Tuesday Tidbits

Generative AI

Tuesday Tidbits

David ErmerCDC, Electronic health records, FDA, Generative AI, Medicare, Telehealth, U.S. Healthcare, Uncategorized
Photo by Patrick Fore on Unsplash

From Washington, DC,

  • Healio informs us,
    • “An FDA panel voted that for adults with uncontrolled hypertension, the benefits of an ultrasound renal denervation device outweigh its risks.
    • Concerns about long-term durability of effect were expressed.”
  • The Department of Health and Human Services announced
    • “award[ing] more than $1.4 billion for Project NextGen to support the development of a new generation of tools and technologies to protect against COVID-19 for years to come.
    • “The awards announced today follow extensive coordination with industry partners and include support for clinical trials that will enable the rapid development of even more effective and longer-lasting coronavirus vaccines, a new monoclonal antibody, and transformative technologies to streamline manufacturing processes.”
  • The U.S. Preventive Services Task Force reaffirmed its 2019 Grade A recommendation that “clinicians prescribe preexposure prophylaxis using effective antiretroviral therapy to persons who are at increased risk of HIV acquisition to decrease the risk of acquiring HIV.”
  • The Centers for Disease Control lets us know, based on a survey,
    • About 20% of women reported mistreatment while receiving maternity care.
    • About 30% of Black, Hispanic, and multiracial women reported mistreatment. 
    • Almost half (45%) of women held back from asking questions or sharing concerns during their maternity. * * *
    • Mistreatment was reported most often by Black, Hispanic, and multiracial moms and those with public insurance or no insurance.
  • That’s a big bowl of wrong. The CDC observes,
    • Respectful maternity care is free from harm and mistreatment, maintains privacy, confidentiality, and dignity, and allows for shared decision-making and continuous support.
  • The Department of Justice announced yesterday,
    • [“D]eferred prosecution agreements resolving criminal antitrust charges against Teva Pharmaceuticals USA, Inc. and Glenmark Pharmaceuticals Inc., USA. As part of those agreements, both companies will divest a key business line involved in the misconduct, and as an additional remedial measure, Teva will make a $50 million drug donation to humanitarian organizations. Teva will pay a $225 million criminal penalty — the largest to date for a domestic antitrust cartel — and Glenmark will pay a $30 million criminal penalty. Both companies will face prosecution if they violate the terms of the agreements, and if convicted, would likely face mandatory debarment from federal health care programs.
    • “The agreements each require the companies to undertake remedial measures, including the timely divestiture of their respective drug lines for pravastatin, a widely used cholesterol medicine that was a core part of the companies’ price-fixing conspiracy. This extraordinary remedy forces the companies to divest a business line that was central to the misconduct. Teva must also donate $50 million worth of clotrimazole and tobramycin, two additional drugs with prices affected by Teva’s criminal schemes, to humanitarian organizations that provide medication to Americans in need. Both Teva and Glenmark have agreed, among other things, to cooperate with the department in the ongoing criminal investigations and resulting prosecutions, report to the department on their compliance programs, and modify those compliance programs where necessary and appropriate.” 
  • Federal New Network reports that OPM released guidance for hybrid teleworkers who are covered under the Fair Labor Standards Act.
  • The Equal Employment Opportunity Commission released its new strategic plan for fiscal years 2022 through 2026
    • “The new Strategic Plan reflects our thoughtful assessment of the agency’s mission, goals, and objectives in light of current conditions and what we expect in the next few years,” said EEOC Chair Charlotte A Burrows. “It emphasizes expanding the EEOC’s capacity to eliminate systemic barriers to equal opportunity in the workplace, using technology and other tools to improve our services to the public, and achieving organizational excellence with a culture of accountability, inclusivity, and accessibility. I am grateful for the hard work of our staff across the agency who assisted in developing this plan and look forward to its successful implementation.”.

From the public health front,

  • The Washington Post explains
    • how to address the factors that may underlie the growing number of women under age 40 who are afflicted with breast cancer,
  • and
    • how to guard against germs in leafy green salads.

From the U.S. healthcare business front,

  • The FEHBlog was surprised to read in the Wall Street Journal that
    • “America’s nursing homes are fading away.
    • “The U.S. has at least 600 fewer nursing homes than it did six years ago, according to a Wall Street Journal analysis of federal data. More senior care is happening at home, and the Covid-19 pandemic caused many families to shun nursing homes while draining workers from an already short-staffed industry.
    • “The result? Frail elderly patients are stuck in hospitals, a dangerous place for seniors, waiting for somewhere to go—sometimes for months. Beds are disappearing while the need for senior care is growing. The American population 65 and older is expected to swell from 56 million in 2020 to 81 million by 2040.
  • MedPage Today notes.
    • “States that recently adopted less-restrictive policies surrounding the use of telepharmacy had fewer pharmacy deserts in the following year, a cohort study involving a dozen states showed.
    • “Compared with nearby states that made no changes, states that formally implemented or updated pro-telepharmacy policies had a 4.5% relative decrease (95% CI 1.6-7.4) in the percentage of regions defined as pharmacy deserts (P=0.001) and an 11.1% relative decrease (95% CI 2.4-22.6) in the proportion of people living in one of these deserts (P=0.03).
    • “And in general, telepharmacies tended to serve areas of high medical need, reported Jessica Adams, PharmD, of TelePharm in Iowa City, Iowa, and colleagues.
    • “As pharmacy closures and socioeconomic factors persist, pharmacy deserts are likely to expand unless policies are implemented to ensure continued access to pharmacy services,” the researchers wrote in JAMA Network Open
  • The Business Group on Health points out,
    • “Mental health needs among workforces continued to climb this year, with 77% of large employers reporting an increase and another 16% anticipating one in the future, according to Business Group on Health’s 2024 Large Employer Health Care Strategy Survey.
    • “This represents a 33 percentage-point surge over last year, when 44% of employers saw an increase in employee mental health concerns.
    • “The Business Group survey, released today in Washington, DC, also showed that cancer was still the top driver of large companies’ health care costs while rising prescription drug costs also proved to be a leading concern. Cancer overtook musculoskeletal conditions last year as the top driver of large companies’ healthcare costs and shows no sign of abating in the coming years.
    • “Yet as businesses respond to the increase in mental health needs, grapple with soaring health care costs and address issues of health equity and affordability, they will continue to invest strategically in diverse health and well-being offerings for the upcoming year, the survey also showed.”
  • Axios reports that “Middle-class Americans [who earn $50,000 to $100,000 annually] are the most likely to be saddled with medical debt, with nearly 1 in 4 — or roughly 17 million people — having unpaid medical bills, according to a report shared first with Axios from center-left think tank Third Way.”
  • Per Healthcare Dive,
    • “Epic and Microsoft announced on Tuesday an expanded collaboration focused on integrating generative artificial intelligence tools in the vendor’s electronic health records system. 
    • “The partners are working to “rapidly deploy dozens” of AI technologies, including clinical note summarization, medical coding suggestions and data exploration tools that aim to fill gaps in clinical evidence by using real-world data. 
    • “The expanded partnership is intended to speed the development of AI tools in healthcare, bringing the technology as “quickly as possible, responsibly and in partnership with providers,” according to a blog post by Eric Boyd, corporate vice president of AI platform at Microsoft.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive informs us,
    • “The National Institute of Standards and Technology released a long-anticipated draft version of the Cybersecurity Framework 2.0 Tuesday,  the first major update of the agency’s risk guidance since 2014. 
    • “After originally focusing risk guidance on critical infrastructure, the updated framework includes a wider array of organizations, including small- and medium-sized businesses, local schools and other entities. 
    • “The revised framework also addresses the role of corporate governance and the growing risks to digital networks via third-party relationships. * * *
    • “NIST will release a CSF 2.0 reference tool in a few weeks to help users browse, search and export data in a format that is machine-readable. It will also hold a workshop in the fall for additional public comments. 
    • “The deadline for public comments is Nov. 4, and NIST plans to publish a final version of CSF 2.0 in early 2024.”
  • Health IT Security adds,
    • As previously reported, the NIST CSF can be an asset to healthcare organizations looking to bolster their cybersecurity programs. Alongside other voluntary frameworks and HIPAA compliance actions, healthcare organizations can leverage the NIST framework to enhance privacy and security protections.
  • Politico updates us on the Federal Trade Commission’s proposed health data breach rule.
    •  In May, the Federal Trade Commission proposed a sweeping expansion of health data privacy rules, and now, the period for the public to weigh in has ended.
    • “While many comments were supportive, others were concerned that the FTC was overstepping its authority, opening itself up to litigation, and urged more clarity.” * * *
    • “The proposal would clarify that health app developers would be subject to regulations requiring them to notify customers if their identifiable data is accessed by hackers or business partners or shared for marketing without patient approval. The rule would include those offering health services and supplies — broadly defined to include fitness, sleep, diet and mental health products and services, among a laundry list of categories.”
  • The Wall Street Journal summarizes the Security and Exchange Commission’s final cyber rule:
    • The U.S. Securities and Exchange Commission has approved new regulations requiring public companies to disclose cybersecurity breaches within four business days of becoming aware of a material impact resulting from the incident.
    • The regulations dropped the requirement for companies to disclose the names of cybersecurity experts on company boards and the nature of their expertise..
    • Companies are now required to report information regarding their cybersecurity risk management, strategy and governance annually.
    • Despite the SEC not requiring cyber expertise, experts believe having cyber oversight on the board is still beneficial and a priority.

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive informs us,
    • “The mass exploit of a zero-day vulnerability in MOVEit has compromised more than 600 organizations and 40 million individuals to date, but the numbers mask a more disastrous outcome that’s still unfolding.
    • “The victim pool represents some of the most entrenched institutions in highly sensitive — and regulated — sectors, including healthcare, education, finance, insurance, government, pension funds and manufacturing.
    • “The subsequent reach and potential exposure caused by the Clop ransomware group’s spree of attacks against these organizations is vast, and the number of downstream victims is not yet fully realized. * * *
    • “The widespread attack against MOVEit and its customers was “highly creative, well-planned, organized by multiple groups and executed well since they were able to poach records at scale,” independent analyst Michael Diamond said via email.
    • “Without a doubt, they hit one of the juicy parts of the orchard from an information perspective that they’ll continue to monetize and use for attacks in the future,” Diamond said. “My impression is that this is only going to get worse over time.”
    • “Diamond isn’t alone in forecasting the worst is yet to come.”
  • The Cybersecurity and Infrastructure Security Agency added one known exploited vulnerability to its catalog on August 7 and another one on August 9.
  • The Wall Street Journal reports that “AI Is Generating Security Risks Faster Than Companies Can Keep Up: Rapid growth of generative AI-based software is challenging business technology leaders to keep potential cybersecurity issues in check.”
  • The Healthcare Sector Cybersecurity Coordination Center released a threat analysis on multifactor authentication (good) and smishing (bad).

From the ransomware front,

  • Cybersecurity Dive pointed out on August 7, 2023,
    • “A ransomware attack against Prospect Medical Holdings disrupted healthcare services across multiple states last week, prompting multiple hospital closures as response and recovery efforts are underway.
    • “Prospect Medical Holdings recently experienced a data security incident that has disrupted our operations,” the healthcare provider said Friday in a statement. The California-based company operates 16 hospitals and more than 165 clinics and outpatient facilities in California, Connecticut, Pennsylvania and Rhode Island.”

From the cybersecurity defenses front,

  • FedScoop reports
    • “The White House on Wednesday [August 9] announced a competition for cybersecurity researchers that is intended to spur the use of artificial intelligence to identify and fix software vulnerabilities.
    • “Teams that compete in the “AI Cyber Challenge,” which the Defense Advanced Research Projects Agency will lead, can win prizes worth up to $18.5 million. The agency has also allocated an additional $7 million in prize money for small businesses that participate.
    • “As part of the competition, researchers will use AI technology to fix software vulnerabilities, with a particular focus on open-source software. Leading AI companies Anthropic, Google, Microsoft and OpenAI will make their technology available for the challenge, according to the Biden administration.
    • “The White House’s announcement comes amid continued concern over rising cyber supply-chain risk across the federal government and the private sector. Last September, the Office of Management and Budget stipulated that all software providers would have to self-attest to the security of their products before deploying them on federal agency systems.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front —

  • Cybersecurity Scoop reports,
    • “The Cybersecurity and Infrastructure Security Agency [CISA] released its strategic plan for fiscal year 2024 through 2026 on Friday, following a plethora of strategies and implementation plans released over the past several months by the White House aimed at improving the nation’s overall cybersecurity preparedness. 
    • “Within CISA, this Plan will serve as a keystone for implementation, resource, and operational planning, as further executed through our Annual Operating Plans. Externally, it will help stakeholders understand and participate in our long-term cybersecurity planning and prioritization,” the document reads.
    • CISA’s strategic plan will focus on three goals: address immediate threats, harden the terrain and drive security at scale. Additionally, the strategy has nine objectives, three for each goal, outlining the agency’s scope for the next three years.
    • “The release comes shortly after the Office of the National Cyber Director released a National Cyber Workforce and Education Strategy, as well as the National Cybersecurity Strategy in March and subsequent Implementation Plan in July.”
  • and
    • “The Biden administration’s strategy for building the U.S. cybersecurity workforce calls for government, industry and civil society groups to collaborate in increasing the number of cybersecurity workers and also urges an overhaul of the U.S. immigration system. 
    • “To address a dire shortage of cybersecurity workers, Monday’s strategy document takes a broad approach in overhauling the cybersecurity workforce. “The national cyber director’s office can only really task federal departments and agencies because, realistically, we need all of society. We need them to be feel supported and heard and seen as we approach these ecosystem models,” Acting National Cyber Director Kemba Walden told CyberScoop.”

From the cybersecurity breaches and vulnerabilities front —

  • Health IT Security brings us up to date on MOVEit breaches affecting healthcare organizations.
  • Health IT Security adds, “The healthcare sector continued to face a high volume of cyberattacks in the past few months as infostealing malware rose in popularity, BlackBerry stated in its latest Global Threat Intelligence Report.”
  • Cybersecurity Dive reports
    • “Half of the 12 most-commonly exploited vulnerabilities in 2022 were discovered the previous year, cyber authorities from the Five Eyes said in a joint advisory released Thursday. One of the top 12 vulnerabilities was discovered in 2018.
    • “Flaws in Microsoft products accounted for 1 in 3 of the most-routinely exploited vulnerabilities, including three Exchange Server CVEs from 2021. Two-thirds of the most-exploited vulnerabilities were found in products from three vendors: Atlassian, Microsoft and VMware.
    • “Other vendors that made the list include Apache’s Log4j, F5 Networks, Fortinet and Zoho.
    • * * * “Delayed or inconsistent vulnerability patching remains an underlying problem. This, combined with the unmet need for vendors, designers and developers to adhere to secure-by-design and secure-by-default principles, is aggravating the risk of compromise by malicious cyber actors.
    • “The Five Eyes intelligence alliance, which includes authorities from the U.S., Australia, Canada, New Zealand and the U.K., reiterated the need for vendors to follow secure design practices throughout the software development lifecycle.”
  • Security Week tells us
    • The US government’s cybersecurity agency CISA is calling attention to under-researched attack surfaces in UEFI [Unified Extensible Firmware Interface], warning that the dominant firmware standard presents a juicy target for malicious hackers.
    • “UEFI is a critical attack surface. Attackers have a clear value proposition for targeting UEFI software,” the agency said in a call-to-action penned by CISA technical advisor Jonathan Spring and vulnerability management director Sandra Radesky. 
  • CISA’s Director Jen Easterly blogs about the importance of securing the Border Gateway Protocol, which she describes as being the most important part of the internet you have never heard of.
  • On July 31, CISA added another known exploited vulnerability to its catalog.

From the ransomware front —

  • HHS’s Health Sector Cybersecurity Coordination Center released a sector alert on August 4, 2023.
    • “Rhysida is a new ransomware-as-a-service (RaaS) group that has emerged since May 2023. The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not paid. Rhysida is still in early stages of development, as indicated by the lack of advanced features and the program name Rhysida-0.1. The ransomware also leaves PDF notes on the affected folders, instructing the victims to contact the group via their portal and pay in Bitcoin. Its victims are distributed throughout several countries across Western Europe, North and South America, and Australia. They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there have been recent attacks against the Healthcare and Public Health (HPH) sector.”
  • Bleeping Computer informs us that “Clop ransomware now uses torrents to leak data and evade takedowns” and it offers its Week in Ransomware.
    • “Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
    • “This week, BleepingComputer analyzed the Linux encryptor for Abyss Locker and illustrated how it was specifically designed to encrypt ESXi virtual machines.”

From the cybersecurity defenses front —

  • Per Forbes
    • “Traditional passwords have proven to be an increasingly problematic authentication strategy in the evolving face of cybersecurity. Biometrics, such as fingerprints, facial recognition and iris scanning, are ushering in a new era of safe authentication.
    • “Biometrics provide distinct advantages over passwords in terms of security, convenience and user experience. But why exactly are biometrics more secure, and how can businesses successfully implement this technology into their existing strategies?
    • Forbes article explains how.
  • HelpNet offers advice on building cybersecurity defenses.
  • Security Intelligence explains how artificial intelligence can reduce data breach life cycles and costs.

Midweek Update

David ErmerACA, Federal employment benefits, Generative AI, Medical / Rx research, OPM, Rx coverage, Telehealth, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington, DC —

  • MedPage Today informs us
    • “In a letter to the American public, the heads of the Drug Enforcement Administration (DEA) and FDA acknowledged ongoing stimulant drug shortages [to treat ADHD] and recounted their initiatives to improve access — while calling for efforts to diminish potential overuse and misuse of these powerful medications.”
  • and
    • “Jeanne Marrazzo, MD, will be the next director of the National Institute of Allergy and Infectious Diseases (NIAID), NIH Acting Director Lawrence Tabak, DDS, PhD, announced on Wednesday.
    • “Dr. Marrazzo brings a wealth of leadership experience from leading international clinical trials and translational research, managing a complex organizational budget that includes research funding and mentoring trainees in all stages of professional development,” Tabak said in a press release. “I look forward to welcoming Dr. Marrazzo to the NIH leadership team.”
  • FedWeek explains why the federal long-term care insurance program is the “Zeppo Marx” of federal employee benefits programs and offers information about deferred annuities available to federal employees.
    • Conundrum “If you are eligible for a deferred annuity, you may elect a survivor annuity. However, you won’t be eligible either to participate in the Federal Employees Health Benefits program or acquire Federal Employees’ Life Insurance coverage.”

From the public health front —

  • From Healthcare Dive, we have an opinion piece titled, “Strengthening primary care the key to fixing healthcare system woes. Primary care advocates Ann Greiner and Shawn Martin argue the U.S. needs to turn around decades of underinvestment in its primary care chassis.” Check it out.
  • The Wall Street Journal reports that some large employer-sponsored health plans, such as the University of Texas, are canceling coverage of GLP-1 agonistes, like Wegovy, for weight loss treatment due to the high cost of the drugs. The UT plan will continue to cover these drugs, like Ozempic, for diabetes treatment.
    • “The prescription-drug benefit plan for state government employees in Connecticut now requires members to obtain anti-obesity drugs through Intellihealth, a Connecticut-based, anti-obesity medical practice that offers telehealth and app-based care.  
    • “The state’s costs for the GLP-1 anti-obesity drugs for plan members have risen 50% since 2020, and are on track for $30 million annually by the end of this year, said Connecticut State Comptroller Sean Scanlon.
    • “To me, saying we’re not going to cover these anymore was a nonstarter, because these drugs do work. People want to take them,” he said.”
  • The University of Michigan’s employee health benefits program raised the deductible on Wegovy from $20 to $45.
    • “Denmark-based Novo Nordisk charges a list price of $1,349 for roughly a month’s supply of each Wegovy and Saxenda. A related drug, Ozempic, is approved to treat Type 2 diabetes and costs about $930 a month, but isn’t typically covered by insurance plans for weight loss in people without diabetes.” That price differential doesn’t make sense to the FEHBlog.
  • MedPage Today tells us
    • “An investigational vaccine that contains the nucleoprotein of the influenza A virus appeared promising as a universal flu shot that could protect against multiple strains, regardless of annual mutations, a phase IIa dose-finding study showed.”
  • CNN informs us
    • “Artificial intelligence found more breast cancers than doctors with years of training and experience and cut doctors’ mammogram reading workload almost in half, a new early-stage study found.
    • “This doesn’t mean your hospital will let a computer determine whether you have cancer any time soon. There’s still a lot more research to do, but the study, published Tuesday in the journal The Lancet Oncology, shows that AI is safe to use in breast cancer detection and could make doctors even more effective at finding cancer than they are now.”

From the U.S. healthcare front

  • Healthcare Dive reports
    • “CVS Health announced a company-wide restructuring initiative on Wednesday after the healthcare giant’s profit fell 37% year over year to $1.9 billion in the second quarter.
    • “As part of the restructuring, the Woonsocket, Rhode Island-based company plans to terminate certain initiatives. That should allow it to reallocate resources to growth areas like healthcare services and technology, CEO Karen Lynch said on a Wednesday call with investors.
    • “CVS lowered its 2024 adjusted earnings per share target from $9 to between $8.50 and $8.70 as a result of cost pressures — flat from its 2023 guidance range. CFO Shawn Guertin also told investors to “no longer rely” on the company’s target of $10 for 2025.”
  • and
    • “Humana beat Wall Street expectations on earnings and revenue in the second quarter, reporting a topline of $26.7 billion, up 13% year over year, and profit of $959 million, up 38% year over year.
    • “Rising medical utilization earlier in the quarter appears to have stabilized based on recent claims activity, management said. The payer on Wednesday reiterated the 2023 medical loss ratio guidance of between 86.3% and 87.3%.
    • “Humana also raised its Medicare Advantage membership growth expectations following the quarter. The Louisville, Kentucky-based health insurer now expects to add 825,000 MA members in 2023.”
  • Fierce Healthcare relates
    • “Amazon Clinic is expanding to all 50 states, including nationwide telehealth services to offer access to clinicians through its website and mobile app.
    • “The online retail giant unveiled Amazon Clinic back in November as a virtual medical clinic to provide care for 35 common health concerns like urinary tract infection, pink eye, and acid reflux. Launched as a message-based virtual consultation service, Amazon Clinic connects consumers with licensed clinicians who can diagnose, treat and prescribe medication for a range of common health and lifestyle conditions.
    • “The service was available in 34 states and has now been expanded nationwide and to Washington, D.C., along with the addition of video visits with providers on Amazon.com and the mobile app, the company announced in a blog post on Tuesday.
    • “Amazon Clinic is currently cash pay and does not yet accept insurance, the company said.” 
  • Beckers Payer Issues points out
    • “The first wave of UnitedHealthcare’s previously announced 20 percent reduction in prior authorization requirements takes effect Sept 1. 
    • “The remainder of the reductions will occur Nov. 1, according to an Aug. 1 post on UnitedHealthcare’s website. 
    • “The prior authorization code eliminations will take place on Sept. 1 and Nov. 1 for Medicare Advantage, commercial, Oxford, and individual exchange plans. Eliminations for community plans will take place Nov. 1. “
  • and
    • “UnitedHealthcare controls almost one-quarter of the Medicare Part D plan market, according to an analysis from KFF.
    • “The analysis, published July 26, compared market share in 2023 for major payers offering both Medicare Advantage plans and stand-alone Part D plans.
    • “Most payers analyzed, aside from Kaiser Permanente, offer both standalone plans and Medicare Advantage policies, according to KFF. CVS Health, Centene and Cigna have greater enrollment in standalone Part D plans than Medicare Advantage options, while UnitedHealthcare and Humana have more Medicare Advantage members.”
  • Benefits Pro reassures us
    • “When the Affordable Care Act was passed in 2010, it was assumed that many employers would drop workplace health insurance in response. However, a new study by the Employee Benefit Research Institute found that starting in 2015, both the percentage of employers offering health insurance and the percentage of workers eligible for such coverage began to increase.
    • “It should then come as no surprise that the percentage of workers and their families being covered by employment-based health insurance has been relatively steady over the long term,” the report said.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front —

  • Cyberscoop reports
    • “President Biden on Wednesday nominated Harry Coker, a long-time CIA and National Security Agency official, to serve as the next national cyber director, a choice that elevates a relatively unknown official to take on a high-profile assignment as the president’s leading cybersecurity adviser. 
    • “Coker’s nomination ends a protracted search to replace Chris Inglis, who led the Office of the National Cyber Director until February after leading efforts to draft the administration’s cybersecurity strategy. 
    • “Leading voices in Capitol Hill have urged Biden in recent weeks to nominate Inglis’s deputy, Kemba Walden, who has been serving as the acting director. Despite the support of key lawmakers, the White House passed on elevating Walden to the permanent position — reportedly out of concern that her significant financial debts might hinder her confirmation before the Senate.”
  • The Cybersecurity and Infrastructure Security Agency tells us,
    • “Now that the cross-sector CPGs have been published, CISA is working with Sector Risk Management Agencies (SRMAs) to directly engage with each critical infrastructure sector to develop Sector-Specific Goals (SSGs).  In most instances, these goals will likely consist of either new, unique additional goals with direct applicability to a given sector or, materials to assist sector constituents with effective implementation of the existing cross-sector CPGs. Sector-specific goals will be developed by:
    • “Identifying any additional cybersecurity practices not already included in the Common Baseline, needed to ensure the safe and reliable operation of critical infrastructure in that sector.  
    • “Providing examples for recommended actions specific to the infrastructure and entities in that sector; and  
    • “Mapping any existing requirements (e.g., regulations or security directives) to the Common Baseline and sector-specific objectives and/or recommended actions so stakeholders can see how their existing compliance practices fulfill certain objectives.  
    • “As there are 16 Critical Infrastructure sectors with varying needs, CISA will be tackling this effort in several phases. The first four sectors CISA is working with include the Energy, Financial Services, IT, and Chemical Sectors. In addition, CISA will be working throughout the year with the Water/Wastewater Sector, Healthcare Sector, and K-12 Subsector on identifying approaches for how organizations in those sectors/subsectors can enhance their cybersecurity posture through the implementation of the existing body of cross-sector goals.”
  • Here is a link to the website for the healthcare sector coordinating council (HSCC), whose work the FEHBlog will begin to track. Surprisingly to the FEHBlog, OPM is not an HSCC member.

From the cybersecurity breaches and vulnerabilities front —

  • Cybersecurity Dive informs us,
    • “Healthcare continues to be the most expensive industry for data breaches, beating out other sectors for the 13th year in a row, according to research conducted by the Ponemon Institute and published by IBM Security
    • “The average cost of a healthcare data breach reached nearly $11 million in 2023, an increase of 8% from last year and a 53% jump since 2020, the report found. 
    • “Although the healthcare sector faces high levels of industry regulation, expenses accrued from data breaches in the sector were almost double compared to the financial industry, which saw the second-most expensive data breaches at $5.9 million.”
  • Cybersecurity Dive adds
    • “The investigation phase of data breaches is the fastest growing and costliest category of data breach expenses, contributing to the consistent year-over-year increase in costs. Detection and escalation costs jumped almost 10% to nearly $1.6 million per incident, IBM found.
    • “The breadth and depth of incident response investigations are scaling up directly with the overall costs, along with the off tempo of the criminal,” John Dwyer, head of research at IBM Security X-Force, told Cybersecurity Dive.”
  • On a related topic, Cybersecurity Dive lets us know,
    • “Valid account credentials are at the root of most successful threat actor intrusions of critical infrastructure networks and state and local agencies, according to the Cybersecurity and Infrastructure Security Agency.
    • “Valid credential compromise combined with spear-phishing attacks accounted for nearly 90% of infiltrations last year.
    • Valid accounts, including former employee accounts, not removed from the Active Directory and default administrator credentials, were responsible for 54% of all attacks studied in the agency’s annual risk and vulnerability assessment released Wednesday.
    • Spear-phishing links — malware-laced emails sent to targeted individuals — were responsible for 1 in 3 attacks, the report found.
    • The success rate of these techniques underscores the staying power of the most common methods threat actors use to gain initial access to targeted systems.
  • Cyberscoop relates
    • “Apple on Monday issued its third security update in roughly a month to remedy vulnerabilities exploited in Operation Triangulation, a spyware campaign that researchers say specifically targeted iMessage users in Russia. 
    • “The Russian arm of cybersecurity firm Kaspersky on June 1 revealed the details of a zero-click iOS exploit. The company’s researchers said they discovered it while monitoring the company’s own corporate Wi-Fi network dedicated to mobile devices. The findings were released the same day Russia’s Federal Security Service, or FSB, said it had uncovered an American espionage operation targeting Apple devices in Russia in cooperation with Apple. 
    • “Apple told CyberScoop at the time that it had “never worked with any government to insert a backdoor into any Apple product and never will.”
  • Per Cyberscoop,
    • “Executives, researchers and engineers at big tech companies and startups alike working on artificial intelligence face a growing threat from criminal and nation-state hackers looking to pilfer intellectual property or data that underlies powerful chatbots, the FBI warned on Friday.
    • “The growing risk coincides with the increasing availability of AI tools and services to the general public in the form of products such as OpenAI’s ChatGPT, or Google’s Bard, for instance, as well as the increasing ease and ability for many companies to develop AI language models.
    • “The warning comes two days after FBI Director Christopher Wray and Bryan Vorndran, the agency’s assistant director, cyber division, warned about the distinct AI-related threats from China, which political leaders in the U.S. and Europe have long warned wants to dominate all aspects of AI research and implementation.”
  • Per Security Week,
    • “New guidance from the Australian Cyber Security Centre (ACSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) warns developers, vendors, and organizations of access control vulnerabilities in web applications.
    • “Described as insecure direct object reference (IDOR) issues, they allow threat actors to read or tamper with sensitive data via application programming interface (API) requests that include the identifier of a valid user.
    • “These requests are successful because the authentication or authorization of the user submitting the request is not properly validated, the three agencies explain.”
  • CISA added an additional known exploited vulnerability to its catalog on July 25, July 26, and July 27, 2023.
  • Yesterday CISA “published three malware analysis reports on malware variants associated with the exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero-day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence.”
  • Also, yesterday, CMS shared its MOVEIt breach notice to Medicare beneficiaries.

From the ransomware front —

  • HelpNet Security points out that “In the Q2 2023, GuidePoint Research and Intelligence Team (GRIT) tracked 1,177 total publicly posted ransomware victims claimed by 41 different threat groups.”
  • Here is a link to yesterday’s The Week in Ransomware from Bleeping Computer.
    • “With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims.
    • “This was seen by both the Clop and BlackCat/ALPHV ransomware gangs, who began utilizing new tactics as part of their extortion schemes.
    • “Clop has begun to create clear websites to leak data stolen during the MOVEit Transfer attacks, similar to a tactic introduced by ALPHV in 2022.”

From the cybersecurity defenses front —

  • TechRepublic shares cybersecurity defense ideas included in the Ponemon/IBM report.
  • Forbes offers a cybersecurity expert’s view on adopting a new paradigm in cybersecurity stemming from this conundrum:
    • Today, companies that house secure data and information are encountering an accessibility dilemma: On the one hand, they face an increased need for security and privacy of data, particularly as cyber threats become self-generating and more sophisticated. On the other hand, the value in securing assets lies in being able to utilize them, share them, and transact them effectively and efficiently with intended stakeholders so as to improve customer service and attain competitive differentiators. Companies struggle to balance these needs with the imperative to secure these data, particularly in accordance with certain industry standards or digital privacy regulations

Midweek update

David ErmerCongress, COVID-19, Federal employment benefits, Generative AI, NIH, OPM, Rx coverage, Telehealth, U.S. Healthcare
Mount Rushmore

From Washington, DC —

  • STAT News reports
    • “Senators on the Finance Committee on Wednesday nearly unanimously passed a bill to clamp down on drug middlemen but kicked the can down the road on some of the more challenging policies.
    • “The bill would offer some more transparency into the business practices of pharmacy benefit managers, ensure PBMs aren’t skimming off of the money they send to insurers, prohibit them from overcharging insurers, and ensure certain fees in the Medicare program aren’t tied to a drug’s price.”
  • From the Senate Finance Committee, “click here for more information on the legislation, including a description of the Chairman’s Mark and a section-by-section summary.”
  • The House Ways and Means Committee relates,
    • “Congresswoman Nicole Malliotakis, a member of the House Committee on Ways and Means, today announced her legislation, the Protecting Patients from Middlemen Act, passed out of the full committee and will be included in the committee’s Health Care Price Transparency Act of 2023.
    • “Specifically, Malliotakis’ legislation, which was introduced in partnership with Rep. Brad Wenstrup (OH-02), would prohibit prescription drug plans and Pharmacy Benefit Managers (PBMs) in Medicare Part D or Medicare Advantage from charging patients more in drug cost-sharing that the net price of the drug.”
  • AHA News tells us,
    • “The House Ways and Means Committee July 26 voted 25-16 to pass the Health Care Price Transparency Act (H.R. 4822), legislation that would impose additional site-neutral payment cuts and regulatory burdens on off-campus hospital outpatient departments, impose additional Medicare sequester cuts on hospitals, and codify and make changes to hospital price transparency regulations. * * *
    • “In other action today, the committee voted 23-17 to pass the Providers and Payers COMPETE Act (H.R. 3284), AHA-opposed legislation that would impose new regulatory responsibilities on the Department of Health and Human Services regarding consolidation.”
  • Federal News Network informs us,
    • “Federal retirees, and employees looking to retire, have some new resources to help them through the often long and thorny retirement process.
    • “A new series of video tutorials from the Office of Personnel Management lays out, step by step, a couple of key items on the federal retirement to-do list.
    • “With the three new videos, OPM said it hopes to reduce the number of errors from federal retirees when trying to log in to manage their online retirement accounts. And in theory, the videos should also help reduce wait times at retirement services call centers, OPM said, now that more detailed information is readily available to feds who get caught up in some of the early steps of the process.”
  • Forbes reports
    • “The FDA has approved Octapharma’s drug Balfaxar, which is used by patients who require surgery but have seen a reduction in blood clotting factors due to being treated with the blood thinner warfarin.” 

From the public health front —

  • Employee Benefits News offers expert views on the current state of Covid.
  • The National Institutes of Health announced
    • “Researchers have found that people with obstructive sleep apnea have an increased cardiovascular risk due to reduced blood oxygen levels, largely explained by interrupted breathing. Obstructive sleep apnea has long been associated with an increased risk of cardiovascular issues, including heart attack, stroke, and death, but the findings from this study, partially supported by the National Institutes of Health and published in the American Journal of Respiratory and Critical Care Medicine, show the mechanism mostly responsible for the link.
    • “These findings will help better characterize high-risk versions of obstructive sleep apnea,” said Ali Azarbarzin, Ph.D., a study author and director of the Sleep Apnea Health Outcomes Research Group at Brigham and Women’s Hospital and Harvard Medical School, Boston. “We think that including a higher-risk version of obstructive sleep apnea in a randomized clinical trial would hopefully show that treating sleep apnea could help prevent future cardiovascular outcomes.”
  • Medscape considers where exercise boosts cognition.
  • Fierce Healthcare lets us know,
    • “One in three counties in the U.S. is considered a maternal healthcare desert.
    • “Since that statistic was dropped back in October 2022 by March of Dimes, care in corners of the country has only continued to dry up. In response to the crisis, providers are using every seed in their seed bag and looking to “multimodal” technology strategies to predict health emergencies before they happen.
    • “Those multimodal approaches combine telehealth, remote patient monitoring (RPM) and text messages to identify high-risk patients. High blood pressure monitoring and hypertension screening are currently recommended for pregnant patients by the U.S. Preventive Services Task Force, as heart disease and stroke are two of the leading causes of maternal mortality.
    • “Lucienne Ide, M.D., is the CEO of the digital health company Rimidi. She sees the country teetering on an inflection point.
      • “We’re at this fork in the road of looking at what we could do with technology, identifying high-risk women and getting them into the programs where we’re proactively and earlier identifying something dangerous and doing something about it,” Ide told Fierce Healthcare.
      • “But the alternate narrative is really, really bad, and it’s going to get worse. It’s not like, ‘Here we are today, and we could do better.’ No, here we are today, and it’s going to get worse, but we can actually do better,” she said.

From the U.S. healthcare business front —

  • Per Fierce Healthcare,
    • “As hospitals acquire ambulatory care centers, consumers are more likely to be forced to pay outpatient facility fees for routine care traditionally covered by physician offices at lower costs.
    • “These new costs, appearing seemingly out of nowhere to the average consumer through out-of-pocket spending and premium increases, can add up to hundreds or thousands of dollars in additional expenses for a patient, according to a report from Georgetown University’s Center on Health Insurance Reforms.
    • “Outpatient facility fees cover a hospital’s operational expenses. But when hospitals acquire physician practices, that usually generates another outpatient facility bill, eventually passing on the cost to the patient. Consumers are often unaware that they are now responsible for an extra cost.”
  • Healio reports that the growth of telehealth in cancer care continued after the initial surge during the COVID-19 pandemic.
  • Per Healthcare Dive, the path toward reducing physician burnout is widening.
    • “Amazon has become the latest tech giant to announce a clinical documentation service that allows providers to automatically create medical notes using generative AI.
    • “The Amazon Web Services tool announced Wednesday, called HealthScribe, allows providers to build clinical applications that use speech recognition and generative AI to create transcripts of patient visits, identify key details and create summaries that can be entered into an electronic health record.
    • “HealthScribe is being previewed for two specialties: general medicine and orthopedics. An Amazon spokesperson said AWS could expand to additional specialties based on client feedback. HealthScribe costs users a set amount per second of audio processed each month.”

Weekend update

David ErmerCongress, Employee Wellness Programs, Generative AI, Mental health care, U.S. Healthcare
Photo by Michele Orallo on Unsplash

From Washington, DC —

From the mental health coverage front —

  • Fierce Healthcare tells us,
    • “The United Health Foundation, the company’s philanthropic arm, each year releases America’s Health Rankings, which dive into major healthcare trends across the country. The latest analysis of that data examines how different populations are experiencing the rising tide of mental health concerns.
    • “For example, adults with disabilities were 3.5 times more likely to report frequent mental distress and 3.5 times more likely to have had a major depressive episode in the last year.
    • “This data is highlighting the need to take a closer look,” said Yusra Benhalim, M.D., senior national medical director at Optum Behavioral Health Solutions, in an interview. “I think we need to kind of lean in a little bit more and understand what the experience is like for individuals with disabilities.”
  • Health Affairs Forefront considers whether the private sector lead in addressing this mental health equity crisis. The FEHBlog thinks it can.

From the generative AI front —

  • The Wall Street Journal reports,
    • “Hundreds of doctors across the U.S. have entrusted recordings of their private talks with patients to a startup promising to turn the conversations into usable medical records through artificial intelligence.
    • “The technology makes multiple errors while producing the reports, such as failing to use correct medical terminology and adding medicines a patient isn’t taking, according to current and former workers.
    • “To fix those errors, health-tech startup DeepScribe relies on 200 human contractors to listen to the medical conversations and revise the records, the company’s founders said. The workers also use Google searches to find billing codes.”
  • This reminds the FEHBlog of a situation that occurred nearly thirty years ago. A client decided to use then new scanning technology to feed paper claims into its claims system for auto-processing. The client wound up needing at least a hundred people to correct errors in the scans. Over time the technology improved, and human assistance dropped off to reasonable levels. The FEHBlog is certain that, in due time, generative AI will be able to create these reports without human assistance.

From the U.S. healthcare business front, NPR warns providers have begun to bill patients and their health plans for responding to messages posted on the provider’s patient portal. Before long, generative AI will be able to reply on the doctor’s behalf.

From the wellness front, Fortune Well shares expert advice on four habits that aging folks need to adopt, besides exercise, to stay fit.

Check out last Monday’s Econtalk episode in which Russ Roberts interviews Lydia Dugdale about her book, the Lost Art of Dying.

Friday Factoids

David ErmerGenerative AI, HIPAA Privacy and Security Rules, HSA, OPM, Patient safety, U.S. Healthcare
Photo by Sincerely Media on Unsplash

From Washington, DC,

  • Govexec tells us, “The Office of Personnel Management on Friday proposed new regulations aimed at granting federal agencies greater flexibility in selecting new federal employees during the hiring process.” The public comment deadline is September 19, 2023.
  • Federal News Network offers a table of federal government return-to-office policies.
  • The Society for Human Resource Management informs us,
    • “The U.S. Citizenship and Immigration Services (USCIS) announced Friday a new Form I-9—which has been streamlined and shortened—that employers should use beginning Aug. 1, 2023.
    • “Employers may continue to use the older Form I-9 (Rev. 10/21/19)  through Oct. 31., 2023. After that date, they will be subject to penalties if they use the older form. The new version will not be available for downloading until Aug. 1.  
    • “Additionally, the U.S. Department of Homeland Security (DHS) issued a final rule that allows the agency to create a framework under which employers could implement alternative document examination procedures, such as remote document examination. The new form subsequently has a checkbox to indicate when an employee’s Form I-9 documentation was examined using a DHS-authorized alternative procedure.
    • “At this time, the final rule only allows employers using E-Verify to use alternative verification methods.”
  • Healthcare Dive notes
    • “The Federal Trade Commission and the HHS’ Office for Civil Rights are warning hospitals and telehealth companies about embedding online tracking technologies on their websites or apps, saying the trackers risk exposing consumers’ personal health data to third parties. 
    • “The trackers, like the Meta Pixel or Google Analytics, collect identifiable information about users and could reveal information about health conditions, diagnoses, treatments, frequency of visits and more, the agencies wrote in a letter to about 130 health systems and telehealth providers.
    • “The warning marks the latest move from regulators regarding the healthcare industry’s use of tracking technologies, which monitor user behavior on websites. Sharing consumers’ health data with third parties, like advertisers, has been a recent target of FTC oversight.”

Following up on the tornado that struck a Pfizer factory in Rocky Mount, NC, STAT News reports

  • “Pfizer says a tornado that ripped through a key manufacturing plant in North Carolina does not appear to have caused “any major damage” to areas that produce medicines.
  • “The company reported most damage from the storm occurred at a warehouse that stores raw materials, packaging supplies, and finished medicines awaiting release by quality assurance personnel. As a result, it remains unclear about the extent to which destruction at the facility — which produces nearly 8% of all sterile injectables used in U.S. hospitals — will exacerbate a growing shortage of prescription drugs across the country.”

The Food and Drug Administration also issued a report on the incident.

From the medical malpractice front, STAT News points out

  • “A new study published this week in BMJ, * * * estimates that “371,000 people die every year following a misdiagnosis, and 424,000 are permanently disabled — a total of 800,000 people suffering “serious harm,” said David Newman-Toker, the lead author of the paper and a professor of neurology at Johns Hopkins School of Medicine and director of its Center for Diagnostic Excellence. Settling on an exact number is hard because many cases of misdiagnosis go undetected, he said. It could be fewer than his study identified or more — between half a million and a million — though in any event, it would be the most common cause of death or disability due to medical malpractice. 
  • “He likens the issue of misdiagnosis to an iceberg, saying cases leading to death and disability are but a small fraction of the problem. “We focused here on the serious harms, but the number of diagnostic errors that happen out there in the U.S. each year is probably somewhere on the order of magnitude of 50 to 100 million,” he said. “If you actually look, you see it’s happening all the time.” 
  • “But misdiagnoses typically don’t lead to severe consequences because, most times, people aren’t visiting the doctor with a serious condition. “The risk level just walking through the door in the doctor’s office that something horrible is going to happen to you because of a diagnostic error is actually quite low,” said Newman-Toker.”

In related news “[The American Hospital Association] AHA today released its quarterly Health Care Plan Accountability Update, featuring the latest news on AHA efforts to hold commercial health insurers accountable for policies that can delay care for patients, burden health care providers and add unnecessary costs to the health care system. READ MORE.”

From the factoid front —

  • HealthEquity suggests three ways to drive health savings account plan adoption.
  • Beckers Payer Issues points out how seven payers are using artificial intelligence.
  • MedTech Dive reports, “Intuitive Surgical posted strong robotic volume growth in the second quarter and raised its full-year procedure outlook but said patient interest in new weight-loss drugs is curbing demand for bariatric surgeries.”

Tuesday Tidbits

David ErmerACA, Generative AI, Rx coverage, Telehealth, U.S. Healthcare
Photo by Patrick Fore on Unsplash

From the public health front,

  • Health Affairs reports
    • “National health expenditures are projected to grow 5.4 percent, on average, over the course of 2022–31 and to account for roughly 20 percent of the economy by the end of that period. The insured share of the population is anticipated to exceed 92 percent through 2023, in part as a result of record-high Medicaid enrollment, and then decline toward 90 percent as coverage requirements related to the COVID-19 public health emergency expire. The prescription drug provisions of the Inflation Reduction Act of 2022 are anticipated to lower out-of-pocket spending for Medicare Part D enrollees beginning in 2024 and to result in savings to Medicare beginning in 2031.”
  • The U.S. Preventive Health Services Task Force gave an inconclusive grade to screening for lipid disorders in children and adolescents 20 years or younger.
  • The Wall Street Journal offers ways to protect yourself and your family against the ill effects of forever chemicals that may be in your tap water or else in your homes.

From the regulatory front,

  • The Food and Drug Administration “publishedsafety communication to warn consumers not to use ultrasound medical devices manufactured and distributed by RoyalVibe Health, CellQuicken, and Well-Being Reality. The devices have not been reviewed by the FDA. The safety and effectiveness of these devices have not been established to diagnose, treat, or cure medical conditions.”
  • HMFA informs us
    • “Hospital price transparency regulations are undergoing changes heading into their fourth year as CMS seeks to step up enforcement while making compliance more straightforward.
    • “As part of the 2024 proposed rule for hospital outpatient payments, CMS is adding to the requirement for hospitals to maintain a machine-readable file of their charges for services. In addition, enforcement actions against hospitals would be publicized even before assessment of civil monetary penalties.
    • “CMS said the impetus for the proposed technical requirements is feedback from “interested parties” that the files would be more beneficial if they were more standardized.
    • “In particular, IT specialists have indicated that the current flexibilities and lack of encoding specifications hinder the machine-readability of the data in the files, presenting a barrier to the intended use of the data,” CMS wrote. “Additionally, hospitals have asked us for more specificity on how they should publicly display their standard charge information, with an emphasis on how they should explain and display their payer-specific negotiated charges.”
    • “The agency also said enforcement would be easier if the files were more consistent.”

From the U.S. healthcare business front,

  • Fierce Healthcare lets us know,
    • “In the past 10 years, there has been a dramatic shift in physician practice ownership as less than half of doctors now work in private practices, according to a new analysis.
    • “Between 2012 and 2022, the share of physicians working in private practices fell by 13 percentage points from 60.1% to 46.7%.
    • “In contrast, the share of physicians working in hospitals as direct employees or contractors increased from 5.6% to 9.6% in the same 10-year time period, and the share of physicians working in practices at least partially owned by a hospital or health system increased from 23.4% to 31.3%, according to a benchmark analysis the American Medical Association. * * *
    • “In 2022, 4.5% of physicians worked in a practice owned by a private equity group, similar to the percentage in 2020 when the AMA first added private equity to the analysis.
    • “According to the analysis, there also has been a redistribution of physicians from small to large practices. The share of physicians in small practices (10 or fewer physicians) shrank from 61.4 % to 51.8% between 2012 and 2022. Conversely, the share of physicians in large practices (50 physicians or more) grew from 12.2% to 18.3% in the same 10-year time period.
    • “The shares of physicians in mid-sized practices (those with 11 to 24 and 25 to 49 physicians) remained relatively stable over the last decade.”
  • BioPharma Dive informs us,
    • “Biotechnology startup creator Flagship Pioneering is teaming up with Pfizer to develop 10 new drug candidates, with each company pledging to invest $50 million in the new effort.
    • “Together, Flagship and Pfizer will take stock of the technologies available to the former firm and its affiliated startups, hunting for opportunities to develop medicines aligned with Pfizer’s research priorities. Per deal terms announced Tuesday, Pfizer will fund the development of selected medicines, each of which it can choose to acquire later.
    • “The collaboration involves Flagship’s “Pioneering Medicines” initiative, which has struck similarly structured deals in the recent past with Novo Nordisk and the Cystic Fibrosis Foundation.”
  • Healthcare Dive relates,
    • “Teladoc Health is expanding its partnership with Microsoft, announcing plans to add artificial intelligence tools for clinical documentation to its telehealth platform for hospitals and health systems.
    • “The companies will work to integrate Microsoft Azure’s OpenAI Service and Cognitive Services and Microsoft-owned Nuance’s Dragon Ambient eXperience into its Solo platform, allowing physicians to automatically transcribe clinical notes during virtual patient exams.
    • “Teladoc’s medical group also plans to use DAX Express, a version of the medical scribe that uses the large language model GPT-4 and doesn’t require human authentication, the New York-based telehealth vendor said. Financial terms of the deal were not disclosed.”

From the Rx coverage front, the Drug Channel blog delves into the biosimilars’ challenge to Humira. The article illustrates the relatively new distinction between low-list drug prices and high-list drug prices. Low list prices do not include a manufacturer rebate. The FEHBlog understands that the distinction is driven by the Inflation Reduction Act.

Monday Roundup

David ErmerACA, COVID-19, FDA, Generative AI, Rx coverage, Telehealth, U.S. Healthcare
Photo by Sven Read on Unsplash

From the public health front —

  • The Wall Street Journal reports
    • “Parents have a new tool to protect their newborns from a common but potentially deadly respiratory virus that sends tens of thousands of babies to the hospital each year.
    • “The Food and Drug Administration on Monday approved the first drug to protect all infants against respiratory syncytial virus. RSV is the leading cause of hospitalization of infants in the U.S., killing as many as 300 children under the age of 5 each year.  
    • “The FDA said it approved the drug Beyfortus from Sanofi and AstraZeneca based on studies that found it safely prevented the lower respiratory tract infections caused by the virus. * * *
    • “While Beyfortus isn’t a vaccine, it has a similar objective. The injection gives infants antibodies to neutralize the virus before their immune systems are mature enough to generate them on their own.  * * *
    • “Sanofi plans to make Beyfortus available in time for this year’s RSV season. Before the drug can become widely available, CDC advisers will need to recommend the drug’s use.”  
  • The FEHBlog’s favorite columnist on Covid, the New York Times David Leonhardt, let us know, “The United States has reached a milestone in the long struggle against Covid: The total number of Americans dying each day — from any cause — is no longer historically abnormal.” Consequently, the pandemic era is over.
  • In other Covid news, Medscape tells us,
    • “An air monitor made by researchers at Washington University in St. Louis can detect COVID-19 virus in a room with an infected person within 5 minutes. 
    • “The project was a collaboration among researchers from the university’s engineering and medical schools. Nature Communications published the results of their work in the journal’s Monday edition. * * *
    • “The team tested their device both in laboratory experiments where they released aerosolized SARS-CoV-2 into a room-sized chamber, as well as in the apartments of two people who were COVID-positive.
    • “There is nothing at the moment that tells us how safe a room is,” Washington University neurology professor John Cirrito, Ph.D., in a statement. “If you are in a room with 100 people, you don’t want to find out 5 days later whether you could be sick or not. The idea with this device is that you can know essentially in real-time, or every 5 minutes if there is a live virus in the air.”
    • “Their goal is to develop a commercially available air quality monitor, the researchers said.” 
  • Cigna discusses how to help women to stay on track with screenings for common cancers.
  • KFF explains why different BMI standards apply to older folks. For example,
    • “Epidemiologic research suggests that the ideal body mass index (BMI) might be higher for older adults than younger adults. (BMI is a measure of a person’s weight, in kilograms or pounds, divided by the square of their height, in meters or feet.)
    • “One large, well-regarded study found that older adults at either end of the BMI spectrum — those with low BMIs (under 22) and those with high BMIs (over 33) — were at greater risk of dying earlier than those with BMIs in the middle range (22 to 32.9).
    • “Older adults with the lowest risk of earlier deaths had BMIs of 27 to 27.9. According to World Health Organization standards, this falls in the “overweight” range (25 to 29.9) and above the “healthy weight” BMI range (18.5 to 24.9). Also, many older adults whom the study found to be at the highest mortality risk — those with BMIs under 22 — would be classified as having “healthy weight” by the WHO.
    • “The study’s conclusion: “The WHO healthy weight range may not be suitable for older adults.” Instead, being overweight may be beneficial for older adults, while being notably thin can be problematic, contributing to the potential for frailty.”
  • According to STAT News,
    • “At the turn of the century, nearly 18 million women in the United States were battling hot flashes, night sweats, and other symptoms of menopause with hormones. But in 2002, the therapy went into a free-fall when a landmark trial suggested treating menopause with estrogen and progesterone increased the risk of breast cancer and cardiovascular disease. The study was shut down early — and a year later, prescriptions had plummeted to nearly half what they had been in 2001.
    • “More than two decades later, menopause experts have come to think about the results of the trial very differently. Newer research points to more benefits than risks for many healthy women under 60 treating menopause symptoms with hormone therapy. But many women who are good fits still aren’t getting treatment. “The pendulum has been slowly — too slowly — swinging back,” said OB-GYN Mike Green, chief medical officer of menopause telehealth company Winona
    • “Winona is part of a new generation of virtual-first health care companies aiming to give that pendulum a push. In the last five years, more than a dozen telehealth companies have started up to serve women in and approaching menopause, including with hormone therapy. 
    • “Women fall through the cracks,” said internist Lisa Larkin, president-elect of The Menopause Society and founder of concierge women’s health network Ms. Medicine. “That’s why the telemedicine business is booming.” 

From the Alzheimer’s Disease front,

  • Medscape tells us,
    • “Eastern and southeastern areas of the US have the highest rates of Alzheimer’s disease (AD), new research shows.
    • “Investigators at Rush University in Chicago, Illinois, found AD prevalence was highest in Maryland, New York, Mississippi, and Florida. At the county level, Miami-Dade in Florida, Baltimore in Maryland, and the Bronx in New York were among the US counties with the highest prevalence of the disease.
    • “Such geographical variations may be due to the unique make-up of regional populations, study investigator Kumar Rajan, PhD, professor of Medicine and director of Rush Institute for Healthy Aging, Rush University Medical Center, in Chicago, told Medscape Medical News.”
  • STAT News relates,
    • Medicare on Monday proposed ending restrictions on how many PET scans patients can receive to detect amyloid plaques in their brains, which will offer physicians more options as they treat patients with a new drug to slow the progression of dementia.
    • The agency that oversees Medicare had previously restricted coverage to a single scan for patients who participated in clinical studies. Advocates had warned that it could cause issues related to a new class of Alzheimer’s drugs designed to clear those plaques.
  • BioPharma Dive calls our attention to
    • “A closely watched experimental drug for Alzheimer’s disease slowed the decline patients typically experience by about half a year in a key clinical trial, according to new results released Monday.
    • “The drug, called donanemab, is being developed by Eli Lilly and works in a similar way as two other medicines recently approved in the U.S. to treat Alzheimer’s. These therapies are designed to break up clusters of “amyloid beta,” a mutated protein that forms toxic brain plaques and has long been viewed as a root cause of the disease. * * *
    • “Along with its presentation, Lilly disclosed it had completed its approval application to the FDA and expects a verdict by the end of the year. The results were also published in the medical journal JAMA.”
  • Reuters adds,
    • “Alzheimer’s disease experts are revamping the way doctors diagnose patients with the progressive brain disorder – the most common type of dementia – by devising a seven-point rating scale based on cognitive and biological changes in the patient.
    • “The proposed guidelines, unveiled by experts on Sunday in a report issued at an Alzheimer’s Association conference in Amsterdam, embrace a numerical staging system assessing disease progression similar to the one used in cancer diagnoses. They also eliminate the use of terms like mild, moderate and severe.”

From the generative AI front, Fierce Healthcare explains how Blue Cross licensee HCSC is using AI to speed up prior authorization.

From the U.S. healthcare business front,

  • The American Hospital Association informs us,
    • “The Federal Trade Commission July 14 voted 3-0 to withdraw two antitrust policy statements related to enforcement in health care markets, calling the 1996 and 2021 statements outdated. The Department of Justice withdrew the same statements in February.  
    • “AHA is deeply disappointed that the FTC made the same mistake as the DOJ in withdrawing antitrust guidelines for hospitals and other health care providers,” said AHA General Counsel & Secretary Melinda Hatton. “Over the years, AHA has urged both federal antitrust agencies to modernize the guidelines to accommodate the need for more flexibility in enforcement actions to support hospitals’ ability to navigate a changing healthcare landscape. And AHA was instrumental in securing appropriate ACO guidance that allowed hospitals to fully participate in that important program. Withdrawing all the guidance without consultation with the field is both unnecessary and reckless.”
  • According to STAT News,
    • “Sanofi will license a new CRISPR enzyme from the startup Scribe Therapeutics in a bid to be the first to develop a safer, simpler, and more scalable cure for sickle cell disease.
    • “The French drugmaker will pay Scribe $40 million upfront and promise another $1.2 billion in potential milestones to license a DNA-cutting enzyme called CasX for use in a potential single-infusion treatment for the serious blood disorder — what’s known as in vivo therapy. CasX was discovered in CRISPR pioneer Jennifer Doudna’s lab, which subsequently spun out Scribe. * * *
    • “The company will have competition on tackling sickle cell in new ways. In 2021, Novartis started collaborating with the Gates Foundation to develop an in vivo therapy. The base editing company Beam Therapeutics has presented data on an approach that still requires cells to be edited outside the body but is much less toxic. And Sana Biotechnology has a program that hopes to target stem cells with virus-like particles. None of the companies, however, have yet begun clinical trials. 

In employment news,

  • HR Dive reports,
    • “The Occupational Safety and Health Administration published Friday its final electronic recordkeeping rule requiring employers with 100 or more employees in certain industries to submit information from the agency’s Forms 300 and 301 once per year.
    • “OSHA’s rule also updates its system for determining which industries are subject to the information submission requirement. In a departure from the proposed rule, OSHA has retained the requirement for employers with 250 or more employees to electronically submit information from Form 300A once per year. Additionally, employers with 20 to 249 employees in certain designated industries will continue to be required to electronically submit information from Form 300A once per year.
    • “Per the rule, the agency will post data gathered via these submissions on a public website, with identifying information — such as employees’ names and contact information — removed. The final rule is effective Jan. 1, 2024.”