Tag Archives: department of health

Obesity as Disease: A Profound Change

The obesity rate in the U.S. has doubled in the past 15 years. More than 50% of the population is overweight, with a BMI (body mass index) between 25 and 30, and 30% have a BMI greater than 30 and are considered obese. Less than 20% of the population is at a healthy weight, with a BMI less than 25.

On June 16, 2013, the American Medical Association voted to declare obesity a disease rather than a comorbidity factor, a decision that will affect 78 million adults. The U.S. Department of Health and Human Services said the costs to U.S. businesses related to obesity exceed $13 billion each year. With the pending implementation of ICD (International Classification of Diseases) 10 codes, the reclassification of obesity is is fast becoming a reality and will dramatically affect workers’ compensation and cases related to the American Disability Act and amendments.

Before the AMA’s obesity reclassification, ICD-9 code 278 related to obesity-related medical complications rather than to obesity. The new ICD-10 coding system now identifies obesity as a disease, which needs to be addressed medically. Obesity can now become a secondary claim, and injured workers will be considered obese if they gain weight because of medications, cannot maintain a level of fitness because of a work-related injury or if their BMI exceeds 30. The conditions are all now considered work-related and must be treated as such.

The problem of obesity for employers is not confined to workers’ compensation. The Americans with Disability Act Amendment of 2008 allows for a broader scope of protection for disabilities. The classification of obesity as a disease now places an injured worker in a protected class pursuant to the ADA amendment. In fact, litigation in this area has already started. A federal district court ruled in April 2014 that obesity itself may be a disability and will be allowed to move forward under the ADA (Joseph Whittaker v. America’s Car-Mart, Eastern District of Missouri).

Obesity as an impairment

Severe obesity is a physical impairment. A sales manager of a used car dealership was terminated for requesting accommodation and won $128,000. He was considered disabled, and the essential function of the job was walking, so he was terminated without reasonable accommodation.

The judge ruled that obesity is an accepted disability and allowed him to pursue his claim against his employer. This could have substantial impact for employers as injured workers could more easily argue that their obesity is a permanent condition that impedes their ability to return to work, as opposed to a temporary life choice that can be reversed.

The Equal Employment Opportunities Commission (EEOC) has recently chimed in on obesity. According to the EEOC, severe [or morbid] obesity body weight, of more than 100% over the norm, qualifies as impairment under the ADA without proof of an underlying physiological disorder. In the last year, we have seen an increasing number of EEOC-driven obesity-related lawsuits. Federal district courts support the EEOC’s position that an employee does not have to prove an underlying condition, especially in cases where there is evidence that the employer perceived the employee’s obesity as a disability or otherwise expressed prejudice against the employee for being obese.

Workers’ compensation claims are automatically reported to CMS Medicare with a diagnosis. When the new ICD-10 codes take effect, an obesity diagnosis will be included in the claim and will require co-digital payments, future medical care or continued treatment by Medicare.

There is good news on the horizon. Reporting of a claim only happens if there is a change in condition not primarily for obesity. It is recommended that baseline testing for musculoskeletal conditions be conducted at the time of hiring and on the existing workforce. In the event of a work-related injury, if a second test is conducted that reveals no change in condition, it results in no reportable claim and no obesity issue. In the event of ADA issues, the baseline can serve to determine pre-injury condition or the need for accommodations.

What does this mean to employers?

Obesity is now considered a physical impairment that may affect an employees’ ability to perform their jobs and receive special accommodations pursuant to the ADA.

An increasingly unhealthy workforce will pose many challenges for employers in the next few years. Those that can effectively improve the health and well-being of their employee population will have a significant advantage in reducing work comp claim costs, health and welfare benefits and retaining skilled workers.

Recent studies

In a four-year study conducted by Johns Hopkins with an N value of 7,690, 85% of the injured workers studied were classified as obese. In a Duke University study involving 11,728 participants, researchers revealed that employees with a BMI greater than 40 had 11.65 claims per 100 workers, and the average claim costs were $51,010. Employees with a BMI less than 25 had 5.8 claims per 100 workers, with average claim costs of $7,503. This study found that disability costs associated with obesity are seven times higher than for those with a BMI less than 30.

A National Institute of Health study with 42,000 participants found that work-related injuries for employees with a BMI between 25 and 30 had a 15% increase in injuries, and those with a BMI higher than 30 had an increase in work-related injuries of 48%.

The connection between obesity and on the job injuries is clear and extremely costly for employers. Many employers have struggled with justifying the cost of instituting wellness programs just on the basic ROI calculations. They were limiting the potential return on investment solely to the reduction in health insurance costs rather than including the costs on the workers’ comp side of the equation and the potential for lost business opportunities because of injury rates that do not meet customer performance expectations. Another key point is that many wellness programs do not include a focus on treating chronic disease that may cause workers to be more likely to be injured and prolong the recovery period.

Customer-driven safety expectations

There are many potential customers (governments, military, energy, construction) who require that their service providers, contractors and business partners meet specific safety performance requirements as measured by OSHA statistics (recordable incident rates) and National Council on Compensation Insurance (NCCI) rating (experience modifiers) and, in some cases, a full review by 3rd party organizations such as ISNet World.

Working for the best customers often requires that your company’s safety record be in the top 25th percentile to even qualify to bid. To be a world-class company with a world-class safety record requires an integrated approach to accident and injury prevention.

Challenges of an aging workforce

The Bureau of Labor Statistics projects that the labor force will increase by 12.8 million by 2020. The number of workers between ages 16 and 24 will decline 14%, and the number of workers ages 25 to 54 will increase by only 1.9%. The overall share of the labor force for 25- to 54-year-olds will decline from 68% to 65%. The number of workers 55 and older is projected to grow by 28%, or 5.5 times the rate of growth in the overall labor force.

Employers must recognize the challenge that an aging workforce will bring and begin to prepare their workforce for longer careers. A healthy and physically fit 55-year-old worker is more capable and less likely to be injured than a 35-year-old worker who is considered obese.

Treating chronic disease

Employers who want a healthy work force must recognize and treat chronic disease. Many companies have biometric testing programs (health risk assessments) and track healthcare expenditures through their various providers (brokers and insurance carriers).

The results are quite disappointing. On average, only 39% of employees participate in biometric screenings even when they are provided free of charge. For those employees who do participate and who are identified with high biometric risk (blood pressure, glucose, BMI, cholesterol), fewer than 20% treat or even manage these diseases.

This makes these employees much more susceptible to injury and significantly lengthens the disability period. The resulting financial impact on employers can be devastating.

Conclusion

Best-in-class safety results will require a combined approach to reduce injuries and to accommodate new classes of disability such as obesity. It is important that employers focus on improving the health and well-being of their workforce while creating well-developed job descriptions, identifying the essential functions, assessing physical assessments and designing job demands to fall within the declining capabilities of the American workers. It is important for an employer to only accept claims that arise out of the course and scope of employment. This is especially true with the reclassification of obesity as a disease. Baseline testing will play an essential role in separating work-related injuries from pre-existing conditions in this changing environment.

Why Medical Records Are Easy to Hack

If hacked credit and debit card account numbers are like gold in the cyber underground, then stolen healthcare records, containing patient information, are like diamonds.

Private details such as Social Security numbers, birth dates, physical descriptions and patient account numbers historically have been recorded on paper and stashed away in physical file folders and cabinets.

But the Internet all too rapidly has become our hub of commerce and social interaction. And that shift has included a mandate by the federal government to go paperless. The result: Healthcare records now exist in digital form, stored in ways that make them easy to hack.

Infographic: The ripple effect of medical identity theft

The criminal opportunities have not escaped organized cyber crime gangs that are stepping up hacking and stealing.

The Ponenom Institute found that many healthcare organizations get attacked multiple times each year, suffering losses ranging from several thousands of dollars to more than $1 million per incident. The total loss to the industry can be as much as $5.6 billion annually.

“In the dark Internet, there seems to be more activity around the theft of medical information, not just to commit medical identity fraud, but to farm that data for a very long time (for other purposes),” says Larry Ponemon, chairman of Ponemon Institute, which has been conducting medical identity theft research since 2010.

More: Protecting your digital footprint in the post privacy era

Stolen healthcare data can be worth 10 to 50 times more than payment card data in the cyber underground. Electronic health records fetch around $50 per record, according to the FBI. Some experts put that number as high as $500 for some type of medical records.

Credit and debit card numbers, by contrast, can sell for as little as $1 to $2 per account number.

“There’s an enormous online marketplace for these records,” says Kurt Stammberger, senior vice president of marketing at Norse, a security company that monitors malicious and criminal Internet traffic. “It’s like eBay — people bid, and there’s a ‘buy now’ price.’ ”

Costly exposures

Healthcare companies are taking major financial hits—and writing off this exposure as an extraordinary cost of doing business. Details on the pain level for breached companies are surfacing, thanks to data breach disclosure rules under the Healthcare Insurance Portability and Accountability Act (HIPAA.) For instance:

  • WellPoint, a managed-care company, settled a case with the U.S. Department of Health and Human Services for $1.7 million last year. WellPoint allegedly left electronic records of more than 600,000 people accessible over the Internet because of a security weakness.
  • New York and Presbyterian Hospital and Columbia University agreed to a $4.8 million settlement earlier this year after substandard security led to 6,800 patient records becoming accessible by search engines online.
  • Individual consumers are getting harmed financially, as well, to the tune of $12.3 billion last year. Ponemon’s 2013 Survey on Medical Identity Theft found that more than one third of victims paid an average of $18,660 out of pocket to recover from data theft. That included being compelled to reimburse healthcare providers for services supplied to an impersonator.

    Prevention hurdles

    Healthcare experts, privacy advocates and law enforcement officials acknowledge that the fundamental problem is mushrooming and won’t be easy to stabilize.

    Part of the challenge is financial. The Affordable Care Act mandates that providers expend 80% to 85% of premiums on quality care—and that doesn’t include any provisions to prevent services from going to an identity thief.

    According to Forrester Research, only 18% of healthcare organizations’ tech spending budget goes to security, compared with 21% across all sectors. And most providers plan a minimal or zero increase in budget.

    More: 3 steps for figuring out if your business is secure

    “The mission of healthcare providers is to take care of patients, and anything that can interfere with patient care takes a back seat,” says Paul Asadoorian, product-marketing manager at vulnerability management vendor Tenable Network Security. “Security is one of those things.”

    Meanwhile, individual victims of healthcare data theft can be left twisting in the wind.

    The financial services industry maintains a central database where stolen identities can be flagged; the healthcare industry has nothing of that sort. In fact, it even lacks a simple standard for authenticating the identity of anyone who steps forward to request patient care.

    There is no standardized practice for assuring the identity of a patient via an insurance ID card combined with another form of ID, observes Ann Patterson, senior vice president and program director for Medical Identity Fraud Alliance (MIFA). “That poses challenges for healthcare providers, when their main concern is quality of care,” Patterson says.

More Issues With Healthcare Privacy

Think your healthcare organization or health plan has healthcare privacy covered? Think again.

A series of supplemental guidance issued by the Department of Health and Human Services Office of Civil Rights (OCR) in recent weeks is giving healthcare providers, health plans, healthcare clearinghouses (covered entities) and their business associates even more to do. They must review and update their policies, practices and training for handling protected health information. This is beyond bringing their policies and practices into line with OCR’s restatement and update to the Omnibus Final Rule that OCR published Jan. 25, 2013.

Covered entities generally had to be in compliance by Sept. 23, 2013, but many covered entities and business associates have yet to complete the policy, process and training updates required to comply with the modifications implemented in the Omnibus Final Rule.

Even if a covered entity or business associate completed the updates, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance concerning its interpretation and enforcement of HIPAA against covered entities and business associates published by OCR since Jan. 1, 2014 alone:

·         HIPAA Privacy Rule and Sharing Information Related to Mental Health

·         Spanish Language Model Notices of Privacy Practices

·         CLIA Program and HIPAA Privacy Rule; Patients' Access to Test Reports

·         Proposed Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS)

Beyond this 2014 guidance, covered entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule, such as:

·         HIPAA Privacy Rule: Disclosures for Emergency Preparedness – A Decision Tool

·         The HIPAA Privacy Rule and Refill Reminders and Other Communications About a Drug or Biologic Currently Being Prescribed for the Individual

·         Health Information of Deceased Individuals

·         Student Immunizations

·         Model Notices of Privacy Practices (English)

With OCR stepping up both audits and enforcement and penalties for violations, covered entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, covered entities and business associates should not only carefully watch for and react promptly to new OCR guidance and enforcement actions but should document their commitment and continuing compliance and risk-management activities, while taking well-documented, reasonable steps to encourage business associates to do the same. This documentation could help demonstrate that an organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation.   

When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws, such as: the privacy and data security requirements that often apply to personal financial information; trade secrets or other sensitive data; and judicial precedent.