Tuesday Tidbits

Generative AI

Tuesday Tidbits

David ErmerACA, Generative AI, Rx coverage, Telehealth, U.S. Healthcare
Photo by Patrick Fore on Unsplash

From the public health front,

  • Health Affairs reports
    • “National health expenditures are projected to grow 5.4 percent, on average, over the course of 2022–31 and to account for roughly 20 percent of the economy by the end of that period. The insured share of the population is anticipated to exceed 92 percent through 2023, in part as a result of record-high Medicaid enrollment, and then decline toward 90 percent as coverage requirements related to the COVID-19 public health emergency expire. The prescription drug provisions of the Inflation Reduction Act of 2022 are anticipated to lower out-of-pocket spending for Medicare Part D enrollees beginning in 2024 and to result in savings to Medicare beginning in 2031.”
  • The U.S. Preventive Health Services Task Force gave an inconclusive grade to screening for lipid disorders in children and adolescents 20 years or younger.
  • The Wall Street Journal offers ways to protect yourself and your family against the ill effects of forever chemicals that may be in your tap water or else in your homes.

From the regulatory front,

  • The Food and Drug Administration “publishedsafety communication to warn consumers not to use ultrasound medical devices manufactured and distributed by RoyalVibe Health, CellQuicken, and Well-Being Reality. The devices have not been reviewed by the FDA. The safety and effectiveness of these devices have not been established to diagnose, treat, or cure medical conditions.”
  • HMFA informs us
    • “Hospital price transparency regulations are undergoing changes heading into their fourth year as CMS seeks to step up enforcement while making compliance more straightforward.
    • “As part of the 2024 proposed rule for hospital outpatient payments, CMS is adding to the requirement for hospitals to maintain a machine-readable file of their charges for services. In addition, enforcement actions against hospitals would be publicized even before assessment of civil monetary penalties.
    • “CMS said the impetus for the proposed technical requirements is feedback from “interested parties” that the files would be more beneficial if they were more standardized.
    • “In particular, IT specialists have indicated that the current flexibilities and lack of encoding specifications hinder the machine-readability of the data in the files, presenting a barrier to the intended use of the data,” CMS wrote. “Additionally, hospitals have asked us for more specificity on how they should publicly display their standard charge information, with an emphasis on how they should explain and display their payer-specific negotiated charges.”
    • “The agency also said enforcement would be easier if the files were more consistent.”

From the U.S. healthcare business front,

  • Fierce Healthcare lets us know,
    • “In the past 10 years, there has been a dramatic shift in physician practice ownership as less than half of doctors now work in private practices, according to a new analysis.
    • “Between 2012 and 2022, the share of physicians working in private practices fell by 13 percentage points from 60.1% to 46.7%.
    • “In contrast, the share of physicians working in hospitals as direct employees or contractors increased from 5.6% to 9.6% in the same 10-year time period, and the share of physicians working in practices at least partially owned by a hospital or health system increased from 23.4% to 31.3%, according to a benchmark analysis the American Medical Association. * * *
    • “In 2022, 4.5% of physicians worked in a practice owned by a private equity group, similar to the percentage in 2020 when the AMA first added private equity to the analysis.
    • “According to the analysis, there also has been a redistribution of physicians from small to large practices. The share of physicians in small practices (10 or fewer physicians) shrank from 61.4 % to 51.8% between 2012 and 2022. Conversely, the share of physicians in large practices (50 physicians or more) grew from 12.2% to 18.3% in the same 10-year time period.
    • “The shares of physicians in mid-sized practices (those with 11 to 24 and 25 to 49 physicians) remained relatively stable over the last decade.”
  • BioPharma Dive informs us,
    • “Biotechnology startup creator Flagship Pioneering is teaming up with Pfizer to develop 10 new drug candidates, with each company pledging to invest $50 million in the new effort.
    • “Together, Flagship and Pfizer will take stock of the technologies available to the former firm and its affiliated startups, hunting for opportunities to develop medicines aligned with Pfizer’s research priorities. Per deal terms announced Tuesday, Pfizer will fund the development of selected medicines, each of which it can choose to acquire later.
    • “The collaboration involves Flagship’s “Pioneering Medicines” initiative, which has struck similarly structured deals in the recent past with Novo Nordisk and the Cystic Fibrosis Foundation.”
  • Healthcare Dive relates,
    • “Teladoc Health is expanding its partnership with Microsoft, announcing plans to add artificial intelligence tools for clinical documentation to its telehealth platform for hospitals and health systems.
    • “The companies will work to integrate Microsoft Azure’s OpenAI Service and Cognitive Services and Microsoft-owned Nuance’s Dragon Ambient eXperience into its Solo platform, allowing physicians to automatically transcribe clinical notes during virtual patient exams.
    • “Teladoc’s medical group also plans to use DAX Express, a version of the medical scribe that uses the large language model GPT-4 and doesn’t require human authentication, the New York-based telehealth vendor said. Financial terms of the deal were not disclosed.”

From the Rx coverage front, the Drug Channel blog delves into the biosimilars’ challenge to Humira. The article illustrates the relatively new distinction between low-list drug prices and high-list drug prices. Low list prices do not include a manufacturer rebate. The FEHBlog understands that the distinction is driven by the Inflation Reduction Act.

Monday Roundup

David ErmerACA, COVID-19, FDA, Generative AI, Rx coverage, Telehealth, U.S. Healthcare
Photo by Sven Read on Unsplash

From the public health front —

  • The Wall Street Journal reports
    • “Parents have a new tool to protect their newborns from a common but potentially deadly respiratory virus that sends tens of thousands of babies to the hospital each year.
    • “The Food and Drug Administration on Monday approved the first drug to protect all infants against respiratory syncytial virus. RSV is the leading cause of hospitalization of infants in the U.S., killing as many as 300 children under the age of 5 each year.  
    • “The FDA said it approved the drug Beyfortus from Sanofi and AstraZeneca based on studies that found it safely prevented the lower respiratory tract infections caused by the virus. * * *
    • “While Beyfortus isn’t a vaccine, it has a similar objective. The injection gives infants antibodies to neutralize the virus before their immune systems are mature enough to generate them on their own.  * * *
    • “Sanofi plans to make Beyfortus available in time for this year’s RSV season. Before the drug can become widely available, CDC advisers will need to recommend the drug’s use.”  
  • The FEHBlog’s favorite columnist on Covid, the New York Times David Leonhardt, let us know, “The United States has reached a milestone in the long struggle against Covid: The total number of Americans dying each day — from any cause — is no longer historically abnormal.” Consequently, the pandemic era is over.
  • In other Covid news, Medscape tells us,
    • “An air monitor made by researchers at Washington University in St. Louis can detect COVID-19 virus in a room with an infected person within 5 minutes. 
    • “The project was a collaboration among researchers from the university’s engineering and medical schools. Nature Communications published the results of their work in the journal’s Monday edition. * * *
    • “The team tested their device both in laboratory experiments where they released aerosolized SARS-CoV-2 into a room-sized chamber, as well as in the apartments of two people who were COVID-positive.
    • “There is nothing at the moment that tells us how safe a room is,” Washington University neurology professor John Cirrito, Ph.D., in a statement. “If you are in a room with 100 people, you don’t want to find out 5 days later whether you could be sick or not. The idea with this device is that you can know essentially in real-time, or every 5 minutes if there is a live virus in the air.”
    • “Their goal is to develop a commercially available air quality monitor, the researchers said.” 
  • Cigna discusses how to help women to stay on track with screenings for common cancers.
  • KFF explains why different BMI standards apply to older folks. For example,
    • “Epidemiologic research suggests that the ideal body mass index (BMI) might be higher for older adults than younger adults. (BMI is a measure of a person’s weight, in kilograms or pounds, divided by the square of their height, in meters or feet.)
    • “One large, well-regarded study found that older adults at either end of the BMI spectrum — those with low BMIs (under 22) and those with high BMIs (over 33) — were at greater risk of dying earlier than those with BMIs in the middle range (22 to 32.9).
    • “Older adults with the lowest risk of earlier deaths had BMIs of 27 to 27.9. According to World Health Organization standards, this falls in the “overweight” range (25 to 29.9) and above the “healthy weight” BMI range (18.5 to 24.9). Also, many older adults whom the study found to be at the highest mortality risk — those with BMIs under 22 — would be classified as having “healthy weight” by the WHO.
    • “The study’s conclusion: “The WHO healthy weight range may not be suitable for older adults.” Instead, being overweight may be beneficial for older adults, while being notably thin can be problematic, contributing to the potential for frailty.”
  • According to STAT News,
    • “At the turn of the century, nearly 18 million women in the United States were battling hot flashes, night sweats, and other symptoms of menopause with hormones. But in 2002, the therapy went into a free-fall when a landmark trial suggested treating menopause with estrogen and progesterone increased the risk of breast cancer and cardiovascular disease. The study was shut down early — and a year later, prescriptions had plummeted to nearly half what they had been in 2001.
    • “More than two decades later, menopause experts have come to think about the results of the trial very differently. Newer research points to more benefits than risks for many healthy women under 60 treating menopause symptoms with hormone therapy. But many women who are good fits still aren’t getting treatment. “The pendulum has been slowly — too slowly — swinging back,” said OB-GYN Mike Green, chief medical officer of menopause telehealth company Winona
    • “Winona is part of a new generation of virtual-first health care companies aiming to give that pendulum a push. In the last five years, more than a dozen telehealth companies have started up to serve women in and approaching menopause, including with hormone therapy. 
    • “Women fall through the cracks,” said internist Lisa Larkin, president-elect of The Menopause Society and founder of concierge women’s health network Ms. Medicine. “That’s why the telemedicine business is booming.” 

From the Alzheimer’s Disease front,

  • Medscape tells us,
    • “Eastern and southeastern areas of the US have the highest rates of Alzheimer’s disease (AD), new research shows.
    • “Investigators at Rush University in Chicago, Illinois, found AD prevalence was highest in Maryland, New York, Mississippi, and Florida. At the county level, Miami-Dade in Florida, Baltimore in Maryland, and the Bronx in New York were among the US counties with the highest prevalence of the disease.
    • “Such geographical variations may be due to the unique make-up of regional populations, study investigator Kumar Rajan, PhD, professor of Medicine and director of Rush Institute for Healthy Aging, Rush University Medical Center, in Chicago, told Medscape Medical News.”
  • STAT News relates,
    • Medicare on Monday proposed ending restrictions on how many PET scans patients can receive to detect amyloid plaques in their brains, which will offer physicians more options as they treat patients with a new drug to slow the progression of dementia.
    • The agency that oversees Medicare had previously restricted coverage to a single scan for patients who participated in clinical studies. Advocates had warned that it could cause issues related to a new class of Alzheimer’s drugs designed to clear those plaques.
  • BioPharma Dive calls our attention to
    • “A closely watched experimental drug for Alzheimer’s disease slowed the decline patients typically experience by about half a year in a key clinical trial, according to new results released Monday.
    • “The drug, called donanemab, is being developed by Eli Lilly and works in a similar way as two other medicines recently approved in the U.S. to treat Alzheimer’s. These therapies are designed to break up clusters of “amyloid beta,” a mutated protein that forms toxic brain plaques and has long been viewed as a root cause of the disease. * * *
    • “Along with its presentation, Lilly disclosed it had completed its approval application to the FDA and expects a verdict by the end of the year. The results were also published in the medical journal JAMA.”
  • Reuters adds,
    • “Alzheimer’s disease experts are revamping the way doctors diagnose patients with the progressive brain disorder – the most common type of dementia – by devising a seven-point rating scale based on cognitive and biological changes in the patient.
    • “The proposed guidelines, unveiled by experts on Sunday in a report issued at an Alzheimer’s Association conference in Amsterdam, embrace a numerical staging system assessing disease progression similar to the one used in cancer diagnoses. They also eliminate the use of terms like mild, moderate and severe.”

From the generative AI front, Fierce Healthcare explains how Blue Cross licensee HCSC is using AI to speed up prior authorization.

From the U.S. healthcare business front,

  • The American Hospital Association informs us,
    • “The Federal Trade Commission July 14 voted 3-0 to withdraw two antitrust policy statements related to enforcement in health care markets, calling the 1996 and 2021 statements outdated. The Department of Justice withdrew the same statements in February.  
    • “AHA is deeply disappointed that the FTC made the same mistake as the DOJ in withdrawing antitrust guidelines for hospitals and other health care providers,” said AHA General Counsel & Secretary Melinda Hatton. “Over the years, AHA has urged both federal antitrust agencies to modernize the guidelines to accommodate the need for more flexibility in enforcement actions to support hospitals’ ability to navigate a changing healthcare landscape. And AHA was instrumental in securing appropriate ACO guidance that allowed hospitals to fully participate in that important program. Withdrawing all the guidance without consultation with the field is both unnecessary and reckless.”
  • According to STAT News,
    • “Sanofi will license a new CRISPR enzyme from the startup Scribe Therapeutics in a bid to be the first to develop a safer, simpler, and more scalable cure for sickle cell disease.
    • “The French drugmaker will pay Scribe $40 million upfront and promise another $1.2 billion in potential milestones to license a DNA-cutting enzyme called CasX for use in a potential single-infusion treatment for the serious blood disorder — what’s known as in vivo therapy. CasX was discovered in CRISPR pioneer Jennifer Doudna’s lab, which subsequently spun out Scribe. * * *
    • “The company will have competition on tackling sickle cell in new ways. In 2021, Novartis started collaborating with the Gates Foundation to develop an in vivo therapy. The base editing company Beam Therapeutics has presented data on an approach that still requires cells to be edited outside the body but is much less toxic. And Sana Biotechnology has a program that hopes to target stem cells with virus-like particles. None of the companies, however, have yet begun clinical trials. 

In employment news,

  • HR Dive reports,
    • “The Occupational Safety and Health Administration published Friday its final electronic recordkeeping rule requiring employers with 100 or more employees in certain industries to submit information from the agency’s Forms 300 and 301 once per year.
    • “OSHA’s rule also updates its system for determining which industries are subject to the information submission requirement. In a departure from the proposed rule, OSHA has retained the requirement for employers with 250 or more employees to electronically submit information from Form 300A once per year. Additionally, employers with 20 to 249 employees in certain designated industries will continue to be required to electronically submit information from Form 300A once per year.
    • “Per the rule, the agency will post data gathered via these submissions on a public website, with identifying information — such as employees’ names and contact information — removed. The final rule is effective Jan. 1, 2024.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front —

  • Homeland Security Today reports
    • “This week, U.S. Senators Gary Peters (D-MI), Chairman of the Homeland Security and Governmental Affairs Committee, and Josh Hawley (R-MO), along with U.S. Representatives James Comer (R-KY) and Jamie Raskin (D-MD), Chairman and Ranking Member of the Committee on Oversight and Accountability, and Nancy Mace (R-SC) and Gerald E. Connolly (D-VA), Chairwoman and Ranking Member of the Subcommittee on Cybersecurity, Information Technology, and Government Innovation, introduced bicameral, bipartisan legislation to protect federal information technology systems. 
    • “The Federal Information Security Modernization Act (FISMA) of 2023 would improve coordination across the federal government to help civilian federal agencies and contractors protect their networks against cybersecurity threats. It also clarifies roles and responsibilities for key agencies that lead federal information security policy and operations.”
  • Cybersecurity Dive tells us,
    • The Biden administration released its implementation plan for the national cybersecurity strategy Thursday, delegating cyber initiatives to a smattering of government agencies.
    • The plan, which is designed to guide the government’s completion of the national cybersecurity strategy, comes four months after the policy blueprint was unveiled.
    • “If the strategy represents the president’s vision for the future, then this implementation plan is the roadmap to get there,” Kemba Walden, acting national cyber director, said Wednesday during a press briefing.
    • “Fundamentally, we are publishing this plan because we will only achieve our goals with a whole-of-society approach,” Walden said. * * *
    • The 57-page document divides the five pillars and 27 objectives of the national cybersecurity plan into a broader series of initiatives.
    • While the implementation plan calls for the majority of initiatives to be completed before the end of fiscal year 2024, 11 are slated to be done in FY23, which closes at the end of September.
  • Cyberscoop adds
    • “As a concept, I generally like the idea of pushing to try and harmonize regulations. There are so many different regulations for different sectors out there that it can be a little bit confusing for owner-operators,” said Will Loomis, associate director of the Atlantic Council’s Cyber Statecraft Initiative.
    • “In pushing for one big set of regulation for all critical infrastructure, you kind of risk missing a lot of the nuance that exists in the differentiation and the realities of different critical infrastructure sectors,” Loomis said.
    • “And as the U.S. government works to assess the scope of the Chinese hacking campaign that utilized a flaw in Microsoft’s cloud computing systems, Loomis said he was disappointed that the implementation plan did not look more closely at cloud security.”
  • The Wall Street Journal points out,
    • “The hack of email accounts of senior U.S. officials including the commerce secretary is the latest feat from a network of Chinese state-backed hackers whose leap in sophistication has alarmed U.S. cybersecurity officials. 
    • “The espionage was aimed at a limited number of high-value U.S. government and corporate targets. Though the number of victims appeared to be small, the attack—and others unearthed in the past few months linked to China—demonstrated a new level of skill from Beijing’s large hacker army and prompted concerns that the extent of its infiltration into U.S. government and corporate networks is far greater than currently known.”
  • In sum, crafting an effective cybersecurity strategy is a tall order.

From the cybersecurity vulnerabilities and breaches front —

  • Bleeping Computer reported on July 11,
    • “HCA Healthcare disclosed a data breach impacting an estimated 11 million patients who received care at one of its hospitals and clinics after a threat actor leaked samples of the stolen data on a hacking forum.
    • “HCA Healthcare is one of America’s largest healthcare facility owners and operators, with 182 hospitals and 2,200 care centers across 21 U.S. states and the United Kingdom.
    • “As first reported by DataBreaches.net, on July 5th, 2023, a threat actor began selling data allegedly belonging to HCA Healthcare on a forum used to sell and leak stolen data. This forum post includes samples of the stolen database, which they claim consists of 17 files and 27.7 million database records.
    • “The threat actor claims that the stolen data consists of patient records created between 2021 and 2023.
    • “The threat actor initially did not offer the database for sale but instead used the post to blackmail HCA Healthcare, giving them until July 10th to” “meet the demands.” This is likely related to financial demands, although it wasn’t explicitly mentioned.
    • “However, after not receiving a response from HCA, the hacker began selling the full database, with other threat actors expressing interest in purchasing the data.”
  • Cybersecurity Dive offers an update on the slow-moving MOVEit file transfer disasters.
    • “More than 300 organizations have been impacted by Clop’s mass exploitation of a zero-day vulnerability that Progress Software first disclosed in late May, according to threat analysts and researchers. Five additional vulnerabilities in the file-transfer service have subsequently been discovered.”
  • Speaking of zero-day vulnerabilities, Security Week reported on July 11
    • “In an unusual move, Microsoft documented “a series of remote code execution vulnerabilities” impacting Windows and Office users and confirmed it was investigating multiple reports of targeted code execution attacks using Microsoft Office documents.
    • “Redmond’s security response pros tagged the unpatched Office flaws with the CVE-2023-36884 identifier and hinted that an out-of-band patch may be released before next month’s Patch Tuesday.”
  • The Cybersecurity and Infrastructure Security Agency (CISA) added five known exploited vulnerabilities to its catalog on July 11 and two more on July 13.
  • HHS’s Health Sector Cybersecurity Coordination Center released its report on June Vulnerabilities of Interest to the Health Sector.
    • “In June 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for June are from Microsoft, Google/Android, Apple, Mozilla, SAP, Cisco, Fortinet, VMWare, and MOVEit. A vulnerability is given the classification as a zero-day if it is actively exploited with no fix available or is publicly disclosed. HC3 recommends patching all vulnerabilities with special consideration to the risk management posture of the organization.”
  • HC3 also posted a PowerPoint titled “Artificial Intelligence, Cybersecurity and the Health Sector.”
  • Health IT Security points out
    • The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) issued a new publication entitled “Health Industry Cybersecurity Coordinated Healthcare Incident Response (HIC-CHIRP).”
    • HIC-CHIRP provides healthcare organizations with a template for navigating a coordinated incident response when faced with disruptive cyber incidents. Specifically, the publication seeks to address healthcare-specific gaps in existing incident response resources.

In ransomware news,

  • Bleeping Computer lets us know,
    • “Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small.
    • “According to a report by blockchain analysis firm Chainalysis, ransomware is the only cryptocurrency crime category seeing a rise this year, with all others, including hacks, scams, malware, abuse material sales, fraud shops, and darknet market revenue, recording a steep decline.”

From the cybersecurity defenses front —

  • CSO Online shares best practices for an effective cybersecurity strategy.
  • Tech Republics discusses Gartner’s 2023-24 cybersecurity outlook.
  • Forbes offers twenty cybersecurity training tips designed to make the training “stick.”

Thursday Miscellany

David ErmerCongress, COVID-19, COVID-19 vaccine, Generative AI, Medicare, Mental health care, U.S. Healthcare
Photo by Josh Mills on Unsplash

From Washington DC —

  • The Food and Drug Administration announced
    • approve[ing] Opill (norgestrel) tablet for nonprescription use to prevent pregnancy— the first daily oral contraceptive approved for use in the U.S. without a prescription. Approval of this progestin-only oral contraceptive pill provides an option for consumers to purchase oral contraceptive medicine without a prescription at drug stores, convenience stores and grocery stores, as well as online.
  • The New York Times adds,
    • The pill’s manufacturer, Perrigo Company, based in Dublin, said Opill would most likely become available from stores and online retailers in the United States in early 2024.
  • The OTC contraceptive will be available with no member cost sharing from FEHB plan network pharmacies due to the Affordable Care Act’s contraceptive mandate. Per the New York Times,
    • The company did not say how much the medication would cost — a key question that will help determine how many people will use the pill — but Frédérique Welgryn, Perrigo’s global vice president for women’s health, said in a statement that the company was committed to making the pill “accessible and affordable to women and people of all ages.”
  • The American Hospital Association informs us
    • “The Centers for Medicare & Medicaid Services July 13 issued a proposed rule that would increase Medicare hospital outpatient prospective payment system rates by a net 2.8% in calendar year 2024 compared to 2023. This includes a proposed 3.0% market basket update, offset by a 0.2% cut for productivity.”
  • and
    • “The Centers for Medicare & Medicaid Services July 13 released its calendar year 2024 proposed rule for the physician fee schedule. The rule proposes a decrease to the conversion factor by 3.34%, to $32.75 in calendar year 2024, as compared to $33.89 in CY 2023. This reflects the expiration of the 2.5% statutory payment increase for CY 2023; a 1.25% statutory payment increase for 2024; a 0.00% conversion factor update under the Medicare Access and CHIP Reauthorization Act; and a -2.17% budget-neutrality adjustment.  * * * 
      “CMS also proposes several provisions to advance access to behavioral health services. For example, it would create a new benefit category for marriage and family therapists and mental health counselors under Part B. In addition, CMS would establish new payment codes for mobile psychotherapy for crisis services.”\
  • The public comment deadline for both proposed rules is September 11, 2023.
  • STAT News reports
    • “A key Senate health care panel has developed a plan to tackle reforms to middlemen in the pharmacy drug payment system, according to bill text obtained by STAT.
    • “The draft legislation, authored by Senate Finance Chair Ron Wyden (D-Ore.) and ranking member Mike Crapo (R-Idaho), includes several measures to regulate how pharmacy benefit managers are paid by health plans to negotiate with drugmakers.
    • “The most significant measure is a bill from Sens. Bob Menendez (D-N.J.) and Marsha Blackburn (R-Tenn.) that would prohibit PBMs from getting any income outside of service fees, and prohibits those service fees from being related to drugs’ list prices.
    • “Other provisions include a bill from Sens. Catherine Cortez Masto (D-Nev.) and Thom Tillis (R-N.C.) to require PBMs to send annual reports to Medicare insurance plans about their rebate and price negotiations, a policy that would ban PBMs from charging Medicaid more than they pay for drugs (a practice called spread pricing), and a mandate for the Department of Health and Human Services to outline acceptable performance measures for pharmacies.”

From the public health front

  • The Wall Street Journal reports
    • Two different arms of the World Health Organization released separate findings on the widely used sweetener aspartame—one calling it safe and the other identifying it as a possible cancer hazard.
    • Here’s what you need to know:
    • Is it safe to drink Diet Coke?
      • Yes, in moderate amounts. Food regulators around the world agree that aspartame is safe. Aspartame has been studied for decades. The WHO reaffirmed its recommendation that people consume no more than 40 milligrams of aspartame a day for each kilogram they weigh—which would be a lot of soda.
      • With around 200 mg of aspartame per 12-ounce can of Diet Coke, that is roughly 16 cans a day for a 175-pound person. People get aspartame from some other food sources, though, and often the presence or amounts of aspartame in them aren’t disclosed. The WHO and other health experts also caution against consuming large amounts of sweetened products, including soda. They recommend drinking water instead.
      • “This is particularly important for young children” whose tastes are developing, said Dr. Francesco Branca, director of the WHO’s department of nutrition and food safety.
    • Obviously, the article continues on with other FAQs, but this is the one that caught the FEHBlog’s attention.
  • The U.S. Preventive Services Task Force finalized its research plan for chronic kidney disease screening.
  • STAT News tells us
    • “Amid ongoing controversy over the cost of medicines, a key Biden administration official told Covid-19 vaccine manufacturers that their next round of shots should be priced reasonably, a move that comes after two key suppliers were accused of price gouging.”
  • The CMS Administration informed insurers and others
    • “As we look toward efforts to provide updated COVID-19 vaccines this fall, we know you may have questions about the shift away from U.S. Government purchasing of vaccines to a more traditional commercial market. To be clear, that shift has not yet occurred, and the currently authorized and approved COVID-19 vaccines continue to be free and widely available nationwide. We also wanted to send these reminders from the Centers for Medicare & Medicaid Services (CMS) about COVID-19 vaccine coverage and encourage you to start planning now for the fall vaccination campaign.
    • “[M]ost private health insurance, like employer-sponsored plans, Marketplace plans, and other individual market coverage that is subject to the Affordable Care Act (ACA) market reforms are required to cover vaccines for COVID-19 authorized for emergency use or approved by the FDA and recommended by the ACIP and their administration, without patient cost-sharing.”
  • Fierce Healthcare relates
    • The Centers for Medicare & Medicaid Services (CMS) is recommending preexposure prophylaxis (PrEP) with oral or injectable antiretroviral therapy to people at risk of HIV without patient cost sharing. * * *
    • Currently, Medicare beneficiaries are only guaranteed access to daily oral PrEP through Part D, facing out-of-pocket costs, said Carl Schmid, executive director of the HIV+Hepatitis Policy Institute. Injectable PrEP has not been covered traditionally.
  • Roll Call points out
    • “One year after the creation of the three-digit crisis hotline known as 988, officials say the next step is expanding awareness and local crisis care.
    • “More than 4 million people have called, texted or chatted the suicide prevention hotline in the year since its creation, according to Laurel Stine, executive vice president and chief policy officer for the American Foundation for Suicide Prevention.
    • “She estimates that number will grow in the next fiscal year to 9 million contacts.
    • “We have to be mindful that Rome was not built in a day,” she said. “We’ve had a fragmented mental health behavioral health crisis system for a number of years.”
  • Forbes reports on the “worsening” cancer drug shortage which it describes as a resolvable public health emergency.

From the generative AI front —

  • Healthcare Dive notes
    • Generative artificial intelligence could capitalize on the healthcare industry’s wealth of unstructured data, alleviating provider documentation burden and improving relationships between patients and their health plans, according to a new report by consulting firm McKinsey.
    • The report argues generative AI could help payers quickly pull benefits material for members or help call center workers aggregate information during conversations about claims denials. Providers could use AI to take conversations with patients and turn them into clinical notes, create discharge summaries or handle administrative questions from workers at health systems.
    • But healthcare leaders should start planning now if they want to use generative AI, as the risks can be high, the report said. Data fidelity and accuracy is key, so executives should begin assessing the quality of their AI tech stacks and considering potential problems like bias and privacy concerns, according to McKinsey.
  • Econtalk host Russ Roberts held an informative interview with Marc Andreessen about generative AI.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity breaches and vulnerability front —

  • Cybersecurity Dive informed us on July 5,
    • “The widely exploited vulnerability in Progress Software’s MOVEit file transfer service has impacted nearly 200 organizations, according to Brett Callow, a threat analyst at Emsisoft.
    • “The scope of damage caused by Clop’s mass exploit of a zero-day vulnerability in MOVEit continues to snowball as third-party vendors expose multiple downstream victims. Progress discovered the zero-day over Memorial Day weekend on May 28.
    • “Despite the number of victims so far, experts anticipate more will come forward. “While many organizations have made a disclosure, a significant number have yet to do so,” Callow said via email.
    • “Progress on Wednesday released another update, including security fixes, and said it will consistently release MOVEit product updates every two months going forward.”
  • Here is a Cybersecurity and Infrastructure Security Agency (CISA) link about the Progress Software MOVEit patch.
  • CISA added another known exploited vulnerability yesterday.
  • On July 6, CISA issued a “Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants.”
    • “The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. Based on confirmation from open-source reporting and analytical findings of Truebot variants, the four organizations assess cyber threat actors leveraged the malware through phishing campaigns containing malicious redirect hyperlinks.
    • “Additionally, newer versions of Truebot malware allow malicious actors to gain initial access by exploiting a known vulnerability with the Netwrix Auditor application (CVE-2022-31199). As recently as May 2023, cyber threat actors used this common vulnerability and exposure to deliver new Truebot malware variants and to collect and exfiltrate information against organizations in the U.S. and Canada.
    • “CISA, FBI, MS-ISAC, and the CCCS encourage all organizations to review this joint advisory and implement the recommended mitigations contained therein—including applying patches to CVE-2022-31199, to reduce the likelihood and impact of Truebot activity, as well as other ransomware-related incidents.” 
  • Bleeping Computer reports
    • “CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and addressed with this month’s Android security updates.
    • “The flaw (tracked as CVE-2021-29256) is a use-after-free weakness that can let attackers escalate to root privileges or gain access to sensitive information on targeted Android devices by allowing improper operations on GPU memory.
    • “A non-privileged User can make improper operations on GPU memory to gain access to already freed memory and may be able to gain root privilege, and/or disclose information,” Arm’s advisory reads.”
  • and
    • “Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
    • “Two samples of the malware have been analyzed before by cybersecurity company Fortinet, who looked at the infection vector and how the malware executes.
    • “Today [July 8], Trend Micro published a technical report on Big Head that claiming that both variants and a third they sampled originate from a single operator who is likely experimenting with different approaches to optimize their attacks.”
  • Cybersecurity Dive points out
    • “More than two-thirds of Fortinet’s FortiGate firewalls remain at risk of exploits through a vulnerability the company disclosed on June 12, according to research Bishop Fox released Friday.
    • “Researchers at Bishop Fox, an offensive security testing firm, identified 490,000 affected SSL VPN interfaces exposed to the internet and determined 69%, around 338,000, of those FortiGate firewalls are unpatched.
    • “The heap-based overflow vulnerability, CVE-2023-27997, could allow a remote attacker to execute arbitrary code or commands and has a CVSS score of 9.8 out of 10.”
  • ISACA warns us
    • “In the US, the FBI and FCC recently warned that free USB charging stations in public spaces, such as airports, hotels, hospitals, business buildings and any other type of publicly available location, can have devices hidden within them to steal data, spread malware and commit other malicious activities broadly referenced as juice jacking. The term “juice jacking” started being used several years ago to mean that while individuals using USB charging ports to charge (or “juice”) their phones, they were also having their data highjacked (“jacked”) through malicious, unnoticed skimming tech. I actually started covering this risk at a few onsite security and privacy training courses in 2010 when I first became aware of what was then an emerging new threat from a business friend, an electrical engineer, who I think may have invented what the first juice jack blocker—a data blocker for USB ports was.
    • “The malicious USB charging connection not only gives access to the phone apps and data, but it creates a connection to all the networks that the phone is connected to that do not have active access controls and blocks established when the phone was connected to the USB charger. So, malicious USB charging ports, cables and possibly other components of the public charging stations can also be used to plant ransomware, keystroke loggers and other types of malware, GPS tracking and audio eavesdropping. They can also take control of the device being charged. All these malicious activities can occur not only on the device being charged (phone, laptop, tablet, etc.) but also on devices and network components within those other connected networks.”
  • The FEHBlog notes the ISACA article offers the following suggestions plus policy advice
    • “Juice jack blockers attach to the end of your USB cable to protect against skimmers when you charge your devices in public places. This is not as bulky as hauling around most portable chargers and extra cables. I’ve purchased USB juice jack blockers for as low as two for US$12. They’re small and easily fit in a pocket without any bulkiness.
    • “It’s also a good idea to travel with personal charging devices. While not as small as juice jack blockers, they have become much smaller, with much more power, and less expensive in recent years. They limit the need to use public chargers at all.
    • “Ideally, it would be best to make sure only non-data power-only ports and cables are used in public areas. However, most cables used to support data transfer, and there is not an easy way for most folks to visually tell if a cable is charge-only.”

From the cybersecurity defenses front —

  • Cybersecurity Dive discusses “the role for AI in cybersecurity; generative AI can be an ally for new security professionals. For more seasoned security analysts, it can offer time to refine their skills through automation of repetitive tasks.” Check it out.

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front

  • Cybersecurity Dive reports
    • “The White House outlined its cybersecurity budget priorities for fiscal year 2025 in a memorandum sent to executive departments and agencies Tuesday.
    • “The Biden administration is looking to connect cybersecurity investments to the five pillars of the national cybersecurity strategy it released in early March, the document shows.
    • “The letter, signed by Acting National Cyber Director Kemba Walden and Office of Management and Budget Director Shalanda Young, advises federal agencies to prioritize spending on critical infrastructure defense, disrupting and dismantling threat actors, software that is secure by design, resiliency and international partnerships. * * *
    • “Agencies that bear responsibility for disrupting ransomware are advised to submit budgets that prioritize staff resources to investigate ransomware, disrupt ransomware infrastructure and participate in interagency task forces focused on cybercrime.”
  • The Government Accountability Office issued a report on launching and implementing the national cybersecurity strategy.
    • “Federal agency information systems and national critical infrastructure are vulnerable to cyberattacks.
    • “This Snapshot covers the status of the National Cybersecurity Strategy. The strategy’s goals and strategic objectives provide a good foundation, but the Administration needs to establish specific objectives and performance measures, resource requirements, and roles and responsibilities.
    • “It will be difficult to implement the strategy when the specific details have yet to be issued. The continued vacancy in the role of National Cyber Director is also a challenge.”

From the cybersecurity vulnerabilities and breaches front —

  • Health IT Security breaks down the breach reports submitted to the HHS portal in the first six months of 2023.
    • HealthITSecurity has compiled a list of the top ten biggest healthcare data breaches reported to the HHS Office for Civil Rights (OCR) data breach portal this year as of late June 2023, based on the number of individuals impacted for each event. It is important to note that this list refers to breaches reported to OCR in 2023, but a few occurred in 2022 or earlier.
    • “Some of the biggest breaches so far this year stemmed from known cybersecurity vulnerabilities in Fortra’s GoAnywhere managed file transfer (MFT) solution and attacks on other third-party vendors, while others involved direct cyberattacks against healthcare organizations.”
  • Cybersecurity Dive tells us
    • “Fallout from Clop’s mass exploit of a zero-day vulnerability in Progress Software’s MOVEit file transfer service continues to ensnare additional victims. The prolific ransomware actor is listing new compromised systems on its leak site daily and some organizations are still disclosing breaches.
    • “At least 108 organizations, including seven U.S. universities, have been listed by Clop or disclosed as having been impacted thus far, according to Brett Callow, threat analyst at Emsisoft.
    • “The University of California, Los Angeles, is the latest organization to disclose a breach of its MOVEit platform. The school’s IT security team discovered malicious activity on June 1, a spokesperson told Cybersecurity Dive. * * *
    • “Organizations are disclosing breaches weeks after Progress first acknowledged the MOVEit vulnerability and cybersecurity experts warned about mass exploits. Two additional vulnerabilities in the file-transfer service have subsequently been discovered. * * *
    • “Some organizations have been impacted due to their direct use of MOVEit while others have been exposed as a result of third-party vendors’ use of the file transfer service, including PBI Research Services and Zellis.”
  • The Cybersecurity and Infrastructure Security Agency (CISA) informs us
    • “The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working. 
    • “The 2023 CWE Top 25 also incorporates updated weakness data for recent CVE records in the dataset that are part of CISA’s Known Exploited Vulnerabilities Catalog (KEV)
    • “CISA encourages developers and product security response teams to review the CWE Top 25 and evaluate recommended mitigations to determine those most suitable to adopt. Over the coming weeks, the CWE program will be publishing a series of further articles on the CWE Top 25 methodology, vulnerability mapping trends, and other useful information that help illustrate how vulnerability management plays an important role in Shifting the Balance of Cybersecurity Risk.”
  • On June 29, 2023, CISA added eight known exploited vulnerabilities to its Catalog.
  • The Cybersecurity and Infrastructure Security Agency advises us
    • “CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible.
    • “If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance.
    • “Contact your network administrator to confirm whether the service outage is due to maintenance or an in-house network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
    • “Contact your internet service provider to ask if there is an outage on their end or if their network is the target of an attack and you are an indirect victim. They may be able to advise you on an appropriate course of action.
    • “Organizations can take proactive steps to reduce the effects of an attack—See the following guidance for more information:

From the ransomware front, here is a link to Bleeping Computer’s the Week in Ransomware.

From the cybersecurity defenses front —

  • Venture Beat reports
    • “Forrester’s recent report, The State of Cloud in Healthcare, 2023, provides an insightful look at how healthcare providers are fast-tracking their cloud adoption with the hope of getting cybersecurity under control. Eighty-eight percent of global healthcare decision-makers have adopted public cloud platforms, and 59% are adopting Kuber netesto ensure higher availability for their core enterprise systems. On average, healthcare providers spend $9.5 million annually across all public cloud platforms they’ve integrated into their tech stacks. It’s proving effective — to a point.
    • “What’s needed is for healthcare providers to double down on zero trust, first going all-in on identity access management (IAM) and endpoint security. The most insightful part of the Forrester report is the evidence it provides that continuing developments from Amazon Web ServicesGoogle Cloud PlatformMicrosoft Azure and IBM Cloud are hitting the mark with healthcare providers. Their combined efforts to prove cloud platforms are more secure than legacy network servers are resonating.”
  • CISA released cloud services guidance and resources.
  • Cybersecurity Dive points out that “Long before a data breach, well-prepared companies set up incident response teams with workers from multiple departments.”

Thursday Miscellany

David ErmerCDC, FDA, Generative AI, HSA, Mental health care, Rx coverage, SCOTUS, U.S. Healthcare
Photo by Josh Mills on Unsplash

From Washington DC, where the air quality index was code red today —

  • The Supreme Court is down to its final four pending decisions from the October 2022 term. The final decision day is tomorrow morning
  • The EEOC Chair made the following noteworthy comment on today’s Supreme Court decision on affirmation action in college admissions:
    • “Today’s Supreme Court decision effectively turns away from decades of precedent and will undoubtedly hamper the efforts of some colleges and universities to ensure diverse student bodies. That’s a problem for our economy because businesses often rely on colleges and universities to provide a diverse pipeline of talent for recruitment and hiring.  Diversity helps companies attract top talent, sparks innovation, improves employee satisfaction, and enables companies to better serve their customers”.
    • “However, the decision in Students for Fair Admissions, Inc. v. President & Fellows of Harvard College and Students for Fair Admissions, Inc. v. University of North Carolina does not address employer efforts to foster diverse and inclusive workforces or to engage the talents of all qualified workers, regardless of their background. It remains lawful for employers to implement diversity, equity, inclusion, and accessibility programs that seek to ensure workers of all backgrounds are afforded equal opportunity in the workplace.”
  • Govexec tells us
    • “The Supreme Court on Thursday ruled against the U.S. Postal Service in its attempts to require any employee to work on Sundays, even when it conflicted with their religious observances. 
    • “In a unanimous decision [interpreting Title VII of the Civil Rights Act of 1964], the top court reversed decades of precedent in determining that employers like USPS have to demonstrate more than a de minimis burden to avoid their otherwise mandated obligations to provide reasonable religious accommodations. The justices sent the case back to a lower court to determine whether, given the specifics of the case, the Postal Service could come up with other means to keep a letter carrier on the payroll without requiring him to work on Sundays.”

From the public health front —

  • The American Hospital Association informs us
    • “As proposed by its Advisory Committee on Immunization Practices, the Centers for Disease Control and Prevention [(CDC)] today recommended a single dose of the GSK or Pfizer Respiratory Syncytial Virus vaccine for people aged 60 and older who decide with their health care provider that the vaccine would benefit them. The Food and Drug Administration last month approved the vaccines for use in individuals 60 and older. The first U.S.-licensed vaccines to protect against RSV, they are expected to be available this fall.”
  • The CDC announced
    • “CDC Director Rochelle P. Walensky, M.D., M.P.H. adopted the 2023-2024 Advisory Committee on Immunization Practices’ (ACIP) recommendations on annual influenza (flu) vaccination for everyone 6 months and older in the United States on June 27, 2023.  There were small changes to the annual recommendations around flu vaccination, including an acknowledgement of the updated flu vaccine composition for the 2023-2024 flu season and a change in the recommendations for vaccination of people with egg allergies. Dr. Walensky’s adoption of the ACIP recommendations makes them official CDC policy. * * *
    • The recommended timing of flu vaccination has not changed. September and October are the best times for most people to get vaccinated.
  • The Department of Health and Human Services announced
    • “[Its] Office of the Assistant Secretary for Health (OASH) is releasing a draft framework to support and accelerate smoking cessation, building on supports that are already in place for people who want to quit. This framework will be a roadmap to enhance collaboration and coordination across HHS—and with federal and nonfederal stakeholders—to drive further progress toward smoking cessation and to deliver equitable outcomes for all persons in America. HHS is seeking public input on the framework before it is finalized.
    • “The public comment period will be open for 30 days starting June 30, 2023, through July 30 at 11:59 PM ET. HHS is committed to transparency and providing opportunities for public participation during the development of the Framework.
    • “Anyone can comment. Each responding entity (person or organization) is requested to submit only one response via email to HHSSmokingCessationFramework2023@hhs.gov as a Word document, Portable Document Format (PDF), or in the body of an email. Please include “Request for Information: Draft HHS 2023 Framework to Support and Accelerate Smoking Cessation” in the subject line of the email message.”
  • The Society for Human Resource Management offers employers strategies for reducing record-level employee stress.
  • Roll Call reports
    • “Only one-third of individuals diagnosed with hepatitis C have been cured in the decade since cures for the disease became available, according to a study published Thursday from the Centers for Disease Control and Prevention.
    • “Hepatitis C is a viral inflammation of the liver that can be asymptomatic yet spread through blood or other bodily fluids. Without treatment, hepatitis C is a chronic condition that can lead to liver cancer, liver failure or other comorbidities. 
    • “The Food and Drug Administration approved the first highly effective direct-acting antiviral drugs to cure hepatitis C in 2013. Treatment occurs over the course of 8 to 12 weeks and has a 95 percent success rate.
    • “But almost 15,000 Americans still die from hepatitis C annually. * * *
    • “Francis Collins, the former longtime NIH director who leads the White House National Hepatitis C Elimination Program, said the data “highlights an urgency for a bold response to hepatitis C.”

From the health plan design front

  • Fierce Healthcare discusses
    • “Following the COVID-19 pandemic, the rising tide of mental health concerns—particularly among children and adolescents—has been a major focus in the industry.
    • “But it’s not a new problem. Behavioral health needs have been on the rise for some time, and that’s why in 2018 the team at Elevance Health’s Carelon established the Suicide Prevention Program, which deploys data and predictive models to identify people at risk sooner and avoid potential self-harm or suicide events. 
    • “Suicide is the second-leading cause of death for young people, and rates have increased by 56% in the last 20 years. Through the prevention program, Carelon saw a reduction of more than 20% in suicidal events among adolescents and young adults with commercial coverage.
    • I”n addition, this corresponded to a 30% decrease in per member per month behavioral health spending.”
  • The Society for Human Resource Management identifies four ways to boost employee satisfaction with high deductible plans connected with health savings accounts.

From the generative AI front,

  • Beckers Hospital Review notes,
    • “Johnson City, Tenn.-based Ballad Health is using artificial intelligence to identify potential medication errors and improve pharmacy workflows, the health system said June 29. 
    • “Ballad is using a medication safety monitoring platform from MedAware for this effort. The platform monitors drug prescriptions in real-time and compares this information against patient data from the health system’s EHR to flag potentially dangerous or fatal drug interactions. 
    • “The Ballad Health Innovation Center and Ballad Ventures, the system’s venture capital subsidiary, is funding the project with MedAware.

From the healthcare spending front —

  • Healthcare Dive relates
    • “Healthcare costs are expected to rise 7% next year as inflation drives providers to seek rate increases from insurers and pharmaceutical costs rise, according to PwC’s annual report.
    • “The consultancy, which surveyed actuaries at insurers that offer group and individual plans, said the increase outstrips its predictions for 2022 and 2023, which were 5.5% and 6% respectively.
    • “Some trends are pushing costs down, like the availability of more biosimilar drugs and a shift toward cheaper outpatient care. A number of other factors are expected to be cost neutral but key to watch, including health plans’ investment in value-based care, COVID-19 impacts, behavioral healthcare utilization, health equity initiatives, price transparency rules and Medicaid redeterminations, PwC said.
  • and
    • “Primary care physicians saw their compensation rise faster than other medical and surgical specialties in 2022, as significant E/M coding changes enacted by the CMS kicked into gear and volume stabilized coming out of the pandemic.
    • “Medical groups and healthcare organizations reported a 6.1% increase in primary care compensation in 2022 compared to 2021 in the AMGA’s most recent compensation survey published on Wednesday. That’s compared to 1.5% and 1.6% increases for medical and surgical specialties, respectively.
    • “Medical groups’ revenue increased faster than compensation gains for physicians, a trend the AMGA said could be due to groups using more revenue to address higher expenses as supply and labor costs soared.”
  • Health Payer Intelligence points out
    • “Individuals with depression, anxiety, or both who are enrolled in large employer-sponsored health plans have higher out-of-pocket spending than individuals without such diagnoses, according to an issue brief from the Peterson-KFF Health System Tracker.
    • “These findings of higher health spending among privately insured individuals receiving treatment for depression and/or anxiety come at a time of rising health costs. Health insurance is already expensive for enrollees with private insurance, and treatment for mental health conditions can further escalate these costs,” the brief noted.
    • “The researchers used large employer health plan claims from the 2021 MerativeMarketScan Commercial Database. Nine percent of adult, large employer-sponsored health plan enrollees had a depression or anxiety diagnosis or both.
    • “Members with a generalized anxiety disorder (anxiety) diagnosis, a depression diagnosis, or both spent, on average, $1,501 per year in out-of-pocket costs. This was nearly double the $863 in average annual out-of-pocket healthcare spending that individuals without one of these diagnoses spent.
    • “Moreover, total annual spending, including out-of-pocket healthcare costs, was 1.9 times higher for individuals with one of these diagnoses than those without one. Utilization was also twice as high for those diagnosed, who typically visited a provider’s office 7.4 times per year, while those without a diagnosis visited 3.2 times per year on average.

From the Food and Drug Administration (FDA) front —

  • The Wall Street Journal reports
    • “The promise of gene therapy has arrived for thousands of Americans with the most common and severe form of hemophilia.
    • “The U.S. Food and Drug Administration approved the first gene therapy for hemophilia A on Thursday, giving patients a long-awaited option for avoiding the burden of regular infusions and injections.
    • “That’s a complete game-changer for quality of life,” said Mike Reutershan, a 38-year-old medicinal chemist with hemophilia who lives in suburban Boston. “You don’t have to carry a bag of medicine around with you.” 
    • “The FDA approved the new gene therapy, called Roctavian and made by BioMarin Pharmaceutical, for adults with a severe form of the disease. Roctavian is infused just once.  
    • “Priced at $2.9 million, the drug now ranks among the most expensive in the world. But the price is in line with the cost of other new gene therapies, a groundbreaking type of treatment that replaces a missing or faulty gene.”
  • Cardiovascular Business informs us
    • “Just eight days after approving the first anti-inflammatory drug for cardiovascular disease, the U.S. Food and Drug Administration (FDA) has made another historic approval focused on cardiovascular health. 
    • “The agency announced Wednesday, June 29, that it has approved donislecel, a new pancreatic islet cellular therapy made from the pancreatic cells of deceased donors, for the treatment of type 1 diabetes among adult patients with severe hypoglycemia. Donislecel is marketed and sold by Chicago-based CellTrans under the brand name Lantidra
    • “This represents the first time the FDA has approved a cellular therapy for type 1 diabetes.”
  • Biopharma Dive calls attention to ten clinical trials to watch in the second half of this year.  

 

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front —

  • Nextgov reports,
    • “Cybersecurity experts are warning that a potential cyber leadership vacuum in the federal government may prevent agencies from recovering and responding to a sprawling ransomware attack that has already exposed millions of Americans’ personal data.
    • “A senior official with the Cybersecurity and Infrastructure Security Agency confirmed on a call with reporters last week that several federal civilian agencies were among the victims in a widespread cyberattack that exploited a vulnerability discovered in the popular MOVEit file-transfer product developed by Progress Software. The attack is believed to have been carried out by CL0p, a Russian-linked ransomware gang otherwise known as TA505. Since the news of the global attack was first reported, a variety of federal and state agencies, banks and private sector organizations also confirmed they were victims and that data may have been stolen from millions of customers.
    • “The Office of the National Cyber Director was established under the National Defense Authorization Act for fiscal year 2021 in large part to provide coordination and guidance across the federal government on cybersecurity matters, including incident response and crisis management. Chris Inglis, the first-ever Senate-confirmed national cyber director, stepped down in February after helping to develop the new national cyber strategy released earlier this year. President Joe Biden has not yet nominated a replacement to fill the post.” 
  • Cybersecurity Dive adds,
    • “The U.S. State Department is offering a $10 million bounty related to information on the Clop ransomware gang, which is attributed to broad exploits of the MOVEit transfer vulnerabilities with victims that include federal agencies.  
    • “The Department of Energy confirmed data was impacted by an attack, and reports from CNN indicate a possible attack is being investigated against the Office of Personnel Management. The U.S. Department of Agriculture is also dealing with a third-party vendor data breach.” 
  • Cyberscoop tells us,
    • “The Department of Justice established a cyber-focused section within its National Security Division to combat the full range of digital crimes, a top department official said Tuesday.
    • “The National Security Cyber Section — NatSec Cyber, for short — has been approved by Congress and will elevate cyberthreats to “equal footing” with other major national security issues, including counterterrorism and counterintelligence, Assistant Attorney General for National Security Matt Olsen said in remarks at the Hoover Institution in Washington. 
    • “The new section enables the agency to “increase the scale and speed of disruption campaigns and prosecutions of nation-state cyberthreats as well as state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security,” Olsen said. 
    • “The NatSec Cyber Center arrives at a time of growing concern about nation-state cyberattacks especially originating from Russia and China. Last week, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, warned Americans to be prepared for a major Chinese cyberattack. “This, I think, is the real threat that we need to be prepared for, and to focus on, and to build resilience against,” she said at an event in Washington.”
  • The Cybersecurity and Infrastructure Security Agency shares a “Readout from CISA’s 2023 Second Quarter Cybersecurity Advisory Committee Meeting.”
  • The National Institutes of Standards and Technology announced on June 22, 2023,
    • “U.S. Secretary of Commerce Gina Raimondo announced that the National Institute of Standards and Technology (NIST) is launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology. The Public Working Group on Generative AI will help address the opportunities and challenges associated with AI that can generate content, such as code, text, images, videos and music. The public working group will also help NIST develop key guidance to help organizations address the special risks associated with generative AI technologies. The announcement comes on the heels of a meeting President Biden convened earlier this week with leading AI experts and researchers in San Francisco, as part of the Biden-Harris administration’s commitment to seizing the opportunities and managing the risks posed by AI. * * *
    • “[Also on June 22], the National Artificial Intelligence Advisory Committee delivered its first report to the president and identified areas of focus for the committee for the next two years. The full report, including all of its recommendations, is available on the AI.gov website.
    • “Questions about the public working group or NIST’s other work relating to generative AI may be sent to: generativeAI@nist.gov

From the cybersecurity vulnerabilities and breaches front —

  • Cybersecurity Dive offers details on the MoveIT file transfer program vulnerability and resulting breaches.
    • “Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial
    • “More than 100 organizations have been hit as part of the MOVEit attack campaign, including PBI Research Services, which exposed millions of customer data files to theft.”
  • Cyberscoop informs us,
    • “Apple issued a security update on Wednesday for all its operating systems to patch dangerous vulnerabilities that could allow attackers to take over someone’s entire device. 
    • “The vulnerabilities in question first revealed on June 1, appeared to have led the main Russian intelligence agency to make unusually public claims that Apple intentionally left the flaws in its iOS so the National Security Agency and other U.S. entities could compromise “thousands” of iPhones in Russia. Apple has denied those claims.
    • “The charges from the Federal Security Service, or FSB, came the same day that researchers with cybersecurity firm Kaspersky published a report detailing what they said was an “ongoing” zero-click iMessage exploit campaign dubbed “Operation Triangulation” targeting iOS that allowed attackers to run code on phones with root privileges, among other capabilities. Kaspersky published an additional analysis Wednesday, saying that after roughly six months of collecting and analyzing the data, “we have finished analyzing the spyware implant and are ready to share the details.”
  • HHS’s healthcare sector cybersecurity coordination center (HC3) issued an analyst note on “SEO poisoning.”
    • Search engine optimization (SEO) poisoning, considered a type of malvertising (malicious advertising), is a technique used by threat actors to increase the prominence of their malicious websites, making them look more authentic to consumers. SEO poisoning tricks the human mind, which naturally assumes the top hits are the most credible, and is very effective when people fail to look closely at their search results. This can lead to credential theft, malware infections, and financial losses. As more organizations utilize search engines and healthcare continues to digitally transform, SEO poisoning is becoming a larger security threat. HC3 has observed this attack method being used recently and frequently against the U.S. Healthcare and Public Health (HPH) sector.
  • Security Week relates,
    • “The National Security Agency (NSA) has published technical mitigation guidance to help organizations harden systems against BlackLotus UEFI bootkit infections.
    • “The NSA’s recommendations provide a blueprint for defenders to protect systems from BlackLotus, a stealthy malware that emerged on underground forums in late 2022 with capabilities that include user access control (UAC) and secure boot bypass, unsigned driver loading, and prolonged persistence.”
  • This week, CISA added six and then five more known exploited vulnerabilities to its catalog.

From the ransomware front, here is the link to Bleeping Computer’s The Week in Ransomware.

From the cybersecurity defenses front —

  • Health IT Security points out,
    • Cyber resilience is crucial to business continuity amid a cyber incident, as it ensures that systems can recover quickly. As such, it is no surprise that cyber resilience would be top-of-mind for organizations undergoing a digital transformation.  
    • “In Accenture’s new “State of Cybersecurity Resilience 2023” report, researchers exemplified the benefits of cyber resilience by identifying a group of companies that it calls “cyber transformers.”
    • “Cyber transformers, according to Accenture, “strike a balance between excelling at cyber resilience and aligning with the business strategy to achieve better business outcomes.”
  • NIST announced
    • “NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series—such as the recommendation for documentation in Action 3.d of NIST IR 8259B, that manufacturers have considered and documented their “secure software development and supply chain practices used.” The NIST SSDF (NIST SP 800-218)describes software development practices that can aid manufacturers in developing IoT products by providing guidance for the secure development of software and firmware. These development practices can also provide assurance to customers regarding how those products were developed and how the manufacturer will support them. When used together, NIST’s SSDF and IoT cybersecurity guidance help manufacturers design and deliver more secure IoT products to customer.”

Happy Juneteenth

David ErmerCongress, Generative AI, Rx coverage, SCOTUS, SDOH, Telehealth, U.S. Healthcare
Photo by Derek Lamar on Unsplash

Mercer Consulting offers us this background

  • “On June 19 this year, 96 year-old Opal Lee will once again invite others to join her on a 2.5 mile Walk for Freedom in Fort Worth, Texas. Known as the “Grandmother of Juneteenth,” Opal began campaigning decades ago for a national holiday to commemorate the anniversary of the day in 1865 when news of the Emancipation Proclamation finally reached the enslaved people in Galveston, Texas. In 2016, at age 89, Opal began a symbolic walk from Fort Worth to Washington D.C. in an effort to get 100,000 people to sign a petition to create the holiday. She was transported from city to city where she would walk 2.5 miles, representing the 2.5 years it took for freedom to reach Texas. By the time she made it to Washington, she had obtained over 1.5M signatures. In June 2021, her efforts succeeded – a bill to make Juneteenth a federal holiday was passed by Congress and signed into law by President Joe Biden.  
  • “Juneteenth has long been celebrated by Black people; Opal Lee has vivid memories of celebrating Juneteenth as a child in East Texas with music, food, and games. Since the creation of the federal holiday, more employers are recognizing its importance and embracing their role in promoting Juneteenth in the workplace. In 2021, just 9% of employers had made Juneteenth a paid company holiday. That jumped to 33% in 2022 and rose again this year, to 39%.”

Mercer Consulting adds

  • “For employers, the JAMA Open Network study [on healthcare disparities] underscores the pressing need to expand provider networks to be inclusive of diverse clinicians. By improving networks, and actively working with partners to dismantle barriers and biases within healthcare, we can begin to empower employees with choice – the ability to connect with providers who better understand their unique needs, experiences, and challenges. Diverse physician networks lead to stronger doctor-patient relationships, which ultimately lead to better health outcomes for marginalized populations.”

From Washington, DC —

  • The U.S. Supreme Court handed down five opinions last week. NPR identifies the remaining cases that it is tracking. (One of them the Indian Child Welfare Act was decided last week in favor of the Indian tribes.)
  • Last week, OMB’s Office of Information and Regulatory Affairs posted its Spring 2023 federal regulatory agenda. Here is a link to the OPM agenda. OPM is planning a second Postal Service Health Benefits Program rule and a rule that would accelerate the effective date of FEHB coverage for new federal employees.

Healthcare Dive reports

  • “The group that advises Congress on Medicare policy released a new report Thursday [June 15] with recommendations on telehealth, overpayments to Medicare Advantage plans and site-neutral payments across some outpatient care settings.
  • “The Medicare Payment Advisory Commission, or MedPAC, included telehealth in the report to satisfy a mandate from Congress after virtual care surged during the COVID-19 pandemic. Telehealth coverage under Medicare was limited before the public health emergency, and it was expanded to preserve access to care.
  • “The report found fee-for-service Medicare spending for telehealth care was $4.8 billion in 2020 and $4.1 billion in 2021, more than 30 times greater than 2019. Early findings show more telehealth use was associated with little change in quality, slightly improved access to care for some beneficiaries and slightly increased costs to Medicare.”

From the MD opinion front —

  • An emergency room doctor writing in MedPage Today gives us his take on the fentanyl crisis.
  • An oncologist writing in STAT News gives us her take on the cancer drug shortage. Her article’s title says it all: “Cancer drug shortages should have patients rioting in the streets.”

From the generative AI front, Healthcare IT News tells us, “An NYU Langone Health [large language model] LLM can predict hospital readmissions. The large language model is still in testing, but the AI tool had a median accuracy score of 77.8% compared to a physician score of 62.8%. The code base is now available to all healthcare organizations [via GitHub].

From the semaglutide drug front —

  • The Wall Street Journal reports that these drugs designed for weight loss also may bring alcohol and tobacco use from an addiction to a controllable level.
  • Politico discusses manufacturer lobbying efforts to convince Congress to cover these drugs for weight loss unconnected to diabetes.
  • Bloomberg informs us
    • “Some dosages of Eli Lilly & Co.’s Mounjaro are again in shortage, the latest in a line of recurring supply issues caused by patients using the diabetes medication as a weight-loss treatment.
    • “The latest shortage will result in “intermittent backorders” for three of six doses through July, according to an update posted by the US Food and Drug Administration on its website on Friday.
    • “Lilly spokesperson Jessica Thompson said the backorders were “due to continued dynamic patient demand” and would affect the three highest doses of Mounjaro. She also said the company is investing in expanding manufacturing capacity.”

From the miscellany front –

  • CNBC reports
    • Bristol Myers Squibb on Friday sued the Biden administration over Medicare’s new powers to slash drug prices, the third such lawsuit to be filed against the program in a matter of days.
    • “The lawsuit filed in federal district court in New Jersey argues the Medicare negotiations violate the First and Fifth Amendments of the U.S. Constitution.
    • “Bristol Myers Squibb has asked the court to declare the program unconstitutional and prevent the Health and Human Services Department from forcing the company to enter negotiations.
    • “Bristol Myers Squibb’s arguments mirror those lodged last week by Merck, the first company to sue the federal government over the drug negotiations. The U.S. Chamber of Commerce has also sued HHS over the program with similar arguments.”
  • Fierce Healthcare relates
    • Simple HealthKit has inked a deal with Walmart to bring at-home diagnostic tests, including diabetes, respiratory wellness and sexual wellness labs, to the largest retailer in the world.
    • “Through the retail giant’s website, customers can purchase tests bolstered by Simple HealthKit’s end-to-end healthcare infrastructure, including testing, follow-up and treatment. The digital health company’s HbA1c test identifies key markers for Type 2 diabetes. Respiratory wellness tests include influenza A, influenza B and respiratory syncytial virus. In light of a decrease in sexual health testing during the pandemic, customers can test for three of the most common STDs at home, chlamydia, gonorrhea and trichomoniasis.”
  • Health Payer Intelligence points out
    • Employer-sponsored health plan enrollment among nonelderly Americans will grow after 2025, accompanied by higher private payer premiums, a Health Affairs study found.
    • The study used Congressional Budget Office projections to estimate future coverage trends. However, the researchers noted many uncertainties embedded in these trends, including future economic, policy, and healthcare utilization changes. * * *
    • After 2025, enhanced subsidies will end and employment will increase, driving more people to employer-sponsored coverage. Approximately 157 million individuals may have employer-sponsored coverage in 2027. By 2033 this population will grow to 159 million.
    • Private-payer premiums will also trend upward from 2023 through 2033. In 2023, the private payer premium growth rate will be 6.5 percent. Premiums will grow 5.9 percent from 2024 to 2025 and 5.7 percent from 2026 to 2027. By 2033, the average premium increase will be 4.6 percent.
  • Of course, depending on the outcome of the 2024 federal election, it is possible that the ACA subsidies could be made permanent in 2025. Time will tell.

Friday Factoids

David ErmerCMS, FDA, Federal employment benefits, Generative AI, Medicare, SDOH, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From the FDA front —

  • MedPage Today tells us
    • “Lecanemab (Leqembi) showed clinical benefit in early Alzheimer’s disease in its confirmatory trial, paving the way for traditional approval of the drug, an FDA advisory committee said Friday.
    • “In a 6-0 vote, the agency’s Peripheral and Central Nervous System Drugs Advisory Committee fully backed the evidence supporting the anti-amyloid monoclonal antibody. * * *
    • “The agency is expected to make its final decision about lecanemab by July 6.
  • KFF provides a cost perspective in anticipation of FDA approval of this drug, which action is expected to trigger CMS approval for Medicare Part B coverage.

From the FEHB front, Tammy Flanagan writing in Govexec delves into FEHB and Medicare Part B coverage.

From the litigation front —

  • The Wall Street Journal reports
    • “Pharmaceutical industry giants completed a deal to pay $19 billion to states that accused them of fueling the opioid crisis, infusing more money into communities still struggling with how to address the scourge of drug use.”
    • “Most states agreed to the deal to settle agreements with manufacturers Teva and Allergan as well as pharmacy chains CVS and Walgreens. The agreement is in addition to a $26 billion so-called global settlement with drug distributors McKessonCardinal Health and AmerisourceBergen and manufacturer Johnson & Johnson. The latest settlements close lawsuits against most of the major players and brings the total income from opioid litigation that states will have to spend to about $50 billion. 
    • “The legal fight stretches back nearly a decade, when more than 3,000 lawsuits from states, Native American tribes and counties alleged the drugmakers, pharmacies and distributors played down the risk of painkillers and didn’t stem their flow. Misuse of prescription painkillers sparked a health crisis that was supercharged as fentanyl infiltrated the illicit drug supply and now claims more than 100,000 lives in the U.S. each year. 
    • “Money from the recent settlements will begin to flow to states this year. More than $3 billion from the global settlementhas already been dispersed. The funds are distributed to states based on population adjusted to account for the burden of the opioid epidemic based on deaths and people using drugs. The agreements require most of the money to be spent on abating the opioid crisis, but the parameters are broad and officials are using different strategies to spend it.”
  • KFF has created a tracker to follow the distribution of the opioid litigation settlement funds.

From the CMS front —

  • Healthcare Dive informs us,
    • “CMS is exploring programs that would pay social or community health workers to address patients’ social needs in a bid to invest more heavily in food, housing, transportation and other social determinants of health, according to agency officials.
    • “We are looking at that. For example, in maternal health, thinking about the role of doula and community health workers,” Liz Fowler, director of the Center for Medicare and Medicaid Innovation, said on Thursday during the CMS’ inaugural health equity conference.”
  • and
    • “CMS announced a new model that aims to strengthen and improve primary care, including by ensuring small and rural organizations are able to enter into value-based care arrangements. 
    • “The Making Care Primary Model will run for more than 10 years in eight states — in Colorado, Massachusetts, Minnesota, New Jersey, New Mexico, New York, North Carolina and Washington.
    • Research shows primary care is key to improving health outcomes and lowering costs. The CMS noted Medicare and Medicaid patients are often diagnosed with multiple chronic conditions, and primary care providers are charged with prevention, screening and management. But, because many patients will see multiple specialists, coordinating care can be challenging.”
  • Fierce Healthcare relates,
    • “The Department of Health and Human Services (HHS) has released a 43-drug list of the Medicare Part B prescription treatments that must repay the program for raising prices above the rate of inflation.
    • “The second quarterly list takes effect in July and is an expansion over the 20 price-capped drugs from April through June. According to HHS, the rebates could save Medicare beneficiaries taking the treatments anywhere from $1 to $449 per average dose in out-of-pocket costs.
    • “The Medicare Prescription Drug Inflation Rebate Program is a critical way to address long-term price increases by drug companies, and [the Centers for Medicare and Medicaid Services (CMS)] is continuing our work to make prescription drugs more affordable for people with Medicare,” CMS Administrator Chiquita Brooks-LaSure said in a release.
    • “The full list of prescription drugs and biological products with adjusted coinsurance amounts for July 1 to Sept. 30 is available here (PDF).
    • “Of note, CMS said the list could be adjusted before or after July 1 based on public feedback notifying the agency of any potential discrepancies, as was the case during the program’s inaugural quarter when a highly publicized list of 27 drugs was later trimmed down to 20.”

From the U.S. healthcare business front —

  • Beckers Hospital Review reports
    • “In the first quarter of 2023, 17 healthcare companies with more than $10 million in liabilities filed for Chapter 11 bankruptcy, a sharp rise compared to seven bankruptcies in the first quarter of 2022, Bloomberg Law reported June 9.
    • “High-profile bankruptcies from Envision, Invacare Corp. and Sorrento Therapeutics contributed to the numbers. The first three months of 2023 saw a slight slump in bankruptcies but remain higher than the same period a year ago.
    • “Despite the year-over-year increase, the first quarter of 2023 still had fewer healthcare bankruptcies than the fourth quarter of 2022.
    • “Once the government money ran out, once all the stimulus dollars around healthcare ran out, there was essentially going to be this backwash,” Timothy Dragelin, a healthcare director at FTI Consulting, told Bloomberg. “The fact that labor costs increased substantially—you also had the issues with supply chain and supply chain caused some disruptions.”
  • Fierce Healthcare tells us
    • “Walgreens Boots Alliance sold its remaining stake in post-acute care and infusion services company Option Care Health for $330 million.
    • “The drugstore chain announced Thursday it sold 10.8 million shares of Option Care Health and plans to use the proceeds primarily for debt paydown, continued support of the company’s strategic priorities and to help fund its healthcare-focused business initiatives, according to a press release.
    • “The transaction is another decisive action WBA is taking to unlock value and further simplify the company’s portfolio,” the company said.
    • “Back in March, Walgreens cut its stake in Option Care Health when it sold 15.5 million shares at $30.75 per share. The transaction reduced Walgreen’s ownership in the company, formerly known as Walgreens Infusion Services, from 14% to 6%, according to a Walgreens news release. “

From the generative AI front —

  • Beckers Hospital CFO Report points out the steps the Google and Microsoft are taking to integrate generative AI in healthcare systems.
  • HR Dive discusses the impact of generative AI on employers and the workplace.