U.S. Capitol / Source: Wikimedia Commons and Kevin McCoy

CMS (Centers for Medicare and Medicaid Services)

MedPAC Meeting NotesMedPAC (Medicare Payment Advisory Commission) met on January 14 and 15 to vote on final recommendations for its upcoming March report to Congress.

Unfortunately orthopedic services, non-stroke neurology conditions and the “least frail” patients would likely be targeted for payment decreases.

Among other recommendations is a modest payment increase (1.65%) for hospitals in 2017 and no raise at all for providers in a number of other settings. MedPAC’s analysts are projecting an aggregate Medicare margin of negative 9%, which is down from their 2014 negative 5.8% forecast.

MedPAC’s recommended 1.65% payment increase for hospitals was roughly half the 3.20% increase that the American Hospital Association had requested.

The MedPAC commission also proposed a 10% cut in payments to safety-net hospitals participating in the 340B discount drug program. MedPAC also voted to eliminate a 2017 pricing update for ambulatory surgical centers (ASC). Home health agencies, skilled nursing facility, inpatient rehabilitation facilities and long term care hospitals were also dealt a “no payment increases” recommendation for 2017.

On the positive side, MedPAC did recommend payment increases for patients requiring ventilator care, severe wound care or for critical chronic conditions. MedPAC’s thinking here is that they would like a more unified PPS (Prospective Payment System) to span across the care continuum and “correct some shortcomings” and “systematic biases” in the current policies.

MedPAC’s PPS report will be finalized in April and presented to Congress in June. The report is a recommendation and Congress is not obligated to follow it.

ACA EnrollmentThe number of people enrolled in health coverage through the insurance exchanges established under the Affordable Care Act (ACA) is now 11.3 million, which is higher than HHS (Health and Human Services) forecasted for the third open-enrollment period with days to go before the deadline. HHS reported that the vast majority of ACA enrollees (75%) are from 38 states that use the HealthCare.gov enrollment platform and the rest are in states using their own marketplaces.

Open enrollment ends January 31. Those who want coverage beginning February 1 must have signed up by January 15.

CMS acting Administrator Andy Slavitt noted in a conference call with reporters that people younger than 35 make up 35% of the total number of consumers who enrolled or were automatically re-enrolled in a plan and more than 41% of all new customers. Kevin Counihan, CEO of health insurance marketplaces for the CMS, said the increased penalty for not having health insurance this year has been strong motivator.

People who go without coverage in 2016 will have to pay 2.5% of their annual household income or $695 per adult and $347.50 per child without insurance, whichever is greater.

ACA enrollment notes from around the country:

  • The momentum of open enrollment continues to wind down, with growth of less than 75, 000 consumers in week 10, from January 3 to January 9, 2016. (Healthcare Finance, 1/13/16)
  • The Administration’s “special enrollment” categories have allowed people to wait until they become ill or need medical services to sign up, driving up costs broadly, insurers told federal health officials. “Individuals enrolled through special enrollment periods are utilizing up to 55 percent more services than their open enrollment counterparts” who sign up in the regular period, the Blue Cross and Blue Shield Association, told the Administration. (The New York Times, 1/9/16)
  • Health insurers in the Affordable Care Act exchanges will see changes from CMS this year to strengthen the market, including eliminating special enrollment periods and an early look at plans’ risk-adjustment data, the top CMS official said on Monday. (Modern Healthcare, 1/12/16)
  • “We believe it is incredibly important, in the business we’re in, that we insure all Americans, ” Aetna Chief Executive Mark Bertolini said. “We believe we have an obligation to stick it out and work with it until we know that it won’t work. And I believe it is too early to give up on this process.” (Business Insurance, 1/13/16)

ACO Expansion: On January 11, CMS announced 121 new ACO participants. ACOs now represent 49 states and the District of Columbia.

Said HHS Secretary Sylvia Burwell; “Americans will get better care and we will spend our health care dollars more wisely because these hospitals and providers have made a commitment to change how they do business and work with patients. We are moving Medicare and the entire health care system toward paying providers based on the quality, rather than the quantity of care they give patients.”

In 2014, said CMS, ACOs delivered net program savings of $411 million for 333 Medicare Shared Savings Program (SSP) ACOs and 20 Pioneer ACOs. ACOs that reported in both 2013 and 2014 improved on 27 of the 33 quality measures, including patients’ ratings of clinicians’ communication, beneficiaries’ rating of their doctors, screening for tobacco use and cessation, screening for high blood pressure, and Electronic Health Record use.

CMS also reported:

  • Nearly 8.9 million beneficiaries served in either Shared Savings Program (SSP), the Next Generation ACO Model, Pioneer ACO Model, and the Comprehensive ESRD Care Model
  • A total of 477 ACOs across SSP, Pioneer ACO Model, Next Generation ACO Model, and Comprehensive ESRD Care Model
  • 64 ACOs are in a risk-bearing track including SSP, Pioneer ACO Model, Next Generation ACO Model, and Comprehensive ESRD Care Model
  • CMS’s goal is to move 30% of traditional Medicare fee-for-service payments into alternative payment models that pay providers based on the quality rather than the quantity of care they provide patients by 2016—and 50% by 2017.

FDA

On January 22, the FDA issued guidelines for device manufacturers regarding steps they need to take in order to identify cybersecurity risks and remediation efforts.

How vulnerable are devices to cybersecurity threats?

Any device that relies on software, communicates over any network and has interoperability is vulnerable.

Specifically, the FDA is asking manufacturers to self-assess cyber vulnerability—which is difficult. In its guidance document, FDA’s staff said that conventional medical device risk management approaches like “reasonable worst-case estimate” can work but they’d prefer companies to use a cybersecurity vulnerability assessment tool or similar scoring system. The Agency’s staff offered by way of example the “Common Vulnerability Scoring System, ” Version 3.0. That system assigns numerical ratings which correspond to high, medium or low risks for several factors including:

  • Attack Vector (physical, local, adjacent, network)
  • Attack Complexity (high, low)
  • Privileges Required (none, low, high)
  • User Interaction (none, required)
  • Scope (changed, unchanged)
  • Confidentiality Impact (high, low, none)
  • Integrity Impact (none, low, high)
  • Availability Impact (high, low, none)
  • Exploit Code Maturity (high, functional, proof-of-concept, unproven)
  • Remediation Level (unavailable, work-around, temporary fix, official fix, not defined)
  • Report Confidence (confirmed, reasonable, unknown, not defined)

This increased focus on cybersecurity has been in the works for a while. Providers, regulators and consumers have all raised the alarm that hackers could somehow affect any kind of connected medical device (think robots, pumps, pacemakers, records, etc.). Hacked devices could be made less safe, effective and data secure.

If implemented, the FDA guidance would begin to incorporate these cyber security measures as part of routine post-market surveillance of medical device products and to report back to the FDA.

Last July, for example, the FDA issued a warning to providers about Hospira’s Symbiq Infusion System and advised them to stop using the product because of cybersecurity vulnerabilities.

“Only when we work collaboratively and openly in a trusted environment will we be able to best protect patient safety and stay ahead of cyber security threats, ” said Dr. Suzanne Schwartz, acting director of emergency preparedness/operations and medical countermeasures in the FDA’s Center for Devices and Radiological Health.

As part of the new guidance, the FDA said that routine updates or patches would not require device makers to notify the Agency. But where a vulnerability could lead to serious adverse health outcomes or death, manufacturers would be required to notify the FDA, which has the sole authority to approve medical devices.

Device makers would also not be required to report problems if the manufacturers notify product users and address the problem within 30 days of learning about the vulnerability, or if the manufacturers shares information with other companies to prevent cyber threats.

Medtronic, which supports the Agency’s engagement with industry on this topic, said through a spokesperson that the company was reviewing the Agency’s guidance, which is open for public comment for 90 days, and would continue to work closely with regulators on this issue.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.