Cybersecurity Saturday

Cybersecurity Saturday

From inside the Capital Beltway

Cyberscoop reports that cybermeasures are gaining momentum at federal agencies in response to the President’s May 2021 executive order and increased funding from Congress.

Security Week adds that

The White House on Wednesday released its federal zero trust strategy, requiring agencies to meet certain cybersecurity standards and objectives by the end of fiscal year 2024. * * *

When a zero trust model is implemented, no user, system, network or service operating inside or outside the security perimeter is trusted, and every access attempt is verified.

The latest memorandum from the Office of Management and Budget (OMB) requires agencies to achieve certain goals by the end of 2024. These goals focus on identity, devices, networks, applications and workloads, and data — these are the five pillars described by the zero trust model of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA).

From the Log4j vulnerability front, ZDnet warns that the threat is not over yet.

Despite the absence of immediate mass exploitation, Sophos security’s Chester Wisniewski backs the view that it will be a target for exploitation for years to come. 

Microsoft continues to rate the Log4j vulnerabilities as a “high-risk situation” for companies across the globe and reckons there is high potential for their expanded use. But for now, Wisniewski believes an immediate crisis has been swerved.   

“[T]he immediate threat of attackers mass exploiting Log4Shell was averted because the severity of the bug united the digital and security communities and galvanised people into action. This was seen back in 2000 with the Y2K bug and it seems to have made a significant difference here,” says Wisniewski. * * *

As for the duration of Log4Shell, Wisniewski reckons internet-facing applications will be found and patched or taken offline. But that still leaves a ton of internally vulnerable systems that might never be discovered, hence Log4Shell will live on for years as a favorite target for penetration testers and state-backed threat actors. 

From the cyber-agency front —

  • HC3 released an analyst note “with updated information regarding the BlackMatter ransomware-as-a-service (RaaS) program. While HC3 previously identified multiple healthcare and public health (HPH) sector or health sector- affiliated organizations impacted by this malware, the group has not claimed a victim since October 31, 2021 and appears to have shut down operations. HC3 is reducing the threat level posed by BlackMatter to BLUE or GUARDED.”
  • NIST released version 5 of NIST 800-53A.

This publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5. The procedures are customizable and can be easily tailored to provide organizations with the needed flexibility to conduct security and privacy control assessments that support organizational risk management processes and are aligned with the stated risk tolerance of the organization. Information on building effective security and privacy assessment plans is also provided with guidance on analyzing assessment results.

From the ransomware front, Cyberscoop reports that

The REvil (Sodinokibi) ransomware cooperative’s activity has not slowed down following Russia’s recent move to arrest several alleged members of the group, according to threat intelligence company ReversingLabs.

Two weeks have passed since Russia’s law enforcement agency FSB announced the takedown of the REvil group “at the request of US authorities,” but the ransomware-as-a-service (RaaS) enterprise remains as active as before.

After long being accused of allowing cybercriminals to proliferate within its borders – as long as Russian nationals or organizations are not hurt – Russia appeared set to send a different message with the arrest of 14 members of the REvil gang, even if some saw it as a political move – amidst the increasing tensions at the Ukraine border.

However, as ReversingLabs points out, the high-profile arrests of affiliates did not put a dent in REvil operations. In fact, the group is continuing operations at the very same pace as just before the arrests.

What’s more, here’s a link to the latest edition of Bleeping Computer’s the Week in Ransomware.

This week’s biggest news is about a new ransomware operation called DeadBolt encrypted QNAP [storage] devices worldwide, illustrating how threat actors can still earn a lot of money by targeting consumers and small businesses.

The attacks started on January 25th and have since encrypted over 4,300 QNAP NAS devices where they demand 0.03 bitcoins, worth approximately $1,100, for a decryption key.

The attacks started on January 25th and have since encrypted over 4,300 QNAP NAS devices where they demand 0.03 bitcoins, worth approximately $1,100, for a decryption key.

Finally from the cyberprevention front

  • Cybersecurity Dive informs us about cybersecurity tool trends to watch this year — both from the waxing and waning standpoints.
  • ISACA writes about the important role that company culture plays in maintaining reliable cybersecurity.

Monday Roundup

Photo by Sven Read on Unsplash

From the Omicron front, STAT News offers an article about forecasting the Omicron winter, and it’s cloudy.

Which immediate future plays out will be a function of a few big unknowns — some already baked into Omicron’s biology and some that can be altered based on how people behave in the coming days and weeks. Further out, the models get fuzzier still. But though they differ in the details, all of them point to SARS-CoV-2 being here to stay.

“I think we may be in for a longer road than we had hoped,” said Jeffrey Shaman, an infectious disease forecaster at Columbia University’s Mailman School of Public Health. 

In an encouraging development, the Centers for Disease Control have announced changes to their 10 day quarantine requirement for folks who contract COVID:

Given what we currently know about COVID-19 and the Omicron variant, CDC is shortening the recommended time for isolation from 10 days for people with COVID-19 to 5 days, if asymptomatic, followed by 5 days of wearing a mask when around others. The change is motivated by science demonstrating that the majority of SARS-CoV-2 transmission occurs early in the course of illness, generally in the 1-2 days prior to onset of symptoms and the 2-3 days after. Therefore, people who test positive should isolate for 5 days and, if asymptomatic at that time, they may leave isolation if they can continue to mask for 5 days to minimize the risk of infecting others.

Additionally, CDC is updating the recommended quarantine period for those exposed to COVID-19. For people who are unvaccinated or are more than six months out from their second mRNA dose (or more than 2 months after the J&J vaccine) and not yet boosted, CDC now recommends quarantine for 5 days followed by strict mask use for an additional 5 days. Alternatively, if a 5-day quarantine is not feasible, it is imperative that an exposed person wear a well-fitting mask at all times when around others for 10 days after exposure. Individuals who have received their booster shot do not need to quarantine following an exposure, but should wear a mask for 10 days after the exposure.  For all those exposed, best practice would also include a test for SARS-CoV-2 at day 5 after exposure. If symptoms occur, individuals should immediately quarantine until a negative test confirms symptoms are not attributable to COVID-19.

For a little holiday humor, Mary Norris in the New Yorker provides a linguistic look at Omicron. Of note,

Having reached omicron (ο), we are already more than halfway through the alphabet.

If this seems to be happening too fast, it’s partly because scientists have skipped some letters. They got to mu (μ), which is right in the middle, and then left out nu (ν), because it sounds confusingly like “new”; we can’t go around talking about a new Nu variant of interest. They also skipped the next letter, xi (ξ), not because it looks so exotic, sitting there between “N” and “O,” but because Xi is a Chinese surname and, one cannot help but notice, the surname of the guy who runs China.

In other healthcare news, the Department of Health and Human Services today

release[d] the annual update to the Department’s National Plan to Address Alzheimer’s Disease, which for the first time includes a new goal focused on work being done to promote healthy aging and reduce the risks that may contribute to the onset of Alzheimer’s disease and related dementias.

Although these diseases cannot yet be prevented, there is growing evidence that addressing certain risk factors for dementia, such as high blood pressure, physical inactivity, and chronic medical conditions such as diabetes and depression, may lower the chances of developing the disease or delay its onset. * * *

Under the plan’s new goal, the federal government will accelerate research on risk factors for Alzheimer’s disease and related dementias, and strengthen the infrastructure that is necessary to rapidly translate and disseminate information about risk factors, interventions to reduce the burden of risk factors, and related health promotion activities to health care providers, community-based providers, caregivers, and public health networks.

STAT News peered into its crystal ball to identify three pharma trends to watch next year:

  • Continued uncertainty over drug pricing
  • Intensifying debate over global access, and
  • Debate over FDA standards / Ahuhelm fallout

Holiday Weekend Update

The FEHBlog trusts that his readers had a Merry Christmas.

Congress is on a break until next week when the second session of the 117th Congress kicks off.

On Saturday, January 1, 2022, the surprise billing protections of the federal No Surprises Act take effect.

From the Omicron front, Bloomberg’s Prognosis informs us that

The coronavirus that causes Covid-19 can spread within days from the airways to the heart, brain and almost every organ system in the body, where it may persist for months, a study found.

In what they describe as the most comprehensive analysis to date of the SARS-CoV-2 virus’s distribution and persistence in the body and brain, scientists at the U.S. National Institutes of Health said they found the pathogen is capable of replicating in human cells well beyond the respiratory tract.

The results, released online Saturday in a manuscript under review for publication in the journal Nature, point to delayed viral clearance as a potential contributor to the persistent symptoms wracking so-called long Covid sufferers. Understanding the mechanisms by which the virus persists, along with the body’s response to any viral reservoir, promises to help improve care for those afflicted, the authors said.

An opinion piece in STAT News discusses a trend in COVID weekly new death statistics in the U.S. that the FEHBlog noticed in last Thursday’s post:

Several colleagues and I [Duane Schulthess] at Vital Transformation began closely following the data on Covid-19 early in the pandemic.

Since that time, we’ve kept a keen eye on the relationship between cases and deaths, particularly during the recent waves, which have been influenced by improved treatments and vaccines, as well as by new variants. There are legitimate concerns about the trajectory of the newest variant, Omicron, and public health experts are paying close attention to the exponentially mounting cases, particularly in the United Kingdom, which in the past has functioned as a canary in the Covid-19 coal mine for the U.S.

While early reports from South Africa suggested that Omicron might cause less-severe Covid-19, the rapidly mounting case numbers and overall transmissibility have been alarming, particularly in the U.K. According to a Dec. 10 government technical briefing(see page 17), Omicron cases were expanding by 35% per day.

But there’s something else different this time around, at least in the U.K.: the statistical relationship between Covid-19 cases and deaths appears to have broken down with Omicron.

Looking at daily death rates in the U.K. from May 15 — essentially from the point at which the Delta wave began — to Sept. 15, there is a highly statistically significant relationship between daily new cases and deaths. In short, case rates accurately predict death rates. But beginning the analysis on Sept. 15, coinciding with flattening of the Delta curve and the onset of Omicron, shows no statistical relationship between Covid-19 case rates and deaths. * * *

It’s still, of course, early days. While it is possible that death rates due to Omicron may rise later, at the moment in the U.K., Covid-19 daily cases no longer meaningfully link to deaths. So, according to the math, Omicron cases rising no longer automatically means impending doom and gloom

In healthcare M&A news, Healthcare Dive tells us that

— Tenet and its subsidiary USPI completed a $1.1 billion acquisition of SurgCenter Development, giving the ambulatory surgery unit an ownership stake in 86 more surgery centers and related support services.

— Tenet said it’s willing to buy additional interests of up to $250 million from physician owners. This process is expected to continue over the coming months, Tenet said Wednesday.

— As part of the deal, USPI will have exclusivity on developing new centers — at minimum 50 — with SCD during a five-year period.

Fierce Healthcare peers into its crystal ball to let us know about

From the FDA new drug approval front, MedCity News reports that

The FDA has approved a new cholesterol-lowering drug from Novartis that addresses the same target as two commercialized medicines from Amgen and Regeneron, but with a different approach and a key dosing advantage—just two injections per year.

The drug, inclisiran, is part of a relatively new class of genetic medicines that work by stopping production of a problem protein. In the case of the Novartis drug, which will be marketed under the name Leqvio, the target is PCSK9, a liver protein that in high amounts, impedes the body’s ability to clear low-density lipoprotein cholesterol, the “bad” form of cholesterol. Leqvio is comprised of small-interfering RNA that harnesses a cellular mechanism called RNA interference to stop a gene from producing PCSK9.

The way that Leqvio and other RNAi drugs work is sometimes referred to as gene silencing. It’s a different approach than PCSK9 inhibitors, antibody drugs that bind to this protein to block it. The FDA approved two of these drugs, Amgen’s  Repatha and Regeneron’s Praluent, in 2015. They’re both given as subcutaneous injections every two weeks or monthly. However, their high price tags made them a tough sell to payers, and revenue fell short of initial expectations. In 2018, Amgen slashed Repatha’s price by nearly 60%, making the drug available at list price of $5,850 per year. Months later, Regeneron matched the pricing move for its PCSK9-blocking drug.

The benefits of competition do apply to prescription drug development.

Last week, the U.S. Census Bureau released its “Vintage 2021 national and state population estimates and components of change.” In sum,

Since April 1, 2020 (Census Day), the nation’s population increased from 331,449,281 to 331,893,745, a gain of 444,464, or 0.13%.

Between July 1, 2020, and July 1, 2021, the nation’s growth was due to natural increase (148,043), which is the number of excess births over deaths, and net international migration (244,622). This is the first time that net international migration (the difference between the number of people moving into the country and out of the country) has exceeded natural increase for a given year.

The voting-age resident population, adults age 18 and over, grew to 258.3 million, comprising 77.8% of the population in 2021.

The South, with a population of 127,225,329, was the most populous of the four regions (encompassing 38.3% of the total national population) and was the only region that had positive net domestic migration of 657,682 (the movement of people from one area to another within the United States) between 2020 and 2021. The Northeast region, the least populous of the four regions with a population of 57,159,838 in 2021, experienced a population decrease of -365,795 residents due to natural decrease (-31,052) and negative net domestic migration (-389,638).

The West saw a gain in population (35,868) despite losing residents via negative net domestic migration (-144,941). Growth in the West was due to natural increase (143,082) and positive net international migration (38,347).

Monday Roundup

Photo by Sven Read on Unsplash

From the Omicron front, STAT News reports that

The Omicron variant now accounts for 73% of Covid-19 infections being diagnosed in the United States, and in some parts of the country 90% of infections are caused by viruses from the Omicron strain, the Centers for Disease Control and Prevention said late Monday.

Though it’s been clear from Omicron’s astonishing spread elsewhere that it would rapidly take over from Delta as the dominant variant in this country, the speed is nevertheless startling to witness.

“What we are watching unfold is microbial evolution. This is remarkable,” said Michael Osterholm, director of the University of Minnesota’s Center for Infectious Diseases Research and Policy. “But this is what these viruses can do.”

The Centers for Disease Control updated its Omicron website today.

This Wall Street Journal article indicates the obtaining an mRNA booster (Moderna or Pfizer) will provide protection against Omicron as well as Delta.

The Centers for Medicare and Medicare Services today updated their “vaccine toolkit designed for issuers of group and individual health insurance and Medicare Advantage health plans.”

From the COVID vaccine mandate litigation front, the American Hospital Association reports that

Over the weekend, and as of this writing, eight groups of challengers to the OSHA vaccine mandate filed emergency applications with the U.S. Supreme Court asking the high court to once again stay the mandate following the Sixth Circuit’s Dec. 17 decision to lift the Fifth Circuit’s previously entered stay.
Today, the Supreme Court asked the federal government for a response to the challengers’ applications by Dec. 30 by 4 p.m. If that sounds familiar, it is because Dec. 30 at 4 p.m. is also the date and time the challengers to the CMS vaccine mandate will be filing their responses to the federal government’s Supreme Court application asking the court to stay the Missouri and Louisiana preliminary injunctions enjoining the CMS mandate. Both sets of applications will be briefed at the same time and the Supreme Court will have the opportunity to rule on the fate of both the CMS and OSHA vaccine mandates at the same time, if it so chooses.

The FEHBlog can find no word about whether the government has appealed to the Supreme Court the 11th Circuit’s decision last Friday to maintain in force the stay on the federal government contractor COVID vaccine mandate. The FEHBlog will keep looking.

From the healthcare business front —

  • Fierce Healthcare informs us that “Amazon has consolidated its healthcare efforts under one central organization and tapped a former Prime executive to run the businesses. The tech giant elevated Neil Lindsay to the new role of senior vice president of health and brand within Amazon’s worldwide consumer business, an Amazon spokesperson confirmed to Fierce Healthcare.”
  • mHealth Intelligence reports that “Supermarket retailer Hy-Vee, Inc. has launched a telehealth platform that allows individuals to receive treatments and prescriptions through the mail. The new service, RedBox Rx, offers virtual health consultations through a partnership with Reliant Immune Diagnostics’ telehealth platform MDbox.”
  • Healthcare Dive tells us that

Software giant Oracle is acquiring EHR vendor Cerner for $28.3 billion, the two companies announced Monday. The deal is expected to close sometime next year.

It will be Oracle’s largest acquisition to date, with the next highest being the 2005 purchase of PeopleSoft Inc. for $10 billion. The deal further pushes Oracle into the healthcare market, where its presence is mostly in data use efficiency for payers and providers. Oracle’s areas of focus include database software and cloud systems.

Cerner will be a dedicated business unit within Oracle, according to the Monday press release. Voice-enabled user interfaces will be a key focus with a goal to “deliver zero unplanned downtime in the medical environment.”

From the too little too late front, STAT News tells us that

Biogen said Monday that it has reduced the price of its Alzheimer’s drug Aduhelm by half and is planning a series of cost-cutting measures across the company next year that aim to save $500 million.

The moves follow a disappointing commercial launch of Aduhelm, as well as anger over the drug’s high price. 

The new, lower price for Aduhelm is $28,200, or roughly half what the drug cost when it launched in June. Insurance companies balked at its original list price, averaging $56,000 a year per patient, while physicians have fervently questioned whether Biogen’s supporting evidence merited the drug’s approval by the Food and Drug Administration, let alone widespread use. * * *

Biogen is announcing the Aduhelm price cut less than one month before Medicare is expected to make an all-important decision on whether and how widely to pay for the drug. A draft ruling is expected in January, followed by a final decision in the spring.

But with Aduhelm delivering paltry revenue, Biogen is also being forced to downsize the company. On Monday, Biogen said it would implement a series of cost-cutting measures in 2022 that are expected to total approximately $500 million. Details will be announced in the first quarter. 

Monday Roundup

Photo by Sven Read on Unsplash

From the political front, Politico reports that

[Senator] Joe Manchin (D WV) remains at the negotiating table [with his party’s leadership], despite deep concerns about President Joe Biden’s climate and social spending bill [a/k/a the Build Back Better Act]. 

After speaking with Biden on Monday afternoon, Manchin said he was still “engaged” in discussions. And as he left the Capitol, the key Democratic senator made clear he wasn’t ready to commit to voting for or against a bill that is still coming together behind closed doors.

From the White House, the President issued an executive order on improving customer service performed by government agencies. Federal News Network explains that

Jason Miller, the Office of Management and Budget’s deputy director for management, said the EO also directs agencies to coordinate work on services that reflect common life experiences, including turning 65 and planning retirement, having a child or applying for a small business loan. * * *

The executive order gives senior administration officials 90 days to select a limited number of these customer life experiences to prioritize across government. It requires Miller and other members of the President’s Management Council to update [Presidential senior advisor Neera] Tanden and White House Chief of Staff Ron Klain on progress made improving these customer life experiences every six months.

The EO also gives the General Services Administration six months to develop a roadmap of shared services that agencies can use to improve customer experience.

The administration specifically names and the U.S. Web Design System, a set of templates meant to create a common look and feel for agency websites, as tools that all agencies should use to improve federal customer experience.

Here is a link to the White House’s press release on the Executive Order as found on

From the Affordable Care Act front, the Internal Revenue Services has released the final Affordable Care Act coverage reporting forms, 1095-B and 1095-C, along with the final instructions for those forms.

From the Office of Information and Regulatory Affairs’ website, we find that the federal government’s Fall 2021 regulatory agenda has been published. Here is a link to OPM’s Fall 2021 agency rule list. A chill went up the FEHBlog’s spine when he noticed that the ACA provider non-discrimination proposed rule mandated by the No Surprises Act will be published this month due to a statutory requirement. Cost curve up?

From the employer sponsored care front, Healthcare Dive reports that

— The average per-employee cost of employer-sponsored health insurance jumped 6.3% in 2021, as employees and their families resumed care delayed last year due to the pandemic, according to a new survey of employers from Mercer.

— That’s the highest annual increase since 2010. Health benefit costs outpaced growth in inflation and worker compensation through September, the employee healthcare and investment consultancy said.

— The findings raise questions of whether employers are experiencing a temporary correction to the cost trend following a minimal year-over-year increase of just 3.4% in 2020, or if they’re staring down the barrel of a new period of higher cost growth.

No doubt those questions can keep actuaries awake at night.

From the good COVID news department (yes it exists), STAT News informs us that

Paxlovid, Pfizer’s oral treatment for Covid-19, led to an 89% reduction in hospitalization and death in final data from a pivotal trial, the company said today, confirming the results of an earlier analysis.

The news should allay concerns that the efficacy of Pfizer’s pill would wane over time. Molnupiravir, a Covid-19 antiviral from Merck, appeared 50% effective in an interim trial analysis but fell to about 30% in the final tally. Both studies enrolled unvaccinated patients who were recently diagnosed with Covid-19 and had at least one risk factor for severe disease.

The next step for Pfizer is submitting the results to the FDA, which the company expects to do this month, and applying for an emergency-use authorization. The agency is yet to disclose whether it will convene a panel of expert advisers before deciding on Paxlovid.

Based on the President’s winter is coming plan, the FEHBlog’s bet is on the FDA approving the Pfizer drug without delay.

Weekend update

Lincoln Memorial in the Fall

The Senate is on a State work break this week which includes the Veterans’ Day holiday on Thursday. The House of Representatives is not holding votes this week but a handful or so of Committee hearings are scheduled for Tuesday and Wednesday.

Roll Call tells us that

Buoyed, finally, by forward movement on a larger package of President Joe Biden’s domestic priorities, the House late Friday cleared a Senate-passed bipartisan infrastructure bill that pours billions of dollars into roads, bridges, water systems, transit and broadband.

The long-awaited House vote sends the bill, which passed the Senate in August, to Biden for his signature. 

The House vote was 228-206, with 13 Republicans backing it despite GOP leadership whipping against the bill. All but six Democrats voted for the measure, despite the House not voting in tandem on the larger budget reconciliation package as progressives had demanded for months. 

Instead, Democrats were forced to accept a vote to adopt the rule that sets debate parameters on the reconciliation bill as a sign of progress on that measure. 

Under that rule, the House is expected to vote on the social spending / climate budget reconciliation bill during the week of November 15. The additional week is expected to allow the Congressional Budget Office to release its report on this massive spending bill

With respect to the infrastructure bill the Wall Street Journal explains that ‘

The $1 trillion package would invest in refurbishing aging roads, bridges and ports; easing transportation bottlenecks; replacing harmful lead pipes; expanding internet access; upgrading the nation’s power grid; and boosting infrastructure resilience amid growing concerns over climate change. The spending is to be paid for with a variety of revenue streams, including more than $200 billion in repurposed funds originally intended for coronavirus relief but left unused; about $50 billion from delaying a Trump-era rule on Medicare rebates; and $50 billion from certain states returning unused unemployment insurance supplemental funds.

From the COVID vaccine mandate front, the Wall Street Journal reports that the U.S. Court of Appeals temporarily stated the OSHA vaccination screening program rule applicable to private sector employers with 100 or more employees plus the Postal Service.

A three-judge panel on the New Orleans-based Fifth U.S. Circuit Court of Appeals granted an emergency stay prohibiting enforcement of the rules for now, saying they raise “grave statutory and constitutional issues.” The Fifth Circuit said it would quickly consider whether to issue an injunction against the vaccine and testing requirements, ordering the Biden administration to file initial legal papers by late Monday afternoon.

OSHA issued this emergency rule under a law providing that challenges to such rules should be brought in the U.S. Court of Appeals rather than the lower District Courts. That’s a quicker path to Supreme Court review.

Roll Call discusses federal government contractor concerns about legal risks arising from the unclear federal vaccine mandate. The Federal Acquisition Regulation implementing the President’s executive order is still weeks away. In the meantime, contractors have to rely on the Safer Federal Workforce Task Force’s subregulatory FAQs. The Task Force typically issues new FAQs on a weekly basis.

From the Delta variant front, the American Medical Association discusses the available evidence on the utility of COVID booster mixing and matching which the Food and Drug Administration recently authorized.

In other vaccine news, Precision Vaccines reports on a Lancet study on the high value of HPV vaccine:

The Lancet published a review of the UK’s national human papillomavirus (HPV) vaccination program and its positive impact on cervical cancer and grade 3 cervical intraepithelial neoplasia incidence.

Published on November 3, 2021, this observational study shows the use of HPV vaccines dramatically reduces cervical cancer rates by almost 90% in women in their 20s who were offered the vaccine beginning at age 12.

These researchers estimated that the HPV vaccination program prevented around 450 cervical cancers and about 17,200 cases of precancerous conditions over 11 years.

HPV vaccination was most effective when given between the ages of 11 and 13 when someone is less likely to have been exposed to HPV.

“It’s a historic moment to see the first study showing that the HPV vaccine has and will continue to protect thousands of women from developing cervical cancer,” stated Michelle Mitchell, Cancer Research UK’s chief executive, in a related press statement.

The HPV vaccine when administered to boys protects against male cancers according to the CDC’s website. “The U.S. FDA has approved different types of HPV vaccines listed on this Precision Vaccinations webpage.”

Last but not least tomorrow is the opening day for the Federal Employees Benefits Open Season for 2022. Here’s a link to today’s FedWeek report on the big day. “There will be 275 [FEHB] plan choices—down by one after a few dropouts and additions—including 18 nationwide plan choices open to all, four available only to certain groups, and the rest available regionally.” December 13 is the closing day of this Open Season.

Thursday Miscellany

From the Delta variant vaccine front, The American Hospital Association informs us that

  • The Centers for Medicare & Medicaid Services today issued an interim final rule requiring COVID-19 vaccinations for workers in most health care settings, including hospitals and health systems, that participate in the Medicare and Medicaid programs. The rule is effective Nov. 5. Under the regulation, all eligible workers must be fully vaccinated by Jan. 4, 2022.
  • Also this morning, the Occupational Safety and Health Administration (“OSHA”) issued an emergency temporary standard requiring all employees at private businesses with 100 or more workers to be vaccinated by Jan. 4 or get tested for COVID-19 weekly.

The Society for Human Resource Management (SHRM) provides us with SHRM’s Top Takeaways from the OSHA ETS:

  • Employees must be fully vaccinated by January 4, 2022, and employers must require unvaccinated employees to mask and produce a negative test on at least a weekly basis.
  • Employers are required to have a written vaccination policy.
  • The OSHA ETS does not apply to employees who do not report to a workplace where there are other individuals such as coworkers or customers are present; employees working from home; or employees who work exclusively outdoors.
  • The OSHA ETS does not require employers to provide or pay for tests.
  • Employers must pay employees for the time it takes to get vaccinated.
  • Employers must ensure all unvaccinated employees are masked.
  • Employers must report COVID-19 fatalities and hospitalizations to OSHA.
  • The OSHA ETS reaffirms that employers must provide reasonable accommodations.
  • According to the Department of Laborvaccine, testing and face-covering requirements preempt inconsistent state and local requirements.

Closer to home, the OSHA ETC does not apply to workplaces subject to EO 14042 on Requiring Coronavirus Disease 2019 Vaccination for Federal Contractors. However, Govexec points out that

“Under the [Occupational Safety and Health Act], the U.S. Postal Service is treated as a private employer,” said OSHA’s emergency temporary standard, set to officially publish in the Federal Register on Friday. “It is therefore required to comply with this [emergency temporary standard] in the same manner as any other employer covered by the act.” 

The [Labor Department] spokesperson added that there are about 500,000 postal workers and confirmed that the rule applies to all of them.

Federal New Networks adds that

The Biden administration on Thursday pushed back the deadline for federal contractors to comply with its vaccine mandate.

Contractors now have until Jan. 4, 2022, the same deadline the White House set for private sector companies with 100 employees or more to comply with vaccine and testing requirements from the Labor Department’s Occupational Safety and Health Administration. * * *

The White House said it will not apply the OHSA emergency temporary standard or the CMS rule to workplaces subject to the federal vaccine mandate for contractors, so employers won’t have to track multiple requirements.

While federal contractors now have the same Jan. 4 deadline as other private sector companies, there’s a key difference between the two policies.

Under the new OSHA standard, companies with 100 employees or more have to ensure their workers have received either one or both shots by Jan. 4 — or tests for COVID-19 at least weekly.

Under the federal vaccine mandate for contractors, employees don’t have the option to be tested weekly, at least not at this point.

Govexec reports that “The Office of Personnel Management on Wednesday reminded agencies that they must grant federal employees administrative leave to accompany their children to get the COVID-19 vaccine, following the news that more children are now able to get vaccinated.” It would be helpful if OPM gave direct guidance to FEHB carriers on the contractor vaccine mandate.

From the Delta variant front, STAT News reports that

Britain granted conditional authorization on Thursday to the first pill shown to successfully treat Covid-19 so far. It also is the first country to OK the treatment from drug maker Merck, although it wasn’t immediately clear how quickly the pill would be available.

The pill was licensed for adults 18 and older who have tested positive for Covid-19 and have at least one risk factor for developing severe disease, such as obesity or heart disease. Patients with mild-to-moderate Covid-19 would take four pills of the drug, known molnupiravir, twice a day for five days.

An antiviral pill that reduces symptoms and speeds recovery could prove groundbreaking, easing caseloads on hospitals and helping to curb outbreaks in poorer countries with fragile health systems. It would also bolster the two-pronged approach to the pandemic: treatment, by way of medication, and prevention, primarily through vaccinations.

Molnupiravir is also pending review with regulators in the U.S., the European Union, and elsewhere. The U.S. Food and Drug Administration announced last month it would convene a panel of independent experts to scrutinize the pill’s safety and effectiveness in late November.

From the preventive care front —

The Associated Press informs us that

A government advisory committee on Wednesday recommended that all U.S. adults younger than 60 be vaccinated against hepatitis B, because progress against the liver-damaging disease has stalled. 

The decision means that tens of millions of U.S. adults — mostly between the ages of 30 and 59 — would be advised to get shots. Hepatitis B vaccinations became standard for children in 1991, meaning most adults younger that 30 already are protected.

“We’re losing ground. We cannot eliminate hepatitis B in the U.S. without a new approach,” said Dr. Mark Weng of the Centers for Disease Control and Prevention.

The Advisory Committee on Immunization Practices voted unanimously to approve the recommendation Wednesday. The CDC’s director, Dr. Rochelle Walensky, must sign off on it before it becomes public policy, but it’s not clear when she will decide.

The American Cancer Society tells us about the proper use of lung screenings to detect cancer in this Lung Cancer Awareness Month.

The Robert Woods Johnson Foundation has updated its report on the state of childhood obesity in our country.

From the healthcare business front —

Fierce Healthcare reports that

Cigna wrapped up third-quarter earnings for major national payers Thursday morning, where it reported $1.6 billion in profit for the quarter.

The results surpassed Wall Street expectations, according to Zacks Investment Research. Cigna also brought in $44.3 billion in revenue in the third quarter, according to the earnings report, which also beat analysts’ projections.

Both figures were up significantly year over year, Cigna said. In the third quarter of 2020, the insurer earned $1.4 billion in profit and brought in $41 billion in revenue. * * *

Due to the results, Cigna raised its guidance and now expects $20.35 in earnings per share for 2021. The insurer expects full-year revenues of $172 billion.

Fierce Healthcare also catalogs “new [healthcare M&A] deals that were revealed, closed or called off during the month of October.

In that regard Beckers Payer Issues reports that

UnitedHealth Group and Change Healthcare entered into an amended agreement with the Justice Department not to finalize the healthcare companies’ proposed $13 billion deal until late February.

Four things to know:

1. Under the new timing arrangement, the companies agreed not to consummate their deal before Feb. 22, 2022, according to Change Healthcare’s Nov. 3 earnings report

2. The new date amends a previous timing agreement announced in August, under which, UnitedHealth and Change agreed to wait at least 120 days after certifying compliance with the Justice Department’s request for more information. Both organizations had agreed to not certify compliance with the request before Sept. 15, meaning the 120 days would have expired in January 2022.

3. The organizations announced the proposed acquisition in January. Change shareholders approved the deal despite backlash from hospital groups arguing that the proposed combination is anticompetitive. 

4. On March 24, the Justice Department issued a second information request to the organizations. In the Nov. 3 earnings report, Change Healthcare shared that it and UnitedHealth “certified substantial compliance” with the second request.

Also STAT News provides a “progress report on Big Retail’s ambitions in health care.” This point impressed the FEHBlog

[T]he physical assets of retail players stand to give them a substantial leg up in parts of the country not already saturated by startups and other rivals, including the Midwest and broad swaths of the South.

“Most people in America live close to some of these retail giants and not to a health care provider,” said Gadelrab, who visited a Walmart for the first time to get tested for Covid-19.

Even for retailers’ significantly buzzier rivals, such as hybrid care startups Carbon Healthand women’s care-focused Tia, physical locations have remained a core part of their business models amid the pandemic, pitting their offerings somewhat against the services offered by Walmart, in particular.

“For us, the physical experience has been around making preventive health something women want to engage in before something is wrong,” said Carolyn Witte, Tia’s co-founder and chief executive officer.

That physical proximity could prove especially useful, Gadelrab said, as parts of the U.S. health care system begin to shift away from a fee-for-service treatment model to one based on value-based or preventive care, since it could theoretically allow retail giants to keep more consistent tabs on patients, much in the same way popular telehealth tools check in regularly with their users. At the same time, retailers also maintain reams of data on consumer health and wellness spending, and more recently, vaccination status — information that could be used to better inform their health care offerings or reach more potential clients.

Monday Roundup

Photo by Sven Read on Unsplash

From the Delta variant front —

  • The Wall Street Journal reports “Federal officials said they would do more to get over-the-counter Covid-19 tests to consumers, after some manufacturers have struggled to meet demand after the Delta surge drove increased demand from individuals, schools and businesses.” Better late, etc. Here’s a link to the HHS press release.
  • The Journal also reports that “Moderna Inc.’s MRNA 7.05% Covid-19 vaccine was generally safe and induced the desired immune responses in children ages 6 to 11 in a clinical trial, according to the company. The Cambridge, Mass., company said Monday that it would submit the results to health regulators in the U.S., Europe and elsewhere in seeking authorization to widen the use of its shots to include this younger age group. The company announced the interim data in a press release, and results haven’t yet been published in a peer-reviewed medical journal. * * * An FDA decision on the Pfizer vaccine in children [ages 5 to 11] could come soon, following an advisory panel meeting scheduled for Tuesday. 
  • The Centers for Disease Control informs us in a newly issued study on Delta variant cases

What is already known about this topic?

The SARS-CoV-2 B.1.617.2 (Delta) variant is highly transmissible; however, whether it causes more severe disease in adults has been uncertain.

What is added by this report?

Analysis of COVID-NET data from 14 states found no significant increases in the proportion of hospitalized COVID-19 patients with severe outcomes during the Delta period. The proportion of hospitalized unvaccinated COVID-19 patients aged 18–49 years significantly increased during the Delta period.

What are the implications for public health practice?

Lower vaccination coverage in adults aged 18–49 years likely contributed to the increase in hospitalized patients during the Delta period. COVID-19 vaccination is critical for all eligible adults, including adults aged <50 years who have relatively low vaccination rates compared with older adults.

From the COVID vaccine mandate front

  • The Equal Employment Opportunity Commission released new FAQ guidance on “Vaccinations – Title VII and Religious Objections to COVID-19 Vaccine Mandates.”
  • The Senate today confirmed the President’s nominee, Douglas Parker as Assistant Secretary of Labor in charge of the Occupational Health and Safety Administration by a 50 to 41 vote. Govexec adds that “Douglas Parker, most recently chief of California’s Division of Occupational Safety and Health, [will lead] the workplace safety agency that has about 1,800 employees. Parker previously served as deputy assistant secretary for policy in the Labor Department’s Mine Safety and Health Administration under the Obama administration and was part of the Biden transition team on worker health and safety issues.” OSHA is responsible for the pending vaccination screening program rule applicable to private sector employers with 100 or more employees.

On a related note, Federal News Network tell us that

The federal workforce used just slightly more than half of the funds Congress set aside earlier this year for a special emergency leave program.

The American Rescue Plan Act, which Congress passed into law in March, created a $570 million emergency paid leave fund that allowed federal employees to take time off for a variety of pandemic-related reasons.

Employees were each eligible for 600 hours, or 15 weeks, of paid leave to quarantine, recover from a personal infection or care for a family member sick with COVID-19. They could also use the emergency paid leave to recover from adverse symptoms after receiving the COVID-19 vaccine.

The Office of Personnel Management was responsible for administering the fund on behalf of the executive branch and U.S. Postal Service. OPM formally launched the program at the end of April.

Eligible federal employees had until Sept. 30 to request emergency paid leave, per the sunset date in the American Rescue Plan, or earlier if the funds were exhausted before that date.

From the cost and frequency of healthcare front —

  • The American Hospital Association issued a report about the cost of healthcare over the past decade / the first decade of the Affordable Care Act, particularly the cost of hospital care versus health insurance premiums.
  • Fierce Healthcare reports that “Common elective surgeries are starting to recover volume lost during COVID-19 lockdown measures, according to a new study by Epic Health Research Network. No common elective surgery is back at pre-pandemic volumes, though some are nearing it, the study found.”

From the Rx coverage front —

  • Healthcare Dive informs us that “National employer group the Purchaser Business Group on Health is starting a new company to develop healthcare products for large employers, frustrated by unmet need and rising costs. The venture, called Emsana Health, launched on Monday with its first business unit, a pharmacy benefit manager called EmsanaRx. Emsana will develop products designed with and for PBGH member organizations, which include Walmart, Costco, Microsoft, Intel and Tesla, among others, but products will be available to outside companies as well, a PBGH spokesperson confirmed.”
  • Fierce Healthcare adds that “The Mark Cuban Cost Plus Drug Company PBC also launched its own PBM this week, The Wall Street Journal reported. Cuban’s company aims to sell generic drugs at a transparent, fixed rate, and to achieve this united manufacturing, distribution and pharmacy services under one roof, according to the article. Cuban, a billionaire investor, told the WSJ he agreed to back the venture after receiving a pitch via email from its now-CEO, Alex Oshmyansky M.D., Ph.D. The PBM will begin to bid for clients next year and aims to be fully up and running by 2023, Oshmyansky told WSJ. “The supply chain for distributing pharmaceuticals to patients is so cumbersome and broken,” he told the outlet. “We decided the only way to get our drugs to the people who need them is to build a parallel supply chain where we have control of all the intermediary players and ensure the same level of transparency at every level.”
  • Health Payer Intelligence reports that “Prescription digital therapeutics (PDTs) coverage remains nascent, as the adoption rate is only at 40 percent among the minority of payers who have familiarity with PDTs, according to a survey that Avalere conducted for Pear Therapeutics. A post from the Institute for Patient Access defined PDTs most succinctly. ‘Prescription digital therapeutics are software programs that physicians prescribe as a form of treatment,’ the post explained. ‘The software captures patients’ information about symptoms or progress that can then be shared or remotely accessed by their providers. The technology has been found to help patients adhere to their treatment plans.’”

From the FEHB Open Season front, OPM today released a spreadsheet identifying those FEHB plans for which the 2022 employee contribution for self and one coverage will be more than the 2022 employee contribution for self and family coverage. In all cases the total premium for self and family coverage is more the total premium for self plus one coverage. The employee contributions become upside down due to the vagaries of the government contribution formula. It was a Congressional mistake to add the self plus one tier to FEHB given the relatively small family size in FEHB plans.

Monday Roundup

Photo by Sven Read on Unsplash

From the Delta variant front, the New York Times reports that “The federal government is expected to take a significant step this week toward offering booster doses to a much wider range of Americans as advisers to the Food and Drug Administration meet on Thursday and Friday [this week] to discuss recipients of the Johnson & Johnson and Moderna coronavirus vaccines.”

The Times also informs us that

Merck said on Monday that it had submitted an application to the Food and Drug Administration to authorize what would be the first antiviral pill to treat Covid.

Clearance for the drug, molnupiravir, would be a milestone in the fight against the coronavirus, experts said, because a convenient, relatively inexpensive treatment could reach many more high-risk people sick with Covid than the cumbersome antibody treatments currently being used.

The Biden administration is preparing for an authorization that could come within weeks; the pill would likely to be allocated to states, as was the case with the vaccines. States could then distribute the pills how they wish, such as through pharmacies or doctors’ practices, senior administration officials said.

If the pill wins authorization, tens of millions of Americans will most likely be eligible to take it if they get sick with Covid — many more than the supply could cover, at least initially. The federal government has placed an advance order for enough pills for 1.7 million Americans, at a price of about $700 per patient. That is about one-third the price that the government is paying for the monoclonal antibody treatments, which are generally given via intravenous infusion.

Fingers crossed on the pill.

From the hospital transparency front, Fierce Healthcare assesses a New York Times analysis of hospital pricing. Fierce Healthcare finds that cash prices can be lower than prices paid by insurers.

America’s Health Insurance Plans published a statement saying the attempt to look at the data “spotlights a lot of numbers with little context” and “often compares apples and oranges.” 

Because of these complexities, the CMS rule does not help patients “shop for services” as intended, said Delphine O’Rourke, a healthcare attorney and partner at Goodwin Procter. “I, as a consumer, don’t know at the end of the day what I’m going to be responsible for,” she said. 

To O’Rourke, it’s not surprising that at times, a hospital’s cash price is lower for a service. Since people paying cash price are generally a small segment of patients, she explained, and tend to be uninsured or undocumented, hospitals structure cash pay anticipating that it will be “challenging to collect,” O’Rourke said. (Earlier this year, the Wall Street Journal found that many times, patients who pay with cash are actually charged the highest price across hospitals.) 

Be sure to listen to this week’s Econtalk episode during which Russ Roberts interviews Sam Quinones who wrote the FEHBlog’s favorite book of 2017, Dreamland. (While the book was published in 2015, the FEHBlog discovered it from a 2017 Econtalk episode.) This week Mr. Quinones discusses the tremendous impact of fentanyl on growing our opioid epidemic. He explains that dealers learned to lace fentanyl into non-addictive drugs like cocaine and meth thereby creating daily customers for them. Because Econtalk episodes last over an hour, you can find a transcript on the website. The FEHBlog has pre-ordered Mr. Quinones new book, the “Least of Us True Tales of America and Hope in the Time of Fentanyl and Meth,” which is available on Amazon for the Kindle at around nine dollars.

Friday Stats and More

Based on the CDC’s COVID Data Tracker here is the FEHBlog’s chart of new weekly COVID cases for 2021 using Thursday as the first day of the week.

New cases are trending down. Here is a link to weekly COVID hospitalizations and here is the FEHBlog’s chart of new weekly COVID deaths for 2021:

Here is the FEHBlog’s chart of weekly COVID vaccinations distributed and administered over the 51st week of 2020 through the 38th week of 2021 again using Thursday as the first day of the week.

As of today, 64.5% of the U.S population eligible to be vaccinated and 83.1% of the U.S. population over age 65 are fully vaccinated. Here is a link to the CDC’s interpretation of its COVID statistics which happily is released on Fridays.

Following up on the CDC advisory committee’s decision, the CDC Director Rochelle Walensky issued her final decision last night. Here’s a link to MedPage Today’s report on the Director’s decision. The FEHBlog thinks that this Wall Street Journal best sums up the Director’s action:

An FDA outside panel last week hedged by backing boosters only for those over age 65 or at “high risk.” FDA Acting Commissioner Janet Woodcock on Wednesday endorsed this recommendation, but she defined “high risk” broadly to include workers who might have higher Covid exposure. 

But experts on a CDC advisory panel on Thursday disagreed with her decision. Some said young, healthy people were at low risk for severe illness, so boosters weren’t necessary. Others worried that recommending boosters broadly would send the message that vaccines didn’t work. But the CDC’s job is to make decisions based on public health costs and benefits, and our guess is that tens of millions who are vaccinated will want booster shots as breakthrough cases increase. 

Dr. Walensky overruled the CDC advisers and affirmed Dr. Woodcock’s recommendation, which is broad enough that most people who want a booster should be able to get one. The government will leave individuals to assess their own benefits and risks.

Finally the Safer Federal Workforce Task Force released more guidance today on the President’s executive order directing federal government contractors and subcontractors to implement a vaccine mandate for their employees.