Medical Information on 25,000 People Stolen

Computerworld is reporting that “the theft of a computer from the office of an Ohio-based health care contractor on Nov. 23 has exposed sensitive data belonging to tens of thousands of patients in five health care firms across five states.” They add that “the compromised data includes the names, addresses, medical record numbers, diagnoses, treatment information and Social Security numbers of the patients.”

One under-recognized problem with our complex health care system is that information has to be shared by many parties. Here are a few of them: health care providers, insurance companies, bill processing vendors, data analysis/reporting services, utilization management companies, and specialty vendors (e.g. psychiatic care management services).

This creates a proliferation of personal data across a series of computer systems, amplifying the risk for theft or accidental loss of personal data. In many cases thieves are only interested in stealing the hardware, but wind up with personal information on their hands.

The Privacy Rights Clearinghouse tracks the loss of personal data, much of which involves health and insurance information. In one well-known case, a laptop belonging to Marsh CS Stars disappeared with information on over 200,000 insurance claimants . In another, a data entry person in India stole personal claims data and used it in an attempt to force her employer’s U.S. client to reimburse her money she felt she was owed. Hospitals and health care companies have also been affected.

Other incidents of health or insurance data breached involved the California Department of Health Services, Christus St. Joseph Hospital, University of Florida Health Sciences Center, Ohio State University Medical Center, University of Tennesee Medical Center, and Keck School of Medicine at USC.And that’s just for one year.

These incidents will continue. For legal reasons, players in the health & insurance arena will need to demonstrate that they made serious efforts (under the “prudent person” principle) to protect personal data. Insurers who provide E&O and other coverage may also want to review their underwriting practices, particularly regarding the storage of personal information on laptops that are more easily misplaced or stolen.

That’s a form of ‘insurance portability’ that nobody needs.

Eli Lilly Settles Zyprexa Claims, But Still Has Problems

Eli lilly made a move to settle 18,ooo claims that it failed to adequately warn users that Zyprexa can cause diabetes.  It still faces 1,200 personal injury claims and some threatened lawsuits from state attorneys general.

On the plus side for Lilly, for the most part they’ve been able to avoid banner headlines over this suit.  The press hasn’t been as interested in this case as might have been expected with a big number like 18,000.

State-Level Action Roundup

While many eyes are focused on Washington, D.C. and the new Congress, there has been a lot of healthcare action at the state level. Here’s a quick roundup:

• Gov. Schwarzenegger is due to introduce his health plan on Monday. According to this article, it may include some interesting ideas about acknowledging and redistributing the “invisible tax” created by the use of health services by the uninsured;
• Rubber, meet road: The much-lauded Massachusetts mandated coverage plan (which I have concerns about) is going into effect. It will be interesting to see how the enrollment process unfolds. Tax penalties for individuals go into effect in July.
• NY Gov. Spitzer discussed some of his health care plans, including coverage for all the state’s children and a program to enroll all eligible adults in Medicaid.
• There was lots of health care talk as the Missouri Legislature opened its new session.

It will be interesting to see whether a center of gravity forms in the healthcare policy debate – and, if so, whether it is at the state or Federal level.

Wellpoint vs. Kaiser? More News On Policy Cancellations in CA

We recently wrote about Kaiser’s push to work with state regulators on developing “standards to protect its members from unfair cancellations” of health insurance coverage. This move puts Kaiser at odds with Wellpoint/Blue Cross of California and other major insurers, who contend that there is no problem and that the complaints they’ve received are politically motivated.

Wellpoint’s legal troubles in this area may be getting worse. (Wellpoint is Blue Cross of California’s parent company.) The Los Angeles Times writes:

California’s largest physician organization on Tuesday asked to join patients in a class-action lawsuit alleging that Blue Cross illegally dumps policyholders after authorizing expensive medical treatment and then refuses to pay the bills.

California’s hospitals have already filed a class-action suit, and asked that it be joined with the suit filed by Wellpoint members whose policies were cancelled.

What’s drawing these providers into the Wellpoint case are the unpaid bills for medical services rendered to these members before Wellpoint disenrolled them. Wellpoint contends that these members were not properly enrolled because they failed to disclose pre-existing medical conditions, and therefore it has no obligation to pay. The members – and now the doctors and hospitals – argue that Wellpoint use trivial arguments and faulty reasoning to disenroll these members and avoid paying the bills. Also at issue is California’s law protecting health plan members.

By implication, at least, Kaiser is suggesting that it agrees with the disenrolled members and these provider groups. That puts Wellpoint in a tough spot, and creates pressure to offer more concessions in the ongoing negotiations over this suit. It also suggests that similar negotiations with attorneys representing the doctors and hospitals may follow.

And politically, Kaiser may have just scored some points at its rival’s expense.