Archive for the ‘Healthcare’ category

Remember Those Pesky Carrier BA Agreements? HHS Just Affirmed Your Liability for Them!

July 12, 2010

In February we started a post with this quote on BA agreements:

“This means a business associate will violate the law, not just his business associate contract, if it fails to meet these requirements” – Priority Health letter to all BA’s.

I hate to be right but last week OCR/HHS reaffirmed this and the role and legal responsibilities of BA’s like brokers with total clarity:

“We expect that most business associates make a good-faith effort to follow the terms of their contracts and comply with current security and privacy standards.”

“For those business associates that have not already adopted HIPAA-compliant privacy and security standards for protected health information, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with the privacy and security standards.”

This is the fourth post on this subject and clicking here will take you to the relevant paragraphs from numerous carrier BA agreements and how they relate to you as a broker or other type of BA.

Some require a signature, many are simply being done unilaterally by the carriers and some are online. Either way they all state the obvious specifically and clearly and HHS has reinforce this all as well:

  • You are a BA
  • You are subject to the HIPAA / HITECH privacy and security regs
  • Yiou are now subject to breach reporting and penalties for violations just liike the carriers are

And all of this should have been in place no later  than 2/17/2010.

HHS also said last week:

“Regardless of the reason, to avoid the risk of the far more serious penalties in this proposed rule, we expect that business associates and subcontractors that have been lax in their complying with the privacy and security standards may now take steps to enhance their security procedures and strengthen their policies for protecting the privacy of the protected health information under their control.”

Trying to feign ignorance will not work:

“Moreover, a covered entity or business associate cannot assert an affirmative defense associated with its “lack of knowledge” if such lack of knowledge has resulted from its failure to inform itself about compliance obligations or to investigate received complaints or other information indicating likely noncompliance.”

And you are on the hook for your staff and subcontractors as well:

“A business associate is liable, in accordance with the federal common law of agency, for a civil money penalty for a violation based on the act or omission of any agent of the business associate, including a workforce member or subcontractor, acting within the scope of the agency.”

Need help? We have helped dozens of brokers nationwide already.

Click here if you need help getting your house in order for HIPPA / HITECH? We have a turnkey solution for you for both encryption and your policies and procedures.


Brokers – Wake Up! What the Gulf Oil Spill Should Have Taught You on HITECH Compliance

May 7, 2010

The entire reason that we have the gulf spill at all is because BP cut corners and was too cheap to install a $500,000 valve, used in many other countries, that would have allowed the well to be shut off immediately. So for being so cheap they will ultimately end up spending north of $10 Billion besides destroying the coastal ecology in the gulf states. They also were totally unprepared for a disaster and the bad PR has been devastating on BP. Again for lack of planning. They never thought it would happen and this is a company with profits of over $13 Billion in the first quarter alone.

So why is it that Nearly 3 months after the HIPAA HITECH deadline my guess is that 90%+ of all of you who read this are not compliant with the new HITECH  law? You face penalties for breaches in the millions of dollars and for any broker a single breach and the publicity associated with it will destroy your company and your livelihood.

BP will go on regardless you will be out of business. They can be negligent in their risk management but as an insurance professional you know better, it is the way you make your living, helping clients manage risk.

The first firms I worked with this year all had their owners involved in protecting their businesses. Now many brokers seem to have have delegated figuring this all out to a lower level staff or service person with no financial skin in the game and no background in either business or compliance or in the case of email encryption to their outsourced IT person most of whom have no idea what email encryption is.

In essence by not acting in a timely fashion and by delegating compliance to your staff and outsourced IT person you have put your self, your family, your firm’s equity value and your entire reputation at enormous risk.

Frankly inaction, or a lot of what I see that goes for action is just plain dumb. Do you really think that a major breach of PHI will not or cannot happen to your organization? Please!

For what??  Trying to save a few bucks? Denying that the law applies to you? Trying to plead ignorance? Claiming to be too busy?

In reality you can easily make your firm completely compliant with this “HITECH For Dummies” guide and these easy steps:

  1. A Risk Assessment
  2. Policies and Procedures
  3. Breach/Disaster management plan
  4. Email Encryption

1,2 & 3 can be done for $1000-$3000 max. All of this can be done in 4-6 weeks with a couple hours work a week by your firm. That is all. Compliance Helper does this everyday for BA’s and CE’s

Getting the best and easiest to use encryption solution solution in the industry will cost you about $.60/user per day. That is right 2 quarters and a dime a day per user. That is why we created the RadarMail 360 Suite. Regardless of your firm’s size you all have the same compliance needs and we have a solution for solo agents to the largest local, regional and national firms.

Cost is clearly not the reason that your organization is not compliant. HHS views inaction as “willful neglect” and that maximizes any penalties for your firm’s lack of compliance and breaches.

Two weeks ago none of us thought that the Gulf Shore of the United States was in imminent peril from offshore oil. Now we know better and should have all along.

You have had a warning here for you business. Are you going to heed it and act to protect your business? Or pretend that you will never have any issues and never be audited by HHS or your state Attorney General and never be fined for a law that your know you have to comply with?

So what will 2 weeks from now look like for your firm when you are non compliant?

What Near Depression? Healthplan Executive Comp. Jumps 26% In 2009

May 3, 2010

With the nation in a deep recession, in the midst of a financial crisis, with 2 million+ homes in foreclosure and unemployment at nearly 10% the compensation of the top executives and directors at the nation’s 7 largest publicly traded healthplans – Aetna, Cigna, Humana, Wellpoint, United Healthcare, Coventry and HealthNet – increased 26% over 2008 – rising from $180 M to $225 M.

The 7 combined for $12.4 Billion in profits and their stocks gained an impressive $19.7 Billion in market value even as the supposed evil specter of healthcare reform loomed.

Click the Piggy Bank for the Summary Chart.

Click Here to See 2009 Details by Company

Once again the total compensation of these executives ($224.7 M) add up to nearly  2 1/2 times the total salaries paid all of the 561 leaders of the 3 branches of the United States government ($100.3 M).

If the executive teams from the “non profit” Blues plans were included the total jumps nearly another $100 Million to over $325 Million led by Healthcare Service Corp (BCBSIL, BCBSTX et al).

In fact the “golden parachute” packages for 6 Wellpoint executives ($98.3 M) nearly equalled the total of the 561 government leaders salary alone.

While Aetna, Cigna and HealthNet CEO’s saw a decrease year over year in their total compensation Ron Williams of Aetna was still the highest paid of the group at $18M.

The largest percentage increases for CEO’s  were:

  • Coventry – Alan Wise -$17.4 M up from $9 M
  • United -Stephen Helmsley – $8.9M up from $3.2 M
  • Wellpoint – Angela Braly – $13.1 M from $9.8 M
  • Humana – Mike McCallister – $6.5 M from $4.8 M

Source – Reuters Finance / Company Proxy Statements

The Industry Radar has been publishing a summary of executive compensation for the last 3 years ever since the Dr. William McGuire options backdating scandal in 2007 and one area we looked at in more detail this year was the value of stock options held by healthplan executives.

You may recall Dr. McGuire in a CBS News interview famously stated that his $1.8 Billion in options did not impact the rates that were charged to their policyholders. He subsequently was forced to relinquish nearly $600 Million in options and United Healthcare paid over $900 Million to settle shareholder lawsuits.

Nearly $1.5 Billion of options are held by only 26 executives led by United Healthcare’s CEO once again:

  • United Healthcare – Stephen Helmsley – $843 Million
  • Aetna – Ron Williams – $227.3 Million
  • United Healthcare – David Wichmann – $81.6 Million
  • Humana – Mike McCallister – $71.8 Million
  • HealthNet – Jay Gellert – $62.3 Million
  • Coventry – Allen Wise – $26.4 Million

Source – Reuters Finance / Company Proxy Statements

Just the options held by these 6 executives could pay the salaries of the entire leadership of our government until 2022.

Clearly the job of executives in any public company is to increase shareholder value and that is what they are paid to do.

To see these types of rewards in the worst economic year in half a century coupled with the options listed above raises questions as to our healthcare system and its relationship to what is going on in society.

I would hope in the future that if companies are going to pay these types of compensation that the growth of their companies, and how they get rewarded will be based on running tight operational businesses that measurably increase the health and well being of their customer base – which thanks to PPACA will be 32 million more people – the largest legislative gift ever to any industry in the world.

Brokers Procrastinating? HITECH Regs Will End That Soon

April 28, 2010

If like most brokers you still have not gotten compliant with HIPAA HITECH at least some of your major excuses will be ending soon. HHS will issue final regs on a number of HITECH items including BA penalties an enforcement next Month.

If you are still hoping that somehow brokers and benefits consultants and the work they do for clients will be magically exempted you can end that wishful thinking now. The regs will not change the law only get more specific on it and exempting any group that handles confidential employee data is simply not going to happen, especially now that healthcare reform has passed and it simplification provisions call for common data for plans by 2014.

In particular encryption of data is definitely not going to be changed. That is a given.

RadarMail 360 has options for all size organizations from solopreneurs to the largest firms.

For less than a buck a user per day we can have you up and running with the best encryption solution in the benefits and healthcare industry in less than 48 hours.

Why are you still procrastinating and leaving your firm open to willful neglect penalties and bad press for your firm?

Contact us today and solve your problem easily and cost effectively.

The PHI Magic 18 for HIPAA HITECH

April 27, 2010

One question that keeps coming up in our webinars is what exactly defines PHI. There are 18 elements that individually, in concert or if they can be related to other information define protected personal information.

Here is a quick list. The details are here from our good friend the “Privacy Professor”, Rebecca Herold.

(1) Names

(2) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census:

(a) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and

(b) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.

(3) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;

(4) Telephone numbers;

(5) Fax numbers;

(6) Electronic mail addresses;

(7) Social security numbers;

(8) Medical record numbers;

(9) Health plan beneficiary numbers;

(10) Account numbers;

(11) Certificate/license numbers;

(12) Vehicle identifiers and serial numbers, including license plate numbers;

(13) Device identifiers and serial numbers;

(14) Web Universal Resource Locators (URLs);

(15) Internet Protocol (IP) address numbers;

(16) Biometric identifiers, including finger and voice prints;

(17) Full face photographic images and any comparable images; and

(18) Any other unique identifying number, characteristic, or code, except as permitted by paragraph (c) of this section; and

(ii) The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information

“Going Mobile” – The Industry Radar’s New Site

April 26, 2010

On of my enduring memories of the fall of 1971 when I started college was the Who’s “Going Mobile” blasting across the quad. So now 39 years later  I am really “Going Mobile”!

Of course or nearly 3 years we have had mobile versions of most of our feeds but never a mobile site until now.

Bookmark this page and enjoy The Industry Radar home page and our always popular daily cartoon and 6 main Radars on any mobile device!

We will also be launching a dedicated mobile support center soon as well as sites for each main radar.

Still one of my favorite songs and albums you can hear it hear if you would like to.

I don’t care about pollution
I’m an air-conditioned gypsy
That’s my solution
Watch the police and the taxman miss me!
I’m mobile!

Ahh those were the days…

PPACA in 5 Minutes – Overview Video

April 22, 2010

Click the image for a great concise 5 minute overview of the law and its impact in 2010/2o11 from my old UNUM collleague David Cleary.