The Federal Employees Heath Blog (FEH Blog) by Ermer & Suter, PLLC

Cybersecurity Saturday

David Ermer–Cybersecurity–October 14, 2023October 14, 2023

From the cybersecurity policy front,

Per Cybersecurity Dive,
- Federal authorities are trying to strengthen the security of open-source software used by critical infrastructure providers in a bid to improve risk management, particularly across operational technology and industrial control system vendors.
- Critical infrastructure providers have faced heightened risks of malicious attack in recent years, both from nation-state threat actors and criminal ransomware groups, the Cybersecurity and Infrastructure Security Agency and other federal agencies said Tuesday in an open-source security guide.

Forbes tells us about the top ten cybersecurity trends In 2024 that everyone must be ready for now.

From the cybersecurity vulnerabilities and breaches front,

Cyberscoop reports,
- “Distributed denial of service attacks just keep getting bigger. On Tuesday, a coalition of tech giants revealed the biggest one yet, a DDoS campaign from August that compressed a month’s worth of Wikipedia traffic into a two-minute deluge and exploited a flaw in the fundamental technology powering the internet to do it.
- “At its peak, the DDoS campaign described by Google, Cloudflare and Amazon AWS reached more than 398 million requests per second (RPS) — more than eight times larger than the biggest DDoS attack previously observed by Google, which clocked in at 46 million RPS, according to the firm. The new attack uses a novel method that exploits a zero-day vulnerability dubbed “HTTP/2 Rapid Reset,” which takes advantage of the protocol that manages how computers request data from websites.
- “For a sense of scale, this two-minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023,” Google said Tuesday.
- “The DDoS attacks using the vulnerability have been ongoing since August and have targeted major infrastructure providers like Google Cloud, Cloudflare and Amazon Web Services.”

The Cybersecurity and Infrastructure Security Agency added five known exploited vulnerabilities to its catalog on Tuesday, October 10, 2023.

From the ransomware front,

Per Cybersecurity Dive,
- “Threat actors can break into an organization’s infrastructure to initiate ransomware attacks in many ways, but vulnerability exploits remain an effective and productive tool for financially-motivated cybercriminals, data from the Cybersecurity and Infrastructure Security Agency shared Thursday illustrates.
- “Nearly 1 in 5 exploited common vulnerabilities and exposures (CVE) are also known to be used in ransomware attacks, according to CISA’s Known Exploited Vulnerabilities Catalog.
- “The database of 1,019 exploited CVEs, some dating back to 2002, was updated Thursday to include those with known ransomware exploits. At least 184 CVEs have known use in ransomware attacks, according to CISA.
- “Of those, more than 2 in 5 of the vulnerabilities exploited by threat actors to conduct ransomware are linked to Microsoft products, which are ubiquitous in the enterprise.”

Here’s a link to the referenced CISA report, which was released on October 12, 2023.

CISA “released [on October 11, 2023] a joint Cybersecurity Advisory (CSA), #StopRansomware: AvosLocker Ransomware (Update) to disseminate known indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023.”

HHS’s Healthsector Cybersecurity Coordination Center (HC3) issued an Analyst Note on NoEscape Ransomware on October 12.
- “A relatively new threat actor and ransomware to the cybercriminal community, NoEscape ransomware emerged in May 2023, but is believed to be a rebrand of Avaddon, a now-defunct ransomware group shut down in 2021. Unlike many of its contemporaries, however, the unknown developers of this ransomware claim that in lieu of using source code or leaks from other established ransomware families, they have constructed their malware and its associated infrastructure entirely from scratch. Using unique features and aggressive multi-extortion tactics, in just under a year, it has targeted multiple industries, including the Healthcare and Public Health (HPH) sector. Their recent activities highlight the prominence and influence they have as a Ransomware-as-a-Service (RaaS) group. What follows is an overview of the group, possible connections to the Avaddon threat group, an analysis of NoEscape’s ransomware attacks, its target industries and victim countries, sample MITRE ATT&CK techniques, and recommended defense and mitigations against the ransomware.”

Bleeping Computer’s The Week in Ransomware” returned this week.
- Researchers and government agencies released some interesting news this week:
  - “A new Q3 2023 Ransomware Trends Summary shows that ransomware continues to explode, with Q3 being the most successful quarter ever recorded.
  - “The FBI shared technical details, defense tips, and IOCs for the AvosLocker ransomware, which has not been active lately.
  - “Ransomware attacks have now started to target unpatched WS_FTP servers. However, these attacks are more encryption-focused rather than for data theft.”

From the cybersecurity defenses front.

HC3 offers a PowerPoint on cybersecurity incident response plans.

Forbes points out the top 10 cybersecurity trends to prepare you for next year and explains why 18 factors and metrics can prove the value of cybersecurity initiatives.

Health IT Security reports on three best practices for maturing healthcare third party risk management.

An ISACA expert delves into “Quantum-Resistant Cryptography.”
- “Crypto-agility was introduced in this year’s Gartner Hype Cycle, an annual analysis released for data security and emerging technologies. Gartner added both crypto-agility and post-quantum cryptography for the first time this year. The presence of data-in-use technologies in the Hype Cycle reflects the focus on data-in-transit security.
- “It is imperative that organizations watch this space closely and upgrade encryption algorithms used in real time, because sovereign data strategies and digital communications governance are crucial areas to develop. In fact, CISA (Cybersecurity and Infrastructure Security Agency) was already urging organizations to prepare for the dawn of this new age in August.”

Friday Factoids

David Ermer–Congress, FDA, Federal employment benefits, Medical / Rx research, OPM, SDOH, U.S. Healthcare–October 13, 2023October 13, 2023

From Washington DC

The Wall Street Journal reports,
- “House Republicans chose Rep. Jim Jordan (R., Ohio) as their nominee for speaker, but it remained uncertain whether the fiery ally of former President Donald Trump could avoid the fate of Steve Scalise (R., La.), who also won an internal ballot but then failed to win enough broad party support to claim the gavel. * * *
- “House Republicans will now break for the weekend with a plan to bring a vote on elevating Jordan to the speakership once they get back, giving him a few days to win over his critics.
- “I think I can unite the conference,” Jordan said, with supporters pointing to his popularity among grass-roots Republicans.”

Govexec informs us,
- “A bipartisan pair of senators on Thursday proposed legislation that would codify federal employees’ use of remote work in federal law, as well as establish stronger reporting and training requirements for telework and authorize the noncompetitive hiring of military and law enforcement spouses into remote work positions.
- “The Telework Reform Act (S. 3015), introduced by Sens. James Lankford, R-Okla., and Kyrsten Sinema, I-Ariz., codifies the Office of Personnel Management’s administratively determined definitions of telework and remote work—including the requirement that teleworkers commute to their traditional worksite at least twice per pay period—and institutes a barrage of new reporting requirements for agencies.”

The Department of Health and Human Services tells us,
- “HHS and Pfizer have reached an agreement that extends patient access to Paxlovid, maximizes taxpayer investment, and begins Paxlovid’s transition to the commercial market in November 2023. This agreement builds on HHS and Pfizer’s strong partnership over the last three years that enabled the development, manufacture, and distribution of COVID-19 vaccines and therapeutics at a record pace.
- “HHS has consistently expressed a shared interest in jointly transitioning Paxlovid to the commercial market while ensuring that the United States taxpayer continues to receive fair and reasonable benefit from the HHS procurement of this product, with a focus on ensuring affordable access for beneficiaries in public programs like Medicare and Medicaid as well as for those who are uninsured. Per the agreement announced today, HHS and Pfizer will begin preparations for Pfizer to transition Paxlovid to the commercial market in November 2023.”

NBC News adds
- “A consensus has emerged among experts who study and treat long Covid: Paxlovid seems to reduce the risk of lingering symptoms among those eligible to take it.
- “The idea is intuitive, experts say. Paxlovid prevents the coronavirus from replicating, so researchers think it may also reduce the risk of an infection causing inflammation or organ damage, which in turn can lead to chronic illness.
- “Clinical observations and a large study published in March support that theory. Among the 282,000 people in the study who were eligible for Paxlovid, the drug was associated with a 26% lower risk of long Covid.
- “Research definitely backs up that it helps prevent lingering symptoms — it helps prevent long Covid,” said Ashley Drapeau, director of the Long Covid Clinic at the GW Center for Integrative Medicine.”

In preparation for the beginning of the Medicare Open Enrollment period on October 15, 2023, the Centers for Medicare and Medicaid Services “released the 2024 Star Ratings for Medicare Advantage (Medicare Part C) and Medicare Part D to help people with Medicare compare health and prescription drug plans * * *.

Fierce Healthcare adds,
- “Approximately 42% of Medicare Advantage plans that offer prescription drug coverage will have a star rating of four or more in 2024, marking yet another substantial decrease from 51% in 2023 and 68% in 2022.”

In FEHB open season news,

The Federal Times offers advice on how to prepare for making Open Season decisions. Surprisingly, the report does not suggest comparing summaries of benefits and coverage which are a product of the Affordable Care Act.

Federal News Network provides a helpful interview with John Hatton, a knowledgeable NARFE executive.

From the public health service front,

The New York Times reports,
- “Over the last several decades, the rates of new cases of lung cancer have fallen in the United States. There were roughly 65 new cases of lung cancer for every 100,000 people in 1992. By 2019, that number had dropped to about 42.
- “But for all that progress, a disparity is emerging: Women between the ages of 35 and 54 are being diagnosed with lung cancer at higher rates than men in that same age group, according to a report published Thursday by researchers at the American Cancer Society. The disparity is small — one or two more cases among every 100,000 women in that age range than among men — but it is significant enough that researchers want to know more.
- “The report adds to a mounting body of evidence that emphasizes the lung cancer risks for women in particular.

BioPharma Dive points out,
- “The Food and Drug Administration on Friday approved Pfizer’s Velsipity to treat ulcerative colitis, making it the second pill of its type cleared for use in inflammatory bowel disease, the company said. Velsipity enters a market with several oral and injectable drugs which block the immune response that causes the disease, including one in its class, Bristol Myers Squibb’s Zeposia.
- “Pfizer acquired the medicine through its $6.7 billion buyout of Arena Pharmaceuticals in 2021. The big drugmaker hopes Velisipity, which slows the entry of white blood cells into the bloodstream, can also work in other immune-related conditions like Crohn’s disease, alopecia areata and eczema.
- “Pfizer expects to add $25 billion in revenue by 2030 from new products acquired through biotech buyouts and licensings. The additional revenue will help cushion the company against revenue declines from its COVID-19 products as well as loss of patent protection for older drugs.”

Per Fierce Healthcare,
- “The Centers for Medicare & Medicaid Services has decided to remove the national coverage determination (NCD) that limits patients’ ability to qualify for new drugs, giving people with Alzheimer’s symptoms a better path to treating the condition.
- “The policy means that amyloid PET scans will no longer be limited and will give patients a better chance of being prescribed a drug like Leqembi or Eisai, which clears beta amyloid proteins from the brain to slow the advances of Alzheimer’s.”

The National Institutes of Health announced,
- Reducing overall calorie intake may rejuvenate your muscles and activate biological pathways important for good health, according to researchers at the National Institutes of Health and their colleagues. Decreasing calories without depriving the body of essential vitamins and minerals, known as calorie restriction, has long been known to delay the progression of age-related diseases in animal models. This new study, published in Aging Cell, suggests the same biological mechanisms may also apply to humans.
- “Researchers analyzed data from participants in the Comprehensive Assessment of Long-Term Effects of Reducing Intake of Energy (CALERIE), a study supported by the National Institute on Aging (NIA) that examined whether moderate calorie restriction conveys the same health benefits seen in animal studies. They found that during a two-year span, the goal for participants was to reduce their daily caloric intake by 25%, but the highest the group was able to reach was a 12% reduction. Even so, this slight reduction in calories was enough to activate most of the biological pathways that are important in healthy aging.
- “A 12% reduction in calorie intake is very modest,” said corresponding author and NIA Scientific Director Luigi Ferrucci, M.D., Ph.D. “This kind of small reduction in calorie intake is doable and may make a big difference in your health.”

Health IT Analytics notes,
- The American Health Information Management Association (AHIMA) announced its Data for Better Health initiative, which aims to revolutionize healthcare through the use of social determinants of health (SDOH) data, this week at the organization’s annual conference, AHIMA23.”

From the U.S. healthcare business front,

Mercer Consulting calls our attention to the “Top 10 health, leave benefit compliance and policy issues in 2024.”

Per Healthcare Dive,
- “UnitedHealth Group reported third-quarter earnings on Friday that beat Wall Street expectations as the payer posted a lower-than-feared medical loss ratio. The insurer’s stabilizing medical costs followed an unexpected surge in outpatient utilization for seniors earlier this year that spooked investors.
- “The payer’s MLR — the share of premiums spent on healthcare costs — was 82.3%. Medical costs were up compared to 81.6% last year but lower than 83.2% in the second quarter. UnitedHealth expects its medical costs to rise in the fourth quarter as patients weather seasonal illnesses and other factors, said UnitedHealth CFO John Rex on a Friday earnings call.
- “UnitedHealth raised its 2023 adjusted net earnings per share outlook by about 1% to $24.85 to $25, up from its prior projections of $24.70 to $25. The insurer reported $8.5 billion of profit on revenue of $92.4 billion for the third quarter.”

The Wall Street Journal reports,
- “Health system Kaiser Permanente reached a tentative agreement with unions that would raise wages and increase investment in staffing.
- “The deal, which the sides announced Friday, would increase wages by 21% over four years, the unions and employer said. Now, it must be ratified by the workers before terms take effect.
- “If the workers go along, the agreement would end a dispute that led to the largest healthcare labor action on record and prevent a second work stoppage at one of the biggest health systems in the U.S.”

Thursday Miscellany

David Ermer–Congress, COVID-19, Federal employment benefits, Medical / Rx research, Medicare, OPM, Rx coverage, U.S. Healthcare–October 12, 2023October 12, 2023

From Washington, DC,

The House Republicans have not settled on a new Speaker yet. Roll Call adds, “The delay in the effort to get 217 Republicans to back anyone for speaker is leading some House members to start reconsidering the idea that Speaker Pro Tempore Patrick T. McHenry is little more than a placeholder.”

This morning, the Social Security Administration announced
- “Social Security and Supplemental Security Income (SSI) benefits for more than 71 million Americans will increase 3.2 percent in 2024. * * *
- “The maximum amount of earnings subject to the Social Security tax (taxable maximum) will increase to $168,600.”

Federal News Network explains how the Social Security announcement impacts federal annuitant cost of living adjustments for 2024.

This afternoon, the Centers for Medicare and Medicaid Services announced Medicare Part B premiums for 2024 and more, e.g., income-adjusted premiums for Parts B and D.
- “The standard monthly premium for Medicare Part B enrollees will be $174.70 for 2024, an increase of $9.80 from $164.90 in 2023. The annual deductible for all Medicare Part B beneficiaries will be $240 in 2024, an increase of $14 from the annual deductible of $226 in 2023.
- “The increase in the 2024 Part B standard premium and deductible is mainly due to projected increases in health care spending and, to a lesser degree, the remedy for the 340B-acquired drug payment policy for the 2018-2022 period under the Hospital Outpatient Prospective Payment System.
- “Beginning in 2023, individuals whose full Medicare coverage ended 36 months after a kidney transplant and who do not have certain other types of insurance coverage can elect to continue Part B coverage of immunosuppressive drugs by paying a premium. For 2024, the standard immunosuppressive drug premium is $103.00.”

FedSmith shares Medicare basics for federal employees and annuitants.

Fierce Healthcare reports on a discussion of Medicare Advantage at the HLTH conference held in Las Vegas this week.

From the public health and research front,

The U.S. Preventive Services Task Force published a draft research plan on prostate cancer screening. The draft plan is open for public comment through November 8, 2023.

STAT News informs us,
- “The brain remains both the body’s most important organ and its least understood. But a draft atlas of the human brain published on Thursday gives scientists important insights into how it works and may pave the way for big advances in disease treatment and diagnosis.
- This brain map, pieced together by hundreds of researchers from San Diego to Seattle to Stockholm, is essentially a cellular “parts list” of the human brain and a guide to how those pieces are arranged and work together. Scientists say that what they’ve already learned — including a stunning diversity of cell types in the brain — and what they’ll discover in the years to come will improve our understanding of deadly neurological diseases. * * *
- “The recent findings, reported across 21 studies published in the journals Science, Science Advances, and Science Translational Medicine, offer some early clues. And there’s more to come. These papers are part of an ongoing undertaking researchers openly compare to the Human Genome Project in both its scope and ambition. That project sequenced the DNA of a dozen blood donors from Buffalo, N.Y. The new brain atlas was constructed from the brains of more than 100 people, including deceased donors and surgical patients.”

The Wall Street Journal seeks to explain the secret of living to 100 years old.
- “If you want to live to your 100th birthday, healthy habits can only get you so far.”If you want to live to your 100th birthday, healthy habits can only get you so far.
- “Research is making clearer the role that genes play in living to very old age. Habits like getting enough sleep, exercising and eating a healthy diet can help you stave off disease and live longer, yet when it comes to living beyond 90, genetics start to play a trump card, say researchers who study aging.
- “Some people have this idea: ‘If I do everything right, diet and exercise, I can live to be 150.’ And that’s really not correct,” says Robert Young, who directs a team of researchers at the nonprofit scientific organization Gerontology Research Group.
- “About 25% of your ability to live to 90 is determined by genetics, says Dr. Thomas Perls, a professor of medicine at Boston University who leads the New England Centenarian Study, which has followed centenarians and their family members since 1995. By age 100, it’s roughly 50% genetic, he estimates, and by around 106, it’s 75%.”

Beckers Clinical Research points out
- “Researchers at Boston-based Harvard Medical School and University of Oxford in England have created an AI tool to forecast which COVID-19 strains will grow in dominance, according to an Oct. 11 article in Nature.
- “The tool, called EVEscape, predicts how the virus can evolve through a model of evolutionary sequences alongside biological and structural data, according to an Oct. 11 Harvard news release. EVEscape works to forecast which future COVID-19 strains are most likely to occur.
- “Every two weeks, the researchers will release a ranking of COVID-19 variants.
- “The rankings are available here.

From the U.S. healthcare business front,

Reuters tells us,
- Shares of dialysis service providers fell sharply on Wednesday after Novo Nordisk’s Ozempic showed early signs of success in delaying the progression of kidney disease in diabetes patients.
- Colorado-based DaVita’s shares closed down about 17% and U.S.-listed shares of German rival Fresenius Medical ended 17.6% lower.
- Novo’s announcement is the latest sign of disruption caused by the success of GLP-1 drugs, which have hit shares of food companies, providers of bariatric surgery and glucose-monitoring device makers.
- FEHBlog note: That is wiggly whack.

Healthcare Dive informs us
- “Walgreens announced a 2024 earnings outlook below Wall Street expectations on Thursday, two days after announcing a new chief executive officer who the beleaguered retailer says will help with its strategic pivot to healthcare services.
- “Along with the release of its fourth-quarter earnings, Walgreens said it expects adjusted earnings per share for its 2024 fiscal year to be between $3.20 to $3.50, below the analyst consensus of $3.71, due to lower profit from COVID-19 testing and vaccines among other factors.
- “On a call with investors Thursday morning, Walgreens leadership said the Deerfield, Illinois-based retailer is focused on accelerating the profitability of its U.S. Healthcare division, which includes value-based medical group VillageMD. As part of that, Walgreens plans to close 60 underperforming VillageMD clinics next year.”

Per Beckers Hospital Review,
- “Nearly two years after Mark Cuban launched a mail-order pharmacy with low-cost medications, the entrepreneur and “Shark Tank” star has secured more than a dozen collaborators.
- “In September, Mark Cuban Cost Plus Drug Co. penned a deal with Avanlee Care, which runs an app designed to help caregivers for elderly patients. The app, called Ava, will feature an option for its users to order medications from Cost Plus Drugs. Mr. Cuban’s company also teamed up with two fertility health companies to reduce the burden of the pink tax, or inflated prices on women’s products.
- “Cost Plus Drugs has also expanded its in-person services by signing deals with pharmacies spanning multiple states and grocery chain pharmacies, such as Kroger. The affiliate network aligns Cost Plus Drugs’ pricing with medications at independent pharmacies.
- “In an insurance industry shake-up, Blue Shield of California chose Cost Plus Drugs and a few other vendors to take over services historically filled by CVS Caremark, CVS Health’s pharmacy benefit manager. Mark Cuban’s company is now a preferred pharmacy network for the insurer serving 4.8 million members.”
and
- “St. Louis-based Ascension is focused on rebounding from a $3 billion operating loss (-5.6 percent operating margin) in fiscal year 2023 amid negative outlooks from two ratings agencies.
- “Fitch Ratings recently lowered Ascension’s outlook from stable to negative while S&P Global Ratings affirmed its negative outlook for the health system.
- “Despite “real progress” to resume a more typical level of operations through significant and durable cost savings initiatives, Ascension saw a new set of operational challenges in FY 2023, Fitch said in a Sept. 26 report. The system hit its 2022 operational goals largely through improved efficiencies and contract labor and productivity initiatives, but additional challenges continued to hinder operations in FY 2023.
- “One caveat on the $3 billion operating loss is that it included a one-time, non-cash impairment loss of $1.5 billion as the carrying value of certain assets within Ascension’s markets may not be fully recoverable, according to the health system. When normalized to exclude one-time items, Ascension’s operating loss for FY 2023 was $1.39 billion (-4.9 percent margin) compared to a $1.17 billion loss (-4.2 percent margin) in FY 2022.”

Midweek Update

David Ermer–Congress, FDA, Generative AI, Medical / Rx research, OPM, Rx coverage, U.S. Healthcare–October 11, 2023October 12, 2023

From Washington, DC

Roll Call reports
- “House Majority Leader Steve Scalise’s bid for speaker was on shaky ground Wednesday as Republicans went back behind closed doors to figure out next steps even after selecting the Louisianan as their nominee during a morning conference meeting.
- “Several conservatives said they won’t support Scalise on the floor, even as his top rival for the job, Judiciary Chairman Jim Jordan, R-Ohio, is supporting him and encouraging others to do so. Instead of kicking off the formal nominating speeches and votes on the floor Wednesday after coming into session at 3 p.m., Speaker Pro Tempore Patrick T. McHenry recessed the chamber.” * * *
- “The House adjourned for the night before 7 p.m. An advisory from House Democrats said votes were “possible” Thursday, and the chamber is scheduled to gavel back into session at noon.”

On September 18, 2023, the Senate Health Education Labor and Pensions Committee will hold a hearing on the nomination of Dr. Monica Bertagnolli to be Director of the National Institutes of Health.

Govexec tells us,
- “The Biden administration on Wednesday released a new requirement for agencies throughout government to think more carefully about expanding competition through their regulatory actions.
- “President Biden has targeted antitrust trends in the economy as a key part of his domestic agenda and the White House said the new guidance will help enforce those efforts through an “all-of-government approach to competition.” The Office of Information and Regulatory Affairs document creates frameworks for agencies as they develop and analyze potential regulatory actions.
- “OIRA noted that agencies can shape markets through their regulations and urged them to draft those rules to enhance competition.”

Federal New Network explores the role of Janice Underwood, the first-ever governmentwide chief diversity officer and a senior leader at the Office of Personnel Management.

From the public health and research front,

KFF informs us,
- “Sepsis, the body’s extreme response to an infection, affects 1.7 million adults in the United States annually. It stems from fungal, viral, or bacterial infections, similar to what struck Madonna this year, although the singer never said whether she was diagnosed with sepsis. Treatment delays of even a few hours can undermine a patient’s chance of survival. Yet sepsis can be difficult to diagnose because some patients don’t present with common symptoms like fever, rapid heart rate, or confusion.
- “A Biden administration rule, finalized in August, ups the ante for hospitals, setting specific treatment metrics that must be met for all patients with suspected sepsis, which could help save some of the 350,000 adults who die of infections annually. Children, too, are affected, with some estimates that 75,000 are treated each year for sepsis, and up to 20% of them die. Hospitals that fail to meet the requirements risk losing potentially millions in Medicare reimbursement for the year.
- “Still, because the rule applies broadly, it has triggered pushback for its lack of flexibility.
- “Efforts to reduce sepsis deaths are welcome, but “where it gets controversial becomes ‘Is this the best way to do it?’” said Chanu Rhee, an infectious disease physician and associate professor of population medicine at Harvard Medical School.”

Reuters reports,
- “Novo Nordisk (NOVOb.CO) said on Tuesday it will stop a trial studying Ozempic to treat kidney failure in diabetes patients ahead of schedule because it was clear from an interim analysis that the treatment would succeed.
- “Novo said the trial would be halted almost a year early based on a recommendation from the independent data monitoring board overseeing the study. Independent monitors can recommend stopping a trial early if there is clear evidence that a drug is going to succeed or fail based on interim analyses. * * *
- “The Danish drugmaker said the trial was testing whether the widely used diabetes drug, which contains the active ingredient semaglutide, could delay the progression of chronic kidney disease and lower the risk of death from kidney and heart problems.
- “Semaglutide is also the active ingredient in Novo Nordisk’s powerful weight-loss drug Wegovy.
- “Barclays analyst Emily Field said in a note that the company’s decision affirmed the view that GLP-1 receptor agonists like Ozempic have “therapeutic benefits far beyond their original intended purpose.”
- FEHBlog note — Why then doesn’t Novo Nordisk lower the price of this apparent cure-all?
Medscape adds,
- “People taking semaglutide or liraglutide for weight management are at a higher risk for rare but potentially serious gastrointestinal issues, compared with those taking naltrexone/bupropion, according to a large epidemiologic study.
- “Patients” taking either of these glucagon-like peptide-1 (GLP-1) receptor agonists had nine times an elevated risk for pancreatitis. They were also four times more likely to develop bowel obstruction and over 3.5 times more likely to experience gastroparesis.
- “The research letter was published online today in the Journal of the American Medical Association.
- “Investigators say their findings are not about scaring people off the weight loss drugs, but instead about increasing awareness that these potential adverse outcomes can happen.
- “* * * People taking a GLP-1 agonist to treat diabetes might be more willing to accept the risks, given their potential advantages, especially for lowering the risk for heart problems, said Mahyar Etminan, PharmD, MSc, the study’s senior author and an expert in drug safety and pharmacoepidemiology at UBC. “But those who are otherwise healthy and just taking them for weight loss might want to be more careful in weighing the risk–benefit equation.”
- “People taking these drugs for weight loss have an approximately 1%–2% chance of experiencing these events, including a 1% risk for gastroparesis, Etminan said.”

The Brown & Brown consulting firm offers a four-step plan for employer action to “focus on their benefits, helping to enable employees with easy access to preventive care, early detection, navigation and support specific to breast cancer.

The New York Times points out,
- “The Food and Drug Administration issued an alert on Tuesday about the dangers of treating psychiatric disorders with compounded versions of ketamine, a powerful anesthetic that has become increasingly popular among those seeking alternative therapies for depression, anxiety, post-traumatic stress disorder and other difficult-to-treat mental health problems.”
and
- “A new AI tool diagnoses brain tumors on the operating table;
- “A new study describes a method for faster and more precise diagnoses, which can help surgeons decide how aggressively to operate.”

From the U.S. healthcare business front,

The VTDigger lets us know that following regulatory approval, “Blue Cross Blue Shield of Vermont can now move forward with an agreement that will make the Berlin-based nonprofit a subsidiary of the much larger Blue Cross Blue Shield of Michigan.”

Per Fierce Healthcare
- “Des Moines, Iowa-based UnityPoint Health and Albuquerque, New Mexico-based Presbyterian Healthcare Services are no longer working toward a merger, the systems announced Wednesday.”
and
- A new analysis finds that more pharmacists are electronically prescribing medications as they assist in managing chronic disease, which offers a peek at the next evolution in primary care.
- * * * Lynne Nowak, M.D., Surescripts’ first chief data and analytics officer, told Fierce Healthcare in an interview at HLTH that the findings highlight the potential pharmacists and other clinicians have in addressing those access gaps.
- “We’re not saying that pharmacists should be doing the job of a physician,” Nowak said. “They’re not trying to replace them, but just looking at this broader view of a care team and ensuring they’re all connected.”

STAT News reports,
- “Bruce Broussard, CEO of health insurance giant Humana, will step down next year after leading the company for more than a decade.
- “Humana named Jim Rechtin — who is the CEO of Envision Healthcare, the controversial physician staffing firm that is working its way through bankruptcy — as Broussard’s replacement. Rechtin will serve as president and chief operating officer starting Jan. 8 and then take over as CEO in the “latter half of 2024,” the company said in a news release.”

Per Healthcare Dive,
- “Walgreens has named former Cigna executive Tim Wentworth as its new chief executive officer, the retail pharmacy company announced late Tuesday.
- “Wentworth is replacing Roz Brewer a little over a month after she announced her unexpected departure from Walgreens.
- “Wentworth, who will become Walgreens CEO effective Oct. 23, is the former CEO of Express Scripts, the pharmacy benefit manager acquired by Cigna in 2018. At Cigna, he led the health services business Evernorth.”
and
- “CVS Health wants to create a “super app” connecting multiple omnichannel modalities of the healthcare experience, including benefits, delivery and retail channels, chief medical officer Sree Chaguturu said Tuesday at the HLTH conference in Las Vegas.
- “A super app is a widely adopted mobile or web application that combines multiple services in one platform. Super apps are ubiquitous in Asia, but haven’t taken off in the U.S. due to a fragmented app market, concerns about advertising revenue, the country’s payment system structure and a strict regulatory environment, according to the Harvard Business Review.”

The WTW consulting firm offers an infographic displaying the results of their employer survey of Best Practices in Healthcare.

Tuesday Tidbits

David Ermer–Medical / Rx research, Mental health care, OPM, Rx coverage, Telehealth, U.S. Healthcare–October 10, 2023October 10, 2023

October 10 is World Mental Health Day. The International Foundation of Employee Benefit Plans offers six steps toward addressing mental health in the workplace.

From Washington, DC,

The Foundation provides some basics on the final rule on imposing civil monetary penalties for violations of Medicare reporting requirements imposed on group health plans, including FEHB plans, and others. The new rule, which was released today, takes effect one year from its publication in the Federal Register.

Govexec tells us,
- “The Biden administration on Monday has begun the queue of new regions to add to the federal government’s map where federal workers are entitled to higher pay for 2025, approving a recommendation to add Clallam and Jefferson counties in Washington state to the existing Seattle-Tacoma, Washington, locality pay area.
- “The Office of Personnel Management on Monday published the President’s Pay Agent’s annual report on locality pay, the practice by which the federal government supplements its compensation to employees under the General Schedule to address pay disparities between federal workers and their private sector counterparts in a given region.
- “In this year’s report, the pay agent, which is made up of OPM Director Kiran Ahuja, Office of Management and Budget Director Shalanda Young and Acting Labor Secretary Julie Su and acts upon the recommendations of a panel of political appointees and labor leaders, approved one change to the map of locality pay regions in the form of adding Clallam and Jefferson counties to the Seattle-Tacoma locality pay area. But federal employees in line for an additional pay raise from the decision will have to wait; OPM first must craft and publish regulations implementing the pay agent’s decision, which won’t be in place until the 2025 pay raise at the earliest.”

From the public health and medical research front,

MedPage Today reports,
- “A multilevel primary care intervention that included automated electronic health record (EHR) reminders and patient outreach/navigation improved timely follow-up of overdue abnormal cancer screening test results, a cluster randomized trial showed.
- “Among nearly 12,000 patients with an abnormal screening test result for colorectal, cervical, breast, or lung cancer, completion of follow-up testing within 120 days of study enrollment was significantly higher with EHR reminders, patient outreach, and patient navigation (31.4%) and EHR reminders and patient outreach (31.0%) compared with only EHR reminders (22.7%), and usual care (22.9%), reported Steven J. Atlas, MD, MPH, of Massachusetts General Hospital in Boston, and colleagues.”

The NIH Director’s Blog discusses “Taking a Deep Dive into the Alzheimer’s Brain in Search of Understanding and New Targets.”

The Wall Street Journal informs us,
- Getting tested for Alzheimer’s disease could one day be as easy as checking your eyesight.
- RetiSpec has developed an artificial intelligence algorithm that it says can analyze results from an eye scanner and detect signs of Alzheimer’s 20 years before symptoms develop. The tool is part of broader work by startups and researchers to harness AI to unlock the mysteries of a disease that afflicts more than seven million Americans.

Per Medscape,
- “Damaged mitochondrial DNA (mtDNA) initiates and spreads Parkinson’s disease (PD) pathology, potentially opening new avenues for early diagnosis, disease monitoring, and drug development.
- “While defects in mitochondrial functions and in mitochondrial DNA have been implicated in PD in the past, the current study demonstrates “for the first time how damaged mitochondrial DNA can underlie the mechanisms of PD initiation and spread in brain,” lead investigator Shohreh Issazadeh-Navikas, PhD, with the University of Copenhagen, Denmark, told Medscape Medical News.
- “This has direct implication for clinical diagnosis” ― if damaged mtDNA can be detected in blood, it could serve as an early biomarker for disease, she explained.
- “The study was published online October 2 in Molecular Psychiatry.”

From the U.S. healthcare business front,

Healthcare Dive shares information from the HLTH conference in Las Vegas.
- “Microsoft announced a slew of new data and artificial intelligence offerings in the healthcare sector on Tuesday, including new generative AI models meant to help ameliorate administrative burden on clinicians.
- “Microsoft’s cloud division Azure is releasing new capabilities meant to free up information for clinicians. Those include patient timelines, which use generative AI to extract specific elements from unstructured data — like medication information in an electronic health record — and organize them chronologically to give a full view of a patient’s history. Another functionality, called clinical report simplification, uses generative AI to simplify clinical jargon so patients can better understand medical information.
- “The launches tie in with Microsoft’s ethos of developing high-impact but low-risk use cases for AI in healthcare, said David Rhew, Microsoft’s global chief medical officer and vice president of healthcare, in an interview at the HLTH conference in Las Vegas, where the offerings were announced.”
and
- “Walgreens plans to launch telehealth visits on its website later this month, as the retail pharmacy giant continues its strategic pivot to healthcare services.
- “Walgreens Virtual Healthcare will offer on-demand virtual consultations with providers for common medical needs and medication prescriptions.
- “Walgreens is adding direct-to-consumer virtual care because “our goal is to be the most convenient health and wellness destination, whether you’re physically in our stores or virtually in our stores,” said Tracey Brown, Walgreens’ chief customer officer and president of retail, while debuting the new offering at the HLTH conference in Las Vegas on Monday.”
and
- “Cigna’s health services division Evernorth has acquired the technology and clinical capabilities of asynchronous telehealth provider Bright.md for an undisclosed amount, the company announced on Tuesday at the HLTH conference in Las Vegas.
- “Evernorth’s telehealth business MDLive plans to start offering asynchronous care using the new capabilities within its virtual urgent care platform in 2024, and eventually expand asynchronous care to chronic disease management and wellness visits.
- “A spokesperson for the company said it was too early to share a specific timeline for the launch in virtual urgent care and the expansion to more clinical areas. Currently, more than 43 million people have access to MDLive virtual urgent care through their health plans and employers, Cigna says.”

Healthcare Finance points out,
- “Aetna is modifying its commercial policy to no longer cover certain telemedicine services starting on Dec. 1, the company said in a statement.
- “This is for audio-only and asynchronous text-based visits that were expanded under the public health emergency, the CVS subsidiary said.
- “The modifications are in line with the industry as a result of the expected PHE ending in May 2023,” Aetna said. “Telemedicine services that remain covered for Aetna Commercial plan sponsors are actually more extensive than what was provided pre-pandemic because of the access and value these services clearly bring to our members and providers.”
- “According to Aetna, currently covered telehealth services include routine care, sick visits, urgent care through walk-in clinics, prescription refills and behavioral health services.”

Reuters lets us know,
- “The number of U.S. employers who cover obesity medications, including Wegovy from Novo Nordisk that belongs to a class of GLP-1 drugs, could nearly double next year, according to a survey. The survey of 502 employers by Accolade, a company that provides healthcare programs for employers, and research firm Savanta said 43% of the employers it polled could cover GLP-1 drugs in 2024 compared to 25% that cover them now.”
- It will be helpful to the FEHB if other employers join the FEHB in covering these drugs.

Monday Roundup

David Ermer–Generative AI, Mental health care, No Surprises Act, Telehealth, U.S. Healthcare–October 9, 2023October 9, 2023

Happy Columbus Day / Indigenous Peoples’ Day

In anticipation of my residential move to Texas, which occurred in April 2022, the FEHBlog applied to waive into the Texas bar. My application was approved on June 30, 2022. (The FEHBlog remains a member of the DC Bar.)

The FEHBlog then became acquainted with the Texas Bar’s continuing legal education requirement. Last year, I took a 15-hour televised course on eldercare. This year, I am attending the Texas Health Law Conference in downtown Austin.

The FEHBlog had lunch today (by happenstance) with a lawyer who told me that he represents a rural hospital near Odessa. The hospital has twelve beds. Beckers Hospital Review points out 2023 Texas hospital closings and bankruptcies.

There was a provider-oriented session on the No Surprises Act. The speakers quipped that the law is no balance billing law with surprises for providers. At least the speakers agree with the FEHBlog that the law is helping patients.

From the public health front,

Healthcare Finance tells us that telehealth may be the solution to the chronic illness problem plaguing a large part of our country, as reported by the Washington Post last week.
- “More patients with chronic disease. Fewer providers to take care of them. An aging population. SDOH barriers. Telemedicine and remote patient monitoring are essential tools to help manage these healthcare hurdles, an expert says.”

The Hill adds,
- “The Biden administration on Friday extended flexibilities regarding controlled substances to be prescribed via telemedicine.
- “The Drug Enforcement Administration (DEA) said in a notice it would allow providers to continue using telemedicine to prescribe certain controlled substances through the end of 2024.”

NBC News reports,
- “The coronavirus isn’t the only pathogen that can cause symptoms that last months, or even years after an initial infection is overcome, a new study published Friday in The Lancet’s eClinicalMedicine suggests.
- “In an analysis of data from 10,171 U.K. adults, the researchers found evidence of a “long cold” syndrome that can follow infection with a variety of common respiratory viruses, including common cold viruses and influenza.
- “While some of the symptoms of long Covid and long colds overlapped, the study noted that people with long Covid were more likely to continue to experience lightheadedness, dizziness and problems with taste and smell; lingering long cold symptoms were more likely to include coughing, stomach pain and diarrhea.
- “Experts said the new research could help shine a light on the types of long-lasting symptoms that come after recovery from an illness, including chronic fatigue syndrome.”

Fierce Healthcare discusses how payers are tackling the food insecurity issue in our country.

Cardiovascular Business lets us know,
- “The American Heart Association (AHA) has developed a brand new strategy for the prevention and management of cardiovascular disease (CVD).
- “This updated approach highlights the close relationship CVD has with three other significant health conditions: kidney disease, type 2 diabetes (T2D) and obesity. Patients with CVD, for example, often face a heightened risk of developing kidney disease, T2D or obesity. The opposite can also be true—patients with any of those three conditions may face a heightened risk of developing CVD.
- “With these close connections in mind, the AHA has defined a new health condition: cardiovascular-kidney-metabolic (CKM) syndrome. CKM syndrome involves nearly every major organ in the body, the group said in a new statement, though its biggest impact is on a patient’s cardiovascular system.
- “Anyone who has CVD, or even faces a risk of developing CVD in the future, may have CKM syndrome. By educating physicians and patients alike on the way these different conditions interact with one another and implementing a screening strategy for CKM syndrome, the AHA believes it can help patients get the care they need to live longer, healthier lives.”

From the U.S. healthcare business front,

The Wall Street Journal informs us,
- “Bristol Myers Squibb will acquire Mirati Therapeutics in a transaction that values the oncology developer at up to $5.8 billion, the latest example of a drugmaker targeting deals to replenish revenue as top-selling products face competition from generics.
- “The biopharmaceutical company on Sunday said that it had entered into a definitive merger agreement with Mirati under which it would pay $58.00 per share in cash. Mirati stockholders will also receive one non-tradeable contingent value right per share, potentially worth $12.00 per share in cash.
- “Mirati’s board unanimously approved the transaction. * * *
- “The acquisition of Mirati will add the Krazati lung cancer medicine to Bristol Myers Squibb’s commercial portfolio. It also includes access to clinical assets that Bristol Myers Squibb said would complement its oncology pipeline.”

The other business news comes from the HLTH conference ongoing in Las Vegas, NV.

Per Healthcare Dive,
- “Venture capital firm General Catalyst plans to buy an unnamed health system to act as a proving ground for new technology to improve hospital operations and patient care.
- “The impending purchase is part of a new health business being spun out by General Catalyst, called the Health Assurance Transformation Corporation, or HATCo, General Catalyst managing director Hemant Taneja and former Intermountain CEO (and new HATCo CEO) Marc Harrison said Sunday at the HLTH conference in Las Vegas.
- “Harrison and Taneja did not share details on what health system General Catalyst would be looking to acquire, when an acquisition could happen or how much the VC firm plans to spend.”

Per Fierce Healthcare,
- Here’s an overview of the second day of the conference and moreover
- “Headway, a startup that connects patients with mental health providers covered by insurance, picked up $125 million in fresh funding to build out its provider network to all 50 states. * * *
- “This latest round of capital will go toward investing in technology and tools to help mental health providers grow their practice, Andrew Adams, co-founder and CEO, wrote in a blog post.
- “We have plans to make Headway available to individuals seeking care in all 50 states and the District of Columbia very soon and will be building products to help providers deliver care across state lines in 2024. We’re also further investing in ensuring patients have a simplified experience understanding their insurance benefits and changes, with excellent visibility, support, and accuracy,” Adams wrote.”
and
- “Main Street Health focuses exclusively in rural communities and partners with primary care clinics in these regions by placing a health navigator in each facility. The navigator then assists with care coordination, including reaching out to patients about preventive screenings, contacting them with medication reminders, scheduling primary care visits following a hospital discharge and providing support for social needs.
- “The company currently operates in 18 states by partnering with more than 900 clinics. The expansion brings its total footprint to 26 states. The average clinic working with Main Street Health is based in a town with between 3,000 and 5,000 people and includes 2.5 providers, according to an announcement.
- “Value-based care company Main Street Health is charting an expansion into eight additional states as it banks more than $315 million in new capital.”

Weekend update

David Ermer–Congress, COVID-19, COVID-19 vaccine, Generative AI, HSA, Rx coverage, U.S. Healthcare–October 8, 2023October 8, 2023

From Washington, DC,

The Senate is on State work break this week, while the House of Representatives is focusing on electing a new Speaker on Wednesday October 11.

The Motley Fool tells us,
- “The most important day of the year for the more than 66 million people who receive a Social Security benefit each month is nearly here. This coming Thursday, Oct. 12, 2023, at 08:30, a.m., ET, the Social Security Administration (SSA) will announce the 2024 cost-of-living adjustment (COLA). * * *
- “Suffice it to say, the 2024 Social Security COLA isn’t going to be anywhere close to [2023’s historic] 8.7%. It will, however, be an above-average boost to benefits.
- “According to the latest estimate from Mary Johnson, senior Social Security policy analyst at The Senior Citizens League (TSCL), a nonpartisan senior advocacy group focused on advancing issues important to seniors, the program’s COLA is expected to hit 3.2% for 2024. Over the past 20 years, Social Security’s COLA has averaged just 2.6%.”

From the public health front,

The Washington Post informs us,
- “In a sobering analysis, researchers warn that those who’ve had childhood cancer are highly likely to face physical and mental health challenges later in life, with 95 percent developing a “significant health problem” related to their cancer or treatment by age 45.”In a sobering analysis, researchers warn that those who’ve had childhood cancer are highly likely to face physical and mental health challenges later in life, with 95 percent developing a “significant health problem” related to their cancer or treatment by age 45.
- “The researchers reviewed 73 studies, including 39 cohort studies that followed patients over time. Publishing their findings in JAMA, they said approximately 15,000 children and adolescents through age 19 are diagnosed with cancer every year and that 85 percent of children now live five years or more beyond their diagnosis. That’s compared with just 58 percent in the 1970s, according to the American Cancer Society.
- “The research documented a variety of concerns for young cancer survivors, ranging from subsequent hormone issues to reproductive health challenges, problems with muscles and bones, cognitive impairment and more.”

The New York Times lets us know,
- “A new study has an encouraging message for Americans who shy away from Covid shots because of worries about side effects: The chills, fatigue, headache and malaise that can follow vaccination may be signs of a vigorous immune response.
- “People who had those side effects after the second dose of a Covid vaccine had more antibodies against the coronavirus at one month and six months after the shot, compared with those who did not have symptoms, according to the new study. Increases in skin temperature and heart rate also signaled higher antibody levels”

MedPage Today explains why utilizing artificial intelligence may reduce maternal and infant mortality.
- “For example, “One of the biggest threats to maternal and infant health is the unmet needs within the social determinants of health, which often directly influence mothers’ ability to access healthcare services. If a pregnant woman doesn’t have access to reliable transportation to get her to and from the doctor or lives a significant distance from one, AI can measure how that might impact health outcomes for her and her unborn child. Then, it can flag it for her doctor or health plan so they can help solve these issues before they cause larger problems.
- “The result? Reduced racial disparities for maternal health, fewer preterm births and neonatal intensive care unit (NICU) admissions, and shorter NICU stays.”

Medscape reports,
- “Once weekly glucagon-like peptide 1 receptor agonist (GLP-1 RA) semaglutide (Ozempic, Novo Nordisk) significantly improved A1clevel and body weight for up to 3 years in a large cohort of adults with type 2 diabetes, show real-world data from Israel.
- “Treatment with semaglutide was associated with reductions in both A1c (-0.77%; P < .001) and body weight (-4.7 kg; P < .001) at 6 months of treatment. These reductions were maintained for up to 3 years and, in particular, in those patients with higher adherence to the therapy.
- “Avraham Karasik, MD, from the Institute of Research and Innovation at Maccabi Health Services, Tel Aviv, Israel, led the study and presented the work as a poster at this year’s annual meeting of the European Association for the Study of Diabetes (EASD).”

From the U.S. healthcare business front

Forbes reports
- “Uber Health is partnering with UnitedHealth Group’s Optum health services business to make paying for ancillary benefits like ride share and product delivery easier for seniors via the Uber app.
- “Health plan benefit cards, including health spending account (HSA) and flexible spending (FSA) cards, can be added as a form of payment within the Uber app,” Optum and Uber said in statement released Sunday during HLTH 2023 in Las Vegas. “This payment option can then be used to cover eligible expenses, including health related rides (like non- emergency doctor visits), over-the-counter items and healthy food.”

Per Healthcare Dive,
- “Rite Aid on Wednesday said it has failed to meet the New York Stock Exchange’s continued listing standards. The retailer is no longer in compliance with NYSE standards on minimum stock price and market capitalization. The NYSE listing standards require a $1.00 average closing share price over a 30 trading-day period.
- “As of midday Thursday, Rite Aid’s stock was trading at about 50 cents on the NYSE. Rite Aid now has 10 business days to formally confirm if it will seek to regain compliance and six months to do so. But the company said it, “can provide no assurances that it will be able to regain compliance with the NYSE’s continued listing standards.”
- “News that Rite Aid faces delisting comes weeks after reports emerged that the company, which has $3.3 billion in debt, may seek to close up to 500 of its 2,200 locations as part of a possible Chapter 11 bankruptcy filing.”

Cybersecurity Saturday

David Ermer–Cybersecurity–October 7, 2023October 7, 2023

From the cybersecurity policy front,

The Federal Employees Health Benefits Program has two sets of regulations — OPM’s rules found at 5 CFR Part 890 and because federal procurement contracts create FEHB plans, the Federal Acquisition Regulation (FAR) at 48 CFR Chap. 1 and OPM’s implementing FEHB Acquisition Regulation (FEHBAR)found at 48 CFR Chap. 16. It’s worth noting that the FAR was first issued forty years ago.
The Holland and Knight law firm discusses two proposed FAR cybersecurity rules published on October 3, 2023. The first one (FAR Case No. 2021-17) captioned “Cyber Threat and Incident Reporting and Information Sharing will apply to the FEHB Program as it generally imposes obligations on federal contractors. The other rule (FAR Case No. 2021-19 captioned “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” will not apply to the FEHB because carrier systems are not federal information systems. The public comment deadline for the two proposed rules is December 4, 2023.

The National Security Agency announced on October 5, 2023,
- “The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing a joint Cybersecurity Advisory (CSA) highlighting the top ten most common cybersecurity misconfigurations found in large organizations’ networks. The CSA details tactics, techniques, and procedures (TTPs) that cyber actors could use to compromise these networks, as well as mitigations to defend against this threat. * * *
- “As indicated in the CSA, these most common misconfigurations illustrate a trend of systemic weaknesses in several large organizations and the importance of software manufacturers embracing secure-by-design principles to reduce the risk of compromise.
- “Some of the misconfigurations mentioned in the CSA include default configurations of software and applications, weak or misconfigured multifactor authentication (MFA) methods, and unrestricted code execution.
- “NSA and CISA encourage network defenders and software manufacturers to implement the recommendations found within the Mitigations section of this advisory to reduce the risk of compromise. The agencies also recommend network owners and operators examine their networks for similar misconfigurations even when running other software not specifically mentioned in the advisory.”

The Cybersecurity and Infrastructure Security Agency (CISA) announced on October 4, 2023,
- “CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.
- “This publication, which follows ESF’s Identity and Access Management Recommended Best Practices Guide for Administrators, assesses and addresses challenges developers and technology manufacturers face in identity and access management (IAM). The guidance specifically addresses technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations.
- “Although the publication primarily addresses challenges facing large organizations, it also provides recommendations applicable to smaller organizations. CISA encourages cybersecurity defenders to review this guidance and to speak to their software vendors about implementing its recommendations.”

The Health Sector Cybersecurity Coordination Center (HC3) released on October 4, 2023, a sector alert about securing remote access and management software.
- “Cybersecurity and law enforcement agencies such as CISA, MS-ISAC, CIS, and the FBI have been reporting on increased misuse of remote access software to target organizations and critical infrastructure sectors.
- “For implications to the Healthcare and Public Health (HPH) sector, remote access solutions keep healthcare professionals connected while also providing increased flexibility and convenience. But the same solutions used to operate, maintain, and secure healthcare systems and networks can also be turned against their own infrastructure. Mitigating the risk associated with them is not as simple as deploying a patch or reconfiguring an application.”

The Health Sector Council released an updated Health Industry Cybersecurity Supply Chain Risk Management Guide – Version 2023 (HIC-SCRiM-v2)
- The HIC-SCRiM is a toolkit for small to mid-sized healthcare institutions to better ensure the security of the products and services they procure through an enterprise supply chain cybersecurity risk management program.

From the cybersecurity breaches and vulnerabilities front,

HC3 announced on October 6, 2023,
- “Cisco recently released an update that fixes a critical vulnerability in their Emergency Responder communications platform, a system that is utilized in the health sector. The exploitation of this vulnerability allows for a cyberattacker to completely compromise a vulnerable system and then utilize it for further cyberattacks across an enterprise network. HC3 recommends healthcare organizations identify vulnerable systems in their infrastructure and prioritize the implementation of this update.”

HC3 posted its report on September vulnerabilities of interest to the health sector on October 5, 2023.
- In September 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for September are from Microsoft, Google/Android, Cisco, Apple, Mozilla, SAP, Fortinet, VMWare, Progress Software, and Adobe.
- A vulnerability is given the classification as a zero-day when it is actively exploited with no fix available or if it is publicly disclosed.
- HC3 recommends patching all vulnerabilities with special consideration to the risk management posture of the organization.

CISA added one known exploited vulnerability to its catalog on October 2, another one on October 3, two more on October 4 (and deleted five catalog entries) and three more on October 5, 2023.

From the cybersecurity defenses front,

Cybersecurity Dive discusses what to consider when choosing cybersecurity providers.

Dark Reading proposes “five steps [by which] organizations can develop stronger security practices and make the inevitable breaches inconsequential.

An ISACA expert explains how to comply with multiple security standards and frameworks.

Another ISACA expert discusses common privacy dark patterns and ways to improve digital trust.

Friday Factoids

David Ermer–Congress, COVID-19 vaccine, Federal employment benefits, Medical / Rx research, Mental health care, No Surprises Act, OPM, U.S. Healthcare–October 6, 2023October 8, 2023

From Washington, DC,

The American Hospital Association News tells us,
- “The Centers for Medicare & Medicaid Services Oct. 6 reopened the No Surprises Act’s Independent Dispute Resolution [IDR] portal to out-of-network providers and group health plans initiating new single payment disputes under the No Surprises Act’s independent dispute resolution process, including single disputes involving bundled payment arrangements. The agency also released new guidance for processing these disputes.
- “New and in-progress batched disputes and new air ambulance disputes remain temporarily suspended while the Departments of Health and Human Services, Labor and the Treasury update their guidance and operations to align with recent court orders, including an Aug. 24 ruling that set aside certain regulations implementing the IDR process and an Aug. 3 ruling that vacated nationwide a federal fee increase and batching rule for the process.”
In that regard, the federal regulators issued ACA FAQ 62 today, which focuses on No Surprises Act issues.
What’s more, a No Surprises Act IDR operations proposed rule is still undergoing review at OMB’s Office of Information and Regulatory Affairs.

BioPharma Dive informs us,
- “The National Institutes of Health on Thursday said it will provide funding for three clinical trials of experimental ALS drugs, part of a broader push by the federal government to support the development of treatments for rare neurodegenerative diseases. * * *
- “Until recently, the FDA had approved just two main medicines for the disease. Clinical testing had shown the drugs respectively offered modest benefits on function and survival.
- “But in the last year or so, two more treatment options received nods from the FDA. Amylyx Pharmaceuticals’ Relyvrio is now cleared for the broad ALS population, while Biogen’s Qalsody is specifically for the small portion of patients who have mutations in a gene called SOD1.”

Per Pharmaceutical Technology,
- “The US Food and Drug Administration (FDA) has issued a draft guidance to aid sponsors in developing biologics and drugs for stimulant use disorders. * * *
- “FDA Center for Drug Evaluation and Research Substance Use and Behavioral Health deputy center director Marta Sokolowska said: “Currently there is no FDA-approved medication for stimulant use disorder. When finalized, we hope that the guidance will support the development of novel therapies that are critically needed to address treatment gaps.
- “The guidance is one of the actions within the agency’s Overdose Prevention Framework, which includes appropriate prescribing of prescription stimulants as well as the development of evidence-based treatments for stimulant use disorder.”

Federal News Network points out,
- “The Office of Personnel Management’s retirement claims backlog saw some improvement in September. OPM cut its backlog by 2,111 claims, hitting a new six-year low point in its overall inventory. OPM received 6,768 claims in September, and managed to process 8,879, shrinking the backlog to the lowest it has been in six years: 15,852.”

The Wall Street Journal reports,
- “The U.S. Postal Service wants to raise the price of a stamp in what would be the third increase in a year.
- “The postal service proposed a price of 68 cents, up 3% from the current price of 66 cents. If approved by the Postal Regulatory Commission, the price increase would go into effect on Jan. 21.
- “The agency raised stamp prices to 63 cents from 60 cents in January 2023. Six months later, the price of a stamp went up again, by 3 cents.”

From the public health and research front,

Medscape notes,
- “Around 4 million Americans received the updated COVID-19 shots in September, according to the U.S. Department of Health and Human Services (HHS), even as some people have found it difficult to book vaccination appointments or find the vaccines at no cost.”

NBC News reports,
- “People who take popular drugs for weight loss, such as Ozempic or Wegovy, may be at an increased risk of severe stomach problems, research published Thursday in the Journal of the American Medical Association finds.
- “The brief report is the first study of its kind, the researchers say, to establish a link between the use of such drugs, called GLP-1 agonists, for weight loss and the risk of such gastrointestinal conditions. GLP-1 agonists include semaglutide — the drug found in Ozempic and Wegovy — and liraglutide, the drug used in Saxenda. Both drugs are made by Novo Nordisk.
- “Although rare, the incidence of these adverse events can happen. I’ve seen it happen,” said lead author Mohit Sodhi, a medical student at the University of British Columbia Faculty of Medicine in Vancouver. “People should know what they’re getting into.”

Get a load of this good news. Per ALM Benefits Pro,
- “World Mental Health Day is right around the corner and this year, there’s good news to share. The mental health of U.S. employees is finally on the rise nearly three years after the pandemic. A new study shared by Leapsome, a people enablement platform based in Germany, found that 88% of U.S. employees rate their mental health as being good or very good.
- “The massive improvements in mental health took place largely over the past year, with 47% of U.S. workers reporting that their mental health had improved within the last 12 months, according to the study.”

STAT News notes,
- “The grand plan for Moderna’s future in respiratory viruses is to market a single shot that would protect against Covid-19, influenza, and RSV, using the scalability of mRNA to craft a first-of-its-kind product. And the first step — establishing the promise of its combination flu and Covid vaccine — is moving on as planned.
- “Yesterday Moderna said its combo shot measured up to established flu and Covid vaccines in generating immune responses against each virus. The next step is to take that combination to Phase 3, which could lead to approval by 2025. At the same time, Moderna is awaiting FDA approval for its RSV vaccine and testing a combination that would protect against all three viruses.”

From the U.S. healthcare business front,

BioPharma Dive reports,
- “Amgen on Friday closed its $27.8 billion acquisition of Horizon Therapeutics, about one month after securing clearance from U.S. antitrust regulators who had challenged the deal.
- “With the acquisition’s completion, Amgen gains access to 12 drugs that had combined sales of $1.8 billion over the first six months of 2023. The company said it will update its sales guidance for the rest of the year when it reports third-quarter earnings.
- “The deal is the largest in Amgen’s history, surpassing in dollar terms the 2001 buyout of Immunex. That acquisition gave Amgen Enbrel, a long-lasting blockbuster that, like several of its other major drugs, could lose market exclusivity in the coming years. That looming patent cliff has pushed the company to restock its pipeline via dealmaking.”

Per Fierce Healthcare,
- “UnitedHealthcare’s Surest, which axes deductibles and provides upfront pricing data to members, is the fastest growing product among its commercial plan lineup. And a new analysis offers a look as to why.
- “The insurance giant released Thursday an Impact Study examining some of the results Surest has seen to date and notes that members enrolled in these plans had 6% fewer emergency department visits and 13% fewer inpatient hospital admissions compared to those who were not enrolled in a Surest plan at the same employer.
- “In addition, members enrolled in Surest plans had a 20% increase in visits to a physician and a 9% jump in preventive physical exams compared to those in other commercial plans.”
and
- “Cigna’s Evernorth is launching a new, value-based care management program for its behavioral health network.
- “The company said in an announcement that this marks a key step in collaboration with providers as the industry pushes for standardized benchmarks in behavioral health. About 44,000 providers will participate in the program at launch, according to Evernorth.
- “Ultimately, if payers and providers align on how to measure success in treatment, it will drive better care, lower costs, and lead to improvements in collaboration. It should also ease administrative burdens for providers, according to the announcement, as at present they use a wide array of measures across multiple payers.”

Thursday Miscellany

David Ermer–ACA, OPM, U.S. Healthcare–October 5, 2023October 5, 2023

From Washington, DC,

STAT News reports
- The shortage of cancer drugs is not going away, but it may be easing slightly, a new national survey suggests. Based on questions posed to 29 of its 33 member hospitals, the National Comprehensive Cancer Network said Thursday that 86% of those cancer centers are experiencing a shortage of at least one type of generic chemotherapy drug, down from 90% in May.
and adds
- One of the top health care committees in the Senate is assembling ideas for bipartisan legislation to address drug shortages, three Senate aides and three lobbyists told STAT.
- The talks, led by Senate Finance Chair Ron Wyden (D-Ore.) and ranking member Mike Crapo (R-Idaho) are in the early days, but they could move the debate over drug shortage reforms into a new phase. The committee has jurisdiction over Medicare and Medicaid payment policies for hospitals. Other committees that have tried tackling the issue have jurisdiction mostly over the Food and Drug Administration.

Two law firms dive into regulatory issues that have puzzled the FEHBlog recently:

Miller and Chevalier makes the following observation about the recent federal court decision vacating an HHS rule permitting health plans to use manufacturer copay assistance accumulators. These accumulators prevent the manufacturer coupons from being counted toward out-of-pocket maximums.
- “Following this ruling, it is unclear what rules will govern the use of co-pay accumulator programs. The prior agency rule, under which plans and issuers were allowed to exclude manufacturer co-pay assistance payments from deductible and out-of-pocket maximum calculations only if a generic drug was available and only to the extent permitted by state law, may be reinstated, but it suffers from the same issues that led the court to vacate the 2020 rule. The government may move for reconsideration of the court’s ruling or for a stay of the ruling, pending an appeal, and an appeal is expected. Further guidance from HHS and CMS is likely forthcoming in the interim. It should be noted that state laws prohibiting co-pay accumulator programs could be susceptible to ERISA pre-emption challenges, and the related guidance may spawn collateral litigation.”

Proskauer explains how the ACA regulators used FAQ 61 to “press play” on the Transparency in Coverage Rule’s Prescription Drug Machine-Readable File Requirement.
- “Prescription drug machine-readable file: Having concluded that the prescription drug machine-readable file requirement is sufficiently different from the separate CAA prescription drug reporting obligation, the Departments rescinded their prior delayed enforcement policy. The Departments state they intend to release future technical guidance with an implementation timeline that “sufficiently accounts” for prior reliance by plan sponsors on the deferred enforcement policy, suggesting that plan sponsors may have some lead time to gather the necessary information to post the file.
- “In-network rate machine-readable file: Going forward, the Departments state they intend to exercise enforcement discretion on a case-by-case basis with respect to the requirement that in-network rates be expressed as dollar amounts for items and services covered by arrangements that make it difficult to express the cost as a dollar amount prior to receipt of the item or service. Because the Departments do not mention future guidance or an implementation guideline, it appears that the revocation of this enforcement safe harbor is immediate.”

The Congressional Budget Office issued a call for new research in the area of obesity. In this regard, the Wall Street Journal observes
- “Big food companies and investors are watching as Ozempic and other similar weight-loss drugs flow to millions of people, upending America’s diet industry and raising new questions about how consumers will eat.
- “Executives at food manufacturers from Campbell Soup to Conagra Brands said they are fielding questions from investors about the drugs’ potential impact as internal teams start to assess consumer behavior and brainstorm ways to respond.
- “The drugs, which suppress patients’ appetites, have exploded in popularity in the U.S., straining manufacturing capacity.
- “Morgan Stanley has projected that 24 million people, or nearly 7% of the U.S. population, will be taking such medications in 2035.
- “Those people could cut their daily calorie consumption by as much as 30%, according to the firm, which surveyed over 300 patients. For a person on a 2,000-calorie diet, that could mean eliminating a one-ounce bag of salted potato chips, a bottle of soda and more each day.”

Govexec points out,
- “The Office of Personnel Management on Wednesday reminded federal agencies of recent changes to how to monitor and collect data on the usage of workplace flexibilities like telework and remote work, as the Biden administration prepares to increase in-person work across the federal government this fall.”

From the public health and research front,

NBC News tells us,
- “So-called “good” HDL cholesterol may not be as healthy as experts once thought, a new study suggests.
- “The new study, published Wednesday in Neurology, found that having either high or low levels of high-density lipoprotein, or HDL, cholesterol, may increase the risk of dementia in older adults. It’s more evidence showing that keeping HDL cholesterol within a certain range is important for cardiovascular and brain health.
- “The relationship between HDL cholesterol and dementia is more complex than we previously thought,” said the study’s lead author, Erin Ferguson, a doctoral student studying epidemiology at the University of California San Francisco. “While the magnitude of this relationship is relatively small, it’s important,”
- “The results show a correlation between HDL cholesterol and dementia, but do not prove that low or high levels of the lipid directly caused dementia.”

The Washington Post reports
- “Using a host of high-tech tools to simulate brain development in a lab dish, Stanford University researchers have discovered several dozen genes that interfere with crucial steps in the process and may lead to autism, a spectrum of disorders that affects about one in every 36 Americans, impairing their ability to communicate and interact with others.
- “The results of a decade of work, the findings published in the journal Nature may one day pave the way for scientists to design treatments that allow these phases of brain development to proceed unimpaired.”

Health Payer Intelligence points out
- “Mortality rates among women and children grew between 2018 and 2021, emphasizing the importance of prioritizing preventive care and public health interventions, a report from the United Health Foundation shared.
- “The America’s Health Rankings 2023 Women and Children Report analyzed data on 122 healthcare measures from 34 data sources. The findings reflect outcomes among women between 18 and 44 and children across the United States.”

From the U.S. healthcare business front,

Per Healthcare Dive,
- “Froedtert Health plans to acquire full ownership of insurer Network Health from Ascension Wisconsin, the Milwaukee-based health system announced Tuesday.
- “The system agreed to buy the remaining 50% stake in the payer, which offers commercial and Medicare plans in 23 counties throughout the state, from Ascension Wisconsin. Froedtert originally acquired its stake in the company in 2014.
- “Terms of the deal weren’t disclosed, and the health systems said a closing date will be determined after regulatory review and approval.”
and
- “U.S.-based digital health startups raised $2.5 billion across 119 deals in the third quarter this year, marking the second-lowest quarter of funding since the fourth quarter in 2019, according to a report by consultancy and venture capital firm Rock Health. “Digital health startups have raised $8.6 billion in 365 deals so far this year, a little more than half of 2022’s total. The results cement a move toward decreased funding compared with pandemic boom years, the report found. “While funding and deal count has fallen significantly, trends have now stabilized for several quarters in a new normal for the digital health sector

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.