📲 Axios Vitals: Aging HIPAA's pitfalls

Plus, CMS cracks down on MA marketing | Thursday, April 06, 2023

Open in app View in browser   Presented By PhRMA   Axios Vitals By Tina Reed · Apr 06, 2023 Happy Thursday, Vitals readers. Today's newsletter is 1,190 words or a 4½-minute read.     1 big thing: HIPAA falls short in a digital world Illustration: Gabriella Turrisi/Axios   Reports of a federal probe into hospital websites tracking and sharing personal data are putting the landmark HIPAA law in the spotlight — and exposing its limitations, Axios' Erin Brodwin and I report. Why it matters: The Health Insurance Portability and Accountability Act is nearly three decades old. And the bewildering pace of technological change in the years since Congress passed it has left vast amounts of sensitive data being exchanged outside the scope of the law, threatening basic consumer privacy, experts tell Axios. The big picture: HIPAA was designed at a different time and specifically for the data stored and shared by traditional health care organizations. But today, consumers may have their personal information stashed in a digital app, discussed in a social media group and monitored by a phone or wearable device. All are not covered by HIPAA. Most consumers, moreover, don't distinguish between a message sent to a hospital patient portal (protected by HIPAA) and one sent over a digital health app (not protected). "It's like cars before seat belts," Venrock partner Bob Kocher told Axios. "There was no direct-to-consumer health care when HIPAA was written." Zoom in: In one example from a study published Monday that prompted the civil rights investigation, the vast majority of public-facing websites of hospitals — which do fall under HIPAA — allowed third-party companies to track data. "My working theory is that nobody thought about it too hard. This just kind of became standard practice," said Ari Friedman, lead author of the study. "That's how the web works." It can create real harm for patients, though, as any online activity is increasingly scooped up by AI-powered algorithms and used, for instance, to calculate risk scores used by employers or landlords, Friedman said. "Many people, including me, are worried about bad consequences — your employment is terminated or you're charged higher rates for a product," says Harvard Law health law expert I. Glenn Cohen. What's next: Private industry will likely need to develop mechanisms outside HIPAA to protect health data, says former chief privacy officer for the Office of the National Coordinator for Health IT Lucia Savage, who is now chief privacy officer at Omada Health. The HHS Office of Civil Rights (OCR), which oversees the law, is slow-moving when it comes to policymaking, she said. And legal precedent, including a 2009 lawsuit brought by the health IT company Ciox that prompted a weakening of some components of the privacy protection law, show the limit of OCR's power. OCR "can't just say: 'We cover all health information.' They have authority in that box that is the health care system," said Savage. What's happening: Standard Care CEO and former Enzyme vice president Ryan Stellar said he's attempting to create a platform that will enable users to share certain health data with specific health care vendors. He and his company are currently developing a system in which a user's specific permissions get logged in a kind of consent ledger that health care vendors would have access to. "In the long term we'd like health data privacy to be as implicit to the web as HTTP. Very sophisticated security standards that you don't think twice about and use multiple times a day," Stellar says. What to watch: The Federal Trade Commission has signaled plans to enforce privacy for health companies that fall outside HIPAA's jurisdiction, as it did with Better Help and GoodRx. There's also a federal data privacy bill introduced last year that is expected to be reintroduced in this Congress.       2. MA policy rule cracks down on deceptive marketing Illustration: Lindsey Bailey/Axios   Medicare Advantage and Medicare prescription drug plans will face more stringent marketing requirements next year, the Biden administration announced Wednesday, Axios' Maya Goldman writes. Why it matters: Lawmakers have recently called on the Centers for Medicare and Medicaid Services to increase oversight of "deceptive" Medicare Advantage marketing tactics. Insurers told CMS in February that could harm seniors and people with disabilities, and too much regulation at once could lead to higher premiums and reduced benefits. But insurers did say they supported some CMS proposals to strengthen consumer protections. Zoom out: The finalized marketing policies are part of a Biden administration push to rein in bad actors in the Medicare Advantage program. Last week, CMS finalized a change to Medicare Advantage payment that plans also claimed would raise premiums and reduce benefits – but the agency gave plans a major concession by phasing the payment changes in over three years. The details: CMS is prohibiting ads that do not mention a specific plan name or that use words, imagery or Medicare logos in ways that could mislead or confuse beneficiaries. Insurance agents have to tell prospective enrollees how many plans are available from the organization they represent but have up to a year to re-contact beneficiaries to discuss plan options. CMS didn't finalize a requirement that would have blocked brokers and agents from being able to share enrollees information with other entities. Separately, the policy rule streamlines prior authorization requirements to discourage Medicare Advantage from using internal clinical criteria to restrict care. Plans have to adhere to published Medicare coverage determinations or widely accepted clinical criteria.     3. Free speech as the next heath care fight Photo: Sarah A. Miller/Idaho Statesman/Tribune News Service via Getty Images   Idaho could be at the center of a free speech battle over abortion care, Axios' Sareen Habeshian and Oriana González write. Driving the news: The American Civil Liberties Union announced Wednesday that it's suing the Idaho attorney general for "threatening health care providers who exercise their First Amendment right to give patients information about out-of-state abortion care." Details: The suit is intended to stop state Attorney General Raúl Labrador from applying a legal opinion in which he states that Idaho law does not allow health care providers to refer patients out of state for abortion care or to prescribe abortion pills. The state has two abortion bans in place, a near-total trigger ban and a six-week ban, both of which have been allowed by the Idaho Supreme Court to remain in effect. Don't forget: When the Supreme Court's decision to overturn Roe v. Wade, Justice Brett Kavanaugh wrote in his concurring opinion that a state could not prohibit a resident from going to another state to obtain an abortion "based on their constitutional right to interstate travel." The Supreme Court has previously held that a state does not have the authority to enforce its law beyond its borders, but legal experts say that in the post-Roe landscape, the high court could revisit that issue.     A message from PhRMA Insurers and PBMs don't pay full price for your medicines. So why do you?     Insurers and pharmacy benefit managers (PBMs) get discounts on medicines. Surprised? These savings can reduce the cost of some brand medicines by 50% or more, but insurers and PBMs aren't required to share these savings with you. See what else they don't want you to know.     4. Data du jour: Insulin prices and biosimilars Data: Health Care Cost Institute; Chart: Axios Visuals While the price of insulin has soared 184% since 2012, the costs appear to have plateaued in the last few years, new data from the Health Care Costs Institute shows. Following a peak in the average price of $541 in 2019, prices decreased by 8% between 2019 and 2021. What's happening: The entry of several biosimilars, HCCI says. The clinically similar but less costly versions of insulin had prices between 21% and 67% less than the original biologic, per HCCI data.     5. Catch up quick 🍸 Moderate drinking has no health benefits, analysis of decades of research finds. (New York Times) 💉 These drugs are so futuristic that doctors need new training. (Wall Street Journal) 📄 Doctors are drowning in paperwork. Some companies claim AI can help. (NPR)     A message from PhRMA What's a pharmacy benefit manager (PBM)?     They decide if medicines get covered and what people pay for them, regardless of what your doctor prescribes. These middlemen are putting their profits before your wellness. And getting between you and your doctor. You need to see what's going on.   Thanks for reading, and thanks to senior health care editor Adriel Bettelheim and senior copy editor Bryan McBournie for the edits. Dive deeper into the future of health care Axios Pro is your personal health care industry analyst, here to help you make the news actionable and anticipate future outcomes. Subscribe today.   Axios thanks our partners for supporting our newsletters. Sponsorship has no influence on editorial content. Axios, 3100 Clarendon B‌lvd, Arlington VA 22201   You received this email because you signed up for newsletters from Axios. To stop receiving this newsletter, unsubscribe or manage your email preferences.   Was this email forwarded to you? Sign up now to get Axios in your inbox.   Follow Axios on social media: