Health Plan Weekly

Data breaches have been pummeling health care organizations in recent years, and 2023 has proven no exception. But the largest number of breaches — as well as the ones affecting the most people — do not appear to be occurring at health plans lately. Industry experts tell AIS Health, a division of MMIT, that this is largely because U.S. health insurers have taken significant steps to shore up their cybersecurity defenses since a massive data breach roiled three Blue Cross Blue Shield-affiliated plans in 2015.  

However, industry experts point out that even the most robust security protocols can’t prevent every attack — particularly as hackers get smarter. What’s more, soon-to-be-implemented federal regulations will ratchet up timely breach-reporting requirements on publicly traded companies. 

When asked about the COVID-19 pandemic’s impact on their employees’ health and well-being, a whopping 77% of employers surveyed by the Business Group on Health said they are currently seeing increased mental health issues in their workforce. And based on other findings in the employer coalition’s annual survey, companies are counting on their health plan partners to help them address this growing issue. 

According to Business Group on Health Vice President Brenna Shebel, “77% is a stark jump over last year,” when 44% of employers said they were seeing an uptick in conditions such as substance use disorders, depression and anxiety. This year, another 16% of employers said they anticipate seeing an increase in mental health issues in their workforces in the future, “so certainly a key finding here is the dire need for mental health services and supporting their employees as they’re navigating their myriad needs in the area of mental health,” Shebel added during an Aug. 22 virtual press event held to present Business Group on Health’s findings. 

A survey of people enrolled in Affordable Care Act marketplace plans in California found that 28% had difficulty paying their premiums in 2021, according to a study published last month in Health Affairs. While that is an improvement from 40% in a similar sample of enrollees in 2017, Vicki Fung, Ph.D., the study’s lead author, tells AIS Health that more could be done to help people choose affordable coverage and determine whether they are eligible for cost-sharing subsidies. 

Fung notes that health insurers could help people with consumers’ decisions, including coordinating with agents and brokers that insurers work with and steering people who are eligible for generous subsidies toward purchasing a similar plan via the ACA exchange rather than off-marketplace.  

The Section 1115 waiver that allows states to provide limited Medicaid coverage to incarcerated people has drawn applications from 18 states, according to KFF data from Aug. 11. Most of those states have chosen to limit the coverage to specific populations, such as incarcerated people with positive HIV/AIDS diagnoses, substance use disorder (SUD) or serious mental illness (SMI) — and experts say that the varied scope of state uptake could, over time, show which interventions are most effective in helping the vulnerable populations that the waiver is meant to serve. 

Per KFF, of the 18 states that have submitted waivers, four — California, South Carolina, Utah and Washington — have had their waivers approved. Fifteen have pending waivers. (Utah and Oregon have both submitted multiple waivers; both of Oregon’s are pending approval from CMS, while Utah has had one approved and one is still under consideration.) 

Health care breaches have exposed more than 343 million patient records since 2009, according to the HHS Office for Civil Rights. In the first half of 2023 alone, the health care sector saw 436 breaches of 500 or more records: 25 of them are now solved while the rest are under investigation.

As the health care sector has increasingly adopted digital services and moved to electronic record keeping, the number of data breaches has been rising since 2015. The median number of patients affected in each breach, which indicates the size of each breach, also increased from 2,300 in 2018 to 7,140 in 2022.

In recent years, some of the biggest breaches targeted health care providers and business associates, such as third-party administrators that assist plans with claims processing or consultants that perform utilization reviews for hospitals. Last year was the first year that business associates suffered more data breaches than any other type of health care entities.