Monday Roundup

Photo by Sven Read on Unsplash

From the Capitol Hill front, Roll Call reports that an extension of the continuing resolution currently funding the federal government appears to be on tap.

Senate Democrats and Republicans are eyeing a two- to three-month continuing resolution that would punt final decisions on fiscal 2022 appropriations into February or March, according to sources familiar with the talks.

That decision, if blessed by House Democrats and the Biden administration, would decouple a complicated omnibus spending bill covering every federal agency from thorny negotiations over budget reconciliation and the debt limit.

But it wasn’t yet clear Democrats across the Capitol were unified behind that strategy, with some pushing a much shorter stopgap measure running for two weeks, to Dec. 17. That would keep the pressure on for a spending deal before the winter holiday season and allow lawmakers to clear the decks for next year’s agenda.

Another possibility is lawmakers try out a stopgap bill to Dec. 17, see how much progress is possible, and then pass another CR, this time through the end of February or March.

From the Delta variant vaccine mandate front —

  • It’s worth noting that the Federal Acquisition Regulation Council is expected to consider a draft proposed rule implementing the mandate for federal government contractors this coming Wednesday November 17.
  • With regard to OSHA’s large business mandate, the Society for Human Resource Management tells us that “

OSHA stated that it “has suspended activities related to the implementation and enforcement of the ETS pending future developments in the litigation,” although it “remains confident in its authority to protect workers in emergencies.” OSHA noted that the court ordered it to take no steps to implement or enforce the ETS until further court order.

“OSHA’s course of action should give some comfort to employers taking a wait-and-see approach,” said Kyle Johnson, an attorney with Frost Brown Todd in Louisville, Ky., Jeff Shoskin, an attorney with Frost Brown Todd in Cincinnati, and Catherine Burgett and Anne Duprey, attorneys with Frost Brown Todd in Columbus, Ohio, in a firm legal update. “Because the future of the order is uncertain, employers should keep apprised of the status of the legal challenges ahead and have a plan to comply with the ETS should the order be modified or dissolved.” 

The Centers for Disease Control reminds us that Antibiotic Awareness Week begins this Thursday November 18. “USAAW is an annual observance that raises awareness of the threat of antibiotic resistance and the importance of appropriate antibiotic use.”

Following up on the large increase in Medicare Part B premiums for 2022, Healthcare Dive informs us that “CMS said the hike is mostly due to potential use of Biogen’s Aduhelm, a drug for Alzheimer’s disease that’s drawn criticism for carrying a high price tag despite unclear effectiveness, along with ongoing uncertainty from the coronavirus pandemic.” That’s puzzling as the Biogen drug has been a colossal sales flop. What’s more, STAT News broke the news tonight that

Al Sandrock, Biogen’s top scientist and the face of its years-long campaign to develop a treatment for Alzheimer’s disease, is leaving the company after more than two decades, STAT has learned.

The surprise departure of Sandrock, who oversees all of Biogen’s research and development, leaves a void in the company’s upper ranks. And it comes as Biogen is facing a worsening business outlook, saddled with a string of setbacks to its research pipeline and forced to defend its scientific integrity after the approval of the polarizing Alzheimer’s treatment Aduhelm.

STAT News also offers an interesting story about the two anti-viral drugs that could become Flonase for COVID. For example,

At the headline level, Pfizer’s pill reduced the risk of hospitalization and death by 89%,while Merck showed a reduction of 50%. But neither firm has disclosed detailed data from its pivotal studies, and the trials were not identically designed.

The studies enrolled similar populations — unvaccinated people with mild to moderate Covid-19 and at least one risk factor for severe disease — but they had slightly different measures of efficacy. Pfizer’s 89% figure comes from patients who started getting its pill, Paxlovid, within three days of their first Covid-19 symptoms. Merck’s 50% applies to patients who began treatment within five days. In the Paxlovid study, patients who started treatment within five days saw an 85% improvement in hospitalization or death versus placebo. Merck has not shared data on patients who got its drug within three days of symptom onset.

We will have to keep our fingers crossed while the Food and Drug Administration considers granting these drugs emergency use authorization.

Weekend Update

Photo by Tomasz Filipek on Unsplash

Both Houses of Congress are in session this week for floor voting and Committee business. The Hill summarizes what’s ahead for Congress over the next month and it’s a tough row to hoe indeed. The December 3 deadline on the current stop gap funding bill and the budget ceiling relief is looming.

From the vaccine mandate front, Govexec reports that

The COVID-19 vaccine mandate for federal contractors “has been a very challenging thing to navigate,” as shown by the “evolution of guidance,” as well as the lawsuits attempting to challenge it, Justin Chiarodo, partner in and chair of the government contractors practice group at the law firm Blank Rome LLP, told Government Executive earlier this week. Chiarodo and his firm’s clients have concerns about how the mandate could impact the supply chain crisis and labor shortages. He also pointed out that on November 17, the Federal Acquisition Regulatory Council is poised to submit a report on its rule that will amend contracts to incorporate the vaccine mandate. * * *

The union that represents 7,500 employees at the Environmental Protection Agency announced on Tuesday [November 9] it entered into a Memorandum of Understanding with agency management on implementation of the vaccine mandate. “The [memorandum] ensures that Council 238 bargaining unit employees requiring exceptions to the mandate will receive due process as provided under the Council’s Master Collective Bargaining Agreement while at the same time protecting the safety and health of the overall bargaining unit,” said a statement from American Federation of Government Employees Council 238. Joyce Howell, Council 238 chief negotiator for the future of work negotiations, said that over 90% of the bargaining unit is fully vaccinated. 

The U.S. Postal Service said in a recent financial filing that the Occupational Safety and Health Administration’s new vaccine rule “will be extremely challenging to implement and administer during the height of our peak season, particularly given its expedited schedule,” Reuters reported on Wednesday [November 10]. The report noted: “Compliance, the USPS warned, ‘could result in labor challenges and high levels of absenteeism.’ Some employees could opt to leave, which ‘could cause significant business disruptions, and could adversely impact service performance and result in lower mail volume and revenue.’” 

The Postal Service, among other businesses affected by the OSHA rule, will be please to learn that late Friday, according to Reason,

The U.S. Court of Appeals for the 5th Circuit extended its stay on the Biden administration’s COVID-19 vaccine mandate for private employers, which the unanimous three-judge panel called “fatally flawed” and “staggeringly broad.” The stay * * * says OSHA shall “take no steps to implement or enforce the Mandate until further court order.” It is officially a preliminary pause “pending adequate judicial review of the petitioners’ underlying motions for a permanent injunction.” But the court left little doubt that it would grant those motions, saying “petitioners’ challenges to the Mandate show a great likelihood of success on the merits.”

The federal government can ask the U.S. Supreme Court to review the Fifth Circuit’s stay order. Reason adds

In a concurring opinion, Judge Duncan emphasizes that courts “expect Congress to speak clearly when authorizing an agency to exercise powers of ‘vast economic and political significance.'” He thinks “whether Congress could enact such a sweeping mandate under its interstate commerce power would pose a hard question.” But “whether OSHA can do so does not.”

From the medical device front, Fierce Healthcare tells us that

The Biden administration has repealed its predecessor’s last-minute rule granting expedited Medicare coverage of breakthrough devices.

The Centers for Medicare & Medicaid Services (CMS) had finalized the Medicare Coverage of Innovative Technology and Definition of “Reasonable and Necessary” (MCIT/R&N) final rule Jan. 14, just days before President Joe Biden was sworn into office.

If implemented, the rule would provide devices that received the Food and Drug Administration’s breakthrough-device designation up to four years of Medicare coverage once the product received or cleared the agency’s market authorization. CMS said at the time that its goal was to remove the gap between regulatory authorization and Medicare coverage determination, which in some cases could take up to a year. * * *

The repeal is a win for the insurance industry, which had warned the faster timetable could lead to premature coverage of unproven devices. Medical device manufacturers, on the other hand, generally saw the pathway as an incentive to take more risks in their pursuit of innovative technologies.

From the OPM front, Federal News Network reports that

Agencies are treading carefully into a new era, one that contemplates what public and private sector experts are calling, “the future of work.”

To help them make those decisions, agencies got more advice from the Office of Personnel Management, which released a new telework and remote work guide on Friday.

It replaces guidance OPM originally published on these topics back in 2011, when the original Telework Enhancement Act was less than a year old. * * *

The latest guide builds on prior guidance from OPM and the Biden administration — and provides perhaps the most comprehensive tool to date for agencies interested in building or expanding remote work programs. OPM also has a new website with future of work resources.

In a statement, [OPM Director Kiran] Ahuja said the new guide should serve as a model for both the public and private sectors to follow.

Cybersecurity Saturday

Inside Cybersecurity provides useful legal perspectives on the Defense Department’s recent changes to its Cybersecurity Maturity Model Certification program for defense contractors.

The evolution of DOD’s Cybersecurity Maturity Model Certification program reflects a response to concerns from the defense industrial base, according to attorneys, who said recent major changes show the Pentagon is taking into account pre-existing mechanisms for contractor compliance with cyber standards and is considering how the program can be implemented effectively.

CMMC 2.0 consolidates DOD’s cyber certification effort into three levels and relies heavily on NIST publications 800-171 and 800-172. The extra 20 controls in level two (formerly level three) are removed from the new model along with maturity processes.

Attorneys surveyed by Inside Cybersecurity questioned whether the Pentagon’s decision to walk back the CMMC model to align with the 110 controls in NIST 800-171 for level two is an effective approach and where things stand with assessment organizations who have been preparing to conduct assessments since the first version of the maturity model debuted in early 2020.

Check it out.

In Security Week a cybersecurity consultant Torsten George reflects on the recent Cybersecurity Awareness Month.

Despite all the new technologies, strategies, and artificial intelligence being employed by security experts and threat actors alike, one thing remains constant: the human element. As humans we’re fallible — a fact that threat actors frequently exploit when launching phishing and social engineering campaigns to establish a foothold in their victim’s IT environment. Ultimately, hackers don’t hack in anymore—they log in using weak, default, stolen, or otherwise compromised credentials.

The reality is that many breaches can be prevented using some basic cyber hygiene tactics, coupled with a Zero Trust approach. Yet most organizations continue investing the largest percentage of their security budget on protecting their network perimeter rather than focusing on security controls which can actually effect positive change to protect against the leading attack vectors: credential abuse and endpoints serving as main access points to an enterprise network.

And as usual Bleeping Computer’s The Week in Ransomware is chock full of news:

This week, law enforcement struck a massive blow against the REvil ransomware operation, with multiple arrests announced and the seizure of cryptocurrency.

On Monday, the US Department of Justice, Europol, and Interpol announced arrests of REvil affiliates and members in Kuwait and Romania. The FBI also announced the arrest of the REvil affiliate behind the July Kaseya attack that encrypted over 1,500 organizations.

In addition, the US announced that $6 million in ransom payments was seized from the REvil ransomware operation.

This week, the other big news is a massive attack on the European electronics retailer MediaMarkt by the Hive Ransomware operation.

What’s more Krebs on Security reports that

The Federal Bureau of Investigation (FBI) confirmed today [November 13] that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.

Friday Stats and More

Based on the CDC’s COVID Data Tracker and using Thursday as the first day of the week, here is the FEHBlog’s current weekly chart of new COVID cases for 2021:

Here is a link to the CDC’s weekly chart of new COVID related hospital admissions, and here is the FEHBlog’s current weekly chart of new COVID deaths:

Finally here is the FEHBlog’s current weekly chart of COVID vaccinations distributed and administered:

As of today, 86% of the U.S. population over age 65 has been fully vaccinated and 1/3 of that cadre has received a COVID booster.

Here’s a link to the CDC’s weekly interpretation of its COVID statistics. The CDC points out that “Starting the week of November 8th, vaccines [for children aged five through 11] will be available at pediatricians’ offices, pharmacies, Federally Qualified Health Centers, and more. To find vaccine near you, visit vaccines.gov; text your ZIP code to 438829 (GETVAX); or call 1-800-232-0233.”

The CDC’s Fluview informs us that “Seasonal influenza activity in the United States remains low, but the number of influenza virus detections reported by public health laboratories has increased in recent weeks.”

The best summary of where we stand with COVID is found in today’s New York Times column by David Leonhardt on whether it’s time to start back to returning to normalcy on COVID. His theme struck a chord with the FEHBlog:

“Among the Covid experts I regularly talk with, Dr. Robert Wachter is one of the more cautious. He worries about “long Covid,” and he believes that many people should receive booster shots. He says that he may wear a mask in supermarkets and on airplanes for the rest of his life.””

“Yet Wachter — the chair of the medicine department at the University of California, San Francisco — also worries about the downsides of organizing our lives around Covid. In recent weeks, he has begun to think about when most of life’s rhythms should start returning to normal. Increasingly, he believes the answer is: Now.

“This belief stems from the fact that the virus is unlikely to go away, ever. Like most viruses, it will probably keep circulating, with cases rising sometimes and falling other times. But we have the tools — vaccines, along with an emerging group of treatments — to turn it into a manageable virus, similar to the seasonal flu.”

In other news —

The Centers for Medicare and Medicaid Services finally announced 2022 Medicare Medicare Parts A and B premiums and cost sharing.

  • The Part A inpatient hospital deductible will increase from $1484 to $1556.
  • The Part B calendar year deductible will increase from $203 to $221.
  • The monthly standard Part B premium will increase from $148.50 to $170.10.

All of the changes and the income based Part B premium adjustments for high income beneficiaries is available here.

STAT News informs us that

Robert Califf, President Biden’s new pick to lead the Food and Drug Administration, doesn’t have much to show for his first tenure at the agency.

His grand plans for modernizing the way drug makers and the FDA collect patient data were shelved in 2017 after he left the agency’s top spot. His efforts to ban flavored tobacco products were foiled by the Obama White House. Even his push to finally fix the FDA’s hiring woes still hasn’t been fully implemented.

Now Califf, who Biden formally tapped on Friday to retake the FDA’s top job, will have another shot at delivering on those promises.

Health Payer Intelligence tells us that

More than eight out of ten survey participants in UnitedHealthcare’s sixth annual Consumer Sentiment Survey indicated that they are ready to choose a health plan during 2022 open enrollment season.

“Most Americans said they are prepared to select a health plan during this year’s open enrollment season, while the COVID-19 pandemic continues to spur interest in virtual care for medical services and digital fitness apps to help people pursue at-home fitness routines,” the press release shared.

UnitedHealthcare fielded the survey from September 10 through September 12, 2021 and received 1,013 responses from individuals 18 years old and older.

Health Payer Intelligence also discusses a Humana program for employer sponsored plans in which “Humana is partnering with a type 2 diabetes reversal vendor [Virta] that uses remote patient monitoring and nutrition to help members manage and improve their type 2 diabetes.”

The article included this interesting tidbit on diabetes treatment

Diabetes is one of the top chronic conditions in the US that drive healthcare spending, alongside conditions such as cancer, heart disease, and obesity. As such, payers have heavily targeted this condition with various chronic disease management strategies.

It was not until August 2021, however, that the American Diabetes Association (ADA) officially determined that the phrase “diabetes reversal” was often more clearly identified as “remission,” Humana pointed out in its press release.

“Remission strikes an appropriate balance, noting that diabetes may not always be active and progressive yet implying that a notable improvement may not be permanent. It is consistent with the view that a person may require ongoing support to forestall relapse, and regular monitoring to allow intervention should hyperglycemia recur,” ADA decided. 

“The term reversal is used to describe the process of returning to glucose levels below those diagnostic of diabetes, but it should not be equated with the state of remission.”

Happy Veterans’ Day

Thanks to Justin Casey for sharing their work on Unsplash.

Happy Veterans’ Day! Here’s a link to the OPM Director’s thoughts on this day as posted in OPM’s Medium channel.

Roughly 30 percent of the federal workforce has served our nation in uniform, and at OPM, we are working hard to welcome more. We are the guardians of the competitive hiring process, which includes ensuring that agencies are properly applying the Veterans’ preference rules. Much like in our recently expanded Military Spouse Hiring Authority, we recognize the unique leadership qualities on display in military households. We are eager to honor their contributions and match their skills with the needs of the American people.

From the Open Season advice front, Tammy Flanagan writes about FEHB high deductible health plans (“HDHP”), enrollment in which allows a federal or postal employee to contribute to a health savings account (“HSA”).

In 2022, for each month you are eligible for an HSA, you will receive a premium pass through, which is portion of your monthly health plan premium that is deposited to your HSA each month. You can make additional tax-free contributions to your HSA, as long as total contributions do not exceed $3,650 for an individual and $7,300 for a family.

In many of the FEHB HDHP plans, the premium pass through amount ranges from $75 to $100 per person per month, which can go a long way toward offsetting the high deductibles that are inherent to this kind of plan. There’s no time limit for withdrawing money from an HSA to pay for [healthcare ]expenses.

HSA contributions and related income are never federally taxed as long as the money is used for healthcare expenses. The trick is to grow the funding in an HSA before you hit high out of pocket medical spending for raising a family or in retirement.

It’s also worth noting that the alway informative Reg Jones has been writing about Open Season in FedWeek for the past three weeks.

In related news, Health Payer Intelligence discusses the Medicare Advantage open season also now underway.

Medicare Advantage has seen a lot of growth in recent years and that trend is set to continue into 2022, as evident in the number of plan offerings for the Medicare Advantage 2022 open enrollment season, according to a Kaiser Family Foundation (KFF) issue brief.

“As Medicare Advantage enrollment continues to grow, insurers seem to be responding by offering more plans and choices to the people on Medicare,” the researchers explained. Payers are offering a total of more than 3,800 Medicare Advantage plans in 2022. Nearly nine out of ten of these health plans are Medicare Advantage-prescription drug plans. 

In FSAFeds news, the Internal Revenue Service announced its 2022 inflation adjustments to various and sundry tax matters. Rev. Proc. 2021-45. Of note,

For taxable years beginning in 2022, the dollar limitation under § 125(i) on voluntary employee salary reductions for contributions to health flexible spending arrangements is $2,850. If the cafeteria plan permits the carryover of unused amounts, the maximum carryover amount is $570.

These increases are not automatic, but rather are triggered by employer action to amend the underlying plan.

From the COVID vaccine mandate front —

  • The Safer Federal Workforce Task Force has updated its guidance and FAQs for federal contractors. The best guidance currently available to contractors is the Task Force’s guidance document supplemented by the FAQs.
  • Federal News Network brings us up to date on the federal employee lawsuits challenging the vaccine mandate imposed on them. The Courts have turned away the plaintiffs’ requests for stays / preliminary injunctions on the employee mandate based on failure to meet the high standards for that extraordinary relief.

From the telehealth front, Healthcare Dive tells us that

As the delta variant surged in the third quarter, virtual care giant Amwell saw its urgent care volumes spike, while specialty care and behavioral health visits came in below expectations. That’s a sharp turnaround from the first half of the year, when urgent care volumes, specialty care and behavioral health visits grew together, analysts noted.

Urgent care visits are cheaper, however, so the higher urgent care mix had an unfavorable impact on total revenue per visit. Amwell’s revenue was down less than 1% year over year to $62.2 million, lower than Wall Street expectations though the Boston-based telehealth vendor’s earnings squeaked in slightly above forecasts.

To account for expected decreases in visit volume and the shift in visit-type mix toward urgent care versus specialty due to delta, Amwell lowered its full-year revenue guidance.

Midweek update

Thanks to ACK15 for sharing their work on Unsplash.

Timely observation from Forbes

Consumer prices are rising at the fastest pace in 30 years, as the Covid-19 pandemic and supply chain bottlenecks and staffing shortages reverberate around the globe. Data from the Bureau of Labor Statistics shows inflation rose 6.2% in October, with energy, cars and beef leading the way with increases of more than 20%.

However, some healthcare services seemed to buck the trend. Health insurance prices were down 6.4%. But it’s important to note that the index doesn’t directly price insurance policies — it tracks the movement of insurance premium holding the quality of the plan as constant (which isn’t how things tend to play out in the real world, especially with the rise of high deductible plans). The index shows eyeglasses and eyecare services saw only a 0.4% bump, while dental services were up 2.2%. Hospital and doctor services were up around 4%.

Until this year, healthcare prices have outpaced general inflation for more than a decade, explains healthcare analyst and Forbes contributor Joshua Cohen. “This is partly a function of the consumer price index being historically low during this period; often under 2%, in fact!” While it appears there may be a reversal, it won’t be official for many more months, as the confirmed data lags behind by several quarters, says Cohen. Plus, there are some holes. For example, the index doesn’t take into account the launch prices of new drugs, it only takes into account “increases of prices of existing products.” Stay tuned as to whether the decline in prices is an anomaly or a trend…

The observation is timely because at this time of year the federal employee press typically is complaining the FEHB premiums are increasing faster than the cost of living. That’s not the case for 2022.

From the Delta variant front, the Department of Health and Human Services announced that

To support access to [rapid at home COVID testing], HHS will use [$650 million of American Rescue Plan] funds to ramp up U.S. domestic manufacturing capacity. By strengthening our ability to produce these tests in the United States, we will minimize our reliance on imports from overseas, and sustain robust long-term manufacturing throughout 2022. The funding will also support purchasing raw materials and finished tests to increase our domestic supply of diagnostic tests.

This initiative builds on recent efforts by the Biden-Harris Administration to strengthen testing and make tests more available nationwide. President Biden recently announced $3 billion in new investments in rapid testing. These resources will grow the supply of rapid tests, including quadrupling the supply of at-home tests by the end of the year. HHS also recently announced a series of actions to help reduce costs, make tests more available, and support bringing more over-the-counter tests to market in the U.S.

Fierce Healthcare reports

Express Scripts is launching a new option for employers to cover over-the-counter COVID-19 tests under the pharmacy benefit.

Beginning Jan. 1, members who can access the benefit can visit an in-network pharmacy to purchase an applicable COVID-19 test. Members can then show their Express Scripts member card at checkout, which will process the purchase through their benefit.

Plans can set the copayment for the test at either a discounted rate or a $0 copay, Express Scripts said.

From the COVID vaccine mandate department —

Federal News Network reports

The largest federal employee union has asked the White House to push back the Nov. 22 deadline that executive branch workers currently have to comply with the federal vaccine mandate.

The American Federation of Government Employees said Tuesday federal workers should have the same Jan. 4 deadline that the Biden administration recently extended for contractors to receive their vaccine doses.

In a letter to the White House, Office of Management and Budget and the Office of Personnel Management, the union urged the Biden administration to harmonize federal vaccine mandate deadlines for government employees and contractors.

From the surveys department —

  • Health Affairs tells us about the Kaiser Family Foundation’s 2021 benchmark survey on employer sponsored healthcare in the U.S.
  • Healthcare Dive reports on the latest Leapfrog hospital patient safety grades. “Among 2,901 facilities scored by the Leapfrog Group, 32% received A grades this fall. Another 26% of hospitals received B grades while 35% scored a C. * * * Only 7% of hospitals received D grades, and less than 1% received an F.” The grades were in line with pre-pandemic scoring.

The International Foundation of Employee Benefit Plans reminds us that November is Men’s Health Awareness Month.

You’re probably already familiar with No-Shave November and Movember, movements created to encourage conversations about cancer awareness among men. These events encourage participants to put down their trimmers for 30 days and think about donating their monthly hair-maintenance expenses to the cause. Many cancer patients lose their hair during diagnosis and treatment, and one way to show empathy and support is to grow awareness while growing mustaches, beards and full heads of hair. For more ideas on getting your organization involved, click here.

From the healthcare business front, Health Payer Intelligence and Healthcare Dive each provide wrap up reports on 3rd quarter financial reporting from health insurers.

What’s more, Fierce Healthcare tells us that

Health IT industry veteran Donald Rucker, M.D. is joining the leadership team at interoperability startup 1upHealth.

Rucker, who served as the National Coordinator for Health Information Technology under the Trump administration, is jumping on board 1upHealth as its new chief strategy officer. The Boston-based company, founded in 2017, structures claims and clinical data to make it easier for organizations to share information.

As CSO, Rucker will help set the direction for 1upHealth’s ongoing innovations in Fast Healthcare Interoperability Resources (FHIR)-enabled computing and help healthcare organizations meet the evolving clinical, technical and reimbursement demands for modern data, according to the company.

From the encouraging research front, the National Institutes of Health informs us that

  • Sixty hours of a therapy called [Constraint induced movement therapy] CIMT led to significant improvements in hand and arm function among children with cerebral palsy in a randomized trial.
  • The findings suggest that intense treatment with CIMT has greater benefit than conventional forms of therapy.

From the Open Season advice department, Federal News Network alerts us that next Monday ‘November 15, 2021 on ForYourBenefit, our hosts Bob Leins, CPA®, and Tammy Flanagan, Senior Benefits Director NITP, will talk about Open Season.” Here’s a link to the show’s website which discloses that the show has been covering Open Season for the past three weeks. Check it out.

Tuesday’s Tidbits

From the Open Season advice front, here are recent articles from FedSmith and Govexec .

From Capitol Hill, FedWeek reports that last Wednesday Nov. 3

The Senate Homeland Security and Governmental Affairs Committee has approved:

HR-2662, to give agency IGs authority to subpoena former federal employees; require an administration to provide a “substantive rationale, including detailed and case-specific reasons” prior to removing an IG; limit the use of administrative leave for IGs, including during the 30 days following the removal announcement; require acting IGs to be selected from among senior-level employees within the watchdog community; and require regular training to IG employees on their whistleblower rights.

The House already has passed the HR 2662. The Senate Committee amended the House bill before voting to sending the “favorable” substitute bill to the Senate floor for a vote.

From the Delta variant front Medscape informs us that

Pfizer and its European partner BioNTech have asked the US Food and Drug Administration (FDA) to expand emergency authorization of its COVID vaccine to allow everybody 18 and older to get a booster dose.

If it goes through, the broader use of Pfizer boosters would be a step toward President Joe Biden’s goal of boosters for all adults. He announced the goal last August but backed off to let the regulatory process by the FDA and the Centers for Disease Control and Prevention (CDC) play out.

Pfizer is submitting a study of booster effects on 10,000 people to make its case, according to a company news release.

This would be Pfizer’s second bite at the FDA apple for this approach to its booster.

Govexec informs us from the Delta variant vaccine mandate front that

VA Secretary Denis McDonough spoke at the National Press Club in Washington, D.C. on Tuesday afternoon, which came after the October 8 deadline for health care employees to get vaccinated but before the November 22 deadline for the rest of the federal workforce. 

“We’re still getting all of our data together,” he said. As of this morning, about 91% of the health care professionals at VA “have uploaded their data,” which could be proof of vaccination or requests for one of the exemptions. This is up from about 70% about two and a half weeks ago. 

“We’re not going to question the legitimacy of anyone’s individual declaration of a religious exception,” McDonough said. However, “we may find ourselves in a situation where, for example, in an oncology department or in a spinal cord injury facility or in an intensive care unit…or community living center[s], we may have so many people who have claimed a religious exemption that we can’t safely provide care to our veterans in those vulnerable situations, in which case we reserve the right to deny religious exemptions.” 

Fedweek cautions that “Both supporters and opponents of the Coronavirus vaccine mandate expect it to increase turnover among federal employees, although it is hard to say how large that increase will be and how much of it will be involuntary versus voluntary.”

From the No Surprises Act (NSA) front, the FEHBlog noticed that the Centers for Medicare and Medicaid Services has created a public NSA website. Posted on the site is an October 25, 2021, CMS letter announcing required federal government website and contact information to be included in the consumer notice about the NSA and other NSA related documents.

Website: https://www.cms.gov/nosurprises/consumers. Note, consumer and provider functionality for complaints inquiry and triage will not be operational until January 2022.

Phone number for information and complaints: 1-800-985-3059.

We ask regulated entities not to include the above phone number in any plan documents for any plan or policy years that begin before January 1, 2022.

In other healthcare news

Per Fierce Healthcare, here are the 10 most cost-efficient hospitals in the U.S., according to the Lown Institute: 

  1. Pinnacle Hospital (Crown Point, Indiana)
  2. Saint Mary’s Regional Medical Center (Reno, Nevada)
  3. Mercy Medical Center Dubuque (Dubuque, Iowa)
  4. Encino Hospital Medical Center (Encino, California)
  5. Park Ridge Health (Hendersonville, North Carolina)
  6. Oroville Hospital (Oroville, California)
  7. Saint Michael’s Medical Center (Newark, New Jersey)
  8. UnityPoint Health – Meriter (Madison, Wisconsin)
  9. East Liverpool City Hospital (East Liverpool, Ohio)
  10. Maple Grove Hospital (Maple Grove, Minnesota)

“Overall, if all hospitals performed as well as the most cost-efficient hospitals, Medicare would save $8 billion each year.”

Healthcare Dive informs us that

Nonprofit health giant Kaiser Permanente’s operating margin continued to shrink in the third quarter as expenses grew faster than revenue, spurred by labor unrest and surging COVID-19 patients, the Oakland, California-based integrated health system said.

Kaiser reported $38 million in operating income in the quarter, on $23.2 billion in revenue. That’s a 0.2% operating margin — exceedingly low compared to a margin of 2.1% same time last year. 

The 39-hospital system’s expenses in the third quarter grew 7.5% year over year to $23.1 billion, while revenue only increased 5.5%. Kaiser said the expense growth was due to higher costs from COVID-19 patients and workforce requirements, as — like other hospital operators — Kaiser has had to pay more for travel nurses and other contract labor to meet rising patient levels during the pandemic.

Monday Roundup

Photo by Sven Read on Unsplash

From the FEHB Open Season front, consultant Tammy Flanagan reports on the new trend of FEHB plans to offer Medicare Part B premium reimbursement contingent upon joining a related Medicare Advantage plan.

From the Delta variant front, the American Hospital Association informs us that

The Food and Drug Administration Friday authorized another over-the-counter COVID-19 diagnostic test for emergency use. The iHealth COVID-19 Antigen Rapid Test delivers results in 15 minutes. The company anticipates producing 100 million tests per month, with capacity increasing to 200 million per month in early 2022, FDA said.

STAT News offers an interesting snapshot of the now diminishing Delta variant surge.

Chart comparing hospitalizations by vaccine status

The chart truly speaks for itself.

In the maternal health field, the Health and Human Services Department announced that “200+ hospitals that are participating in the HHS Perinatal Improvement Collaborative, a contract with Premier, Inc. This new network is focused on improving maternal and infant health outcomes by reducing disparities. Comprised of hospitals from all 50 states, the collaborative is the first to evaluate how pregnancy affects overall population health by linking inpatient data of newborns to their mothers.” A list of the participating hospitals may be found at the bottom of the HHS press release.

From the Rx coverage front, STAT News tells us

Nearly a dozen of the highest-rated hospitals in the U.S. charged commercial health insurers and cash-paying patients significantly more than what Medicare has recently paid for 10 infused medicines on which the government spends the most money, according to a new analysis.

Median prices exceeded the Medicare Part B payment limit by a low of 169% at Rush University Medical Center in Chicago, while the Mayo Clinic Hospital in Phoenix exceeded the payment limit by 344%. Among cash-paying customers, the prices ranged from 149% of the Medicare payment limit at Rush to 306% at Brigham and Women’s Hospital and Massachusetts General Hospital, both based in Boston.

The Part B infused medicines for which Medicare Part B spent the most money were Rituxan, Orencia, Enbrel, Prolia, Eylea, Opdivdo, Keytruda, Avastin, Lucentis, Neulasta, and Remicade, but the list did not include biosimilar versions. These medications are variously used to treat conditions including cancer, rheumatoid arthritis, and macular degeneration.

Medicare Part B already sets Part B drug prices which tend to be injectables administered at facilities. Democrat legislators in Congress also want Medicare Part D to fix prices for certain drugs distributed by pharmacies. Government price fixing has never worked successfully in the American economy in the FEHBlog’s understanding.

Also from the healthcare pricing front, Health Payer Intelligence informs

Outcomes-based contracts continue to be popular for certain therapies as healthcare costs mount, an Avalere study found.

Avalere’s findings draw on survey responses from 51 insurers and pharmacy benefit managers. Altogether, the survey participants cover approximately 59 million members. The survey was fielded from September 27 to October 8, 2021 and it is Avalere’s fifth annual survey on the subject.

“OBCs typically include an agreement between health plans and drug or device manufacturers that ties product reimbursement to specific clinical, quality, or utilization outcomes,” Avalere researchers explained.

Let’s go.

Weekend update

Lincoln Memorial in the Fall

The Senate is on a State work break this week which includes the Veterans’ Day holiday on Thursday. The House of Representatives is not holding votes this week but a handful or so of Committee hearings are scheduled for Tuesday and Wednesday.

Roll Call tells us that

Buoyed, finally, by forward movement on a larger package of President Joe Biden’s domestic priorities, the House late Friday cleared a Senate-passed bipartisan infrastructure bill that pours billions of dollars into roads, bridges, water systems, transit and broadband.

The long-awaited House vote sends the bill, which passed the Senate in August, to Biden for his signature. 

The House vote was 228-206, with 13 Republicans backing it despite GOP leadership whipping against the bill. All but six Democrats voted for the measure, despite the House not voting in tandem on the larger budget reconciliation package as progressives had demanded for months. 

Instead, Democrats were forced to accept a vote to adopt the rule that sets debate parameters on the reconciliation bill as a sign of progress on that measure. 

Under that rule, the House is expected to vote on the social spending / climate budget reconciliation bill during the week of November 15. The additional week is expected to allow the Congressional Budget Office to release its report on this massive spending bill

With respect to the infrastructure bill the Wall Street Journal explains that ‘

The $1 trillion package would invest in refurbishing aging roads, bridges and ports; easing transportation bottlenecks; replacing harmful lead pipes; expanding internet access; upgrading the nation’s power grid; and boosting infrastructure resilience amid growing concerns over climate change. The spending is to be paid for with a variety of revenue streams, including more than $200 billion in repurposed funds originally intended for coronavirus relief but left unused; about $50 billion from delaying a Trump-era rule on Medicare rebates; and $50 billion from certain states returning unused unemployment insurance supplemental funds.

From the COVID vaccine mandate front, the Wall Street Journal reports that the U.S. Court of Appeals temporarily stated the OSHA vaccination screening program rule applicable to private sector employers with 100 or more employees plus the Postal Service.

A three-judge panel on the New Orleans-based Fifth U.S. Circuit Court of Appeals granted an emergency stay prohibiting enforcement of the rules for now, saying they raise “grave statutory and constitutional issues.” The Fifth Circuit said it would quickly consider whether to issue an injunction against the vaccine and testing requirements, ordering the Biden administration to file initial legal papers by late Monday afternoon.

OSHA issued this emergency rule under a law providing that challenges to such rules should be brought in the U.S. Court of Appeals rather than the lower District Courts. That’s a quicker path to Supreme Court review.

Roll Call discusses federal government contractor concerns about legal risks arising from the unclear federal vaccine mandate. The Federal Acquisition Regulation implementing the President’s executive order is still weeks away. In the meantime, contractors have to rely on the Safer Federal Workforce Task Force’s subregulatory FAQs. The Task Force typically issues new FAQs on a weekly basis.

From the Delta variant front, the American Medical Association discusses the available evidence on the utility of COVID booster mixing and matching which the Food and Drug Administration recently authorized.

In other vaccine news, Precision Vaccines reports on a Lancet study on the high value of HPV vaccine:

The Lancet published a review of the UK’s national human papillomavirus (HPV) vaccination program and its positive impact on cervical cancer and grade 3 cervical intraepithelial neoplasia incidence.

Published on November 3, 2021, this observational study shows the use of HPV vaccines dramatically reduces cervical cancer rates by almost 90% in women in their 20s who were offered the vaccine beginning at age 12.

These researchers estimated that the HPV vaccination program prevented around 450 cervical cancers and about 17,200 cases of precancerous conditions over 11 years.

HPV vaccination was most effective when given between the ages of 11 and 13 when someone is less likely to have been exposed to HPV.

“It’s a historic moment to see the first study showing that the HPV vaccine has and will continue to protect thousands of women from developing cervical cancer,” stated Michelle Mitchell, Cancer Research UK’s chief executive, in a related press statement.

The HPV vaccine when administered to boys protects against male cancers according to the CDC’s website. “The U.S. FDA has approved different types of HPV vaccines listed on this Precision Vaccinations webpage.”

Last but not least tomorrow is the opening day for the Federal Employees Benefits Open Season for 2022. Here’s a link to today’s FedWeek report on the big day. “There will be 275 [FEHB] plan choices—down by one after a few dropouts and additions—including 18 nationwide plan choices open to all, four available only to certain groups, and the rest available regionally.” December 13 is the closing day of this Open Season.

Cybersecurity Saturday

From Capitol Hill, the House of Representatives passed the Senate’s bipartisan $1 trillion infrastructure bill on a bipartisan 228-to-206 vote. Data Center Knowledge discusses how the $2 billion in the bill targeted at cybersecurity will be spent. The key comment is “The Infrastructure Bill Is the Carrot — The Stick May Come Later.”

In this regard, ZDNet adds that

Four US Senators have introduced a new bipartisan amendment to the [must pass] 2022 National Defense Authorization Act (NDAA) that will force critical infrastructure owners and operators as well as civilian federal agencies to report all cyberattacks and ransomware payments to CISA.

Two Democrats — Gary Peters and Mark Warner — worked alongside two Republicans — Rob Portman and Susan Collins — to push the amendment, which they said was based on Peters and Portman’s Cyber Incident Reporting Act and Federal Information Security Modernization Act of 2021.

The amendment only covers confirmed cyberattacks and not ones that are suspected. But it forces all federal contractors to report attacks. There is no fine component in the amendment, one of the many provisions senators had been fighting over for months. 

Victim[ized] organizations will have 72 hours to report attacks, another hotly debated topic among government cybersecurity experts. Some wanted it to be within 24 hours and others said it should be within a week.  

But the 72 hour limit does not apply to all organizations. Some — which the senators said included businesses, nonprofits and state and local governments — would be forced to report ransomware payments to the federal government within 24 hours of payment being made. 

From the federal government technology front —

Cyberscoop reports that “A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday [November 8], affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies.”

Cyberscoop adds

The Cybersecurity and Infrastructure Security Agency [CISA] is ordering federal agencies to patch nearly 300 known, exploited vulnerabilities in a directive published Wednesday [November 3].

It’s a change from past practice for Binding Operational Directives from the Department of Homeland Security’s main cyber wing. The orders have focused more frequently on one major vulnerability at a time, or have directed agencies to set up broader policies addressing subjects like establishing vulnerability disclosure programs. As rationale, the agency pointed to issues in Microsoft Exchange technology that suspected Chinese hackers seized upon to target victims worldwide in early 2021.

Under the order, agencies must patch vulnerabilities from a CISA-created catalog by dates that range from two weeks for flaws observed this year to six months for those prior. Further, agencies must build a process for fixing such vulnerabilities on an ongoing basis in the future.

The Wall Street Journal explains

Many of the cybersecurity gaps outlined in a new White House directive that calls on federal agencies to patch hundreds of online vulnerabilities stem from the government’s aging computer systems, current and former federal tech chiefs, lawmakers and industry analysts say.

But ongoing efforts to upgrade these systems tend to get bogged down by budget restrictions, chronic talent shortages and a revolving door of agency information-technology leaders.

As a result, some of the vulnerabilities listed in the directive, issued by the Biden Administration Wednesday, date back years in older versions of software from Microsoft Corp. and other large technology firms. Agencies that haven’t continually upgraded these and other apps may lack protections needed to ward off the kinds of organized, sophisticated and widespread attacks that have crippled public- and private-sector systems in recent years.

Also Cyberscoop notes that

The Biden administration is working on an executive order that spells out the responsibilities of myriad top cybersecurity officials in the federal government, National Cyber Director Chris Inglis said Wednesday. Specifically, the idea would be to solidify the position of his office, only established by law in January, Inglis told the House Homeland Security Committee.

From the defense contractor front, Nextgov informs us that

The Defense Department is significantly scaling back a program it rolled out last year to validate the cybersecurity of its suppliers through third-party audits and is halting its implementation until the changes are official.

The program was supposed to be implemented over a five-year period with the ultimate goal of requiring every defense contractor in possession of certain controlled but unclassified information to obtain a certificate from a third-party assessor indicating their adherence to the Cybersecurity Maturity Model Certification standard. A number of programs within DOD were selected to pilot the program this year. Now, the Pentagon says it is looking to streamline the program—into CMMC 2.0—and make it more collaborative with industry in two new rulemakings through the Code of Federal Regulations.

“Until the CMMC 2.0 changes become effective through both the title 32 CFR and title 48 CFR rulemaking processes, the department will suspend the CMMC piloting efforts, and will not approve inclusion of a CMMC requirement in DoD solicitations,” reads a notice set to publish Friday in the Federal Register. “The CMMC 2.0 program requirements will not be mandatory until the title 32 CFR rulemaking is complete, and the CMMC program requirements have been implemented as needed into acquisition regulation through title 48 rulemaking.”

At the heart of CMMC was an assertion by Pentagon officials that the current system of allowing defense contractors to self-attest, or simply pledge, their adherence to cybersecurity standards outlined by the National Institute of Standards and Technology is not working. The officials pointed to continued theft of intellectual property by Chinese nation-state actors as their chief indicator.

In preventive steps news, Health IT Security tells us that

Healthcare organizations can have the most sophisticated internal security protocols, but failing to assess third-party risk may leave organizations vulnerable to data breaches nonetheless.

Threat actors are increasingly using third-party business associates as entry points into customer networks. Once inside the network, the malicious hackers may be able to encrypt files, access sensitive health data, and deploy ransomware on any organization that the associate does business with.

Hackers using third-party entities as an attack vector became a very prevalent threat in July 2021, when REvil threat actors launched a ransomware attack against IT management software company Kaseya and compromised the data of over 1,500 of its customers.

According to Jeremy Huval, HITRUST’s chief innovation officer, the Kaseya attack signaled an increase in impactful and frequent supply chain cyberattacks and underscored the need for better third-party risk management procedures.

Last but not least here is a link to the Bleeping Computer’s latest The Week in Ransomware.

The FBI issued advisories this week warning that HelloKitty has added DDoS attacks to their arsenal, that ransomware gangs commonly conduct attacks “during time-sensitive financial events,” and that gangs are targeting tribal-owned businesses, including casinos.