Monday Roundup

Generative AI

Monday Roundup

David ErmerGenerative AI, Mental health care, No Surprises Act, Telehealth, U.S. Healthcare
Photo by Sven Read on Unsplash

Happy Columbus Day / Indigenous Peoples’ Day

In anticipation of my residential move to Texas, which occurred in April 2022, the FEHBlog applied to waive into the Texas bar. My application was approved on June 30, 2022. (The FEHBlog remains a member of the DC Bar.)

The FEHBlog then became acquainted with the Texas Bar’s continuing legal education requirement. Last year, I took a 15-hour televised course on eldercare. This year, I am attending the Texas Health Law Conference in downtown Austin.

The FEHBlog had lunch today (by happenstance) with a lawyer who told me that he represents a rural hospital near Odessa. The hospital has twelve beds. Beckers Hospital Review points out 2023 Texas hospital closings and bankruptcies.

There was a provider-oriented session on the No Surprises Act. The speakers quipped that the law is no balance billing law with surprises for providers. At least the speakers agree with the FEHBlog that the law is helping patients.

From the public health front,

  • Healthcare Finance tells us that telehealth may be the solution to the chronic illness problem plaguing a large part of our country, as reported by the Washington Post last week.
    • “More patients with chronic disease. Fewer providers to take care of them. An aging population. SDOH barriers. Telemedicine and remote patient monitoring are essential tools to help manage these healthcare hurdles, an expert says.”
  • The Hill adds,
    • “The Biden administration on Friday extended flexibilities regarding controlled substances to be prescribed via telemedicine. 
    • “The Drug Enforcement Administration (DEA) said in a notice it would allow providers to continue using telemedicine to prescribe certain controlled substances through the end of 2024.”  
  • NBC News reports,
    • “The coronavirus isn’t the only pathogen that can cause symptoms that last months, or even years after an initial infection is overcome, a new study published Friday in The Lancet’s eClinicalMedicine suggests. 
    • “In an analysis of data from 10,171 U.K. adults, the researchers found evidence of a “long cold” syndrome that can follow infection with a variety of common respiratory viruses, including common cold viruses and influenza.
    • “While some of the symptoms of long Covid and long colds overlapped, the study noted that people with long Covid were more likely to continue to experience lightheadedness, dizziness and problems with taste and smell; lingering long cold symptoms were more likely to include coughing, stomach pain and diarrhea. 
    • “Experts said the new research could help shine a light on the types of long-lasting symptoms that come after recovery from an illness, including chronic fatigue syndrome.”
  • Fierce Healthcare discusses how payers are tackling the food insecurity issue in our country.
  • Cardiovascular Business lets us know,
    • “The American Heart Association (AHA) has developed a brand new strategy for the prevention and management of cardiovascular disease (CVD). 
    • “This updated approach highlights the close relationship CVD has with three other significant health conditions: kidney disease, type 2 diabetes (T2D) and obesity. Patients with CVD, for example, often face a heightened risk of developing kidney disease, T2D or obesity. The opposite can also be true—patients with any of those three conditions may face a heightened risk of developing CVD. 
    • “With these close connections in mind, the AHA has defined a new health condition: cardiovascular-kidney-metabolic (CKM) syndrome. CKM syndrome involves nearly every major organ in the body, the group said in a new statement, though its biggest impact is on a patient’s cardiovascular system. 
    • “Anyone who has CVD, or even faces a risk of developing CVD in the future, may have CKM syndrome. By educating physicians and patients alike on the way these different conditions interact with one another and implementing a screening strategy for CKM syndrome, the AHA believes it can help patients get the care they need to live longer, healthier lives.”  

From the U.S. healthcare business front,

  • The Wall Street Journal informs us,
    • “The biopharmaceutical company on Sunday said that it had entered into a definitive merger agreement with Mirati under which it would pay $58.00 per share in cash. Mirati stockholders will also receive one non-tradeable contingent value right per share, potentially worth $12.00 per share in cash.
    • “Mirati’s board unanimously approved the transaction. * * *
    • “The acquisition of Mirati will add the Krazati lung cancer medicine to Bristol Myers Squibb’s commercial portfolio. It also includes access to clinical assets that Bristol Myers Squibb said would complement its oncology pipeline.”

The other business news comes from the HLTH conference ongoing in Las Vegas, NV.

  • Per Healthcare Dive,
    • “Venture capital firm General Catalyst plans to buy an unnamed health system to act as a proving ground for new technology to improve hospital operations and patient care. 
    • “The impending purchase is part of a new health business being spun out by General Catalyst, called the Health Assurance Transformation Corporation, or HATCo, General Catalyst managing director Hemant Taneja and former Intermountain CEO (and new HATCo CEO) Marc Harrison said Sunday at the HLTH conference in Las Vegas.
    • “Harrison and Taneja did not share details on what health system General Catalyst would be looking to acquire, when an acquisition could happen or how much the VC firm plans to spend.”
  • Per Fierce Healthcare,
    • Here’s an overview of the second day of the conference and moreover
    • “Headway, a startup that connects patients with mental health providers covered by insurance, picked up $125 million in fresh funding to build out its provider network to all 50 states. * * *
    • “This latest round of capital will go toward investing in technology and tools to help mental health providers grow their practice, Andrew Adams, co-founder and CEO, wrote in a blog post.
    • “We have plans to make Headway available to individuals seeking care in all 50 states and the District of Columbia very soon and will be building products to help providers deliver care across state lines in 2024. We’re also further investing in ensuring patients have a simplified experience understanding their insurance benefits and changes, with excellent visibility, support, and accuracy,” Adams wrote.”
  • and
    • “Main Street Health focuses exclusively in rural communities and partners with primary care clinics in these regions by placing a health navigator in each facility. The navigator then assists with care coordination, including reaching out to patients about preventive screenings, contacting them with medication reminders, scheduling primary care visits following a hospital discharge and providing support for social needs.
    • “The company currently operates in 18 states by partnering with more than 900 clinics. The expansion brings its total footprint to 26 states. The average clinic working with Main Street Health is based in a town with between 3,000 and 5,000 people and includes 2.5 providers, according to an announcement.
    • “Value-based care company Main Street Health is charting an expansion into eight additional states as it banks more than $315 million in new capital.”

Weekend update

David ErmerCongress, COVID-19, COVID-19 vaccine, Generative AI, HSA, Rx coverage, U.S. Healthcare

From Washington, DC,

  • The Senate is on State work break this week, while the House of Representatives is focusing on electing a new Speaker on Wednesday October 11.
  • The Motley Fool tells us,
    • “The most important day of the year for the more than 66 million people who receive a Social Security benefit each month is nearly here. This coming Thursday, Oct. 12, 2023, at 08:30, a.m., ET, the Social Security Administration (SSA) will announce the 2024 cost-of-living adjustment (COLA). * * *
    • “Suffice it to say, the 2024 Social Security COLA isn’t going to be anywhere close to [2023’s historic] 8.7%. It will, however, be an above-average boost to benefits.
    • “According to the latest estimate from Mary Johnson, senior Social Security policy analyst at The Senior Citizens League (TSCL), a nonpartisan senior advocacy group focused on advancing issues important to seniors, the program’s COLA is expected to hit 3.2% for 2024. Over the past 20 years, Social Security’s COLA has averaged just 2.6%.”  

From the public health front,

  • The Washington Post informs us,
    • “In a sobering analysis, researchers warn that those who’ve had childhood cancer are highly likely to face physical and mental health challenges later in life, with 95 percent developing a “significant health problem” related to their cancer or treatment by age 45.”In a sobering analysis, researchers warn that those who’ve had childhood cancer are highly likely to face physical and mental health challenges later in life, with 95 percent developing a “significant health problem” related to their cancer or treatment by age 45.
    • “The researchers reviewed 73 studies, including 39 cohort studies that followed patients over time. Publishing their findings in JAMA, they said approximately 15,000 children and adolescents through age 19 are diagnosed with cancer every year and that 85 percent of children now live five years or more beyond their diagnosis. That’s compared with just 58 percent in the 1970s, according to the American Cancer Society.
    • “The research documented a variety of concerns for young cancer survivors, ranging from subsequent hormone issues to reproductive health challenges, problems with muscles and bones, cognitive impairment and more.”
  • The New York Times lets us know,
    • “A new study has an encouraging message for Americans who shy away from Covid shots because of worries about side effects: The chills, fatigue, headache and malaise that can follow vaccination may be signs of a vigorous immune response.
    • “People who had those side effects after the second dose of a Covid vaccine had more antibodies against the coronavirus at one month and six months after the shot, compared with those who did not have symptoms, according to the new study. Increases in skin temperature and heart rate also signaled higher antibody levels”
  • MedPage Today explains why utilizing artificial intelligence may reduce maternal and infant mortality.
    • “For example, “One of the biggest threats to maternal and infant health is the unmet needs within the social determinants of health, which often directly influence mothers’ ability to access healthcare services. If a pregnant woman doesn’t have access to reliable transportation to get her to and from the doctor or lives a significant distance from one, AI can measure how that might impact health outcomes for her and her unborn child. Then, it can flag it for her doctor or health plan so they can help solve these issues before they cause larger problems.
    • “The result? Reduced racial disparities for maternal health, fewer preterm births and neonatal intensive care unit (NICU) admissions, and shorter NICU stays.” 
  • Medscape reports,
    • “Once weekly glucagon-like peptide 1 receptor agonist (GLP-1 RA) semaglutide (Ozempic, Novo Nordisk) significantly improved A1clevel and body weight for up to 3 years in a large cohort of adults with type 2 diabetes, show real-world data from Israel.
    • “Treatment with semaglutide was associated with reductions in both A1c (-0.77%; P < .001) and body weight (-4.7 kg; P < .001) at 6 months of treatment. These reductions were maintained for up to 3 years and, in particular, in those patients with higher adherence to the therapy.
    • “Avraham Karasik, MD, from the Institute of Research and Innovation at Maccabi Health Services, Tel Aviv, Israel, led the study and presented the work as a poster at this year’s annual meeting of the European Association for the Study of Diabetes (EASD).”

From the U.S. healthcare business front

  • Forbes reports
    • “Uber Health is partnering with UnitedHealth Group’s Optum health services business to make paying for ancillary benefits like ride share and product delivery easier for seniors via the Uber app.
    • “Health plan benefit cards, including health spending account (HSA) and flexible spending (FSA) cards, can be added as a form of payment within the Uber app,” Optum and Uber said in statement released Sunday during HLTH 2023 in Las Vegas. “This payment option can then be used to cover eligible expenses, including health related rides (like non- emergency doctor visits), over-the-counter items and healthy food.”
  • Per Healthcare Dive,
    • “Rite Aid on Wednesday said it has failed to meet the New York Stock Exchange’s continued listing standards. The retailer is no longer in compliance with NYSE standards on minimum stock price and market capitalization. The NYSE listing standards require a $1.00 average closing share price over a 30 trading-day period. 
    • “As of midday Thursday, Rite Aid’s stock was trading at about 50 cents on the NYSE. Rite Aid now has 10 business days to formally confirm if it will seek to regain compliance and six months to do so. But the company said it, “can provide no assurances that it will be able to regain compliance with the NYSE’s continued listing standards.”
    • “News that Rite Aid faces delisting comes weeks after reports emerged that the company, which has $3.3 billion in debt, may seek to close up to 500 of its 2,200 locations as part of a possible Chapter 11 bankruptcy filing.”

Midweek update

David ErmerCDC, Congress, COVID-19 testing, FDA, Generative AI, Medical / Rx research, NIH, No Surprises Act, Rx coverage, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington, DC

  • Roll Call informs us
    • House Republicans appeared to be moving closer to an agreement Wednesday on an opening bid for stopgap funding legislation that would keep the lights on at federal agencies beyond Sept. 30 and pave the way for their chamber to take up its full-year appropriations bills.
    • At least a handful of conservative holdouts still maintained their opposition as of Wednesday night, which would be enough to sink a revised bill unless GOP leaders are able to change some minds in the next few days. Speaker Kevin McCarthy, R-Calif., is expected to keep the chamber in session on Saturday if necessary.
    • Even if GOP leaders’ new effort is successful, however, it was starting to look more like a bid to reopen the government after a brief shutdown, given the deadline is 10 days away and the Senate is likely to ping-pong a much different bill back to the House.
  • The FEHBlog notes that it would not be unusual for Congress to pass a brief continuing resolution next week to allow for the passage of a longer continuing resolution, thereby side stepping the partial government shutdown.
  • Fierce Healthcare offers details on the House Ways and Means Committee’s No Surprises Act hearing, while Healthcare Dive shares details on the House Oversight and Accountability’s PBM reform hearing. Both hearings were held yesterday.
  • Speaking of the No Surprises Act, the ACA regulators released a proposed rule increasing the government’s NSA arbitration fee from $50 per party to $150 per party next year. The FEHBlog has no idea why the government doesn’t ladder the fee based on the amount in dispute. The government also increased the maximum fee independent dispute resolution entities can charge the parties.
  • MedCity News informs us
    • “FDA Approves GSK Myelofibrosis Med That Has Edge Over Others in Drug Class 
    • “FDA approval of GSK’s Ojjaara in myelofibrosis introduces a new competitor to blockbuster Incyte drug Jakafi. Ojjaara was part of GSK’s $1.9 billion acquisition of Sierra Oncology last year.”
  • and
    • “FDA Rejects ARS Pharma’s Nasal Spray Alternative to Injectable Epinephrine 
    • “ARS Pharmaceuticals frames its intranasal epinephrine spray as a needle-free alternative to products such as EpiPen. Though this spray won the backing of an FDA advisory committee, the agency is now requiring that ARS Pharma run another study to support a regulatory submission.”

From the public health and medical research fronts,

  • STAT News reports,
    • “The federal government is again offering free Covid-19 tests to Americans, providing a fifth round of free tests in part to meet current needs and in part to stimulate a domestic testing industry that has struggled with cratering demand for rapid diagnostics.
    • “The measure, announced Wednesday, will see rapid tests released from the Strategic National Stockpile. In addition, 12 domestic test manufacturers will receive investments totaling $600 million to help “warm-base” the U.S. capacity for rapid test production, both for Covid and future disease threats. * * *
    • “Households will be entitled to receive four free rapid tests apiece, with ordering at COVIDtests.gov opening on Sept. 25. O’Connell said test shipments are expected to start on Oct. 2.”
  • The FEHBlog thinks that the government is fighting the last pandemic. Why not incent the production of the FDA-approved (last February) at-home tests for Covid or the flu, not just Covid?
  • In any event, the Wall Street Journal points out
    • “Don’t throw out that seemingly outdated at-home rapid Covid-19 test just yet. It may still be good. 
    • “The Food and Drug Administration has been extending expiration dates for some authorized at-home, over-the-counter Covid test kits, meaning some unused tests may still be viable. The agency’s updated list of expiration dates may be useful to those reaching for their stash of Covid-19 tests amid new variants and a recent bump in cases and hospitalizations.”
  • The National Institutes of Health announced,
    • “A trial of a preventive HIV vaccine candidate has begun enrollment in the United States and South Africa. The Phase 1 trial will evaluate a novel vaccine known as VIR-1388 for its safety and ability to induce an HIV-specific immune response in people. The National Institute of Allergy and Infectious Diseases (NIAID), part of the National Institutes of Health, has provided scientific and financial support throughout the lifecycle of this HIV vaccine concept and is contributing funding for this study.”
  • Per NBC News,
    • “Is morning the best time of day to exercise? Research published Tuesday in the journal Obesity finds that early morning activity — between 7 a.m. and 9 a.m. — could help with weight loss. 
    • “My cautious suggestion from this study is that if we choose to exercise in the early morning before we eat, we can potentially lose more weight compared to exercise at other times of the day,” said lead researcher Tongyu Ma, a research assistant professor at The Hong Kong Polytechnic University.”

From the U.S. healthcare business front,

  • Healthcare Dive tells us
    • “Ochsner Health is launching a pilot program this month that will use generative artificial intelligence to draft “simple” messages to patients.
    • “About a hundred clinicians across the New Orleans-based health system will participate in the first phase of the program, where AI will prepare responses to patient questions unrelated to diagnoses or clinical judgments. The messages will be reviewed and edited by providers before being sent to patients, according to a news release. 
    • “Ochsner is part of an early adopter group of Microsoft’s Azure OpenAI Service, which integrates with the Epic electronic health record. The health system will test the messaging feature over three phases this fall, and Ochsner will collect patient feedback to improve the system.” 
  • Per Fierce Healthcare,
    • “Making sense of mountains of data continues to be an often elusive goal for most of the healthcare system, but Cambia Health Solutions said it hopes its latest effort will allow it to better corral useable information.
    • “Cambia and Abacus Insights, a data management company that tacklesthe challenge of making healthcare networks interoperable, launched a new data aggregating system that processes information for about 3.4 million members across four Blues plans. 
    • “According to an Abacus case study (PDF), “Cambia recognized that to deliver care orchestrated around the unique needs of each individual, data must be actionable. To be actionable, case study data must be understandable, usable, timely, and have clinical utility.”

Tuesday Tidbits

David ErmerACA, CMS, Generative AI, OPM, Telehealth
Photo by Patrick Fore on Unsplash

From Washington DC,

  • Govexec.com offers an interview with OPM’s Deputy Director Rob Shriver.
  • The American Hospital Association informs us
    • “The Centers for Medicare & Medicaid Services will select up to eight states to participate in a new voluntary all-payer model that aims to curb health care cost growth, improve population health, and advance health equity by reducing disparities in health outcomes. CMS plans to detail requirements for the States Advancing All-Payer Health Equity Approaches and Development Model in a funding opportunity notice this fall. Participating states will receive up to $12 million each to implement the model during one of three start dates, with the model concluding in December 2034. CMS expects to begin the pre-implementation period for the first cohort next summer. The model will build on best practices from the Maryland Total Cost of Care model, the Pennsylvania Rural Health Model, and the Vermont All-Payer ACO Model.

From Harrisburg, PA,

  • The Pennsylvania Department of State announced,
    • “Starting Sept. 5, 2023, registered nurses and licensed practical nurses from other states who hold multistate licenses through the Nurse Licensure Compact m(NLC) will be able to provide in-person and telehealth services to PA patients. * * * Pennsylvania nurses will be able to apply for a multistate license once the compact has been fully implemented.”
  • Here is a link to nurse.org’s “Compact Nursing States List 2023,” which now includes forty states, Guam, and the Virgin Islands.
  • This type of licensing flexibility should help with nursing shortages.

From the Affordable Care Act front, Beyond the Basics provides an updated guide to minimum essential coverage.

From the generative AI front, STAT News now provides a tracking service that serves as a guide to health systems and companies driving the adoption of this important new technology.

Speaking of technology,

  • BioPharma Dive reports
    • Beam Therapeutics has begun human testing in the U.S. of a first-of-its-kind gene editing medicine for cancer, the company said Tuesday.
    • “Beam, a pioneering developer of a precise gene editing technique known as base editing, said in a short statement that it’s dosed its first patient in a study of the treatment, called BEAM-201. The trial involves patients with an aggressive form of blood cancer known as T-cell acute lymphoblastic leukemia/T-cell lymphoblastic lymphoma, or T-ALL/T-LL. It will eventually enroll about 100 participants, according to a federal database.
    • “The study’s start makes BEAM-201 the first base editing therapy to enter clinical testing in the U.S., and marks the first time patients have received a cell therapy made by “multiplex editing,” in which several genes are edited. The edits are designed to eliminate expression of four genes known as CD7, TRAC, PDCD1 and CD52.
    • “Beam claims this approach could lead to a more powerful and durable treatment. In its statement, the company noted BEAM-201’s potential to sidestep a variety of issues associated with cell therapies, like propensity for the modified cells to kill one another, or become weaker as time goes on.
    • “Beam also believes the simultaneous edits could yield a more potent donor-derived, or “off the shelf,” cell therapy. Such allogeneic treatments would be more convenient than the personalized CAR-T therapies on the market, but results to date haven’t proven they’re more powerful at killing cancer cells.”
  • Very Buck Rogers.

From the telehealth front,

  • Per Healthcare Dive,
    • “Approximately one-third of behavioral health patients seeking therapy or medication visits said their clinicians did not offer both telehealth and in-person care, according to a study from nonprofit research organization Rand.
    • “The study, published on Tuesday in Health Affairs, revealed that 45% of behavioral health patients did not believe their clinicians considered their preferences for virtual or in-person care. In addition, 32% of respondents said they did not receive their preferred method of treatment.
    • “Despite the lack of choice offered by providers, many patients undergoing behavioral health therapy preferred in-person visits due to the personal nature of the treatment, the ability to build a rapport with providers, and fears around data security and privacy, the report found.”
  • Such reports explain why hub and spoke telemental services are not a solution for mental health parity.

From the human resources front,

  • The Society for Human Resource Management advises,
    • Even though [last week’s] proposed overtime rule is likely to be challenged in court after it is finalized, employers should start examining how it will affect their workplaces, legal experts say.
    • “I don’t think businesses should act now and make concrete changes,” said Jeff Ruzal, an attorney with Epstein Becker Green in New York City. “A preliminary injunction is likely” after the rule is finalized, he said, but employers “should study and audit the workplace” and prepare for the rule to possibly take effect. They should analyze who is exempt and nonexempt and plan for complying “without jeopardizing the business or payroll.” 

Midweek update

David ErmerFDA, Generative AI, Medical / Rx research, NIH, Rx coverage, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington DC,

  • “Today, U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra declared a Public Health Emergency (PHE) for the state of Florida to address the health impacts of Hurricane Idalia and the Administration for Strategic Preparedness and Response (ASPR) deployed approximately 68 emergency response personnel to the state. At President Biden’s direction, HHS is aiding impacted communities through the Administration’s whole-of-government response effort.”
  • The Society for Human Resource Management informs us,
    • “The Department of Labor (DOL) has proposed an increase to the Fair Labor Standards Act’s (FLSA’s) annual salary-level threshold to $55,068 from $35,568 for white-collar exemptions to overtime requirements. The department also is proposing automatic increases every three years to the overtime threshold. * * * *
    • “To be exempt from overtime under the FLSA’s “white-collar” executive, administrative and professional exemptions, employees must be paid a salary of at least the threshold amount and meet certain duties tests. If they are paid less or do not meet the tests, they must be paid 1 and a half times their regular hourly rate for hours worked in excess of 40 in a workweek. * * *
    • “Under the new rule, approximately 300,000 more manufacturing workers would be entitled to overtime pay, the Labor Department reports. A similar number of retail workers would be eligible, along with 180,000 hospitality and leisure workers, and 600,000 in the health care and social services sector.” 
  • MedCity News relates,
    • “A Bristol Myers drug that treats anemia caused by a type of blood cancer now has an FDA approval that moves it up in the hierarchy of treatments, expanding the eligible patient population and positioning the therapy to achieve its blockbuster expectations.
    • “The drug, Reblozyl, treats myelodysplastic syndromes (MDS), a group of cancers in which the immature blood cells in bone marrow do not mature to become healthy blood cells. In 2020, the FDA approved Reblozyl as a second-line treatment for the anemia resulting from MDS. The FDA decision announced late Monday makes it a first-line therapy.”
  • The National Institutes of Health announced,
    • “In a study of 152 deceased athletes less than 30 years old who were exposed to repeated head injury through contact sports, brain examination demonstrated that 63 (41%) had chronic traumatic encephalopathy (CTE), a degenerative brain disorder associated with exposure to head trauma. Neuropsychological symptoms were severe in both those with and without evidence of CTE. Suicide was the most common cause of death in both groups, followed by unintentional overdose.
    • “Among the brain donors found to have CTE, 71% had played contact sports at a non-professional level (youth, high school, or college competition). Common sports included American football, ice hockey, soccer, rugby, and wrestling. The study, published in JAMA Neurology, confirms that CTE can occur even in young athletes exposed to repetitive head impacts. The research was supported in part by the National Institute of Neurological Disorders and Stroke (NINDS), part of the National Institutes of Health.” 

From the public health, medical research and Rx coverage fronts,

  • STAT News reports,
    • “The first Alzheimer’s therapy to clearly slow cognitive decline, approved in the United States last month, lifted the hope of patients and their families. But creating access to the program is a painfully slow process, even in Massachusetts, where large hospital systems have been preparing for months to administer the much-anticipated medicine.
    • “Thousands of patients are stuck on waiting lists across the state and nationally as hospitals struggle to ramp up infusion centers and monitoring processes for the drug, called Leqembi, while neurologists grapple with workforce and capacity constraints. * * *
    • “Hospitals say the backlog is temporary, reflecting the challenge of building from scratch a treatment infrastructure for new Alzheimer’s drugs. Leqembi, developed by Biogen and its Japanese partner, Eisai, was the first such treatment to be green-lighted by the Food and Drug Administration. The agency will evaluate a second therapy, Eli Lilly’s donanemab, later this year.”
  • and
    • KRAS, one of the most common genetic mutations in cancer, has been one of the most tantalizing oncogenic targets for drug developers since its discovery four decades ago. An altered KRAS gene can drive cells to divide uncontrollably, propelling them down the path towards malignancy. But for most of the last four decades, any attempt to target KRAS failed, leading many researchers to doom the protein as “undruggable.”
    • “In the last few years, that attitude has sharply turned around. In 2013, Kevan Shokat, a biologist at the University of California, San Francisco, discovered a key chemical vulnerability in a specific subset of mutant oncogenic KRAS that made it possible to design small molecules that would bind to the protein. This discovery catalyzed a frenzy of drug development around KRAS inhibitors, which eventually led to the first approved KRAS drugs in the last couple of years. Those successes are now driving a new wave of early-stage innovation around the target.
    • “It broke the code for us, for KRAS,” said Ravi Salgia, chair of medical oncology and therapeutics research at the City of Hope. “That gives us more hope to say we’ve spent more than 30 years studying it. Now, great breakthroughs have occurred. Let’s keep going forward.”
    • “That includes work around new small molecules for other subsets of mutant KRAS as well as immunotherapy approaches for targeting the oncogene. These therapies could potentially treat a wide range of different KRAS-mutant cancers including lung, pancreas, and colorectal cancers.”
  • CNN tells us,
    • “A group of novel synthetic opioids emerging in illicit drugs in the United States may be more powerful than fentanyl, 1,000 times more potent than morphine, and may even require more doses of the medication naloxone to reverse an overdose, a new study suggests.
    • Nitazenes are a synthetic opioid, like fentanyl, although the two drugs are not structurally related. In the small study published Tuesday in the journal JAMA Network Open most of the patients who overdosed on nitazenes received two or more doses of the opioid overdose reversal drug naloxone, whereas most patients who overdosed on fentanyl received only a single dose of naloxone.
    • “Clinicians should be aware of these opioids in the drug supply so they are adequately prepared to care for these patients and anticipate needing to use multiple doses of naloxone,” the researchers, from the Icahn School of Medicine at Mount Sinai in New York, Lehigh Valley Health Network based in Pennsylvania, and other US institutions, wrote in the study. “In addition, to date there has been a lack of bystander education on repeat naloxone dosing.”

From the U.S. healthcare business front,

  • Per Healthcare Dive, and the FEHBlog agrees,
    • “Ensuring workers can find and access high-quality providers is key to tamping down healthcare costs and improving outcomes in the employer-sponsored insurer market, according to a study by Morgan Health and Embold Health published in NEJM Catalyst. 
    • “Employers can now access more data on the quality of care provided by clinicians, so they should take a larger role in health plan network design and steer workers toward higher-performing providers, according to the report. 
    • “Clinician quality can drive poor outcomes, missed treatments and unnecessary care, the report said. For example, among the top 10% of about 800 cardiologists in Ohio by quality rank, an average of 73% of patients with coronary artery disease were taking cholesterol-lowering statins regularly, compared with only 39% for the bottom 10% of clinicians.” 
  • The Wall Street Journal reports
    • “In a male-dominated industry, female surgeons spend more time in the operating room, and their patients endure fewer postoperative complications.
    • “That’s the conclusion of two research studies published Wednesday in JAMA Surgery. Researchers found better outcomes for patients treated by female surgeons in the sweeping reviews of millions of procedures in Canada and Sweden. 
    • In the first study, 17 researchers in the U.S. and Canada followed the outcomes for 1.2 million patients in Canada undergoing common surgeries between 2007 and 2020.
    • “The study authors found that at both 90 days and one year following surgery, patients treated by female surgeons were less likely to experience adverse postoperative issues, including death. The outcome differences were modest, but consistent.”
  • Fierce Healthcare relates,
    • “Earlier this year, Anthem Blue Cross and Blue Shield unveiled a new virtual-first plan that harnesses artificial intelligence to streamline health services for members, the insurer announced.
    • “Now, it’s making that plan available in several additional states beginning Jan. 1. Large group fully insured or self-funding employer clients in Connecticut and Virginia can select Anthem Link Virtual First plans, which harness the power of the insurer’s Sydney app to connect members with benefits details, cost transparency information and more around the clock.
    • “Stephanie DuBois, a spokesperson for Anthem Blue Cross and Blue Shield in Connecticut, told Fierce Healthcare in an email that the plans first became available to large group self-insured employers in California, Missouri and New York as well as large group self-funded and fully insured employers in Georgia starting in July.
    • “Members can access Anthem Link Virtual First plans through Sydney Health, which is a digital member engagement platform that includes access to benefits, tools, resources and provider care 24/7,” DuBois said. “Sydney Health also offers an AI-driven symptom checker that intuitively uses the information members provide to narrow down millions of medical data points and assess specific symptoms before seeing a doctor.”

Tuesday Tidbits

David ErmerCDC, Electronic health records, FDA, Generative AI, Medicare, Telehealth, U.S. Healthcare, Uncategorized
Photo by Patrick Fore on Unsplash

From Washington, DC,

  • Healio informs us,
    • “An FDA panel voted that for adults with uncontrolled hypertension, the benefits of an ultrasound renal denervation device outweigh its risks.
    • Concerns about long-term durability of effect were expressed.”
  • The Department of Health and Human Services announced
    • “award[ing] more than $1.4 billion for Project NextGen to support the development of a new generation of tools and technologies to protect against COVID-19 for years to come.
    • “The awards announced today follow extensive coordination with industry partners and include support for clinical trials that will enable the rapid development of even more effective and longer-lasting coronavirus vaccines, a new monoclonal antibody, and transformative technologies to streamline manufacturing processes.”
  • The U.S. Preventive Services Task Force reaffirmed its 2019 Grade A recommendation that “clinicians prescribe preexposure prophylaxis using effective antiretroviral therapy to persons who are at increased risk of HIV acquisition to decrease the risk of acquiring HIV.”
  • The Centers for Disease Control lets us know, based on a survey,
    • About 20% of women reported mistreatment while receiving maternity care.
    • About 30% of Black, Hispanic, and multiracial women reported mistreatment. 
    • Almost half (45%) of women held back from asking questions or sharing concerns during their maternity. * * *
    • Mistreatment was reported most often by Black, Hispanic, and multiracial moms and those with public insurance or no insurance.
  • That’s a big bowl of wrong. The CDC observes,
    • Respectful maternity care is free from harm and mistreatment, maintains privacy, confidentiality, and dignity, and allows for shared decision-making and continuous support.
  • The Department of Justice announced yesterday,
    • [“D]eferred prosecution agreements resolving criminal antitrust charges against Teva Pharmaceuticals USA, Inc. and Glenmark Pharmaceuticals Inc., USA. As part of those agreements, both companies will divest a key business line involved in the misconduct, and as an additional remedial measure, Teva will make a $50 million drug donation to humanitarian organizations. Teva will pay a $225 million criminal penalty — the largest to date for a domestic antitrust cartel — and Glenmark will pay a $30 million criminal penalty. Both companies will face prosecution if they violate the terms of the agreements, and if convicted, would likely face mandatory debarment from federal health care programs.
    • “The agreements each require the companies to undertake remedial measures, including the timely divestiture of their respective drug lines for pravastatin, a widely used cholesterol medicine that was a core part of the companies’ price-fixing conspiracy. This extraordinary remedy forces the companies to divest a business line that was central to the misconduct. Teva must also donate $50 million worth of clotrimazole and tobramycin, two additional drugs with prices affected by Teva’s criminal schemes, to humanitarian organizations that provide medication to Americans in need. Both Teva and Glenmark have agreed, among other things, to cooperate with the department in the ongoing criminal investigations and resulting prosecutions, report to the department on their compliance programs, and modify those compliance programs where necessary and appropriate.” 
  • Federal New Network reports that OPM released guidance for hybrid teleworkers who are covered under the Fair Labor Standards Act.
  • The Equal Employment Opportunity Commission released its new strategic plan for fiscal years 2022 through 2026
    • “The new Strategic Plan reflects our thoughtful assessment of the agency’s mission, goals, and objectives in light of current conditions and what we expect in the next few years,” said EEOC Chair Charlotte A Burrows. “It emphasizes expanding the EEOC’s capacity to eliminate systemic barriers to equal opportunity in the workplace, using technology and other tools to improve our services to the public, and achieving organizational excellence with a culture of accountability, inclusivity, and accessibility. I am grateful for the hard work of our staff across the agency who assisted in developing this plan and look forward to its successful implementation.”.

From the public health front,

  • The Washington Post explains
    • how to address the factors that may underlie the growing number of women under age 40 who are afflicted with breast cancer,
  • and
    • how to guard against germs in leafy green salads.

From the U.S. healthcare business front,

  • The FEHBlog was surprised to read in the Wall Street Journal that
    • “America’s nursing homes are fading away.
    • “The U.S. has at least 600 fewer nursing homes than it did six years ago, according to a Wall Street Journal analysis of federal data. More senior care is happening at home, and the Covid-19 pandemic caused many families to shun nursing homes while draining workers from an already short-staffed industry.
    • “The result? Frail elderly patients are stuck in hospitals, a dangerous place for seniors, waiting for somewhere to go—sometimes for months. Beds are disappearing while the need for senior care is growing. The American population 65 and older is expected to swell from 56 million in 2020 to 81 million by 2040.
  • MedPage Today notes.
    • “States that recently adopted less-restrictive policies surrounding the use of telepharmacy had fewer pharmacy deserts in the following year, a cohort study involving a dozen states showed.
    • “Compared with nearby states that made no changes, states that formally implemented or updated pro-telepharmacy policies had a 4.5% relative decrease (95% CI 1.6-7.4) in the percentage of regions defined as pharmacy deserts (P=0.001) and an 11.1% relative decrease (95% CI 2.4-22.6) in the proportion of people living in one of these deserts (P=0.03).
    • “And in general, telepharmacies tended to serve areas of high medical need, reported Jessica Adams, PharmD, of TelePharm in Iowa City, Iowa, and colleagues.
    • “As pharmacy closures and socioeconomic factors persist, pharmacy deserts are likely to expand unless policies are implemented to ensure continued access to pharmacy services,” the researchers wrote in JAMA Network Open
  • The Business Group on Health points out,
    • “Mental health needs among workforces continued to climb this year, with 77% of large employers reporting an increase and another 16% anticipating one in the future, according to Business Group on Health’s 2024 Large Employer Health Care Strategy Survey.
    • “This represents a 33 percentage-point surge over last year, when 44% of employers saw an increase in employee mental health concerns.
    • “The Business Group survey, released today in Washington, DC, also showed that cancer was still the top driver of large companies’ health care costs while rising prescription drug costs also proved to be a leading concern. Cancer overtook musculoskeletal conditions last year as the top driver of large companies’ healthcare costs and shows no sign of abating in the coming years.
    • “Yet as businesses respond to the increase in mental health needs, grapple with soaring health care costs and address issues of health equity and affordability, they will continue to invest strategically in diverse health and well-being offerings for the upcoming year, the survey also showed.”
  • Axios reports that “Middle-class Americans [who earn $50,000 to $100,000 annually] are the most likely to be saddled with medical debt, with nearly 1 in 4 — or roughly 17 million people — having unpaid medical bills, according to a report shared first with Axios from center-left think tank Third Way.”
  • Per Healthcare Dive,
    • “Epic and Microsoft announced on Tuesday an expanded collaboration focused on integrating generative artificial intelligence tools in the vendor’s electronic health records system. 
    • “The partners are working to “rapidly deploy dozens” of AI technologies, including clinical note summarization, medical coding suggestions and data exploration tools that aim to fill gaps in clinical evidence by using real-world data. 
    • “The expanded partnership is intended to speed the development of AI tools in healthcare, bringing the technology as “quickly as possible, responsibly and in partnership with providers,” according to a blog post by Eric Boyd, corporate vice president of AI platform at Microsoft.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Cybersecurity Dive informs us,
    • “The National Institute of Standards and Technology released a long-anticipated draft version of the Cybersecurity Framework 2.0 Tuesday,  the first major update of the agency’s risk guidance since 2014. 
    • “After originally focusing risk guidance on critical infrastructure, the updated framework includes a wider array of organizations, including small- and medium-sized businesses, local schools and other entities. 
    • “The revised framework also addresses the role of corporate governance and the growing risks to digital networks via third-party relationships. * * *
    • “NIST will release a CSF 2.0 reference tool in a few weeks to help users browse, search and export data in a format that is machine-readable. It will also hold a workshop in the fall for additional public comments. 
    • “The deadline for public comments is Nov. 4, and NIST plans to publish a final version of CSF 2.0 in early 2024.”
  • Health IT Security adds,
    • As previously reported, the NIST CSF can be an asset to healthcare organizations looking to bolster their cybersecurity programs. Alongside other voluntary frameworks and HIPAA compliance actions, healthcare organizations can leverage the NIST framework to enhance privacy and security protections.
  • Politico updates us on the Federal Trade Commission’s proposed health data breach rule.
    •  In May, the Federal Trade Commission proposed a sweeping expansion of health data privacy rules, and now, the period for the public to weigh in has ended.
    • “While many comments were supportive, others were concerned that the FTC was overstepping its authority, opening itself up to litigation, and urged more clarity.” * * *
    • “The proposal would clarify that health app developers would be subject to regulations requiring them to notify customers if their identifiable data is accessed by hackers or business partners or shared for marketing without patient approval. The rule would include those offering health services and supplies — broadly defined to include fitness, sleep, diet and mental health products and services, among a laundry list of categories.”
  • The Wall Street Journal summarizes the Security and Exchange Commission’s final cyber rule:
    • The U.S. Securities and Exchange Commission has approved new regulations requiring public companies to disclose cybersecurity breaches within four business days of becoming aware of a material impact resulting from the incident.
    • The regulations dropped the requirement for companies to disclose the names of cybersecurity experts on company boards and the nature of their expertise..
    • Companies are now required to report information regarding their cybersecurity risk management, strategy and governance annually.
    • Despite the SEC not requiring cyber expertise, experts believe having cyber oversight on the board is still beneficial and a priority.

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive informs us,
    • “The mass exploit of a zero-day vulnerability in MOVEit has compromised more than 600 organizations and 40 million individuals to date, but the numbers mask a more disastrous outcome that’s still unfolding.
    • “The victim pool represents some of the most entrenched institutions in highly sensitive — and regulated — sectors, including healthcare, education, finance, insurance, government, pension funds and manufacturing.
    • “The subsequent reach and potential exposure caused by the Clop ransomware group’s spree of attacks against these organizations is vast, and the number of downstream victims is not yet fully realized. * * *
    • “The widespread attack against MOVEit and its customers was “highly creative, well-planned, organized by multiple groups and executed well since they were able to poach records at scale,” independent analyst Michael Diamond said via email.
    • “Without a doubt, they hit one of the juicy parts of the orchard from an information perspective that they’ll continue to monetize and use for attacks in the future,” Diamond said. “My impression is that this is only going to get worse over time.”
    • “Diamond isn’t alone in forecasting the worst is yet to come.”
  • The Cybersecurity and Infrastructure Security Agency added one known exploited vulnerability to its catalog on August 7 and another one on August 9.
  • The Wall Street Journal reports that “AI Is Generating Security Risks Faster Than Companies Can Keep Up: Rapid growth of generative AI-based software is challenging business technology leaders to keep potential cybersecurity issues in check.”
  • The Healthcare Sector Cybersecurity Coordination Center released a threat analysis on multifactor authentication (good) and smishing (bad).

From the ransomware front,

  • Cybersecurity Dive pointed out on August 7, 2023,
    • “A ransomware attack against Prospect Medical Holdings disrupted healthcare services across multiple states last week, prompting multiple hospital closures as response and recovery efforts are underway.
    • “Prospect Medical Holdings recently experienced a data security incident that has disrupted our operations,” the healthcare provider said Friday in a statement. The California-based company operates 16 hospitals and more than 165 clinics and outpatient facilities in California, Connecticut, Pennsylvania and Rhode Island.”

From the cybersecurity defenses front,

  • FedScoop reports
    • “The White House on Wednesday [August 9] announced a competition for cybersecurity researchers that is intended to spur the use of artificial intelligence to identify and fix software vulnerabilities.
    • “Teams that compete in the “AI Cyber Challenge,” which the Defense Advanced Research Projects Agency will lead, can win prizes worth up to $18.5 million. The agency has also allocated an additional $7 million in prize money for small businesses that participate.
    • “As part of the competition, researchers will use AI technology to fix software vulnerabilities, with a particular focus on open-source software. Leading AI companies Anthropic, Google, Microsoft and OpenAI will make their technology available for the challenge, according to the Biden administration.
    • “The White House’s announcement comes amid continued concern over rising cyber supply-chain risk across the federal government and the private sector. Last September, the Office of Management and Budget stipulated that all software providers would have to self-attest to the security of their products before deploying them on federal agency systems.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front —

  • Cybersecurity Scoop reports,
    • “The Cybersecurity and Infrastructure Security Agency [CISA] released its strategic plan for fiscal year 2024 through 2026 on Friday, following a plethora of strategies and implementation plans released over the past several months by the White House aimed at improving the nation’s overall cybersecurity preparedness. 
    • “Within CISA, this Plan will serve as a keystone for implementation, resource, and operational planning, as further executed through our Annual Operating Plans. Externally, it will help stakeholders understand and participate in our long-term cybersecurity planning and prioritization,” the document reads.
    • CISA’s strategic plan will focus on three goals: address immediate threats, harden the terrain and drive security at scale. Additionally, the strategy has nine objectives, three for each goal, outlining the agency’s scope for the next three years.
    • “The release comes shortly after the Office of the National Cyber Director released a National Cyber Workforce and Education Strategy, as well as the National Cybersecurity Strategy in March and subsequent Implementation Plan in July.”
  • and
    • “The Biden administration’s strategy for building the U.S. cybersecurity workforce calls for government, industry and civil society groups to collaborate in increasing the number of cybersecurity workers and also urges an overhaul of the U.S. immigration system. 
    • “To address a dire shortage of cybersecurity workers, Monday’s strategy document takes a broad approach in overhauling the cybersecurity workforce. “The national cyber director’s office can only really task federal departments and agencies because, realistically, we need all of society. We need them to be feel supported and heard and seen as we approach these ecosystem models,” Acting National Cyber Director Kemba Walden told CyberScoop.”

From the cybersecurity breaches and vulnerabilities front —

  • Health IT Security brings us up to date on MOVEit breaches affecting healthcare organizations.
  • Health IT Security adds, “The healthcare sector continued to face a high volume of cyberattacks in the past few months as infostealing malware rose in popularity, BlackBerry stated in its latest Global Threat Intelligence Report.”
  • Cybersecurity Dive reports
    • “Half of the 12 most-commonly exploited vulnerabilities in 2022 were discovered the previous year, cyber authorities from the Five Eyes said in a joint advisory released Thursday. One of the top 12 vulnerabilities was discovered in 2018.
    • “Flaws in Microsoft products accounted for 1 in 3 of the most-routinely exploited vulnerabilities, including three Exchange Server CVEs from 2021. Two-thirds of the most-exploited vulnerabilities were found in products from three vendors: Atlassian, Microsoft and VMware.
    • “Other vendors that made the list include Apache’s Log4j, F5 Networks, Fortinet and Zoho.
    • * * * “Delayed or inconsistent vulnerability patching remains an underlying problem. This, combined with the unmet need for vendors, designers and developers to adhere to secure-by-design and secure-by-default principles, is aggravating the risk of compromise by malicious cyber actors.
    • “The Five Eyes intelligence alliance, which includes authorities from the U.S., Australia, Canada, New Zealand and the U.K., reiterated the need for vendors to follow secure design practices throughout the software development lifecycle.”
  • Security Week tells us
    • The US government’s cybersecurity agency CISA is calling attention to under-researched attack surfaces in UEFI [Unified Extensible Firmware Interface], warning that the dominant firmware standard presents a juicy target for malicious hackers.
    • “UEFI is a critical attack surface. Attackers have a clear value proposition for targeting UEFI software,” the agency said in a call-to-action penned by CISA technical advisor Jonathan Spring and vulnerability management director Sandra Radesky. 
  • CISA’s Director Jen Easterly blogs about the importance of securing the Border Gateway Protocol, which she describes as being the most important part of the internet you have never heard of.
  • On July 31, CISA added another known exploited vulnerability to its catalog.

From the ransomware front —

  • HHS’s Health Sector Cybersecurity Coordination Center released a sector alert on August 4, 2023.
    • “Rhysida is a new ransomware-as-a-service (RaaS) group that has emerged since May 2023. The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not paid. Rhysida is still in early stages of development, as indicated by the lack of advanced features and the program name Rhysida-0.1. The ransomware also leaves PDF notes on the affected folders, instructing the victims to contact the group via their portal and pay in Bitcoin. Its victims are distributed throughout several countries across Western Europe, North and South America, and Australia. They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there have been recent attacks against the Healthcare and Public Health (HPH) sector.”
  • Bleeping Computer informs us that “Clop ransomware now uses torrents to leak data and evade takedowns” and it offers its Week in Ransomware.
    • “Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
    • “This week, BleepingComputer analyzed the Linux encryptor for Abyss Locker and illustrated how it was specifically designed to encrypt ESXi virtual machines.”

From the cybersecurity defenses front —

  • Per Forbes
    • “Traditional passwords have proven to be an increasingly problematic authentication strategy in the evolving face of cybersecurity. Biometrics, such as fingerprints, facial recognition and iris scanning, are ushering in a new era of safe authentication.
    • “Biometrics provide distinct advantages over passwords in terms of security, convenience and user experience. But why exactly are biometrics more secure, and how can businesses successfully implement this technology into their existing strategies?
    • Forbes article explains how.
  • HelpNet offers advice on building cybersecurity defenses.
  • Security Intelligence explains how artificial intelligence can reduce data breach life cycles and costs.

Midweek Update

David ErmerACA, Federal employment benefits, Generative AI, Medical / Rx research, OPM, Rx coverage, Telehealth, U.S. Healthcare
Photo by Manasvita S on Unsplash

From Washington, DC —

  • MedPage Today informs us
    • “In a letter to the American public, the heads of the Drug Enforcement Administration (DEA) and FDA acknowledged ongoing stimulant drug shortages [to treat ADHD] and recounted their initiatives to improve access — while calling for efforts to diminish potential overuse and misuse of these powerful medications.”
  • and
    • “Jeanne Marrazzo, MD, will be the next director of the National Institute of Allergy and Infectious Diseases (NIAID), NIH Acting Director Lawrence Tabak, DDS, PhD, announced on Wednesday.
    • “Dr. Marrazzo brings a wealth of leadership experience from leading international clinical trials and translational research, managing a complex organizational budget that includes research funding and mentoring trainees in all stages of professional development,” Tabak said in a press release. “I look forward to welcoming Dr. Marrazzo to the NIH leadership team.”
  • FedWeek explains why the federal long-term care insurance program is the “Zeppo Marx” of federal employee benefits programs and offers information about deferred annuities available to federal employees.
    • Conundrum “If you are eligible for a deferred annuity, you may elect a survivor annuity. However, you won’t be eligible either to participate in the Federal Employees Health Benefits program or acquire Federal Employees’ Life Insurance coverage.”

From the public health front —

  • From Healthcare Dive, we have an opinion piece titled, “Strengthening primary care the key to fixing healthcare system woes. Primary care advocates Ann Greiner and Shawn Martin argue the U.S. needs to turn around decades of underinvestment in its primary care chassis.” Check it out.
  • The Wall Street Journal reports that some large employer-sponsored health plans, such as the University of Texas, are canceling coverage of GLP-1 agonistes, like Wegovy, for weight loss treatment due to the high cost of the drugs. The UT plan will continue to cover these drugs, like Ozempic, for diabetes treatment.
    • “The prescription-drug benefit plan for state government employees in Connecticut now requires members to obtain anti-obesity drugs through Intellihealth, a Connecticut-based, anti-obesity medical practice that offers telehealth and app-based care.  
    • “The state’s costs for the GLP-1 anti-obesity drugs for plan members have risen 50% since 2020, and are on track for $30 million annually by the end of this year, said Connecticut State Comptroller Sean Scanlon.
    • “To me, saying we’re not going to cover these anymore was a nonstarter, because these drugs do work. People want to take them,” he said.”
  • The University of Michigan’s employee health benefits program raised the deductible on Wegovy from $20 to $45.
    • “Denmark-based Novo Nordisk charges a list price of $1,349 for roughly a month’s supply of each Wegovy and Saxenda. A related drug, Ozempic, is approved to treat Type 2 diabetes and costs about $930 a month, but isn’t typically covered by insurance plans for weight loss in people without diabetes.” That price differential doesn’t make sense to the FEHBlog.
  • MedPage Today tells us
    • “An investigational vaccine that contains the nucleoprotein of the influenza A virus appeared promising as a universal flu shot that could protect against multiple strains, regardless of annual mutations, a phase IIa dose-finding study showed.”
  • CNN informs us
    • “Artificial intelligence found more breast cancers than doctors with years of training and experience and cut doctors’ mammogram reading workload almost in half, a new early-stage study found.
    • “This doesn’t mean your hospital will let a computer determine whether you have cancer any time soon. There’s still a lot more research to do, but the study, published Tuesday in the journal The Lancet Oncology, shows that AI is safe to use in breast cancer detection and could make doctors even more effective at finding cancer than they are now.”

From the U.S. healthcare front

  • Healthcare Dive reports
    • “CVS Health announced a company-wide restructuring initiative on Wednesday after the healthcare giant’s profit fell 37% year over year to $1.9 billion in the second quarter.
    • “As part of the restructuring, the Woonsocket, Rhode Island-based company plans to terminate certain initiatives. That should allow it to reallocate resources to growth areas like healthcare services and technology, CEO Karen Lynch said on a Wednesday call with investors.
    • “CVS lowered its 2024 adjusted earnings per share target from $9 to between $8.50 and $8.70 as a result of cost pressures — flat from its 2023 guidance range. CFO Shawn Guertin also told investors to “no longer rely” on the company’s target of $10 for 2025.”
  • and
    • “Humana beat Wall Street expectations on earnings and revenue in the second quarter, reporting a topline of $26.7 billion, up 13% year over year, and profit of $959 million, up 38% year over year.
    • “Rising medical utilization earlier in the quarter appears to have stabilized based on recent claims activity, management said. The payer on Wednesday reiterated the 2023 medical loss ratio guidance of between 86.3% and 87.3%.
    • “Humana also raised its Medicare Advantage membership growth expectations following the quarter. The Louisville, Kentucky-based health insurer now expects to add 825,000 MA members in 2023.”
  • Fierce Healthcare relates
    • “Amazon Clinic is expanding to all 50 states, including nationwide telehealth services to offer access to clinicians through its website and mobile app.
    • “The online retail giant unveiled Amazon Clinic back in November as a virtual medical clinic to provide care for 35 common health concerns like urinary tract infection, pink eye, and acid reflux. Launched as a message-based virtual consultation service, Amazon Clinic connects consumers with licensed clinicians who can diagnose, treat and prescribe medication for a range of common health and lifestyle conditions.
    • “The service was available in 34 states and has now been expanded nationwide and to Washington, D.C., along with the addition of video visits with providers on Amazon.com and the mobile app, the company announced in a blog post on Tuesday.
    • “Amazon Clinic is currently cash pay and does not yet accept insurance, the company said.” 
  • Beckers Payer Issues points out
    • “The first wave of UnitedHealthcare’s previously announced 20 percent reduction in prior authorization requirements takes effect Sept 1. 
    • “The remainder of the reductions will occur Nov. 1, according to an Aug. 1 post on UnitedHealthcare’s website. 
    • “The prior authorization code eliminations will take place on Sept. 1 and Nov. 1 for Medicare Advantage, commercial, Oxford, and individual exchange plans. Eliminations for community plans will take place Nov. 1. “
  • and
    • “UnitedHealthcare controls almost one-quarter of the Medicare Part D plan market, according to an analysis from KFF.
    • “The analysis, published July 26, compared market share in 2023 for major payers offering both Medicare Advantage plans and stand-alone Part D plans.
    • “Most payers analyzed, aside from Kaiser Permanente, offer both standalone plans and Medicare Advantage policies, according to KFF. CVS Health, Centene and Cigna have greater enrollment in standalone Part D plans than Medicare Advantage options, while UnitedHealthcare and Humana have more Medicare Advantage members.”
  • Benefits Pro reassures us
    • “When the Affordable Care Act was passed in 2010, it was assumed that many employers would drop workplace health insurance in response. However, a new study by the Employee Benefit Research Institute found that starting in 2015, both the percentage of employers offering health insurance and the percentage of workers eligible for such coverage began to increase.
    • “It should then come as no surprise that the percentage of workers and their families being covered by employment-based health insurance has been relatively steady over the long term,” the report said.”

Cybersecurity Saturday

David ErmerCybersecurity, Generative AI, Uncategorized

From the cybersecurity policy front —

  • Cyberscoop reports
    • “President Biden on Wednesday nominated Harry Coker, a long-time CIA and National Security Agency official, to serve as the next national cyber director, a choice that elevates a relatively unknown official to take on a high-profile assignment as the president’s leading cybersecurity adviser. 
    • “Coker’s nomination ends a protracted search to replace Chris Inglis, who led the Office of the National Cyber Director until February after leading efforts to draft the administration’s cybersecurity strategy. 
    • “Leading voices in Capitol Hill have urged Biden in recent weeks to nominate Inglis’s deputy, Kemba Walden, who has been serving as the acting director. Despite the support of key lawmakers, the White House passed on elevating Walden to the permanent position — reportedly out of concern that her significant financial debts might hinder her confirmation before the Senate.”
  • The Cybersecurity and Infrastructure Security Agency tells us,
    • “Now that the cross-sector CPGs have been published, CISA is working with Sector Risk Management Agencies (SRMAs) to directly engage with each critical infrastructure sector to develop Sector-Specific Goals (SSGs).  In most instances, these goals will likely consist of either new, unique additional goals with direct applicability to a given sector or, materials to assist sector constituents with effective implementation of the existing cross-sector CPGs. Sector-specific goals will be developed by:
    • “Identifying any additional cybersecurity practices not already included in the Common Baseline, needed to ensure the safe and reliable operation of critical infrastructure in that sector.  
    • “Providing examples for recommended actions specific to the infrastructure and entities in that sector; and  
    • “Mapping any existing requirements (e.g., regulations or security directives) to the Common Baseline and sector-specific objectives and/or recommended actions so stakeholders can see how their existing compliance practices fulfill certain objectives.  
    • “As there are 16 Critical Infrastructure sectors with varying needs, CISA will be tackling this effort in several phases. The first four sectors CISA is working with include the Energy, Financial Services, IT, and Chemical Sectors. In addition, CISA will be working throughout the year with the Water/Wastewater Sector, Healthcare Sector, and K-12 Subsector on identifying approaches for how organizations in those sectors/subsectors can enhance their cybersecurity posture through the implementation of the existing body of cross-sector goals.”
  • Here is a link to the website for the healthcare sector coordinating council (HSCC), whose work the FEHBlog will begin to track. Surprisingly to the FEHBlog, OPM is not an HSCC member.

From the cybersecurity breaches and vulnerabilities front —

  • Cybersecurity Dive informs us,
    • “Healthcare continues to be the most expensive industry for data breaches, beating out other sectors for the 13th year in a row, according to research conducted by the Ponemon Institute and published by IBM Security
    • “The average cost of a healthcare data breach reached nearly $11 million in 2023, an increase of 8% from last year and a 53% jump since 2020, the report found. 
    • “Although the healthcare sector faces high levels of industry regulation, expenses accrued from data breaches in the sector were almost double compared to the financial industry, which saw the second-most expensive data breaches at $5.9 million.”
  • Cybersecurity Dive adds
    • “The investigation phase of data breaches is the fastest growing and costliest category of data breach expenses, contributing to the consistent year-over-year increase in costs. Detection and escalation costs jumped almost 10% to nearly $1.6 million per incident, IBM found.
    • “The breadth and depth of incident response investigations are scaling up directly with the overall costs, along with the off tempo of the criminal,” John Dwyer, head of research at IBM Security X-Force, told Cybersecurity Dive.”
  • On a related topic, Cybersecurity Dive lets us know,
    • “Valid account credentials are at the root of most successful threat actor intrusions of critical infrastructure networks and state and local agencies, according to the Cybersecurity and Infrastructure Security Agency.
    • “Valid credential compromise combined with spear-phishing attacks accounted for nearly 90% of infiltrations last year.
    • Valid accounts, including former employee accounts, not removed from the Active Directory and default administrator credentials, were responsible for 54% of all attacks studied in the agency’s annual risk and vulnerability assessment released Wednesday.
    • Spear-phishing links — malware-laced emails sent to targeted individuals — were responsible for 1 in 3 attacks, the report found.
    • The success rate of these techniques underscores the staying power of the most common methods threat actors use to gain initial access to targeted systems.
  • Cyberscoop relates
    • “Apple on Monday issued its third security update in roughly a month to remedy vulnerabilities exploited in Operation Triangulation, a spyware campaign that researchers say specifically targeted iMessage users in Russia. 
    • “The Russian arm of cybersecurity firm Kaspersky on June 1 revealed the details of a zero-click iOS exploit. The company’s researchers said they discovered it while monitoring the company’s own corporate Wi-Fi network dedicated to mobile devices. The findings were released the same day Russia’s Federal Security Service, or FSB, said it had uncovered an American espionage operation targeting Apple devices in Russia in cooperation with Apple. 
    • “Apple told CyberScoop at the time that it had “never worked with any government to insert a backdoor into any Apple product and never will.”
  • Per Cyberscoop,
    • “Executives, researchers and engineers at big tech companies and startups alike working on artificial intelligence face a growing threat from criminal and nation-state hackers looking to pilfer intellectual property or data that underlies powerful chatbots, the FBI warned on Friday.
    • “The growing risk coincides with the increasing availability of AI tools and services to the general public in the form of products such as OpenAI’s ChatGPT, or Google’s Bard, for instance, as well as the increasing ease and ability for many companies to develop AI language models.
    • “The warning comes two days after FBI Director Christopher Wray and Bryan Vorndran, the agency’s assistant director, cyber division, warned about the distinct AI-related threats from China, which political leaders in the U.S. and Europe have long warned wants to dominate all aspects of AI research and implementation.”
  • Per Security Week,
    • “New guidance from the Australian Cyber Security Centre (ACSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) warns developers, vendors, and organizations of access control vulnerabilities in web applications.
    • “Described as insecure direct object reference (IDOR) issues, they allow threat actors to read or tamper with sensitive data via application programming interface (API) requests that include the identifier of a valid user.
    • “These requests are successful because the authentication or authorization of the user submitting the request is not properly validated, the three agencies explain.”
  • CISA added an additional known exploited vulnerability to its catalog on July 25, July 26, and July 27, 2023.
  • Yesterday CISA “published three malware analysis reports on malware variants associated with the exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero-day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence.”
  • Also, yesterday, CMS shared its MOVEIt breach notice to Medicare beneficiaries.

From the ransomware front —

  • HelpNet Security points out that “In the Q2 2023, GuidePoint Research and Intelligence Team (GRIT) tracked 1,177 total publicly posted ransomware victims claimed by 41 different threat groups.”
  • Here is a link to yesterday’s The Week in Ransomware from Bleeping Computer.
    • “With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims.
    • “This was seen by both the Clop and BlackCat/ALPHV ransomware gangs, who began utilizing new tactics as part of their extortion schemes.
    • “Clop has begun to create clear websites to leak data stolen during the MOVEit Transfer attacks, similar to a tactic introduced by ALPHV in 2022.”

From the cybersecurity defenses front —

  • TechRepublic shares cybersecurity defense ideas included in the Ponemon/IBM report.
  • Forbes offers a cybersecurity expert’s view on adopting a new paradigm in cybersecurity stemming from this conundrum:
    • Today, companies that house secure data and information are encountering an accessibility dilemma: On the one hand, they face an increased need for security and privacy of data, particularly as cyber threats become self-generating and more sophisticated. On the other hand, the value in securing assets lies in being able to utilize them, share them, and transact them effectively and efficiently with intended stakeholders so as to improve customer service and attain competitive differentiators. Companies struggle to balance these needs with the imperative to secure these data, particularly in accordance with certain industry standards or digital privacy regulations