From the Gist Weekly team at Kaufman Hall
Welcome back to another Gist Weekly! Please subscribe to receive this weekly via email.
In the News
What happened in healthcare recently—and what we think about it.
- Congressional hearings on Change cyberattack underway. On Tuesday, the House Energy and Commerce Committee held the first of what’s anticipated to be several congressional hearings investigating the Change Healthcare cyberattack and parent company UnitedHealth Group (UHG)’s response. The hearing called in experts to quantify the impact of the cyberattack, analyze what’s known about UHG’s response, and identify vulnerabilities in both Change and the healthcare industry that could be targeted by future cyberattacks. Several representatives expressed dissatisfaction that UHG did not send anyone to testify on its behalf, although UHG CEO Andrew Witty is expected to appear before the Senate Finance Committee later this month.
- The Gist: It’s no surprise that the massive scale and ensuing widespread impact of the Change hack is fueling increased congressional attention to the topic of healthcare cybersecurity. There are now calls for both legislation and stronger rulemaking governing the issue, which may result in changes to regulatory and oversight structures. The Department of Health and Human Services released a healthcare cybersecurity framework in December, which focused largely on provider organizations and only included voluntary performance goals. President Biden’s proposed 2025 fiscal year budget is requesting $1.3B in Medicare payment incentives to strengthen hospital cybersecurity programs. The American Hospital Association has said it will work with federal authorities to advance cybersecurity protections, but cautioned against any measures that put the onus solely on hospitals and fail to include sufficient financial support.
- Elevance partners with private equity firm to launch primary care platform company. On Monday, health insurer Elevance Health announced a strategic partnership with private equity (PE) firm Clayton, Dubilier and Rice (CD&R) to improve primary care delivery by using their respective assets to form a new platform company, which has yet to be named. Elevance’s health services business Carelon Health, which includes 38 clinics operating in eight states and Washington, DC, will work with CD&R’s primary care portfolio companies apree health, a digital health navigator, and Millenium Physician Group, whose platform serves 900 providers across multiple states. Together, these companies will offer an advanced primary care model that includes provider enablement, personalized navigation, enhanced digital access, and specialized services for higher needs populations. The new offering, which will be payer agnostic, aims to serve about one million consumers when fully operational. The deal requires regulatory approval and financial terms were not disclosed. The subsidiary companies involved in the partnership will continue to offer existing services separately.
- The Gist: Elevance’s partnership with CD&R evokes similarities to fellow large health insurer Humana’s partnerships with PE firm Welsh, Carson, Anderson & Stowe to expand Humana’s CenterWell primary care clinics. Elevance appears to be building on an existing relationship with CD&R, having worked with the PE firm to launch apree health in 2022, formed when Vera Whole Health merged with Castlight Health. A primary care physician enablement platform seems in line with Elevance’s value-based care strategy of supporting providers taking on downside risk. It may offer Elevance a path further into care delivery that doesn’t rely on directly acquiring or employing physicians, as some of its competitor health insurers have opted to do.
- CMS Administrator signals more prior authorization rules may be coming. At the American Hospital Association’s annual conference on Monday, Centers for Medicare and Medicaid Services (CMS) Administrator Chiquita Brooks-LaSure indicated that the agency is considering further action to regulate health insurers’ prior authorization requirements, although she did not provide specifics on what may be coming. In January, CMS issued a final rule intended to speed up the resolution of prior authorization requests. Brooks-LaSure also called for health insurers to make changes on their own to reduce prior authorization complexity, which some payers have at least announced plans to do.
- The Gist: Physician groups and healthcare organizations have long despised prior authorization processes, which have ballooned in recent years and contributed to increased practice administrative costs, provider burnout, and delays in care. Worried patients, eager to receive treatment, are often put in the position of quarterbacking a convoluted and bureaucratic appeals process. Whether through new regulation, voluntary actions by payers, or the judicious use of automation to streamline approval decisions (without enabling more unnecessary denials), there is significant room for improvement on the status quo of prior authorizations.
Plus—what we’ve been reading.
- Assessing trends in antibiotic prescriptions via telehealth. Published last week in Stat, this piece explores whether telehealth is contributing to the increasing concern of antibiotic overuse. Virtual visits, including text-based or asynchronous care interactions, have become more common in recent years. Some research has shown higher levels of antibiotic prescribing in these visits, especially for upper respiratory infections, and especially in direct-to-consumer telehealth visits as opposed to telehealth visits through a patient’s primary care practice. Certain telehealth platforms also place an increased emphasis on patient satisfaction, which may pressure providers to prescribe antibiotics to meet patient expectations. The article’s author highlights the need for updated, transparent antibiotic stewardship practices as “not all telehealth is created equal.”
- The Gist: This article highlights one way that the fragmentation of care delivery can fail to serve patients. Lacking either access to—or sufficient incentives to—consider a patient’s complete healthcare record can inhibit a provider’s ability to understand the full scope of a patient’s needs. This problem is only exacerbated in telehealth visits when a provider is also unable to do a physical examination or test for a bacterial infection.
Graphic of the Week
A key insight illustrated in infographic form.
Healthcare hacks increasing in scale
This week’s graphic highlights data from the Department of Health and Human Services on the increased number of cyberattacks hitting healthcare providers. Hacking and IT incidents, which include phishing, have increased in recent years to become the most common vector for healthcare data breaches. The scale of these hacks, in terms of numbers of records exposed, has also increased more than ten-fold increase since 2018. Given stringent regulations around healthcare data, responding to cyberattacks is complex and expensive for providers. The average healthcare data breach cost the affected party $11M in 2023, an amount about double that of a data breach in finance, the next closest industry. Accordingly, health systems are now bolstering their cybersecurity investments. A recent survey found that, on average, providers increased their IT budgets by more than 18 percent between 2019 and 2023. As malicious actors become more sophisticated in their efforts to extract healthcare data from providers and their business partners, continuing to bolster cybersecurity protections remains an essential priority for health systems in 2024.
On the Road
What we learned from our work in the real world. This week from Sarah Dawkins, Managing Director, at Kaufman Hall.
Preparing for upcoming capital spending
“We’ve been limiting our capital spend these past few years but have several large-scale strategic projects on the horizon. What’s the best way for us to access capital right now?” Many provider organizations I work with are asking variations of this same question these days. The answer is: it depends.
With capital costing more than it did back in the recent zero-interest days, and cash reserves still being important to maintain, it’s essential for each organization to think through the right way—given its current operational performance, credit rating, and asset portfolio—to access capital. This may include exploring more creative options that go beyond the balance sheet, like monetizing assets or assessing joint venture/partnership options. Each organization is going to have to make its own decisions regarding the level of control it wants to have, along with the level of risk tolerance for both rates and pressure on its rating that it’s willing to accept. If your healthcare organization is currently thinking through the pros and cons of various financing channels to access for your future borrowing or capital needs, please don’t hesitate to reach out.
On Our Podcast
Gist Healthcare Daily—all the headlines in healthcare policy, business, and more, in ten minutes or less every weekday morning.
In addition to the news discussed above, our Gist Healthcare Daily podcast covered many of the week’s other big stories, including rumors that patient data stolen from Change Healthcare is being ransomed, Medicare's anticipated spending on Alzheimer’s drug Leqembi, and Cerebral's $7M Federal Trade Commission settlement.
To stay up to date, be sure to join us each weekday morning. Subscribe on Apple, Spotify, Google, or wherever fine podcasts are available.
Thanks for taking the time to read another edition. We’ll see you back here next Friday! In the meantime, if you’d like to peruse past editions of this newsletter, please visit our archive.
Best regards,
The Gist Weekly team at Kaufman Hall
