Tag Archives: Goodman

Cyber Attacks Shift to Small Businesses

Small- and mid-sized businesses (SMBs) are increasingly at risk for data breach class-action lawsuits that typically have targeted large corporations.

Large companies are learning to address cyber threats. Hackers are responding by setting their sights on SMBs. So it’s simply more productive and efficient to attack poorly protected companies that could take weeks or even months to notice they’ve been breached.

As the risk of exposure moves downstream, the associated class-action lawsuits surely will follow. Statistics from the Identity Theft Resource Center show that the number of data breaches reported in 2016 exceeded 2015 levels by 40%, a worrying trend for those in the small business sector that likely will bear a greater percentage of those breaches going forward. The data stores held by SMBs may be smaller, but they’re no less rich in value to hackers. They contain financial data, healthcare information and other tantalizing personal details.

Security falls short

Unfortunately, because SMBs often lag behind larger companies in the sophistication and scope of their defensive measures, they’re much more susceptible to litigation centered on charges of negligence or a lack of due diligence. Exposures in the SMB sector also could go undetected for long periods, leaving more records vulnerable and increasing the size of the victim pool that may be interested in suing.

See also: The Key to Survival in Wild West of Cyber  

Smaller firms’ responses to the risk of cyber attack and litigation depend largely on their industry. Even the smallest healthcare entities are typically well-adapted to address potential data breaches and cyber risks. Long-standing mandates such as HIPAA — as well as a robust, centralized breach-reporting mechanism — have made companies in the medical space a little paranoid about their heavily regulated environment.

Behind the curve

Other small business sectors aren’t as prepared for the risk of a breach. Outside healthcare, the professional services industry, including legal and accounting, is much less aware of where threats exist or how to mitigate them. Many small firms don’t understand their responsibilities regarding data privacy or how data breach notification laws apply to them. Without a good awareness of data privacy concerns, obligations and solutions, these businesses are easy targets for any hacker who happens upon them.

Litigation bills add up

Data-breach class-action lawsuits can result in million-dollar judgments, but devastating costs may be incurred even if a settlement never materializes. A breached small business still needs to defend itself against litigation, and that takes money. Between legal counsel, forensic investigations, data recovery and any other steps the company may be required to take, the company is likely to incur significant financial penalties no matter which way the lawsuit goes.

See also: Can Trump Make ‘the Cyber’ Secure?  

Some SMBs are realizing they aren’t prepared for a cyber attack. The truly savvy ones are waking up to the prospect that, just as with the professional and employment liability insurance they already have, it would be wise to pursue coverage to defer defensive and recovery costs around their cyber liabilities. With the specter of more breaches — and more class-action lawsuits — coming down the pipeline, SMBs must find a way to minimize the threat of exposures while also putting protective measures in place should they find themselves facing litigation.

This article was originally posted on ThirdCertainty. It was written by Eduard Goodman.

The Basic Problem for Health Insurance

The health insurance market is changing. And the changes are not good. Even before there was Obamacare, most insurers most of the time had perverse incentives to attract the healthy and avoid the sick. Now, the perverse incentives are worse than ever.

Writing in the New York Times, Elizabeth Rosenthal gives these examples:

  • When Karen Pineman of Manhattan sought treatment for a broken ankle, her insurer told her that the nearest in-network doctor was in Stamford, Connecticut – in another state.
  • Alison Chavez, a California breast cancer patient, was almost on the operating table when her surgery had to be canceled because several of her doctors were leaving the insurer’s network.
  • When the son of Alexis Gersten, a dentist in East Quogue, NY, needed an ear, nose and throat specialist, the insurer told her the nearest one was in Albany – five hours away.
  • When Andrea Greenberg, a New York lawyer, called an insurance company hotline with questions she found herself speaking to someone reading off a script in the Philippines.
  • Aviva Starkman Williams, a California computer engineer, tried to determine whether the pediatrician doing her son’s two-year-old checkup was in-network, and the practice’s office manager “said he didn’t know because doctors came in and out of network all the time, likening the situation to players’ switching teams in the National Basketball Association.”

But aren’t these insurers worried that if they mistreat their customers, their enrollees will move to some other plan? Here’s the rarely told secret about health insurance in the Obamacare exchanges: Insurers don’t care if heavy users of medical care go to some other plan. Getting rid of high-cost enrollees is actually good for the bottom line.

To appreciate how different health insurance has become, let’s compare it with the kind of casualty insurance people buy for their home or their cars.

Dennis Haysbert is the actor I remember best for playing the president of the U.S. in the Jack Bauer series, 24.  You probably know him better as the spokesman for Allstate. In one commercial, he is standing in front of a town that looks like it has been demolished by a tornado. “It took only two minutes for this town to be destroyed,” he says. He ends by asking, “Are you in good hands?”

The point of the commercial is self-evident. Casualty insurers know you don’t care about insurance until something bad happens. And the way they are pitching their products is: Once the bad thing happens, we are going to take care of you.

Virtually all casualty insurance advertisements carry this message, explicitly or implicitly. Nationwide used to run a commercial in which all kinds of catastrophes were caused by a Dennis-the-Menace type kid. In a State Farm ad, a baseball comes crashing through a living room window. Nationwide’s “Life comes at you fast” series features all kinds of misadventures. And, of course, the Aflac commercials are all about unexpected mishaps.

My favorite casualty insurer print ad is sponsored by Chubb. It features a man fishing in a small boat with his back turned to a catastrophe. He is about to go over what looks like Niagara Falls. Here’s the cutline: “Who insures you doesn’t matter. Until it does.”

Now let’s compare those messages with what we see in the health insurance exchange. Federal employees have been obtaining insurance in an exchange, similar to the Obamacare exchanges, for several decades. Every fall, during “open enrollment,” they select from among a dozen or so competing heath plans. In Washington, DC, where the market is huge, insurers try to attract customers by running commercials on TV, in print and in other venues.

If the health insurers followed the lead of the casualty insurers, their ads would focus on what could go wrong and how good they are at treating the problems. After all, why do you need health insurance? Because you might get cancer, heart disease or some other expensive-to-treat condition. And when that happens, you would like to be in a plan that give you access to the best doctors and the best facilities for your condition.

In fact, this is what you never see in a health insurance commercial in Washington, DC. There is never a mention of cancer, heart disease, diabetes, AIDS or any other serious health condition.  Instead, what you see are pictures of young healthy families. The implicit message is: If you look like the people in these photos, we want you.

What explains the difference between the health insurance and casualty insurance markets? In the latter, people pay real prices that reflect real risks. In the former, no one is paying a premium that reflects the expected cost of his care. The healthy are being overcharged so that the sick can be undercharged. So, insurers try to attract the healthy and avoid the sick.

The perverse incentives don’t end after enrollment. The incentive then is to under-provide to the sick (to encourage their exodus and avoid attracting more of them) and over-provide to the healthy (to keep the ones they have and attract even more).

Rosenthal explains what this means for people who need care:

“For some, like Ms. Pineman, narrow networks can necessitate footing bills privately. For others, the constant changes in policy guidelines — annual shifts in what’s covered and what’s not, monthly shifts in which doctors are in and out of network — can produce surprise bills for services they assumed would be covered. For still others, the new fees are so confusing and unsupportable that they just avoid seeing doctors.”

So what’s the answer? In a previous post, I argued that we can denationalize and deregulate the exchanges. And by instituting “health status insurance,” we can have a market with real prices that gives real protection to people with pre-existing conditions.

There is no reason why the health insurance marketplace cannot work just as well as the market for homeowners insurance and auto liability insurance.

This article originally appeared at Forbes.

What Is a Year of Life Worth? (Part 2)

In making decisions about medical care, everyone should factor in cost — patients, doctors health insurance companies and government. Consider two alternative procedures, A and B. If for each $1,000 spent on procedure A, patients gain one extra month of life whereas using procedure B costs $2,000 for the same gain, A should be preferred to B. By making the efficient choice, we free up money to meet other health and non-health needs.

There remains this problem, however: What if the person who makes the decision about cost is different from the person who realizes the gain? That is what gives rise to charges of “rationing” and “death panels.”

Aaron Carroll writes: “Other countries routinely use cost-effectiveness data to make decisions about health coverage. In Britain, the National Institute for Health and Care Excellence, a government agency that gives guidance about which services the National Health Service should cover, has a threshold of 20,000 to 30,000 pounds per QALY [quality-adjusted life year] — that’s about $31,000 to $47,000. The health service doesn’t make decisions on whether to cover therapies based on this number alone, but it is certainly  a factor.”

And because government healthcare budgets are strained everywhere in the world, you can be sure that the cost-effectiveness criterion is “considered” a lot.

According to a 2002 World Health Organization report, 25,000 cancer patients die prematurely in Britain each year — often because of lack of access to drugs generally available in the U.S. and Europe. (See also this 2013 NHS estimate on all causes of premature deaths.)

To use an example closer to home, in 1994 Hillary Clinton decided that as part of her own health reform, health plans would provide free mammograms only to women 50 and older — and only at two-year intervals. In contrast, the National Cancer Institute and the American Cancer Society at the time were recommending mammograms for women after 40, either annually or every other year, and yearly mammograms after 50.  Similarly, Clinton hinted that she would relax the usual recommendation of a Pap smear every year for sexually active young women. (Canada, at the time, offered the test every three years.)

While these decisions were being made, a review of the literature by Tammy Tengs and her colleagues showed that:

  • Annual mammograms for women age 55 to 64 were expected to cost $110,000 for every year of life saved.
  • Annual mammograms for women in their 40s were expected to cost $190,000 per year of life saved.

In essence, Clinton decided that the lower number was an acceptable use of money while the higher figure was not. The review of the literature on Pap smears showed that:

  • Screening young women for cervical cancer every four years costs less than $12,000 for every year of life saved — a very good deal in the risk-avoidance business.
  • The cost soars to about $220,000 per year of life saved at three-year intervals and $310,000 at two-year intervals.
  • Giving Pap smears every year (as opposed to every other year) is really expensive: $1.5 million per year of life saved.

Clearly, Clinton and her advisers thought $1.5 million was way too high.

These decisions are said to have turned the general public against Hillary Care and doomed the Clinton health reform effort. But we shouldn’t take the wrong lesson away from that experience.

Hillary Clinton was not wrong about the cut-off choices she made. She was wrong in thinking that the White House should make this decision for all the women of America. The tests involved are relatively inexpensive. They can easily be paid for from a health savings account. If not getting a test is keeping someone awake at night, then by all means she should be encouraged to spend the money and get the test.

Here are some public policy principles to guide us going forward:

  1. Wherever possible, people should make their own decisions about risk — using money from savings accounts they own and control.
  2. Doctors should be encouraged to help patients make sensible decisions based on their own knowledge of the literature on cost effectiveness. That is, doctors should be financial advisers as well as health advisers when their patients have to make choices about medical procedures.
  3. Insurance companies should be encouraged (and maybe even required) to reveal what standards they use in making decisions about coverage, and we should encourage an insurance market where people can pay higher premiums for more generous coverage – especially if they are unusually risk-averse.
  4. Government health programs should make coverage decisions that are in line with private-sector insurance. And, like private insurance, the government should announce what monetary cut-off standard it is using. But we should encourage a secondary market for “top up” insurance — for example, providing coverage for expensive cancer drugs the government refuses to cover.

In case you missed it, Chris Conover has applied cost-effective analysis to the entire Obamacare program, based on results from Massachusetts. He writes:

“…. even under the most wildly optimistic assumptions possible, Obamacare costs a jaw-dropping $224,000 per QALY. In the worst case, the costs would be as high as $1.3 million per QALY.”

He presents this chart (green = low estimate; red = high estimate):

Photo credit: Christopher Conover, Duke University

Photo credit: Christopher Conover, Duke University

What Is a Year of Life Worth? (Part 1)

Most conservatives and liberals agree that we should not consider cost in deciding whether people should undergo medical procedures that have the potential to save lives and cure diseases. Unfortunately, most conservatives and liberals are wrong.

Declaring the idea of cost-effectiveness a “forbidden topic in the health care debate,” Aaron Carroll shows just how averse we are to the idea of comparing money cost with health outcomes. It’s even written into the Affordable Care Act:

“… We in the U.S. are so averse to the idea of cost-effectiveness that when the Patient Centered Outcomes Research Institute, the body specifically set up to do comparative effectiveness research, was founded, the law explicitly prohibited it from funding any cost-effectiveness research at all. As it says on its website, ‘We don’t consider cost-effectiveness to be an outcome of direct importance to patients.’”

He gives another example:

“Take the U.S. Preventive Services Task Force, which was set up by the federal government to rate the effectiveness of preventive health services on a scale of A to D. When it issues a rating, it almost always explicitly states that it does not consider the costs of providing a service in its assessment.

“And because the Affordable Care Act mandates that all insurance must cover, without any cost-sharing, all services that the task force has rated A or B, that means that we are all paying for these therapies, even if they are incredibly inefficient.”

Here is the brutal reality: We don’t have an unlimited pile of money to spend on anything. And if we don’t pay attention to what we get for the money we spend (which has historically been the case for government regulatory agencies), we will end up spending money in ways that actually reduce life expectancy for the average American. In a 1996 study for the National Center for Policy Analysis, Tammy Tengs found that:

  • By spending $182,000 every year for sickle cell screening and treatment for black newborns, we add 769 years collectively to their lives at a cost of only $236 for each year of life saved.
  • By spending about $253 million a year on heart transplants, we add about 1,600 years to the lives of heart patients at a cost of $158,000 per year of life saved.
  • Equipping 3% of school buses with seat belts costs about $1.6 million a year, but this effort will save less than one life-year, so the cost is about $2.8 million per year of life saved.
  • We spend $2.8 million every year on radionuclide emission control at elemental phosphorus plants (which refine mined phosphorus before it goes to other uses), but this effort will save at most one life every decade, so the cost is $5.4 million per year of life saved.

Tengs, along with Professor John Graham and a team of researchers at the Harvard Center for Risk Analysis, systematically gleaned from the literature annual cost and lifesaving effectiveness information for 185 interventions. Some of these interventions had been fully implemented, some partially implemented and some not implemented all. The researchers then asked: What if we reallocated funds from regulations and procedures that give us a low rate of return to those procedures that give us a high one?

  • The 185 interventions cost about $21.4 billion a year and saved about 592,000 years of life.
  • If that same money had been spent on the most cost-effective interventions, however, more than 1.2 million years of life could have been saved — about 638,000 more years of life than under the status quo.
  • Implementing the more cost-effective policies, therefore, could save twice as many years of life at no additional cost.

This same principle applies to health insurance. Unless you want your premium to go through the roof, you should choose an insurer that follows a reasonable standard for what care is covered. But that brings us back to Carroll’s point. How are you to know what standard your insurer is using if the whole subject is a “forbidden topic”?

A few years ago, Time Magazine reported that $50,000 for a year of life saved is

“… the international standard most private and government-run health insurance plans worldwide use to determine whether to cover a new medical procedure…. Nearly all other industrial nations — including Canada, Britain and the Netherlands — ration healthcare based on cost-effectiveness and the $50,000 threshold.”

But a Stanford University economist calculated that the threshold for kidney dialysis for Medicare enrollees should be $129,000. Mark Pauly and his colleagues suggested a standard of $100,000 in Health Affairs. Economists generally believe that such standards should be based on the implicit values people reveal when they make choices between money and risk in the job market and make choices as consumers. Studies show that the implicit “value of a statistical life year,” to use a term of art, ranges from $50,000 to $150,000. As Pam Villarreal, Biff Jones and I explained in Health Affairs:

“This is not the amount of money that people would accept to give up their lives. It is instead the implicit value that people place on their lives when making choices between additional risk and money, when the risks involved and the amount of compensation needed to induce people to accept those risks are both small.”

For the many problems involved in arriving at a figure, see a review by Ike Brannon. For an extension of the idea to “quality adjusted life years,” or QALYs, see Aaron Carroll’s discussion and links to the literature. The main point there is that a year spent on a respirator shouldn’t count anywhere near as much as a year doing normal activities.

There remains the question of “rationing” and “death panels.” I’ll address that in a future post.

This article first appeared on Forbes.com.