Could the President’s Data Breach Proposal Affect Health Care?

Sony.  Target.  Home Depot.  Community Health.  Data breaches have Americans scared.  The Identity Theft Resource Center (ITRC) reported 783 data breaches in 2014, an increase of 27.5 percent as compared to 2013; 42 percent of those breaches occurred in the Medical/Health Care industry.  On January 12, 2015, President Obama announced a legislative proposal he referred to as the Personal Data Notification & Protection Act.  The Act would create a single national standard that companies would follow to notify consumers within 30 days of a breach.  The President is expected to expand upon this proposal in his upcoming State of the Union speech.

Health Care Breaches

Health care providers’ breach notification duties are governed by the Health Insurance Portability and Accountability Act (HIPAA) (P.L. 104-191) Omnibus final rule (78 FR 5566).  The rule requires covered entities (CEs)–health plans, health care clearinghouses, and health care providers that transmit health information electronically in connection with certain transactions–and their business associates (BAs) to notify individuals of breaches within 60 days of discovery, unless the CEs and BAs demonstrate a low probability that protected health information (PHI) was compromised.  The entities do so by performing a risk assessment to determine the probability of compromise, including the nature and extent of the PHI involved, the unauthorized person or person who used the PHI or to whom the disclosure was made, whether the PHI actually was acquired or viewed, and the extent to which the risk to the PHI has been mitigated.

Covered Entities and BAs must also notify the HHS Secretary annually of breaches involving fewer than 500 individuals; for breaches involving 500 individuals or more, they must notify HHS at the same time that they make individual notification and must also notify the media. The HHS Office of Civil Rights (OCR) lists breaches affecting 500 individuals or more on its website.  The website reflects 165 such breaches in 2014, categorized as theft, unauthorized access/disclosure, loss, hacking/information technology (IT) incident, or improper disposal groups or placed into a sixth catchall category.  The largest breach, which involved data for an astounding 4.5 million individuals, resulted from theft of data from a network server.

Proposed Legislation

It is unclear to what extent the proposed legislation would affect the health care industry, although it is possible that the law would trump Omnibus notification requirements. The states have their own, disparate data breach requirements.  For example, many states differ as to their definitions of personal information, whether they require risk of harm analyses, and when notification must occur.  California has a law specific to medical data breaches. Baker Hostetler has compiled charts describing differences among state disclosure laws.  The President proposed the legislation along with other measures to detect identity theft and protect student privacy.  What Congress chooses to do with these suggestions remains to be seen.

Highlight on Wyoming: Rankings Down but Enrollment are up; are Hopes High in the Cowboy State?


While Wyoming typically maintains a place in the middle of the pack in terms of health statistics when compared to other states, in 2014 the state saw a significant drop in rankings. According to the 2014 America’s Health Rankings, Wyoming slid from 17th best in 2013 to 25th in 2014. Yet, early reports regarding enrollment of Wyoming residents on the federal Health Insurance Exchange indicate that significant numbers of residents in that state are enrolling in coverage during the second annual open enrollment period. Moreover, although Wyoming has thus far rejected expanding Medicaid coverage to residents under the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148), some sources are predicting that may change in 2015.

Health Rankings

America’s Health Rankings publishes an annual report that, according to the organization, analyzes “the health of the nation holistically, with in-depth data and analysis.” Specifically, the reports provide health information state-by-state using an approach that measures the prevalence of certain factors in each jurisdiction, such as: (1) cardiovascular deaths; (2) infant mortality; (3) diabetes diagnoses; (4) preventable hospitalizations; (5) premature death; (6) air pollution; (7) primary care physicians; (8) adolescent immunizations; (9) obesity; and (10) physical activity. The report then organizes this data in order to determine which factors have a positive or negative impact on overall health and assigns the state a ranking. In 2014, Mississippi was rated last among all the states, while Hawaii was deemed the healthiest state.

In terms of the health of Wyoming in 2014, the report indicated the state’s strengths in terms of health were: (1) a low violent crime rate; (2) a low percentage of poverty among children; and (3) low levels of air pollution. On the other hand, the report noted a negative health impact stemming from such factors as high occupational fatality rates, high prevalence of low birth weights, and limited availability of primary care physicians. While the study acknowledged that smoking in Wyoming decreased by 10 percent in the past two years in the state, it also highlighted the fact that obesity among adult Wyoming residents increased by 13 percent in the last year alone.

Enrollment numbers

While the annual rankings evidenced the reduction in health status of many residents of and conditions in the state, it appears the amount of Wyomingites gaining health care coverage is increasing thanks to the ACA. In particular, a recent report released by HHS found that 9,020 individuals in Wyoming signed up for coverage on during the second open enrollment period thus far. Further, the report indicated that 49 percent of these individuals are new enrollees while the remaining amounts are returning customers to the federal Health Insurance Marketplace.

Medicaid expansion

Besides enrollment in health care coverage, the ACA may have implications for the health or at least health care coverage options for a portion of the Wyoming population if the state elects to expand Medicaid under the law. While Wyoming has failed to opt for the expansion in the past, recent actions indicate that Medicaid expansion may come to fruition in the state in the near future. Late in 2014, Governor Matt Mead announced a plan that would provide coverage to approximately 18,000 Wyoming residents through the Medicaid program. As a part of that plan, however, certain covered individuals would have to chip in for their coverage as those earning between 100 and 138 percent of the federal poverty level would be required to pay monthly premiums that would range from $20 to $50 per month. This plan, also known as the SHARE plan, was rejected in legislative committee in favor of an alternative expansion plan proposed by State Senator Charlie Scott (R-Casper). While the SHARE plan failed at the committee level sources indicate it could return later in the session. The alternative expansion plan would require workforce requirements for enrollees and would rely on the existence and funding of personal health savings accounts.

While it is unclear as to how Wyoming will expand Medicaid, it appears to be on the horizon for the Cowboy State. As to how that, or other options for expanded coverage for Wyoming residents through the Marketplace and its subsidies, will affect the overall health of the state remains to be seen.






Are Canadian Prescriptions On Their Way To The U.S.?

Senators John McCain (R-Ariz) and Amy Klobuchar (D-Minn) have reintroduced a bill titled, “The Safe and Affordable Drugs from Canada Act.” The bill would amend the federal Food, Drug, and Cosmetic Act (FDC Act) to allow for the personal importation of safe and affordable prescription drugs from approved pharmacies and/or pharmacists in Canada. As of January 8, 2015, S.B. 122 has been read twice and referred to the Health, Education, Labor, and Pensions (HELP) Committee.

Proposed Legislation

The bill was previously introduced as The Safe and Affordable Drugs from Canada Act of 2014 (S. 2549) by the senators to permit the personal importation of a 90-day supply of a drug for personal use if obtained from a licensed Canadian pharmacy and pharmacist. Under this bill, a prescription drug would have to be filled using a valid prescription issued by a physician licensed to practice in the United States and contain the same active ingredient or ingredients, route of administration, dosage form, and strength as a prescription drug approved under the FDC Act. This bill also established criteria for approval of a Canadian pharmacy and required HHS to publish a list of approved Canadian pharmacies, including their website address, from which individuals may purchase prescription drugs as part of this Act.

Past Issues

The FDA cannot ensure the safety and effectiveness of products that are not FDA-approved and come from unknown sources and foreign locations or those that may not have been manufactured under proper conditions. Patients are at risk if they cannot be sure of the drug products’ identity, purity, and source. In 2005, the FDA conducted an investigative operation of pharmaceutical orders made over the internet. The FDA intercepted imported drugs from four selected countries and found that nearly 50 percent of these drugs were shipped to fill orders that consumers believed they were placing with “Canadian” pharmacies. Of the drugs being promoted as “Canadian,” based on accompanying documentation, 85 percent of them came from 27 other countries. A number of these drugs also were found to be counterfeit. Subsequent operations included seizures of more than 11.8 million tablets, capsules, and vials of counterfeit medicines from 49 countries in 2013. Thus far, the FDA recommends only obtaining medicines from legal sources in the United States.The bill, if enacted, would effectively implement the FDA’s current personal importation policy (PIP) for Canada.

Highlight on Washington, DC: Prescription Drug Reporting, Licensing, and Exchange Laws Adopted in 2014

Pharmacists and other dispensers of controlled substances in the District of Columbia will have to provide specific information  to a new database on the substance prescribed and the person to whom the medication was prescribed under legislation adopted in 2014.  Another piece of legislation adopted by the City Council would regulate an additional nine professions including home health and assisted living administrators.  The Omnibus Health Regulation Amendment Act of 2013 would also require additional certification for dentists and dental facilities where anesthesia is administered.  Finally the City Council adopted legislation that provides definitions of key  phrases in the Health Benefit Exchange Authority Act of 2011.   Upcoming proposals having to do with health care will be treated differently in 2015, as the City Council is combining the Health Committee and the Human Services Committee.

Prescription Drug Monitoring Program

Effective February 22, 2014 dispensers of medications licensed by the District of Columbia will have to report information within 24 hours on each prescription  dispensed for a schedule II, III, IV or V controlled substance to the Prescription Drug Monitoring Program.  The patient’s name, address, date of birth, and gender as well as the dispenser’s and prescriber’s identification number, the date the prescription was written, the date the prescription was dispensed, the prescription number, the quantity dispensed, the source of payment and other information needs to be reported.  Hospitals, nursing facilities, hospices, and drug wholesalers are exempt from the act as are prescriptions provided by a licensed narcotic maintenance programs.

The report of the City Council’s Health Committee stated that this legislation is designed to “reduce the diversion of prescription drugs in an efficient and cost effective manner.” The committee reported that prescription drug abuse has become a nationwide problem with nearly one-third of people 12 years of age or older began abusing drugs by using a prescription drug for a non-medical purpose. Typically it will be pharmacists who will be checking the database and reporting data to the database and not physicians.  Pharmacists have the power to deny a request to fill a prescription, but without this database pharmacist have a difficult time obtaining information to make that decision.

Licensed Professionals

Dentists and dental facilities that administer anesthesia in the District of Columbia will have to obtain an additional certification under the provisions of the Omnibus Health Regulation Amendment Act of 2013, adopted on January 7, 2014 and effective on March 26, 2014.  In addition teachers of dentistry hygiene and dentistry will also have to be licensed in the District of Columbia.

While home health care agencies in the District  of Columbia have been licensed for a number of years they will now be required to provide both a skilled nursing services and a therapeutic services that includes physical, speech, or occupation therapy, medical social services, or personal care services. This definition will be in conformance with federal law and will minimize inconsistencies among oversight agencies, according to a report prepared by the City Council’s Health Committee on this legislation.

Home healthcare administrators, assisted living administrators, assistants in the practice of speech language pathology and audiology, as well as speech language pathology clinical fellows will need to be licensed. Prior to this legislation health professionals were regulated by 18 health occupation boards and four registration programs.

Health Insurance Exchange

The Better Prices, Better Quality, Better Choices for Health Care Coverage Amendment Act of 2014 provided key definitions for the regulation and operation of the District of Columbia’s health insurance exchange.  The Act would require insurers to offer plans at the bronze, silver and gold level on their exchange and require standardization of at least one plan at each metal level. The District of Columbia’s exchange acts more as a clearinghouse and contracts will all qualified health plans who want to offer insurance on their exchange instead of only offering pre-selected health plans with negotiated premiums prices, according to a Health Committee report.  The Act defines terms such as metal level, navigator, standardized plan, accurate attestation, prescription drug formularies, and essential health benefits.  The District of Columbia established its exchange with the Health Benefit Exchange Establishment Act of 2011.

Future Activity

The District of Columbia’s City Council may be more active in 2015 than it was in 2014.  It begins a new two year legislative session  on January 2, 2015, and the City Council will  be reducing the number of committees it has from ten to eight, according to a recent press release.  Most notably the Health and Human Services Committees will be combined into one committee which will be chaired by the former Chair of the Health Committee, Councilmember Yvette Alexander.  This combination could have a significant impact on how and what types of legislation will be adopted by the District of Columbia’s City Council on health care related issues in 2015 and 2016.