RISE summarizes recent regulatory-related headlines.
California DMHC, Kaiser Permanente reach $200M settlement to overhaul plan’s behavioral health care services
The California Department of Managed Health Care (DMHC) recently announced a settlement agreement with Kaiser Foundation Health Plan, Inc. (Kaiser Permanente) to make significant changes to the plan’s delivery of behavioral health care services. The settlement agreement includes a $50 million fine and requires Kaiser Permanente to take corrective action to address deficiencies in the plan’s delivery and oversight of behavioral health care to enrollees.
Kaiser Permanente has also pledged to make additional significant investments, totaling $150 million over five years, into programs to improve the delivery of behavioral health services for all Californians beyond Kaiser Permanente’s existing obligations to its members under the law.
“With this historic agreement, Kaiser Permanente will undertake a systemic overhaul and transformational change of the plan’s behavioral health care delivery system to improve enrollee experiences, access to care and treatment outcomes. I appreciate Kaiser working proactively and in good faith to reach this agreement for the benefit of its members,” said DMHC Director Mary Watanabe, in the announcement. “In addition to paying the highest fine the DMHC has ever levied against a health plan, Kaiser Permanente has agreed to make significant improvements to the plan’s operations, processes and procedures and business model to better assist enrollees with accessing care. The DMHC is committed to using its full authority to hold Kaiser accountable and ensure enrollees have access to behavioral health care when they need it.”
The agreement relates to an enforcement investigation and a non-routine survey conducted by DMHC. Collectively, these regulatory actions identified several violations and deficiencies in the plan’s provision of behavioral health care services to enrollees including issues identified in providing timely access to care, oversight of the plan’s providers and medical groups, network adequacy, conformity to mental health parity, and grievances and appeals, among many other issues.
The DMHC’s actions found Kaiser Permanente canceled behavioral health appointments and, in many cases, did not provide enrollees with behavioral health appointments that met timely access and clinical standards that were still required regardless of a strike by mental health clinicians that was initiated in August of 2022. DMHC also found violations in the plan’s behavioral health care delivery system including a shortage of contracted high-level behavioral health care facilities in the plan’s network, inadequate oversight of the plan’s medical groups in evaluating appropriate care, not making out-of-network referrals consistent with requirements under the law when in-network providers are not available, and inadequate handling of enrollee grievances.
Under the settlement agreement, Kaiser Permanente will hire an outside consultant to focus on corrective actions to help ensure enrollees receive timely access to medically necessary behavioral health care services. The consultant will provide expert guidance and aid Kaiser Permanente’s Behavioral Health Quality Assurance program in ensuring that effective action is taken to improve care where deficiencies are identified in service areas, including accessibility, availability, and continuity of care.
WHO outlines potential regulations of AI for health
A new World Health Organization (WHO) publication outlines key principles that governments and regulatory authorities can follow to develop new guidance or adapt existing guidance on artificial intelligence (AI) for health at national or regional levels.
While acknowledging the ability of AI to transform the health industry and potentially enhance health outcomes, WHO also noted that the rapid deployment of these technologies without a full understanding of how they may perform has the potential to harm health care professionals and patients. When using health data, AI systems could have access to sensitive personal information, necessitating robust legal and regulatory frameworks for safeguarding privacy, security, and integrity.
AI systems are complex and depend not only on the code they are built with but also on the data they are trained on, which comes from clinical settings and user interactions. Better regulation can help manage the risks of AI amplifying biases in training data. For example, WHO said it can be difficult for AI models to accurately represent the diversity of populations, leading to biases, inaccuracies, or even failure. To help mitigate these risks, regulations can be used to ensure that the attributes–such as gender, race, and ethnicity–of the people featured in the training data are reported and datasets are intentionally made representative.
“Artificial intelligence holds great promise for health, but also comes with serious challenges, including unethical data collection, cybersecurity threats, and amplifying biases or misinformation,” said WHO Director-General Dr. Tedros Adhanom Ghebreyesus in the announcement. “This new guidance will support countries to regulate AI effectively, to harness its potential, whether in treating cancer or detecting tuberculosis, while minimizing the risks.”
Potential areas for regulation include transparency and documentation, risk management, data validation and intended use, data quality and privacy and data protection, and collaboration between regulatory bodies, patients, healthcare professionals, industry representatives, and government partners.
Medicare pilot lowered heart disease, strokes by 4%
Medicare’s pilot program, Million Hearts® Cardiovascular Disease Risk Reduction Model, met its goal of decreasing the incidence of first-time heart attacks and strokes among high- and medium-risk Medicare fee-for-service beneficiaries over five years. Indeed, research finds that it reduced first-time heart attacks and strokes for these populations by three to four percent and reduced the death rate by more than four percent.
The study from Mathematica and Collaborators at RAND and the University of Colorado also included an analysis published by JAMA. The findings are promising for health systems that want to improve health outcomes for cardiovascular disease (CVD), the leading cause of death in the United States and worldwide, said Greg Peterson, a principal researcher at Mathematics, in an announcement. “Our findings also indirectly support clinical guidelines underpinning the model’s requirements, such as the use of routine CVD risk assessment to encourage the primary prevention of CVD.”
The findings suggest the model prevented one CVD event over five years for roughly every 250 to 400 high- and medium-risk beneficiaries enrolled, depending on the outcome definition used.
The five-year randomized trial for the Million Hearts Model involved 345 primary care practices, specialty practices, health centers, and hospital outpatient departments throughout the country, with half randomly assigned to an intervention group and half to a control group. In 2017 and 2018, the first two years of the model, the intervention and control organizations enrolled about 382,000 Medicare beneficiaries. Under the model, the Centers for Medicare & Medicaid Services (CMS) tested whether it could improve cardiovascular care and prevent first-time heart attacks and strokes by encouraging providers to use risk scores to guide their care and by paying providers to measure and reduce cardiovascular risks among their Medicare patients.
In addition to the finding about improvements to preventive care and reductions in risk, researchers also reported the model did not measurably change per capita Medicare spending, though model payments were modest ($1.24 per beneficiary per month).
HHS OCR resources to help educate patients about telehealth, PHI privacy and security risks
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), this week released two resource documents to help explain to patients the privacy and security risks to their protected health information (PHI) when using telehealth services and ways to reduce these risks.
The first resource is for health care providers on how to educate patients about privacy and security risks to PHI when using remote communication technologies for telehealth. Although health care providers are not required by the HIPAA rules to provide this education, the resource supports the continued and increased use of telehealth by providing information to help health care providers who choose to discuss telehealth privacy and security with patients. The resource provides suggestions for discussing:
- Telehealth options offered
- Risks to PHI when using remote communications technologies
- Privacy and security practices of remote communication technology vendors
- Applicability of civil rights laws
OCR also issued a resource for patients that provides telehealth privacy and security tips for patients. It provides recommendations that patients can implement to protect and secure their health information such as:
- Conduct telehealth appointment in a private location
- Turn on multi-factor authentication if available
- Use encryption when available
- Avoid public Wi-Fi networks
“Telehealth is a wonderful tool that can increase patients’ access to health care and improve health care outcomes,” said OCR Director Melanie Fontes Rainer in the announcement. “Health care providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices, so patients are confident that their health information remains private.”