Following up on the Anthem security breach, the Wall Street Journal reports that the confidential data stolen from Anthem’s had not been encrypted. Businesses have reduced the impact of lost and stolen laptop computers by encrypting them. However, server held data usually has not been encrypted. The article explains that

Scrambling the data, which included addresses and phone numbers, could have made it less valuable to hackers or harder to access in bulk. It also would have made it harder for Anthem employees to track health care trends or share data with states and health providers, that person [familiar with the matter] said.

That practice is bound to change. In an interview with Adam Meyer, chief security strategist of threat intelligence consultancy SurfWatch Labs, the Journal further reported

Based on what Anthem has shared publicly about the attack, what do you think happened?

An engineer discovered the incursion when he saw a database query being run using his credentials, which suggests the attackers probed the company’s Web server or other Web services for weaknesses, or gained access through spear phishing, in which they induced employees to click on an emailed link. Upon breaching the system, they likely hunted for administrators’ accounts, giving them access to sensitive information, such as names and Social Security numbers, which are typically hosted in the company’s enterprise resource planning application. From there, they likely queried the database behind the ERP app and began to siphon data to a cloud storage provider. Using trusted accounts to transfer data to trusted storage enabled them to remain undetected. 

The FEHBlog attended an Online Trust Alliance town hall meeting yesterday. He heard Twitter’s postmaster explain that Twitter routine send fake phishing emails to its staff. Any staff member who clicks on the message is “publicly shamed,” whatever that means.  He also head Federal Trade Commissioner Julie Brill speak. She discussed the FTC’s recent staff report called the Internet of Things which concerns the explosion of interconnected devices. Here’s a link.  

Although Anthem had cyber-liability insurance, the Financial Times reports that this massive breach will shake up the market for this insurance. A Lloyd’s representative is recommending that the government bear the risk similar to terrorism insurance.

In a spot of good news, Reuters reports that CMS has agreed to cover low dose CT scans as a means of lung cancer screening for to “Medicare beneficiaries aged 55-77 who are current smokers or who quit within the last 15 years, and who racked up at least 30 “pack years.” The latter is possible if they smoked one pack a day for 30 years, for instance, two packs a day for 15 or three packs a day for a decade.” FEHB plans which have loads of Medicare prime members became obligated to cover this service in-network with no enrollee cost sharing at the beginning of 2015. Under the U.S Preventive Services Task Force’s guidelines applicable to FEHBP plans and other group health plans:

The USPSTF recommends annual screening for lung cancer with low-dose computed tomography in adults ages 55 to 80 years who have a 30 pack-year smoking history and currently smoke or have quit within the past 15 years. Screening should be discontinued once a person has not smoked for 15 years or develops a health problem that substantially limits life expectancy or the ability or willingness to have curative lung surgery.

Absent this CMS action, FEHB plans would have been on the hook for the cost of all of these tests.

Finally, here’s an interesting tidbit from Seeking Alpha about the CVS pharmacy chain which quit selling tobacco products last year:

The Wall Street Journal is reporting tonight that Anthem, a major health insurer, was struck by an enormous hacking attack.  Anthem certainly appears to be handling the matter appropriately.  Anthem detected the attack, immediately hired an investigator, reported the crime to the FBI, and less than a week after the detection, publicized the attack today.

Following up on a few items that the FEHBlog has been following —

• Here is a link to a Federal News Radio report explaining how the President’s FY 2016 budget affects each department and major agency in the government.   The Washington Post reports on six ways that the budget could impact federal employees.  Finally, the Post reports that 

Regarding the Federal Employees Health Benefits Program, the budget repeats previous proposals to make domestic partners eligible, expand the types of plans available, centralize the purchasing of pharmaceuticals as a cost-saver, and allow plans to charge more to enrollees who do not participate in certain wellness programs deemed appropriate for them. Those proposals would require the approval of Congress.

In the FEHBlog’s view, centralizing the purchasing of pharmaceuticals is an odd proposal that is inconsistent with the Affordable Care Act’s push for better integrated care which is the FEHBP status quo. 

• Speaking of prescription drug costs, Bloomberg reports that “The average discount for [Gilead’s very expensive Hepatitis C drugs] “took investors by surprise and is higher than consensus of 25 to 30 percent or so,” said Michael Yee, a San Francisco-based analyst at RBC Capital Markets, in an e-mail.  Competition is good. 

The Super Bowl is less than three hours away. The FEHBlog does not care for either team, but as an American and an NFL fan he feels duty bound to watch the game.

Congress will be in session again this week. Last week, the Senate Homeland Security and Government Oversight Committee, which is responsible for OPM and the FEHBP, announced its subcommittee chairs for the new Congress.  Sen. James Lankford (R Okla) will chair the Subcommittee on Regulatory Affairs and Federal Management.  Here is a link to This Week in Congress’s latest update.

Tomorrow, the President will release his FY 2015 budget proposal. Here is a link to the Hill’s report on five things to watch for in the budget. Ed Lorenzen, a senior advisor to the Committee for a Responsible Federal Budget, “”pointed out that the president’s budget serves a useful purpose for appropriators in Congress each year because it contains line-by-line details of agencies’ needs.” That;s why the FEHBlog will be taking a look at the budget documents.

Forbes reports that the budget will include additional funding for personalized medicine, which is good news. The Republicans in Congress are expected to be receptive to this Administration initiative. Personalized or precision medicine builds on the human genome project.

The Wall Street Journal reports that many hospitals and doctors, who are sick of voluminous, detailed quality measures, want to move to global measures that look at patient health outcomes. But there are other views too.

On Friday, the National Quality Forum, a nonprofit advisory group, submitted recommendations on 199 performance measures for Health and Human Services to consider in 20 federal programs. Christine Cassel, the group’s president and chief executive, said many of the proposals seek to better align measures among various programs and replace narrow process-oriented metrics with “measures that matter.” For example, one recommendation would replace individual metrics on the percentage of diabetes patients who get foot exams, eye exams and blood-glucose checks with a composite measure of diabetes control.
But some doctors question whether the measures that exist can adequately measure quality. And there is little agreement on what measures matter most or are more likely to produce good value. “In many areas of patient care, we do not yet have high-quality outcome measures with enough specificity to drive improvement,” American Medical Association Executive Director James L. Madara wrote in a letter to the quality forum earlier this month.
Some doctors complain that whether patients get better is often out of their control; that outcomes measures take more work, not less; and that being held accountable for outcomes could prompt doctors to avoid treating the sickest patients.

This problem is even more acute for insurers that are judged by the health care quality measures but generally are much more removed than doctors from the healthcare decision making. In any event, the flip side of the coin illustrated in this article from today’s New York Times, is how to assess whether, and steer patients away from, doctors are engaged in ordering unnecessary tests care.

Following up on Wednesday’s posts, the Military Compensation and Retirement Modernization Commission released its final report yesterday afternoon. That report (around p. 104) proposes that TRICARE be replaced with a program similar to the FEHBP and administered by OPM.  However, in contrast to FEHB plans, this new program would be integrated with military treatment facilities.Congress, of course, would have to approve this recommendation by enacting a new law. So you can stand down from Red Alert.

Also All Clear ID has posted the slides from its National Data Privacy Day webinar here. The FEHBlog found them helpful.

Also this week, the GAO released a report concluding that “spending for an episode of care in the private sector varied across metropolitan statistical areas (MSA) for coronary stent placement, laparoscopic appendectomy, and total hip replacement, even after GAO adjusted for geographic differences in the cost of doing business and differences in enrollee demographics and health status.” The report pins the differential on the inpatient hospital bills.

The Food and Drug Administration approved a generic proton pump inhibitor drug that can be substituted for the purple pill / blockbuster drug Nexium to treat GERD / heartburn. This should save health plans a ton of money once the six month generic exclusivity period expires for the first approved generic manufacturer which is an American subsidiary of Teva.

Gallup and Healthways released a discouraging report on obesity rates in the U.S. The obesity rate (Body Mass Index of 30 or more) is up 2 percentage points since 2008 to 27.7%.

Finally, earlier today, the Office of National Coordinator of Health IT (“ONC”) released a draft report of a 10 year plan to achieve full inoperability of electronic medical records according to this iHealthBeat report. The federal government missed a golden opportunity by failing to include interoperability standards in the meaningful use requirements for government subsidized electronic medical records five years ago. ONC outlined the following actions to be achieved by 2017.

Establishing a coordinated governance framework and process for nationwide interoperability based on stakeholder consensus;
Improving technical standards and implementation guidance for sharing data;
Enhancing incentives for achieving interoperability and data sharing goals that are based on a common clinical data set; and
Clarifying privacy and security requirements needed to guarantee secure transmission, access and use of sensitive patient data  

The draft is open for public comment until April 3, 2015.

For over two decades the FEHBlog has been reading about the need to move health insurance from fee for service to quality based payments.  Modern Healthcare today has a helpful article about the progress being made on this front by insurers, employers, and the Centers for Medicare and Medicaid Services. Although progress is being made, making this change is easier said than done because providers understandably don’t have a lot of appetite for taking on risk.

January 28 is National Data Privacy Day in the U.S., Canada, and Europe.  The FEHBlog celebrated by listening to a webinar on the cost of data breaches presented by AllClear ID.  The panelists noted that there has been a sharp drop in the number of laptop thefts causing data breaches as businesses across the board have been switching to encrypted laptops. The top causes now are hackers and staff mistakes (either by the business itself or one of its subcontractors / business associates). The panelists suggested conducting data breach response drills and of course purchasing cyber liability insurance. The FEHBlog will provide a link to the webinar slides when they become available.

The Military Times is reporting that a Congressionally created Military Compensation and Retirement Modernization Commission will submit its recommendations tomorrow. One of the recommendations is to permit TRICARE enrollees (military family members and military retirees) to join the FEHBP. That’s a potentially big change that is worth following.

Congress is in session again this coming week. Here is a link to the actions taken on the Hill last week.

The OPM’s Inspector General’s latest semiannual report to Congress (period ended September 30, 2014) and the agency’s response can be found at this link.

The weekend issue of the Wall Street Journal featured a lengthy interview with CVS Health’s chief executive officer. Mr. Merlo notes that American have most of their health provider contact with local pharmacists.  Health plans should take more advantage of these connections as Mr. Merlo suggests. He also notes that CVS now has 906 MinuteClinics in their retail pharmacies.

A recent internal study of CVS workers who used its walk-in clinics suggested their overall health costs are 8% lower than those with the same age and health status who don’t. A shelf of academic research shows the quality of care at such clinics is the same or sometimes better than the emergency room.

a Mr. Merlo also notes that silver tsunami of 10,000 Baby Boomers  becoming eligible for Medicare every day.

Finally, the Wall Street Journal reports on an amazing new Duke University study.

The scientists involved say that they have created the first lab-grown human skeletal muscles that contract in response to electrical and other stimuli. In other words, the tissue works like regular muscles—but in a dish. Skeletal muscles, such as the biceps, are the ones most of us think of when we use the word “muscle.”

Eventually, doctors could take cells from a patient, create functioning muscles in the lab and test various drugs to determine which one—and how much of it—would work best for that individual. The research might also help scientists to reduce their reliance on animal testing

Federal News Radio reports that for the second fiscal year in a row the Office of Management and Budget has concluded that no additional sequestration-required budget cuts will occur in FY 2015 which ends on September 30, 2015.  “‘OMB estimates that discretionary appropriations are at the defense cap, while non-Defense appropriations are nearly $3.7 billion below the budget authorizations set in the [Budget Control Act],’ OMB wrote in the report.”  The President’s FY 2016 budget is expected to proposed to bust these caps by 7%.

The FEHBlog has analogized the relationship between health care providers and  health plans to the feuding Hatfields and McCoys.  Modern Healthcare reports that “value based case” likely will not end these “financial spats.”

Experts largely agree that value-based contracting will not be a panacea for healthcare payment spats, and these types of disagreements will persist in a value-based reimbursement setting. What will change will be the sticking points between insurers and providers—issues such as per-member per-month fees and performance measures, for example.

Shocker!

Following up on a couple of items that have interested the FEHBlog —

• The Des Moines Register reports that the State of Iowa will be liquidating the ACA created consumer owned health care cooperative serving Iowa and Nebraska known as CoOppotunity Health.  
• The ProPublica and the New York Times report that CMS’s Open Payments website is error riddled.  

“Amid much anticipation and after a lengthy delay, the government in September unveiled its Open Payments database, saying it would bring transparency to relationships between physicians and the drug and medical device industries. But this openness has been clouded by numerous errors that detract from its usefulness.”

The government and industry expect that the errors will get cleaned up over time. ProPublica discovered the errors in the course of preparing its own database that allows consumers to find out whether their health care professionals received drug company money. Mine didn’t. 

Now that we are past the State of the Union address, the next toll gate in the legislative year is the submission of the President’s FY 2016 budget proposal.  The Hill reports that for the first time since 2010 the President will submit his budget proposal on time — the first Monday in February, which this year is February 2.  From an FEHBP perspective, we also are waiting for two important Congressional actions — resolution of the Homeland Security Department’s appropriations for the current fiscal year (the last remaining FY 2015 appropriations issue, deadline February 28) and resolution of the Medicare Part B physician reimbursement formula (deadline March 31). 

The Washington Post reports on a Blue Cross Blue Shield Association report on prices for hip and knee replacement surgeries. Presumably to no one’s surprise, the report concludes that high prices do not correlate with high quality.  Because the article uses the terms “price” and “cost” rather interchangeably, it is important to understand that price and cost are independent variables.   Prices do not necessarily reflect cost. Prices reflect what the market will bear.

In a similar vein, the Wall Street Journal’s Pharmalot blog reports on a National Bureau of Economic Research study about the high cost of cancer treatment drugs.  The report attributes the high cost of these drugs to several factors, including the facts that health coverage acts as a price support, doctors are used to rising prices and

the effect of the growing 340B Drug Discount program in which drug
makers must offer discounts of up to 50% on all outpatient drugs to
hospitals and clinics that serve indigent populations. Drug makers, they
speculate, may offset the growth in this program by setting higher
prices elsewhere.

“We argue that, under these conditions, manufacturers are able to set
the prices of new products at or slightly above the prices of existing
therapies, giving rise to an upward trend in launch prices,” write the
authors, one of which is Peter Bach,
a physician at Memorial Sloan Kettering Cancer Center in New York, who
has been outspoken about the rising prices for cancer treatments.

Also with respect to medical advances, the New York Times reports that  “A patient who received an artificial heart in August has recovered
sufficiently to return home, the French company that makes the device
said on Monday, signaling a milestone toward the possible
commercialization of the device.”  The patient who received the device was suffering from congestive heart failure.