Health Care in 2019: Year in Review

https://www.commonwealthfund.org/blog/2019/health-care-2019-year-review

Health care was front and center for policymakers and the American public in 2019. An appeals court delivered a decision on the Affordable Care Act’s (ACA’s) individual mandate. In the Democratic primaries, almost all the presidential candidates talked about health reform — some seeking to build on the ACA, others proposing to radically transform the health system. While the ACA remains the law of the land, the current administration continues to take executive actions that erode coverage and other gains. In Congress, we witnessed much legislative activity around surprise bills and drug costs. Meanwhile, far from Washington, D.C., the tech giants in Silicon Valley are crashing the health care party with promised digital transformations. If you missed any of these big developments, here’s a short overview.

 

1. A decision from appeals court on the future of the ACA: On December 18, an appeals court struck down the ACA’s individual mandate in Texas v. United States, a suit brought by Texas and 17 other states. The court did not rule on the constitutionality of the ACA in its entirety, but sent it back to a lower court. Last December, that court ruled the ACA unconstitutional based on Congress repealing the financial penalty associated with the mandate. The case will be appealed to the U.S. Supreme Court, but the timing of the SCOTUS ruling is uncertain, leaving the future of the ACA hanging in the balance once again.

 

2. Democratic candidates propose health reform options: From a set of incremental improvements to the ACA to a single-payer plan like Medicare for All, every Democratic candidate who is serious about running for president has something to say about health care. Although these plans vary widely, they all expand the number of Americans with health insurance, and some manage to reduce health spending at the same time.

 

3. Rise in uninsured: Gains in coverage under the ACA appear to be stalling. In 2018, an estimated 30.4 million people were uninsured, up from a low of 28.6 million in 2016, according to a recent Commonwealth Fund survey. Nearly half of uninsured adults may have been eligible for subsidized insurance through ACA marketplaces or their state’s expanded Medicaid programs.

 

4. Changes to Medicaid: States continue to look for ways to alter their Medicaid programs, some seeking to impose requirements for people to work or participate in other qualifying activities to receive coverage. In Arkansas, the only state to implement work requirements, more than 17,000 people lost their Medicaid coverage in just three months. A federal judge has halted the program in Arkansas. Other states are still applying for waivers; none are currently implementing work requirements.

 

5. Public charge rule: The administration’s public charge rule, which deems legal immigrants who are not yet citizens as “public charges” if they receive government assistance, is discouraging some legal immigrants from using public services like Medicaid. The rule impacts not only immigrants, but their children or other family members who may be citizens. DHS estimated that 77,000 could lose Medicaid or choose not to enroll. The public charge rule may be contributing to a dramatic recent increase in the number of uninsured children in the U.S.

 

6. Open enrollment numbers: As of the seventh week of open enrollment, 8.3 million people bought health insurance for 2020 on HealthCare.gov, the federal marketplace. Taking into account that Nevada transitioned to a state-based exchange, and Maine and Virginia expanded Medicaid, this is roughly equivalent to 2019 enrollment. In spite of the Trump administration’s support of alternative health plans, like short-term plans with limited coverage, more new people signed up for coverage in 2020 than in the previous year. As we await final numbers — which will be released in March — it is also worth noting that enrollment was extended until December 18 because consumers experienced issues on the website. In addition, state-based marketplaces have not yet reported; many have longer enrollment periods than the federal marketplace.

 

7. Outrage over surprise bills: Public outrage swelled this year over unexpected medical bills, which may occur when a patient is treated by an out-of-network provider at an in-network facility. These bills can run into tens of thousands of dollars, causing crippling financial problems. Congress is searching for a bipartisan solution but negotiations have been complicated by fierce lobbying from stakeholders, including private equity companies. These firms have bought up undersupplied specialty physician practices and come to rely on surprise bills to swell their revenues.

 

8. Employer health care coverage becomes more expensive: Roughly half the U.S. population gets health coverage through their employers. While employers and employees share the cost of this coverage, the average annual growth in the combined cost of employees’ contributions to premiums and their deductibles outpaced growth in U.S. median income between 2008 and 2018 in every state. This is because employers are passing along a larger proportion to employees, which means that people are incurring higher out-of-pocket expenses. Sluggish wage growth has also exacerbated the problem.

 

9. Tech companies continue inroads into health care: We are at the dawn of a new era in which technology companies may become critical players in the health care system. The management and use of health data to add value to common health care services is a prime example. Recently, Ascension, a huge national health system, reached an agreement with Google to store clinical data on 50 million patients in the tech giant’s cloud. But the devil is in the details, and tech companies and their provider clients are finding themselves enmeshed in a fierce debate over privacy, ownership, and control of health data.

 

10. House passes drug-cost legislation: For the first time, the U.S. House of Representatives passed comprehensive drug-cost-control legislation, H.R. 3. Reflecting the public’s distress over high drug prices, the legislation would require that the government negotiate the price of up to 250 prescription drugs in Medicare, limit drug manufacturers’ ability to annually hike prices in Medicare, and place the first-ever cap on out-of-pocket drug costs for Medicare beneficiaries. This development is historic but unlikely to result in immediate change. Its prospects in the Republican–controlled Senate are dim.

 

 

 

Healthcare’s number one financial issue is cybersecurity

https://www.healthcarefinancenews.com/node/139027?mkt_tok=eyJpIjoiTURRMk1tVTFaVE15TkRjMiIsInQiOiJPNUYydDU5cFVodjB4bnlnb2M0eVhDNjg2YU53NDl6MWFRQlVpUEpmTzV5cEcrVVZMWldhd1AzbHNlckIwUWJHczlhOVRMZUxxSngyWk02VVhXTktXRjN1OE9mbkQ2V2FhQlBqVFIzOWpMS0pNUEdCYWh0SUQyZWZHRmpBQjRFWiJ9

Image result for hospital cybersecurity

The cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity and reputation.

Cyber attacks affect the finances of every hospital and insurer like no other.

“I’ve seen estimates of over $5 billion in costs to the healthcare industry annually,” said Lisa Rivera, a partner at Bass, Berry and Sims who focuses on healthcare security. “That’s enormous and is not going away.”

Beyond the cost to find a solution to fix breaches and to settle any civil complaints are fines from the Department of Health and Human Services Office of Civil Rights. In 2018, OCR issued 10 resolutions that totalled $28 million.

The HHS Office of Civil Rights is stepping up breach enforcement of private health information, according to Rivera, who is a former assistant U.S. Attorney and federal prosecutor handling civil and criminal investigations for the Department of Justice.

What officials want to see is that the hospital or insurer has taken reasonable efforts to avoid a breach.

“There is no perfect cybersecurity,” Rivera said. “They say it’s not perfection, it’s reasonable efforts. That’s going to require an investment up-front to see where data is located, and educating the workforce on phishing incidents.”

Also, hospital finance professionals who are relying more on contractors for revenue cycle management and analytics should take note on the security issues involved in sharing this information.

“Every sector of business has attacks, but healthcare is experiencing the largest growth of cyber attacks because of the nature of its information,” Rivera said. “It’s more valuable on the dark web.”

It’s also not easily fixed.

If an individual’s credit card is stolen, the consumer can cancel his or her credit card. But in health records, the damage is permanent.

THE IMPACT

Despite the number of breaches, healthcare has been behind other sectors in taking security measures. Four to seven percent of a health system’s IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry, according to Rivera.

Hospitals are behind because first, it’s a challenge to keep up with the move to more information being in electronic form.

“There’s no hospital that doesn’t have mobile EHR information,” Rivera said. “Then there was this transition with incentives from the government to go to electronic medical records. There were vast routes to doing that without a lot of experience involved in doing it. The push to become electronic began happening with this enormous uptick in cyber attacks.”

Also, the focus of healthcare has always been patient care. The population health explosion also involves the sharing of information.

And consolidation across the healthcare industry can potentially make covered entities more vulnerable to lapses in security during the transition and integration phases.

RECOMMENDATIONS

The number one way to cut costs is to prevent a breach. Once one has happened, hospitals must be able to identify it as soon as possible and then be able to respond to it.

Hospitals should be able to determine where certain data goes off the rail, Rivera said. For instance, large systems doing research have outcome information that may not be within the system of protection.

“You don’t want to learn about a data breach because the FBI saw it on the dark web,” Rivera said. And some hospitals have.

It’s a constant battle of software updates and checks. Criminals are pinging systems thousands of times a day. It’s like locking down doors and windows.

The first thing that’s needed for systems large and small is a risk assessment. This is the first thing the OCR wants to see, she said. Many hospitals use an outside vendor to do the job.

Prices for other cybersecurity measures vary from a software purchase that could be in the millions, to having vendor monitoring.

But the cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity, reputation and the service disruption.

Hospitals can also purchase cyber insurance, which varies in cost and coverage. Some obtain it for purposes of class action lawsuits.

THE LARGER TREND

OCR enforcement activity during 2018 demonstrates the agency’s continued emphasis on enforcing violations of the security risk assessment and risk management requirements, Rivera said.

Covered entities and business associates are required to: conduct a thorough assessment of the threats and vulnerabilities across the enterprise;    implement measures to reduce known threats and vulnerabilities to a reasonable and appropriate level; and ensure that any vendor or other organization accessing or storing private health information is security compliant.
The OCR concluded 2018 with an all-time record year for HIPAA enforcement  activity. The OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This surpassed the previous record of $23.5 million from 2016.

In addition, OCR also achieved the single largest individual HIPAA settlement  of $16 million with Anthem, representing a nearly three-fold increase over the previous record settlement of $5.5 million in 2016. Anthem was held responsible for cyber attacks that stole the protected health information of close to 79 million people.

 

The Tragedy of the Healthcare Data Commons

The Tragedy of the Healthcare Data Commons

Image result for The Tragedy of the Healthcare Data Commons

Once the system can discriminate on a multitude of data points, the commons collapses.

A theme of my writing over the past ten or so years has been the role of data in society. I tend to frame that role anthropologically: How have we adapted to this new element in our society? What tools and social structures have we created in response to its emergence as a currency in our world? How have power structures shifted as a result?

Increasingly, I’ve been worrying a hypothesis: Like a city built over generations without central planning or consideration for much more than fundamental capitalistic values, we’ve architected an ecosystem around data that is not only dysfunctional, it’s possibly antithetical to the core values of democratic society. Houston, it seems, we really do have a problem.

Last week ProPublica published a story titled Health Insurers Are Vacuuming Up Details About You — And It Could Raise Your Rates.  It’s the second in an ongoing series the investigative unit is doing on the role of data in healthcare. I’ve been watching this story develop for years, and ProPublica’s piece does a nice job of framing the issue. It envisions  “a future in which everything you do — the things you buy, the food you eat, the time you spend watching TV — may help determine how much you pay for health insurance.”

Unsurprisingly, the health industry has  developed an insatiable appetite for personal data about the individuals it covers. Over the past decade or so, all of our quotidian activities (and far more) have been turned into data, and that data can and is being sold to the insurance industry:

“The companies are tracking your race, education level, TV habits, marital status, net worth. They’re collecting what you post on social media, whether you’re behind on your bills, what you order online. Then they feed this information into complicated computer algorithms that spit out predictions about how much your health care could cost them.”

HIPPA, the regulatory framework governing health information in the United States, only covers and protects medical data – not search histories, streaming usage, or grocery loyalty data. But if you think your search, video, and food choices aren’t related to health, well, let’s just say your insurance company begs to differ.

Lest we dive into a rabbit hole about the corrosive combination of healthcare profit margins with personal data (ProPublica’s story does a fine job of that anyway), I want to pull back and think about what’s really going on here.

The Tragedy of the Commons

One of the most fundamental tensions in an open society is the potential misuse of resources held “in common” – resources to which all individuals have access. Garrett Hardin’s 1968 essay on the subject, “The Tragedy of the Commons,” explores this tension, concluding that the problem of human overpopulation has no technical solution. (A technical solution is one that does not require a shift in human values or morality (IE, a political solution), but rather can be fixed by application of science and/or engineering.) Hardin’s essay has become one of the most cited works in social science – the tragedy of the commons is a facile concept that applies to countless problems across society.

In the essay, Hardin employs a simple example of a common grazing pasture, open to all who own livestock. The pasture, of course, can only support a finite number of cattle. But as Hardin argues, cattle owners are financially motivated to graze as many cattle as they possibly can, driving the number of grass munchers beyond the land’s capacity, ultimately destroying the commons. “Freedom in a commons brings ruin to all,” he concludes, delivering an intellectual middle finger to Smith’s “invisible hand” in the process.

So what does this have to do with healthcare, data, and the insurance industry? Well, consider how the insurance industry prices its policies. Insurance has always been a data-driven business – it’s driven by actuarial risk assessment, a statistical method that predicts the probability of a certain event happening. Creating and refining these risk assessments lies at the heart of the insurance industry, and until recently, the amount of data informing actuarial models has been staggeringly slight. Age, location, and tobacco use are pretty much how policies are priced under Obamacare, for example. Given this paucity, one might argue that it’s utterly a *good* thing that the insurance industry is beefing up its databases. Right?

Perhaps not. When a population is aggregated on high-level data points like age and location, we’re essentially being judged on a simple shared commons – all 18 year olds who live in Los Angeles are being treated essentially the same, regardless if one person has a lurking gene for cancer and another will live without health complications for decades. In essence, we’re sharing the load of public health in common – evening out the societal costs in the process.

But once the system can discriminate on a multitude of data points, the commons collapses,  devolving into a system rewarding whoever has the most profitable profile. That 18-year old with flawless genes, the right zip code, an enviable inheritance, and all the right social media habits will pay next to nothing for health insurance. But the 18 year old with a mutated BRCA1 gene, a poor zip code, and a proclivity to sit around eating Pringles while playing Fortnite? That teenager is not going to be able to afford health insurance.

Put another way, adding personalized data to the insurance commons destroys the fabric of that commons. Healthcare has been resistant to this force until recently, but we’re already seeing the same forces at work in other aspects of our previously shared public goods.

A public good, to review, is defined as “a commodity or service that is provided without profit to all members of a society, either by the government or a private individual or organization.” A good example is public transportation. The rise of data-driven services like Uber and Lyft have been a boon for anyone who can afford these services, but the unforeseen externalities are disastrous for the public good. Ridership, and therefore revenue, falls for public transportation systems, which fall into a spiral of neglect and decay. Our public streets become clogged with circling rideshare drivers, roadway maintenance costs skyrocket, and – perhaps most perniciously – we become a society of individuals who forget how to interact with each other in public spaces like buses, subways, and trolley cars.

Once you start to think about public goods in this way, you start to see the data-driven erosion of the public good everywhere. Our public square, where we debate political and social issues, has become 2.2 billion data-driven Truman Shows, to paraphrase social media critic Roger McNamee. Retail outlets, where we once interacted with our fellow citizens, are now inhabited by armies of Taskrabbits and Instacarters. Public education is hollowed out by data-driven personalized learning startups like Alt School, Khan Academy, or, let’s face it, YouTube how to videos.

We’re facing a crisis of the commons – of the public spaces we once held as fundamental to the functioning of our democratic society. And we have data-driven capitalism to blame for it.

Now, before you conclude that Battelle has become a neo-luddite, know that I remain a massive fan of data-driven business. However, if we fail to re-architect the core framework of how data flows through society – if we continue to favor the rights of corporations to determine how value flows to individuals absent the balancing weight of the public commons – we’re heading down a path of social ruin. ProPublica’s warning on health insurance is proof that the problem is not limited to Facebook alone. It is a problem across our entire society. It’s time we woke up to it.

So what do we do about it? That’ll be the focus of a lot of my writing going forward.  As Hardin writes presciently in his original article, “It is when the hidden decisions are made explicit that the arguments begin. The problem for the years ahead is to work out an acceptable theory of weighting.” In the case of data-driven decisioning, we can no longer outsource that work to private corporations with lofty sounding mission statements, whether they be in healthcare, insurance, social media, ride sharing, or e-commerce.

Originally published here.

2018 July 27

 

 

 

Healthcare mergers and acquisitions require sensible data sharing strategies, and a solid analytics framework

https://www.healthcarefinancenews.com/news/healthcare-mergers-and-acquisitions-require-sensible-data-sharing-strategies-and-solid?mkt_tok=eyJpIjoiTmpJME5qVTNOVEU1TXpRdyIsInQiOiJDdUIxQ1NKdng1b0FkQ1wvQlwvNFBTc1JIbmVwYUZOeUhCZ3VlNlZzdmhNbkhBQlhnXC9JeTI4c2NDeE80REk0YWJ1Nk1jSzl4QjFDbjFMTkxKdmVCblY1RUlSYTIwUmlhSEJ6VXpkOUZZdytUWDhaV1poaEljcVh5ZFdEOUdVZlQzZyJ9

While it’s important for disparate EHRs to communicate with one another, organizations need a better handle on analytics and dashboards.

Mergers and acquisitions in healthcare have been going along at a pretty good clip for a number of years now. The volume of deals remains high, and with larger entities primed to scoop up some of their smaller, struggling peers, the trend seems poised to continue.

There’s an issue that consolidating organizations consistently run into, however: data sharing.

Specifically, many organizations that have initiated merger activity fail to consider that not only will the consolidation necessitate integrating multiple electronic health records, but other ancillary systems as well.

These organizations need to produce the analytics that are required to manage what’s essentially a new business, and that starts with the development of some sort of analytics blueprint early on in the merger activity.

As two or more forces join into one, it’s important to have the analytics blueprint in place so leaderships knows which dashboards are going to be needed for success.

“There used to be a trend where everyone was converted onto the same EHR platform,” said John Walton, solutions architect for IT consulting company CTG. “I guess the thought is that if everyone is converted, the problem will go away. Now … they end up in a situation where they can’t produce the kind of dashboards that are needed.”

THE FRAMEWORK

A key component of an effective analytics blueprint is a conceptual data model — basically a visual representation of what domains are needed for the dashboards.

“It sounds difficult to produce, but if it takes more than four to six weeks to produce something like that, you’re overthinking it,” said Walton. “But that’s then starting point. The key component is that analytics framework.”

Failure to have a framework in place can result in the newly merged entity losing out in terms of revenue and productivity. And once the problem becomes manifest, there’s often a lot of manual effort that goes into serving, for example, the financial dashboards that are so needed by CFOs. A lot of the manual effort goes into putting the data into Excel spreadsheets, which only puts a Band-Aid on the problem.

“The framework essentially provides pre-built routines to extract data from multiple data sources, as well as from financial systems,” said Walton. “It also provides, for lack of a better term, the data plumbing to enterprise standards, and most importantly there’s an analytic layer. The endgame is that the dashboards need to sit on top of an analytics layer that is easy to do analytics on. What it contains is pre-computed performance indicators based on approved business rules with multiple levels of aggregation.”

An effective framework, as with so many other things, begins with C-suite leadership. Having executive sponsorship, or at least an understanding of the issue at an executive level, can translate into a vision for how to integrate the data and provide the analytics that are needed to successfully manage the business.

PLANNING PROACTIVELY

Walton once observed a national organization that acquired another entity, and after two years the CEO still didn’t have any executive dashboards — which means a lack of visibility into the performance metrics. The CEO hen issued what was effectively a mandate to the acquiring organization: Get this done within three months, or else.

Thus began a flurry of activity to et the dashboard situation straightened out, which is not where an organization wants to be. Proactive planning is essential, yet Walton doesn’t see a lot of that in healthcare.

“I’ve never seen an organization proactively plan for this,” he said. “That doesn’t mean it’s not happening, but in my experience I haven’t seen it.”

In the meantime, mergers and acquisitions keep happening. Even if merging organizations become aware of the problem and factor that into their decision-making there’s another issue to consider.

“Another extremely significant problem is data quality and information consistency,” said Walton. “That problem really is not universally dealt with, in healthcare or for that matter other industries. It’s almost like they’ve learned to live with it. It’s almost like we need a call to arms or something. You’re almost certainly going to have the need for an analytics framework that will apply the data to your standards.”

The data in question could encompass missing or clinically inappropriate data. Quality, in this case, has to do with the cleanliness of the data. In terms of consistency, a good example would be something like average length of stay. There’s an opportunity to ensure that the right data ownership and stewardship is in place.

Importantly, it’s primarily a business solution. It’s possible that one of the merging entities has a data governance strategy, but all too often that strategy was launched by the IT department — which is not where an organization wants to be, said Walton, because it’s primarily a business problem rather than one that’s purely technical.

Data governance is a very well-known concept, but people struggle with its actual implementation for a number of reasons,” he said. “One, there’s a technical aspect of it, which centers around how we identify data quality issues. What kinds of tools are they going to use to address data quality issues?

“Then there’s establishing ownership of the data, and who are the subject matter experts. And there’s a workflow aspect that most organizations fail to deal with.”

It all starts with the framework. Only then can merging organizations get an appropriate handle on its data and analytics landscape.