Wednesday, February 24, 2016

Et Tu, Oscar?

Things seem to be going well for Oscar Health, the health insurance start-up that has been wowing investors and the media since it was founded in 2012.  Forbes reports that Oscar just raised $400 million in an investment round led by Fidelity, which effectively values Oscar at about $2.7b.  Oscar has expanded from its New York/New Jersey roots to now also include Texas and California, and expects that its current member base of about 145,000 to reach 1 million, in 30 markets, within five years.

So why do I fear that perhaps they are taking the wrong path?

I've previously expressed my concern that Oscar and some of its fellow health insurance start-ups might be more about repackaging than reinventing.  I'm more concerned than ever after Bloomberg reported that Oscar is adopting a new network strategy: moving to "tight, exclusive networks with hospitals."  Oscar CEO Mario Schlosser said: "The bet we made in going deep with a couple of health systems, I love what we’re doing there. We’ve got a very good blueprint now to go into new markets."

There's no secret why Oscar is taking this approach.  It's about cost, with the expectations that narrower networks yield cost savings.  McKinsey reported that almost half of exchange plans in 2015 were narrow, with over 60% being narrow in larger cities where such narrow networks are more feasible.  The jury is still out, but so far research is encouraging that narrow networks can, in fact, save money -- without, so far, adverse effect on quality.

Closer relationships with providers and the ability to offer lower premiums without hurting quality.  If that's what Oscar is after with its new network strategy, what's not to like?

Well, plenty.  For one, with this strategy Oscar isn't innovating; it is buying into the strategy that most other health plans are trying to adopt.  That doesn't make it a bad strategy, but playing follow-the-leaders certainly doesn't fit the cool yet disruptive image that Oscar has so carefully cultivated.

More importantly, it is the wrong strategy.  For Oscar.  For any health plan.  It is a strategy rooted in the 1990's, if not earlier.  In fact, as I've argued before, the whole notion of using a provider network at all is outdated at best, and potentially dangerous to consumers.

The argument for networks, especially narrow networks, is that health plans can drive better bargains by promising more volume to specific providers.  For most of the 21st century health plans seemed to abandon this principle, beaten by "any willing provider" legislation and especially by consumer demand for wider networks.  Now narrow networks are reviving this argument.

I don't have a problem with health plans driving hard bargains with providers, especially if those bargains are performance-based.  What I do have a problem with is forcing consumers to use those, and only those, providers (or risk severe financial penalties).

Health insurers have often been criticized for their "mother-may-I?" approach to utilization management, forcing providers and consumers to defer to the health plans' judgement.  Provider networks are another example of this mentality, and that becomes more and more true as the network gets smaller.

In essence, health plans are telling consumers that they should trust that the health plan knows which providers are best.  Making matters worse, telling consumers that they should only go to certain providers suggests that those providers are best at everything, not just specific conditions, and that is something that is rarely, if ever, true.

Not exactly an empowered consumer or a consumer-directed message.

Maybe it is true.  Consumers have shown precious little interest in comparison shopping when it comes to providers, either for cost or quality (despite a veritable cottage industry of transparency vendors).  It doesn't seem likely that any particular consumer could negotiate as good a deal as a health plan can on behalf of its members.  Neither of those mean we shouldn't still try.

I think it is great when a health plan tries to find the highest quality providers, and to get a good deal with them.  What I wish they would do, though, is say, "here's the data that demonstrates their quality, and here's how much we're willing to pay them to take care of you.  If you can find providers that are better, that's great; go to them, and we'll still pay the same as we'd pay the providers we recommend.  No hard feelings."

In other words, let the health plan act as the concierge, not the gatekeeper.

If a consumer goes to providers who charge more than the health plan would pay their designated providers, well, there's a price for choice; consumers might have to pay extra.  On the flip side, maybe the consumer should pocket some of the savings if they manage to find less expensive providers.

I wouldn't have an issue with health plans saying they'd reduce the amount they pay if the consumer goes to providers who have objectively worse quality/outcomes results.  In fact, they should.  The health plan should make such quality/outcomes information easily available to consumers, both so the consumers can make good choices and to reduce any surprises about payment.  That information might tier providers into quartiles or quantiles to help simplify things.

This approach might sound like reference pricing, because reference pricing is a start to where I think we need to go.  Reference pricing is still in the rough stages -- e.g., not enough conditions, not enough bundled payment options, and still not very easy for consumers to shop.  It has to improve, but, fortunately, one can see that happening.

I'd rather we put more effort into that than in narrowing consumer's choices.  We should be encouraging and empowering consumers to make better, more informed health choices, not taking choices away from them.

Noah Lang, CEO of Stride Health, told Fast Company, "Oscar is primarily a consumer experience company."  I don't think restricting choice of providers is a very good consumer experience for any health plan, and especially not for one like Oscar who prides itself on its member experience.

Oscar thinks this new approach is their future.  If so, their future may be as just another health plan.  And that'd be too bad.

Friday, February 19, 2016

So That's What Bitcoin Is For

The tech, law enforcement, and privacy worlds are abuzz with the recent decision by Apple to refuse to help the FBI crack the security on an iPhone, even though the iPhone in question belonged to an alleged terrorist/mass murderer.  As fascinating and important as that story is, I was even more interested in another cybersecurity story, about a hospital paying ransom to hackers in order to regain access to its own computer systems.

This was not the first such occurrence, and it won't be the last.

In early February, Hollywood Presbyterian Medical Center found itself locked out of its computer and electronic communication systems, along with a demand for ransom.  The hackers apparently didn't steal anything, but, rather, encrypted the hospital's files so that they couldn't be accessed.

In the end, the hospital not only paid the random, but also publicly admitted what had happened.  A hospital spokesperson stressed that patient care had not been compromised, and that paying the ransom was "the quickest and most efficient way" to restore its systems.  A cybersecurity expert told US News & World Report: "From an economics perspective it was probably the best – or only thing to do,” while adding: “From a strategic perspective it is terrifying to me that most companies pay because the alternative is too painful."

This kind of blackmail is more common than we may realize. Symantec's 2015 Internet Security Threat Report estimated that 317 million new pieces of malware were created in 2014, with ransomware attacks up 113%.  "Crypto-ransom"attacks, like HPMC suffered, went up 4,000%.

According to NBC News, health care record hacking rose 11,000 percent last year alone, with as many as one-in-three Americans having had their health data compromised -- usually without them being aware.  In most of these cases, actual patient information was taken, as it can then be used to perpetuate fraud.  We've all read about these breaches, since HIPAA requires disclosure when patient information is compromised...assuming the organization is even aware of the breach.

Locking down hospital systems rather than simply stealing the data -- and, of course, there is no guarantee that the HPMC hackers didn't also steal patient data -- is a tactic that is less often reported.  As another security expert told CBS News: "Unfortunately, a lot of companies don't tell anybody if they had fallen victim to ransomware and especially if they have paid the criminals."

As with kidnapping (or terrorists), experts are split about whether to give in to ransom demands or not.  There are often ways to recover the data or restore control of systems without giving in to the demands.  In the case of HPMC, one expert told CBS News, "If they decided to pay the ransom, it probably means that they didn't have very good backups, they weren't able to recover the data, and that the data would have been lost if they didn't pay the ransom."

Two things about the HPMC situation especially struck me.  For one thing, the hackers only got $17,000.  I mean, HPMC is not a huge hospital, but it is not a small one either, and one would expect that access to their systems would be worth more than $17,000.  They probably would have paid their IT staff more than that in overtime to fix the problem, if they could have.

Maybe the hackers just needed some quick cash to buy a Yaris.

The second interesting thing was that the hackers demanded payment in Bitcoin.   I hadn't realized it, but Bitcoin apparently has become the preferred currency of ransoms, especially crypto-ransoms.  Being both virtual and not issued by a government or financial institution, it is much harder to trace, and it can be easily transformed into "real" money.  As one expert told The New York Times, "The criminal underground very much likes Bitcoin.  It’s enabled a greater sense of obfuscation.”

It probably took longer for HPMC to figure out how to pay in Bitcoin than whether to pay at all.  Other healthcare organizations may want to be brushing up on their Bitcoin expertise, just in case.

It seems likely that there will be more such attacks, especially now that the HPMC ransom payment became public.  As one expert told Newsweek,  "I think whenever a ransom demand is shown to work for the bad guys—meaning victims pay up—it is an incentive for criminals."  These kind of hackers are anything but stupid, and they will keep attacking until it is shown that their efforts no longer work.

Moving more data and more operating systems to the cloud is one strategy that has been touted as a way to counter cyberattacks, since the cloud vendors claim to have more robust defenses, but it becomes a risk/reward proposition.  A cloud computing vendor might have bigger and tougher walls, but, once penetrated, there would be "a fruit-bearing jackpot" for hackers.

The really scary thing about health care hacking may not be being locked out of computer systems or even loss of patient data.  It may be that any medical device that is connected to the Internet or WiFi could be hacked, even taken over.  As proof, a security researcher recently hacked into a hospital's MRI.  He noted, "In this case it was easy. Medical devices are still insecure, I can see it. Some manufacturers really secure them but some [developers] are thinking about internet security in second or third place."

The researcher was doing it as to make a point, but how much would someone pay to regain control of, say, their pacemaker?  How much business would an imaging center lose if it became known that hackers could digitally alter its scans?   Would you undergo a laser procedure or robotic surgery if you weren't 100% certain their software hadn't been hacked?  Would you trust a mobile app that might have been compromised?

The Internet of Things offers many exciting possibilities for "smart" devices and better tracking, but it also vastly expands the range of things that could be hacked.   This fear was a hot topic at this year's Consumer Electronics Show (CES), with no easy answers but with many pleas for developers to build in security as a foremost consideration as IoT is developed.

There aren't any easy answers.  Health care has never been known for its leading edge systems or programming expertise, but when it comes to combating cyberattacks, it needs to be in the forefront.

Friday, February 12, 2016

Blame It On the Old Me

New research from Johns Hopkins suggests that if you want to have better habits, you probably should have made better decisions in the past.

Millions of mothers are probably now thinking, "I told you so!"

The research conditioned participants to associate red and green objects on a computer screen with small financial rewards ($1.50 and $0.25, respectively), then had them perform another task to find certain shapes on the screen, with no reference to color and no reward.  By using a PET scan to monitor brain activity, the researchers found that, instead of focusing on the new task, the participants' attention was still drawn to red shapes.

As the authors concluded,
What's surprising here is that people are not getting rewarded and not expecting a reward.  There's something about past reward association that's still causing a dopamine release.  That stimulus has become incorporated into the reward system.
This will not come as a surprise to anyone who has ever had a donut.

Of course, we've known about conditioned responses for decades.  The new research underscores the brain chemistry behind this kind of conditioning, illustrating why old habits can be so hard to break.  It also found that some people were more easily distracted by prior rewards than others, and the researchers believe that people who are prone to addiction are among the ones most easily distracted.  Their hope is that there may be pharmaceutical ways to disrupt the neurochemical responses which cause the distractions.

These findings are very pertinent in a time when we increasingly understand the connection between lifestyle choices and diseases, especially (but not exclusively) chronic diseases.  Lifestyle diseases include such common diseases as heart disease, obesity, and type 2 diabetes.  Dr. David Boyd of Cancer Treatment Centers of America says half of cancers can be avoided through lifestyle changes as well.  Changing bad health habits is clearly essential to improving our health and to helping to combat rising health costs.

"Population health management" is seen as a key tool towards this.  It uses data to identify at-risk individuals and coach them to behaviors that might help them prevent or defer their getting lifestyle-related diseases, or at least help them manage the risks of ones they already have.

Population health management is hot, predicted to grow at a 23% CAGR between 2015 and 2020, reaching some $31b.  For that much new spending, there better be a lot of offsetting savings, but realizing those savings may not be so easy.  A new survey by Numerof & Associates found that virtually all health care organizations surveyed said population health management was important to their future success -- 54% said it was critical -- but two-thirds thought their capabilities were only average, or worse.

That doesn't bode well.

It's just hard to change bad health habits.  For example, many employee wellness programs use financial incentives or penalties.  Despite employers getting increasingly tough about workers (and their families) participating in them, the $8b spent on them annually has not shown much provable ROI (unless they are targeted specifically to the people already shown to be high cost).

new study in Health Affairs found that financial incentives in such programs were not effective in promoting weight loss.  The authors concluded that the financial incentive was not what motivated people, and that how the incentives are designed -- such as more periodic feedback -- is critical.

In other words, people's brains were lighting up at the memory of that donut, but not so much about those potential future financial rewards.

Many people believe that digital health solutions may be the not-so-secret weapon in helping people improve their bad habits.  Chloe Schneider writes in Mashable  about how mobile apps and devices can serve as "blind spot detection tools for your life," helping people combat habits they are trying to break or helping instill desired new habits into their lives.

I especially liked Ms. Schneider's quote: "To break a habit, you have to make a habit," which is very similar to what one of the authors of the Johns Hopkin's study told CNN: "Often the most effective way to unlearn a habit is to replace it with a new one."  

Yusuf Sherwani recently recapped the importance of using mobile health tools to tackle chronic conditions, but stresses that "it's all about health behavior."  He urges that digital health must do a better job of getting clinical validations for its interventions, and create "...highly structured and personalized evidence-based behavioral therapies to tackle specific risky health behaviors."

As he pointed out, not all smokers smoke for the same reasons, nor have the same motivations for wanting to quit, so a smoking cessation program that doesn't recognize these differences is doomed to fail for most people.

It's the same reason that over half of people who buy health trackers stop using them within six months.

Maybe the answer to this will be better living through more prescription drugs.  The Johns Hopkins study speculated about using them to block neurochemical triggers for people prone to addiction.  Scientists are already hard at work on pills to combat obesity ("poop pills"?) or even to mimic the effects of exercise.  I'm sure there are numerous other examples of trying to use a pharmaceutical approach to behavior modification.

We've been trying to manage our lifestyle diseases through an ever-growing number of prescription drugs (spending more on them all the time), so it shouldn't come as a surprise that we might conclude that pharmaceutical approaches might also help us break bad habits that have led/could lead to the diseases

To me, that would be like winning the battle but losing the war.

Certainly chemical interventions may be appropriate for addictions, as they have been for other mental health disorders.  Perhaps all "bad" health habits are attributable to chemical imbalances.  Still, I like to think our brain can play a bigger role in developing better habits than simply being medicated.

Lots of companies are looking to strike it rich through sophisticated population health management software and snazzy health tracking apps, but the pot of gold will be in solutions that actually get people to replace their bad habits with healthier ones.

OK, now time for my cookie -- er, I meant carrot.

Tuesday, February 2, 2016

Brother, Can You Spare a Thousand Dollars?

In game theory, the diner's dilemma is the situation where, when people agree to split a restaurant bill evenly, the average bill goes up.  People in this situation tend to pick a more expensive meal than they otherwise would have, at best hoping the other diners will subsidize their meal, and at worst not wanting to get stuck subsidizing the similarly more expensive meals ordered by their companions.  Everyone loses.

The embedded video below nicely explains it:

Health insurance is, essentially, an example of the diner's dilemma writ large.

Imagine, if you will, one of your neighbors.  Not your next door neighbor, not a neighbor you are best friends with, just a neighbor you know well enough to wave hello to but perhaps not well enough to invite to dinner.  You almost certainly wouldn't ask them to pay for a cleaning service, or to pay for your new windows, but if you had a fire that wasn't covered by your homeowners' insurance, you might ask them to help out.

Now imagine that the next time you have a health expense, you have to knock on their door and ask them to pay for it.  I suspect that if it is something catastrophic, something that is time-limited, most of us would pony up at least something (I've discussed this previously).   But to pay for your routine exams or even moderately expensive services, well, most of us probably wouldn't just hand over a check.

Except, of course, when that check is delivered out of our health insurance premiums.

Whenever you file a health insurance claim (or, more likely, one is filed by the provider for you), you are essentially asking someone else to pay for your care.  Those other someones are the people in your health insurance pool, who could be -- to name a few -- other people in your company/union/association, other people with the same individual health coverage as you, or other taxpayers.  

To be fair, some portion of your costs are paid for by your own premiums, but if you are one of the 80% with relatively low claims, that portion is pretty small; most of everyone's money goes to paying for the small percentage of people who are unfortunate enough to have very large claims.  This skewed distribution has been recognized for some time now, at least by people with good math skills and/or above average interest in the problem.

With health insurance, we're in the diner's dilemma.  If we don't use health care services, our health insurance premiums are just going to be spent by other people, leaving us as the sucker who pays for other people to get more services than they might have otherwise.  So we end up doing the same, and everyone's premiums go up as a result.

That's why it cracks me up when I read about Bernie Sanders acting like a "Vermont auctioneer" by asking people at his rallies to shout out their health insurance deductibles, everyone outraged by having to pay several thousand dollars of their own money before coverage kicks in.  Whose money do they think it should be?  Mine?  Yours?  Our grandchildren's?

Yes, certainly for some people even routine health expenses are beyond their ability to pay, but (private) health insurance was never intended to act as a wealth transfer, nor should it.

Maybe health payers have simply been doing things wrong.  Adam Koppel, a Biogen VP, claims that Google's view of traditional actuarial math is: "it's like the 19th century," and that they believe they could do much better using their Big Data analyses.  As a result, he says, Google wants to become a payor; indeed, according to Mr. Koppel, "They want to take over CMS."

They could hardly do worse.

Certainly analytics could make huge impacts in spotting fraud and overutilization, both of which have been the usual suspects for cutting "waste" for at least the past 30 years, but neither of which seem to have been greatly impacted yet.  New research has found that the variations in both price and utilization are even more pervasive than we'd already known.  CMS has just announced new rules that would make it easier to pool public and private claims data to help attack this, and better analyses of more data should be a potent weapon.

For example, a recent report found that one percent of doctors account for 32% of malpractice claims.  I'm willing to bet that a relatively small percentage of physicians also account for a disproportionate share of spending (analogous to the statistics on patients), and that if we could identify the intersection in the Venn diagram of those three circles we'd find some easy targets for significant interventions.  The question is who will be the first to figure that out; maybe that will be Google, maybe not.

Mr. Koppel believes the changes in the payer sector go beyond Google's interest in it; he flatly says, "Payers are essentially becoming health IT companies."

Certainly payers have long been big in health IT, such as for their claims and other operational systems.  Those systems have, though, often been criticized for being clunky legacy systems that rely on imperfect data.  But the payer leaders are moving well beyond these, especially in terms of analytics expertise: Aetna bought ActiveHealth in 2005, Anthem bought Resolution Health in 2008, and United's huge Optum subsidiary had as its kernel Ingenix.  The Blues are now all pooling their data in BCBS Axis.

Aetna has further gone into the health IT space by acquiring health information exchange vendor Medicity and health app maker Healthagen (both 2011), while United picked up its own H.I.E. vendor Axololt in 2010, as well as Connextions (2011) and MedSynergies (2014).  So maybe Mr. Koppel is on to something.

Payers, though, tend to be big battleships, slow to turn and already struggling to make the shifts to ACOs/value-based purchasing/consumerism, so expecting them to behave more like nimble health IT companies may be expecting too much, at least in the short term.  On the other hand, expecting health IT companies to remain as nimble in the rocky waters of provider contracting, employers as customers, and consumers always wanting their plan to pay more is also asking a lot.

I'm all for better analytics, new entrants in the payer space, and new paradigms about what health insurance even is, but if we don't do something about our version of the diner dilemma, we may be wasting our time.