Friday Factoids

    David ErmerCDC, COVID treatment, COVID-19, Mental health care, Patient safety, U.S. Healthcare
    Photo by Sincerely Media on Unsplash

    Becker’s Hospital Review reports

    The weekly rate of emergency department visits and hospitalizations for flu, COVID-19 and respiratory syncytial virus peaked in early December, new CDC data shows. 

    The CDC unveiled two data dashboards Jan. 17 that track emergency department visits and hospitalizations for COVID-19, flu and RSV. 

    ED visits for flu, RSV and COVID-19 peaked the week ending Dec. 3, hitting a weekly total of 235,850 before falling through December and the first half of January. The nation’s current weekly total was 72,119 as of Jan. 14, according to the ED dashboard. The dashboard uses information from the CDC’s National Syndromic Surveillance Program, which receives data from 73 percent of the nation’s EDs. 

    The combined hospitalization rate for flu, RSV and COVID-19 peaked at 22.5 admissions per 100,000 in the week ending Dec. 3. This figure now sits at 9.4 per 100,000 for the week ending Jan. 7, though the CDC said reporting delays may affect the most recent week’s data.

    RSV hospitalizations peaked in mid-November, while flu hospitalizations peaked in early December, CDC data shows. COVID-19 admissions also appear to be leveling off nationwide, even as the highly transmissible omicron subvariant XBB.1.5 gains prevalence. This trend suggests the U.S. will see more of a COVID-19 “bump” this winter versus a full-fledged surge, experts told The New York Times.

    The CDC’s weekly interpretative review of its Covid stats focuses on these new dashboards this week. The agency’s weekly Fluview report informs us “Seasonal influenza activity continues to decline across the country.”

    The Wall Street Journal adds

    Three years after health authorities announced the first known Covid-19 case in the U.S., the virus behind the disease remains persistent but thus far hasn’t triggered the severity of the waves seen in prior winters.

    A recent climb in hospitalizations and Covid-19 wastewater readings—two key metrics for spotting trends—appears to have stalled following the quick rise of the Omicron XBB.1.5 subvariant. The U.S. was gripped in significantly more deadly waves at this point in the last two winters, though currently there are still hundreds of deaths reported each day. * * *

    At least for now, it appears unlikely new variants are going to cause as substantial illnesses and deaths as the virus did early on and in the prior winter waves, said Jay Varma, a physician and epidemiologist who directs Weill Cornell Medicine’s Center for Pandemic Prevention and Response in New York City. He cautioned that more severe mutations could still emerge. “We seem to have settled into somewhat of a detente with the virus,” he said.

    Although the FEHBlog will continue to track Omicron and siblings developments, he has decided to replace Friday Stats and More with Friday Factoids.

    Medscape tells us

    Public health officials have said for some time that use of Paxlovid, approved under an FDA emergency use authorization (EUA) in December 2021, remains far below the proportion of Americans who could potentially benefit from the therapy.

    What’s driving the lackluster uptake remains unknown, so Medscape Medical News took a deeper dive into the challenges surrounding Paxlovid prescribing.

    Older Americans remain one of the groups at highest risk for COVID-19 adverse outcomes, including hospitalization and severe illness. However, the survey found that providers also remain reluctant to prescribe Paxlovid in this population for multiple reasons. * * *

    The survey found that almost half of patients were on a medication that is contraindicated with Paxlovid and that could not be discontinued (44%). Another finding was that almost the same proportion were on a medication that is contraindicated with Paxlovid, but the risk of discontinuing that medication was too high (41%). Also, the researchers found some patients were on a medication that could interact with Paxlovid, but it was unclear how to manage the interaction (29%).

    [Medscape medical editor in chief Dr. Eric Topol said that doctors, in some cases, may be overly concerned about the drug interactions. “There’s a straightforward workaround strategy for nearly all the drug interactions — most commonly statins — which can easily be stopped for 5 days,” he said.

    Another concern preventing Paxlovid prescription is renal impairment, the survey reveals. More than one third of respondents, 37%, said they did not prescribe the protease inhibitor combination because of concerns over this condition, which can lower how efficiently medications are cleared by the body.

    That’s a helpful study.

    In other survey news, MedPage Today informs us

    Fewer emergency department (ED) visits end with a prescription for opioids, CDC survey data showed.

    The percentage of ED visits with an opioid prescribed at discharge fell from 12.2% in 2017-2018 to 8.1% in 2019-2020, reported Loredana Santo, MD, MPH, and Susan Schappert, MA, of the National Center for Health Statistics in Hyattsville, Maryland, in NCHS Data Briefopens in a new tab or window.

    The rate of prescribing at discharge also dropped: in 2019-2020, opioids were prescribed at 36.4 ED visits per 1,000 adults, lower than 50.5 per 1,000 in 2017-2018. The decline was similar for both men and women.

    In U.S. healthcare business news —

    • Cigna points out the value of integrated health plans a/k/a health plans without carveouts.

    A study released today by Cigna (NYSE: CI), a global health service company, finds that triple integration of medical, pharmacy and behavioral benefits resulted in lower health care costs for employers. Conducted by Aon plcThis link will open in a new tab., a leading global professional services firm, the Value of Integration StudyThis link will open in a new tab. [PDF] shows that Cigna’s integrated employer clients saved $148 per member per year in 2021. 

    Using a similar study method, Cigna then evaluated the financial impact of engaging employees to participate in health improvement programs, such as wellness coaching. The results show even greater client savings for Cigna integrated employer clients, exceeding $1,400 per member per year.

    In addition, Cigna found that when individuals with specific high-cost conditions and therapies were enrolled in a triple-integrated health plan and needed specialty medicines, the savings for the health plan were:

    • Nearly $9,000 per member per year, increasing to more than $11,000 per member when the specialty drug is for an inflammatory condition like rheumatoid arthritis; and
    • Almost $17,500 per year for members who took specialty drugs and have a confirmed depression diagnosis.
    • Medpage Today reports, “Switching to [employer-sponsored] high-deductible health plans (HDHPs) spelled trouble when it came to diabetes complications, a retrospective cohort study found.” The report studies health savings account (HSA) – eligible HDHPs versus traditional low-deductible plans. The FEHBlog doesn’t understand why the HSAs don’t balance out the two types of coverage. The article doesn’t compute.
    • STAT News relates, “More than a dozen of the country’s large not-for-profit hospital systems descended on this year’s J.P. Morgan Healthcare Conference with a subtle but clear message for bankers and municipal investors: Higher costs in 2022 slowed them down, but they are adamant about increasing revenue by expanding their footprints and hiking prices.” Charming.
    • Fierce Healthcare calls our attention to

    A new behavioral health solution launched this week aims to make it easier for insurers to connect members with tools that may benefit their mental health care.

    Lucet represents the combination of New Directions Behavioral Health and Tridiuum and is a spinout from the Blues network, where its core product cut its teeth. Lucet’s Navigate & Connect platform harnesses a large team of care navigators with an advanced technology stack that allows insurers to better optimize care and access for members.

    Shana Hoffman, president and CEO of Lucet, told Fierce Healthcare that the platform enables faster connections to appointments and helps cut through the noise on which solutions a plan may want to bring into the fold.

    “What we’re bringing to the market is really an operating system platform for health plans that allows them to reliably connect members to care,” Hoffman said.

    • Health Affairs Forefront analyzes “The Fair Price For One-Time Treatments; How Can We Overcome Existing Market Price Distortions?” Check it out.

    Thursday Miscellany

    David ErmerAHRQ, Congress, COVID-19, FDA, Federal employment benefits, Medicare, Mental health care, No Surprises Act, OPM, Rx coverage, Telehealth
    Photo by Josh Mills on Unsplash

    From our Nation’s capital, the Wall Street Journal reports

    The Treasury Department began taking special measures to keep paying the government’s bills on Thursday as the U.S. bumped up against its borrowing limit, kicking off a potentially lengthy and difficult debate in Congress over raising the debt ceiling

    With the federal government constrained by the roughly $31.4 trillion debt limit, the Treasury Department began deploying so-called extraordinary measures. Those accounting maneuvers, which include suspending investments for certain government accounts, will allow the Treasury to keep paying obligations to bondholders, Social Security recipients and others until at least early June, the department said last week.  

    That gives lawmakers on Capitol Hill and the Biden administration roughly five months to pass legislation raising or suspending the debt limit. In a letter to congressional leaders on Thursday, Treasury Secretary Janet Yellen said there was “considerable uncertainty” about how long extraordinary measures can last. 

    “I respectfully urge Congress to act promptly to protect the full faith and credit of the United States,” Ms. Yellen said. 

    From the OPM front, OPM issued “Guidance on Increasing Opportunities for Federal Internships, Fellowships, and Other Early Career Programs” and, according to MeriTalk, held a “virtual job fair organized today by Tech to Gov in partnership with the Office of Personnel Management (OPM) is targeting a wide range of Federal government technology and related positions as part of the government’s goal to restock its tech ranks amid a slowdown in hiring by the private sector.” As daily reports of layoffs at tech companies have been appearing in the news, OPM’s timing for the job fair is opportune.

    Today, benefits expert Tammy Flanagan completed her three Govexec columns on federal employee and annuitant benefit changes for this year.

    From the Omicron and siblings front,

    MedPage Today tells us, “Real-World Data Support Bivalent COVID-19 Boosters in Older Adults — Study from Israel showa ed high level of protection in people 65 and up.” MedPage Today’s medical editor in chief Dr. Jeremy Faust comments

    [T]he Israeli data really helps us understand that for 65-years-olds and over, getting a bivalent booster is going to protect against hospitalization. We don’t know how long that’s going to last, and that’s the key. If it turns out that the bivalent booster ends up having a much longer tail of effectiveness than the monovalent did, that’ll be good news, but it’ll depend upon what variants are circulating and other factors, but we are watching that.

    Reuters adds

    The European Union’s drug regulator has not identified any safety signals in the region related to U.S. drugmaker Pfizer Inc (PFE.N) and German partner BioNTech’s updated COVID-19 shot, the agency said on Wednesday.

    On Friday, the U.S. Food and Drug Administration and the Centres for Disease Control and Prevention said that a safety monitoring system had flagged that the shot could possibly be linked to a type of brain stroke in older adults, according to preliminary data.

    The FDA’s Vaccines and Related Biological Products Advisory Committee will consider this safety issue at a meeting on January 26.

    Also from the FDA front, the Wall Street Journal informs us

    U.S. drug regulators rejected Eli Lilly & Co.’s proposed new Alzheimer’s disease treatment, saying they need more data from clinical testing, according to the company.

    The setback could delay a potential commercial introduction of the highly anticipated drug by at least several months, if the Food and Drug Administration eventually decides to approve it. * * *

    The agency had recently approved another Alzheimer’s therapy. Earlier this month, the FDA gave early approval to a new Alzheimer’s drug from Eisai Co. and Biogen Inc.

    Lilly had been hoping for an accelerated FDA approval of donanemab early this year. Now, a midyear filing of a standard drug application means an FDA decision could be pushed back into 2024, based on typical FDA timelines of taking six to 10 months to review new drug applications.

    The American Hospital Association relates

    In an online survey last November of 1,200 U.S. adults previously vaccinated against COVID-19, 62% had not yet received a bivalent booster dose, most often because they did not know they were eligible or the booster was available, or believed they were immune against infection, the Centers for Disease Control and Prevention reported today. After viewing information about eligibility and availability, over two-thirds of them planned to get a bivalent booster and 29% reported receiving the booster in a follow-up survey in December. To help increase bivalent booster coverage, the report recommends using evidence-based strategies to inform patients about booster recommendations and waning immunity.

    From the No Surprises Act front, Healthcare Dive points out

    • Many Americans are still exposed to the potential for a surprise medical bill from an out-of-network ambulance ride, a research report published in Health Affairs found. About 28% of emergency trips in a ground ambulance resulted in a potential surprise bill, according to the research that analyzed commercial insurance claims.
    • About 85% of emergency transports were deemed out of network between 2014 and 2017, researchers found. But two-thirds of those trips are paid in full by insurers, eliminating the risk of a surprise bill.
    • The report shows the difference in pricing by ground ambulance ownership and how that affects patients’ financial exposure. * * *
    • Given the high prevalence for a potential surprise bill, protections like those afforded to consumers in the No Surprises Act may be necessary for both emergency and non-emergency transports, the authors said.

    The FEHBlog is puzzled by the author’s extension of NSA protection to non-emergency transports, which the consumer should have time to manage. Congress should not overload the NSA system.

    From the telehealth front, Healthcare Dive reports

    • Private insurers paid roughly the same for telehealth and in-person visits during the early days of the COVID-19 pandemic as virtual care surged, according to new research from the Kaiser Family Foundation.
    • Though it’s unclear how payment rates might have changed over the past two years, the findings call into question the argument that telehealth is saving the healthcare system money, researchers said.
    • However, researchers said that perks of telehealth included expanded access and convenience — cost benefits of which were not factored into the study.

    Fierce Healthcare tells us

    UnitedHealthcare is rolling out a new virtual behavioral health coaching program backed by Optum.

    The offering is available as of Jan. 1 for 5 million fully insured members, and self-insured employers can purchase the program as an employer benefit. Through the program, adults with symptoms of mild depression, stress and anxiety can access support for their mental health needs through virtual modules as well as one-on-one video conferences, phone calls or messaging with coaches. * * *

    Members who use virtual coaching can connect with a dedicated behavioral health coach for a 30-minute weekly audio or video call and can chat with their coach using in-app messaging between sessions.

    The program lasts eight weeks, and each member will complete an assessment at the onset to identify their individual needs. Coaches use cognitive behavioral therapy techniques to assist the patient in crafting an action plan that is personalized to them.

    In other UHC news, Beckers Payer Issues relates

    The largest employer of physicians in the United States is not HCA, the VA, or Kaiser Permanente — it’s UnitedHealth Group’s Optum.

    With at least 60,000 employed or aligned physicians across 2,000 locations in 2023, Optum has cemented itself at the forefront of the quickly changing healthcare delivery landscape. For comparison, Bloomberg reported in 2021 that Ascension employs or is affiliated with 49,000 physicians, HCA has 47,000 and Kaiser has 24,000.

    Given that the Affordable Care Act limits health insurers, but not healthcare providers, profits, UHC made a smart move, in the FEHBlog’s opinion.

    From the Rx coverage front, STAT News tells us

    In a bid to blunt competition and address rising drug costs, Sanofi is offering a warranty that will cover the cost for any hospital if a specific medicine fails to work, marking only the second time a major pharmaceutical company has taken such a step.

    In this instance, Sanofi designed a warranty program for its Cablivi medication, which is used to treat aTTP, a rare, life-threatening autoimmune blood disorder that is considered a medical emergency. The cost will be refunded for up to six doses for patients who fail to initially respond or up to 12 doses for patients whose condition worsens.

    The move comes after Pfizer began offering warranties for two of its medicines, the first of which debuted in August 2021. At the time, the Pfizer effort was the first of its kind in the pharmaceutical industry. Unlike the Sanofi warranty, however, the Pfizer programs offer refunds to patients — not hospitals — if the medicines fail to work sufficiently.

    Although the approaches vary, both companies are signaling their interest in differentiating themselves from competitors, not just responding to complaints about the rising cost of medicines, according to Emad Samad, president of Octaviant Financial, a firm that is promoting the use of warranties in the pharmaceutical industry.

    How would these warranties redound to the benefit of third party payers?

    From the miscellany front

    • Cigna offers a paper about “Digging into the Unique Drivers and Healthy Behaviors That Impact Vitality.”
    • The U.S. Preventive Services Task Force released a chart of its most impactful 2022 recommendations.
    • Fierce Healthcare reports, “The number of providers serving as [Medicare] accountable care organizations increased slightly this year thanks to the start of a new advanced model and a slew of reforms meant to reverse a slide in participation.”
    • Mercer Consulting digs into “must do” valued based care strategies.
    • The MIT Technology Review considers the prospect of gene editing for the masses using CRISPR 3.0
    • STAT News discusses the “hot mess” of legal issues associated with the FDA’s recent decision to make abortion drugs available at pharmacies.

    Midweek Update

    David ErmerCDC, Congress, COVID-19, Medicare, NIH, U.S. Healthcare
    Photo by Manasvita S on Unsplash

    From Capitol Hill, Roll Call reports that Senator Joe Manchin (D W Va) “has talked “briefly” with Speaker Kevin McCarthy about a bill he co-sponsored with Sen. Mitt Romney, R-Utah, in the last Congress to create a “rescue committee” for every endangered government trust fund, like the Social Security, Medicare and highway trust funds.

    The Concord Coalition, a nonpartisan research group, named Romney and Manchin as its 2022 Economic Patriot Awards honorees because of their work on the legislation. 

    The bill, which they have yet to reintroduce in the 118th Congress, would allow the top four congressional leaders to appoint three members each for every rescue committee and give lawmakers on the panels 180 days to come up with policy solutions for solvency.

    Any legislation the rescue committees produce would be subject to expedited procedures for floor consideration; it couldn’t be amended but would require 60 Senate votes to advance to final passage. 

    Keep hope alive.

    From the Omicron and siblings front —

    The Wall Street Journal reports

    Moderna Inc. plans to expand its mRNA vaccine production capacity, saying shots targeting different pathogens can be made in the same facility, Chief Executive Stephane Bancel said.

    “This is what gives me hope, not only for [coronavirus] variants, but also for other vaccines,” Mr. Bancel said on a panel at the World Economic Forum in Davos, Switzerland.  * * *

    The company was able to roll out booster shots adapted to the Omicron variant in 60 days, according to Mr. Bancel.

    That would be helpful assuming the FDA and CDC are on board.

    The American Hospital Association lets us know

    The Centers for Disease Control and Prevention yesterday released a dashboard tracking hospitalization rates for laboratory-confirmed COVID-19, flu and Respiratory Syncytial Virus by age group, sex, race/ethnicity, state and season based on data from select counties in 13 states, which the agency will update weekly. CDC also released another dashboard tracking weekly emergency department visits for COVID-19, flu and RSV by age group and percent of all ED visits based on data from the National Syndromic Surveillance Program.

    In other vaccine news, the National Institutes of Health announced today

    An investigational HIV vaccine regimen tested among men who have sex with men (MSM) and transgender people was safe but did not provide protection against HIV acquisition, an independent data and safety monitoring board (DSMB) has determined. The HPX3002/HVTN 706, or “Mosaico,” Phase 3 clinical trial began in 2019 and involved 3,900 volunteers ages 18 to 60 years in Europe, North America and South America. Based on the DSMB’s recommendation, the study will be discontinued. Participants are being notified of the findings, and further analyses of the study data are planned.

    Janssen Vaccines & Prevention B.V., part of the Janssen Pharmaceutical Companies of Johnson & Johnson, sponsored the Mosaico study with funding support from the National Institute of Allergy and Infectious Diseases (NIAID), part of the National Institutes of Health. The trial was conducted by the NIAID-funded HIV Vaccine Clinical Trials Network, based at the Fred Hutchinson Cancer Research Center in Seattle. The U.S. Army Medical Research and Development Command provided additional study support.

    Keep trying.

    Also from the public health front

    Gallup informs us “The percentage of Americans reporting they or a family member postponed medical treatment in 2022 due to cost rose 12 points in one year, to 38%, the highest in Gallup’s 22-year trend.” The story concludes

    With high inflation creating moderate to severe hardship for a majority of Americans in the second half of 2022, their reports of delaying medical care in general due to cost — as well as delaying care for a serious condition — rose sharply to new highs. Young adults, those in lower-income households and women were especially likely to say they or a family member had put off medical care.

    No bueno.

    From the U.S. healthcare business front, McKinsey & Co. tells us

    When we last looked at the trajectory of the US healthcare industry in our July 2022 article, “The future of US healthcare: What’s next for the industry post-COVID-19?,” we had emerging concerns about what persistent inflation could cause.1 It is now clear that inflation is not transitory and that the economic outlook has meaningfully darkened.2 These economic troubles, combined with a healthcare-worker shortage and endemic COVID-19, are clouding the industry outlook. In an accompanying article, we update how these changes could affect payers, providers, healthcare services and technology (HST), and pharmacy services.

    Check it out.

    From the Medicare front, Fierce Healthcare relates

    Enrollment in Medicare Advantage (MA) has topped 30 million, according to new data from the Centers for Medicare & Medicaid Services.

    This represents coverage across 776 contracts, according to the data, as of Jan. 1 payments, which reflect enrollments accepted through Dec. 2. Enrollment in standalone prescription drug plans was also about 22.7 million, bringing total enrollment across all types of private Medicare plans to nearly 50.3 million.

    This represents growth of about 2 million from 2022. An analysis from the Kaiser Family Foundation found that enrollment in MA plans was about 28 million last year. 

    Tuesday’s Tidbits

    David ErmerCOVID-19, FDA, OPM, Rx coverage, Telehealth, U.S. Healthcare, Uncategorized

    From the Omicron and siblings front

    • The New York Times accurately describes this Covid winter as a bump rather than a surge.
    • The Washington Post discusses a large medical study that supports the need for pregnant women to be vaccinated against Covid.

    On a related note the Wall Street Journal reports

    An experimental vaccine from Moderna Inc. significantly reduced the risk of a viral respiratory disease among older adults in a large clinical trial, the latest promising sign in drugmakers’ efforts to fight the deadly RSV virus. * * *

    The results are the latest for an experimental RSV vaccine. Also developing shots are GSK PLC, Pfizer Inc. and Johnson & Johnson

    Meanwhile, Sanofi SA and AstraZeneca PLC have co-developed an antibody-based drug to be used for the prevention of RSV in infants. They applied for FDA approval of the drug and expect a decision in the third quarter of 2023.

    From the FEHB front, Reg Jones, a retired OPM FEHB contracting officer, provides an “insiders look at FEHB” in FedWeek. His first observation is

    First, when the FEHB became law some 60 years ago, I think it would have been better if there had only been a single risk pool. In other words, no Self Only, Self Plus One, and Self and Family options. Because there are these distinctions, enrollees have ever since wanted to further carve up the risk pool, creating subcategories, such as employees vs. retirees or retirees with or without Medicare as their primary insurer.

    While the FEHBlog fully agrees with Mr. Jones about the value of risk pooling to FEHB, the self only, self plus one, and self and family choices are enrollment choices that affect the premiums paid but not the risk pool. OPM does break out risk pools by plan option, e.g., Standard, Basic, Elevate.

    Mr. Jones is concerned about the risk pool splitting occasioned by the creation of the new Postal Service Health Benefits Program. The FEHBlog has stated his belief that OPM could have avoided this outcome by allowing FEHB plans to offer Medicare Part D EGWPs back in 2005. The FEHBlog expects that once FEHB enrollees see the lower premiums in PSHBP, Medicare D EGWPs will be added to FEHB and before the PSHBP and FEHB will become one again.

    Mr. Jones also presses concern about access to medically necessary benefits which coincidentally is a topic that STAT News addressed today stemming from the Institute for Clinical and Economic Research’s publication of its “Second Annual Assessment of Barriers to Fair Access Within US Commercial Insurance Prescription Drug Coverage.” Here is a summary of the ICER Assessment’s results:

    The assessment found a high level of alignment between coverage policies and fair access criteria across the formularies with the highest number of covered lives of large private payers and the VHA in the United States.  Across all relevant payer policies, ICER gave concordance ratings of 70% (59/84) for cost-sharing policies of drugs that ICER found to be reasonably priced, 96% (310/322) for clinical eligibility criteria, 98% (316/322) for step therapy criteria and 100% (322/322) for prescriber restrictions.

    In the exploratory transparency analysis for select migraine and ulcerative colitis (UC) drugs aimed at discerning whether prospective plan members can find information about cost-sharing and clinical eligibility, payers were found to provide relatively good transparency into their formularies (16/18 payers met transparency criteria) but only 10/18 payers provided adequate transparency into their clinical coverage policies. In an exploratory analysis for documentation burden which reviewed the number of questions on prior authorization forms, prior authorization policies for UC and migraine drugs had a median number of questions from 25 to 36 and a range of questions from 22 to 71.

    One of the most notable results of this effort is the change in coverage policies made by five payers for 11 drugs following receipt of draft results of the assessment. These changes all served to bring coverage into alignment with fair access criteria.

    Note bene

    ICER will host a public webinar at 12:00 p.m. ET on January 18, 2023 to discuss the key conclusions and policy implications of this assessment. Webinar presenters will include:

    • Sarah Emond, MPP, Executive Vice President and Chief Operating Officer, ICER
    • Mary B. Dwight, Senior Vice President and Chief Policy & Advocacy Officer, Cystic Fibrosis Foundation 
    • Meghan Buzby, Executive Director, Coalition for Headache and Migraine Patients (CHAMP) 

    Register here for the webinar.

    Also from the Rx coverage front

    Fierce Healthcare reports “California has filed suit against a slew of major drugmakers and pharmacy benefit managers, alleging that they acted unlawfully to drive up the cost of insulin.”

    Pharmacy Times informs us

    The FDA has approved a label update for semaglutide (Rybelsus; Novo Nordisk) that allows the drug to be used in addition to diet and exercise as a first-line option to improve glycemic control in adults with type 2 diabetes.

    This update removes a previous limitation that stated the medication should not be used as initial therapy for treating patients with type 2 diabetes. With its initial FDA approval in 2019, semaglutide became the first and only glucagon-like peptide-1 (GLP-1) analog in pill form.

    “The removal of the limitation of use is an important step forward for people living with type 2 diabetes and provides the option for Rybelsus to be taken earlier,” said Aaron King, MD, a family medicine and diabetes specialist, in a press release. “By taking Rybelsus first, people with type 2 diabetes, in conjunction with their care teams, are now able to utilize this medicine early in their diabetes treatment journeys.”

    On a related note, the Wall Street Journal tells us

    Parents and doctors are looking for new strategies to help adolescents with obesity. One controversial approach drawing the interest of some families is intermittent fasting, which limits people to eating for just a part of the day or week

    Intermittent fasting has gained traction among adults who use it to try to manage weight and improve health. Doctors have largely avoided trying it with adolescents out of concern that introducing a fasting period to their schedules might result in nutritional gaps or trigger eating disorders when teens are rapidly growing and developing.

    Now, a small number of doctors and researchers are evaluating types of intermittent fasting in adolescents, searching for solutions as rates of obesity and Type 2 diabetes rise. One pediatric endocrinologist in Los Angeles is launching a clinical trial looking at eating within a set time window in adolescents with obesity. Researchers in Australia are completing a separate trial, the results of which they expect to publish later this year.

    Healthcare Dive and Fierce Healthcare offer tidbits from the medical technology front. Healthcare IT News considers whether telehealth can be used for preventive care.

    From the U.S. healthcare front,

    • Beckers Hospital Review lists Healthgrades’ Top 50 Hospitals.
    • Insurance News Net fills us in on AHIP’s foci for 2023. “Access and affordability are the top two concerns of the health insurance industry as we move into a new year.”
    • You can scan Fierce Healthcare’s Fierce 15 of 2023 honorees here.

    Monday Roundup

    David ErmerCongress, Employee Wellness Programs, OPM
    “Darkness cannot drive out darkness, only light can do that. Hate cannot drive out hate, only love can do that.”
    Strength to Love, 1963.

    Happy Martin Luther King Day!

    Following today’s national holiday, both Houses of Congress are on State / District work breaks until next week.

    Today’s blog is focused on preventive care topics.

    • HR Advisor discusses the Dos and Don’ts of Employee Wellness Programs. The FEHBlog dearly wishes that OPM would create a connection between the federal agency employee wellness and assistance programs and its FEHB plans. Doing so would help employees better navigate federal employee benefits.
    • NPR Shots offers encouraging news on a new initiative:

    The 988 Suicide and Crisis Lifeline received over 1.7 million calls, texts and chats in its first five months. That’s nearly half a million more than the old 10-digit Suicide Prevention Lifeline fielded during the same period the year before. Launched in mid-July last year, the 988 number is modeled on the 911 system and is designed to be a memorable and quick number that connects people who are suicidal or in any other mental health crisis to a trained mental health professional. Not only are more people reaching out, more are being connected to help.  Federal data shows that the Lifeline responded to 154,585 more contacts – including calls, text messages and chats – in November 2022 than the same month the year before. The number of abandoned calls fell from 18% in November 2021 to 12% last November.

    • The American Medical Association tells us what doctors want their patients to know about preventing cervical cancer. The upshot is HPV vaccines and HPV and pap smear testing. The article discusses topics such as the timing of testing and may be worth sharing with plan members
    • Speaking of vaccinations, Precision Vaccination informs us

    Women can give their babies protection against whooping cough (pertussis) before their little ones are even born, says the U.S. Centers for Disease Control and Prevention (CDC).

    The U.S. Food and Drug Administration (FDA) recently approved a second, safe vaccine that prevents whooping cough from achieving that goal.

    When these (Tdap) vaccines are given during pregnancy, it increases antibodies in the mother, which are transferred to the developing fetus.

    On January 10, 2023, the FDA announced the Adacel® vaccine (Tetanus Toxoid, Reduced Diphtheria Toxoid, and Acellular Pertussis Vaccine, Adsorbed) is now approved for immunization during the third trimester of pregnancy.

    As well as an active booster immunization against tetanus, diphtheria, and pertussis for use in persons 10 through 64 years of age.

    • Kaiser Family News explores when pregnant women with severe nausea should seek medical care. The FEHBlog expects this is why NCQA and OPM encourage a visit to the OB-GYN in the first trimester.
    • A Govexec contributor offers a simple exercise regimen for office workers.

    .

    Cybersecurity Saturday

    David ErmerCybersecurity

    While Congress did enact a nationwide data breach law for healthcare organizations, including FEHB plans, Cyberscoop reports that last month’s data breach affecting password manager LastPass “exposes how US breach notification laws can leave consumers in the lurch.”

    The U.S. famously does not have a federal privacy law — something that might determine the rights of consumers to know their personal data has been stolen. What it has instead are 50 different state laws governing breach notification. When a company realizes its systems have been breached and data inappropriately accessed, it must examine the affected users state by state and determine whether the data stolen and belonging to them qualifies for notification under each user’s state data-breach notification regime. 

    “It’s really messy,” says Chris Frascella, who studies consumer privacy at the Electronic Privacy Information Center, a nonprofit research group. “What you’re required to report in Alabama may not be something that you have to report in Connecticut.”

    Against this backdrop, policymakers in Washington are attempting to step up their breach notification requirements, but these efforts are at an early stage.

    As mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022, the owners and operators of critical infrastructure will soon have to report cyber incidents and ransomware payments to the Department of Homeland Security. DHS is currently in the process of writing rules governing these disclosures, but it is important to note that these requirements are focused on critical infrastructure, rather than consumer goods. 

    Over at the Securities and Exchange Commission, policymakers have proposed requiring publicly traded companies to report in public filings breaches considered to be material to investors — but what amounts to a “material” breach is a matter of some debate

    The Federal Trade Commission is also stepping up its efforts to push companies to implement better security practices and do a better job of notifying consumers when they are affected by a data breach.

    Congress can fix this problem.

    Cybersecurity Dive tells us

    The consistent increase in annual cybercrime damages is not sustainable, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency said Thursday at CES in Las Vegas.

    Cybercrime damages cost organization $6 trillion last year, she said. They are projected to reach $8 trillion this year and $10.5 trillion in 2025.

    “We cannot accept that 10 years from now it’s going to be the same or worse than where we are now,” Easterly said. “The critical infrastructure that Americans rely on every day … is underpinned by a technology base and that technology base was created effectively in an insecure way.”

    This won’t change until priorities and incentives are realigned, she said.

    Change starts with a recognition that cybersecurity is a fundamental safety issue, according to Easterly.

    “We’ve somehow accepted that the incentives in technology are all aligned toward cost, capability, performance, speed to market, and not safety,” she said.

    Companies are automatically blamed when they’ve been breached or didn’t patch a vulnerability that resulted in an attack, but that sole blame misses the broader challenge and questions everyone should be asking of technology vendors, according to Easterly.

    “Why did that software have so many vulnerabilities in it that it has to be constantly patched every week? Why did that software have a vulnerability that caused such a damaging breach?” she said.

    Organizations are relying on technology that short shrifts security.

    “We can’t just let technology off the hook,” Easterly said.

    Good point, Ms. Easterly

    From the cyber vulnerabilities front,

    Cybersecurity Dive informs us

    • “For the second consecutive year, disputes over cybersecurity and data represent the greatest global risk to organizations, according to a report from Baker McKenzie
    • “The majority, 3 in 5, of senior legal and risk officers name cybersecurity and data as presenting the greatest risk to organizations, according to the firm’s 2023 Global Disputes Survey, which is based on responses from 600 legal and risk officers at organizations in the U.S., U.K., Singapore and Brazil with annual revenue of at least $500 million. 
    • “Cybersecurity concerns are becoming more frequent and they represent a range of challenges for companies, including the risk of financial, operational and reputational damage, according to the survey.”

    Cybersecurity Dive also points out

    The Cybersecurity and Infrastructure Security Agency added a Microsoft Exchange Server flaw linked to the Play ransomware attack on Rackspaceto its catalog of known exploited vulnerabilities Tuesday [January 10]. 

    The escalation of privilege vulnerability, listed as CVE-2022-41080, was linked to the Dec. 2 ransomware attack that disrupted email access for thousands of Hosted Exchange customers at Rackspace. 

    CrowdStrike disclosed an attack method using CVE-2022-41080 and CVE-2022-41082 that achieves remote code execution via Outlook Web Access.  * * *

    CISA also added CVE-2023-21674, which is a Microsoft Windows advanced local procedure call (ALPC) to its catalog. The escalation of privilege vulnerability happens when Windows improperly handles calls to ALPC, allowing an attacker to escalate privileges from sandboxed execution inside Chromium to kernel execution, according to researchers at Automox. 

    Here’s a link to the CISA catalog for your ease of reference.

    FYI, the Wall Street Journal reports, that “Biden administration officials and cybersecurity experts said the Federal Aviation Administration’s system outage on Wednesday didn’t appear the result of a cyberattack.”

    From the ransomware front,

    Security Weeks relates, “Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices.”

    The Health Sector Cybersecurity Coordination Center issued an analysis of “Royal & BlackCat Ransomware: The Threat to the Health Sector.”

    Bleeping Computer’s The Week in Ransomware tells us

    New research on ransomware was also disclosed, or discovered, with various reports listed below:

    CISA now requires federal agencies to patch the OWASSRF flaw by the end of January due to its active exploitation by both the Cuba and Play ransomware operations.

    From the cyber defense front,

    • The Wall Street Journal reports, “Cloud-infrastructure company Cloudflare Inc. announced Wednesday new email security capabilities aimed at helping businesses defend against phishing, malware and other cyberattacks commonly targeting corporate email accounts.”
    • Health IT Security informs us, “More than 20 healthcare leaders have come together to form the Health 3rd Party Trust (Health3PT) Initiative and Council, aimed at introducing new standards, automated workflows, and assurance models to the third-party risk management (TRPM) conversation.”
    • Following up on Ms. Easterly’s comments on cyber safety, Federal News Network notes that “CISA and the Department of Homeland Security’s Science and Technology Directorate, for instance, are sketching out projects to dig into the use of open source software in critical infrastructure sectors, Allan Friedman, CISA senior advisor and strategist, said at a Jan. 10 event at the Center for Strategic and International Studies sponsored by GitHub.”

    Happy King Day Weekend

    David ErmerCDC, COVID-19, U.S. Healthcare
    Photo by Sincerely Media on Unsplash

    Because there is no CDC interpretative summary of Covid stats on a holiday weekend, here is a link to the CDC’s Covid data tracker, which updates on Thursday. The FEHBlog sees more of the same which would be expected when a disease reaches the endemic phase.

    In other Omicron news

    • MedPage Today reports, “An early signal of stroke risk was detected in older adults who received Pfizer-BioNTech’s bivalent COVID-19 vaccine, the FDA and CDC announced in a joint statement late on Friday, yet the agencies found no link in further analyses and are not recommending a change in COVID-19 vaccination practice.” Agency experts will discuss this data “an already-scheduled January 26 meeting of FDA’s Vaccines and Related Biological Products Advisory Committee.”
    • Because the FEHBlog is in that Pfizer cohort, he will keep an eye on this meeting. Attending the meeting is Dr. Paul Offit who explains in Medscape his expert opinion that the bivalent booster’s administration should be limited to older and immunocompromised people. It’s an interesting read for a concerned layperson.
    • WebMD tells us, “The evidence is piling up that physical activity can lower the risk of getting very sick from COVID. The CDC, based on a systematic review of the evidence, has reported that “physical activity is associated with a decrease in COVID-19 hospitalizations and deaths, while inactivity increases that risk.” Other research has linked regular physical activity with a lower risk of infection, hospitalization, and death from COVID. The latest such study from Kaiser Permanente suggests that exercise in almost any amount [e.g., a 10-minute weekly walk] can cut the risk of severe or fatal COVID even among high-risk patients like those with hypertension or cardiovascular disease.

    Here’s the CDC’s Fluview ,which is updated for today. “Seasonal influenza activity continues but is declining in most areas.” Good news.

    In OPM News

    • The Chair and Ranking Member of the Senate Committee that oversees OPM who requested this week’s report GAO report on family member eligibility are not happy with its conclusions.
    • Federal News Network reports on OPM’s long-term efforts to advance diversity, equity, inclusion and accessibility for the federal workforce.

    In other agency news

    • Politico discusses efforts to help the CDC reform itself.
    • STAT News reports, “The Democrats leading the Federal Trade Commission are hoping to expand the agency’s authority to crack down on unfair business practices — and the shift could have major implications for its ongoing scrutiny of pharmacy benefit managers.”
    • HR Dive notes that the EEOC’s “draft Strategic Enforcement Plan (SEP) for 2023-2027 appeared in the Federal Register and stakeholders may comment through Feb. 9.”
    • Govexec reports, “The federal government is expecting to run up against its borrowing limit as soon as June, Treasury Department Secretary Janet Yellen told Congress on Friday, kicking off a legislative fight that could result in significant disruptions to government operations and the U.S. economy.”

    In U.S. healthcare business news, Healthcare Dive informs us

    Healthcare giant UnitedHealth Group beat analyst expectations for the fourth quarter of 2022 with revenue of $82.8 billion, up more than 12% year over year, according to results released premarket Friday.

    Industry experts have expressed concern about potential recessionary pressures and upset care utilization patterns headed into 2023. But UnitedHealth’s earnings, which are considered a bellwether for the health insurance sector’s performance, may prove to be a positive sign for payers.