Monday Notes

The FEHBlog realized with horror today that he had failed to provide a link to The Week in Congress' review of last week's actions up on Capitol Hill. Here's the missing link.

For over a decade, the HIPAA Privacy and Security Rules have provided the regulated parties with necessary flexibility to conduct business while safeguarding data. Modern Healthcare nevertheless reports on a controversy over the appointment of privacy lawyer Deven McGraw to head HIPAA enforcement at HHS's Office for Human Rights.  Apparently, some consider Ms. DeGraw to be too moderate.  The FEHBlog thinks that the federal government is lucky to have Ms. DeGraw.

Of course, it may be hard to appreciate the ongoing value of HIPAA when there seems to be another large data breach overtime you turn around. The OPM breach illustrates the difficulty of keeping ahead of the very bad guys.  The law simply has a hard time keeping up with technology whether it's used for good or bad.

Defense One analyzes OPM's efforts to enhance its data security. Today OPM took offline for repair E-QIP, its "web-based platform used to complete and submit background investigation forms."  Also today, a large federal employee filed a class action lawsuit against OPM and a contractor Keypoint Government Solutions over the data breach.

Weekend Update

Congress is now out of session for the upcoming Independence Day holiday.  Nextgov has provided its perspective on last week's OPM data breach hearings. The Federal-Postal Coalition, which encompasses most federal employee and annuitant groups, has written a letter to the President about the issues created by the data breaches.

The Supreme Court ends its current term tomorrow with three argued cases left to decide according to ABC News.  As the FEHBlog and many others expected, the Supreme Court did legalize same sex marriage nationwide last Friday. This decision affects OPM's rule allowing federal employees residing in the states that were not licensing those marriages to enroll the children of same sex domestic partners in the FEHBP. Children enrolled under this rule will lose their coverage at the end of this year unless their parents marry before then.

Fortune reports that the Supreme Court's King v. Burwell decision reinvigorated merger and acquisition activity in the health insurance sector. The report indicates that Humana's Board of Directors prefers Aetna's acquisition proposal to Cigna's.

Finally, Onclive provides an interesting report on three different health insurer approaches to control the exploding cost of oncology care.

Reflections

The FEHBlog has been following the SCOTUSblog this month because as a DC lawyer it is fun to watch the Supreme Court decisions.  Yesterday, the Supreme Court issued its hotly awaited decision in King v. Burwell. The Court in a 6-3 decision written by the Chief Justice preserves the status quo with respect to subsidies in the ACA exchanges.  That's not a bad result in and of itself and the decision does not directly impact the FEHBP. If the decision had gone the other way, the likely result would have been that Congress would preserve the status quo on subsidies at least until after the next Presidential election and in return wrangle some ACA amendments out of the Administration. It would be messy but it would be small "d" democratic in the FEHBlog's view.

This blog, which has been around for close to 10 years now, has documented how ACA has complicated and raised costs for the FEHBP.  The key small "d" democratic flaw in the ACA is that it was enacted with no big r republican votes. If the Supreme Court had decided King v. Burwell the other way (and Justice Scalia explains in his dissent how it could have), then, the ACA could have become more palatable to both parties. But now, the ACA will remain a big issue for the 2016 Presidential election. The Supreme Court decision raised the stakes.

Today or Monday, the Supreme Court will decide the same sex marriage case. If as I expect the Supreme Court rules that the Constitution requires states to license same sex marriages, OPM will promptly and properly extend federal employee benefits coverage to same sex spouses nationwide.

Yesterday, OPM finished its gauntlet of data breach hearings on Capitol Hill There's a good Govexec update on those hearings here.

Mid-week update

OPM has completed two of the three Congressional hearings about its data breach scheduled for this week. The agency posted a report on its cybersecurity efforts today. A Nextgov article reminds us that OPM and its Inspector General are gathering boatloads of employee heath data in their computer systems.  The FEHBlog is not a fan of these giant healthcare databases.

Anthem is continuing to pursue Cigna. Forbes has an interesting report on various business factors complicating this potential merger.

OPM announced yesterday that the agency is prohibiting FEHB plans from generally excluding gender transition or sex transformation services for transgendered services beginning next year. In June 2014, OPM removed the FEHBP wide exclusion for those services, and several plans, such as Aetna and the Foreign Service Benefit Plan, began to offer coverage for those services in 2015.

Health Data Management reports on an HCCI health care price transparency initiative that merits attention.

The centerpiece of HCCI’s undertaking is a website that it launched this past February—www.Guroo.com. Underlying the user-friendly site is a statistically-driven cost calculator that provides average national and regional charges for common medical procedures that can be planned for in advance, like childbirth and knee replacements.
The procedures are grouped together as “care bundles,” which are meant to represent a typical consumer experience around a set of services such as maternity care. Currently, the site provides pricing for 78 care bundles and is working to expand the number to more than 300. Which procedures to include in care bundles was determined by mining claims data for the most commonly used CPT codes.
Along with pricing, HCCI is also working to provide standard quality measures for these care bundles based on reported outcomes and consumer surveys conducted through the Guroo.com site.

Cool.

Drug Channels mines the Fortune 500 to divine and compare the profitability of eight drug channels companies —AmerisourceBergen, Cardinal Health, CVS Health, Express Scripts, McKesson, Omnicare, Rite Aid, and Walgreens. Useful.

Weekend Update

Happy Fathers Day all.  Congress is in session this week. There are three hearings scheduled on the OPM data breach - Senate Appropriations subcommittee with OPM oversight responsibility, Tuesday at 10 am; full House Oversight and Government Reform Committee on Wednesday at 10 am and the full Senate Homeland Security and Governmental Affairs Committee on Thursday at 9:30 am. The House committee held a hearing following by a confidential session last week. The New York Times provided more background on both sessions this morning.  Here's a snippet from the article that caught the FEHBlog's eye:

“This [referring to the data breach] was classic espionage, just on a scale we’ve never seen before from a traditional adversary,” one senior administration official said. “And it’s not a satisfactory answer to say, ‘We found it and stopped it,’ when we should have seen it coming years ago.”

The FEHBlog reads we in the context of this snippet to mean the U.S. government, not just OPM. This breach like the Anthem, Premera, and Sony breaches present national security issues.  The country has to pull together to stop further breaches. What steps should be taken in the meanti"me?

Note -- In a June 12 post, the FEHBlog referenced a Wall Street Journal story reporting that one of the OPM breaches may been discovered in the course of a sales presentation by CyTech. OPM asserts according to Fortune that the CyTech assertion is inaccurate.

In 2009, the FEHBlog attended a NASCAR race with a friend. It was the last regular season race before the Chase, and Dale Earnhardt, Jr. needed to finish in the top five and several contenders needed to not cross the finish line in order for Junior to make the Chase. Junior's hood was adorned with a sketch of Elvis. Who could not be pulling for Junior. Late in the race when Junior was in the top five and the drivers required to DNF were in the garage, a fan in my row screamed (and you had to scream it was so loud) that "It was happening." Of course, less than five minutes later Junior crashed and the hopefully DNF drivers got back on the track. So you shouldn't count your chickens before they hatch. Similarly. the Wall Street Journal reported yesterday that Anthem had made a public bid -- directly to the shareholders -- to acquire Cigna and that Aetna had made a proposal to the Humana board, which after all is soliciting proposals. Here is a link to a more detailed AP article from the Hartford Courant. The Wall Street Journal reported within the hour that the CIGNA Board rejected Anthem's latest offer but held the door open for further discussions. Who knows how this will end up?, but certainly something is happening.

Finally, the FEHBlog ran across two stories about doctors doing good deeds:

• The New York Times ran a monster story this morning about how U.S. hospitals have collaborated for the good of their patients to vastly accelerate heart attack care with impressive results. 

"With no new medical discoveries, no new technologies, no payment incentives — and little public notice — hospitals in recent years have slashed the time it takes to clear a blockage in a patient’s arteries and get blood flowing again to the heart. The changes have been driven by a detailed analysis of the holdups in treating patients and a nationwide campaign led by the American College of Cardiology, a professional society for specialists in heart disease, and the American Heart Association. Hospitals across the country have adopted common-sense steps that include having paramedics transmit electrocardiogram readings directly from ambulances to emergency rooms and summoning medical teams with a single call that sets off all beepers at once."

• The FEHBlog noted that at the ASCO conference earlier this month, a leading oncologist from Memorial Sloan Kettering hospital publicly complained about the high cost of oncology drugs. The Wall Street Journal discusses how another physician from this hospital developed a Drug Abacus tool "that compares the cost of more than 50 cancer drugs with what the prices would be if they were tied to factors such as the side effects the drugs produce, and the amount of extra life they give patients. In many cases, the website calculates a price that is lower than the drug’s market price." Kudos all around. 

TGIF

OPM has posted additional FAQs about the data breach and the Washington Post provided more background here. The Post reports this afternoon that the OPM Inspector General has raised  with Congress“'serious concerns' about a proposed $91 million computer overhaul of OPM networks [to prevent future breaches], saying it had not followed management guidelines and relied on a no-bid contract to a single vendor."

Yesterday, the House Appropriations Committee cleared by a 30-20 vote the Financial Services and General Government Appropriations bill that funds the FEHBP. Here's a link to the Week in Congress which reports that the House approved several health care / benefits related bills this week.

In a spot of good news, Healthcare Informatics reports that American consumers are hungry for healthcare pricing information, and Fierce Healthpayer offers health plans a special report about the benefits and challenges of reference pricing, an approach the FEHBlog favors.

Buck Consultants offers employers and health plans a report on the latest Internal Revenue Service guidance about ACA reporting under IRC § 6055 and 6056 (IRS Forms 1095-B and 1095-C). Section 6055 reports, which health plans must submit, provides the IRS with information to support individual taxpayer claims about compliance with the ACA's individual shared responsibility mandate. Section 6056 reports, which applicable large employers much submit,provides the IRS with information about the compliance with the ACA's shared responsibility mandate.  These reports present a major, annual headache for health plans and employers.

Follow up on Tuesday's hearing

The FEHBlog watched (thanks to the Internet) most of the nearly three hour long Congressional hearing on the OPM data breach.  The FEHBlog's takeaway (as a small businessperson) was the importance of a reliable IT security expert because there are a lot of moving parts to this problem. Also be careful about what you store on the computer. If you simply need to store sensitive documents, use a filing cabinet, at least for the time being.

OPM at the hearing contended that the root of its problem is outdated computer networks. However, according to media reports, which the FEHBlog previously has noted, the hackers who "exfiltrated" data from OPM also exfiltrated data from Anthem and Premera which certainly have modern systems and like OPM heavy security.

The fallout from the hearing has not not been favorable for OPM as Federal News Radio reports.  The Washington Post reports about widespread and valid criticism of OPM's remedial approach of sending breach notification emails to affected individuals.

Tuesday Quick Hits

OPM is testifying this morning before the House Government Reform and Oversight Committee about its data breaches according to this Hill report.  Meanwhile, OMB directed federal agencies to commence a 30 day long cybersecurity sprint as explained in this Federal News Radio report. Remediation is a standard practice following a data breach. 

Yesterday CVS announced that it had struct a virtually permanent deal with Target stores to replace Target owned pharmacies located in their stores with CVS pharmacies according to this Forbes report. "The deal will increase CVS’s presence in key cities across the west, including Denver, Seattle, Portland, and Salt Lake City."  Filling in these geographic gaps in the CVS pharmacy chain is helpful for FEHBP carriers that use the CVS Caremark prescription benefit management service.

Finally, and it's an earthquake alert, the Wall Street Journal is reporting this morning that United Healthcare is bidding to purchase Aetna and Anthem is bidding to purchase CIGNA.  Those are the four largest health insurers in the U.S.

UnitedHealth made a preliminary takeover approach to Aetna Inc. in the last few days, people familiar with the matter said. Given Aetna’s market value of about $42 billion, any deal for the company would likely be valued at least that high. UnitedHealth has a market value of more than $110 billion. Aetna has been eyeing Humana Inc., which is exploring a sale. 

Meanwhile, Anthem and Cigna Corp. have been in discussions about a deal for months, though Cigna has rebuffed Anthem’s advances, according to people familiar with the matter. Based on the per-share price Anthem offered, a deal would be valued at some $45 billion.

Holy moley, batman.

Weekend update

As the FEHBlog mentioned on Friday Congress is in session on Capitol Hill this week. The Supreme Court has three more decision Mondays and conference Thursdays scheduled for this month, the last of its current session. The New York Times is keeping track of the major decisions here.

Here's the latest Federal News Radio report on the OPM breach. The FEHBlog did not realize until he read this article that the government has discovered two breaches at OPM. The second breach involved security clearance forms.  The greatest irony here in the FEHBlog's view is that this astounding data loss never would have occurred if we were living without the internet. The paper records or microfiched rolls would be safely stored in a large cave in Pennsylvania.  In retrospect (and what after all is a risk assessment other than the careful application of the retrospectoscope) it appears that the security clearance forms never should have been scanned into the computer network. We simply have many more years of experience in successfully securing paper documents than we have successfully securing computer files.  The FEHBlog trusts that everyone will be cutting back on these mega-databases until we can get this hacking problem solved.

Roll Call reports that the Senators from Maryland and Virginia have sent a letter to the OPM Director about the security breach. --  "criticizing the agency for a lack of transparency surrounding the breach affecting executive branch workers and failing to properly encrypt Social Security numbers." But as the FEHBlog has pointed out it's not currently feasible to encrypt sensitive databases that are constantly in use as explained in this article.  The article concludes

Protecting large databases like Anthem's is a challenge. We need better software security, and we need better structural tools to isolate the really sensitive data from average, poorly protected machines. There may even be a role for encryption, but simply encrypting the social security numbers isn't going to do much.

Here's a link to a Modern Healthcare blog article breaking down Medicare Part B payments to specialists. CMS recently released the 2013 Medicare Part B payment data to doctors.  Oncologists get the paid the most on average and internists and general practitioners the least. No surprise there.

TGIF

Here's a link to The Week in Congress's account of this week's activities on Capitol Hill. Congress is back at it next Monday.

This afternoon, the ACA regulators announced that the finalization of the revised summary of benefits and coverage rule. The SBC of course is the ACA's approach to creating transparency in health insurance shopping and the FEHBlog actually has seen one person use the SBCs for that purpose.  It is unfortunate but not surprising that the ACA did not require doctors to provide information about, for example, the networks in which they participate,  New York State recently implemented a no healthcare surprises law which does impose this requirement on providers.

The next SBC shoe to drop is the release of revised versions of the templates which, according to the announcement, are expected next year. The new templates would be used for the 2017 plan year.

The OPM data breach is now being referred to as a cyber Pearl Harbor by FCW. Here are recent reports from the the Wall Street Journal, Washington Post, and Wired magazine which illustrate the aptness of the description,  The FEHBlog was stunned by this Wall Street Journal report referenced in the Wired article:

"[F]our people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or more."

Mid-week update

The OPM Director appeared before a closed session of the House Intelligence Committee last night to discuss the data breach.  A Democratic Congressman spoke with the Hill about the session here.

Arstechnica.com has a very detailed and interesting article about the scope and likely causes of the breach. The simple fact of the matter is that the Chinese government backed hackers linked to the Anthem, Premera, and OPM hacks currently have an advantage over our defenses.  The arstechnica.com article discusses this problem.  The FEHBlog does think that the best solution now under development is an encryption solution that preserves the searchability of the data. However, the country needs to improve its hacking defenses. Easier said than done.

The American Medical Association installed its new president this week. Dr. Steven A. Stack is an emergency room doctor from Tennessee. Dr. Stack, who is 43 years old, is the AMA's youngest president.  The FEHBlog heard Dr. Stack speak at a WEDI conference last fall, and he was very impressed. Take 6.28 minutes to watch this Modern Healthcare interview of Dr. Stack. He explains that the AMA's goals are to improve outcomes in diabetes and hypertension, bring medical education into the current century, and restore joy to the practice of medicine. Good luck, Dr. Stack.

A Food and Drug Administration Advisory Committee this week is reviewing the marketing applications for a new and of course expensive speciality drug designed to reduce cholesterol levels when statins don't work.  The Wall Street Journal explains that

This new class of medicines is often called PCSK9-inhibitors, because they block a protein called PCSK9, which interferes with the liver’s ability to clear so-called bad cholesterol from the bloodstream. That cholesterol, called LDL, is linked to cardiac disease, albeit imperfectly.

The Journal reports that the advisory committee recommended that the FDA approve Sanofi's marketing application for a limited class of patients.  The committee takes up an Amgen marketing application today.

Weekend update

Congress remains in session this week. The House Oversight and Government Reform Committee has a new website which reminds the FEHBlog of the recently refreshed HHS.gov website. Small world.

The Federal Times, which also has a recently refreshed website which the FEHBlog dislikes, reports on Congress reaction to the OPM data breach. Nextgov.com reports that the Government's $3 billion Einstein 3.0 anti-hacking program did not prevent breach even though it was installed on the Interior Department's shared services network.

The tool only looks at the traffic coming into the network as it traverses the Internet service provider, said Ron Gula, chief executive officer of Tenable Network Security, a major contractor for agencies that perform continuous monitoring. DHS is offering all agencies sensors, consulting services and other network surveillance tools under a $6 billion contract.

"The fact that EINSTEIN saw the attack or observed the network traffic from a long time ago is different from the fact that it was recognized as an attack only recently," he said. Essentially, EINSTEIN cannot act as a real-time detection system unless it knows the specific malware exists in the world. 

"At the end of the day, I actually give the federal government high marks for detecting this and reporting it," Gula said. "It was caught relatively quickly. The reality is, you are not going to keep out all intruders. It's not a reasonable expectation in today's day and age." 

If the FEHBlog managed Einstein's estate, he would be asking that Einstein's name be taken off this software. NPR posted an interview of several information security executives about the OPM breach. Here is the concluding snippet:

SHAHANI: OPM is offering victims 18 months of free credit monitoring and cyber-insurance. Jason Lewis, with the security firm Lookingglass, criticizes this offer, calls it knee-jerk.

JASON LEWIS: They offer that creditor monitoring like that is somehow going to protect people. There's no protection from anything.

SHAHANI: He says in this new era where our digital lives are being stolen, credit monitoring doesn't hurt, but it also doesn't help. Aarti Shahani, NPR News.

If Mr. Lewis is implying that there is a way to prevent these attacks (other than encrypting data in motion which the FEHBlog understands is not yet feasible), the FEHBlog asks how? The FEHBlog does consider these credit monitoring services to be helpful.

Sitting between the drug manufacturers and the pharmacies, including the PBMs' mail order pharmacies are the drug wholesalers.  Drug Channels reports on recent consolidation in that important sector.

The FEHBlog expects a lot out of personalized medicine. Therefore he was happy to see the Wall Street Journal's report that a major personalized medicine study was announced at last week's convention of the American Society of Clinical Oncologists.

The National Cancer Institute is launching a major trial in which it will play matchmaker between 1,000 advanced cancer patients and the growing cadre of drugs that can target tumors by their genetic mutations, not just where they occur in the body. 

The study, called NCI-Match, seeks to advance the emerging field of precision medicine by helping to spur development of drugs that precisely target mutations linked to tumor growth. At least 10 pharmaceutical companies will provide a total of more than 20 treatments to be tested—all under the structure of a single study. 

A key driver of the strategy is the fact that the same cancer-causing molecular traits are often found in a variety of tumor types, raising hope that a drug effective against the target in, say breast cancer, would be effective in a tumor originating in another organ. Indeed, Roche Holding AG’s breast-cancer drug Herceptin, which targets a receptor called Her2, turned out to be effective—and was eventually approved—for gastric tumors that have high levels of Her2. 

But the drug Zelboraf, which is especially effective against the skin cancer melanoma with a certain mutation in a gene called BRAF, turns out to have essentially no effect against colon cancer harboring the same mutation. “It’s a much more complicated issue than most people would like to hear,” said Richard Pazdur, chief of oncology at the U.S. Food and Drug Administration and a supporter of the studies. “I would have some element of caution” toward assuming broad success in the approach.

Of course, Rome was not built in a day.

Finally the U.S. Supreme Court has four more decision days calendared for this term.  The FEHBlog will be watching the old Scotusblog on Mondays this month. But it's possible that the Court could add a decision day particularly to the last week. The 2012 decision on the constitutionality of the ACA was handed down on Wednesday as the FEHBlog recalls.

TGIF

OPM disclosed yesterday that its personnel records had been hacked. Here is a link to comprehensive ihealthbeat story on the incident.  The FEHBlog was most interested in the Washington Post's report that 

Groups of hackers working for the Chinese government have to date compromised the networks of the Office of Personnel Management, which holds data on millions of current and former federal employees, as well as health insurance giant Anthem, among other targets, the researchers said.

“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target, whether electronically or via human recruitment [for espionage].”

In other words, the OPM, Anthem, and Premera hacks, among others, represent a significant national security issue which requires nationwide cooperation between government and industry to defeat the hackers, not finger pointing. That will not be easy, but it has to be done.

Here's a link to a the latest report from the Week in Congress, dated today. Congress will be in session on Capitol Hill again next week.

Modern Healthcare had two interesting articles on surveys:

• One article reports that Accenture found by survey that consumers prefer quality over choice in health plan provider networks.  Furthermore, 

Consumers are more loyal to their preferred airline or hotel chain than their doctors, he added. Only 26% of the 1,980 adults surveyed said they would definitely leave a network if their doctor stopped participating in it. Ninety-four percent said access to their medical records was the single most important piece of information-sharing.

They also valued things such as the ability to talk to their physician during and after business hours and tools such as online scheduling. “The assumption is that consumers are going to stay in these networks if their doctors are in the network,” Stephan said. “(But) it's not about the doctor, it's about the network experience.”

That is surprising to the FEHBlog.  

• The other reports that bioethicists are concerned that the current Medicare driven focus on patient satisfaction with hospital care may be leading to bad medical practices. 

The current metrics used to rate, rank and evaluate hospital quality continue to undergo scrutiny as the field of quality measurement advances in healthcare. Improvements are more frequently gained on easily tracked process measures, like using checklists and giving discharge instructions. But many have questioned whether focusing on those priorities will lead to improvements in patient outcomes such as lower mortality and lower readmission rates or result in unintended consequences.

That could likely be the case for patient satisfaction, the Hastings researchers suggest. “Pressure to tell patients what they want to hear and accede to unreasonable requests may increase the provision of unnecessary care,” and ultimately “lead healthcare astray, undermining the provision of optimum care for all.”

That does not surprise the FEHBlog.  

 

Eye catching

There were three articles in the Wall Street Journal today that caught the FEHBlog's eye.

1. CMS released data on 2013 Medicare Parts A and B payments to hospitals, doctors, and other providers today.  The Journal which brought a successful lawsuit to force the annual release of this data observes that 

The top 1% of billers of the federal insurance program for the elderly and disabled in 2013 reaped 17.5% of all payments that year. That same cluster of doctors and other individual providers received 16.6% of the program’s payments in 2012, figures show.

      2.   The Journal also reported on shortages of oncology and painkilling drugs in the U.S.

Interviews with company executives, hospital pharmacists and regulators point to several causes of the shortages. Companies have failed to build enough production capacity, haven’t maintained equipment, and failed to ward off contamination in aging plants. A U.S. Food and Drug Administration crackdown on shoddy quality unintentionally worsened the shortages because some companies responded by shutting down plants or scaling back production during renovations.

Many of the scarce drugs are older, injectable treatments that can be complex and costly to manufacture, but which command relatively low prices because they aren’t protected by patent. Hospitals and doctors’ offices are the main buyers of the drugs. Companies can’t easily increase prices because insurers reimburse many generic hospital-administered drugs under a payment system that is more frugal than for other medicines.

             Perhaps insurers can re-evaluate this payment system.

3.   At the annual  meeting of the American Society of Clinical Oncologists, Leonard Saltz,  MD,  chief of gastrointestinal oncology at Memorial Sloan Kettering Cancer Center spoke truth to power (big pharma finances this conference) by criticizing the high price of oncology drugs according to this Journal report.  “Cancer-drug prices are not related to the value of the drug,” Dr. Saltz said. “Prices are based on what has come before and what the seller believes the market will bear.”  This cock-eyed pricing philosophy which drug manufacturers apply across the board is bankrupting the country.