Mark D. Abruzzo, J.D.

Mark D. Abruzzo, J.D.

In Managed Care's November 1999 issue, Al Lewis, president of the Disease Management Association of America, wrote about potential pitfalls facing DM. One identified by Lewis was state privacy laws, a topic that merits further attention.

When the Health Insurance Portability and Accountability Act became law in 1996, it was the most sweeping health care legislation in decades. We haven't felt the full brunt of it yet.

HIPAA covers broad categories that include provisions for health insurance coverage portability when employees lose or change jobs. It also expands the scope for fraud-and-abuse investigations.

However, the part of the law that has been simmering on the back burner — "administrative simplification" — is going to envelop the entire health care industry in a little more than two years.

Administrative simplification requires all health care organizations — including HMOs, physicians groups, and clearinghouses — to use specific computer technology that is standard to all.

It standardizes transactions between physicians, payers, and the government — covering such things as health care claim encounter information, enrollment and disenrollment data, eligibility and referral activity, and premium payments.

Implementation will be painful and expensive for all involved. Short-term pain and suffering, however, should yield long-term benefits of reduced costs and improved quality for our health care system.

One pothole along the road to standardization is violations of privacy. On Nov. 3, 1999, the U.S. Department of Health and Human Services proposed a rule containing standards to protect privacy of health information covered under HIPAA.

The proposal includes provisions for security when exchanging the information, and more provisions that would guarantee the privacy of health information.

Information needed

Privacy, insofar as DMAA is concerned, however, is where problems begin to mount. DM programs need access to information, plain and simple. Privacy guarantees that impair such accessibility can have a crippling effect on the process.

DMAA lobbied Congress intensely last summer and its efforts may have paid off. Privacy protections under the proposed rule do not extend to health care management of the individual through risk management, case management, and disease management.

Each of these is considered an extension of patient treatment under the rule. Information, in turn, may be used and disclosed in furtherance of patient treatment.

The rule is proposed, however — not final. HHS is accepting comments from the public right now pertaining to the proposal (the department is being besieged, actually) and it will review those comments before making the rule final with or without modification.

DMAA, rest assured, will do everything in its power to be sure that there is no modification with respect to carveouts.

Enter state statutes

Unfortunately, the proposed federal privacy rule does not preempt more stringent state statutes that relate to the privacy of health information. Preemption is a major issue under the rule, and is likely to be the topic of considerable debate in the future because the rule includes many exceptions to preemption.

Most states have privacy laws. Few, however, address privacy within this context. This figures to change in a hurry. In 1999 alone, lawmakers in 35 states introduced more than 300 bills relating to the confidentiality of medical records.

In 1999, California passed legislation that allows access to patient information by DM programs only after receiving authorization by treating physicians.

DMAA views the physician authorization requirement as a substantial impediment to its purpose and, undoubtedly, hopes that other states choose to follow the proposed federal rule.

Whether states choose to emulate the federal law or enact legislation along the lines of California's law remains to be seen. In making the decision, they'll no doubt be forced to weigh the importance of patient privacy rights against the public need for proactive programs that are designed to improve overall health and reduce costs.

Different ball game

DMAA successfully lobbied Congress, but lobbying successfully at the state level would be a different, more difficult, ballgame. A more likely scenario would have the DMAA hoping that most state legislation falls in line with the federal rule.

The DMAA would then have to resort to lobbying medical societies in those states, such as California, where physician authorization is required for access.

Still, I don't share the DMAA's gloom that state statutes like California's are terrible obstacles. At the present time, most states have broad physician-patient privacy statutes. Patient authorization for access to records is common, however.

For example, physicians — as a condition of treatment — generally require patient authorization to submit patient information to insurers in connection with the reimbursement process.

This is nothing more than formality. Is the DMAA's contention that physicians don't want to deal with the hassle of authorization or that they would rather not provide authorization for financial or other reasons?

Frankly, I don't see either as a viable concern for the DMAA. In any event, it's my hope that this doesn't become a widespread issue and that the majority of states will support disease management and follow the federal rule.

Mark D. Abruzzo, J.D., specializes in health care law at the Berwyn, Pa.-based law firm of Wade, Goldstein, Landau & Abruzzo.

Managed Care’s Top Ten Articles of 2016

There’s a lot more going on in health care than mergers (Aetna-Humana, Anthem-Cigna) creating huge players. Hundreds of insurers operate in 50 different states. Self-insured employers, ACA public exchanges, Medicare Advantage, and Medicaid managed care plans crowd an increasingly complex market.

Major health care players are determined to make health information exchanges (HIEs) work. The push toward value-based payment alone almost guarantees that HIEs will be tweaked, poked, prodded, and overhauled until they deliver on their promise. The goal: straight talk from and among tech systems.

They bring a different mindset. They’re willing to work in teams and focus on the sort of evidence-based medicine that can guide health care’s transformation into a system based on value. One question: How well will this new generation of data-driven MDs deal with patients?

The surge of new MS treatments have been for the relapsing-remitting form of the disease. There’s hope for sufferers of a different form of MS. By homing in on CD20-positive B cells, ocrelizumab is able to knock them out and other aberrant B cells circulating in the bloodstream.

A flood of tests have insurers ramping up prior authorization and utilization review. Information overload is a problem. As doctors struggle to keep up, health plans need to get ahead of the development of the technology in order to successfully manage genetic testing appropriately.

Having the data is one thing. Knowing how to use it is another. Applying its computational power to the data, a company called RowdMap puts providers into high-, medium-, and low-value buckets compared with peers in their markets, using specific benchmarks to show why outliers differ from the norm.
Competition among manufacturers, industry consolidation, and capitalization on me-too drugs are cranking up generic and branded drug prices. This increase has compelled PBMs, health plan sponsors, and retail pharmacies to find novel ways to turn a profit, often at the expense of the consumer.
The development of recombinant DNA and other technologies has added a new dimension to care. These medications have revolutionized the treatment of rheumatoid arthritis and many of the other 80 or so autoimmune diseases. But they can be budget busters and have a tricky side effect profile.

Shelley Slade
Vogel, Slade & Goldstein

Hub programs have emerged as a profitable new line of business in the sales and distribution side of the pharmaceutical industry that has got more than its fair share of wheeling and dealing. But they spell trouble if they spark collusion, threaten patients, or waste federal dollars.

More companies are self-insuring—and it’s not just large employers that are striking out on their own. The percentage of employers who fully self-insure increased by 44% in 1999 to 63% in 2015. Self-insurance may give employers more control over benefit packages, and stop-loss protects them against uncapped liability.