Author: Alexis Rose

During the last week of October, the State of California’s Occupational Safety and Health Administration (Cal/OSHA) approved regulations to protect health care workers from workplace violence.  These regulations are being heralded by many in the healthcare community, as setting a standard and were passed unanimously by Cal/OSHA. These regulations are seen by the nurses’ unions and many in the health care community as a step towards alleviating a problem that does not get much attention- violence against healthcare workers.

U.S. Occupational Safety and Health Administration  found in a study done between 2002-2013, that healthcare workers were four times more likely to be the victims of serious work place violence than other workers in private industry.  The study found that 21% of registered nurses and nursing students reported being physically assaulted and over 50% of the same group reported being verbally abused in a 12-month period. The Center for Disease Control and Prevention (CDC) also did a study on occupational traumatic injuries among health care workers. The study took reported data from 2012-2014 and found that nurses’ assistance and nurses are most vulnerable to injury and the number of reported incidents rose steadily over the two-year period of the study. As alarming as these numbers are, they may not even reflect the whole story because such injuries often go unreported or under-reported. OSHA’s report states this might be due to certain cultural factors in the health care industry. The report states:

“caregivers feel a professional and ethical duty to ‘do no harm’ to patients. Some will put their own safety and health at risk to help a patient, and many in healthcare professions consider violence to be ‘part of the job.’  Healthcare workers also recognize that many injuries are caused by patients are unintended, and are therefore likely to accept them as routine or unavoidable. Another consideration is unwillingness among healthcare workers to stigmatize the perpetrators due to their illness or impairment.”

The push for action in California came after the tragic death of Donna Gross, a psychiatric technician working at Napa State Hospital. Donna was murdered by a patient while working at the hospital in 2010.

The regulation hopes to lower work place violence in private health care facilities, by requiring such facilities to implement a Workplace Violence Prevention Plan.  The regulation requires health care facilities to implement a plan in writing that evaluates risks to workers. It also calls for the facilities to provide greater training and easier reporting for its employees. The regulation also requires facilities to identify and evaluate patient-specific risk and assess visitors or other persons who are not employees. The regulation also requires facilities to provide procedures for post-incident response and investigation. The post-incident evaluation includes identifying all employees involved, making available individual trauma counseling, conducting a post-incident debriefing, and reviewing whether appropriate corrective measures under the plan were effectively implemented. If plans are not implemented and protocols are not followed leading up to or following an incident, Cal/OSHA can give a citation to the facility.

There has been little discussion so far on how these new regulations will affect patients.

These regulations are a first step in helping to reduce an epidemic of workplace violence that has long permeated the health care profession, but got little attention.

On October 14, the Center for Medicare and Medicaid Services (CMS) released its final rule for the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). MACRA marks a comprehensive shift from a fee-for-service based payment system to a value-based payment system for Medicare programs. CMS states in its rule that the change in payment plans “rewards the delivery of high-quality patient care.” The main goal of MACRA is to give incentives to Medicare and CHIP providers to give higher quality healthcare while also decreasing waste through a quality payment system instead of a quantity based payment system.

CMS released a proposed rule in April 2015, which received over 4,000 public comments. Many of the comments were submitted by practitioners who wanted more flexibility, simplicity, and support in transitioning from the Sustainable Growth Rate Formula to MACRA. CMS responded to these comments by creating a two track system, allowing physicians to go at their own pace in the transition process. This option is especially meant to help smaller practices that may need more time to make a full shift in their payment practices.  Physicians and practitioners can either participate in a Merit-Based Incentive Payment System (MIPS) or Alternative Payment Models (AMPs).

• MIPS: Combines current quality and value Medicare payment programs (Physician Quality Reporting Program, Value-Based Payment Modifier, and Medicare EHR Incentive Program) and streamlines them into MIPS. MIPS works as an adjustment payment for physicians based on four factors: quality of care, resource use, clinical practice improvement activities, and meaningful use of certified electronic health records (EHR) technology. These factors will combine to create a composite performance score that will be used to calculate a positive, negative, or neutral payment adjustment. The adjustments will start at 4% in 2019 and rise to 9% by 2022.

 

• Advanced AMPs: Some physicians may be considered Qualifying APM Participants (“QPs”) and therefore can participate in Advanced APM. In order to be considered a QP, a practitioner must “base payments on measures comparable to MIPS, require use of certified EHR technology, and either bear more than nominal financial risk for monetary losses, or be a medical home modeled that expanded under CMMI authority.” By 2021, this will require QPs to have a specific percentage threshold of their patients or payments be eligible through AMP. The Advance AMPs carry more risk for practitioners, but it also carries more reward, specifically the 5% lump sum bonus payments for 2019-2024.

 

Although the shift in payment methods will take a lot of work for many practitioners, especially smaller groups, it is a welcomed change. Sustainable Growth Rate Formula, the previous Medicare payment method, has been disliked by both sides of the aisle for many years.  Additionally, CMS responded to the comments on the proposed rule with a much appreciated flexibility for those practitioners who might need longer to make the proper changes.

The final rule will take effect January 1, 2017 and will contain a “transition year” with lower reporting standards.

In the final weeks of summer, a new villain emerged in the eyes of many Americans- Mylan Pharmaceuticals.  Mylan Pharmaceutical Company raised the prices of the EpiPen to over $600 for a pack of two pens, a 400% increase since Mylan took on the project in 2007. The CEO of Mylan, Heather Bresch, had to explain to the nation why the steep hike in price was necessary. Bresch defended the increase, saying that it was mostly caused by the heavier use of high-deductible plans, which caused higher out of pocket costs, increasing the wholesale cost of EpiPen. However, this explanation did little to appease most EpiPen users, parents of children with severe allergies, or the American public at large, because it became obvious that much of the cost came from other factors that had nothing to do with the drug itself.

There were a number of factors other than high-deductible costs that the media and law-makers quickly pointed to as the reasons for the increase in EpiPen’s price. First, as the price of the EpiPen increased, so did the salaries of top executives at Mylan. Bresch earned just under $2.5 million when Mylan first acquired the EpiPen. Her salary is now $19 million, a 600% increase in the eight years since Mylan acquired the Epipen. Secondly, it became clear that the $600 price tag was not the result of production and other costs because, amid heavy criticism, Mylan offered a $300 generic alternative to the EpiPen. Finally, Mylan has quickly gained a monopoly over emergency auto-injectors when its only competitor Sanofi’s Auvi-Q recalled its entire supply last fall, leaving Mylan to increase the price without fear of consumers switching to another product. This dominance in the market has been the subject of a call by Senator Blumenthal (D-CT) and Senator Klobuchar (D-MN) for the FTC to investigate Mylan. While this extreme episode of drug pricing points to a number of more serious problems in the pharmaceutical world there is a more immediate question about how the FDA should react.

The FDA’s Mission is to protect the public’s health by ensuring the safety, efficiency, and security of human drugs. The FDA is also responsible for advancing public health by helping to speed innovations that make medicines more effective, safer, and more affordable. So the question becomes, in the face of price gauging, does the FDA have an obligation to accelerate generic drug applications? The FDA has worked since 2012 to reduce its 2,868 generic drug application backlog and has to some degree. The FDA approved 1,551 generic applications since 2012, but many applications have also been rejected for “major deficiencies”, a response received by Teva Pharmaceuticals. In March, the FDA rejected a generic version of the EpiPen created by Teva Pharmaceuticals. The FDA rejected the application due to “major deficiencies” in the application, which will delay the release of the drug until at least 2017.

However, accelerating drug applications more than FDA already has may be difficult if the agency does not have the money or personnel to evaluate the applications, which in the area of generic drugs has tripled in the last ten years. Additionally, the FDA has already made serious policy efforts to accelerate certain generic drug applications, particularly “sole-source” application vouchers. Sole-source generic drugs are those applications in which there is currently only one manufacturer on the market.  The FDA is making a concerted effort to get competition out onto the market, but as the FDA’s mission statement also requires it to approve safe and effective drugs.

Although accelerated applications can be beneficial to create more options for consumers, the FDA also has to be aware of safety consequences. This is exactly the argument made by Progressive think-tank, American Progress, who warns that faster drug approvals will only help pharmaceutical companies, not patients. The organization’s report on this issue, released last March, states “this approach would lead to additional drugs entering the market with little evidence to support safety and effectiveness.”  It also states that the FDA’s drug approval process is actually one of the fasted in the world, therefore putting the blame on FDA is a faulty argument.

It is clear there have been efforts by the FDA to get more competition out on the market, but it has to do so cautiously because availability isn’t the only concern. Also, it’s clear that even if backlogged applications are part of the drug pricing problem, it’s a small part. The FDA should continue to employ the methods it is already using to decrease its generic drug backlog. However, as more generic drug applications continue to come into the FDA, it should be careful not to bow to the pressure of the generic drug companies and politicians to lower safety standards in order to increase efficiency.

On May 27^th, the FDA released its much anticipated new nutritional labeling requirements. This will be the first time the FDA has revamped its nutritional labeling requirements since they were first created under the Nutritional Labeling and Education Act of 1990.  The new label will make a number of big changes, but none got more attention than the inclusion of “added sugar” on the label. The F.D.A. defines “added sugar” as “sugars that are added during the processing of foods, or are packaged as such, and include sugars (free, mono-and disaccharides), syrups, naturally occurring sugars that are isolated from a whole food and concentrated so that sugar is the primary component (e.g. fruit juice concentrates), and other caloric sweeteners.” The F.D.A.’s inclusion of “added sugar” on the label is seen as a health win by some and a misleading and unhelpful piece of information by others.

Attempts by the government, both local and federal, to curb Americans consumption of sugar has been on the rise over the past few years. In 2013, Mayor Bloomberg attempted to ban sodas and other sugary drinks that were more than 16 oz., but the law received vehement backlash and was eventually overturned. However, Philadelphia last month passed a law that would tax soda at 1.5 cents an ounce. Unlike the New York law, which was seen as an overbearing paternalistic measure to control what citizens eat and drink, the Philadelphia law was framed as a revenue generating tax. So is the Philadelphia law and the new “added sugar” labeling mandate a changing of the tide? Will added sugar become a minimal part of the American diet?

According to some, including George Mason professor and food lawyer, Baylen Linnekin, the new F.D.A. label requirement is a “stinker” and won’t do anything to change sugar consumption in America. Linnekin finds the label of “added sugar” misleading because it “creates a deceptive health halo around products like orange juice and apple juice, which are high in naturally occurring sugar, but contain no added sugar.” He also states that indicating added sugar will not suddenly change the habits of those who eat sugar in unhealthy amounts.

Linnekin is not the only one making these arguments. For the past two years the sugar industry and many food manufacturers have been fighting the “added sugar” component of the new label. The American Baker’s Association, American Beverage Association, Corn Refiners Association, National Confectioners Association, were among the companies and associations that fought for two years to keep “added sugar” off the new labels. Campbell Soup, the parent company to Pepperidge Farm and V8, stated that the new “added sugar” would confuse consumers.  Manufacturers may fear that added sugar could soon go the way of trans fat and become a minuscule part of the American diet. Trans fat is now nearly eliminated from the American diet because of a coordinated effort between scientist, the American Heart Association, and the F.D.A. to make consumers aware of their intake of the dangerous fat. Even if sugar is headed in that direction, many in the healthcare field think that might not be such a bad thing, given the link between sugar and increasing cases of diabetes and obesity in America.

The outcome of the new nutritional label on companies and consumers alike probably will not be fully realized for some time, but the new labeling will certainly have an impact on both groups. It cannot be ignored that consumers are becoming more and more aware of what they eat, with increased attention to labeling of foods with GMOs and consumers going out of their way to eat organic. It also should not be ignored that this will have an impact on the American sugar industry, which is one of the largest in the world. Either way, it was clear that F.D.A. needed to update the nutritional labeling requirements. That realization came because Americans consume food differently than we did twenty-six years ago, sometimes in very detrimental ways, and our food labels should reflect those patterns and needs.

Companies will have until July 26^th, 2018 to start complying with the new regulations.

By: Alexis Rose

Ransomware attacks have become an increasing plague on a number of industries, but there is special concern for the targeting of hospitals and other healthcare providers. Ransomware is a type of malware that infects computers and networks, typically through infected e-mails or advertisements. The malware locks users out of key files or an entire network and the infected computer will display a screen with a ransom demand. The owner of the system is told the network can only be unlocked with a key that must be provided by the hacker, and the key can only be acquired once the ransom is paid. The high value of healthcare files and the vulnerability of hospital computer systems makes the healthcare industry an increasing target for ransomware attacks.

A number of hospitals have paid ransom demands and the demands are only getting bolder. The largest ransom paid was on February 5^th by the Los Angeles area hospital, Hollywood Presbyterian Medical Center, which paid $17,000 in bitcoin (a type of online currency that allows cyber criminals to demand larger untraceable amounts of money) to have its system unlocked. The attack on Hollywood Presbyterian was the beginning of a slew of ransom attacks through the months of March and April. In March, three hospitals were hit by ransomware attacks within a few days of each other and in early April MedStar’s system was hit, putting at risk its ten-hospital network. On May 23^rd, Kansas Heart Hospital was hit with the boldest attack yet, when the hackers demanded a second ransom. The Wichita-based hospital was hacked and paid a “small amount” of ransom, according to the hospital’s president. However, after the ransom was paid the hospital was not provided with the key to unlock their data. Kansas Heart did not pay the second ransom, but it makes clear a frightening fact that these attacks will likely get worse before a comprehensive cyber-security solution can be found.

The large uptick of ransomware attacks has sparked concern amongst many security experts and the government. The Senate Judiciary Committee held a hearing on May 28^th about the broader issue of ransomware attacks across industries, but the discussion was largely focused on the healthcare industry. Adam Meyers, an expert who has worked in the cyber-security field for over fifteen years, testified in front of the Committee and urged the medical industry to train its personnel in spotting suspicious e-mails and links. He also highly encouraged hospitals to have a separate back-up network, which allows the hospital to more easily recover files that may otherwise be lost forever.

The College of Healthcare Information and Management Executives (CHIME) also provided a statement to the Committee with their recommendations for combatting ransomware attacks.  In the statement made by CHIME, the group pointed out that much of the IT money and resources in the medical industry have focused on HIPPA regulations and patient file privacy, rather than network security. CHIME recommended that policymakers give the health industry incentives that will encourage investment in IT. CHIME also recommended that Congress reduce the complexity of the regulation that commands the healthcare industry. By having more uniformed and less complicated security regulations healthcare providers can spend more time and money monitoring against daily threats. Alisa Walker, a partner at Baker Donelson, a top health law firm, wrote last month about the importance of a comprehensive preparedness plan. She recommends that hospitals (as well as other industries) treat ransomware threats similar to any other physical security threat.

It is clear that ransomware attacks will continue to climb and both the healthcare industry and lawmakers will have to make significant changes in how these threats are handled. Lawmakers have to create serious cyber-security regulations and the healthcare industry will have to use significant time and resources to comply.