The FEHBlog realized with horror today that he had failed to provide a link to The Week in Congress’ review of last week’s actions up on Capitol Hill. Here’s the missing link.

For over a decade, the HIPAA Privacy and Security Rules have provided the regulated parties with necessary flexibility to conduct business while safeguarding data. Modern Healthcare nevertheless reports on a controversy over the appointment of privacy lawyer Deven McGraw to head HIPAA enforcement at HHS’s Office for Human Rights.  Apparently, some consider Ms. DeGraw to be too moderate.  The FEHBlog thinks that the federal government is lucky to have Ms. DeGraw.

Of course, it may be hard to appreciate the ongoing value of HIPAA when there seems to be another large data breach overtime you turn around. The OPM breach illustrates the difficulty of keeping ahead of the very bad guys.  The law simply has a hard time keeping up with technology whether it’s used for good or bad.

Defense One analyzes OPM’s efforts to enhance its data security. Today OPM took offline for repair E-QIP, its “web-based platform used to complete and submit background investigation forms.”  Also today, a large federal employee filed a class action lawsuit against OPM and a contractor Keypoint Government Solutions over the data breach.

Congress is now out of session for the upcoming Independence Day holiday.  Nextgov has provided its perspective on last week’s OPM data breach hearings. The Federal-Postal Coalition, which encompasses most federal employee and annuitant groups, has written a letter to the President about the issues created by the data breaches.

The Supreme Court ends its current term tomorrow with three argued cases left to decide according to ABC News.  As the FEHBlog and many others expected, the Supreme Court did legalize same sex marriage nationwide last Friday. This decision affects OPM’s rule allowing federal employees residing in the states that were not licensing those marriages to enroll the children of same sex domestic partners in the FEHBP. Children enrolled under this rule will lose their coverage at the end of this year unless their parents marry before then.

Fortune reports that the Supreme Court’s King v. Burwell decision reinvigorated merger and acquisition activity in the health insurance sector. The report indicates that Humana’s Board of Directors prefers Aetna’s acquisition proposal to Cigna’s.

Finally, Onclive provides an interesting report on three different health insurer approaches to control the exploding cost of oncology care.

The FEHBlog has been following the SCOTUSblog this month because as a DC lawyer it is fun to watch the Supreme Court decisions.  Yesterday, the Supreme Court issued its hotly awaited decision in King v. Burwell. The Court in a 6-3 decision written by the Chief Justice preserves the status quo with respect to subsidies in the ACA exchanges.  That’s not a bad result in and of itself and the decision does not directly impact the FEHBP. If the decision had gone the other way, the likely result would have been that Congress would preserve the status quo on subsidies at least until after the next Presidential election and in return wrangle some ACA amendments out of the Administration. It would be messy but it would be small “d” democratic in the FEHBlog’s view.

This blog, which has been around for close to 10 years now, has documented how ACA has complicated and raised costs for the FEHBP.  The key small “d” democratic flaw in the ACA is that it was enacted with no big r republican votes. If the Supreme Court had decided King v. Burwell the other way (and Justice Scalia explains in his dissent how it could have), then, the ACA could have become more palatable to both parties. But now, the ACA will remain a big issue for the 2016 Presidential election. The Supreme Court decision raised the stakes.

Today or Monday, the Supreme Court will decide the same sex marriage case. If as I expect the Supreme Court rules that the Constitution requires states to license same sex marriages, OPM will promptly and properly extend federal employee benefits coverage to same sex spouses nationwide.

Yesterday, OPM finished its gauntlet of data breach hearings on Capitol Hill There’s a good Govexec update on those hearings here.

Anthem is continuing to pursue Cigna. Forbes has an interesting report on various business factors complicating this potential merger.

OPM announced yesterday that the agency is prohibiting FEHB plans from generally excluding gender transition or sex transformation services for transgendered services beginning next year. In June 2014, OPM removed the FEHBP wide exclusion for those services, and several plans, such as Aetna and the Foreign Service Benefit Plan, began to offer coverage for those services in 2015.

Health Data Management reports on an HCCI health care price transparency initiative that merits attention.

The centerpiece of HCCI’s undertaking is a website that it launched this past February—www.Guroo.com. Underlying the user-friendly site is a statistically-driven cost calculator that provides average national and regional charges for common medical procedures that can be planned for in advance, like childbirth and knee replacements.
The procedures are grouped together as “care bundles,” which are meant to represent a typical consumer experience around a set of services such as maternity care. Currently, the site provides pricing for 78 care bundles and is working to expand the number to more than 300. Which procedures to include in care bundles was determined by mining claims data for the most commonly used CPT codes.
Along with pricing, HCCI is also working to provide standard quality measures for these care bundles based on reported outcomes and consumer surveys conducted through the Guroo.com site.

Cool.

Drug Channels mines the Fortune 500 to divine and compare the profitability of eight drug channels companies —AmerisourceBergen, Cardinal Health, CVS Health, Express Scripts, McKesson, Omnicare, Rite Aid, and Walgreens. Useful.

Happy Fathers Day all.  Congress is in session this week. There are three hearings scheduled on the OPM data breach – Senate Appropriations subcommittee with OPM oversight responsibility, Tuesday at 10 am; full House Oversight and Government Reform Committee on Wednesday at 10 am and the full Senate Homeland Security and Governmental Affairs Committee on Thursday at 9:30 am. The House committee held a hearing following by a confidential session last week. The New York Times provided more background on both sessions this morning.  Here’s a snippet from the article that caught the FEHBlog’s eye:

“This [referring to the data breach] was classic espionage, just on a scale we’ve never seen before from a traditional adversary,” one senior administration official said. “And it’s not a satisfactory answer to say, ‘We found it and stopped it,’ when we should have seen it coming years ago.”

The FEHBlog reads we in the context of this snippet to mean the U.S. government, not just OPM. This breach like the Anthem, Premera, and Sony breaches present national security issues.  The country has to pull together to stop further breaches. What steps should be taken in the meanti”me?

Note — In a June 12 post, the FEHBlog referenced a Wall Street Journal story reporting that one of the OPM breaches may been discovered in the course of a sales presentation by CyTech. OPM asserts according to Fortune that the CyTech assertion is inaccurate.

In 2009, the FEHBlog attended a NASCAR race with a friend. It was the last regular season race before the Chase, and Dale Earnhardt, Jr. needed to finish in the top five and several contenders needed to not cross the finish line in order for Junior to make the Chase. Junior’s hood was adorned with a sketch of Elvis. Who could not be pulling for Junior. Late in the race when Junior was in the top five and the drivers required to DNF were in the garage, a fan in my row screamed (and you had to scream it was so loud) that “It was happening.” Of course, less than five minutes later Junior crashed and the hopefully DNF drivers got back on the track. So you shouldn’t count your chickens before they hatch. Similarly. the Wall Street Journal reported yesterday that Anthem had made a public bid — directly to the shareholders — to acquire Cigna and that Aetna had made a proposal to the Humana board, which after all is soliciting proposals. Here is a link to a more detailed AP article from the Hartford Courant. The Wall Street Journal reported within the hour that the CIGNA Board rejected Anthem’s latest offer but held the door open for further discussions. Who knows how this will end up?, but certainly something is happening.

Finally, the FEHBlog ran across two stories about doctors doing good deeds:

• The New York Times ran a monster story this morning about how U.S. hospitals have collaborated for the good of their patients to vastly accelerate heart attack care with impressive results. 

“With no new medical discoveries, no new technologies, no payment incentives — and little public notice — hospitals in recent years have slashed the time it takes to clear a blockage in a patient’s arteries and get blood flowing again to the heart. The changes have been driven by a detailed analysis of the holdups in treating patients and a nationwide campaign led by the American College of Cardiology, a professional society for specialists in heart disease, and the American Heart Association. Hospitals across the country have adopted common-sense steps that include having paramedics transmit electrocardiogram readings directly from ambulances to emergency rooms and summoning medical teams with a single call that sets off all beepers at once.”

• The FEHBlog noted that at the ASCO conference earlier this month, a leading oncologist from Memorial Sloan Kettering hospital publicly complained about the high cost of oncology drugs. The Wall Street Journal discusses how another physician from this hospital developed a Drug Abacus tool “that compares the cost of more than 50 cancer drugs with what the prices would be if they were tied to factors such as the side effects the drugs produce, and the amount of extra life they give patients. In many cases, the website calculates a price that is lower than the drug’s market price.” Kudos all around. 

OPM has posted additional FAQs about the data breach and the Washington Post provided more background here. The Post reports this afternoon that the OPM Inspector General has raised  with Congress“’serious concerns’ about a proposed $91 million computer overhaul of OPM networks [to prevent future breaches], saying it had not followed management guidelines and relied on a no-bid contract to a single vendor.”

Yesterday, the House Appropriations Committee cleared by a 30-20 vote the Financial Services and General Government Appropriations bill that funds the FEHBP. Here’s a link to the Week in Congress which reports that the House approved several health care / benefits related bills this week.

In a spot of good news, Healthcare Informatics reports that American consumers are hungry for healthcare pricing information, and Fierce Healthpayer offers health plans a special report about the benefits and challenges of reference pricing, an approach the FEHBlog favors.

Buck Consultants offers employers and health plans a report on the latest Internal Revenue Service guidance about ACA reporting under IRC § 6055 and 6056 (IRS Forms 1095-B and 1095-C). Section 6055 reports, which health plans must submit, provides the IRS with information to support individual taxpayer claims about compliance with the ACA’s individual shared responsibility mandate. Section 6056 reports, which applicable large employers much submit,provides the IRS with information about the compliance with the ACA’s shared responsibility mandate.  These reports present a major, annual headache for health plans and employers.

The FEHBlog watched (thanks to the Internet) most of the nearly three hour long Congressional hearing on the OPM data breach.  The FEHBlog’s takeaway (as a small businessperson) was the importance of a reliable IT security expert because there are a lot of moving parts to this problem. Also be careful about what you store on the computer. If you simply need to store sensitive documents, use a filing cabinet, at least for the time being.

OPM at the hearing contended that the root of its problem is outdated computer networks. However, according to media reports, which the FEHBlog previously has noted, the hackers who “exfiltrated” data from OPM also exfiltrated data from Anthem and Premera which certainly have modern systems and like OPM heavy security.

The fallout from the hearing has not not been favorable for OPM as Federal News Radio reports.  The Washington Post reports about widespread and valid criticism of OPM’s remedial approach of sending breach notification emails to affected individuals.

Yesterday CVS announced that it had struct a virtually permanent deal with Target stores to replace Target owned pharmacies located in their stores with CVS pharmacies according to this Forbes report. “The deal will increase CVS’s presence in key cities across the west, including Denver, Seattle, Portland, and Salt Lake City.”  Filling in these geographic gaps in the CVS pharmacy chain is helpful for FEHBP carriers that use the CVS Caremark prescription benefit management service.

Finally, and it’s an earthquake alert, the Wall Street Journal is reporting this morning that United Healthcare is bidding to purchase Aetna and Anthem is bidding to purchase CIGNA.  Those are the four largest health insurers in the U.S.

UnitedHealth made a preliminary takeover approach to Aetna Inc. in the last few days, people familiar with the matter said. Given Aetna’s market value of about $42 billion, any deal for the company would likely be valued at least that high. UnitedHealth has a market value of more than $110 billion. Aetna has been eyeing Humana Inc., which is exploring a sale. 

Meanwhile, Anthem and Cigna Corp. have been in discussions about a deal for months, though Cigna has rebuffed Anthem’s advances, according to people familiar with the matter. Based on the per-share price Anthem offered, a deal would be valued at some $45 billion.

Holy moley, batman.

As the FEHBlog mentioned on Friday Congress is in session on Capitol Hill this week. The Supreme Court has three more decision Mondays and conference Thursdays scheduled for this month, the last of its current session. The New York Times is keeping track of the major decisions here.

Here’s the latest Federal News Radio report on the OPM breach. The FEHBlog did not realize until he read this article that the government has discovered two breaches at OPM. The second breach involved security clearance forms.  The greatest irony here in the FEHBlog’s view is that this astounding data loss never would have occurred if we were living without the internet. The paper records or microfiched rolls would be safely stored in a large cave in Pennsylvania.  In retrospect (and what after all is a risk assessment other than the careful application of the retrospectoscope) it appears that the security clearance forms never should have been scanned into the computer network. We simply have many more years of experience in successfully securing paper documents than we have successfully securing computer files.  The FEHBlog trusts that everyone will be cutting back on these mega-databases until we can get this hacking problem solved.

Roll Call reports that the Senators from Maryland and Virginia have sent a letter to the OPM Director about the security breach. —  “criticizing the agency for a lack of transparency surrounding the breach affecting executive branch workers and failing to properly encrypt Social Security numbers.” But as the FEHBlog has pointed out it’s not currently feasible to encrypt sensitive databases that are constantly in use as explained in this article.  The article concludes

Protecting large databases like Anthem’s is a challenge. We need better software security, and we need better structural tools to isolate the really sensitive data from average, poorly protected machines. There may even be a role for encryption, but simply encrypting the social security numbers isn’t going to do much.

Here’s a link to a Modern Healthcare blog article breaking down Medicare Part B payments to specialists. CMS recently released the 2013 Medicare Part B payment data to doctors.  Oncologists get the paid the most on average and internists and general practitioners the least. No surprise there.

Here’s a link to The Week in Congress’s account of this week’s activities on Capitol Hill. Congress is back at it next Monday.

This afternoon, the ACA regulators announced that the finalization of the revised summary of benefits and coverage rule. The SBC of course is the ACA’s approach to creating transparency in health insurance shopping and the FEHBlog actually has seen one person use the SBCs for that purpose.  It is unfortunate but not surprising that the ACA did not require doctors to provide information about, for example, the networks in which they participate,  New York State recently implemented a no healthcare surprises law which does impose this requirement on providers.

The next SBC shoe to drop is the release of revised versions of the templates which, according to the announcement, are expected next year. The new templates would be used for the 2017 plan year.

The OPM data breach is now being referred to as a cyber Pearl Harbor by FCW. Here are recent reports from the the Wall Street Journal, Washington Post, and Wired magazine which illustrate the aptness of the description,  The FEHBlog was stunned by this Wall Street Journal report referenced in the Wired article:

“[F]our people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or more.”