COVID-19 and the End of Individualism

https://www.project-syndicate.org/commentary/covid19-economic-interdependence-waning-individualism-by-diane-coyle-2020-05?utm_source=Project+Syndicate+Newsletter&utm_campaign=1cfd702284-covid_newsletter_07_05_2020&utm_medium=email&utm_term=0_73bad5b7d8-1cfd702284-105592221&mc_cid=1cfd702284&mc_eid=5f214075f8

Daniel Innerarity - Project Syndicate

The pandemic has shown that it is not existential dangers, but rather everyday economic activities, that reveal the collective, connected character of modern life. Just as a spider’s web crumples when a few strands are broken, so the coronavirus has highlighted the risks arising from our economic interdependence.

CAMBRIDGE – Aristotle was right. Humans have never been atomized individuals, but rather social beings whose every decision affects other people. And now the COVID-19 pandemic is driving home this fundamental point: each of us is morally responsible for the infection risks we pose to others through our own behavior.

In fact, this pandemic is just one of many collective-action problems facing humankind, including climate change, catastrophic biodiversity loss, antimicrobial resistance, nuclear tensions fueled by escalating geopolitical uncertainty, and even potential threats such as a collision with an asteroid.

As the pandemic has demonstrated, however, it is not these existential dangers, but rather everyday economic activities, that reveal the collective, connected character of modern life beneath the individualist façade of rights and contracts.

Those of us in white-collar jobs who are able to work from home and swap sourdough tips are more dependent than we perhaps realized on previously invisible essential workers, such as hospital cleaners and medics, supermarket staff, parcel couriers, and telecoms technicians who maintain our connectivity.

Similarly, manufacturers of new essentials such as face masks and chemical reagents depend on imports from the other side of the world. And many people who are ill, self-isolating, or suddenly unemployed depend on the kindness of neighbors, friends, and strangers to get by.

The sudden stop to economic activity underscores a truth about the modern, interconnected economy: what affects some parts substantially affects the whole. This web of linkages is therefore a vulnerability when disrupted. But it is also a strength, because it shows once again how the division of labor makes everyone better off, exactly as Adam Smith pointed out over two centuries ago.

Today’s transformative digital technologies are dramatically increasing such social spillovers, and not only because they underpin sophisticated logistics networks and just-in-time supply chains. The very nature of the digital economy means that each of our individual choices will affect many other people.

Consider the question of data, which has become even more salient today because of the policy debate about whether digital contact-tracing apps can help the economy to emerge from lockdown faster.

This approach will be effective only if a high enough proportion of the population uses the same app and shares the data it gathers. And, as the Ada Lovelace Institute points out in a thoughtful report, that will depend on whether people regard the app as trustworthy and are sure that using it will help them. No app will be effective if people are unwilling to provide “their” data to governments rolling out the system. If I decide to withhold information about my movements and contacts, this would adversely affect everyone.

Yet, while much information certainly should remain private, data about individuals is only rarely “personal,” in the sense that it is only about them. Indeed, very little data with useful information content concerns a single individual; it is the context – whether population data, location, or the activities of others – that gives it value.

Most commentators recognize that privacy and trust must be balanced with the need to fill the huge gaps in our knowledge about COVID-19. But the balance is tipping toward the latter. In the current circumstances, the collective goal outweighs individual preferences.

But the current emergency is only an acute symptom of increasing interdependence. Underlying it is the steady shift from an economy in which the classical assumptions of diminishing or constant returns to scale hold true to one in which there are increasing returns to scale almost everywhere.

In the conventional framework, adding a unit of input (capital and labor) produces a smaller or (at best) the same increment to output. For an economy based on agriculture and manufacturing, this was a reasonable assumption.

But much of today’s economy is characterized by increasing returns, with bigger firms doing ever better. The network effects that drive the growth of digital platforms are one example of this. And because most sectors of the economy have high upfront costs, bigger producers face lower unit costs.

One important source of increasing returns is the extensive experience-based know-how needed in high-value activities such as software design, architecture, and advanced manufacturing. Such returns not only favor incumbents, but also mean that choices by individual producers and consumers have spillover effects on others.

The pervasiveness of increasing returns to scale, and spillovers more generally, has been surprisingly slow to influence policy choices, even though economists have been focusing on the phenomenon for many years now. The COVID-19 pandemic may make it harder to ignore.

Just as a spider’s web crumples when a few strands are broken, so the pandemic has highlighted the risks arising from our economic interdependence. And now California and Georgia, Germany and Italy, and China and the United States need each other to recover and rebuild. No one should waste time yearning for an unsustainable fantasy.

 

 

 

Winners and losers of the HHS interoperability final rule

https://www.beckershospitalreview.com/ehrs/winners-and-losers-of-the-hhs-interoperability-final-rule.html?utm_medium=email

Image result for HHS interoperability final rule

HHS released its much-anticipated final rules on EHR interoperability, ruling against “information blocking” tactics by EHR vendors and giving patients more control over their medical records.

The new rule will be applied over the next two years and will make patient records downloadable to smartphones using consumer apps. Overall, members of the healthcare industry applaud these efforts to make patient information more accessible to improve healthcare delivery. However, there are privacy concerns around how patient data can be used once downloaded to third-party consumer apps that weren’t addressed in the final rule.

Here is a brief list of a few potential winners and losers of the new rule.

 

WINNERS

Patients. Patients now have more control over their medical records and will be able to access them through third-party apps for free, which will make it easier for them to take their medical records to new providers outside of their previous provider’s system. As a result, they will have more choice in where they go for healthcare.

Hospitals and physicians. The lengthy process of trying to convert a patient’s medical records will be unnecessary. Patients will no longer need to have their medical records faxed between healthcare facilities in different networks and the rule will streamline workflow around gathering patient data to provide the best possible care. Hospitals participating in Medicare and Medicaid will also be able to send electronic notifications to other facilities or providers when a patient is admitted, transferred or discharged under its new “Coordination of Participation” rule.

App developers and health IT startups. App developers that allow patients to store their health data and medical information will have access to that data, a virtual gold mine. The federal privacy protections limiting how providers and insurers share medical records do not apply when patients transfer data to consumer apps, according to the New York Times.

Apple and Microsoft. Healthcare providers will be required to send medical data in a format that is compatible on third-party apps including Apple Health Records. Microsoft is also working to sell technology in the health sector, and the new rule will make it easier, according to CNBC.

 

LOSERS

Patients. While the rule has many benefits to patients, there is also potential for disaster. Patients who download their medical information on consumer apps may find their information shared or sold. There could also be additional security issues if those apps are hacked. Finally, some patients may become confused by their medical records and notes if the information isn’t stated clearly, causing further anxiety around their care.

Hospitals and clinics. Patient leakage may become more common if it’s easier for patients to take their medical records with them. Healthcare organizations will also need to prepare for an influx of patient data and have strong governance procedures in place as they partner with payers and other organizations to incorporate clinical data with patient-gathered data and potentially social determinants of health data.

EHR vendors. EHR companies must now adopt application programming interfaces so their systems can communicate with third-party apps. EHR companies have two years to comply and face up to $1 million per violation for engaging in “information blocking.” The new focus on interoperability may also pave the way for competitors to gain market share over the two most dominant players, Epic and Cerner.

Epic. Epic was a notable opponent to the HHS interoperability rules, citing patient privacy concerns. If forced to collaborate with other companies, Epic could potentially lose its edge over competitors, according to an op-ed written by former HHS Secretary Tommy Thompson in the Wisconsin State Journal. He contended Epic would have to “give its trade secrets away to venture capitalists, Big Tech, Silicon Valley interests and overseas competitors for little or no compensation.” Epic is also the most dominant EHR, holding 28 percent of the acute care hospital market, which could be threatened by greater interoperability. However, in response to the final rule’s release, Epic issued a statement saying that it would focus on “standards-based scope for meaningful interoperability.”

 

Five Healthcare Industry Changes to Watch in 2020

https://www.managedhealthcareexecutive.com/news/five-healthcare-industry-changes-watch-2020

Innovation

Industry experts expect significant changes to shake up the healthcare landscape in the next few years, which will affect both health insurers and providers. Many are the result of a shift toward value-based care, a move toward decreased care in hospital settings, technological advances, and other forces.

Here’s a look at what can payers and providers can expect to occur, why each change is occurring, and how payers and providers can prepare for each change:

1. A shift in healthcare delivery from hospital to ambulatory settings

Healthcare delivery will continue to move from inpatient to outpatient facilities. “More surgeries and diagnostic procedures that historically have required an inpatient hospital stay can now be performed more safely and efficiently in an outpatient setting,” says Stephen A. Timoni, JD, an attorney and partner at the law firm Lindabury, McCormick, Estabrook & Cooper, in Westfield, New Jersey, who represents healthcare providers in areas of reimbursement and managed care contracting. A growing volume of outpatient care will be provided in ambulatory surgery centers, primary care clinics, retail clinics, urgent care centers, nurse managed health centers, imaging facilities, emergency departments, retail clinics, and patients’ homes.

This change is occurring as the result of clinical innovations, patient preferences, financial incentives, electronic health records, telemedicine, and an increased focus on improving quality of care and clinical outcomes. “The upward trend in value-based payment models is also influencing this shift, with the goal of reducing the cost of care and improving the overall patient experience,” Timoni says.

Payers and providers can prepare for this shift by analyzing and forecasting the cost and reimbursement implications of providing care in outpatient settings compared to inpatient settings. They should continue to analyze changing patient demographics, consumer preferences, and satisfaction trends, Timoni says. Collecting and analyzing data regarding quality and clinical outcomes as the result of changes in delivery of care from inpatient to outpatient is also key. Healthcare providers should develop effective strategies to grow capacity and infrastructure for outpatient services and invest in innovative mobile technologies, diagnostic tools, and telemedicine systems.

2. Consolidation will continue industry wide

More healthcare entities will continue to merge together. “Even though the number of available partners for transactions is shrinking, new deals pop up all the time because smaller entities are being targeted or entities that had been holding out are now changing their position,” says Matthew Fisher, JD, partner and chair of the Health Law Group at Mirick O’Connell, a law firm in Westborough, Massachusetts. Increased consolidation will result in higher healthcare prices as larger sized institutions use their size to their advantage. Another impact will be narrowing the field of contracting options, which will result in greater dominance by fewer entities in a market.

This change is occurring because industry stakeholder believes that consolidation is the way to survive in a healthcare landscape still being shaped by the ACA. “The belief is that value-based care models require single unified entities as opposed to more contractual-based ventures to succeed,” Fisher says. Another factor is that momentum for consolidations across the industry has continued to build and no player wants to be left behind.

Along these lines, Timoni says that consolidation has been motivated by the evolving and challenging commercial and government reimbursement models which include lower fee-for-service payment rates, value-based payment components, and incentives to move care from inpatient to outpatient settings. “Basic economic theory suggests that consolidation of hospitals and physicians enables these combined providers to charge higher prices to private payers as the result of a lack of competition,” Timoni says. “Likewise, combined insurers are able to charge higher premiums to their subscribers.”

Payers and providers can prepare for this change by evaluating their operations and determining whether consolidation with another entity is advantageous. “This requires assessing an entity’s operations and the risks of consolidation,” Fisher says.

Timoni advises payers and providers to monitor the consolidation landscape and develop effective merger and acquisition strategies. These strategies should focus on optimizing economies of scale to reduce costs and finding the best partners to achieve improved quality of care and effectively manage population health.

3. Protecting data privacy

Ongoing attention will be given to protecting the privacy of healthcare data. New laws, at both the federal and state levels, will be considered that could introduce new regulatory requirements, Fisher says.

While a federal law in an election year may be doubtful, individual states are proceeding. The California Consumer Protection Act (CCPA), intended to enhance privacy rights and consumer protection, will become effective in 2020, for example. Even though the CCPA doesn’t cover all healthcare data, healthcare organizations will still collect additional information that could be subject to CCPA, which means more compliance obligations, Fisher says. Other states are considering how to jump on the privacy legislation bandwagon, which means that regulatory requirements will increase. “Even in the absence of legislation, payers and providers can expect individuals to assert concerns and use public pressure to drive increased attention to privacy issues,” Fisher says.

Meanwhile, debates around what is meant by privacy continue to evolve, Fisher continues. A backlash against the non-transparent sharing of healthcare data and arguable profiteering is creating anger among patients and other groups. Simultaneously, data breaches continue to be reported on a daily basis. Add in that healthcare is a prime target, and all of the factors point to healthcare needing to do more to protect data.

Payers and providers can embrace increased data privacy by focusing on existing compliance efforts, which will require taking time to better understanding HIPAA. “Ignoring or only making superficial efforts to respect data privacy is insufficient,” Fisher says. “Merely doing what is legally permissible may not be good enough.”

4. Consumerization of healthcare

As patients assume more financial responsibility for their healthcare costs due to higher premiums, co-pays, co-insurance, and deductibles, they have become more concerned with the value of the care they receive as well as cost. Patients will likely demand improved access to clearer benefits, billing, and network information to improve transparency, says Brooks Dexter, MBA, Los Angeles-based managing director and head of the healthcare M&A advisory practice at Duff & Phelps, a global consultancy firm.

“Healthcare providers must follow suit to meet value expectations and deliver more consumer-friendly services or may risk losing market share to innovative new healthcare arrangements, such as direct primary care, which offer convenient and quality care with simplified medical billing,” Dexter says. Some ways to do this are to offer better patient portals, expanded hours, improved access, and clear procedure pricing. Despite the trend, payers and providers will most likely continue to resist CMS’ efforts to force greater cost transparency by requiring hospitals to post payer-specific negotiated charges for common services that can be shopped.

Furthermore, Peter Manoogian, principal at ZS, a consulting firm focused on healthcare in Boston, says that the voices of older adults will become comparatively louder as this rapidly growing segment becomes more tech-savvy. The Trump Administration supports increased use of Medicare Advantage and expanding consumer choices. Plan options will reach a record high this year and create an unprecedented amount of choices for this population. The average number of plans a beneficiary has access to this year will be 28, up by a whopping 50% from 2017. What’s more, new entrants that boast a customer-driven approach such as Oscar Health are entering the fray in major markets such as New York and Houston.

Health plans need to be laser focused on improving their understanding and engagement of their customers—who are evolving themselves. “To stay ahead of the change, health plans need access to the right data coupled with leading-edge analytics and technology to continuously mine insights on what members are seeking in their healthcare experience, how patients and providers interact throughout their healthcare journey, and how to meet the needs of future healthcare customers,” Manoogian says.

Health plans will need to take more of a retail focus than what they’re accustomed to, Manoogian says. The bar for providing a great experience and retaining members will also increase.

5. More technological innovations will emerge

Technological innovation will continue to dramatically and rapidly change the manner in which healthcare is delivered, resulting in more personalized care, improved clinical outcomes and patient experience, and overall quality of life. “Information systems, mobile technology, high-tech digital devices, and electronic medical records will allow payers and providers to accurately measure clinical outcomes and effectively manage the continuum of medical care and their population’s overall health,” Timoni says.

One specific way that care will change is that providers will start seeing telehealth play a more critical role in care delivery as the brick-and-mortar, in-person care model becomes less common. “Telehealth will grow past a nice-to-have tool into a standard of care, particularly for low-risk and predictable appointments,” says Cindy Gaines, MSN, RN, clinical leader, Population Health Management, Philips, a company focused on transforming care through collaborative health management in Alpharetta, Georgia. This transformation will enable providers to better tailor their care to patients’ unique needs, while increasing patient autonomy and engagement.

Technological innovations are occurring due to booming private sector interest and investment in medical technology innovation. “Patients are demanding real-time health information, personalized medicine, higher quality of care, and convenient treatment options,” Timoni says. “Payers are demanding more detailed and expansive outcomes data to scientifically manage the reimbursement system to lower costs and improve their subscribers’ health. The medical and information technology fields are attracting more high-skilled workers, who will continue to drive innovation to new levels as long as investor interest is sustained.”

Regarding the increased use of telehealth, Gaines says that many appointments that occur in a hospital today can take place outside of the hospital. And, as the healthcare industry increasingly moves toward value-based care, providers need to extend their line-of-sight outside of a hospital’s four walls. For example, a low-risk follow-up appointment after an operation is usually mostly dialogue and has a predictable outcome—it could be conducted electronically. “By filling up hospitals with visits that could occur virtually, it makes it harder for patients who need face-to-face healthcare access to get it,” she says.

A lack of insurance coverage is a major impediment to telehealth adoption for most health systems. Therefore, providers should pair guaranteed reimbursement opportunities with change management workflows to advance these efforts, Gaines says. They would also be smart to leverage their patients’ everyday devices to manage their care, whether it’s on their smart phone, a fitness watch, or voice assistant.

To embrace technological innovation, payers and providers must continue to be educated and aware of the expanding medical technology landscape and develop technology investment and deployment strategies. “Consider investing and participating in technology venture capital funds and partnering with private sector technology manufacturers and research institutions,” Timoni says.

 

 

 

5 trends and issues to watch in the insurance industry in 2020

https://www.fiercehealthcare.com/payer/top-5-trends-and-issues-to-watch-insurance-industry-2020

Image result for 5 trends and issues to watch in the insurance industry in 2020

The insurance industry appears likely to have another big year in 2020, as growth in government and commercial markets is expected to continue.

But a presidential election and new transparency initiatives could throw some major curveballs to payers.

Here are the top five issues and trends to watch out for in the next year:

Medicare Advantage diversifies

Enrollment growth in Medicare Advantage is likely to continue next year, as more than 22 million Medicare beneficiaries already have a plan. But what will be different is diversification into new populations, especially as insurers pursue dually eligible beneficiaries on both Medicare and Medicaid.

“This is being made possible because of strong support from government,” said Dan Mendelson, founder of consulting firm Avalere Health.

Support for Medicare Advantage “transcends partisanship and that has been true under Trump and Obama,” he added.

New benefit designs, such as paying for food or transportation to address social determinants of health, are also going to increase in popularity. The Centers for Medicare & Medicaid Services (CMS) has made it easier for plans to offer such supplemental benefits.

Get ready for transparency, whether you like it or not

This past year saw CMS release a major rule on transparency that forces hospitals to post payer-negotiated rates starting in 2021 for more than 300 “shoppable” hospital services.

The rule, which is being contested in court, could fundamentally change how insurers negotiate with hospitals on how to cover those services. The rule brings up questions about revealing “private information for the sake of transparency,” said Monica Hon, vice president for consulting firm Advis.

But it remains unclear how the court battle over the rule, which has garnered opposition from not just hospitals but also insurers, will play out. Hospital groups behind the lawsuit challenging the rule have had success getting favorable rulings that struck down payment cuts.

“I think there is going to be a lot of back and forth,” Hon said. “Whatever the result is that will impact how payers and providers negotiate rates with this transparency rule.”

Don’t expect major rules in 2020

2020 is a presidential and congressional election year, and traditionally few major initiatives get going in Congress. But experts say the same goes for regulations as administrations tend not to issue major regulations in the run-up to the vote in November, said Ben Isgur, leader of PwC’s Health Research Institute.

“What we will end up with is much more change on regulations on the state side,” Isgur said.

But new regulations on proposals that have been floated could be released. Chief among them could be a final rule to halt information blocking at hospitals and a new regulation on tying Medicare Part B prices for certain drugs to the prices paid in certain countries.

Congressional lawmakers are still hoping to reach a compromise on surprise billing, but they don’t have much time before campaigning for reelection in November.

A lot of the healthcare direction will be set after the presidential election in November. If a Democrat defeats President Donald Trump, then waivers for items like Medicaid work requirements and block grants will likely go by the wayside.

“Depending on who takes the White House and Congress, are we going to further repeal the Affordable Care Act and replace it or will we have Medicare for All,” Isgur said.

Insurers continue to go vertical in dealmaking

Insurers certainly weren’t shy about engaging in mergers and acquisitions in 2019, and that trend doesn’t appear likely to dissipate next year.

But the types of mergers might be different. Insurers and providers are increasingly looking at deals that would offer a vertical integration, such as acquiring more pharmacy services or a technology company to enhance the patient experience. Plenty of big-ticket vertical deals, such as CVS’ acquisition of Aetna and Cigna’s purchase of Express Scripts, have changed the industry landscape significantly.

“Deals in 2020 are going to be much more around the identity,” Isgur said. “Five years ago we had a lot of horizontal deals where health systems got bigger and regional payers got bigger.”

Payers continue to push patients away from hospitals

Insurers are going to try to find new ways to push patients toward outpatient services to avoid higher costs from going to a hospital.

For instance, “we are seeing a lot of payers not going to honor hospital imaging,” said Hon. “A lot of payers are saying we want you to go outside the hospital and that is a lot cheaper for us,” she said.

Instead, payers will try to steer patients toward imaging centers or physicians’ offices.

“We are seeing that with imaging and free-standing surgical centers now being able to do a lot more,” she added.

Insurers are also starting to use primary care more proactively to “ensure that they understand the needs of the patient, their needs are being addressed,” Mendelson said.

 

 

 

Federal investigators probe Ascension, Google project

https://www.beckershospitalreview.com/cybersecurity/federal-investigators-probe-ascension-google-project.html

Image result for nightingale project

The Office of Civil Rights of HHS is asking for more information about Google’s “Project Nightingale” with St. Louis-based Ascension, according to a Nov. 12 The Wall Street Journal report.

Investigators “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented,” OCR Director Roger Severino told WSJ.

Ascension and Google partnered last year to gather and share patient information to create healthcare solutions. Physicians and patients from 21 Ascension locations were not informed that information was being shared with Google. It is estimated that Google will gather data on 50 million patients.

Patient data that is being secretly shared with Google includes lab results, diagnoses and hospitalization records, reports WSJ. In some instances, Google has access to patients’ complete health history, including names and dates of birth. 

Although Ascension employees have questioned the ethical and technological ways Google is gathering data, privacy experts said it appears to be acceptable under federal law. Hospitals are generally allowed to share data with business partners without informing patients if the information is used “only to help the covered entity carry out its healthcare functions.”

An Ascension spokesperson said patient data wouldn’t be used to sell ads, reports WSJ.

“We are happy to cooperate with any questions about the project. We believe Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security and usage,” a spokesperson for Google said in a statement to WSJ.

Legislators on Nov. 12 also commented on the project. Presidential hopeful Sen. Amy Klobuchar of Minnesota said that there needs to be government oversight for the amount of data Google is handling, adding there are “very few rules of the road in place regulating how it is collected and used.”

Google has mapped out plans to develop a search tool that would aggregate patient data into a central location. Ascension physicians would then be able to use the tool to more quickly access patient information.

Ascension leader Eduardo Conrado, executive vice president of strategy and innovations for Ascension, shared his reactions to the WSJ Nov. 11 report on Project Nightingale on Nov. 12. Find his commentary here.

 

 

 

Healthcare’s number one financial issue is cybersecurity

https://www.healthcarefinancenews.com/node/139027?mkt_tok=eyJpIjoiTURRMk1tVTFaVE15TkRjMiIsInQiOiJPNUYydDU5cFVodjB4bnlnb2M0eVhDNjg2YU53NDl6MWFRQlVpUEpmTzV5cEcrVVZMWldhd1AzbHNlckIwUWJHczlhOVRMZUxxSngyWk02VVhXTktXRjN1OE9mbkQ2V2FhQlBqVFIzOWpMS0pNUEdCYWh0SUQyZWZHRmpBQjRFWiJ9

Image result for hospital cybersecurity

The cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity and reputation.

Cyber attacks affect the finances of every hospital and insurer like no other.

“I’ve seen estimates of over $5 billion in costs to the healthcare industry annually,” said Lisa Rivera, a partner at Bass, Berry and Sims who focuses on healthcare security. “That’s enormous and is not going away.”

Beyond the cost to find a solution to fix breaches and to settle any civil complaints are fines from the Department of Health and Human Services Office of Civil Rights. In 2018, OCR issued 10 resolutions that totalled $28 million.

The HHS Office of Civil Rights is stepping up breach enforcement of private health information, according to Rivera, who is a former assistant U.S. Attorney and federal prosecutor handling civil and criminal investigations for the Department of Justice.

What officials want to see is that the hospital or insurer has taken reasonable efforts to avoid a breach.

“There is no perfect cybersecurity,” Rivera said. “They say it’s not perfection, it’s reasonable efforts. That’s going to require an investment up-front to see where data is located, and educating the workforce on phishing incidents.”

Also, hospital finance professionals who are relying more on contractors for revenue cycle management and analytics should take note on the security issues involved in sharing this information.

“Every sector of business has attacks, but healthcare is experiencing the largest growth of cyber attacks because of the nature of its information,” Rivera said. “It’s more valuable on the dark web.”

It’s also not easily fixed.

If an individual’s credit card is stolen, the consumer can cancel his or her credit card. But in health records, the damage is permanent.

THE IMPACT

Despite the number of breaches, healthcare has been behind other sectors in taking security measures. Four to seven percent of a health system’s IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry, according to Rivera.

Hospitals are behind because first, it’s a challenge to keep up with the move to more information being in electronic form.

“There’s no hospital that doesn’t have mobile EHR information,” Rivera said. “Then there was this transition with incentives from the government to go to electronic medical records. There were vast routes to doing that without a lot of experience involved in doing it. The push to become electronic began happening with this enormous uptick in cyber attacks.”

Also, the focus of healthcare has always been patient care. The population health explosion also involves the sharing of information.

And consolidation across the healthcare industry can potentially make covered entities more vulnerable to lapses in security during the transition and integration phases.

RECOMMENDATIONS

The number one way to cut costs is to prevent a breach. Once one has happened, hospitals must be able to identify it as soon as possible and then be able to respond to it.

Hospitals should be able to determine where certain data goes off the rail, Rivera said. For instance, large systems doing research have outcome information that may not be within the system of protection.

“You don’t want to learn about a data breach because the FBI saw it on the dark web,” Rivera said. And some hospitals have.

It’s a constant battle of software updates and checks. Criminals are pinging systems thousands of times a day. It’s like locking down doors and windows.

The first thing that’s needed for systems large and small is a risk assessment. This is the first thing the OCR wants to see, she said. Many hospitals use an outside vendor to do the job.

Prices for other cybersecurity measures vary from a software purchase that could be in the millions, to having vendor monitoring.

But the cost of a healthcare breach is about $408 per patient record and that doesn’t include the loss of business, productivity, reputation and the service disruption.

Hospitals can also purchase cyber insurance, which varies in cost and coverage. Some obtain it for purposes of class action lawsuits.

THE LARGER TREND

OCR enforcement activity during 2018 demonstrates the agency’s continued emphasis on enforcing violations of the security risk assessment and risk management requirements, Rivera said.

Covered entities and business associates are required to: conduct a thorough assessment of the threats and vulnerabilities across the enterprise;    implement measures to reduce known threats and vulnerabilities to a reasonable and appropriate level; and ensure that any vendor or other organization accessing or storing private health information is security compliant.
The OCR concluded 2018 with an all-time record year for HIPAA enforcement  activity. The OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This surpassed the previous record of $23.5 million from 2016.

In addition, OCR also achieved the single largest individual HIPAA settlement  of $16 million with Anthem, representing a nearly three-fold increase over the previous record settlement of $5.5 million in 2016. Anthem was held responsible for cyber attacks that stole the protected health information of close to 79 million people.