| || |
Federal Agencies Continue Push for Transparency in Health Care Costs (Benefit Minute)
In response to the Trump Administration Executive Order regarding improving price and quality transparency in American health care, the Centers for Medicare and Medicaid Services (CMS), the Department of Labor (DOL), and the Treasury Department issued final and proposed regulations that impose transparency requirements on hospitals, health insurers, and group health plans as described below.
Proposed Rule – Transparency in Coverage
CMS, DOL and Treasury have issued a proposed regulation intended to give consumers real-time personalized information about cost-sharing and provide public access to negotiated rates for in-network providers as well as allowed amounts paid for out-of-network providers.
Specifically, the proposed rule will require health insurers and group health plans (including self-insured health plans) to make available to participants and enrollees personalized out-of-pocket cost information for any covered health care item or service through an internet-based self-service tool and in paper form upon request. The agencies have modeled the proposed format for this price transparency tool on the explanation of benefits (EOB) that is currently provided after claims for benefits have been adjudicated since participants are accustomed to seeing the cost-sharing information presented in this format. The seven required content elements that will be disclosed are:
- Estimated cost-sharing liability based on the consumer’s specific plan design and health care provider
- Accumulated amounts that have already been paid towards the plan’s deductible and out-of-pocket maximum as well as accumulated amounts towards treatment limits on certain items or services
- Negotiated rates that are paid by the plan or insurer to an in-network provider if the amount impacts the individual’s cost-sharing liability, expressed as a dollar amount
- Out-of-network allowed amounts showing the maximum amount the plan or insurer would pay for an out-of-network provider
- Items and services content list for a bundled payment to show all items covered in a cost-sharing estimate for a bundled payment
- Notice of prerequisites to coverage such as prior authorization or step-therapy that must be completed before the item or service is covered
- Disclosure notice in plain language that informs the consumer about the possibility of balance billing that is not reflected in the cost estimate, states that actual cost-sharing may be different than the estimate and states the cost estimate is not a guarantee of coverage
The purpose of the tool is to allow participants to comparison shop for the best price for a particular medical service. However, the tool will generally only be useful for non-emergency care and in situations where a consumer has an incentive to price shop for savings because the individual has not reached the plan’s out-of-pocket maximum.
The proposed rule will also require health insurers and group health plans to make available to the public the in-network negotiated rates with their network providers and historical payments of allowed amounts to out-of-network providers through two separate standardized regularly updated machine-readable files (such as JSON). Amounts would be reflected in dollars (not formulas) and be associated with a provider’s National Provider Identifier. The out-of-network file would include allowed amounts for covered items or services by a particular provider for the 90-day period beginning 180 days prior to the publication date of the file. Group health plans and insurers that contract with a third party to provide this information will be permitted to report aggregated allowed amounts that reflect data from more than one plan or contract.
The agencies believe that making this information available to the public will drive innovation, support informed decision-making and promote competition in the health care industry. However, health insurers will likely strongly oppose this rule, arguing that it undermines competitive and confidential price negotiations with providers, resulting in higher patient costs.
Finally, the proposed rule will allow health insurers to maintain a greater share of profits when they offer programs that encourage consumers to use lower-cost high-value providers. They would be allowed to take credit for “shared savings” payments in the medical loss ratio (MLR) calculations and would not be required to pay rebates based on innovative plan designs that provide a benefit to consumers. This provision would go into effect beginning with 2020 MLR reporting.
The agencies are seeking comments on all aspects of the proposed rule. The effective date will be no earlier than one year after a final rule is issued. The agencies have projected that the cost to develop the technology needed to provide the transparency tools could reach almost one billion dollars and cost millions more in ongoing updates and maintenance, which will likely lead to higher premium costs.
Final Rule – Hospital Price Transparency
Beginning January 1, 2021, CMS is requiring all hospitals to establish, update and publish a machine-readable file of their standard charges for all items and services offered by the hospital. The charge list must include gross charge, payer-specific negotiated charge for each health plan and insurance carrier that patients use, discounted cash price, de-identified minimum negotiated charge and de-identified maximum negotiated charge.
In addition, hospitals will be required to publicly provide in a consumer-friendly manner payer-specific negotiated charges for 300 shoppable services, 70 of which are specified by CMS. CMS defines a shoppable service as one that can be scheduled by a consumer in advance, such as lab and pathology services, radiology services and surgery. The services selected for display should be commonly provided to the hospital’s patient population. The information must be easily accessible (cannot require a user to register), searchable, updated annually and provided free of charge.
CMS may impose a monetary penalty of up to $300 per day if a hospital fails to provide the required transparency information.
The American Hospital Association has already announced that it will challenge this final rule in court, stating that the Administration has exceeded its authority and that the final rule will confuse consumers, encourage anticompetitive behavior and slow down innovation.
The post Federal Agencies Continue Push for Transparency in Health Care Costs (Benefit Minute) appeared first on PSA Insurance and Financial Services.
Shining Light on the Dark Web – Cyber Risk Management Strategies to Minimize Impact on Your Business
There’s a suspicious-looking person in a trench coat typing away at a keyboard in a dark room. Are they stealing data? Selling drugs? Hiring hitmen for a job? This is what we think of when we hear the term dark web. In a recent webinar I hosted with Emily Wilson, VP of Research at Terbium Labs, we destigmatized the dark web by exploring what it is, what’s hosted there, and the different cyber risk management strategies to protect data from getting on the dark web.
What is the dark web?
The dark web has a negative reputation because it’s dramatized in TV shows, movies, and the news. However, at its core, the dark web is just another part of the internet. The truth is, criminal activity doesn’t just take place on the dark web—it’s spread across the internet (even to places like social media). There are three parts of the internet; here’s a breakdown:
- Open web—the part of the internet we use every day (things you can find on google)
- Deep web—not accessible through search engines, but doesn’t require special technology (it’s not being indexed—and you might need credentials. This can be for everyday things like bank accounts, or for criminal activities such as carding markets where credit card credentials are traded and sold).
- Dark web—not accessible through search engines and generally requires a special dark web browser other than Chrome, Firefox or Internet Explorer.
According to Emily, “the dark web is designed for privacy and anonymity. However, the desire for privacy does not equate to criminality.” This is neutral and has no direct correlation to anything illegal or criminal.
What type of information is available on the dark web?
Both legal and illegal content exist on the dark web. Believe it or not, the dark web is a very similar interface to the sites you use every day. On any given site, there may be vendor and product reviews, and paid advertising—just like on Craigslist or Amazon. Here are some examples of material hosted on the dark web:
- News sites, communities, and journalism resources
- Social networks and popular websites
- Music, games, fan forums, and funny videos
- Drugs for sale
- Personal information
- Stolen payment cards
Emily states that the fraud economy is incredibly resilient because it’s built upon digital, interchangeable goods. The “fraudsters” don’t care whose data they have, they care about what kind of data they have, and that’s difficult to disrupt.
What kind of data is traded on the dark web/in the fraud economy?
To build a strong cyber risk management strategy, it is important to understand the type of information that cybercriminals value. These are some of the top examples:
- Personal information (like addresses and Social Security Numbers)
- Financial information (such as bank passwords)
- Corporate data (for instance corporate email addresses or W2s and tax information)
- Guides and tutorials (like instruction manuals on how to commit cybercrime)
- Services and tools (such as exploit kits and phishing pages)
What can we learn from this?
How a business valuates their own data is not always aligned with how it is valued by cybercriminals. While confidential intellectual property is of highest importance to you and your clients, employee credentials could be more valuable on the dark web. This can cause businesses to underestimate exposures leaving critical data unprotected. Cybercriminals are interested in the following when collecting data:
- Can I make money from it?
- How much money can I make from it?
- Can I use it again?
To get ahead of a data compromise, you have to understand that your information is exposed. You have to be proactive before well-resourced cybercriminals cause problems.
Cyber risk management strategies to protect your data
Here are five ways to improve your cybersecurity by limiting what shows up on the dark web:
- Identify your sensitive data and technology “crown jewels” so you know what to protect. Complete a data-mapping project. If that’s not feasible, ask key people in each business unit what data they collect, where they store it, and what hardware and software they use to do their job. This will give you an idea about what technology and data you have and what is mission-critical.
- Simplify and focus your cybersecurity efforts by addressing likely threats first. Otherwise, you might become overwhelmed and not do anything. At minimum, you should follow some essential best practices. To get started check out:
- Apply your internal cyber risk management best practices to remote users and vendors. Regardless of how sound your internal cybersecurity process is, you could still be responsible if your data housed/managed by 3rd party providers and vendors is compromised. Make sure they also have proper cybersecurity measures including cyber and professional liability insurance to mitigate your exposures. Also ensure your remote users and employees can access systems and data securely.
- Invest in threat detection capabilities. Often businesses are breached months before they realize what happened, and by then their data is leaked to the dark web. To prevent this and catch cyber-attacks early, focus on improving your threat and incident detection capabilities, such as dark web monitoring.
- Prepare to respond. Ideally, you should have a documented Incident Response Plan that you’ve practiced and tested. If nothing else, sit down with your core group of people and create a process on how you would handle a potential cyber incident. How would you respond? What external resources will you need to pull in? Think about your cyber insurance policy—will it cover your direct and indirect expenses and opportunity costs? Do this now so you don’t have to scramble in the middle of a crisis.
There’s nothing you can do to be 100% protected from cybercrime. But there are a lot of good cyber risk management resources available to help you decrease your exposure. For more information contact me at firstname.lastname@example.org.
Interested in learning more?
The post Shining Light on the Dark Web – Cyber Risk Management Strategies to Minimize Impact on Your Business appeared first on PSA Insurance and Financial Services.
Final Rule on Overtime Eligibility for White Collar Employees (Benefit Minute)
On September 24, 2019, the Department of Labor revised a regulation issued under the Fair Labor Standards Act (FLSA) by updating the salary threshold that applies to the FLSA’s overtime exemption for executive, administrative and professional employees from $455 to $684 per week. Absent an applicable exemption, an employer is required to pay 1½ times the employee’s regular rate of pay for all hours worked is excess of 40 hours per week.
The DOL previously issued a final rule in May 2016 that updated the salary level for the white collar exemption from $455 per week ($23,660 per year) to $913 per week ($47,476 per year), increased the annual compensation threshold for highly compensated employees from $100,000 to $134,004 and included a mechanism to automatically update the salary and compensation levels every three years. As employers were in the process of implementing the new rule in advance of its effective date (by raising salaries, converting employees from salaried to hourly and/or reorganizing workload), the final rule was challenged in court by business groups. A U.S district court in Texas determined it was invalid because it moved to non-exempt status large numbers of individuals Congress intended to be exempt. The DOL appealed the decision; however, the appeal was slow-tracked due to the intervening change in the administration. Therefore, the previously issued final rule never went into effect and the DOL had been working on a new rule with a new standard.
New Final Rule
The final rule includes the following provisions:
- Raises the salary level to $684 per week ($35,568 per year)
- Increases the highly compensated annual compensation threshold to $107,432 per year
- Allows employers to use nondiscretionary bonuses and incentive payments to satisfy up to 10% of the salary level (no change to how employers may use bonuses to meet the highly compensated annual compensation threshold)
In order for an employer to credit nondiscretionary bonuses and incentive payments towards the salary level, such payments must be made at least annually. If an employee does not earn enough in nondiscretionary bonus or incentive payments to meet the salary level in a 52-week period, the employer must make a catch-up payment within one pay period in order for the employee to maintain exempt status.
The final rule does not contain an automatic mechanism to adjust the salary level and highly compensated threshold; however, the DOL has stated that it intends to update these amounts more regularly in the future through notice-and-comment rulemaking.
Other FLSA Provisions Remain Unchanged
The salary level is just one of three criteria for the FLSA white collar exemption. The other two criteria remain unchanged. They are:
- The employee must be paid on a salary basis not subject to reduction based on the quantity/quality of work (salary basis test)
- The employee’s primary job duty must involve the kind of work associated with exempt executive, administrative or professional employees (standard duties test)
For the administrative exemption to apply, the employee’s primary duty must be the performance of office or non-manual work directly related to the management or general business operations of the employer or its customers. In addition, the employee’s primary duty must include exercise of discretion and independent judgment with respect to matters of significance.
For the executive exemption to apply, the employee’s primary duty must include managing the enterprise or a department of the enterprise, regularly directing the work of at least 2 full-time employees and having the authority to hire, fire and promote other employees.
The professional exemption applies to a:
- Learned professional with advanced knowledge in a field of science or learning, customarily acquired by a prolonged course of specialized learning
- Creative professional where the work requires invention, imagination or talent in a field of artistic or creative endeavor
The circumstances in which an employer may make deductions from pay of an exempt employee remain unchanged. An exempt employee must receive the full weekly salary for a week in which the employee performs any work except in the following situations:
- Absence of one or more full days for personal reasons other than sickness or disability
- Absence of one or more full days for sickness or disability in accordance with a bona fide policy
- Penalties imposed in good faith for infraction of safety rule of major significance
- Unpaid disciplinary suspensions of one or more full days imposed for infractions of a written workplace conduct rule
- Proportional payment in first or last week of employment
- Weeks in which employee takes any amount of unpaid FMLA leave
The effective date of the final rule is January 1, 2020. Many employers had already made changes in 2016 before the previous final rule was invalidated. However, employers should once again analyze how many employees who are currently treated as exempt will fall below the new $684 per week salary level and take action to adjust employees’ salaries or reclassify them to a status that tracks hours worked and pays overtime for hours worked in excess of 40 per week.
The post Final Rule on Overtime Eligibility for White Collar Employees (Benefit Minute) appeared first on PSA Insurance and Financial Services.