Monday, June 29, 2015

Oh, That Community

There's an old bar con about going up to someone asking for a loan of $10.  "But," you say, "only give me $5.  That way, you keep $5, and we'll be even."  Sometimes people fall for it.

Fair or not, that's what some new research about the value of the tax exemption for non-profit hospitals made me think of.

The study, in Health Affairs, by Rosenbaum, et. alia, found that the value of the exemption virtually doubled between 2002 and 2011, increasing from $12.6b to $24.6b.  The tax breaks -- which typically apply at the federal, state, and local levels -- are supposed to be in return for "charity care and community benefit."

According to IRS filings submitted by hospitals for 2011, the researchers calculated that the charitable and community benefits claimed were $62.4b.   The AHA was quick to jump on the findings: "Today's report shows that what non-profit hospitals provide in terms of benefit to their communities far exceeds the value of the tax exemption hospitals receive," it said in a statement, "...hospitals of every size, type and general location are not only meeting, but are exceeding, the community benefit obligations conferred by their tax-exempt status."

Not so fast.

It turns out that most of the money is spent, in essence, "paying" themselves back, such as for indigent care (24%) or to cover Medicaid shortfalls (32%).  As lead author Sara Rosenbaum told MedPage News, "These are very good things, but very little is going to community health improvement."  Indeed, only about 8% actually went back to the community.

It's not entirely clear how hospitals are even calculating these benefits.  AHA insists they are based on actual costs, not charges, but the last time hospitals knew their actual costs was, well, never.  Certainly the IRS isn't auditing the filings, leading some critics to believe that hospitals use their wildly inflated charges to boost their apparent community benefit.

It's sort of, OK, I'm going to charge you $10 for an aspirin, but you just pay me $2 and I'll write off $8 in community benefit.  Call me cynical, but any organization that thinks it is good business to gouge uninsured patients is not an organization that I have much faith in how they're justifying their tax exemption.

ACA requires non-profit hospitals to conduct a community health needs assessment, or CHNA, every three years in order to maintain their tax exemption.  Ms. Rosenbaum hopes that the CHNA will lead to a new era of transparency and accountability.  She thinks hospitals could spend their community benefits in underserved areas in creative ways, such as cleaning up parks or helping to make fresh produce more available.  "It may have nothing to do with clinical care,” Ms. Rosenbaum pointed out. “These are things that improve community health."

ACA has been seen as a boon for hospitals, increasing the number of insured and decreasing uncompensated care (just look at what happened to for-profit hospitals' stocks following last week's SCOTUS decision on maintaining subsidies).  Ms. Rosenbaum told Dotmed News, "As hospitals have essentially realized a dividend from the Affordable Care Act, the question is, will city members be at the table more than they were before?"

I wouldn't hold my breath.

The tax-exempt/non-profit status for health organizations is under more scrutiny than ever.   A court ruling in New Jersey found that Morristown Medical Center so intermingled its for-profit and non-profit activities that it no longer qualified for a state tax exemption, potentially making it -- and other NJ hospitals -- liable for millions of dollars in property taxes.  

There is still an appeals process for MMC, and the NJ legislature may act to address the issue, but other states are also taking a harder look at their tax exemptions for non-profit health care organizations.  California is already trying to take away the non-profit status of Blue Shield, and is now taking a harder look at its non-profit hospitals.  Cash-strapped Kansas is looking at making non-profit hospitals pay sales tax, while North Carolina is considering ending its sales tax refund program to non-profit hospitals.  Advocates in Oregon are questioning the community benefits their non-profit hospitals are delivering.

Maybe some of these questions are arising because salaries for non-profit hospital leaders are looking a lot like for-profit salaries.  Last year Modern Healthcare found that non-profit hospital CEO compensation rose, on average, 24% from 2011 to 2012 for the 147 institutions it tracks, while compensation for average workers only rose 2%.  The average CEO cash compensation was $2.2 million.

UPMC's long-time CEO Jeff Romoff reportedly made $6.5 million in 2014, one of 30 -- count 'em, 30! -- UPMC executives making over $1 million.  Connecticut's Office of Health Care Access found 19 health care executives in the state making over $1 million.  The Columbus Business First found at least 11 Ohio hospital CEOs making over $1 million.

I could go on, but I think the point is made.  I'm not saying these hospital executives don't earn their money, I'm just saying that, at some point, non-profits start to look and act an awfully lot like for-profits...without having to pay taxes or be accountable to shareholders.

There are, no doubt, a number of non-profit hospitals struggling to survive, especially those in rural or inner city areas.  Suburban hospitals with significant privately insured patient populations are usually the ones going on the building binges and aggressively increasing their horizontal and vertical market reach, through a combination of non-profit and for-profit businesses.  Those are the ones whose non-profit status and community benefits especially deserve closer scrutiny.

Ms. Rosenbaum concluded, "Hospitals view themselves as caring for sick people, but the pressure is growing for them to improve the health of an entire population .... To the extent that it's burdensome, this underscores the major public investment that is the tax exemption."

That's a new way for them to act and a new way for us to think about our investment in them, but both need to happen.

It's not just hospitals.  Many of the above criticisms apply to other non-profit health care organizations as well.  E.g., many Blue plans remain nominally non-profit and thus reap a variety of tax exemptions and/or preferences.  They sometimes justified that at least in part by offering some guaranteed issue products, which are, of course, now required of all health plans.  So why isn't their associated community benefit/tax exemption less?

Every tax dollar that hospitals and other health organizations don't pay is a tax dollar that someone else -- that's you and me, in case you were wondering -- is paying.  Let's make sure they truly deserve their tax exemptions and that those community benefits are actually going back to the community, not just staying within their walls.

Thursday, June 18, 2015

Jurassic Park: Rise of the Health Insurers

If you want to see dinosaurs fighting, stalking, and even mating, you don't need to go see Jurassic World.  Just pick up the business pages and see what is going on with the big health insurers, who seem intent on getting even bigger.

Whether anything actually comes of all the merger mania, or whether such mergers prove good for consumers, remains to be seen.

A month ago Humana seemed the most likely target, with Aetna the most likely suitor.  Humana was not too big, not too small, and their big book of Medicare Advantage business complimented Aetna's more commercial portfolio.  Cigna was mentioned as another possible target, but pretty much only offered Aetna more of what they already had.

Shortly after that rumor started, Anthem got tongues wagging by their CFO telling analysts they were looking "to do a cash transaction of meaningful size."  The speculation again centered on Humana, or possibly some Medicaid insurers like Molina or Centene.

Now, everyone seems to be in play.  The Wall Street Journal reported that Anthem has made overtures to Cigna, while United is interested in Aetna, with Humana still attractive to Aetna and Cigna.  Here's the WSJ infographic:

You can't make this stuff up.

It would be ironic if Humana was one left standing in this game of musical chairs, but many feel their assets are too inviting to be left out.

The Anthem/Cigna combination struck me as the oddest.  Anthem is historically and primarily a Blue Cross Blue Shield plan.  BCBSA rules are pretty strict about not combining Blue and non-Blue business, which could limit taking advantage of the consolidation to get more clout in negotiating with providers.  Then I remembered that Anthem already has a substantial non-branded line of business through its UniCare subsidary, whose self-funded, large employer portfolio would mesh very well with Cigna's strong presence in the large employer market.

The United/Aetna combination, on the other hand, might pose concerns with regulators, although in most markets might still pass FTC market share tests.   United is less likely to be interested in Humana because it already has a strong Medicare presence, between its Medicare Advantage business and its AARP health insurance products.

I'll let others talk about market caps, stock prices, P/E rations and the like.  I'm more interested in why we're seeing this, and what we're not seeing.

One conventional wisdom is that these kinds of mergers/acquisitions have to do with scale, since ACA puts restrictions on health plans' overhead (the MLR).  Bigger means more lives to spread such costs over.  The other culprit often cited is a desire to gain more clout with providers, who themselves are consolidating, although mostly at the local rather than the national/regional level.

I've expressed my concerns about provider consolidation before.  Health systems seem intent to gain control of geographic areas, which can be as large as whole metropolitan areas.  They usually do so in the name of fending off bigger and bigger health plans, or say it is part of a strategy to be an integrated delivery system, which is becoming more important in an ACO/value-based world.

The trouble is, no matter how big health plans get, if they face markets where there is, in essence, only one provider with which to negotiate, size doesn't really matter.  If a health plan can't convince their members to drive much longer to go to another health system, it doesn't matter if they have ten members or a million members when it comes to playing tough with the dominant health system.  Bigger isn't always better.

You can make dinosaurs bigger, but that doesn't make them more agile or better prepared to deal with new risks.  I'm wondering when we're going to see not bigger health insurers, but truly different models for them.

It wasn't all that long ago that pundits were predicting the end of health insurers.  They were going to be replaced by ACOs and other delivery systems bearing risk.  ACOs are certainly booming, but the stock market doesn't seem too worried about health insurers going out of business.

We've seen true integrated provider/health plan models like Kaiser, Group Health Cooperative, or Geisinger for decades now, and they're generally successful in their core markets, but that model hasn't proved easily replicable.

We've also seem health system building their own health plans, such as Intermountain Healthcare, Sentara, or UPMC.   We've even seen health plans buying/building their own health systems, such as UPMC's bitter rival Highmark Health.   Two years ago Anthem chose the leader of a large hospital system as its new CEO, signaling that the lines were going to be blurrier.

It's again kind of ironic to remember that Humana started out as a nursing home company, became a hospital chain, got into the health insurance business, and only shed its provider side in the early 1990s.

If Anthem buys Cigna or United buys Aetna, it wouldn't be all that interesting, nor would it be novel.  Those are dinosaurs getting bigger but not evolving.  We've already seen those kinds of combinations.  They might be good for investors but raise your hand if you think they've ever really led to breakthroughs in health for their patients/members.

If, on the other hand, Humana and HCA got back together, that would be interesting.  That would be provider/payor integration writ large, and maybe produce something new.

And if, say, CVS or Walgreens chose to merge with a health insurer, that would something even more unique.  I don't know how they'd change the health insurer, but it might be fun to find out.

Honestly, though, what I'd really love to see is a company from an entirely different sector, hopefully one with a strong consumer focus, buy into the health insurance business.  Maybe Humana should get back together with the Virgin Group, or perhaps Walmart would be interested in taking over a Medicaid managed care or Medicare Advantage plan.  Wouldn't you love to see Walmart take on the health care supply chain?  I bet they could squeeze better value out for its customers.

Jurassic World seems to be raking in the money despite being just another sequel about rogue dinosaurs.  Let's hope we see something with health insurers that isn't just another sequel as well.

Sunday, June 14, 2015

The Enemy of My Enemy Is Still My Enemy

The old adage says that the enemy of my enemy is my friend.  Several lawsuits within new health care spaces -- telemedicine, wearables, and concierge medicine -- would seem to belie this conventional wisdom.

The first example is with American Well and Teladoc, two of the nation's oldest and largest telemedicine companies.  American Well is suing Teladoc for what it says are patent infringements.  It doesn't seem like it is a coincidence that Teladoc recently announced that they were getting ready to go public, or that in March Teladoc sought to get the U.S. Patent Office to invalidate the patents in question, which date back to 2007.

Both companies seem to be doing well.  American Well raised $81 million last December, while Teladoc secured another $50 million last September.  According to MobiHealth News' analysis of their IPO filing, Teladoc has close to 11 million members, and is on track for over 600,000 visits annually in 2015.  American Well claims to have over 23 million members, mostly through its various health plan and provider clients.

They're certainly not alone in the field -- MDLive and Doctors on Demand also seem to be doing well, as evidenced by MDLive's burgeoning deal with Walgreens and Doctors on Demand's new deal with Wegmans-- but they are the largest.  And now they're squabbling with each other in court.

They've got plenty of other battles that they should be focusing on.  Texas is ground zero, with the recent ruling by the Texas Medical Board to require in-person visits in order to write prescriptions, which is viewed as a major barrier for telemedicine (Texas is not the only state with such restrictions).  Teladoc sued the TMB, and recently got a ruling from a Federal District Court blocking the TMB ruling.

This is important stuff for telemedicine.  Much progress has been made on making telemedicine more mainstream, but there is still a long way to go.  For example, the AMA's ethics council appeared to be close to making some progress on their official attitude towards telemedicine, only to punt after pressure from the TMB (I'm guessing they figured that the AMA getting ahead of the TMB would weaken their court case).

Similarly, just this week the American Telemedicine Association criticized the CMS final rules on telemedicine in ACOs, organizational models that should be front and center in using it.

I don't know what American Well patents Teladoc may have infringed on, or if they did whether they had any right to do so, and I don't support industrial espionage in lieu of real competition, but telemedicine is not yet so well established that its leaders should be attacking each other instead of trying to further its reach.

Also under the cause of patent infringement, Jawbone is suing Fitbit.  It is actually Jawbone's second lawsuit against them in two weeks.  Not only is Jawbone claiming patent infringement, they are planning to take their complaint to the International Trade Commission, which could result in a ban on imports of Fitbit products or components.  Their earlier lawsuit related to loss of intellectual property caused by Fitbit hiring several Jawbone employees.

It, again, comes as probably not a coincidence that Fitbit is preparing for its IPO on June 17.

Analysts are predicting crazy growth rates for wearables, such as one prediction that the global market could be worth $37b by 2020, and estimates of 2015 sales ranging from IDC's 45.7 million units to Yanos Research Institute's forecast of 104.8.  The market would seem to have room for both companies.

I wish Jawbone and Fitbit were spending more time figuring out what they are going to do about competing with new entrants in the wearable space like Apple or Samsung, and how they can do a better job keeping consumers from giving up on them.  They are not each other's biggest problem.

These internecion legal wars are not limited to patent disputes.  The two leaders in concierge medicine -- MDVIP and Signature MD -- are in court over non-compete provisions.

To be more accurate, Signature MD is suing the much larger MDVIP.  MDVIP's contracts with physicians prohibit them from joining another concierge practice within ten miles of a MDVIP practice for up to two years after their contract ends.  SignatureMD says these provisions are unenforceable, and a federal court in Los Angeles has already dismissed MDVIP's effort to squash the suit.

SignatureMD claims that MDVIP has something like 70% market share, and that its contracts effectively lock up many major markets.  MDVIP points out that SignatureMD's market share estimates include only physicians practicing the model, which remains only a small fraction of available physicians.

Concierge medicine, and its related model of direct primary care, are darlings of reformers who feel that health insurance is distorting how health care is bought and delivered.  A 2014 survey by Merritt Hawkins found that 7% of physicians already practice some form of these models, with another 13% planning to.  To SignatureMD's point, there are a lot of untapped physicians out there.

I don't like non-compete provisions, but I understand that companies like to protect their investments.  There are reasonable limits and unreasonable limits, and courts will end up figuring out where the line is, but in the meantime their fighting in court is not doing much to move the cause of concierge medicine forward.

I worry more about health systems locking up physicians in their markets (e.g., see what is happening in Washington and New Mexico) than I do about 10-20% of physicians in a market being tied to a particular concierge medicine company.  I'd rather those companies seek to expand the number and range of physicians using a concierge approach in their practice.

Patent infringement and non-compete provisions are neither trivial nor unique to these health care spaces, and I don't mean to imply that they are.  All the companies I've mentioned are innovators who deserve to be commended for helping to break traditional health care paradigms.  They've won impressive battles to gain more acceptance for their approaches.  But the wars haven't been won yet, and with these various legal battles it feels like they are taking their eyes off the prize.

If they're going to go to court, I'd rather that they focused on the people and organizations who still seek to limit adoption of their services, not each other.

Saturday, June 6, 2015

The Gift That Just Keeps On Giving

In my last post I wrote about some new woes for EHRs, such as malpractice risks, and I honestly didn't expect to write about them so soon.  But an article in Politico caught my eye, describing a huge problem with them that may not be top of mind for many: the risk (and cost) of being hacked.

In short, the health care industry has spent/is spending billions installing EHRs, more billions getting them to work, and is now realizing that they're going to have to keep spending billions each year to try to protect the information in them, as well as in other digital devices.

Say what you will about paper records, but it was awfully hard to steal too many of them.  The opaqueness that made them difficult to share/collaborate/analyze also made them virtually impossible to get remote access into.  Unlike EHRs.

The Politico article says that an individual medical record is worth ten times as much as a stolen credit card, that each hacked record can cost around $20 in legal costs and credit protection, and that the growing market for cyberinsurance is already a $2b industry, growing at 20-25% annually.

A May 2015 report from The Ponemon Institute lays out some other scary findings:
  • Criminal attacks are now the leading cause of health data breaches, up 125% over the last five years.
  • 65% of health organizations suffered multiple security incidents over the past 2 years.
  • Data breaches cost the industry $6b annually.
  • Employee negligence is still easily the leading source of concern.
  • Only about half of health care organizations think they have the right technologies or technical expertise to deter breaches, and slightly less than half are confident they can even detect loss or theft of patient data.
It's scary.  Jim Helms, Mayo Clinic's chief information security officer (CISO) put it bluntly to Politico: "The adversary is way ahead of us right now."  He also told The Wall Street Journal: "Medicine is 10 to 15 years behind in IT practices than other industries,"  Mr. Helms believes that health care data is harder to protect than financial information, and that "the stakes are higher."

Politico cites industry experts who recommend spending 10% of IT budgets on security, and up to 40% for newer companies, versus the industry average of 3%.  No wonder that only 37% of the organizations in the Ponemon survey felt their budget was sufficient to curtail or minimize breaches.

Breaches have become almost numbingly common in health care.  In recent months, there have been known breaches at Anthem, CareFirst, KaiserPremera, as well as a number of provider organizations, including Community Health Systems.  Just a few days ago personnel records on up to 4 million current or retired federal employees were hacked, and many believe that Chinese hackers suspected of being behind the attacks were the same hackers who attacked the big insurers.

As FBI Director James Comey told 60 Minutes earlier this year, "There are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese."

Just to be fair, it's not all about EHRs.  TrapX, a cybersecurity company, told The New York Times that Russian and Chinese hackers are infiltrating through other medical devices, such as x-ray systems or blood gas analyzers.  "This is going to get worse before it gets better, said TrapX's Carl Wright.  No wonder; "Clinical software is riddled with security vulnerabilities," claims Billy Rios of Laconicly, another security firm.

And institutional clinical software looks pretty secure compare to all those mobile apps and wearable trackers.

There are a number of strategies that health care organizations can follow to combat cyberattacks, such as de-identification and encryption of data, as well as better monitoring of hacking attempts.  For example, neither Anthem nor the U.S. government encrypted that data that was stolen.  However, in at least the Anthem case, it wouldn't have mattered, since the hackers used employee credentials that got them past the firewalls (as was true with last year's Sony breach).  Employees remain one of the biggest vulnerabilities.

Apple CEO Tim Cook has offered another perspective, that despite all of our concern about hackers stealing our information we're blithely giving it away anyway,   He implicitly criticized competitors like Facebook and Google who offer "free services" that he believes are pretexts for their gobbling up our personal information so that they can better target market us.   

As a boss of mine liked to always say, there's so such thing as a free lunch.

In a recent op-ed. Professor Zeynep Tufecki of UNC called on Mark Zuckerberg (and, by extension, other "free" services) to let her pay for her Facebook in return for less tracking and more privacy.  I wonder on how many people would actually opt for such an approach.

Indeed, a new study by the Annenberg School of Communications found that the public is well aware that their online data is being used to market to them, but 91% don't think the trade-offs are "fair."  Annenberg thinks the public is just resigned to the practice, feeling powerless to do anything about it.  Two recent polls by the Pew Research Center confirm that over 90% of Americans think it is important to control who collects what information about them, but are skeptical that their information -- especially online information -- will remain private and secure.

Look, we're not going back to a pre-digital world.  And in the digital world, there will be people who want to get access to our information, either legally or illegally.  Health organizations like to think they are in the patient business, but in the 21st century that means they are in the data business, which puts them squarely in the privacy business.  That means they need to invest sufficiently in IT resources and security.  

Health care now requires patient care, data analytics, and data custodianship, but there's no reason why any single organization needs to perform each of those itself.  Being a health care data custodian for health organizations might become a very hot business (as I've suggested before).  

Privacy doesn't mean what it used to mean, with more people increasingly opting for convenience over traditional notions of it, and with more ways to subvert it.  We're going to have to figure out what is most important to us and how best to protect it.