Saturday, April 12, 2014

State Department Posts "Embargoed" Climate Change Press Release a Day Early

    Apparently someone at the State Department hit the "publish" button too soon.  This press release regarding the "Intergovernmental Panel on Climate Change Working Group 3 Report" appeared Saturday night on the State Department website, well ahead of its 5 AM Sunday scheduled release:

    No need to get up at 5 AM Sunday now. Whew!

Friday, April 11, 2014

White House Retweet: 'Kathleen Sebelius Is Resigning Because Obamacare Has Won'

    The first official word from the Obama administration on Kathleen Sebelius's resignation as secretary of health and human services is a retweet by the official White House Twitter account of a tweet by Vox.com's Ezra Klein:

    After news broke yesterday of Sebelius's imminent departure, Klein quickly posted an article entitled "Kathleen Sebelius is resigning because Obamacare has won."  The article was largely met with derision on the right, and even mainstream news reporting called into question the victorious characterization of Sebelius's exit.
    The president is set to speak at eleven o'clock Friday morning and is expected to announce that Sylvia Mathews Burwell, currently director of the Office of Management and Budget, will take Sebelius's place.

Note: A version of this post first appeared at The Weekly Standard.  Some nice coverage at Memeorandum, too.

Thursday, April 10, 2014

HHS Spending $800K on Studies to Help Family Planning Clinics Survive Obamacare

    Despite the Obama administration's insistence that everyone -- the government, insurance companies, doctors, medical providers, and consumers -- will reap benefits from Obamacare, a recent grant proposal by the Department of Health and Human Services (HHS) suggests that the agency does have concerns about the ongoing financial viability of one player in the health care market: so-called family planning centers.
    HHS intends to spend up to $800,000 to fund studies to "conduct data analysis and related research and evaluation on the impact of the Affordable Care Act (ACA) on Title X funded family planning centers." At least part of the concern centers on the ACA's provision that allows those 26 and under to stay on their parents' insurance, and how confidentiality considerations may impact the ability of Title X centers to cover their costs.
    The Title X program, which began in 1970 as part of the Public Service Health Act, is "the only federal grant program dedicated solely to providing individuals with comprehensive family planning and related preventive health services."  Included are contraceptives, breast and cervical cancer screening, pregnancy testing, screening/treatment for sexually transmitted infections (STIs), and HIV testing. Although Title X funds may not be used for abortion, many Title X centers provide abortions using funds from other sources. For instance, Planned Parenthood clinics perform over 300,000 abortions each year, and that organization is the only Title X provider actually listed by name on HHS's Title X website home page:
Services are provided through state, county, and local health departments; community health centers; Planned Parenthood centers; and hospital-based, school-based, faith-based, other private nonprofits.
     The studies that HHS's Orwellian-sounding Office of Population Affairs is soliciting fall into two categories.  The first seeks to assess the national impact, primarily financial, of Obamacare on Title X centers.  The second seeks a qualitative analysis on the impact of the Title X centers providing confidential services. Preserving confidentiality for Title X clients can hurt the centers' ability to be reimbursed for services due to the reporting requirements of state laws and regulations, as well as insurance company rules.  HHS is hoping to acquire case studies on how various Title X centers have managed to overcome this obstacle in order to share those techniques and strategies with other Title X providers.
    The financial concerns of family planning centers center on two areas.  First, HHS has been fielding complaints from family planning centers about "significant challenges" they are facing "negotiating adequate payment terms" with Marketplace private health plans.  On top of this are "continuing challenges" with Medicaid's "varying reimbursement policies around onsite dispensing of contraceptives and education and counseling[.]"  Mandated free contraceptives has been one of the highest profile and most controversial parts of Obamacare, but ironically that increased availability may end up financially harming the very family planning centers that are a significant provider of those contraceptives -- particularly to low income clients.
    The second category of studies looks for ways to mitigate the impacts of confidentiality requirements on family planning centers that can hamstring efforts to secure reimbursements, a problem that Obamacare will only exacerbate.  Since Obamacare aims to increase use of private insurance through the marketplaces, family planning centers will likely see an increase in difficulties obtaining reimbursements without the Explanations of Benefits (EOB) required by insurers.  Since claims details are available to the policy holders, clinics are often not able to file claims for family members wishing to keep their treatment at a family planning clinic private from a spouse or a parent.
    HHS says that "[f]ifty percent of family planning clients are under the age of 25," and under Obamacare, millions of young adults ages 19-25 are now able to remain on their parents' policies.  But along with that coverage comes a lack of privacy for those young adults who may not want their parents to know of their contraceptive use, HIV testing, or treatment for STIs.  HHS says that in "the long term, this practice [of not billing to maintain confidentiality] may result in unsustainable revenue losses for Title X centers."
    To help family planning centers, HHS would like these studies to find ways the clinics can deliver "services confidentially while being able to bill insurance for the visit," which would likely require suppression of EOBs and claims history:
Title X centers regularly forego billing for clients that request confidential services. They are generally unable to negotiate EOB and claims history suppression with issuers because of State laws and regulations. OPA [Office of Population Affairs] is requesting case studies and other qualitative data to identify mechanisms where Title X providers have successfully provided services confidentially while being able to bill insurance for the visit. The specific regulatory issues are not well understood and potential solutions have not been identified.
    HHS is also looking for these studies to provide the following:
  • An analysis of statutes, regulations, or other policies (such as issuer or provider policies) across the U.S. that affect the ability of Title X providers to bill insurance when services are requested confidentially. Such an analysis should discuss both challenges as well as potential policies that could serve as best practices. 
  • An analysis of successful business practices (such as contract negotiations) or issuer policies, business practices or other mechanisms that have resulted in the ability of centers to successfully bill insurance while maintaining client confidentiality. 
  • If “best practices” are located as part of the study, provide an evaluation of the impact to the Title X center’s revenue as a result of the practice. 
  • Based on the findings of the initial case studies, an intervention to test whether solutions (or “best practices”) can be implemented at other centers and an evaluation of such implementation in terms of the impact to revenue. Applicants should propose a methodology for an intervention.
    Grant applications from public or non-profit private entities interested in doing the studies are due by April 24, 2014.  Awards will be from $250,000 to $400,000 per year, and may be approved for a project extending up to three years, depending on the availability of grant funds in future years.

Note: A version of this article first appeared at The Weekly Standard.

Sunday, April 6, 2014

$1.5M Hotel Contract for President's One-Day Visit to Brussels

    In late March, President Obama took a week-long trip through Europe which included a stop of less than 24 hours in Brussels, Belgium for meetings with the European Union and NATO.  The president stayed at The Hotel, a twenty-seven story hotel in the center of the city.  The estimated cost for the president's stay, including about two weeks for an advance team, was $1,522,646.36.

    Despite reports that the president travelled with an entourage of 900, the Justification and Approval documents only indicate a need for "283 Lodging Rooms."  However, sometimes more than one hotel is used during VIP trips.  For instance, when the president travelled to South Africa for Nelson Mandela's funeral, five different hotels were used.
    Contracts for lodging have not yet been posted for the president's other stops during his European trip which included the Netherlands and Rome, Italy.

Note: A version of this post first appeared at The Weekly Standard.

Friday, April 4, 2014

BLS: Percentage of Hourly Workers Earning Minimum Wage or Less in 2013 Falls to 4.3%

    In the midst of the Obama administration's latest push to increase the federal minimum wage from $7.25 to $10.10 an hour, the Bureau of Labor Statistics (BLS) had released an analysis showing the the percentage of hourly workers earning at or below the minimum wage is down to 4.3%, or 3.3 million workers.  The decrease continues a trend of more than three decades, beginning with a high of 15% back in the early 1980s.  The numbers have occasionally spiked in reaction to economic conditions, most recently in the so-called Great Recession from 2008 to 2010, but then resumed the downward direction.

    Women's gains in this area have been even more dramatic, falling from around 22% in the early 1980s to about 5% in 2013.  The percentage for men during the same time went from about 10% to about 3%.
    The largest segment of the workforce earning minimum wage or below is in food preparation and serving (21.7%) whose wages are often supplemented by tips.  Other industries represented in the survey include service occupations, such as healthcare and protective services (11.3%), and sales and related occupations (6.1%).
    A related report from the BLS includes other facts about minimum wage workers:
  • Minimum wage workers tend to be young. Although workers under age 25 represented only about one-fifth of hourly paid workers, they made up about half of those paid the federal minimum wage or less.
  • About 5 percent of Black workers, 4 percent of White workers and Hispanic or Latino workers, and 3 percent of Asian workers earned the federal minimum wage or less. 
  • Among hourly paid workers age 16 and older, about 10 percent of those without a high school diploma earned the federal minimum wage or less, compared with about 4 percent of those who had a high school diploma (with no college) and about 2 percent of college graduates. 

Note: A version of this post first appeared at The Weekly Standard.

Thursday, April 3, 2014

Inspector General Uncovers 'High-Risk Security Vulnerabilities' in State Medicaid Systems

     The Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has uncovered seventy-nine "high-risk security vulnerabilities" in the information processing systems of ten state Medicaid agencies that "raise concerns about the integrity of the systems used to process Medicaid claims."  While the ten states are not identified by name, the OIG said that the investigation "suggests that other State Medicaid information systems may be similarly vulnerable," though the results could not be conclusively applied to all fifty states.  Now that the expansion of Medicaid under the Affordable Care Act has taken effect in 2014, millions of new enrollees will be added to these same state systems, ready or not.
    While the number of findings range from a low of three in one state to a high of seventeen in another, a chart accompanying the report illustrates the pervasiveness of the problems throughout the states, as well as the widespread nature of the vulnerabilities:

    The OIG provided specific examples of the vulnerabilities exposed by the investigation:
  • one State agency had not encrypted the hard drives of 14 portable laptop computers, leaving them susceptible to unauthorized access.
  • one State agency had not established any type of formal agency-wide inventory mechanism to account for all information system components and devices and was unable to identify all workstations and servers that were authorized to access the secure network and so needed to be properly secured.
  • one State agency had not enabled the network user account lockout function after unsuccessful login attempts, an error that could have allowed intruders to successfully run automated login attack tools without detection. 
  • one State agency was using an insecure remote access method, which sent unencrypted data (including passwords) across the Internet, to perform system administration functions within its MMIS [Medicaid Management Information Systems].
  • one State agency’s physical access control policies and procedures did not address the review of electronic badge access rights; consequently, some terminated employees still had access to the datacenter housing the State agency’s MMIS.
  • one State agency had not established formal policies and procedures to address the antivirus software deployment and update requirements. In the absence of formal antivirus deployment policies and procedures, more than 1,000 workstations and 200 servers from the State agency’s network were not reporting to the antivirus software control console, which was used to track the antivirus deployment and update status. Without updated antivirus deployment, State agencies expose their networks to known vulnerabilities, which could leave sensitive systems and data susceptible to unauthorized access and exploitation. 
    In the report's conclusion, the OIG repeated the warning of the "serious vulnerabilities" found in the ten states studied.  The state Medicaid agencies told the OIG that the vulnerabilities were being addressed.  The OIG said that "management should make information system security a higher priority," and that the inspector general was continuing to investigate in this area.
    With full implementation of the Affordable Care Act (ACA) in 2014, Medicaid will see a massive increase in enrollment even with only about half of states participating in the ACA-related expansion. As many as 8.9 million low-income Americans will meet the revised income threshold for eligibility.  With the personal information of nearly 9 million more Americans running through state Medicaid systems, the increased strain on the system and workload of state personnel serve to increase the urgency of addressing these serious security shortcomings.

Note: A version of this post first appeared at The Weekly Standard.

Security Breaches of Personal Information at Federal Agencies More Than Double Since 2009

    Millions of individuals who recently entrusted personal, medical, and financial information to the federal government while enrolling in Obamacare via Healthcare.gov may find a recent trend reported by the Government Accountability Office (GAO) rather unsettling.  The number of security breaches involving Personally Identifiable Information (PII) at federal agencies more than doubled in recent years, increasing from 10,481 in 2009 to 25,566 in 2013.  Perhaps even more disturbing, the GOA found that "none of the seven agencies [in a related study] consistently documented lessons learned from PII breaches."
    A graph accompanying the GAO report illustrates the dramatic and consistent upward trend in PII-related breaches over the last several years:

    A data breach may consist of something as simple as mailing documents containing PII to the wrong recipient, but also includes incidents involving massive loss of sensitive data as illustrated by these examples in the report:
  • [I]n May 2006, the Department of Veterans Affairs (VA) reported that computer equipment containing PII on about 26.5 million veterans and active duty members of the military was stolen from the home of a VA employee. 
  • In July 2013, hackers stole a variety of PII on more than 104,000 individuals from a Department of Energy system. Types of data stolen included Social Security numbers, birth dates and locations, bank account numbers and security questions and answers...
  • In May 2012, the Federal Retirement Thrift Investment Board (FRTIB) reported a sophisticated cyber attack on the computer of a contractor that provided services to the Thrift Savings Plan. As a result of the attack, PII associated with approximately 123,000 plan participants was accessed. According to FRTIB, the information included 43,587 individuals' names, addresses, and Social Security numbers, and 79,614 individuals' Social Security numbers and other PII-related information. 
    While the increasing number of incidents is concerning, the GAO also found that "agencies have had mixed results in addressing" information security "and most agencies had weaknesses in implementing specific security controls."  An earlier GAO report in December 2013 covered the responses to PII data breaches of seven federal agencies, including the IRS; the Centers for Medicare and Medicaid Services (CMS), the agency charged with implementing and running Obamacare; and the Veterans Administration (VA).  That report found agency responses broadly inconsistent.  For example:
  • only one of seven agencies reviewed had documented both an assigned risk level and how that level was determined for PII data breaches
  • only two agencies documented the number of affected individuals for each incident 
  • only two agencies notified affected individuals for all high-risk breaches
  • the seven agencies did not consistently offer credit monitoring to affected individuals
  • none of the seven agencies consistently documented lessons learned from their breach responses
    The GAO report also gives a preview of an upcoming report specifically on cybersecurity at federal agencies, and preliminary results are not encouraging.  The GAO has found effective and consistent response to cyber incidents in only about 35% of cases:
While these results are still subject to revision, we estimate, based on a statistical sample of cyber incidents reported in fiscal year 2012, that the 24 major federal agencies did not effectively or consistently demonstrate actions taken in response to a detected cyber incident in about 65 percent of reported incidents.
    The full GAO report on cybersecurity will be completed and issued later this spring.

Note: A version of this post first appeared at The Weekly Standard.