Is BlackCat/ALPHV faking its own ‘death’? (updated) HHS and CMS come to Change affected providers’ assistance with ‘flexibilities’

BlackCat/ALPHV blames the FBI for another ‘shutdown’ and exits, stage left. BlackCat put up a copy of the shutdown screen (left) that appeared on their old leak website back in December [TTA 22 Dec 23] on their new leak website, claiming that law enforcement shut them down. This was not confirmed by the FBI either way, but Europol and the NCA confirmed to Bleeping Computer that they had no recent activity involving BlackCat. The other tell was that the source code on both screens was different–it was served up on another server.

On a Russian hacker forum called Ramp, BlackCat/ALPHV claimed that they “decided to completely close the project” and “we can officially declare that the feds screwed us over. The source code will be sold, the deal is already being negotiated”. The source code is reportedly up for sale for $5 million.

As to the $22 million, BlackCat/ALPHV never admitted it was paid by Optum/Change (nor is Optum confirming), but the affiliate called “notchy” which didn’t get paid [TTA 5 Mar] shared (to Bleeping Computer) that “a cryptocurrency payment address that recorded only one incoming transfer of 350 bitcoins (about $23 million) from a wallet that appears to have been used specifically for this transaction on March 2nd.” That wallet distributed (seven) equal payments of $3.3 million in bitcoin to other wallets.

(Update) Speaking of “notchy”, let’s not forget that this affiliate claims to have 4 TB of PHI/PII data from Change that could be sold or leaked. Since they never got paid by BlackCat/ALPHV, it’s safe to assume that information will be up, so to speak, for grabs.

When it all adds up–the fake FBI ‘raid’, shutting down servers, the signoff on Tox of “GG’ (good game?), the cutting off of affiliates (which also confirmed this to–and may or may not have been paid)–it resembles an exit scam.

(Update) Another excellent summary about ALPHV in Krebs On Security also updates LockBit, which was seized in an international takedown in February, and about governmental entities they ransomwared.  To be continued….

The lobbying of HHS by Congress, the American Hospital Association, and UHG to help out providers has produced some results. On 5 March, Health and Human Services (HHS) issued a statement that summarized various ‘flexibilities’ and workarounds to aid providers who cannot access systems or have to resort to alternatives to ensure continuity of services to patients. These will be administered through the Center for Medicare & Medicaid Services (CMS) and range from prior authorization, advance funding, and claims processing for Medicare. From the statement:

  • Medicare providers needing to change clearinghouses that they use for claims processing during these outages should contact their Medicare Administrative Contractor (MAC) to request a new electronic data interchange (EDI) enrollment for the switch.
  • CMS will issue guidance to Medicare Advantage (MA) organizations and Part D sponsors encouraging them to remove or relax prior authorization, other utilization management, and timely filing requirements during these system outages.
  • CMS is also encouraging MA plans to offer advance funding to providers most affected by this cyberattack.
  • CMS strongly encourages Medicaid and CHIP managed care plans to adopt the same strategies
  • If Medicare providers are having trouble filing claims or other necessary notices or other submissions, they should contact their MAC for details on exceptions, waivers, or extensions, or contact CMS regarding quality reporting programs. CMS has contacted all of the MACs to make sure they are prepared to accept paper claims from providers who need to file them.

Many payers are also making funds available while systems are offline. Hospitals may also face “significant cash flow problems from the unusual circumstances impacting hospitals’ operations, and – during outages arising from this event – facilities may submit accelerated payment requests to their respective servicing MACs for individual consideration.”

The statement closes with a reminder of HHS’ December concept paper on cybersecurity strategy for healthcare. (full statement), Becker’s

(Update) More on how this is affecting patient care focusing on cancer treatment, from the point of view of a Community Oncology Alliance spokesman. In addition, how consolidation is making healthcare more vulnerable to cybercriminals, and comments on UHG and Federal processes and payment offers to date. HealthcareITNews.

And DDoS attacks and questionable downtimes are now common.

Editor’s Update 11 Mar: The website had a major DDoS attack on 7 March and was down for two days thru 8 March. It is now fully up and running with our links working.

Multiple US Government websites went down Thursday evening 7 March based on news reports: Department of Homeland Security (DHS), Customs and Border Protection (CBP), Immigration & Customs Enforcement (ICE), Citizenship and Immigration Services (USCIS), US Secret Service and Federal Emergency Management Agency (FEMA). The timing based on the State of the Union address to Congress is, well, interesting. Daily Express   Later reports announced restoration later in evening. Cyberincidents are not exactly unknown on government websites.

Mid-week roundup: Cotiviti’s $10.5B stake to KKR; Cigna buys back $3.2B shares; VA Oracle Cerner faulty med records; LockBit ransomware websites cold-busted at every level, principals indicted; Trualta partners with PointClickCare

Investor KKR announced their buy of a $10.5 billion stake in healthcare analytics Cotiviti. The stake comes from Veritas Capital, creating an equal share of ownership. The recapitalization will be used for commercial expansion, new product development, and technology-related opportunities. It is expected to close subject to regulatory approvals in Q2 this year. According to Axios and Bloomberg, it is financed by a $5 billion leveraged loan sale launched last week, with a $4.4 billion floating rate term loan led by JPM and a $600 million fixed rate term loan led by Goldman Sachs. This is Veritas’ second attempt to exit. While money is leaking back into private equity deals, the new trend is to finance them with more cash than debt. Cotiviti release

Cigna, having sold off its Medicare Advantage plans for $3.7 million to HCSC, is repurchasing $3.2 billion in stock (7.6 million shares) through agreements with Deutsche Bank and Bank of America. Cigna’s plan remains to repurchase $5 billion of common stock over H1 2024 after ending merger talks with Humana. FierceHealthcare, Cigna release

VA warned about faulty medication records in the Oracle Cerner Millenium EHR. The culprit is in the Health Data Repository, according to a government watchdog. David Case, deputy inspector general for the VA, reported at a House Veterans Affairs Committee Technology Modernization Subcommittee meeting last week, that while VA had no reports of harmful drug interactions, Case had at least one instance of a veteran not given a critical medication for adrenal insufficiency, leading to a near-disastrous outcome. The VA has also not informed the 250,000 veterans with prescription records in the Oracle Cerner system that the records may have errors.. In the VA facilities that have Oracle Cerner, providers, pharmacists, and frontline staff must perform complex manual medication safety checks to replace automated checks.

The Oracle Cerner rollout has been put on hold till summer this year–maybe [TTA 1 Nov 23]. At this hearing, Mike Sicilia of Oracle did show up and attributed the problems in the HDR to multiple systems being involved from VistA and other EHRs, into Oracle Cerner. However, after 10 separate fixes, the most recent software update had a similar data issue during final testing and was quickly pulled.

A victory versus ransomware. Updated. The LockBit ransomware group has been cold-busted “at every level” by the UK, US, and international law enforcement. According to the Department of Justice release and other sources, the UK’s National Crime Agency’s (NCA) Cyber Division led Operation Cronos, working in cooperation with the Justice Department, Federal Bureau of Investigation (FBI), and other law enforcement agencies worldwide. They seized numerous public-facing websites and domains used by LockBit to connect to the organization’s infrastructure along with servers used by LockBit administrators. Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, were indicted in the US District Court of New Jersey in Newark, charged with deploying LockBit against numerous victims throughout the United States. Sungatov was also indicted in the Northern District of California. According to Europol, “Two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities. The French and US judicial authorities have also issued three international arrest warrants and five indictments.” LockBit’s ‘heart’ is of course in Russia, where nearly all cybercrime is located–they are free to operate there as long as they don’t target anything in RU. Cybernews

Trualta partners with PointClickCare for family caregiver education and support. PointClickCare is a leading EHR for long-term and post-acute care (LTPAC) providers. Trualta provides educational resources to support family caregivers when a patient is discharged through logging in to the resource site, with the ability to access articles, videos, and modules that cover a variety of care topics including preparing for discharge, transitioning from hospital to home, and life after discharge.  Trualta’s information will be offered through PointClickCare’s Marketplace. A recent study by Trualta of caregivers using their materials found that 30 days of Trualta use can decrease annual unexpected hospital visits among care recipients by 20%. Trualta release

Follow up: Molina reduces Bright Health’s $510M California plan sale to $425M

Not unexpectedly, Molina Healthcare is not going to pay the original purchase price for Bright Health’s California plans in Q1 2024. In July, Bright Health trumpeted a $600 million salvage deal with Molina, one of the few ‘pure’ health plan companies left. For Molina, they would pay $510 million plus a $90 million tax benefit for Bright’s two California Medicare Advantage (MA) plans–Brand New Day and Central Health Plan. One of the caveats of the deal was the ability to reduce the payment due in Q1 2024 based on the purchased plans’ financials and Star ratings. Unfortunately for Bright Health, neither financials nor ratings are good. Molina is reducing their payment accordingly to $425 million, unceremoniously, paying less for more membership in MA. Release

Why Bright is dimming rapidly. Bright’s health plans have failed or closed shop in multiple states [TTA 20 Apr] after disastrous 2022 performances. Most recently, their Texas plans were seized for liquidation. In these plans, the Center for Medicare & Medicaid Services (CMS) assesses risk adjustment payments that Bright owed to other plans in states where they did business [TTA 5 Dec]. That has been calculated as $380 million–$89.6 million alone in Texas. The bottom line: Bright owes money everywhere–not only to other payers for where they operated in 2022 but also to JP Morgan–$380 million to pay off its credit facility due in February. 

Ari Gottlieb of A2 Strategies on LinkedIn plus interviewed in Becker’s and MedCityNews, has been following this closely as this Editor has noted in his earlier coverage of insurtechs. His over/under is that Bright will pay off JP Morgan first, perhaps kick some over to their lender New Enterprise Associates (NEA), and leave CMS and payers owed in multiple states holding a bag of stale or soggy chips. He explains the escrow setup with Molina plus other factors such as management bonuses (!!!) for completing the transaction. A smart move in his eyes is that the Texas Department of Insurance, by liquidating the TX plans and blocking actions by Bright, may be able to claw back over $125 million out of NeueHealth, a Bright subsidiary.

Absent another Loaves-and-Fishes miracle, reserved for our Redeemer, this Editor cannot see how Bright doesn’t go dark in 2024. One possibility to this Editor: NEA ponies up more investment on top of their $60 million credit facility engineered in August. Given the coal scuttle that is the current state of M&A, they may see this as their only alternative with their investment cash, to push for a recovered and small Bright. Absent a Chapter 7 breakup, what company would buy the liabilities to payers and lenders for what is left–NeueHealth? Then have DOJ and FTC turning a microscope on them? Perhaps in June 2024, but not now.

You have to hand it to Bright Health. They have done a masterful job of tying states, CMS, other health plans, and even Molina into Gordian knots that buy time against what seems to be the inevitable.

Short takes: CVS’ $1.12M Q2 net income loss, forecast spurs 5,000 layoffs; Signify’s in-home kidney exams; Indonesia’s Halodoc $100M D; FeelBetter raises $5.9M; Medicare breach hits 612,000 beneficiaries

A mixed picture for CVS Health. Their Q2 reporting was almost schizophrenic, depending on whose reporting you read. Healthcare Finance highlighted their $1.12M net income loss–tiny when compared to the size of the company– but apparently one of the factors driving a layoff of 5,000 corporate, non-customer facing staff. From FierceHealthcare, CVS is still quite profitable at $1.9 billion, but that is down 36%. Revenue of $88.9 billion was up 10% from prior year. The results beat Wall Street analyst estimates of $2.12/share with adjusted earnings of $2.21/share. 

Despite the overall good picture of Q2, financial projections trended down for the full year. CVS in Q2 started a restructuring plan which cost $496 million in pre-tax income, expected to be completed by year’s end. 2023 is projected to have increased Medicare Advantage costs, higher drug utilization, and lower consumer spending expectations affecting retail operations. Added to their acquisition binge of Signify Health and Oak Street Health, which together totaled $18.6 billion, their 2024 earnings per share projections for 2024 fell from $9 to a range of $8.50 to $8.70. Timing was not disclosed for the 5,000-person reduction among corporate staff. It is not known whether this will affect Aetna and CVS Caremark (pharmacy benefit). CVS has 300,000 employees (75% full time) including part and full-time retail workers. They are also reducing corporate travel, plus the use of consultants and vendors. (CVS is known to have extremely low contractor rates already.) The restructuring is projected to save $700 to $800 million next year, but cold comfort to the 5,000 who won’t be there.  FierceHealthcare. We’ll see.

One of those CVS purchases, Signify Health, is moving forward with an in-home option for evaluating kidney function as part of in-home exams of Medicare Advantage members. This evaluation will include urinalysis and estimated glomerular filtration rate testing which are relatively simple and cost-effective to administer in-home. It fits within their in-home exam protocols and will support early detection and diagnosis of kidney disease plus management of those with chronic kidney disease for earlier and better treatment. End-stage renal disease (ESRD) costs $37.3 billion to Medicare. FierceHealthcare

Going far, far East to Indonesia, virtual health provider Halodoc scored $100 million in a Series D funding round. Lead investor was Astra International with Openspace and Novo Holdings. This brings their total funding to $245 million. Halodoc provides online and app-based health services for 20 million active platform users claimed. Services include telehealth, medicine ordering, lab test, and doctor appointment booking. They also manage third-party health insurance purchase and at-home health testing. Their network includes more than 20,000 medical practitioners, 3,300 hospitals, and 4,900 pharmacies. On the website, there are a wide variety of services, including wellness. Unfortunately, to read it, you’ll have to know Indonesian (Malay)–and there are some pictures of intriguing recipes there! Mobihealthnews

Contrasting this to an exceedingly modest raise by a new Boston/Tel Aviv medication management company, FeelBetter. Their $5.9 million unlettered raise was led by Firstime Ventures and Shoni Health Ventures, with participation from Random Forest VC, The Group Ventures, and previous investor Triventures for a total of $8 million. FeelBetter uses AI tools to create what they call Pharmaco-Clinical Intelligence to identify patients at risk and deliver insights on gaps in care to personalize medication management to change the risks of polypharmacy. Release, Mobihealthnews  They also issued a study on how FeelBetter could be used to effectively risk stratify emergency department use and hospitalizations among patients 65+ with multiple chronic conditions and complex medication regimens to avoid the 10-30% of hospitalizations that include medication issues. Release

No week seems to pass by without a data breach of some sort, but it’s unusual when Health and Human Services (HHS) and the Centers for Medicare and Medicaid Services (CMS) are attached to it. A contractor to the Medicare program, Maximus Federal Services, Inc. (Maximus), used a vendor, Progress Software, and their MOVEit Transfer software, which is a popular file transfer software for transmitting sensitive data. There was a vulnerability in this software that has previously been exploited by Russian ransomwareistes CLOP with Johns Hopkins currently being sued for their breach [TTA 19 July]. Maximus detected the unusual activity, an outside entity copying files, from 27 to 31 May. CMS is reporting that about 612,000 Medicare beneficiaries may have been affected by the breach which may have exposed personally identifiable information (PII) and/or protected health information (PHI). CMS and Maximus are notifying the beneficiaries this week and offering 24 months of free credit monitoring service. CMS release, Federal News Network, Progress page,  Deep Instinct backgrounder on MOVEit’s zero-day vulnerability

Telehealth waivers take critical step in extending to 2024 in House bill now passed

In a 406-12 vote last week, the US House of Representatives passed HR 4040, the Advancing Telehealth Beyond COVID–19 Act of 2021. The bill, which now goes to the Senate after the August recess, extends key Medicare telehealth waiver provisions to the end of 2024.

The key provisions extended are:

  • Permitting Federally Qualified Health Centers (FQHCs) and rural health clinics to serve as the distant site (i.e., the location of the health care practitioner)
  • Medicare beneficiaries to receive telehealth services at any site, regardless of type or location
  • Any type of practitioner to furnish telehealth services, subject to approval by the Centers for Medicare & Medicaid Services
  • Audio-only evaluation and management and behavioral health services
  • Delay of in-person requirements for behavioral health telehealth
  • Use of telehealth to satisfy Medicare face-to-face telehealth requirements for hospice care

The current emergency telehealth extension expires five months after the end of the Covid-19 public health emergency (PHE). As of today, that ends in October 2022. For any further extensions or permanent changes, the Centers for Medicare and Medicaid Services (CMS) is required to seek them from Congressional legislation. FierceHealthcare, ATA releases 25 July, 27 July 

Thursday news roundup: dimming SPACs, hospital-at-home pilots in DFW, Connected Health debuts bespoke home care services configurator in NIR

The prognosis for SPACs? Like Lucas electrics, dim. Too many went public on last year’s overdose of moonbeams and celery stalks at midnight, to this year’s plummeting share prices and red ink. Not only are SPACs now targets of Federal, including SEC, scrutiny, but they have Elizabeth Warren, the Senatorial Scourge of Finance, after them promising legislation with even tighter regulations than the SEC. But let’s face it, most SPAC’d companies have yet to stumble their way into profitability. From financing Hero to Zero in two years. This short article in PrivCo’s Daily Stack will confirm all of this.  

Hospital-at-home pilots in the Dallas-Fort Worth, Texas area. Biofourmis is piloting an initiative with Wise Health System for its Hospital@Home end-to-end solution that combines artificial intelligence (AI)-based remote patient monitoring (RPM) technology and clinical support services. This is to qualify for Centers for Medicare and Medicaid Services’ (CMS) Acute Hospital Care at Home program. Select patients can choose to be admitted to home versus the hospital, then monitored by the Biofourmis Virtual Bed Kit based on a wearable biosensor feeding into a digital tablet pre-loaded with the patient-facing Biovitals Hospital@Home app. Wise’s staff will visit the patient at least twice daily to conduct in-person examinations, assessments, and additional testing as needed. Wise Health is a four-hospital, integrated care network. Biofourmis release

What you pick is what you get. Domiciliary care provider Connected Health is debuting Connected Health 2.0, a ‘home care configurator’ which will enable clients and families to build a package of services for home care. Launched during Carer’s Week in Northern Ireland, it custom-packages physical care, wearables, medication devices and virtual care services. Once the client or family member configures the care package, Connected Health calls them to review suitability then follows up with an on-site risk assessment in the home before service begins. The Irish News article is light on details like when it begins in Northern Ireland, but Connected Health’s timetable is to roll it out in the UK and Ireland over the next two years.

CMS telehealth pandemic waivers boosted usage among disadvantaged, urban patients

Broadening telehealth usage areas when in-person visits are restricted boosts–telehealth usage. Beyond the tautology, the surprising finding here is that it benefited two groups that telehealth hasn’t done well with prior to the pandemic: those living in the most disadvantaged neighborhoods and in metropolitan areas. It also increased usage among women and those of Asian and Hispanic heritage.

The Johns Hopkins study, published in Health Affairs (abstract only, restricted access), reviewed 30 million Medicare fee-for-service claims to quantify outpatient telemedicine use before and after the Medicare telemedicine coverage waiver that took effect on 6 March 2020. Prior to the waiver, Medicare beneficiaries were covered very narrowly for telehealth, in designated rural areas and specific designated facilities, using synchronous audio/video only–a total of 0.42% with one outpatient visit. After the waiver, this grew to 9.97% of patients with at least one outpatient telemedicine visit. Medicare had previously reported that Medicare beneficiary telehealth usage had grown to over 40% during the pandemic.

According to the study abstract, “After adjustment [for demographic variables], our data suggest that the coverage waiver increased access to telemedicine for all Medicare populations, including people residing in the most disadvantaged neighborhoods, although the odds of use were persistently lower with increasing age.” Other studies had found disparities based on demographics such as race, income, and residential location, with higher status pointing to greater telehealth usage, but this study indicates that the loosening of restrictions did not contribute further to these disparities. Thus the logic points to more availability (access) powering increased usage, or at least the odds of use, in this disadvantaged/minority population. 

It is certainly an argument for retaining most of the telehealth waivers–which will require Federal legislation for Medicare after the 90-day Public Health Emergency renewal expires in mid-July, if not renewed. Healthcare Finance, FierceHealthcare

Telehealth parity, coverage, access debated in New Hampshire, South Dakota; CMS issues corrections to RPM in 2021 Medicare PFS rules

Two US states are taking opposite tacks on the permanence of payment parity, telehealth coverage, and access recently broadened during the COVID pandemic

  • New Hampshire’s legislature is debating a bill (HB 602) that would eliminate the payment parity requirement for all telehealth consults, as well as eliminate coverage for telephonic (audio) consults and faxes. Parity was first permitted on an emergency basis at the start of the COVID pandemic in 2020, then passed through the legislature and signed into law by Governor Sununu in July. Parity requires provider reimbursement at the same rate as in-person visits for state Medicaid and private plans.  mHealthIntelligence
  • South Dakota’s Governor Noem, however, is proposing to make permanent the emergency telehealth expansions directed in two 2020 executive orders in two bills she’s submitted to the legislature:
    • Eliminate the in-person exam requirement before a care provider begins telehealth treatment with a new patient
    • Enable providers to prescribe certain medications via telehealth
    • Eliminated the requirement for telehealth on an audio-visual platform, thus enabling providers to conduct telephonic consults for some services
    • In the second bill, South Dakota could recognize medical licenses from states included in the Uniform Emergency Management Assistance Compact (EMAC), a mutual aid agreement that allows states to share resources during natural and man-made emergencies. mHealthIntelligence

Both payment parity and coverage access are hot topics in physician reimbursement and patient services. The argument in favor of parity is to incentivize usage among physicians. Opposing this is the notion that telehealth has a lower value than in-person visits and that payers should be able to negotiate coverage and rate with care providers. In New Hampshire, a rural state but adjacent to Massachusetts, there is sparse availability of many healthcare services, especially for mental health and substance abuse services. The same is true in South Dakota, a state 8.5 times geographically larger than New Hampshire and truly ‘big sky’ country. Here parity is not an issue but ‘existing patient’ requirements, prescribing, telephonic, and licensing are. Telephonic consults in rural areas with spotty broadband are also considered to be a vital inclusion.

CMS also did some revising on the 2021 Medicare Physician Fee Schedule (PFS) to clarify and correct coding plus other information around remote patient monitoring (RPM) effective 1 January:

  • 20 minutes of time includes, but is not limited to, “Interactive Communication” with patient
  • RPM billing by one practitioner, per patient per period
  • Many codes can be used for billing RPM, including codes for collecting and monitoring the data, and treatment/management services of the conditions monitored with the data. (In the US, certified billing and coding professionals are the most frequent ‘brain benders’ on these issues. It is that complex.)

The Foley & Lardner blog has a concise summary, but you can enjoy the CMS-corrected document in the Federal Register here

While telehealth virtual office visits flatten, overall up 300-fold; FCC finalizes COVID-19 telehealth funding program (US)

As expected, the trend of telehealth visits versus in-person is flattening as primary care offices and urgent care clinics reopen. Yet the overall trend is up through May–a dizzying 300-fold, as tracked by the new Epic Health Research Network (EHRN–yes, that Epic). Their analysis compares 15 March-8 May 2020 to the same dates in 2019 using data from 22 health systems in 17 states which cover seven million patients. It also constructs a visit diagnosis profile comparison, which leads with hypertension, hyperlipidemia, pain, and diabetes–with the 2020 addition of — unsurprisingly — anxiety.

POLITICO Future Pulse analyzed EHRN data into July (which was not located in a cross-check by this Editor) and came up with its usual ‘the cup has a hole in it’ observation: “TELEHEALTH BOOM BUST”. But that is absolutely in line with the Commonwealth Fund/Phreesia/Harvard study which as we noted tailed off as a percentage of total visits by 46 percent [TTA 1 July]. But even POLITICO’s gloomy headline can’t conceal that telehealth in the 37 healthcare systems surveyed was a flatline up to March and leveled off to slightly below the 2 million visit peak around 15 April. 

Where POLITICO’s gloom ‘n’ doom is useful is in the caution of why telehealth has fallen off, other than the obvious of offices reopening. There’s the post-mortem experience of smaller practices which paints an unflattering picture of unreadiness, rocky starts, and unaffordability:

  • Skype and FaceTime are not permanent solutions, as not HIPAA-compliant
  • New telehealth software can cost money. However, this Editor also knows from her business experience that population health software often has a HIPAA-compliant telehealth module which is relatively simple to use and is usually free.
  • It’s the training that costs, more in time than money. If the practice is in a value-based care model, that is done by market staff either from the management services organization (MSO) or the software provider.
  • Reimbursement. Even with CMS loosening requirements and coding, it moved so quickly that providers haven’t been reimbursed properly.
  • Equipment and broadband access. Patients, especially older patients, don’t all have smartphones or tablets. Not everyone has Wi-Fi or enough data–or that patient lives in a 2-bar area. Some practices aren’t on EHRs either.
  • Without RPM, accurate device integration, and an integrated tracking platform, F2F telehealth can only be a virtual visit without monitoring data.

Perhaps not wanting to paint a totally doomy picture (advertising sponsorship, perhaps?), the interview with Ed Lee, the head of Kaiser Permanente’s telehealth program, confirmed that the past few months were extraordinary for them, even with a decent telehealth base. “We were seeing somewhere around 18 percent of telehealth [visits] pre-covid. Around the height of it, we’re seeing 80 percent.” They also have pilots in place to put technology in the homes of those who need it, and realize its limitations.

Speaking of limitations, the Federal Communications Commission (FCC) COVID-19 Telehealth Program, authorized by the CARES Act, is over and out. The final tranche consisted of 25 applications for the remaining $10.73 million, with a final total of 539 funding applications up to the authorized $200 million. Applicants came from 47 states, Washington, DC, and Guam. FCC release. To no one’s surprise, 40 Congresscritters want to extend it as a ‘bold step’ but are first demanding that Chair Ajit Pai do handsprings and provide all sorts of information on the reimbursement program which does not provide upfront money but reimburses eligible expenditures. That will take a few months. You’d think they’d read a few things on the FCC website first. mHealth Intelligence

10 years in 2 months: prognosticating the longer-term effect of COVID-19 on telehealth, practices, and hospitals

crystal-ballThis Editor recounted last night in the article below on The TeleDentists’ fresh agreements with Cigna and Anthem the observation of a former associate who has been in the thick of the remote patient monitoring wars for some years that telehealth/telemedicine has progressed 10 years in 2 months. Seema Verma, the head of the Centers for Medicare and Medicaid Services (CMS), stated to the Wall Street Journal (paywalled),  “I think the genie’s out of the bottle on this one. I think it’s fair to say that the advent of telehealth has been just completely accelerated, that it’s taken this crisis to push us to a new frontier, but there’s absolutely no going back.” Even in a short period of time, CMS-reported telehealth visits as of 28 March trebled from 100,000 to 300,000. When the April numbers are in, it would not be surprising to see it grow well into seven figures.

The genie may be out of the bottle, but what will the genie do? Genies are, after all, unpredictable, and fly around.  Out of the smoke, some educated guesses:

  • Insecure, non-HIPAA compliant audio/video platforms will be the first which should be struck from CMS approval. Zoom has become a hackfest, with all sorts of alerts from mobile providers like Verizon on how to secure your phone. (An organization of which this Editor is a member had a panel this week completely disrupted by a hacker in five minutes.) Skype’s problems are well known. The winners here will be telehealth platforms that integrate well with EHRs, population health platforms (or may be part of population health platforms), and have robust security.
  • Primary care practices and specialists, who’ve been surviving on non-F2F visits, will be adjusting their practices to patient demand, and integrating telehealth with physical visits in a way that their patients will prefer. This means a search for integration of EMRs/EHRs with secure platforms and reconfiguring areas such as care coordination. If planned correctly, this could create better management of patients with multiple chronic conditions.
  • Actual physical visits will rebound, creating financial pressure on Medicare, hospitals, and private payers. How many people’s health has declined in two-three months is key. Small practices, who may see this first, will see another level of pressure, because they will be held to their Medicare quality metrics in value-based models even if adjusted. Hospitals will also rebound–if they are able. The dark side: private payers may run the numbers and scale back on benefits for the 2021 year especially if COVID is projected to make a return.
  • Behavioral health may benefit, yet drive individual practices and a wave of retirements, or a consolidation into clinic or group settings. There’s a reason why Optum is buying out AbleTo; we may see a wave of competitor acquisitions in this area with the emphasis will be on cognitive health and short courses. Why retirements? Many psychiatric practices are still independent, concentrated geographically, and the average psychiatrist is over 50. Psychiatric EHRs are both costly and not particularly suited to practices. If faced with technological challenges, a lot of MDs and senior clinical psychologists may very well exit–threatening clinics which need MDs to legally operate.
  • Rural health’s failure accelerated. USA Today’s analysis pinpointed at least 100 rural hospitals to close within the year. They already operated on thin margins, but with COVID expenses for additional equipment, the closing down of more profitable elective procedures and dependence on Medicaid, the over 1,100 unprofitable hospitals, over half of which are the only hospital in their county, have received a body blow. HHS allocated $10 billion to rural hospitals and clinics of the $100 billion aid package, but it may be too little and too late. Becker’s Hospital Review continues to track the bankruptcies and closures. Here there are no easy solutions from the digital health area.
  • A culture of cleanliness should accelerate. If the genie pulls this out of the bottle, one major benefit will be that hospital-acquired infections will decline. Effective sanitization methods that reduce human application and scrubbing will be the ones to look at: disinfecting foggers and UV full room or area systems–or combinations of same. Cleanliness and lack of virii and bacteria may become a new metric. Look and bet on companies that can provide this, from rooms to computers/mobile tablets and phones.

Readers can help with these prognostications and especially how they will play out not only in the US, but also in the UK, Europe, and worldwide.

Tyto Care telehealth diagnostics raises $50 million in venture round

Tyto Care today (7 April) announced a venture round investment of $50 million by Insight Partners, Olive Tree Ventures, and Qualcomm Ventures LLC plus previous investors. The new investment will pay for commercialization throughout the US, Europe, and Asia as well as to introduce new advanced product capabilities including AI and machine learning-based home diagnostics solutions and other patented technologies. 

Tyto’s timing could not be better for the raise. In the US, led by CMS with private payers following in near lockstep, the past month has seen the rapid unrestricting of payment for telehealth services like virtual visits of the audio-visual type and short asynchronous and synchronous image and audio/telephonic short visits. Tyto’s remote medical exams of the lungs, heart, throat, ears, abdomen, and body temperature fits into the current and likely future need. Both live exams and asynchronous forwarding of data are part of a platform that integrates with EHRs and third party exam tools.

Tyto Care works with hundreds of hospitals and over 100 health organizations including health systems, payers and strategic partners, primarily in North America, Europe, and Israel. In 2019, they had over 200,000 examinations.

If, like your Editor, you believe that the tidal wave of telehealth has changed the office visit model for keeps, adding remote diagnostics can be a winner–if Tyto can navigate the tricky shoals of a largely consumer-based marketing strategy (Best Buy) and gain adoption by health systems and payers, as they have in Israel with Sheba Medical Center [TTA 28 Feb]. Release, FierceHealthcare

CMS clarifies telehealth policy expansion for Medicare in COVID-19 health emergency, including non-HIPAA compliant platforms (US)

Today (17 March), the Center for Medicare and Medicaid Services (CMS) issued a Fact Sheet and FAQs explaining how the expanded telehealth provisions under the Coronavirus Preparedness and Response Supplemental Appropriations Act and the temporary 1135 waiver will work. The main change is to (again) temporarily expand real-time audio/video telehealth consults in all areas of the country and in all settings. The intent is to maintain routine care of beneficiaries (patients), curb community spread of the virus through travel and in offices, limit spread to healthcare providers, and to keep vulnerable beneficiaries, or those with mild symptoms, at home. Usage is not limited to those who suspect or already are ill with COVID-19.

Previously, only practices in designated rural health areas were eligible for telehealth services, in addition to designated medical facilities (physician office, skilled nursing facility, hospital) where a patient would be furnished with a virtual visit. 

The key features of the 1135 telehealth waiver are (starting 6 March):

  • Interactive, real-time audio/video consults between the provider’s location (termed a ‘distant site’) anywhere in the US and the beneficiary (patient) at home will now be reimbursed. The patient will not be required to go to a designated medical facility.
  • Providers include physicians and certain non-physician practitioners such as nurse practitioners, physician assistants and certified nurse-midwives. Other providers such as licensed clinical social workers (LCSW) and nutritionists may furnish services within their scope of practice and consistent with Medicare benefit rules.
  • Surprisingly, there is ‘enforcement discretion’ on the requirement existing in the waiver that there be a prior relationship with the provider. CMS will not audit for claims during the emergency. (FAQ #7)
  • Even more surprisingly, the requirement that the audio/visual platform be HIPAA-compliant, as enforced by the HHS Office of Civil Rights (OCR), is also being waived for the duration (enforcement discretion again), which enables providers to use Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype–but not public-facing platforms such as Facebook Live, Twitch, or TikTok. Telephones may be used as explicitly stated in the waiver in Section 1135(b) of the Social Security Act. (FAQ #8) More information on HHS’ emergency preparedness page and OCR’s Notification of Enforcement Discretion.
  • On reimbursement, “Medicare coinsurance and deductible would generally apply to these services. However, the HHS Office of Inspector General (OIG) is providing flexibility for healthcare providers to reduce or waive cost-sharing for telehealth visits paid by federal healthcare programs.”

Concerns for primary care practices of course are readiness for real-time audio/video consults, largely addressed by permitting telephones to be used, as well as Skype and FaceTime, and what services (routine care and COVID-19 diagnosis) will be offered to patients.

This significant expansion will remain in place until the end of the emergency (PHE) as determined by the Secretary of HHS.

In 2019, CMS also expanded telehealth in certain areas, such as Virtual Check-Ins, which are short (5-10 minute) patient-initiated communications with a healthcare practitioner which can be by phone or video/image exchange by the patient. This could be ideal for wound care where this Editor has observed, in one of her former companies, how old phones are utilized to send wound images to practices for an accurate ongoing evaluation via special software. E-Visits use online patient portals for asynchronous, non-face-to-face communications, initiated by the patient. These both require an established physician-patient relationship. Further details on both of these are in the Fact Sheet, the FAQs, and the HHS Emergency Preparedness page with links.

The American Medical Association issued a statement today approving of the policy changes, and encouraged private payers to also cover telehealth. The American Telemedicine Association didn’t expand upon its 5 March statement praising the passage of the Act but advocated for increased cross-state permission for telehealth consults.

Additional information at HISTalk today and Becker’s Hospital Review.

$8bn COVID-19 supplemental funding House bill waives telehealth restrictions for Medicare beneficiaries (US)

The House of Representatives, which controls appropriations, has passed H.R. 6074, the Coronavirus Preparedness and Response Supplemental Appropriations Act. The bill provides $8.3 billion in new funding that includes a significant telehealth waiver for Medicare. From the bill summary on

Within the Department of Health and Human Services (HHS), the bill provides FY2020 supplemental appropriations for

the Food and Drug Administration,
the Centers for Diseases Control and Prevention,
the National Institutes of Health, and
the Public Health and Social Services Emergency Fund.

In addition, the bill provides supplemental appropriations for

the Small Business Administration,
the Department of State, and
the U.S. Agency for International Development

The supplemental appropriations are designated as emergency spending, which is exempt from discretionary spending limits.

The programs funded by the bill address issues such as

developing, manufacturing, and procuring vaccines and other medical supplies;
grants for state, local, and tribal public health agencies and organizations;
loans for affected small businesses;
evacuations and emergency preparedness activities at U.S. embassies and other State Department facilities; and
humanitarian assistance and support for health systems in the affected countries.

The bill also allows HHS to temporarily waive certain Medicare restrictions and requirements regarding telehealth services during the coronavirus public health emergency.

Sponsored by retiring Rep. Nita Lowey (D-NY), it was introduced and passed in the House 415-2.

In the text of the bill, the telehealth-pertinent portion permitting CMS to waive restrictions on telehealth for Medicare beneficiaries during this emergency is Division B, Sections 101-102. This cost is estimated at $500 million by The Hill.

The bill went to the Senate yesterday (4 Mar) for final approval. There is already an amendment proposed by Senator Rand Paul (R-KY) to offset the $8 bn of the bill with unobligated, non-health related foreign aid funds (FreedomWorks). Whether this is the ‘offset’ for telehealth that is mentioned in The Hill as under negotiation is not revealed.

The American Telemedicine Association (ATA) approved of the waiver. Ann Mond Johnson, the ATA’s CEO, urged “CMS to implement its waiver authority as soon as possible to ensure health care providers understand any requirements and help speed the deployment of virtual services” and pledged “The ATA and its members will continue to work with federal and state authorities, including HHS and the CDC, to address the COVID-19 outbreak and ensure resources are appropriately deployed for those individuals in need of care and help keep health care workers safe.” ATA press release, Hat tip to Gina Cella for the ATA heads-up

News roundup: Proteus may be no-teous, DOJ leads on Google-Fitbit, HHS’ mud fight, Leeds leading in health tech, malware miseries, comings and goings

Proteus stumbles hard, cuts back. The original ‘tattle-tale pill’ company, Proteus Digital Health, plans to lay off 292 people in the San Francisco Bay Area and to permanently close its three Redwood City and Hayward locations, starting 18 January, according to notices sent to California state and local offices, including the state employment development department. It is unclear where Proteus will be located after the closures.

This followed after Proteus failed to launch a twelfth funding round of $100 million. According to reports, they furloughed most of their employees for two weeks in November and are reorganizing. This is after a substantial number of investors have put in about $487M in funding through a Series H (Crunchbase), including a game-changing investment by Novartis dating back to 2010.  Proteus achieved unicorn status about three years ago, but its high-priced pill tracking technology with a pill sensor tracked by a skin-worn monitor reporting into a smartphone has a built-in limited market to expensive medication. Otsuka Pharmaceutical in 2017 partnered with Proteus for an FDA-cleared digital medicine system called Abilify MyCite that basically put an off-patent behavioral drug back into a more expensive tracking methodology. But Proteus remains a great idea on tracking compliance in search of a real market, and may not have much of a future. San Jose Mercury News, CNBC

But ingestible detectable pills are still being tested. On Monday, as Proteus’ bad news broke, eTectRx announced its FDA clearance of the ID-Cap System and its testing at Brigham and Women’s Hospital and Fenway Health, focusing on HIV medication when used for treatment and prevention. Release, HISTalk

Department of Justice taking the lead on scrutinizing Google’s Fitbit acquisition. The Federal Trade Commission also sought jurisdiction over the transaction. According to the New York Post, “both agencies are concerned that a Google-owned Fitbit would give the search giant an even bigger window into people’s private data, including sensitive health information, sources said. Under the Hart-Scott-Rodino Act, all large mergers must file proposals with both the DOJ and the FTC, but only one antitrust agency reviews the merger.”

Coal from stockings being thrown about at HHS. According to POLITICO and the New York Times, the disagreements between Seema Verma, the head of the Centers for Medicare and Medicaid Services (CMS), and the Cabinet-level Secretary of Health and Human Services (HHS), Alex Azar, have boiled over, enough to have to be settled by the President’s acting chief of staff, Mick Mulvaney. According to the Times, both President Trump and VP Mike Pence have told them to find a way to work together. Both are administration appointees, but President Trump has not been reluctant to cut a mis-performing or overly contrary appointee loose. The latest salvo from those obviously not on Ms. Verma’s side was the revelation that she requested compensation for jewelry stolen on a business trip, contrary to government policy of course. She was compensated for other items which is standard. (Isn’t that what homeowners’ insurance is for? And what sensible person actually travels with valuable jewelry?) Under Ms. Verma, CMS has been quite progressive in developing new business models in Medicare fee-for-service, moving providers to two-sided risk, and innovating in both Medicare and Medicaid. It will either be settled, or one or both will be gone. Pass the popcorn.

Leeds picks up another health tech company. Mindwave Ventures is opening an office there, as well as appointing Dr Victoria Betton and Dr Janak Gunatilleke to the roles of chief innovation officer and chief operating officer. Mindwave develops technologies around digital products and services in healthcare and health research. Leeds reportedly is home to over 250 health tech companies and holds an annual Leeds Digital Festival in the spring [TTA 11 April].

Ransomware attack hits Hackensack Meridian. Systems were down for about a week. While this large New Jersey health system hasn’t admitted it, sources told the Asbury Park Press that it was ransomware. And if it’s not ransomware, its Emotet and Trickbot. Read ZDNet and be very apprehensive for 2020, indeed, as apparently healthcare is just one big target.

Comings and Goings: There may be some end of year bombshells, but after last week’s big news about John Halamka, it’s been fairly quiet. Paul Walker, whom this Editor knew at New York eHealth Collaborative, has joined CommonWell Health Alliance as executive director. Mr. Walker was most recently Philips Interoperability Solutions’ vice president of strategy and business development. CommonWell’s goal is improving healthcare interoperability and its services are used by more than 15,000 care provider sites nationwide. Blog release, Healthcare Innovation ….Dr. Jacqueline Shreibati, the chief medical officer for AliveCor, is joining Google Health in the health research area. Mum’s the word when it comes to Fitbit (see above). CNBC ….Peter Knight has pleaded guilty to falsifying educational credentials to gain his position as chief information and digital office at Oxford University Hospitals NHS Foundation Trust. He held that position from August 2016 until September 2018. BBC News

The Theranos Story, ch. 61: Elizabeth Holmes as legal deadbeat

Did her lawyers expect otherwise? This weekend’s news of Elizabeth Holmes’ legal team at Cooley LLP withdrawing their representation services due to non-payment should not have caused much surprise. Cooley’s attorney team petitioned the court to withdraw from the case, stating that “Ms. Holmes has not paid Cooley for any of its work as her counsel of record in this action for more than a year.”

Cooley was representing Ms. Holmes in a class-action civil suit in Phoenix brought against her, former Theranos president Sunny Balwani, and Walgreens, charging fraud and medical battery. (When they withdraw, will she seek public representation based on poverty?)

Perhaps Ms. Holmes is the one who’s setting priorities, as the civil suit would be for monetary damages, and no money means there will be none for the plaintiffs to collect. The DOJ charges are a different story. She is on the hook for nine counts of wire fraud and two counts of conspiracy related to her actions at Theranos. Conviction on these could send her to Club Fed for 20 years plus a fine of $250,000 plus restitution for each charge. [TTA 16 June]

Last Wednesday, both Ms. Holmes and lawyers for her and Mr. Balwani were in Federal court in San Jose on the wire fraud and conspiracy charges, demanding that the government release documents from the Food and Drug Administration (FDA) and the Centers for Medicare and Medicaid Services (CMS) that allegedly would clear them. After an hour, Judge Davila set 4 November as the next hearing date. 

Defending oneself does not come cheap, but after your company’s value crashes to $0 from $9bn, one might be looking for change in your Roche-Bobois couch and wondering if your little black Silicon Valley-entrepreneur formal pantsuit/white shirt ensembles will last through the trial. CNBC 2 Oct, CNBC 4 OctFox Business, Business Insider

CMS’ three new proposed telehealth codes, changes on inclusions, in 2020 Medicare Physician Fee Schedule (US)

A little-noticed part of the Center for Medicare & Medicaid Services’ (CMS) annual proposed Physician Fee Schedule rule (Federal Register) for Medicare payments is that CMS on its own, without any provider requests (surprisingly), has proffered three new reimbursement codes, all centered on opioid use treatment:

HCPCS code GYYY1: Office-based treatment for opioid use disorder, including development of the treatment plan, care coordination, individual therapy and group therapy and counseling; at least 70 minutes in the first calendar month.

HCPCS code GYYY2: Office-based treatment for opioid use disorder, including care coordination, individual therapy and group therapy and counseling; at least 60 minutes in a subsequent calendar month.

HCPCS code GYYY3: Office-based treatment for opioid use disorder, including care coordination, individual therapy and group therapy and counseling; each additional 30 minutes beyond the first 120 minutes (List separately in addition to code for primary procedure).

These are classified as Category 1 as they are similar to services already offered under telehealth, so are likely to go into effect on 1 January.

This adds to telehealth services under the SUPPORT Act that removed the geographic limitations for telehealth services furnished to individuals diagnosed with a substance use disorder (SUD). effective 1 July.

Most telehealth services to beneficiaries (Medicare-speak for patients) eligible for reimbursement are limited to qualifying rural areas or one of eight types of qualifying sites and the practitioners are included in one of ten categories of distant site practitioners eligible to furnish and receive Medicare payment for telehealth services. Services also have to be through real-time audio/video and the code (Current Procedural Terminology (CPT)/Healthcare Common Procedure Coding System (HCPCs) are included under Medicare.

Comments on the Rule are accepted through 5pm on 27 September. National Law Review has the details for filing comments here.