health insurance
Subscribe to health insurance's Posts

Digital Health at Scale: The Payor Perspective

The COVID-19 pandemic has catalyzed efforts by health insurers to expand reimbursement for telehealth services and digital health tools, and develop and invest in their own digital health technology. Health insurers, who increasingly play a hybrid role of payor, innovator and provider, have a vested interest in helping consumers manage chronic diseases and engage in preventive care from home, both during the public health emergency and after.

Joined by leaders from Humana, Oscar, and Medorion, we discussed the role of health insurers in the evolving digital health market, reimbursement pathways for digital tools and innovative partnerships between technology companies and health insurers. Click here to listen to the webinar recording, and read on for highlights from the program.

PROGRAM INSIGHTS

  • COVID-19 has accelerated the integration of digital health into the traditional health insurance framework. Pre-COVID-19, health insurers were using digital health tools to help their members find providers, access care and manage health conditions. COVID-19 has hastened health plans’ efforts toward vertical integration of digital health technology. Health insurers at the forefront of this effort are focused on creating a consumer-centric, digitally enabled and fully integrated healthcare ecosystem to enhance the member experience, bend the cost curve and carve out an essential (and expanded) role for themselves in the future of healthcare. As consumer behavior continues to change as a result of COVID-19, health insurers will have to be responsive to the way their members are getting care and interacting with the healthcare system.
  • Health insurers are uniquely situated to leverage digital health technologies. Data-driven technology is only as good as the data behind it. Due to the critical role health insurers play in paying for healthcare services, they have insight into member patterns of care and utilization that can be used to target interventions, influence member decision-making and improve health. Investments in digital tools and analytics, as well as strategic partnerships with technology companies, will allow for increased leverage of this valuable data, improved integration of member health information and enhanced member engagement.
  • Interoperability with existing health IT systems is crucial to break down barriers to digital health implementation. Healthcare has been grappling with data interoperability challenges for decades. To scale and make the information from digital tools actionable as part of a larger care plan, digital health platforms must also be interoperable with existing health IT systems. Interoperability will also allow insurers to gather a more complete picture of a member’s longitudinal health data and enable them to better support member health.
  • Health insurers and their legal teams will need to remain nimble amidst the rapidly changing regulatory environment. Keeping up with changing regulations during the COVID-19 public health emergency while planning to scale up in terms of technology implementations is a delicate balance. Though federal, state and local agencies appreciate that digital health tools and telemedicine have much potential in terms of patient care, health insurance companies remain vigilant of privacy and security risks and continue to be constrained in their [...]

    Continue Reading



read more

States Respond to Recent Breaches with Encryption Legislation

In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social security numbers, addresses and health information.  New Jersey joins a growing number of states (including California (e.g., 1798.81.5), Massachusetts (e.g., 17.03) and Nevada (e.g., 603A.215)) that require organizations that store and transmit PII to implement data security safeguards.   Massachusetts’ data security law, for example, requires any person or entity that owns or licenses certain PII about a resident of the Commonwealth to, if “technically feasible” (i.e., a reasonable technological means is available), encrypt information stored on laptops and other portable devices and encrypt transmitted records and files that will travel over public networks.  Unlike Massachusetts’ law New Jersey’s new encryption law only applies to health insurance carriers that are authorized to issue health benefits in New Jersey (N.J. Stat. Ann. §  56:8-196) but requires health insurance carriers to encrypt records with the PII protected by the statute when stored on any end-user systems and devices, and when transmitted electronically over public networks (e.g., N.J. Stat. Ann. § 56.8-197).

At the federal level, the Health Insurance Portability and Accountability Act (HIPAA) already requires health plans, as well as other “covered entities” (i.e., health providers)  and their “business associates” (i.e., service providers who need access to a covered entity’s health information to perform their services), to encrypt stored health information or health information transmitted electronically if “reasonable and appropriate” for them to do so (45 C.F.R. §§ 164.306; 164.312).  According to the U.S. Department of Health and Human Services, health plans and other covered entities and their business associates should consider a variety factors to determine whether a security safeguard is reasonable and appropriate, including: (1) the covered entity or business associate’s risk analysis; (2) the security measures the covered entity or business associate already has in place; and (3) the costs of implementation (68 Fed. Reg. 8336).  If the covered entity or business associate determines that encryption of stored health information or transmitted information is not reasonable and appropriate, however, the covered entity or business associate may instead elect to document its determination and implement an equivalent safeguard.

The New Jersey law and the Connecticut proposal appear to reflect a legislative determination that encryption of stored or transmitted health information is always reasonable and appropriate for health plans to implement, regardless of the other safeguards that the health plan may already have in place.  As hackers become more sophisticated and breaches more prevalent in the health care industry, other states may follow New Jersey and Connecticut by expressly requiring health plans and other holders of health care information to implement encryption and other security safeguards, such as multifactor authentication or minimum password complexity requirements.  In fact, Connecticut’s Senate [...]

Continue Reading




read more

STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law