Cybersecurity Saturday

David Ermer

I am an attorney who practices law in Washington DC. My practice has involved the Federal Employees Health Benefits Program since 1983.

Cybersecurity Saturday

David ErmerCybersecurity

From the cyber policy front —

Cybersecurity Dive reports

Cybersecurity and Infrastructure Security Agency Director Jen Easterly praised the efforts of the Joint Cyber Defense Collaborative (JCDC) following its one-year anniversary, saying in a blog post the public-private partnership has helped limit cyber risk at scale. 

JCDC helped federal agencies and private sector partners mitigate some major cybersecurity threats, Easterly said, including the Log4Shell crisis from December 2021; the development of the Shields Up campaign related to the Russia invasion of Ukraine; and the Daxin malware discovery from February. 

JCDC recently expanded to include industrial control partners. The change comes at a time when sophisticated malware threatens major critical infrastructure targets in the U.S. JCDC is also working to protect the nation’s election infrastructure from nation-state threats ahead of the November midterm elections.

and

U.S. executives now consider cyberattacks the No. 1 risk companies are confronting, according to a PwC Pulse survey released Thursday. The study shows 40% of top business executives consider cyberattack risk their top concern, followed by talent acquisition at 38%. 

Cybersecurity concerns have moved well beyond the office of the CISO or cyber risk officer, as the entire C-suite and corporate boards are focused on the risks of cyberattack. 

Almost half of all corporate executives said they are making additional investments in cybersecurity, while slightly more than half of executives said they are increasing investments in digital transformation.

Health IT Security adds

US Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI), both co-chairs of the Cyberspace Solarium Commission (CSC), wrote a letter to HHS Secretary Xavier Becerra asking about the current status of HHS’ healthcare cybersecurity efforts.

King and Gallagher, who also authored the Sector Risk Management Agency (SRMA) legislation, urged HHS and the Biden administration to bolster cybersecurity efforts and called on HHS to hold an urgent briefing on the administration’s current cybersecurity posture and plans for improvement.

From the cyber vulnerabilities front —

The Wall Street Journal reports

All companies should be using two-factor authentication at least to secure their systems, but relying on text messages alone is foolish, cybersecurity experts say.

The process, known as 2FA, adds another level of protection to systems by requiring users to verify their identity through more than just a password. Often, this takes the form of a verification code sent by text message—or SMS—or voice calls, but experts warn that these systems are becoming increasingly out of date.

“SMS was never designed to be a 2FA method,” said Jamie Boote, associate principal consultant at cybersecurity company Synopsys Software Integrity Group. “Originally, it was a maintenance communication channel between cell towers and phones. It only became a consumer-centric communications channel after users discovered they could send text messages to one another.”

The widespread use of SMS as a security mechanism has also increased hackers’ focus on compromising the technology, Mr. Boote said. Hackers also use SMS as an avenue to launch other attacks, he said. Common methods include phishing attacks by text message, known as smishing, and SIM-swapping, in which a cellphone is cloned, meaning attackers can read messages sent to a device. * * *

Mobile security specialists say the best forms of protection for 2FA are security tokens such as those developed by the Fast Identity Online Alliance, or FIDO, a consortium including Apple Inc., MicrosoftCorp. and Alphabet Inc.’s Google that is creating open security standards. The general lack of security in mobile phones means they are often easy targets for hackers without the added protection that more advanced security technologies such as those developed by FIDO provide, said Hank Schless, senior manager of security solutions at cyber company Lookout Inc.

ZDNet adds

Using [Multi factor authorization] MFA protects against the vast majority of attempted account takeovers, but recently there’s been a surge in cyber attacks which aim to dodge past multi-factor authentication security. According to Microsoft, in just one campaign 10,000 organizations have been targeted in this way during the last year

One option to for hackers who want to get around MFA is to use so-called adversary-in-the-middle (AiTM) attack which combined a phishing attack with a proxy server between the victim and the website they’re trying to login to. This allows the attackers to steal the password and session cookie which provides the additional level of authentication they can exploit – in this case to steal email. The user simply thinks they have logged into their account as usual.

“Note that this is not a vulnerability in MFA; since AiTM phishing steals the session cookie, the attacker gets authenticated to a session on the user’s behalf, regardless of the sign-in method the latter uses,” as Microsoft notes of that particular campaign. * * *

While it isn’t totally infallible, using multi-factor authentication is still a must as it stops a significant amount of attempted account takeover attempts. But as cybercriminals get smarter they’re increasingly going to go after it – and that requires extra levels of defense, particularly from those responsible for securing networks. 

“It’s good it’s recommended because you won’t be the lower hanging fruit. But you definitely need to augment it with additional layers of security because, just like any other siloed security solution, it can be circumvented and you can’t think everything is secure, just because of one security layer,” says Etay Maor, senior director of security strategy at Cato Networks.  

and

There’s been a big rise in cybercriminals combining fraudulent emails and telephone calls to trick victims into disclosing sensitive information like passwords and bank details.

Known as vishing attacks, criminals and scammers telephone victims and attempt to use social engineering to trick them into giving up personal data.  

Researchers warn that vishing and other email-based phishing attacks will continue to be a problem – but there are steps with organisations can take to help prevent attacks. 

“Capabilities to automatically detect and remove threats from all infected employee inboxes before users can interact with them also plays a critical role, as well as a proper security training regimen, to prepare users to be on the lookout for such threats,” said John Wilson, the senior fellow responsible for threat research at Agari. 

The Health Sector Cybersecurity Coordination Center (HC3) issued an analysts note on vishing this week.

This week

  • CISA “and the Multi-State Information Sharing & Analysis Center (MS-ISAC) published a joint Cybersecurity Advisory (CSA) in response to active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform.
  • CISA also added seven known exploited vulnerabilities to its catalog.
  • HC3 issued a Sector Alert on Apple fixes to two Zero Day Exploits.
  • HC3 also released its vulnerability bulletin concerning “July Vulnerabilities of Interest to the Health Sector.”

HC3 posted a PowerPoint presentation on the impact of social engineering on healthcare.

From the ransomware front, here is a link to the latest Bleeping Computer’s Week in Ransomware.

From the Cyber defenses front —

Cybersecurity Dive reports

A fundamental shift in information security practices is underway, as 55% of organizations now have a zero trust initiative in place, more than double the 24% totals from a year ago, according to the State of Zero Trust report from Okta released Tuesday. 

The report shows almost universal adoption of zero-trust principles, as 97% of businesses either have a zero trust initiative in place or will adopt one in the next 12-18 months. 

“Today we’ve seen that zero trust is no longer a theoretical idea — it’s an active initiative that almost every organization across [every] industry is implementing,” Christopher Niggel, regional chief security officer for the Americas at Okta, said via email.

Security Week offers expert opinions on prevention being the future of cybersecurity and the future of endpoint management.

Friday Stats and More

David ErmerCOVID-19, No Surprises Act

Based on the Centers for Disease Control’s (“CDC”) Covid Data Tracker and using Thursday as the first day of the week, here is the FEHBlog’s latest weekly chart of new Covid cases for 2022.

Omicron reigned from before Week 1 through Week 15. Its siblings began to take over in week 15 and still reign.

The CDC’s weekly review of its Covid statistics adds

As of August 17, 2022, the current 7-day moving average of daily new cases (95,652) decreased 9.9% compared with the previous 7-day moving average (106,116).

CDC Nowcast projections* for the week ending August 20, 2022, estimate that the combined national proportion of lineages designated as Omicron will continue to be 100% with the predominant Omicron lineage being BA.5, projected at 88.9% (95% PI 87.6-90.1%).

Here’s the CDC’s latest daily trends chart of new Covid admissions

The CDC’s weekly review adds, “The current 7-day daily average for August 10–16, 2022, was 5,690. This is a 6.1% decrease from the prior 7-day average (6,059) from August 3–9, 2022.”

Here is the FEHBlog’s weekly chart of new Covid deaths, which like new Covid cases, has plateaued for months but is trending down somewhat.

The CDC’s weekly review adds, “The current 7-day moving average of new deaths (394) has decreased 10.7% compared with the previous 7-day moving average (442).”

Here is the FEHBlog’s weekly chart of Covid vaccinations distributed and administered over the Covid vaccination era, which began in the 51st week of 2022.

The CDC’s weekly review adds,

As of August 17, 2022, 607.6 million vaccine doses have been administered in the United States. Overall, about 262.3 million people, or 79.0% of the total U.S. population, have received at least one dose of vaccine. About 223.7 million people, or 67.4% of the total U.S. population, have been fully vaccinated.

The CDC’s weekly chart includes this charts on the administration of the first and second boosters:

Medpage Today offers Physicians Address Parents’ Concerns on COVID Vaccines in Young Kids, and the New York Times provides expert medical opinions on whether to delay the fourth dose of vaccine for the bivalent vaccine in the fall.

To sum up, the CDC’s weekly review leads off with a discussion of how to stay safe from Covid in school and reminds us the check the Communities tracker, which honestly has not turned out to be that informative in the aggregate:

To check your COVID-19 Community Level, visit COVID Data Tracker. To learn which prevention measures are recommended based on your COVID-19 Community Level, visit COVID-19 Community Level and COVID-19 Prevention.

Friday’s big, late-breaking news is the Affordable Care Act’s regulators’ release of the final No Surprises Act Independent Dispute Resolution rule following provider and court objections to the interim final rule with comments.

The departments continue to work to implement and put into effect the Jan. 1, 2022, consumer protection law to help curb surprise billing for medical care. Today’s final rules will make certain medical claims payment processes more transparent for providers and clarify the process for providers and health insurance companies to resolve their disputes. * * *

In addition to issuing the final rules, the departments are issuing [28 pages of Frequently Asked Questions Part 55 with guidance on implementing the requirements of the No Surprises Act, including those related to surprise billing protections, open negotiation and the federal IDR process.

Also available:

Thursday Miscellany

David ErmerCDC, Congress, COVID-19, NIH, No Surprises Act, Telehealth, U.S. Healthcare
Photo by Josh Mills on Unsplash

From Capitol Hill, Federal News Network identifies five federal workforce items on Congress’s to-do list.

From the omicron and siblings front, the Wall Street Journal reports

The Biden administration is planning for an end to its practice of paying for Covid-19 shots and treatments, shifting more control of pricing and coverage to the healthcare industry in ways that could generate sales for companies—and costs for consumers—for years to come. * * *

Shifting payments for Covid-19 drugs and vaccines to the commercial market is expected to take months, an HHS spokesman said.  * * *

Switching vaccine purchasing to the commercial market would mean that each insurer and pharmacy benefit manager would be negotiating with drug manufacturers and prices would likely be higher than what the federal government has paid, said Larry Levitt, executive vice president for health policy at the Kaiser Family Foundation. Insurers would have to start paying for the vaccines, he said, likely raising premiums.

MedPage Today informs us

More than 2 years after patients started reporting long-lasting symptoms after acute SARS-CoV-2 infection, the U.S. announced its national long COVID plan.

The National Research Action Plan on Long COVID aims to improve prevention, diagnosis, and treatment for long COVID, which currently affects up to 23 million people in the U.S., about 1 million of whom may be out of the workforce at any given time because of the condition, according to Admiral Rachel Levine, MD, HHS assistant secretary for health. * * *

Long COVID advocates expressed mixed opinions. Hannah Davis, co-founder of the Patient-Led Research Collaborative, noted the fact that “there’s going to be an [Office of Long COVID Research and Practice] is pretty amazing.”

But Davis voiced concerns about the scarcity of prevention efforts addressed by the plan. “I think there’s still a feeling like we can get through this without minimizing cases, but we really need to be focused on prevention as well,” she said.

Diana Berrent, founder of Survivor Corps, told MedPage Today that the administration “nailed the institutional challenge of long COVID” but also thought the plan was insufficient.

“Millions of Americans, young and old, are suffering the aftermath of COVID and need immediate relief from their pain,” Berrent said. “An established office in HHS is a welcome step but nothing short of actual treatments and therapeutics will do the trick.”

From the monkeypox front, Becker’s Hospital Review provides a state-by-state breakdown of monkeypox cases, and MedPage Today reports

The Biden administration is making an additional 1.8 million doses of the Jynneos monkeypox vaccine available beginning Monday, and will be targeting certain large events — such as gay pride marches that attract many LGBTQIA participants — as sites for monkeypox vaccination and outreach, administration officials said Thursday.

From the healthcare costs front, Healthcare Dive reports

U.S. employers will pay 6.5% more on average for employee healthcare coverage in 2023 compared to this year, according to an Aon report out Thursday.

The latest predicted rise, while a jump from the 3.7% growth in employer costs between 2021 and 2022, is still far below the 9.1% Consumer Price Index, a figure reflecting inflation. 

Inflation typically hits healthcare costs later than other goods and services due to the multi-year nature of contracts between providers and insurers, but impacts will become more prevalent over the year, according to the report.

Speaking of higher costs, Fierce Healthcare discusses Moody’s report on how an economic downturn would impact health plans.

From the post-Dobbs front, the FEHBlog ran across this Congressional Research Service FAQs on Federal Resources for Reproductive Health.

From the No Surprises Act front, the American Hospital Association informs us “The Centers for Medicare & Medicaid Services has launched a new webpage with resources and guidance related to the dispute resolution process under the No Surprises Act, including guidance for disputing parties and a walkthrough of the federal portal. CMS also has added functionality to the portal for initiating disputes, including a button to upload supporting documents at initiation.”

From the miscellany department —

  • Fierce Healthcare discusses J.D. Powers’ annual study of Medicare Advantage plans. “[T]he analysts found members’ general satisfaction is up from 2021 and is higher than satisfaction reported by people in employer-sponsored plans. However, while members said they’re happy with access to preventive and routine care, coverage of mental health and substance abuse treatment is lacking.”
  • STAT News calls our attention to “a new Pew-funded report, by researchers at George Washington University, the federal government can expand methadone access without approval from Congress.” According to the article, “When it comes to fighting opioid addiction, there’s no tool more effective than methadone. Doctors have been prescribing the drug since the 1960s, and patients who use it are far less likely to experience an overdose.”

Midweek update

David ErmerCDC, Government Contracting, Rx coverage, U.S. Healthcare

From inside the Beltway, Roll Call tells us

Centers for Disease Control and Prevention Director Rochelle Walensky is looking to reorganize the agency in the wake of an external review of the CDC’s COVID-19 response. * * *

“For 75 years, CDC and public health have been preparing for COVID-19,” Walensky said, “and in our big moment, our performance did not reliably meet expectations.” 

The plan aims to achieve a “more cohesive and customer centric structure,” by implementing new programs and procedures to work more quickly and ensure more accountability. Walensky plans to establish an executive council to oversee the CDC’s progress on specific goals, consolidate various points of access for external stakeholders and establish a new equity office.

STAT News adds

Outside experts expressed enthusiasm — though some of it tempered — for the changes Walensky is proposing.

Jay Varma, who spent 20 years at CDC before becoming director of the Cornell Center for Pandemic Prevention and Response at Weill Cornell Medicine, applauded many of the points Walensky stressed, particularly her promise to reform the culture of the agency and build up the capacity of its staff to respond to emergencies. Over the past two decades or so, Varma told STAT, public health agencies like the CDC have become increasingly bureaucratic.

“If your culture is not aligned entirely with what your mission is, it doesn’t matter how good the strategy is. It doesn’t matter what your org charts are. It is all about the workforce culture,” he said.

But Varma warned effecting change in the agency’s culture will be challenging.

Speaking of change, Fierce Healthcare informs us

A dramatic pickup in the pace of change for payers in the last year has created new priorities for health plan leaders, a new survey has found. 

The survey, conducted by payment integrity solution HealthEdge, reached more than 300 health plan leaders. Common themes, per a report of the survey results, included the move to newer systems amid a digital transformation, rising demand for real-time data access and the promise of interoperability. 

Some of the biggest threats facing health plans are new regulations, growing consumer expectations, competition and the transition to value-based payment strategies. The top two challenges are managing costs and driving operational efficiencies, which were lower on the list of priorities just last year. Tied in third place are member satisfaction and alignment of IT and business needs. 

There are several drivers of these hurdles. Post-pandemic, there are notably more claims. Long delays in care have also led to rising costs, and outdated systems have required significant investment to keep up with demand. Having a solid digital baseline can help payers eliminate manual, repetitive processes, the report suggested. Payers also believe increasing interoperability and improving claims accuracy helps alleviate administrative costs. 

From the Rx coverage front, BioPharma Dive reports

The Food and Drug Administration on Wednesday approved a powerful new treatment for people with an inherited blood condition called beta thalassemia, clearing a personalized gene therapy developed by the biotechnology company Bluebird bio. * * *

Its approval is a milestone in a number of other respects, too. Beta thalassemia, a disease that in severe cases requires regular blood transfusions for life, has for years been marked as a target for gene therapy. Bluebird’s treatment, which will be sold as Zynteglo, is the first of several in development to reach market in the U.S., giving patients an option that could free them from those transfusions and their associated side effects.

STAT News adds

Bluebird has set the price of Zynteglo at $2.8 million per patient, making it one of the most expensive medicines ever sold in the U.S. And that price tag doesn’t include the cost of the lengthy hospitalization for patients getting the therapy.

A person with beta thalassemia incurs total health care costs that average $6.5 million over their lifetime, or 23 times higher than the general population, said Obenshain, making the case for Zynteglo’s cost effectiveness. Earlier this year, the Institute for Clinical and Economic Review, an independent drug-pricing analysis group, said Zynteglo would be cost effective up to a price of $3 million.

Bluebird will be asking insurers to pay for Zynteglo entirely up front, but the company will also return up to 80% of the cost if patients need to restart blood transfusions before two years.

“All the commercial insurers we’ve engaged with have expressed a really strong interest in this,” said [Bluebird CEO Andrew] Obenshain, of Bluebird’s outcome-based payment proposal.

From the research and studies front —

  • “Infectious disease expert Dave Wessner reports for Forbes from the 24th International AIDS Conference, where researchers shared ways that Covid vaccine development might help the development of a vaccine for AIDS.”
  • The National Institutes of Health announced “Scientists funded by the National Institutes of Health have developed a same-day test to identify abnormal fetal chromosomes. The Short-read Transpore Rapid Karyotyping (STORK) test can detect extra or missing chromosomes (i.e., aneuploidy) using samples collected from prenatal tests, such as amniocentesis and chorionic villus sampling, as well as tissue obtained from miscarriage and biopsies from pre-implantation embryos produced using in vitro fertilization (IVF). * * * Overall, the study shows that STORK is comparable to standard clinical tests and has many advantages. STORK is faster, providing results within hours versus several days. It is also cheaper, with the study team estimating STORK to cost less than $50 per sample, if 10 samples are run at the same time, or up to $200 if a sample is run on its own. STORK can also be done at the point-of-care for a patient, eliminating the need to ship a sample to a clinical laboratory.  According to the study authors, STORK may be particularly useful in identifying genetic causes of miscarriage. Currently, professional societies only recommend genetic testing if a person has had multiple miscarriages, but an easy, cost-effective test like STORK can potentially be offered after the first miscarriage. STORK can also be used to streamline the IVF process. Currently, embryos must be frozen while genetic tests are run and analyzed before implantation. STORK’s ability to provide results within hours can presumably eliminate this freezing step, which saves time and cost. More work is needed to validate STORK, but if results continue to show promise, STORK could improve the quality of reproductive healthcare.”
  • The National Cancer Institute announced “For people with advanced cancer, severe side effects from treatment often force them to the hospital or the emergency room. Although these time-consuming and, quite often, expensive hospital trips potentially could be prevented by better communication about symptoms between patients and their doctors, the reality is that such discussions don’t typically happen as frequently as they should.   Now, a new study shows that community health workers (CHWs) may help bridge this communication gap in cancer care. In the study, having a CHW directly consult with people newly diagnosed with advanced cancer or cancer recurrence, including assessing their symptoms and helping them with advance care planning, substantially decreased hospitalizations and emergency room visits.”
  • Fierce Healthcare reports “Musculoskeletal conditions are a massive source of health spending—accounting for $420 billion in 2018—and a new report from [Cigna’s] Evernorth aims to pinpoint where health plans could cut down on costs.”
  • Health IT Analytics tells us “New research published in JAMA Internal Medicine shows that an artificial intelligence (AI)-based cognitive behavioral therapy intervention for chronic pain (AI-CBT-CP) had similar outcomes to standard CBT-CP, which could result in increased access and reduced costs.”

From the government contract front, Federal News Network reports that

As the travel industry — and prices — recover from COVID-19, the General Services Administration is giving federal employees a little more leeway on hotel costs for official travel.

The base daily traveling allowances will rise slightly from $155 per day in 2021 to $157 per day in 2022. Per diem lodging rates will account for that rise, increasing from $96 per night to $98. Meals and incidental expenses will not change from their current range of $59-$79 per day.

For feds who already have an idea of their travel plans for fiscal 2023, GSA included a new calculator tool that will allow them to search by city, state, zip code or a map to determine the exact amount of their per diem.

Experience-rated FEHB plan carriers must subject employee lodging and miscellaneous expenses to the GSA’s per diem caps when seeking government contract reimburses for those expenses.

Tuesday Tidbits

David ErmerCDC, Congress, COVID-19, U.S. Healthcare
Photo by Patrick Fore on Unsplash

The FEHBlog is back inside the Capital Beltway this week so let’s kick it off with a link to the President’s remarks at his signing of the budget reconciliation act (H.R. 5376) into law.

Because the new law’s drug pricing changes will impact the FEHB Program most, here is a link to STAT New’s article unpacking those provisions.

From the omicron and siblings front, Federal News Network reports that the Safer Federal Workforce Task Force is following the CDC’s lead by easing restrictions to stop the Covid spread.

From the monkeypox front, check out Fierce Healthcare’s monkeypox news tracker.

MedPage Today offers a fascinating article in which a Johns Hopkins epidemiologist assesses the current case of polio paralysis in New York through a historical lens.

Polio is a fecal-oral pathogen and the Sabin vaccine, as an oral vaccine, more naturally mimicked the natural route of infection and therefore triggers different and more potent immune responses than the injectable Salk vaccine. Also, because it is a “live” vaccine, the vaccine virus is shed and can passively immunize close contacts of vaccinated individuals. For these reasons, the Sabin vaccine eventually came to be a more dominant and preferred vaccine than the [original, injected] Salk version.

However, as polio receded as a public health threat, rare complications elicited by the Sabin vaccine became intolerable in many Western countries. The “live” nature of Sabin’s vaccine, in rare instances, could lead to vaccine-associated paralytic polio. In even rarer circumstances, the virus could mutate or recombine with other viruses to become a circulating vaccine-derived poliovirus (cVDPV) that could be capable of infecting others, and in some cases, causing paralysis. This is why 2 decades ago — with polio no longer an issue domestically — the U.S. switched to an all-Salk injectable polio vaccine regimen for children, away from a combination that used the Sabin oral polio vaccine (OPV) and the injectable polio vaccine. But many countries, especially those in which wild polio still circulates, still use OPV. * * *

In response, [U.S.] healthcare professionals and policymakers need to encourage widespread immunization in areas in which cVDPVs have been found. It is not surprising that this problem has been detected in the same locales in which a very large measles outbreak recently occurred. I suspect other areas likely have cVDPVs circulating as well, and broader wastewater surveillance coupled with targeted catch up immunization will be critical. I can’t stress this point enough: high vaccination rates are required for resiliency. 

In related virus news, the Centers for Disease Control released a report titled “Hepatitis C Treatment Among Insured Adults — the United States, 2019–2020.”

What is already known about this topic?

Direct-acting antiviral (DAA) treatment is recommended for nearly all persons with hepatitis C and cures ≥95% of cases. Treatment saves lives, prevents transmission, and is cost saving.

What is added by this report?

Treatment rates are low overall and vary by age and insurance payor. DAA treatment is lowest among young adults aged 18–29 years and Medicaid recipients, and within Medicaid, among persons reporting Black or other race and persons in states with treatment restrictions.

What are the implications for public health practice?

Timely initiation of DAA treatment, regardless of insurance type, is critical to reducing viral hepatitis–related mortality, disparities, and transmission.

Also of note,

Across insurance types, ≥75% of persons treated initiated treatment within 180 days after diagnosis. The smaller percentage of persons treated within 180 days after diagnosis might indicate lack of access to a hepatitis C treatment provider, insurance denial, or loss to follow-up. Treatment coverage can be increased by providing integrated care, patient navigation, and care coordination (15). The introduction of simplified hepatitis C treatment algorithms reducing the number of laboratory tests and in-person visits can facilitate patient-centered treatment (20).

From the U.S. Healthcare business front

  • The Food and Drug Administration issued “a final rule to improve access to hearing aids which may, in turn, lower costs for millions of Americans. This action establishes a new category of over-the-counter (OTC) hearing aids, enabling consumers with perceived mild to moderate hearing impairment to purchase hearing aids directly from stores or online retailers without needing a medical exam, prescription or a fitting adjustment by an audiologist.” The rule will take effect in 60 days / mid-October.
  • STAT News reports Merck has cut a deal to enter the mRNA market.

On Tuesday, the company announced a deal to develop mRNA-based vaccines and therapies with Orna Therapeutics, a Cambridge-based startup that launchedduring the pandemic with a slightly different take on mRNA technology. Merck will pay Orna a $150 million upfront fee, invest $100 million in a new funding round for the company, and offer $3.5 billion in longer-term milestones.

  • The American Hospital Association tells us.

Hospital patients are sicker and more medically complex than they were before the COVID-19 pandemic, driving up hospital costs for labor, drugs and supplies, according to a new AHA report.

“Combined with rapidly rising economy-wide inflation and reimbursement shortfalls, these mounting costs are threatening the financial stability of hospitals around the country,” the report notes.

Hospital patient acuity as measured by average length of stay (ALOS) rose almost 10% between 2019 and 2021, including a 6% increase for non-COVID-19 Medicare patients as the pandemic contributed to delayed and avoided care, the report notes. For example, ALOS rose 89% for patients with rheumatoid arthritis and 65% for patients with neuroblastoma and adrenal cancer. In 2022, patient acuity as reflected in the case mix index rose 11.1% for mastectomy patients, 15% for appendectomy patients and 7% for hysterectomy patients.

These increases have occurred at a time of significant financial challenges for hospitals and health systems, which have still not received support to address the delta and omicron surges that have comprised the majority of all COVID-19 admissions. As a result, AHA is asking Congress to halt its Medicare payment cuts to hospitals and other providers; extend or make permanent certain waivers that improve efficiency and access to care; extend expiring health insurance subsidies for millions of patients; and hold commercial insurers accountable for improper and burdensome business practices.

Monday Roundup

David ErmerCDC, Congress, COVID-19, Mental health care, Rx coverage, U.S. Healthcare
Photo by Sven Read on Unsplash

From the federal policy front, Fierce Health tells us about four healthcare policy changes beyond government negotiation of a subset of Medicare-covered drugs and extension of ACA subsidies found in the budget reconciliation bill that Congress approved last week. The President is scheduled to sign the bill into law tomorrow.

Here are four other health policy changes to look for in the bill:

  • First, expands eligibility for the full amount of low-income Part D subsidies from 135% of the federal poverty line to 150% of the FPL.
  • Gets rid of the cost-sharing for adult vaccines for Medicare Part D. The FEHBlog has personal experience with this one. In 2020 he received the new Shingrix vaccine under Medicare Part D. The vaccine was eligible for no cost sharing when administered in-network under the Affordable Care Act. However, under Part D, the FEHBlog was charged $200 for each of the two doses. This big bowl of wrong will be remedied in 2023.
  • Delays the controversial Part D rebate rule, again. “The Trump-era rule would eliminate the safe harbor for Part D rebates, leaving them open to prosecution under federal anti-kickback laws. The rule passed at the tail end of Trump’s term but has never gone into effect. The law would delay the rule from going into effect again into 2032.”
  • Limits the premium growth on Medicare Part D to no more than six percent a year from 2024 through 2029. “The cap on premium growth is intended to mitigate the impact of other changes to Part D, said Ryan Urgo, managing director of the policy practice at consulting firm Avalere Health. The legislation includes a $2,000 out-of-pocket cost cap on Part D drugs, spread out in installments for the beneficiary over a calendar year. Part D plans will also have to pick up more of the costs for spending in the catastrophic coverage phase, which a beneficiary reaches when their drug costs reach a certain level.”

From the Omicron and siblings front, BioPharma Dive informs us

British drug regulators on Monday approved a two-pronged vaccine from Moderna that’s designed to fight both the original version of the coronavirus and the omicron variant.

The decision makes the U.K. the first country to clear a COVID-19 booster that’s been specifically tailored to a newer form of the virus. While the original shots, like Moderna’s Spikevax, remain strongly effective at preventing hospitalization and death, they’ve had a harder time warding off infections from omicron and its subvariants. * * *

Speaking to a [U.S.] advisory committee in June, executives from Moderna and Pfizer said dual-acting boosters with a BA.4 or BA.5 could be available in large volumes in October and November, although they would first need to undergo regulatory review before they could be administered.

Separately, Novavax on Monday asked the FDA to authorize its COVID-19 vaccine as a booster shot in people 18 and older. The shot is only available as a primary series to those who haven’t yet been vaccinated.

The Centers for Disease Control released updated guidance on what to do if exposed to Covid.

The Wall Street Journal reports on assessing Covid-19 risks after easing CDC guidelines, which began last week. The headline notes, “More decision-making is shifting to individuals, and here is what doctors recommend.”

From the monkeypox front, the Journal discusses “What to Know About Symptoms, Vaccines and How It Spreads,” and Beckers Hospital Review offers five monkeypox updates, including a complete explanation of how the World Health Organization is going about changing the disease’s name.

From the mental healthcare front, about ten years ago, the FEHB Program under OPM’s leadership was the first large employer-sponsored program to cover a form of autism therapy called “applied behavior analysis” (ABA). A STAT News investigation discloses

ABA has long been viewed as the gold standard for kids with autism, so much so that every state mandates insurance coverage. For some families, it is the only option that insurance will cover at all. 

But like other pockets of the health care industry, this one has been transformed over the past decade by a flood of investments from private equity firms, drawn by the promise of insurance reimbursement and the rising rate of autism in children across the U.S., now estimated at 1 in 44 kids

Families and clinicians who once believed fully in the promise of ABA say the financial investors’ fixation on profit has degraded the quality of services kids receive, turning it into the equivalent of fast food therapy. They’ve grown disillusioned with the industry, they told STAT.

The HHS Inspector General is auditing Medicaid claims for ABA. The final audit report is expected later this year.

From the Rx coverage front, the Drug Channel blog discloses

Here’s a summer surprise for fans of the 340B Drug Pricing ProgramDrug Channels has just obtained the 2021 figures from the Health Resources and Services Administration (HRSA)! Even better, my Freedom of Information Act (FOIA) request was able to pry out detailed purchases by covered entity type. 

The data tell a familiar story. For 2021, discounted purchases under the 340B program reached a record $43.9 billion—an astonishing $5.9 billion (+15.6%) higher than its 2020 counterpart. Hospitals accounted for 87% of these skyrocketing 340B purchases.

What’s more, the difference between list prices and discounted 340B purchases also grew, to $49.7 billion (+$7.0 billion). This figure approximates the money collected by 340B covered entities.

340B advocates have been screaming that “drug companies are cutting 340B,” but the data tell a very different story. Only in the U.S. healthcare system can billions more in payments and spreads be considered a cut. 

From the U.S. healthcare business front, Beckers Payer Issues provides an interview with “Kyu Rhee, MD, a senior vice president at CVS Health and chief medical officer at Aetna. He sat down with Becker’s to discuss ongoing trends across the healthcare industry and how he is working to create a “values-based” care system through opportunities offered by a global pandemic.”

Weekend update

David ErmerCongress, COVID-19, Mental health care, U.S. Healthcare
Photo by Dane Deaner on Unsplash

Congress is on a State / District work break until after Labor Day.

The Change Healthcare antitrust trial is ongoing. The judge Hon. Carl J. Nichols will be deciding the case without a jury. He was heard evidence for ten days already. The case is U.S. v UnitedHealth Group et al., 22-cv-481, U.S. District Court for the District of Columbia.

From the Omicron and siblings front, Bloomberg Prognosis informs us

Scientists fear that the omicron shots coming this fall won’t be all that much better at keeping people from getting Covid than the shots we already have. That’s pushing drugmakers to start working on next-generation vaccines that don’t have to be updated that often, if at all, writes Bloomberg’s Madison Muller, Riley Griffin and Fiona Rutherford. 

“Even with the highly flexible platform of mRNA, which is more flexible than virtually anything we’ve had before, it’s going to be very difficult to keep up with the pace of newly evolving variants,” Anthony Fauci, President Joe Biden’s chief medical adviser told Bloomberg. “Which gets us to the question: What about a pan-coronavirus vaccine?”

Aim high.

From the monkeypox front, the World Health Organization has renamed the disease that is quite bland.

Consensus was reached to now refer to the former Congo Basin (Central African) clade as Clade one (I) and the former West African clade as Clade two (II). Additionally, it was agreed that the Clade II consists of two subclades. 

A clade means “a group of organisms believed to have evolved from a common ancestor, according to the principles of cladistics, e.g., “the great ape and human clade.” How will WHO distinguish between the monkeypox clade and the chickenpox clade? Time will tell.

From the U.S. healthcare business front, Fierce Healthcare tells us

Humana will acquire a Wisconsin managed care plan in a bid to bulk up its Medicaid services, the insurer announced Friday.

Inclusa, Inc. offers long-term care coverage as well as supporting 16,600 older adults and adults with disabilities in Wisconsin’s Family Care program. The managed care organization has worked with local providers and community resources for more than 20 years to connect members with necessary support and services.

Inclusa partners with more than 6,000 service providers across about 40 service categories, as well as contracts with the state to provide family care services in 68 of Wisconsin’s 72 counties, according to the announcement.

The Wall Street Journal offers two expert interviews on mental health issues:

Check them out.

Speaking of eating, Forbes offers the five best diets for people with diabetes in 2022.

NPR reports on initial experience with the 988 lifelines.

The 988 hotline is the nation’s most comprehensive mental health crisis service and can provide crucial help to those in emotional distress. If you’re thinking about suicide but not taking steps to act on it, 988 is unlikely to call law enforcement without your consent. Instead, 988 counselors can provide resources, referrals and a kind ear. However, if you’re at imminent risk and could act on a plan to kill yourself, police may be called, and you could be taken to a hospital involuntarily.

Sonyia Richardson, a licensed clinical social worker who owns a counseling agency that serves mostly Black and brown clients in Charlotte, N.C., said she didn’t immediately tell her clients about 988 when it launched. Even though she’s a member of her state’s 988 planning committee, she said she needed time to develop trust in the service herself. When she learned at a recent committee meeting that fewer than 5% of 988 calls in North Carolina led to a law enforcement response, she felt reassured.


Cybersecurity Saturday

David ErmerCybersecurity

From the cyber policy front, the FEHBlog noticed that OMB’s Office of Information and Regulatory Affairs recently had concluded its work on FAR Case 2017-016, a proposed rule on Controlled Unclassified Information (CUI). Surprisingly, the proposed rule has been withdrawn. The FEHBlog had been tracking this rule because health claims data is considered CUI.

From the cyber vulnerabilities front,

Tech Republic discusses “how credential phishing attacks threaten a host of industries and organizations.”

For the first half of 2022, email attacks against organizations rose by 48%, according to the report. Out of all those attacks, 68% were credential phishing attempts that contained a link designed to steal sensitive account information. Over the same time, 265 different brands were spoofed in phishing emails.

The HHS Health Sector Cybersecurity Coordination Center (HC3) released last week analyst notes on the following topics:

CISA added two new known exploited vulnerabilities to its catalog.

Cybersecurity Dive reports

Researchers from Rapid7 discovered 10 vulnerabilities in Cisco firewall and network security products, however after reporting them to the company in February and March, six of the flaws have not been fully patched. 

The vulnerabilities were found in Cisco Adaptive Security Software (ASA), ASDM and Firepower Services Software for ASA. Cisco has more than 300,000 security customers, and more than 1 million ASA devices are deployed worldwide. 

Most of the vulnerabilities allow attackers to execute arbitrary code, Jake Baines, lead security researcher at Rapid7, said via email. Rapid7 researchers presented the findings this week at Black Hat USA in Las Vegas.

From the ransomware front, CISA announced on August 11 that

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.

CISA encourages organizations to review #StopRansomware: Zeppelin Ransomware for more information. Additionally, see StopRansomware.gov for guidance on ransomware protection, detection, and response. 

ZDNet delves into Zeppelin ransomware at this link.

Zeppelin actors are known to have demanded ransoms of several thousand dollars to in excess of $1 million. The advisory references Core Security’s research, which describes Zeppelin as a “well-organized” threat

Security Week reports

Profit-driven cybercriminals breached Cisco systems in May and stole gigabytes of information, but the networking giant says the incident did not impact its business.

Cisco on Wednesday released a security incident notice and a technical blog post detailing the breach. The intrusion was detected on May 24, but the company shared its side of the story now, shortly after the cybercriminals published a list of files allegedly stolen from its systems.

The level of attacker sophistication disclosed in the technical blog post is eye-opening.

Here is a link to Bleeping Computer’s The Week in Ransomware, which leads with the Cisco hack.

From the cyber defense front

An ISACA expert discusses the state of the cyber insurance market.

While premiums are leveling off, the hardening of the cyber insurance market is ongoing and will impact how policies are underwritten. In the meantime, organizations can benefit from improving their security and control postures with the goal of reducing insurance costs.

The Wall Street Journal reports

A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats.

Amazon. com Inc.’s AWS cloud business, cybersecurity companySplunk Inc. and International Business Machines Corp.’s security unit, among others, launched the Open Cybersecurity Schema Framework, or OCSF, Wednesday at the Black Hat USA cybersecurity conference in Las Vegas.

Products and services that support the OCSF specifications would be able to collate and standardize alerts from different cyber monitoring tools, network loggers and other software, to simplify and speed up the interpretation of that data, said Patrick Coughlin, Splunk’s group vice president of the security market. “Folks expect us to figure this out. They’re saying, ‘We’re tired of complaining about the same challenges.’”

Other companies involved in the initiative are CrowdStrike HoldingsInc., Rapid7 Inc., Palo Alto Networks Inc., Cloudflare Inc., DTEX Systems Inc., IronNet Inc., JupiterOne Inc., Okta Inc., Salesforce Inc.,Securonix Inc., Sumo Logic Inc., Tanium Inc., Zscaler Inc. and Trend Micro Inc.

Friday Stats and More

David ErmerCongress, COVID-19, U.S. Healthcare

Based on the Centers for Disease Control Covid Data Tracker and using Thursday as the first day of the week, here is the FEHBlog latest weekly chart of new Covid cases:

Note: the massive surge on the left is the original Omicron surge, but the label didn’t carry over from the spreadsheet to the FEHBlog.

The CDC’s weekly review of its Covid statistics tells us

As of August 10, 2022, the current 7-day moving average of daily new cases (103,614) decreased 13.8% compared with the previous 7-day moving average (120,151). * * *

CDC Nowcast projections* for the week ending August 13, 2022, estimate that the combined national proportion of lineages designated as Omicron will continue to be 100% with the predominant Omicron lineage being BA.5, projected at 88.8% (95% PI 87.5-90.0%). The national proportion of BA.4 is projected to be 5.3% (95% PI 4.9-5.7%), BA.4.6 is projected to be 5.1% (95% PI 4.1-6.4%), and BA.2.12.1 is projected to be 0.8% (95% PI 0.7-0.9%).

Here’s the CDC’s Daily Trends in Number of New COVID-19 Hospital Admission chart from its weekly review.

The CDC’s weekly review adds, “The current 7-day daily average for August 3–9, 2022, was 6,003. This is a 2.6% decrease from the prior 7-day average (6,163) from July 27–August 2, 2022.”

Here’s the FEHBlog latest daily chart of new Covid deaths for 2022:

Unfortunately, both labels fell off this chart. The missing label under the horizontal axis 3 -5 reads Omicron, and the missing label over weeks 14 – 17 reads Omicron’s siblings. The CDC’s weekly review adds, “The current 7-day moving average of new deaths (400) has decreased 6.7% compared with the previous 7-day moving average (429).”

New cases, new admissions and new deaths have plateaued and are trending down.

Here’s the FEHBlog’s weekly chart of Covid vaccinations distributed and administered from the first week of the Covid vaccination era in December 2020 to this week.

Administered vaccines jumped back up to over 2 million this week. The CDC’s weekly review adds.

Overall, about 262.0 million people, or 78.9% of the total U.S. population, have received at least one dose of vaccine. About 223.5 million people, or 67.3% of the total U.S. population, have been fully vaccinated.* Of those fully vaccinated, about 107.9 million people have received a booster dose,** but 50.0% of the total booster-eligible population has not yet received a booster dose.

MedPage Today informs us

COVID-19 mRNA vaccines have been safe for pregnant women, according to observational data from a large Canadian study.

In fact, the pregnant women reported fewer serious health events than non-pregnant women in the 7 days following vaccination and a similar number of events as a control group of unvaccinated pregnant respondents, as researchers led by Manish Sadarangani, DPhil, of the BC Children’s Hospital Research Institute in Vancouver, reported in The Lancet Infectious Diseases.

The Wall Street Journal reflects on yesterday’s CDC easing Covid restrictions intended to shut down the disease, a state which will not happen anytime soon.

Federal health officials’ move this week to relax pandemic precautions gave business leaders the momentum many have been looking for to return to pre-Covid behaviors.

The new guidelines, issued Thursday by the Centers for Disease Control and Prevention, generally bring the federal guidance in line with policies that had already shifted at companies, schools and public transportation, among other settings. The agency said it no longer recommends that people quarantine after being exposed to the virus, as long as they don’t feel sick, get tested after five days and wear a high-quality mask around others for 10 days.

Many executives and city leaders who had been struggling to break pandemic work-from-home habits see this as a boost to their halting efforts to bring people back into the workplace. They say that previous CDC recommendations made it difficult to enforce their policies, since one exposure could send an entire team home.

It’s worth noting that the CDC issued the revised guidance even though its Spring 2022 innovation based on community levels of the Covid is blinking red.

Overall, 51 out of 52 jurisdictions* had high- or medium-level counties this week. Nevada is the only jurisdiction to have all counties at low Community Levels.

To check your COVID-19 Community Level, visit COVID Data Tracker. To learn which prevention measures are recommended based on your COVID-19 Community Level, visit COVID-19 Community Level and COVID-19 Prevention.

The American Hospital Association calls our attention to another aspect of the Administration’s revised guidance:

The Food and Drug Administration yesterday advised people who get a negative result from an at-home COVID-19 antigen test to test themselves again after 48 hours to reduce the risk of missing an infection and spreading the virus to others.

“Today’s recommendations are based on the latest study results from people with likely omicron infection showing that repeat testing after a negative at-home COVID-19 antigen test result increases the chance of an accurate result,” the agency said

Govexec brings us up to date on the ongoing litigation against the federal government’s Covid vaccination mandate

Remember the vaccine mandate for federal contractors that President Biden issued last September? 

Well, several legal challenges are ongoing: there have been six injunctions issued, one of which was national, and the federal government has appealed them all, as outlined in a post from the law firm Bradley Arant Boult Cummings LLP last week. 

Ambika Biggs, a partner at the law firm Hirschler who specializes in government contracting, told Government Executive earlier this week the matter is likely to be appealed to the Supreme Court, especially if there is a circuit split on decisions.

These cases really “come down to the interpretation of the Federal Property and Administrative Services Act, which is just called the Procurement Act” and “whether President Biden had authority under that act to issue the executive order that put the federal contractor mandate in place,” said Biggs. The main argument she’s seen in the pleadings is that “there wasn’t a close enough nexus between wanting an economical and efficient system for procurement and the actual vaccine mandate,” and the mandate was more about public health, which is usually under states’ jurisdiction. 

The FEHBlog does not expect this issue to get to the Supreme Court.

From the monkeypox front, Beckers Payer Issues recounts seven payer reactions to the announcement of a public health emergency.

From Capitol Hill, the American Hospital Administration reports

The House today voted 220-207 [along party lines] to pass the Senate’s [budget reconciliation bill] (H.R. 5376), sending it to President Biden for his signature. Passed by the Senate Sunday, the roughly $700 billion social spending package would extend for three years the American Rescue Plan Act’s expanded subsidies for coverage purchased through the Health Insurance Marketplaces; allow Medicare to negotiate prices for insulin and certain other drugs; implement tax changes and spending subsidies to address climate change; and reduce the deficit, among other provisions.

The International Foundation of Employee Benefit Plans offers six aspects of the legislation that are relevant to employers and health plan sponsors.

While the prescription drug provisions of the law are tied only to Medicare Parts B and D, employers and plan sponsors that provide retiree health care benefits, especially through employer group waiver plans (EGWPs), will want to be familiar with this legislation and its impact. They may wish to discuss changes with their advisors to see how their plans may be affected.  

That’s good advice.

From the U.S. healthcare costs front, the benefits consulting firm Mercer announced

US employers expect health benefit cost per employee to rise 5.6% on average in 2023, according to early results from Mercer’s National Survey of Employer-Sponsored Health Plans 2022, which launched June 22 this year and remains open. 

While significantly higher than the increase of 4.4% projected for 2022, the 2023 increase lags overall inflation, which is currently running at about 9% (see Figure 1). According to Sunit Patel, Mercer’s Chief Actuary for Health and Benefits, “Because health plans typically have multi-year contracts with health care providers, we haven’t felt the full effect of price inflation in health plan cost increases yet. Rather it will be phased in over the next few years as contracts come up for renewal and providers negotiate higher reimbursement levels. Employers have a small window to get out in front of sharper increases coming in 2024 from the cumulative effect of current inflationary pressures.” 

From the U.S. healthcare business front, Becker’s Payer Issues reports

Humana has completed the sale of a 60 percent stake in its subsidiary Kindred at Home’s hospice and personal care business to the private equity firm Clayton, Dubilier & Rice. The divisions have been restructured into a standalone company, according to an Aug. 11 Humana news release.  The $2.8 billion deal was first announced in April.  “Humana will continue to support the long-term success of these operations through our minority ownership and ongoing strategic partnership,” CFO Susan Diamond said in the news release.

and

Health Care Service Corp. has signed an agreement to purchase Trustmark Health Benefits from employee benefits firm Trustmark for an undisclosed amount. HCSC, the parent company of BCBS Illinois, Montana, New Mexico, Oklahoma and Texas, said in an Aug. 11 news release the acquisition would allow the company to serve more members that desire more customizable health benefits. Trustmark Health Benefits provides voluntary benefits, fitness management products and small group plan administration. The Lake Forest, Ill.-based company said no changes to benefits for existing members will occur when the deal is expected to close later this year.

Fierce Healthcare adds

UnitedHealthcare is rebranding one of its fastest-growing health plan designs. Surest plans, first launched in 2016 as Bind, are available nationwide for self-funded employers and in 11 states for fully insured plans. UHC said it plans to make Surest available as an option for fully insured customers in five more states by the end of the year. Surest plans have the fastest growth rate among its employer-sponsored plan designs, the insurance giant said Thursday.

Thursday Miscellany

David ErmerUncategorized
Photo by Josh Mills on Unsplash

From the Omicron and siblings’ front,

The New York Times reports

The Centers for Disease Control and Prevention loosened Covid-19 guidelines on Thursday, freeing schools and businesses from the onus of requiring unvaccinated people exposed to the virus to quarantine at home.

The changes are a sharp move away from measures such as social distancing requirements and quarantining, which had polarized much of the country, and effectively acknowledge the way many Americans have been navigating the pandemic for some time. The agency’s action comes as children across the country return to school and many offices have reopened.

“We know that Covid-19 is here to stay,” Greta Massetti, a C.D.C. epidemiologist, said at a news briefing on Thursday. “High levels of population immunity due to vaccination and previous infection, and the many tools that we have available to protect people from severe illness and death, have put us in a different place.” * * *

Instead of focusing on slowing transmission of the virus, the recommendations prioritize preventing severe illness. They emphasize the importance of vaccination and other prevention measures, including antiviral treatments and ventilation.

Here is a link to the new CDC guidance.

The Wall Street Journal looks into why Omicron continues to become more contagious over time, and MedPage Today discusses what the future holds for Covid vaccines.

From the unusual viruses front, Beckers Hospital Review tells us

“The manufacturer of the Jynneos monkeypox vaccine, Bavarian Nordic, voiced concerns to federal health officials about efforts to expand vaccine supplies by allowing the administration of fractional doses, The Washington Post reported Aug. 10.

“Confirmed U.S. [monkey pox] cases have surpassed 10,000, according to CDC data updated Aug. 10. About a month ago, there were less than 1,000 reported cases nationwide,” and

The CDC may offer some New Yorkers an extra dose of the polio vaccine amid concerns that the virus is silently spreading through a community where the nation’s first polio case in nearly a decade was detected July 21, CNN reported.  * * * “We’re looking into all aspects of how to deal with this. At this point, we don’t have a definitive answer,” José Romero, MD, director of the CDC’s National Center for Immunization and Respiratory Diseases, told CNN.  The case, which was identified in an unvaccinated man, may be “just the very, very tip of the iceberg” and a sign that there “must be several hundred cases in the community circulating,” Dr. Romero said.

From the pricing transparency front, Fierce Healthcare brings us up to date on hospital compliance with its federal pricing transparency law and a new Colorado law that will hit the pocketbooks of non-compliant hospitals in that State.

From the judicial front, Healthcare Dive reports

A New York federal judge on Wednesday dismissed a surgeon’s legal challenge that sought to roll back key pieces of a federal law that protects patients from surprise out-of-network bills.

Judge Ann Donnelly ruled against the surgeon, finding that the law is constitutional, and dismissed the case for lack of standing and dismissed the surgeon’s request for a preliminary injunction.

Katie Keith, a lawyer and health policy expert at Georgetown University who tracks surprise billing litigation, called the ruling good news for consumers.

The lawsuit threatened to once again expose millions of patients to surprise out-of-network bills, Keith previously said in a Health Affairs report on the litigation.

The FEHBlog heartily agrees with Prof. Keith.

From the U.S. healthcare business front, Fierce Healthcare tells us

Blue Cross Blue Shield of Michigan will roll out a new family building and maternity support program head of open enrollment.

The insurer said Wednesday that the platform, launched in partnership with Maven Clinic, will allow members to access a personalized app that guides them through the family planning process, including pregnancy, postpartum and pediatrics. Users can follow multiple paths to parenthood based on their needs.

From the miscellany department

  • Today, the U.S. Department of Health and Human Services (HHS) and the American Society of Nephrology (ASN) announced a new prize competition from the Kidney Innovation Accelerator (KidneyX) that seeks to further the development of a fully functional bioartificial kidney. * * * Up to $10.5 million in funding will be split among up to nine (9) prize winners, including up to three (3) winners from Track One each receiving $1.5 million and up to six (6) winners from Track Two each receiving $1 million. For the full rules and eligibility requirements, as well as a list of resources available to applicants, visit kidneyx.org/akp.”
  • MedPage Today reports “Colorectal cancer (CRC) screening was cost-effective in obese individuals as well as in those of normal weight and might even have a leg up at younger ages for obese men, a modeling study found. Having a colonoscopy every 10 years starting at age 45 or a fecal immunochemical test (FIT) at age 40 was cost-effective at a $100,000/quality-adjusted life-years (QALY) gained threshold across sexes and BMI ranges. As BMI increased, the cost-effectiveness of having colonoscopy every 10 years starting at age 45 versus 50 became even more favorable, reported Uri Ladabaum, MD, MS, of Stanford University School of Medicine in Redwood City, California; and co-authors in a paper in Clinical Gastroenterology and Hepatology.”
  • Healio informs us that “Salt substitutes consistently improved blood pressure and lowered risk for mortality, cardiovascular mortality and CV events, according to a meta-analysis published in Heart. ‘These findings are unlikely to reflect the play of chance and support the adoption of salt substitutes in clinical practice and public health policy as a strategy to reduce dietary sodium intake, increase dietary potassium intake, lower blood pressure and prevent major cardiovascular events,’ the researchers wrote.” Consumer Reports advises discussing salt substitutes with your PCP before starting to use them