Susan Ladika

With health care now one of the industries most often targeted by hackers, the National Association of Insurance Commissioners (NAIC) is moving to strengthen the security of health insurance information with the Insurance Data Security Model Law. The model legislation was unveiled earlier this year in hopes that it will establish standards in 2017 for laws and regulations governing data security and for investigations of data breaches.

Alex Heid

In many cases, employees’ awareness of cybersecurity is poor, making them easy targets for phishing and other schemes, says Alex Heid of Security-Scorecard.

Health care ranked ninth in terms of its cybersecurity in a recent report by SecurityScorecard, a company that provides risk monitoring and security ratings. The health care industry is widely infected with malware and has come under repeated ransomware attacks, says the New York City startup, which analyzed more than 700 health care companies. “A lot of data in the [health care] industry can be used for identity theft and insurance fraud,” says Alex Heid, SecurityScorecard’s chief research officer, noting that patient records often include Social Security numbers and birth dates. Compared with an industry such as financial services, “health care seems to be a softer target. There are fewer defenses for the same amount of data,” he adds.

So far this year, more than 850 data breaches across all industries it tracks have been reported, involving nearly 30 million records, according to the Identity Theft Resource Center, a not-for-profit organization in San Diego. More than a third of those breaches—and nearly half of the records—involve the medical and health care industry. Major incidents involved Centene and Washington State’s Medicaid program.

A group of 14 health, life, and property insurers and distributors wrote Adam Hamm, head of the NAIC’s Cybersecurity Task Force, calling for the model law to serve as the “sole data security and breach notification law applicable in a state,” InsuranceNewsNet reported.

More than three quarters of the health care industry has been affected by malware, SecurityScorecard reports. Ransomware has become a reality: Hollywood Presbyterian Medical Center in Los Angeles paid out $17,000 to hackers this year to regain access to its data. In many cases, employees’ awareness of cybersecurity issues was poor, says Heid, making them more likely to fall for phishing and other schemes that get around computer security. Security “really needs to be ingrained into the company’s culture,” he says.

Managed Care’s Top Ten Articles of 2016

There’s a lot more going on in health care than mergers (Aetna-Humana, Anthem-Cigna) creating huge players. Hundreds of insurers operate in 50 different states. Self-insured employers, ACA public exchanges, Medicare Advantage, and Medicaid managed care plans crowd an increasingly complex market.

Major health care players are determined to make health information exchanges (HIEs) work. The push toward value-based payment alone almost guarantees that HIEs will be tweaked, poked, prodded, and overhauled until they deliver on their promise. The goal: straight talk from and among tech systems.

They bring a different mindset. They’re willing to work in teams and focus on the sort of evidence-based medicine that can guide health care’s transformation into a system based on value. One question: How well will this new generation of data-driven MDs deal with patients?

The surge of new MS treatments have been for the relapsing-remitting form of the disease. There’s hope for sufferers of a different form of MS. By homing in on CD20-positive B cells, ocrelizumab is able to knock them out and other aberrant B cells circulating in the bloodstream.

A flood of tests have insurers ramping up prior authorization and utilization review. Information overload is a problem. As doctors struggle to keep up, health plans need to get ahead of the development of the technology in order to successfully manage genetic testing appropriately.

Having the data is one thing. Knowing how to use it is another. Applying its computational power to the data, a company called RowdMap puts providers into high-, medium-, and low-value buckets compared with peers in their markets, using specific benchmarks to show why outliers differ from the norm.
Competition among manufacturers, industry consolidation, and capitalization on me-too drugs are cranking up generic and branded drug prices. This increase has compelled PBMs, health plan sponsors, and retail pharmacies to find novel ways to turn a profit, often at the expense of the consumer.
The development of recombinant DNA and other technologies has added a new dimension to care. These medications have revolutionized the treatment of rheumatoid arthritis and many of the other 80 or so autoimmune diseases. But they can be budget busters and have a tricky side effect profile.

Shelley Slade
Vogel, Slade & Goldstein

Hub programs have emerged as a profitable new line of business in the sales and distribution side of the pharmaceutical industry that has got more than its fair share of wheeling and dealing. But they spell trouble if they spark collusion, threaten patients, or waste federal dollars.

More companies are self-insuring—and it’s not just large employers that are striking out on their own. The percentage of employers who fully self-insure increased by 44% in 1999 to 63% in 2015. Self-insurance may give employers more control over benefit packages, and stop-loss protects them against uncapped liability.