85 posts categorized "Health Care/EHR" Feed

Some U.S. Hospitals Don’t Put Americans First for Liver Transplants

[Editor's note: today's guest blog post, by the reporters at ProPublica, discusses a largely unknown practice by some hospitals in the health care industry. Is this practice right? Ethical? Today's post is reprinted with permission.]

By Charles Ornstein, ProPublica

Earlier this fall, a leader of the busiest hospital for organ transplants in New York state — where livers are particularly scarce — pleaded for fairer treatment for ailing New Yorkers.

“Patients in equal need of a liver transplant should not have to wait and suffer differently because of the U.S. state where they reside,” wrote Dr. Herbert Pardes, former chief executive and now executive vice president of the board at NewYork-Presbyterian Hospital.

But Pardes left out his hospital’s own contribution to the shortage: From 2013 to 2016, it gave 20 livers to foreign nationals who came to the United States solely for a transplant — essentially exporting the organs and removing them from the pool available to New Yorkers.

That represented 5.2 percent of the hospital’s liver transplants during that time, one of the highest ratios in the country.

Little known to the public, or to sick patients and their families, organs donated domestically are sometimes given to patients flying in from other countries, who often pay a premium. Some hospitals even seek out foreign patients in need of a transplant. A Saudi Arabian company, Ansaq Medical Co., whose stated aim is to “facilitate the procedures and mechanisms of ‘medical tourism,’” said it signed an agreement with Ochsner Medical Center in New Orleans in 2015.

The practice is legal, and foreign nationals must wait their turn for an organ in the same way as domestic patients. Transplant centers justify it on medical and humanitarian grounds. But at a time when President Donald Trump is espousing an “America First” policy and seeking to ban visitors and refugees from certain countries, allocating domestic organs to foreigners may run counter to the national mood.

Even beyond the realm of health care, some are questioning whether foreigners should be able to access limited spots that might otherwise be available to U.S. citizens. For instance, public colleges compensate for reductions in state funding by accepting more foreign students paying higher tuition, and critics say in-state students are being denied opportunities as a result.

Dr. Sander Florman, director of the transplant institute at the Mount Sinai Hospital in New York, said he struggles with “in essence, selling the organs we do have to foreign nationals with bushels of money.”

Mount Sinai has not performed any transplants on patients who came to this country specifically for that purpose, but it has done so for international patients here for other reasons.

Between 2013 and 2016, 252 foreigners came to the U.S. purely to receive livers at American hospitals. In 2016, the most recent year for which data is available, the majority of foreign recipients were from countries in the Middle East, including Saudi Arabia, Kuwait, Israel and United Arab Emirates. Another 100 foreigners staying in the U.S. as non-residents also received livers.

All the while, more than 14,000 people, nearly all of them American citizens, are waiting for liver transplants, a figure that has remained stubbornly high for decades. By comparison, fewer than 8,000 liver transplants were performed last year in the United States — and that was an all-time high. The national median wait time for a liver is more than 14 months, and in states like New York, the wait is far longer. (The wait for livers varies from one state to the next, depending on such factors as the number of organ donors, and the resourcefulness of organ procurement agencies.)

Many patients die before reaching the front of the line. In 2016, more than 2,600 patients were removed from waiting lists nationally because they either died or were too sick to receive a liver transplant.

Most transplant centers only serve American citizens or residents, either by happenstance or by design. Foreign transplants are concentrated among a handful of centers, including NewYork-Presbyterian, Memorial Hermann-Texas Medical Center in Houston (31 such transplants from 2013 to 2016), Ochsner (30), and Cleveland Clinic in Ohio (21).

“When you take people from other parts of the world and provide an organ transplant to them rather than someone who’s here, there’s a real cost, there’s a real life that’s lost,” said Jane Hartsock, a visiting assistant professor of medical humanities and health studies at the Indiana University School of Liberal Arts. Hartsock and her colleagues wrote a journal article published last year saying foreigners should be last in line for a transplant.

NewYork-Presbyterian said it does not advertise its transplant program to foreign patients and that the majority of the transplants it performed on foreign nationals traveling to New York for that reason — 11 of the 20 — were on children under 18.

In a statement, the hospital and its academic partner Columbia University said they follow federal guidelines. “We strongly support efforts that aim to address the critical issue of equitable distribution of livers for transplant and are working closely with a wide range of stakeholders to help increase the number of organ donor registrations in New York State.”

A spokeswoman for the Cleveland Clinic, Eileen Sheil, said her hospital does not actively seek out foreign national business and has a “thoughtful and ethical approach that is well within the rules and aligned with our overall mission for taking care of patients.” Ochsner similarly said, “patients seek out Ochsner’s expertise because of our relentless commitment to provide the highest-quality, complex care.” Memorial Hermann did not respond to requests for comment.

To be sure, the proportion of available livers that go to foreigners is tiny — slightly less than 1 percent of liver transplants nationwide from 2013 to 16. The figure appears to be dropping further in 2017. Even if all recipients were Americans, wait times would still be substantial. Moreover, foreigners queue up on the waitlist like everybody else — although it may be easier for them, since they aren’t rooted in any particular state, to choose a hospital in an area with a shorter wait, such as Ochsner. And some Americans discouraged by the lengthy wait in this country have gone abroad for transplants.

The transplant figures in this article do not include transplants involving living donors, meaning a relative or friend who donates part of his or her liver to a patient. No one interviewed for this story said it is inappropriate for a foreign national to come to the U.S. for a procedure with a living donor.

There’s also an important distinction between giving an organ to a foreigner who happens to be in the U.S. — someone on a student visa or even an undocumented immigrant — and giving one to someone flying over just for surgery. Someone in the first group would be eligible to donate an organ if something happened to them in this country; someone in the latter group would not because livers must be transplanted quickly and there wouldn’t be enough time to ship them.

“If you live in the United States, no matter what your [citizenship] status is, you could potentially be an organ donor if you get hit by a car or something happens to you,” said Dr. Gabriel M. Danovitch, medical director of the kidney and pancreas transplant program at Ronald Reagan UCLA Medical Center, who previously led the UNOS international relations committee. “But if your home is somewhere else, a long way away, there’s no way that you can be a donor or your family or your friends could be donors.

“And in some respects, when you then come to the United States, you are using up a valuable resource that is in great shortage here.”

Foreign patients generally are not entitled to the same discounts as those with private insurance or Medicare, the federal insurance program for seniors and the disabled. In 2015, for instance, the average sticker price for a liver transplant at NewYork-Presbyterian was $371,203, but the average payment for patients in Medicare was less than one-third of that, $112,469, according to data from the Centers for Medicare and Medicaid Services, which runs Medicare. In the case of Saudi Arabia, its embassy in Washington often guarantees payment for patients.

The topic is emerging now because the nation’s transplant leaders will meet next month to consider rewriting the rules governing how livers are distributed, giving programs in New York City, Los Angeles, Chicago and other areas greater access to organs from people who die in nearby regions. The proposal by a committee of the United Network for Organ Sharing, the federal contractor that runs the national transplant system, faces opposition from programs and regions that stand to lose organs. Pardes’ comments were posted in an online comment forum devoted to the proposal, which does not address the issue of transplants for foreigners.

UNOS said it has worked to get better data on foreigners that receive transplants in this country but ultimately, federal law doesn’t prohibit these transplants.

“This is an individual medical decision that the individual transplant hospital makes,” spokesman Joel Newman said. “If we addressed citizenship or residency as a particular reason for whether to accept a patient or not, then that would open up the door to lots of other nonmedical criteria — religion, race, political preference, any number of things that as a community we have decided from an ethical standpoint not to consider.”

UNOS has the authority to ask questions of transplant centers about surgeries on foreign nationals, but Newman said UNOS committees are still trying to figure out what information they would want, and, in any event, the transplant centers don’t have to answer the questions.

The federal rules governing the transplant system, written more than three decades ago, say organ allocation decisions must be based on medical criteria, which would exclude consideration of a person’s nationality or citizenship. While centers can perform as many transplants on foreigners as they want, many programs have tried to keep them below 5 percent of all transplants for each organ type. Until several years ago, 5 percent was the threshold above which UNOS could audit a program. No programs were ever formally audited, and the cutoff was eventually eliminated.

It’s time to revisit the rules, some lawmakers say.

“As a general rule, you’ve got to take care of Americans first as long as you have more demand than supply,” said Sen. John Kennedy, R-La., whose state is home to Ochsner, a leader in transplants for foreign nationals. Kennedy said he would favor curbing transplants for foreigners, while creating a national board that could make exceptions. “But what you don’t want to get into, it seems to me, is subjective areas like well, ‘If this person could live an extra few years, what could they contribute to society?’”

There have been scandals in the past about foreigners and organ transplants. In 2005, a liver transplant center in Los Angeles shut its doors after disclosing that its team had taken a liver that should have gone to a patient at another hospital and instead had implanted it in a Saudi national. The hospital said its staff members falsified documents to cover up the incident.

The University of California, Los Angeles, came under fire in 2008 for performing liver transplants on a powerful Japanese gang boss and other men linked to Japanese gangs, and then receiving donations afterward from at least two of the men. The hospital and its surgeon said they do not make moral judgments about patients.

Further complicating matters is a 2008 document endorsed by transplant organizations around the world, called the Declaration of Istanbul, which seeks to eliminate organ trafficking and reduce transplant tourism internationally. One concern was that patients went to China and received transplants using organs from prisoners. (China said it was stopping the practice in 2015, but experts question whether that has happened.) Another concern was that if a country’s wealthiest or most powerful residents could get transplants overseas, its leaders may not have an incentive to set up a system of their own.

The non-binding declaration also says that there should be a ban on “soliciting, or brokering for the purpose of transplant commercialism, organ trafficking, or transplant tourism.” It was endorsed by UNOS and other national transplant groups.

Former Ochsner employees say they recall Saudi nationals coming for transplants, some wealthy and some not. A New Orleans bar posted a photo on Facebook in 2015 of a young man who brought his mom from Saudi Arabia for a transplant.

Ochsner said in a statement that it was proud of its liver transplant program, which is the nation’s largest. It said that it is willing to accept donated organs that other centers turn down for medical reasons, expanding its ability to help patients while keeping its survival rate high. And it noted that the median waiting time for its patients is only 2.1 months, far below the national median.

“UNOS does not have any restrictions preventing transplant for international patients and they are subject to the same guidelines as domestic patients,” the statement said.

Still, many American candidates for livers don’t make Ochsner’s waiting list. It refused to put Brian “Bubba” Greenlee Jr. on its list right after Christmas in 2015, because of his “poor insight into his drinking and lack of proper social support,” his medical records show. He had cirrhosis and died weeks later at age 45.

His sister, Theresa Greenlee-Jeffers, said Ochsner led her brother to believe that he would get a new liver. Her brother had stopped drinking and she had volunteered to take care of him after a transplant, but then the hospital suddenly reversed course.

“His last Christmas, he was given false hope that he was going to get a transplant. That’s not OK. You don’t play with somebody’s emotions like that,” Greenlee-Jeffers said.

Ocshner did not answer questions about Greenlee’s care but said in its statement, “Not every patient is a candidate for transplant.” It said its criteria are similar to those of other liver transplant centers.

“At Ochsner, we are caregivers, dedicated to providing our patients with high-quality care, improved outcomes and the gift of a second chance at life,” its statement said.

Greenlee-Jeffers wonders if Ochsner excluded her brother and other Americans to make room for foreigners willing to pay more. “It’s not OK,” she said. “We need to take care of our people here at home first. We don’t have enough of this to go around.”

Filed under:

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 


Consequences And New Threats From The Massive Equifax Breach

Equifax logo To protect themselves and their sensitive information, many victims of the massive Equifax data breach have signed up for the free credit monitoring and fraud resolution services Equifax arranged. That's a good start. Some victims have gone a step further and placed Fraud Alerts or Security Freezes on their credit reports at Equifax, Experian, and TransUnion. That's good, too. But, is that enough?

The answer to that question requires an understanding of what criminals can do with the sensitive information accessed stolen during the Equifax breach. Criminals can commit types of fraud which credit monitoring, credit report alerts, and freezes cannot stop. Consumer Reports (CR) explained:

"Freezing your credit report specifically at Equifax will also prevent crooks from registering as you at the government website, my Social Security, and block them from attempting to steal your Social Security benefits. But taking these steps won't protect you against every identity fraud threat arising from the Equifax data breach."

Sadly, besides credit and loan fraud the Equifax breach exposed breach victims to tax refund fraud, health care fraud, and driver's license (identity) fraud. This is what makes the data breach particularly nasty. CR also listed the data elements criminals use with each type of fraud:

"With your Social Security number, crooks can file false income tax returns in your name, take bogus deductions, and steal the resulting refund. More than 14,000 fraudulent 2016 tax returns, with $92 million in unwarranted refunds, were detected and stopped by the Internal Revenue Service (IRS) as of last March... Data from the Equifax breach can be used to steal your benefits from private health insurance, Medicare, or Medicaid when the identity thief uses your coverage to pay for his own medical treatment and prescriptions... Using your driver’s license number, identity thieves can create bogus driver’s licenses and hang their moving violations on you...."

The CR article suggested several ways for consumers to protect themselves from each type of fraud: a) request an Identity Protection PIN number from the IRS; b) request copies of your medical file from your providers and review your MIB Consumer File each year; and c) request a copy of your driving license record and get your free annual consumer report from ChexSystemsCertegy, and TeleCheck -  the three major check verification companies.

Never considered reviewing your tax account with the IRS? You can. Never heard of a Consumer MIB File? I'm not surprised. Most people haven't. I encourage consumers to read the entire CR article. While at the CR site, read their review of TrustedID Premier service which Equifax arranged for breach victims. It's an eye-opener.

Do these solutions sound like a lot of preventative work? They are. You have Equifax to thank for that. Will Equifax help breach victims with the time and effort required to research and implement the solutions CR recommended? Will Equifax compensate breach victims for the costs incurred with these solutions? These are questions breach victims should ask Equifax and TrustedID Premier.

Consumers and breach victims are slowly learning the consequences of a data breach are extensive. The consequences include time, effort, money, and aggravation. You might say breach victims have been mugged. Worse, consumers are saddled the burden from the consequences. That isn't fair. The companies making money by selling consumers' credit reports and information should be responsible for the burdens. Things are out of balance.

What are your opinions?


'If You Hemorrhage, Don't Clean Up': Advice From Mothers Who Almost Died

[Editor's note: today's guest post is part of the ongoing "Lost Mothers" investigation by ProPublica because, "The U.S. has the highest rate of deaths related to pregnancy and childbirth in the developed world. Half of the deaths are preventable, victimizing women from a variety of races, backgrounds, educations and income levels." It is reprinted with permission.]

by Adriana Gallardo and Nina Martin, ProPublica, and Renee Montagne, NPR

Four days after Marie McCausland delivered her first child in May, she knew something was very wrong. She had intense pain in her upper chest, her blood pressure was rising, and she was so swollen that she barely recognized herself in the mirror. As she curled up in bed that evening, a scary thought flickered through her exhausted brain: "If I go to sleep right now, I don't know if I'm gonna be waking up."

What she didn't have was good information about what might be wrong. The discharge materials the hospital sent her home with were vague and confusing -- "really quite useless," she said. Then she remembered a ProPublica/NPR story she'd recently read about a New Jersey nurse who died soon after childbirth. Lauren Bloomstein had developed severe preeclampsia, a dangerous type of hypertension that often happens during the second half of her pregnancy. But it can also emerge after the baby is delivered, when it is often overlooked -- accounting for dozens of maternal deaths a year. McCausland realized that she might have preeclampsia, too.

The 27-year-old molecular virologist and her husband bundled up their newborn son and raced to the nearest emergency room in Cleveland. But the ER doctor told her that she was feeling normal postpartum symptoms, she said. Even as her blood pressure hovered at perilous heights, he wanted to send her home. Several hours passed before he consulted with an OB-GYN at another hospital and McCausland's severe preeclampsia was treated with magnesium sulfate to prevent seizures. Without Bloomstein's story as a warning, McCausland doubts she would have recognized her symptoms or persisted in the face of the ER doctor's dismissiveness. "I had just come home with the baby and really didn't want to go back to the hospital. I think I probably would have just wrote it off." In that case, she added, "I don't know if I'd be here. I really don't."

McCausland's experience is far from unique. In the months since ProPublica and NPR launched our project about maternal deaths and near-deaths in the U.S., we've heard from 3,100 women who endured life-threatening pregnancy and childbirth complications, often suffering long-lasting physical and emotional effects. (Tell us your story.)

The same themes that run though McCausland's story echo through many of these survivors' recollections. They frequently told us they knew little to nothing beforehand about the complications that nearly killed them. Even when the women were convinced something was terribly amiss, doctors and nurses were sometimes slow to believe them. Mothers especially lacked information about risks in the postpartum period, when medical care is often disjointed or difficult to access and the baby is the focus of attention. "Every single nurse, pediatrician, and lactation consultant dismissed my concerns as hormones and anxiety," wrote Emily McLaughlin, who suffered a stroke and other complications after giving birth in Connecticut in 2015.

These survivors make up an important, and largely untapped, source of knowledge about the dangers that expectant and new mothers may face -- and how to avoid disaster. Every day in the U.S., two to three women die from pregnancy- or childbirth-related causes, including preeclampsia, hemorrhage, infection, blood clots and cardiac problems -- the highest rate of maternal mortality among wealthy nations. As many as 60 percent of these deaths are preventable, a new report suggests; more than half occur after delivery. (See our story on the lost mothers of 2016.) Each day, another 175 women suffer complications severe enough to require major medical intervention such as massive transfusions, emergency surgery or admission to an intensive care unit -- equivalent to about 65,000 close calls annually, according to the Centers for Disease Control and Prevention.

Hospitals, medical organizations and maternal safety groups are introducing a host of initiatives aimed at educating expectant and new mothers and improving how providers respond to emergencies. But as McCausland's experience illustrates, self-advocacy is also critically important.

We asked survivors: What can people do to ensure that what happened to Lauren Bloomstein doesn't happen to them or their loved ones? How can they help prevent situations like Marie McCausland's from spiraling out of control? What do they wish they had known ahead of their severe complications? What made a difference in their recovery? How did they get medical professionals to listen? Here is a selection of their insights, in their own words.

Choosing a Provider

"A lot of data on specific doctors and hospitals can be found publicly. Knowing how your physician and hospital rates as compared to others (cesarean rates, infection rates, readmission rates) can give you valuable insight into how they perform. 'Liking' your doctor as a person is nice, but not nearly as important as their and their facility's culture and track record."

-- Kristen Terlizzi, 35, survivor of placenta accreta (a disorder in which the placenta grows into or through the uterine wall) in 2014 and cofounder of the National Accreta Foundation

"Key pieces of information every woman should know before choosing a hospital are: What are their safety protocols for adverse maternal events? No one likes to think about this while pregnant, and providers will probably tell you that it's unlikely to happen. But it does happen and it's good to know that the hospital and providers have practiced for such scenarios and have proper protocols in place."

-- Marianne Drexler, 39, survived a hemorrhage and emergency hysterectomy in 2014

"Ask your doctors if they have ever experienced a case of an amniotic fluid embolism [an abnormal response to amniotic fluid entering the mother's bloodstream] or other severe event themselves. If a birthing center is your choice, discuss what happens in an emergency -- how far away is the closest hospital with an ICU? Because a lot of hospitals don't have them. Another thing many women don't realize is that not every hospital has an obstetrician there 24/7. Ask your doctors: If they're not able to be there the whole time you're in labor, will there be another ob/gyn on site 24 hours a day if something goes wrong?"

-- Miranda Klassen, 41, survivor of amniotic fluid embolism in 2008 and founder/executive director of the Amniotic Fluid Embolism Foundation

"While my doctor was amazing, we live in a smaller town and they don't carry enough blood/platelets on hand for very emergent situations. They have patients shipped to larger hospitals when they need more care. Had I been aware of that we would have decided to deliver at a larger hospital so in case something happened to me or our daughter we wouldn't be separated, which we were when I was life-flighted out."

-- Kristina Landrus, 26, survived a hemorrhage in 2013

"My best advice for getting a medical professional to listen is to keep searching for one that is willing to listen. Because of my insurance and personal circumstances at the time I felt I had no option but to take whoever my providers [assigned] me, despite several red flags even before my delivery. I was not aware of my right to change providers until it was too late."

-- Joy Huff, 39, survived a blood infection in 2013

Preparing for an Emergency

"A conversation about possible things that could go wrong is prudent to have with your doctor or in one of these childbirth classes. I don't think that it needs to be done in a way to terrify the new parents, but as a way to provide knowledge. The pregnant woman should be taught warning signs, and know when to speak up so that she can be treated as quickly and accurately as possible."

-- Susan Lewis, 33, survived multiple blood clots and severe hemorrhage in 2016

"Always have somebody with you in a medical setting to ask the questions you might not think of and to advocate on your behalf if your ability to communicate is compromised by being in poor health. ... And get emotional support to steel you against the naysayers. It may feel really unnatural or difficult to push back [against doctors and nurses]. Online forums and Facebook groups can be helpful to ensure you're not losing your mind."

-- Eleni Tsigas, survivor of preeclampsia in 1998 and 1999 and executive director of the Preeclampsia Foundation

"Know your rights. Know what kind of decisions you might have to make and what you want to do before you go. Doctors and nurses are there to make quick decisions, they're not worried about how you will feel about it afterward. They are worried about a lawsuit, whether they can get you stable quickly so they can move on. I'm not saying they are heartless, far from it. My mother is a nurse, I know what sort of heart goes into that profession. But they have a lot to do and a lot to worry about, your feelings are not at the top of that list. At least not as far as they are concerned in the moment."

-- Carrie Anthony, 36, survived two pregnancies with placenta accreta and hemorrhage in 2008 and 2015

"It isn't just important to know how you feel about blood transfusions and life-saving measures 2014 you have to communicate these things to your spouse or family member. I was given six blood transfusions, but I was barely conscious when asked if I wanted them. Of course, I wanted any life-saving measures, but my husband should have been consulted, given that I was not of a clear mind."

-- Rachel Stuhler, 36, survived a hemorrhage in 2017

"In case you ever are unable to respond, someone needs to step in and be your voice! Know as much thorough medical history as possible, and let your spouse or support person know [in depth] your history as well."

-- Kristina Landrus

"Also be sure your spouse and your other family members, like your parents or siblings, are on the same page about your care. And if you aren't married, who will be making the decisions on your behalf? You should put things in order, designate the person who will be the decision maker, and give that person power of attorney. Other important things to have are a medical directive or a living will 2014 be sure to bring a copy with you to the hospital. I also recommend packing a journal to record everything that happens."

-- Miranda Klassen

"Make a list of your questions and make sure you get the full answer. I went to every appointment the second time around with a notebook. I would apologize for being 'that patient,' but I had been through this before and I wasn't going to be confused again. I wanted to know everything. Honestly, it was as harmful as it was helpful. I knew what I was getting into, which made it much scarier. The first time, my ignorance was bliss. I didn't realize I almost died until two weeks after I had left the hospital. I didn't even start researching what had happen to me until months later. The second time I was an advocate for myself. Medical journals and support groups were a part of every single visit. And thankfully, I was in good hands."

-- Carrie Anthony

"Write down what each specialty says to you. When I was hospitalized for six weeks prior to giving birth, I was visited 2-3 times a week by someone from each department that would be involved in my life-saving surgery. This means that I saw someone from the neonatal intensive care unit as well as reps from gynecologic oncology, maternal fetal medicine, interventional radiology and anesthesiology. They paraded in on a schedule, checked up on me, asked if I had any questions. I always did, but I regret not writing down what each said each time (along with names!). I got so many different answers regarding how I would be anesthetized, and on the day it all had to happen in an emergency, there were disagreements above me in the OR. between the specialists. It was like children arguing on a playground and my life was in danger. Had I kept a more vigilant record of what each specialty reported to me, perhaps prior to the day I could have confronted each with the details that weren't matching up."

-- Megan Moody, 36, survived placenta percreta (when the placenta penetrates through the uterine wall) in 2016

"People should know that they have a right to ask for more time with the doctor or more follow up if they feel something is not right. The ob-gyns (at least in Pennsylvania) are so busy and sometimes appointments are quite quick and rushed. Make the doctors slow down and take the time with you."

-- Dani Leiman, 37, survived HELLP syndrome (a particularly dangerous variant of preeclampsia) in 2011

"You have a legal right to your medical records throughout pregnancy and anytime afterwards. Get a copy of your lab results each time blood is drawn, and a copy of your prenatal and hospital reports. Ask about concerning or unclear results."

-- Eleni Tsigas

Getting Your Provider to Listen

"Understand the system. Ask a nurse or a trusted loved one in the 'industry' how it all works. I've found that medical professionals are more likely to listen to you if you demonstrate an understanding of their roles and the kind of questions they can/cannot answer. Know your 'silos.' Don't ask an anesthesiologist how they plan on stitching up your cervix. Specialists are often incredibly impatient. You need to get the details out of them regarding their very specific roles."

-- Megan Moody

"Let doctors know you care about your health and safety as much as they do. Tell them you want to be a partner in your health care. Do not act as an adversary to your doctor."

-- Tricia Fitzgerald, 40, survived a hemorrhage caused by severe preeclampsia in 2014

"First you have to be armed with concrete knowledge with examples about your illness and have a firm attitude. This is why it is important to know your body. Do your research before your appointment, but make it personal. Do not present your case as if you just went on WebMD for the information. Create a log of your health activities. This log should contain all illnesses you are concerned about, when they occurred and how did you feel. Have your questions and concerns written down. You should always carry a list of your medications, dosage, and milligrams. Include any side effects. Ask concrete questions and have the doctors present their findings to you in a language you can understand. If you do not agree [with what one doctor tells you], ask another doctor. Remember, knowledge is power and you must have that power."

-- Anner Porter, 55, survivor of peripartum cardiomyopathy in 1992 and founder of the advocacy organization Fight PPCM

"If your provider tells you, 'You are pregnant. What you're experiencing is normal,' remember -- that may be true. [But it's also true] that preeclampsia can mimic many normal symptoms of pregnancy. Ask, 'What else could this be?' Expect a thoughtful answer that includes consideration of 2018differential diagnoses' -- in other words, other conditions that could be causing the same symptoms."

-- Eleni Tsigas

"They only listen if the pain is a 10 or higher. Most of us don't understand what a 10 is. I'd always imagined a 10 would feel like having a limb blown off in combat. When asked to evaluate your pain on a scale of 1 to 10, when you are in your most vulnerable moment, it is very hard to assess this logically, for you and for your partner witnessing your pain. I later saw a pain chart with pictures. A 10 was demonstrated with an illustration of a crying face. You may not actually be shedding tears, but you are most likely crying on the inside in pain, so I suggest to always say a 10. My pain from the brain hemorrhage was probably a 100, but I'm not sure if I even said 10 at the time."

-- Emily McLaughlin, 34, survived a postpartum stroke in 2015

"Crying! I'm only slightly kidding. I truly think the only way to get them to listen is to be adamant and don't back down. I had a situation where I felt no one was paying attention to me, and I cried out of frustration over the phone. Then they listened to me and snapped into action."

-- Dani Leiman

"So many women do speak up about the strange pain they have, and a nurse may brush it off as normal without consulting a doctor and running any tests. Be annoying if you must, this is your life. ... Thankfully, I never had to be so assertive. I owe my life to the team of doctors and nurses who acted swiftly and accurately, and I am eternally grateful."

-- Susan Lewis

"If you have a hemorrhage, don't clean up after yourself! Make sure the doctor is fully aware of how much blood you are losing. I had a very nice nurse who was helping to keep me clean and helping to change my (rapidly filling) pads. If the doctor had seen the pools of blood himself, rather than just being told about them, he might not have been so quick to dismiss me."

-- Valerie Bradford, 30, survived hemorrhage in 2016

Paying Attention to Your Symptoms

"I had heard of preeclampsia but I was naïve. [I believed] that it was something women developed who didn't watch what they ate and didn't focus on good health prior and/or during pregnancy. I was in great health and shape prior to getting pregnant, during my pregnancy I continued to make good food choices and worked out up until 36 hours before the baby had to be taken. I gained healthy weight and kept my BMI at an optimum number. I thought due to my good health, I was not susceptible to anything and my labor would be easy. So although I had felt bad for 1 1/2 weeks, I chalked it up to the fact that I was almost 8 months into this pregnancy, so you're not supposed to feel great. 2026 I walked into my doctor's office that Friday and not one hour later I was in an emergency C-section delivering a baby. I had to fully be put under due to the severity of the HELLP, so I didn't wake up until the next day."

-- Kelli Davis, 31, survived HELLP syndrome in 2016

"Understand that severe, sustained pain is not normal. So many people told me that the final trimester of pregnancy is sooo uncomfortable. It was my first pregnancy, I have a generally high threshold for pain, and my son was breech so I thought his head was causing bad pain under my ribs [when it was really epigastric pain from the HELLP syndrome]. I kept thinking it was normal to be in pain and I let it go until it was almost too late."

-- Dani Leiman

"I wish I would have known what high blood pressure numbers were. I had a pharmacist take my blood pressure at a pharmacy and let me walk out the door with a blood pressure of 210/102. She acted like it was no big deal ('it's a little high'), and so I believed her. Even after telling my husband, we really thought nothing of it."

-- Melissa McFadden, 36, survived preeclampsia in 2013

"Know the way your blood pressure should be taken. And ask for the results. Politely challenge the technician or nurse if it's not being done correctly or if they suggest 'changing positions to get a lower reading.' Very high blood pressure (anything over 160/110) is a 'hypertensive crisis' and requires immediate intervention."

-- Eleni Tsigas

"Please ask for a heart monitor for yourself while in labor, not just for the baby. I think if I had one on, seconds or minutes could have been erased from reaction time by the nurses. They were alerted to an issue because the baby's heart stopped during labor, and while the nurse was checking that machine, my husband noticed I was also non-responsive. That's when everything happened (cardiac arrest due to AFE)."

-- Kristy Kummer-Pred, 44, survived amniotic fluid embolism and cardiac arrest in 2012

After the Delivery

"My swelling in my hands and feet never went away. My uterus hadn't shrunk. I wasn't bleeding that bad, but there was a strange odor to it. My breasts were swollen and my milk wasn't coming in. I was misdiagnosed with mastitis [a painful inflammation of the breast tissue that sometimes occurs when milk ducts become plugged and engorged]. The real problem was that I still had pieces of placenta inside my uterus. Know that your placenta should not come out in multiple pieces. It should come out in one piece. If it is broken apart, demand an ultrasound to ensure the doctors got it all. If you have flu-like symptoms, demand to be seen by a doctor. If you don't like your doctor, demand another one."

-- Brandi Miller, 32, survived placenta accreta and hemorrhage in 2015

"There is a period in the days and weeks after delivery where your blood pressure can escalate and you can have a seizure, stroke, or heart attack, even well after a healthy birth. You should take your own blood pressure at home if your doctor doesn't tell you to. ... Unfortunately, I went home from [all my postpartum] appointments with my blood pressure so high that I started having a brain hemorrhage. Not one single person ever thought of taking my blood pressure when I was complaining about my discomfort and showing telltale warning signs of [preeclampsia]."

-- Emily McLaughlin

"The ER doctor that I had was not treating me as a postpartum case. He was just thinking of me as a 27-year-old with high blood pressure. I think, if you have the opportunity, the ideal thing would be to go back to the same hospital where you had your baby, because they have a labor and delivery unit and they have your records. But if the closest emergency room isn't at the hospital where you delivered, then you have to be more vigilant. Make sure they know you just gave birth. If you know something is wrong with you, don't take no for an answer. Just keep saying, 'I think this is something serious' and don't let them discharge you, especially if it's someone who isn't familiar with pregnant women."

-- Marie McCausland

"The postpartum period is when a lot of pregnancy-related heart problems like cardiomyopathy emerge. If there is still difficulty breathing, fluid buildup in ankles, shortness of breath and you are unable to lie flat on your back, go see a cardiologist ASAP. If you have to go to an emergency room, request to have the following tests performed: echocardiogram (echo) test, ejection fraction test, B-type natriuretic peptides (BNP), EKG test and chest x-ray test. These tests will determine if your heart is failing and will save your life."

-- Anner Porter

"Rest as much as possible -- for as long as possible. Being in too big a rush to get 'back to normal' can exacerbate postpartum health risks. Things that are not normal: heavy bleeding longer than 6 weeks, or bleeding that stops and starts again, not producing milk, fevers, severe pain (especially around incision sites), excessive fatigue, and anxiety/depression. If you don't feel like yourself, get help."

-- Amy Barron Smolinski, 37, a survivor of preeclampsia, postpartum hemorrhage and other complications in three pregnancies in 2006, 2011 and 2012 and executive director of Mom2Mom Global, a breastfeeding support group

"Know that your preexisting health conditions may be impacted by having a baby (hormone changes, sleep deprivation, stress). Record your health and your baby's in a journal or app to track any changes. Reach out to the nurse or doctor when there are noticeable changes that you have tracked."

-- Noelle Garcia, 33, survived placental abruption (placenta separating from the uterine wall during pregnancy) in 2007

"If your hospital discharges you on tons of Motrin or pain killers, be aware that this can mask the warning signs of headache, which is sometimes the only warning sign of preeclampsia coming on postpartum."

-- Emily McLaughlin

Grappling With the Emotional Fallout

"I wish I had known that postpartum PTSD was possible. Most people associate PTSD with the effects of war, but I was diagnosed with PTSD after my traumatic birth and near-death experience. Almost 6 years later, I still experience symptoms sporadically."

-- Meagan Raymer, 31, survived severe preeclampsia and HELLP syndrome in 2011

"I recommend therapy with a female therapist specializing in trauma. Honestly, I avoided it for 8 months. I was then in therapy for 12 months. I still have ongoing anxiety... but I would be in a very bad place (potentially depression and self-harm due to self-blame) were it not for therapy. It was so hard to admit [what was happening]. I started to get a suspicion when I heard an NPR story about a veteran with PTSD. I thought... that sounds like me. And I started Googling."

-- Jessica Rae Hoffman, 28, survived severe sepsis and other complications in 2015

"The emotional constructs our society puts around pregnancy and childbirth make the ideas of severe injury and death taboo. Childbirth is a messy, traumatic experience. ... Many women don't seek care even when they instinctively believe something is wrong because they're supposed to 'be happy.' Awareness and transparency are so important."

-- Leah Soule, 33, survived a hemorrhage in 2015

"Having an incredible support network made the greatest impact with my near-death experience, but my family and friends needed their own support as they coped. My mom didn't leave my side, but she also had a team of friends supporting her so that she could let her guard down and cry when she needed to do so. My husband was at my bedside or with the baby constantly that first week, but he was also suffering from the trauma of everything and was having a really hard time coping and needed to leave the hospital environment. My best friend is an ICU nurse and quickly became the person everyone asked clarifying questions, but she didn't want to be a nurse in that moment but rather someone who was scared for her friend."

-- Susan Lewis

"I wish I had understood how significant the impact was on my husband. Emotionally, the experience was much more difficult and long-lasting for him than for me, and it continued to affect his relationship with both me and our baby for quite a while, at a time when I didn't think it was a thing at all."

-- Elizabeth Venstra, 44, survived HELLP syndrome in 2014

"I would suggest establishing yourself ahead of time with a doula or midwife that can make postpartum visits to your home, which can promote health even if everything goes smoothly. Many communities have those services available if you can't afford them. [A doula] wasn't covered through our insurance, but the social worker at the hospital arranged for someone paid for by [San Diego County] to come and do several checks on me and my son, which was very reassuring to both my husband and me."

-- Miranda Klassen

"If you're given a diagnosis of a life-threatening pregnancy complication, line up a therapist immediately so can start getting the support you need as soon as you give birth. Don't wait until your six-week [postpartum] appointment when they do a depression screen and you realize you're not coping well. You'll have to wait at least another week for the appointment to be made. Why not have that in place? I wish I did."

-- Megan Moody

"Don't assume everyone gets it. Don't assume everyone wants to hear it. My story is scary. Some soon-to-be moms have looked horrified by my story. Some already moms have been scared away by it. Most people are happy to listen, like to be informed. But some do not. Some people are happier thinking it's all going to be ok, not me, I'll be fine. They should at least know, but that's their choice. You can't force people to open their eyes. Be there. Offer help. But don't force it."

-- Carrie Anthony

Other Resources

  • The Leapfrog Group provides performance data on more than 1,800 hospitals and publishes an annual Maternity Care Report. Consumer Reports offers C-section data from more than 1,300 hospitals by ZIP code.
  • The California Maternal Quality Care Collaborative's "toolkits" of protocols to treat life-threatening obstetric complications include infographics, checklists and lengthy backup materials but require (free) registration for access. The Alliance for Innovation on Maternal Health's "bundles" offer similar information in a condensed, easily downloadable form.
  • The Association of Women's Health, Obstetric and Neonatal Nurses (AWHONN)'s Health4Mom site has a "Save Your Life" campaign, including a one-page checklist, to help new mothers recognize post-birth warning signs.
  • Childbirth Connections provides evidence-based information on maternity care. The Preeclampsia Foundation's "Wonder Woman" posts (here and here) put the U.S. maternal mortality numbers in context and offer more strategies for self-advocacy.
  • Postpartum Support International offers many resources for women suffering from pregnancy-related depression, anxiety and mood disorders.
  • Facebook is a gathering place for thousands of women who've experienced life-threatening complications, but many groups are condition-specific and/or closed to non-survivors. One open group worth checking out: The Unexpected Project.
  • Social justice groups are also becoming active around the issue of maternal deaths and near-deaths, with a focus on why African-American women are disproportionately affected. They include the Black Mamas Matter Alliance and Moms Rising.

Correction, August 4, 2017: In an earlier version of this story, a quote was incorrectly attributed to Kristy Kummer-Pred. It has been deleted.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


The Myth Of Drug Expiration Dates

[Editor's Note: some politicians and pundits repeatedly claim that the private sector is more efficient than the public sector. Today's blog post explores waste in the healthcare industry. Today's post is reprinted with permission.]

By Marshall Allen, ProPublica

The box of prescription drugs had been forgotten in a back closet of a retail pharmacy for so long that some of the pills predated the 1969 moon landing. Most were 30 to 40 years past their expiration dates -- possibly toxic, probably worthless.

But to Lee Cantrell, who helps run the California Poison Control System, the cache was an opportunity to answer an enduring question about the actual shelf life of drugs: Could these drugs from the bell-bottom era still be potent?

Cantrell called Roy Gerona, a University of California, San Francisco, researcher who specializes in analyzing chemicals. Gerona had grown up in the Philippines and had seen people recover from sickness by taking expired drugs with no apparent ill effects.

"This was very cool," Gerona says. "Who gets the chance of analyzing drugs that have been in storage for more than 30 years?"

The age of the drugs might have been bizarre, but the question the researchers wanted to answer wasn't. Pharmacies across the country -- in major medical centers and in neighborhood strip malls -- routinely toss out tons of scarce and potentially valuable prescription drugs when they hit their expiration dates.

Gerona and Cantrell, a pharmacist and toxicologist, knew that the term "expiration date" was a misnomer. The dates on drug labels are simply the point up to which the Food and Drug Administration and pharmaceutical companies guarantee their effectiveness, typically at two or three years. But the dates don't necessarily mean they're ineffective immediately after they "expire" -- just that there's no incentive for drugmakers to study whether they could still be usable.

ProPublica has been researching why the U.S. health care system is the most expensive in the world. One answer, broadly, is waste -- some of it buried in practices that the medical establishment and the rest of us take for granted. We've documented how hospitals often discard pricey new supplies, how nursing homes trash valuable medications after patients pass away or move out, and how drug companies create expensive combinations of cheap drugs. Experts estimate such squandering eats up about $765 billion a year -- as much as a quarter of all the country's health care spending.

What if the system is destroying drugs that are technically "expired" but could still be safely used?

In his lab, Gerona ran tests on the decades-old drugs, including some now defunct brands such as the diet pills Obocell (once pitched to doctors with a portly figurine called "Mr. Obocell") and Bamadex. Overall, the bottles contained 14 different compounds, including antihistamines, pain relievers and stimulants. All the drugs tested were in their original sealed containers.

The findings surprised both researchers: A dozen of the 14 compounds were still as potent as they were when they were manufactured, some at almost 100 percent of their labeled concentrations.

"Lo and behold," Cantrell says, "The active ingredients are pretty darn stable."

Cantrell and Gerona knew their findings had big implications. Perhaps no area of health care has provoked as much anger in recent years as prescription drugs. The news media is rife with stories of medications priced out of reach or of shortages of crucial drugs, sometimes because producing them is no longer profitable.

Tossing such drugs when they expire is doubly hard. One pharmacist at Newton-Wellesley Hospital outside Boston says the 240-bed facility is able to return some expired drugs for credit, but had to destroy about $200,000 worth last year. A commentary in the journal Mayo Clinic Proceedings cited similar losses at the nearby Tufts Medical Center. Play that out at hospitals across the country and the tab is significant: about $800 million per year. And that doesn't include the costs of expired drugs at long-term care pharmacies, retail pharmacies and in consumer medicine cabinets.

After Cantrell and Gerona published their findings in Archives of Internal Medicine in 2012, some readers accused them of being irresponsible and advising patients that it was OK to take expired drugs. Cantrell says they weren't recommending the use of expired medication, just reviewing the arbitrary way the dates are set.  

"Refining our prescription drug dating process could save billions," he says.

But after a brief burst of attention, the response to their study faded. That raises an even bigger question: If some drugs remain effective well beyond the date on their labels, why hasn't there been a push to extend their expiration dates?

It turns out that the FDA, the agency that helps set the dates, has long known the shelf life of some drugs can be extended, sometimes by years.

In fact, the federal government has saved a fortune by doing this.

For decades, the federal government has stockpiled massive stashes of medication, antidotes and vaccines in secure locations throughout the country. The drugs are worth tens of billions of dollars and would provide a first line of defense in case of a large-scale emergency.

Maintaining these stockpiles is expensive. The drugs have to be kept secure and at the proper humidity and temperature so they don't degrade. Luckily, the country has rarely needed to tap into many of the drugs, but this means they often reach their expiration dates. Though the government requires pharmacies to throw away expired drugs, it doesn't always follow these instructions itself. Instead, for more than 30 years, it has pulled some medicines and tested their quality.

The idea that drugs expire on specified dates goes back at least a half-century, when the FDA began requiring manufacturers to add this information to the label. The time limits allow the agency to ensure medications work safely and effectively for patients. To determine a new drug's shelf life, its maker zaps it with intense heat and soaks it with moisture to see how it degrades under stress. It also checks how it breaks down over time. The drug company then proposes an expiration date to the FDA, which reviews the data to ensure it supports the date and approves it. Despite the difference in drugs' makeup, most "expire" after two or three years.

Once a drug is launched, the makers run tests to ensure it continues to be effective up to its labeled expiration date. Since they are not required to check beyond it, most don't, largely because regulations make it expensive and time-consuming for manufacturers to extend expiration dates, says Yan Wu, an analytical chemist who is part of a focus group at the American Association of Pharmaceutical Scientists that looks at the long-term stability of drugs. Most companies, she says, would rather sell new drugs and develop additional products.

Pharmacists and researchers say there is no economic "win" for drug companies to investigate further. They ring up more sales when medications are tossed as "expired" by hospitals, retail pharmacies and consumers despite retaining their safety and effectiveness.

Industry officials say patient safety is their highest priority. Olivia Shopshear, director of science and regulatory advocacy for the drug industry trade group Pharmaceutical Research and Manufacturers of America, or PhRMA, says expiration dates are chosen "based on the period of time when any given lot will maintain its identity, potency and purity, which translates into safety for the patient."

That being said, it's an open secret among medical professionals that many drugs maintain their ability to combat ailments well after their labels say they don't. One pharmacist says he sometimes takes home expired over-the-counter medicine from his pharmacy so he and his family can use it.

The federal agencies that stockpile drugs -- including the military, the Centers for Disease Control and Prevention and the Department of Veterans Affairs -- have long realized the savings in revisiting expiration dates.

In 1986, the Air Force, hoping to save on replacement costs, asked the FDA if certain drugs' expiration dates could be extended. In response, the FDA and Defense Department created the Shelf Life Extension Program.

Each year, drugs from the stockpiles are selected based on their value and pending expiration and analyzed in batches to determine whether their end dates could be safely extended. For several decades, the program has found that the actual shelf life of many drugs is well beyond the original expiration dates.

A 2006 study of 122 drugs tested by the program showed that two-thirds of the expired medications were stable every time a lot was tested. Each of them had their expiration dates extended, on average, by more than four years, according to research published in the Journal of Pharmaceutical Sciences.

Some that failed to hold their potency include the common asthma inhalant albuterol, the topical rash spray diphenhydramine, and a local anesthetic made from lidocaine and epinephrine, the study said. But neither Cantrell nor Dr. Cathleen Clancy, associate medical director of National Capital Poison Center, a nonprofit organization affiliated with the George Washington University Medical Center, had heard of anyone being harmed by any expired drugs. Cantrell says there has been no recorded instance of such harm in medical literature.

Marc Young, a pharmacist who helped run the extension program from 2006 to 2009, says it has had a "ridiculous" return on investment. Each year the federal government saved $600 million to $800 million because it did not have to replace expired medication, he says.

An official with the Department of Defense, which maintains about $13.6 billion worth of drugs in its stockpile, says that in 2016 it cost $3.1 million to run the extension program, but it saved the department from replacing $2.1 billion in expired drugs. To put the magnitude of that return on investment into everyday terms: It's like spending a dollar to save $677.

"We didn't have any idea that some of the products would be so damn stable -- so robustly stable beyond the shelf life," says Ajaz Hussain, one of the scientists who formerly helped oversee the extension program.

Hussain is now president of the National Institute for Pharmaceutical Technology and Education, an organization of 17 universities that's working to reduce the cost of pharmaceutical development. He says the high price of drugs and shortages make it time to reexamine drug expiration dates in the commercial market.

"It's a shame to throw away good drugs," Hussain says.

Some medical providers have pushed for a changed approach to drug expiration dates -- with no success. In 2000, the American Medical Association, foretelling the current prescription drug crisis, adopted a resolution urging action. The shelf life of many drugs, it wrote, seems to be "considerably longer" than their expiration dates, leading to "unnecessary waste, higher pharmaceutical costs, and possibly reduced access to necessary drugs for some patients."

Citing the federal government's extension program, the AMA sent letters to the FDA, the U.S. Pharmacopeial Convention, which sets standards for drugs, and PhRMA asking for a re-examination of expiration dates.

No one remembers the details -- just that the effort fell flat.

"Nothing happened, but we tried," says rheumatologist Roy Altman, now 80, who helped write the AMA report. "I'm glad the subject is being brought up again. I think there's considerable waste."

At Newton-Wellesley Hospital, outside Boston, pharmacist David Berkowitz yearns for something to change.

On a recent weekday, Berkowitz sorted through bins and boxes of medication in a back hallway of the hospital's pharmacy, peering at expiration dates. As the pharmacy's assistant director, he carefully manages how the facility orders and dispenses drugs to patients. Running a pharmacy is like working in a restaurant because everything is perishable, he says, "but without the free food."

Federal and state laws prohibit pharmacists from dispensing expired drugs and The Joint Commission, which accredits thousands of health care organizations, requires facilities to remove expired medication from their supply. So at Newton-Wellesley, outdated drugs are shunted to shelves in the back of the pharmacy and marked with a sign that says: "Do Not Dispense." The piles grow for weeks until they are hauled away by a third-party company that has them destroyed. And then the bins fill again.

"I question the expiration dates on most of these drugs," Berkowitz says.

One of the plastic boxes is piled with EpiPens -- devices that automatically inject epinephrine to treat severe allergic reactions. They run almost $300 each. These are from emergency kits that are rarely used, which means they often expire. Berkowitz counts them, tossing each one with a clatter into a separate container, " 'that's 45, 46, 47' " He finishes at 50. That's almost $15,000 in wasted EpiPens alone.

In May, Cantrell and Gerona published a study that examined 40 EpiPens and EpiPen Jrs., a smaller version, that had been expired for between one and 50 months. The devices had been donated by consumers, which meant they could have been stored in conditions that would cause them to break down, like a car's glove box or a steamy bathroom. The EpiPens also contain liquid medicine, which tends to be less stable than solid medications.

Testing showed 24 of the 40 expired devices contained at least 90 percent of their stated amount of epinephrine, enough to be considered as potent as when they were made. All of them contained at least 80 percent of their labeled concentration of medication. The takeaway? Even EpiPens stored in less than ideal conditions may last longer than their labels say they do, and if there's no other option, an expired EpiPen may be better than nothing, Cantrell says.

At Newton-Wellesley, Berkowitz keeps a spreadsheet of every outdated drug he throws away. The pharmacy sends what it can back for credit, but it doesn't come close to replacing what the hospital paid.

Then there's the added angst of tossing drugs that are in short supply. Berkowitz picks up a box of sodium bicarbonate, which is crucial for heart surgery and to treat certain overdoses. It's being rationed because there's so little available. He holds up a purple box of atropine, which gives patients a boost when they have low heart rates. It's also in short supply. In the federal government's stockpile, the expiration dates of both drugs have been extended, but they have to be thrown away by Berkowitz and other hospital pharmacists.

The 2006 FDA study of the extension program also said it pushed back the expiration date on lots of mannitol, a diuretic, for an average of five years. Berkowitz has to toss his out. Expired naloxone? The drug reverses narcotic overdoses in an emergency and is currently in wide use in the opioid epidemic. The FDA extended its use-by date for the stockpiled drugs, but Berkowitz has to trash it.

On rare occasions, a pharmaceutical company will extend the expiration dates of its own products because of shortages. That's what happened in June, when the FDA posted extended expiration dates from Pfizer for batches of its injectable atropine, dextrose, epinephrine and sodium bicarbonate. The agency notice included the lot numbers of the batches being extended and added six months to a year to their expiration dates.

The news sent Berkowitz running to his expired drugs to see if any could be put back into his supply. His team rescued four boxes of the syringes from destruction, including 75 atropine, 15 dextrose, 164 epinephrine and 22 sodium bicarbonate. Total value: $7,500. In a blink, "expired" drugs that were in the trash heap were put back into the pharmacy supply.

Berkowitz says he appreciated Pfizer's action, but feels it should be standard to make sure drugs that are still effective aren't thrown away.

"The question is: Should the FDA be doing more stability testing?" Berkowitz says. "Could they come up with a safe and systematic way to cut down on the drugs being wasted in hospitals?"

Four scientists who worked on the FDA extension program told ProPublica something like that could work for drugs stored in hospital pharmacies, where conditions are carefully controlled.

Greg Burel, director of the CDC's stockpile, says he worries that if drugmakers were forced to extend their expiration dates it could backfire, making it unprofitable to produce certain drugs and thereby reducing access or increasing prices.

The 2015 commentary in Mayo Clinic Proceedings, called "Extending Shelf Life Just Makes Sense," also suggested that drugmakers could be required to set a preliminary expiration date and then update it after long-term testing. An independent organization could also do testing similar to that done by the FDA extension program, or data from the extension program could be applied to properly stored medications.

ProPublica asked the FDA whether it could expand its extension program, or something like it, to hospital pharmacies, where drugs are stored in stable conditions similar to the national stockpile.

"The Agency does not have a position on the concept you have proposed," an official wrote back in an email.

Whatever the solution, the drug industry will need to be spurred in order to change, says Hussain, the former FDA scientist. "The FDA will have to take the lead for a solution to emerge," he says. "We are throwing away products that are certainly stable, and we need to do something about it."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


How Two Common Medications Became One $455 Million Specialty Pill

[Editor's Note: today's guest post, by the reporters at ProPublica, explores reasons for the high cost of prescription drugs for patients in the United States. Today's post is reprinted with permission.]

by Marshall Allen, ProPublica

Everything happened so fast as I walked out of the doctor's exam room. I was tucking in my shirt and wondering if I'd asked all my questions about my injured shoulder when one of the doctor's assistants handed me two small boxes of pills.

"These will hold you over until your prescription arrives in the mail," she said, pointing to the drug samples.

Strange, I thought to myself, the doctor didn't mention giving me any drugs.

I must have looked puzzled because she tried to reassure me.

"Don't worry," she said. "It won't cost you any more than $10."

I was glad whatever was coming wouldn't break my budget, but I didn't understand why I needed the drugs in the first place. And why wasn't I picking them up at my local CVS?

At first I shrugged it off. This had been my first visit with an orthopedic specialist and he, Dr. Mohnish Ramani, hadn't been the chatty type. He'd barely said a word as he examined me, tugging my arm this way and bending it that way before rotating it behind my back. The pain made me squirm and yelp, but he knew what he was doing. He promptly diagnosed me with frozen shoulder, a debilitating inflammation of the shoulder capsule.

But back to the drugs. As an investigative reporter who has covered health care for more than a decade, the interaction was just the sort of thing to pique my interest. One thing I've learned is that almost nothing in medicine 2014 especially brand-name drugs 2014 is ever really a deal. When I got home, I looked up the drug: Vimovo.

The drug has been controversial, to say the least. Vimovo was created using two readily and cheaply available generic, or over-the-counter, medicines: naproxen, also known by the brand Aleve, and esomeprazole magnesium, also known as Nexium. The Aleve handles your pain and the Nexium helps with the upset stomach that's sometimes caused by the pain reliever. The key selling point of this new "convenience drug"? It's easier to take one pill than two.

But only a minority of patients get an upset stomach, and there was no indication I'd be one of them. Did I even need the Nexium component?

Of course I also did the math. You can walk into your local drugstore and buy a month's supply of Aleve and Nexium for about $40. For Vimovo, the pharmacy billed my insurance company $3,252. This doesn't mean the drug company ultimately gets paid that much. The pharmaceutical world is rife with rebates and side deals 2014 all designed to elbow ahead of the competition. But apparently the price of convenience comes at a steep mark-up.

Think about it another way. Let's say you want to eat a peanut butter and jelly sandwich every day for a month. You could buy a big jar of peanut butter and a jar of grape jelly for less than 10 bucks. Or you could buy some of that stuff where they combine the peanut butter and grape jelly into the same jar. Smucker's makes it. It's called Goober. Except in this scenario, instead of its usual $3.50 price tag, Smucker's is charging $565 for the jar of Goober.

So if Vimovo is the Goober of drugs, then why have Americans been spending so much on it? My insurance company, smartly, rejected the pharmacy's claim. But I knew Vimovo's makers weren't wooing doctors like mine for nothing. So I looked up the annual reports for the Ireland-based company, Horizon Pharma, which makes Vimovo. Since 2014, Vimovo's net sales have been more than $455 million. That means a lot of insurers are paying way more than they should for their Goober.

And Vimovo wasn't Horizon's only such drug. It has brought in an additional $465 million in net sales from Duexis, a similar convenience drug that combines ibuprofen and famotidine, AKA Advil and Pepsid.

This year I have been documenting the kind of waste in the health care system that's not typically tracked. Americans pay more for health care than anyone else in the world, and experts estimate that the U.S. system wastes hundreds of billions of dollars a year. In recent months I've looked at what hospitals throw away and how nursing homes flush or toss out hundreds of millions of dollars' worth of usable medicine every year. We all pay for this waste, through lower wages and higher premiums, deductibles and out-of-pocket costs. There doesn't seem to be an end in sight 2014 I just got a notice that my premiums may be increasing by another 12 percent next year.

With Vimovo, it seemed I stumbled on another waste stream: overpriced drugs whose actual costs are hidden from doctors and patients. In the case of Horizon, the brazenness of its approach was even more astounding because it had previously been called out in media reports and in a 2016 congressional hearing on out-of-control drug prices.

Health care economists also were wise to it.

"It's a scam," said Devon Herrick, a health care economist with the National Center for Policy Analysis. "It is just a way to gouge insurance companies or employer health care plans."

Unsurprisingly, Horizon says the high price is justified. In fact, the drug maker wrote in an email, "The price of Vimovo is based on the value it brings to patients."

Thousands of patients die and suffer injuries every year, the company said, because of gastric complications from naproxen and other non-steroid anti-inflammatory drugs (NSAIDs). Providing pain relief and stomach protection in a single pill makes it more likely patients will be protected from complications, it said.

And Horizon stressed Vimovo is a "special formulation" of Aleve and Nexium, so it's not the same as taking the two separately. But several experts said that's a scientific distinction that doesn't make a therapeutic difference. "I would take the two medications from the drugstore in a heartbeat 2014 therapeutically it makes sense," said Michael Fossler, a pharmacist and clinical pharmacologist who is chair of the public-policy committee for the American College of Clinical Pharmacology. "What you're paying for with [Vimovo] is the convenience. But it does seem awful pricey for that."

Public outrage is boiling over when it comes to high drug prices, leading the media and lawmakers to scold pharmaceutical companies. You'd think a regulator would monitor this, but the Food and Drug Administration told me they are only authorized to review new drugs for safety and effectiveness, not prices. "Prices are set by manufacturers and distributors," the FDA said in a statement.

Horizon acquired Vimovo in November 2013 from the global pharmaceutical giant AstraZeneca. Horizon knew it faced challenges trying to get top dollar for inexpensive ingredients. "Use of these therapies separately in generic form may be cheaper," it said in its 2013 report to investors. But the company executed a shrewd strategy to give everyone -- insurers, patients, doctors and pharmacies -- the incentive to use Vimovo. It's instructive to review its playbook.

To get Vimovo covered, Horizon made deals with insurance payers and pharmacy benefit managers -- the intermediaries who help determine which drugs get reimbursed. The contracts generally included special rebates and even administrative fees for these intermediaries, the Horizon reports said, so the drug maker got paid much less than the sticker price, though it wouldn't say how much. But the company's net sales show the deals worked.

Horizon put boots on the ground to get the prescriptions rolling, expanding its sales force by the hundreds and focusing its marketing and sales efforts on doctors who already liked to prescribe brand-name drugs. The company's message to doctors emphasized the convenience of prescribing the two ingredients in a single pill and that the single pill protected patients by making it more likely they would take their medication as directed.

Horizon also primed the medical community by giving donations totaling $101,000 to the American Gastroenterology Association, a specialty nonprofit for physicians. Some doctors refuse drug-industry money, if only to at least avoid the appearance of a conflict of interest. ProPublica has done loads of stories showing why doctors taking money is indeed problematic, including one about drug makers' influence on physician specialty groups. When I went on the American Gastroenterology Association's website, the first thing I saw was a pop-up ad from a drug company. Several of the association's board members have received drug-company money, too. Horizon has made clear in its annual reports that donations to the group "help physicians and patients better understand and manage" the risks of pain relievers causing gastric problems.

Horizon also zeroed in on patients' worries about drug costs. To encourage them to fill their prescriptions, Horizon covered all or most of their out-of-pocket costs. That's why my doctor's office could promise me I wouldn't spend too much for my Vimovo. The program, Horizon told investors in reports, addressed the impact of pharmacies switching to less expensive alternatives and could "mitigate" the effect of payers searching for cheaper alternatives.

The strategy worked on me. I didn't even know why I was getting the prescription, but when they told me it wouldn't cost more than I would spend on lunch with a friend, I gave it the OK. A pharmacy I'd never heard of sent me a bottle of Vimovo for $10, even though my insurance company rejected the claim.

Turns out paying the patient's costs motivated my doctor, too. I waited until the end of my next visit to bring up Vimovo, and then we had a follow-up conversation on the phone. Ramani didn't know the price of the drug and found it "disturbing" when I told him. That was a surprise to me, but not to him. He said he leaves billing to his staff and doesn't even know how much he gets paid for a lot of the procedures he performs, let alone how much insurers are being charged for drugs. The marketing arms of companies like Horizon must count on this sort of blindness.

Ramani doesn't receive money or gifts from Horizon. (I confirmed this on ProPublica's Dollars for Docs website, which lists drug-company payments.) He said he likes Vimovo because Horizon covers the patient's out-of-pocket costs, entirely in many cases. Prescribing the generics or over-the-counter medications separately would actually cost more, he said. Which of course is exactly the company's plan. But Ramani agreed that the high cost of the drug to insurers ultimately raises overall health care costs for all Americans.

Knowing Vimovo's price, I asked him if he would continue to prescribe it. "It changes my thought process," he said. "But at the end of the day, I have to think about the patient and whether the patient will be able to pay out of pocket or not."

Ramani said the Horizon drug rep told him Vimovo prescriptions had to go through a particular pharmacy for the patient to receive financial assistance. In its 2016 annual report, Horizon wrote that prescriptions for its drugs might not be filled by certain pharmacies because of insurance-company exclusions, co-payment requirements, or incentives to use lower-priced alternatives. So that's why they didn't give me the option of picking up my pills at my neighborhood drugstore.

Instead, my Vimovo was mailed to me from White Oak Pharmacy in Nutley, New Jersey, which is about 45 minutes from my house. I drove there to find out why. The neighborhood pharmacy is on the bottom floor of a two-story brick building on a street corner, next to a hair salon.

Vishal Chhabria, the pharmacist who owns White Oak, told me the drug company sets the price of Vimovo. He insisted his pharmacy has no special relationship or contract with Horizon. Maybe the drug company steers prescriptions his way, he said, because his pharmacy will process the coupons that reduce or eliminate the patient costs, which some pharmacies don't.

Chhabria said there is no approved generic alternative to Vimovo, so he can't suggest one to patients. And while other drugs, like over-the-counter medications, would be cheaper for the health system overall, they are more expensive for the individual patient, he said.

In poring through Horizon's financial filings, it appears the drug's run may be ending. Horizon said in its report for the first quarter of 2017 that fewer insurance companies have been willing to cover Vimovo and many that do have demanded larger rebates. As a result, Horizon has been eating more of the costs of providing the drug to patients, as they must have in my case. The prescriptions have still been coming in, but net sales were just under $5 million in the first quarter of this year, down 81 percent from the first quarter of 2016.

Critics of Vimovo say that's still more than patients should be spending on the drug. "That number should be zero," said Linda Cahn, an attorney who advises corporations, unions and other payers to help reduce their costs. "If you want to talk about waste, that's waste."

Herrick, the health care economist, said Horizon cashed in by eliminating many of the barriers in the system that are meant to control costs. The company got patients on board by covering their out-of-pocket costs. It appealed to doctors by promoting the benefits to patients. And it did an end-run around chain pharmacies, which typically might suggest a lower-priced alternative, by steering prescriptions to pharmacists who would participate in their patient-assistance program.

"Somebody brainstormed: 'How can we nullify any consumer check and balance in this supply chain? What can we do to keep the customer from asking questions?'" Herrick said.

The scheme that played out with Vimovo is bound to happen again, Herrick said. Maybe it already is. Drug companies are always on the lookout to deploy similar strategies.

I dutifully took my Vimovo for several days, until I noticed it kept me awake until 3 in the morning 2014 a rare side effect. (Perhaps they need to add a third drug to the combo.) I probably have more than 50 pills left in the bottle on my bedside table. Maybe I could sell it back to Horizon for $1,500.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


3 Strategies To Defend GOP Health Bill: Euphemisms, False Statements and Deleted Comments

[Editor's Note: today's guest post is by the reporters as ProPublica. Affordable health care and coverage are important to many, if not most, Americans. It is reprinted with permission.]

by Charles Ornstein, ProPublica

Earlier this month, a day after the House of Representatives passed a bill to repeal and replace major parts of the Affordable Care Act, Ashleigh Morley visited her congressman's Facebook page to voice her dismay.

"Your vote yesterday was unthinkably irresponsible and does not begin to account for the thousands of constituents in your district who rely upon many of the services and provisions provided for them by the ACA," Morley wrote on the page affiliated with the campaign of Representative Peter King (Republican, New York). "You never had my vote and this confirms why."

The next day, Morley said, her comment was deleted and she was blocked from commenting on or reacting to King's posts. The same thing has happened to others critical of King's positions on health care and other matters. King has deleted negative feedback and blocked critics from his Facebook page, several of his constituents say, sharing screenshots of comments that are no longer there.

"Having my voice and opinions shut down by the person who represents me -- especially when my voice and opinion wasn't vulgar and obscene -- is frustrating, it's disheartening, and I think it points to perhaps a larger problem with our representatives and maybe their priorities," Morley said in an interview.

King's office did not respond to requests for comment.

As Republican members of Congress seek to roll back the Affordable Care Act, commonly called Obamacare, and replace it with the American Health Care Act, they have adopted various strategies to influence and cope with public opinion, which polls show mostly opposes their plan. ProPublica, with our partners at Kaiser Health News, Stat and Vox, has been fact-checking members of Congress in this debate and we've found misstatements on both sides, though more by Republicans than Democrats. The Washington Post's Fact Checker has similarly found misstatements by both sides.

Today, we're back with more examples of how legislators are interacting with constituents about repealing Obamacare, whether online or in traditional correspondence. Their more controversial tactics seem to fall into three main categories: providing incorrect information, using euphemisms for the impact of their actions, and deleting comments critical of them. (Share your correspondence with members of Congress with us.)

Incorrect Information

Representative Vicky Hartzler (Republican, Missouri) sent a note to constituents this month explaining her vote in favor of the Republican bill. First, she outlined why she believes the ACA is not sustainable -- namely, higher premiums and few choices. Then she said it was important to have a smooth transition from one system to another.

"This is why I supported the AHCA to follow through on our promise to have an immediate replacement ready to go should the ACA be repealed," she wrote. "The AHCA keeps the ACA for the next three years then phases in a new approach to give people, states, and insurance markets plenty of time to make adjustments."

Except that's not true.

"There are quite a number of changes in the AHCA that take effect within the next three years," wrote ACA expert Timothy Jost, an emeritus professor at Washington and Lee University School of Law, in an email to ProPublica.

The current law's penalties on individuals who do not purchase insurance and on employers who do not offer it would be repealed retroactively to 2016, which could remove the incentive for some employers to offer coverage to their workers. Moreover, beginning in 2018, older people could be charged premiums up to five times more than younger people -- up from three times under current law. The way in which premium tax credits would be calculated would change as well, benefiting younger people at the expense of older ones, Jost said.

"It is certainly not correct to say that everything stays the same for the next three years," he wrote.

In an email, Hartzler spokesman Casey Harper replied, "I can see how this sentence in the letter could be misconstrued. It's very important to the Congresswoman that we give clear, accurate information to her constituents. Thanks for pointing that out."

Other lawmakers have similarly shared incorrect information after voting to repeal the ACA. Representative Diane Black (Republican, Tennessee) wrote in a May 19 email to a constituent that "in 16 of our counties, there are no plans available at all. This system is crumbling before our eyes and we cannot wait another year to act."

Black was referring to the possibility that, in 16 Tennessee counties around Knoxville, there might not have been any insurance options in the ACA marketplace next year. However, 10 days earlier, before she sent her email, BlueCross BlueShield of Tennessee announced that it was willing to provide coverage in those counties and would work with the state Department of Commerce and Insurance "to set the right conditions that would allow our return."

"We stand by our statement of the facts, and Congressman Black is working hard to repeal and replace Obamacare with a system that actually works for Tennessee families and individuals," her deputy chief of staff Dean Thompson said in an email.

On the Democratic side, the Washington Post Fact Checker has called out representatives for saying the AHCA would consider rape or sexual assault as pre-existing conditions. The bill would not do that, although critics counter that any resulting mental health issues or sexually transmitted diseases could be considered existing illnesses.

Euphemisms

A number of lawmakers have posted information taken from talking points put out by the House Republican Conference that try to frame the changes in the Republican bill as kinder and gentler than most experts expect them to be.

An answer to one frequently asked question pushes back against criticism that the Republican bill would gut Medicaid, the federal-state health insurance program for the poor, and appears on the websites of Representative Garret Graves (Republican, Louisiana) and others.

"Our plan responsibly unwinds Obamacare's Medicaid expansion," the answer says. "We freeze enrollment and allow natural turnover in the Medicaid program as beneficiaries see their life circumstances change. This strategy is both fiscally responsible and fair, ensuring we don't pull the rug out on anyone while also ending the Obamacare expansion that unfairly prioritizes able-bodied working adults over the most vulnerable."

That is highly misleading, experts say.

The Affordable Care Act allowed states to expand Medicaid eligibility to anyone who earned less than 138 percent of the federal poverty level, with the federal government picking up almost the entire tab. Thirty-one states and the District of Columbia opted to do so. As a result, the program now covers more than 74 million beneficiaries, nearly 17 million more than it did at the end of 2013.

The GOP health care bill would pare that back. Beginning in 2020, it would reduce the share the federal government pays for new enrollees in the Medicaid expansion to the rate it pays for other enrollees in the state, which is considerably less. Also in 2020, the legislation would cap the spending growth rate per Medicaid beneficiary. As a result, a Congressional Budget Office review released Wednesday estimates that millions of Americans would become uninsured.

Sara Rosenbaum, a professor of health law and policy at the Milken Institute School of Public Health at George Washington University, said the GOP's characterization of its Medicaid plan is wrong on many levels. People naturally cycle on and off Medicaid, she said, often because of temporary events, not changing life circumstances -- seasonal workers, for instance, may see their wages rise in summer months before falling back.

"A terrible blow to millions of poor people is recast as an easing off of benefits that really aren't all that important, in a humane way," she said.

Moreover, the GOP bill actually would speed up the "natural turnover" in the Medicaid program, said Diane Rowland, executive vice president of the Kaiser Family Foundation, a health care think tank. Under the ACA, states were only permitted to recheck enrollees' eligibility for Medicaid once a year because cumbersome paperwork requirements have been shown to cause people to lose their coverage. The American Health Care Act would require these checks every six months -- and even give states more money to conduct them.

Rowland also took issue with the GOP talking point that the expansion "unfairly prioritizes able-bodied working adults over the most vulnerable." At a House Energy and Commerce Committee hearing earlier this year, GOP representatives maintained that the Medicaid expansion may be creating longer waits for home- and community-based programs for sick and disabled Medicaid patients needing long-term care, "putting care for some of the most vulnerable Americans at risk."

Research from the Kaiser Family Foundation, however, showed that there was no relationship between waiting lists and states that expanded Medicaid. Such waiting lists pre-dated the expansion and they were worse in states that did not expand Medicaid than in states that did.

"This is a complete misrepresentation of the facts," Rosenbaum said.

Graves' office said the information on his site came from the House Republican Conference. Emails to the conference's press office were not returned.

The GOP talking points also play up a new Patient and State Stability Fund included in the AHCA, which is intended to defray the costs of covering people with expensive health conditions. "All told, $130 billion dollars would be made available to states to finance innovative programs to address their unique patient populations," the information says. "This new stability fund ensures these programs have the necessary funding to protect patients while also giving states the ability to design insurance markets that will lower costs and increase choice."

The fund was modeled after a program in Maine, called an invisible high-risk pool, which advocates say has kept premiums in check in the state. But Senator Susan Collins (Republican, Maine) says the House bill's stability fund wasn't allocated enough money to keep premiums stable.

"In order to do the Maine model 2014 which I've heard many House people say that is what they're aiming for -- it would take $15 billion in the first year and that is not in the House bill," Collins told Politico. "There is actually $3 billion specifically designated for high-risk pools in the first year."

Deleting Comments

Morley, 28, a branded content editor who lives in Seaford, New York, said she moved into Representative King's Long Island district shortly before the 2016 election. She said she did not vote for him and, like many others across the country, said the election results galvanized her into becoming more politically active.

Earlier this year, Morley found an online conversation among King's constituents who said their critical comments were being deleted from his Facebook page. Because she doesn't agree with King's stances, she said she wanted to reserve her comment for an issue she felt strongly about.

A day after the House voted to repeal the ACA, Morley posted her thoughts. "I kind of felt that that was when I wanted to use my one comment, my one strike as it would be," she said.

By noon the next day, it had been deleted and she had been blocked.

"I even wrote in my comment that you can block me but I'm still going to call your office," Morley said in an interview.

Some negative comments about King remain on his Facebook page. But King's critics say his deletions fit a broader pattern. He has declined to hold an in-person town hall meeting this year, saying, "to me all they do is just turn into a screaming session," according to CNN. He held a telephonic town hall meeting but only answered a small fraction of the questions submitted. And he met with Liuba Grechen Shirley, the founder of a local Democratic group in his district, but only after her group held a protest in front of his office that drew around 400 people.

"He's not losing his health care," Grechen Shirley said. "It doesn't affect him. It's a death sentence for many and he doesn't even care enough to meet with his constituents."

King's deleted comments even caught the eye of Andy Slavitt, who until January was the acting administrator of the Centers for Medicare and Medicaid Services. Slavitt has been traveling the country pushing back against attempts to gut the ACA.

.@RepPeteKing, are you silencing your constituents who send you questions? Assume ppl in district will respond if this is happening.

-- Andy Slavitt (@ASlavitt) May 12, 2017

Since the election, other activists across the country who oppose the president's agenda have posted online that they have been blocked from following their elected officials on Twitter or commenting on their Facebook pages because of critical statements they've made about the AHCA and other issues.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


America's Other Drug Problem

[Editor's Note: today's guest blog post, by reporters at ProPublica, explores the waste problem in the health care industry, and the accompanying pollution. It is reprinted with permission.]

by Marshall Allen, ProPublica

Every week in Des Moines, Iowa, the employees of a small nonprofit collect bins of unexpired prescription drugs tossed out by nursing homes after residents died, moved out or no longer needed them. The drugs are given to patients who couldn't otherwise afford them.

But travel 1,000 miles east to Long Island, New York, and you'll find nursing homes flushing similar leftover drugs down the toilet, alarming state environmental regulators worried they'll further contaminate the water supply.

In Baltimore, Maryland, a massive incinerator burns up tons of the drugs each year -- for a fee -- from nursing homes across the Eastern seaboard.

If you want to know why the nation's health care costs are among the highest in the world, a good place to start is with what we throw away. Across the country, nursing homes routinely toss large quantities of perfectly good prescription medication: tablets for diabetes, syringes of blood thinners, pricey pills for psychosis and seizures.

At a time when anger over soaring drug costs has perhaps never been more intense, redistributing discarded drugs seems like a no-brainer. Yet it's estimated that American taxpayers, through Medicare, spend hundreds of millions of dollars each year on drugs for nursing home patients -- much of which literally go down the tubes.

"It would not surprise me if as much as 20 percent of the medications we receive we end up having to destroy," said Mark Coggins, who oversees the pharmacy services for Diversicare, a chain of more than 70 nursing homes in 10 states. "It's very discouraging throwing away all those drugs when you know it can benefit somebody."

No one tracks this waste nationwide, but estimates show it's substantial. Colorado officials have said the state's 220 long-term care facilities throw away a whopping 17.5 tons of potentially reusable drugs every year, with a price tag of about $10 million. The Environmental Protection Agency estimated in 2015 that about 740 tons of drugs are wasted by nursing homes each year.

This is, of course, part of a bigger problem. The National Academy of Medicine estimated in 2012 that the United States squanders more than a quarter of what it spends on health care 2014 about $765 billion a year.

ProPublica is investigating the types of waste in health care that academics and politicians typically overlook. Our first installment examined the tens of millions worth of equipment and brand new supplies that hospitals jettison.

Today we look at the wasteful, and potentially harmful, ways nursing homes dispose of leftover meds -- and how some states, like Iowa, have found a solution.

On a recent Wednesday in Des Moines, Ami Bradwell, a certified pharmacy technician, popped open the lids of several 31-gallon bins full of prescription drugs. In each were hundreds of what are known as "bingo cards" filled with rows of pills in sealed bubbles.

"Metformin -- for diabetics," Bradwell said, holding up a card of large white pills. "It's not crazy expensive, but it's in high demand."

She held up an entire box of the anti-nausea drug Ondansetron. It goes for about $5 a pill, according to the website drugs.com. "Expensive."

Another card had three large pills stuffed in each chamber, a find Bradwell called "a 'jackpot' card. You can't live without it because it's a seizure medication."

Image from SafeNetRx Drug Donation Repository Bradwell works for the nonprofit SafeNetRx. Each week the group takes in dozens of bins full of such drugs, as well as boxes mailed in from across Iowa and several other states -- pharmaceutical trash that exists because, for convenience and cost, long-term care pharmacies often dispense nursing home patients' medications in bulk, a month's worth at a time.

Should a patient die, leave or stop taking the drug, what's left is typically tossed. The drugs have already been paid for, by Medicare in most cases, so there's little incentive to try to recycle them. In some states, such reuse is against the law.

Some of the cards Bradwell examined that day were missing only a few pills. One card had been thrown out even though it only lacked one of its 31 doses of oxybutynin, which reduces muscle spasms of the bladder. The remaining 30 are worth more than $13.

"There are literally millions of dollars of prescription medications thrown away every day in this country," said John Forbes, an Iowa pharmacist who dispenses SafeNetRx's recovered drugs to his low-income patients.

Although most states technically allow some leftover drugs to be recycled, Iowa is one of the few rescuing a significant percentage of the drugs from destruction. The state funds the program for about $600,000 a year, said SafeNetRx CEO Jon Rosmann, who calls it a "common sense" solution. In fiscal 2016 the program recovered and distributed drugs valued at about $3.4 million. This year it's on pace to top $5 million.

Forbes, who is also an Iowa state representative, said there are additional savings when low-income patients have access to the drugs they need. Patients who don't take their drugs "end up in the emergency room," he said, "which will wind up costing our health care system way more money."

At SafeNetRx, the drugs are sorted and organized in a 1,500-square-foot room lined with shelves stacked with bins of drugs. In the center, folding tables hold hundreds of bingo cards, sorted alphabetically by generic drug name, from the blood pressure drug acebutolol to the antipsychotic ziprasidone. None of the medications are controlled substances, though those may be included in the future.

Pharmacy officials say there may be a million dollars' worth of drugs in this small room. The 30 mg syringes of the blood thinner Enoxaparin are used by patients for weeks before and after heart surgery. They can go for $13 per dose.

One box contains scores of doses of Spiriva, inhalation capsules for chronic obstructive pulmonary disease that would sell for about $18 each. The antipsychotic Abilify runs about $46 per pill.

The biggest ticket items are the cancer drugs. They are typically donated directly from patients or their families. Those can run $8,000 or more per month.

The cancer drugs are passed on to people like Amber Judge, a patient advocate at Medical Oncology and Hematology Associates, a cancer clinic in Des Moines. Judge is accustomed to patients coming into her office in a panic. They've just learned they have cancer, only to find out they can't afford the drugs they need to battle the disease. That's when Judge opens one of the file drawers in her office, which are filled with tens of thousands of dollars' worth of the drugs recovered by SafeNetRx.

In one filing drawer she has about 30 boxes of Tasigna, which costs about $100 per pill. In another drawer she has a gallon-sized plastic bag with bottles of Stivarga, about $188 per pill.

The process is similar to patients receiving drug samples at a doctor's office. They leave her office with the drugs they need -- for free.

"I give them a month's supply if I have it," Judge said. "They're so thankful. They're incredulous."

In many places in the United States, however, these leftover drugs meet a very different end, one that is not only wasteful, but potentially harmful.

In recent years, scientists have detected something disturbing in the Long Island's aquifer: low levels of pharmaceuticals.

Though consumers have been warned not to flush their drugs down the toilet because sewer waste can contaminate groundwater, many still do it; more worrisome still, flushing remains a common practice at nursing homes in New York and across the country. The effects of such contamination on humans are unclear, but it has been shown to slow the metamorphosis of frogs and increase the feminization of fish.

Three years ago, New York's Department of Environmental Conservation started an annual program, funded by the state legislature, to scoop up unused medications before they were flushed. Even though the pickup service is free to facilities, only two dozen of 169 eligible Long Island nursing homes participated this February, turning over 660 pounds of drugs.

Those valuable medications didn't go into the water supply, but they didn't go to needy patients, either, though such recycling is now allowed in New York. Instead, they went to an incinerator company. Experts, including the EPA, have recommended incineration for getting rid of pharmaceuticals.

Destroying the unused drugs is always going to have environmental implications, said Carrie Meek Gallagher, region 1 director for the department. "It's always a trade-off of what's most harmful. For us, anything getting into the water is the worst solution."

The National Conference of State Legislatures said 39 states had passed laws that allowed the donation of drugs. But almost half of these states with laws lack programs to get the drugs safely from one appropriate user to another, and many of those that do have programs are focused on cancer drugs, the analysis showed.

There hasn't been a lot of public opposition to redistributing the drugs, even among drugmakers. Most concerns circle around logistics, although in Illinois trial attorneys have lobbied against a proposed program, saying it muddies liability issues.

Richard Cauchi, program director for health for the conference of state legislatures, said just passing laws doesn't guarantee success. A state agency or organization needs to oversee the program, encouraging participation and streamlining its administration so it's not a burden for pharmacies and nursing homes.

"It's a lot of work, and from a retail point of view, an expense," Cauchi said. "How do you accept these drugs? How do you confirm their safety? How do you know they meet the proper standards?"

Federal agencies are of little help, each pursuing their own, often contradictory, agendas.

The EPA discourages flushing drugs because they contaminate the water supply. But it doesn't have the authority to prohibit "sewering" the medications. Only local authorities can take that stance. It has, however, proposed reclassifying the unused drugs as hazardous waste, which would then prohibit flushing them.

The Food and Drug Administration says certain medications are so dangerous that they should be disposed of immediately, even if that means flushing them. It even provides a list of drugs recommended for flushing, mostly controlled substances like diazepam, better known as Valium, and the potent painkiller fentanyl.

The Drug Enforcement Administration wants to ensure controlled substances, like narcotic painkillers, aren't diverted to the illegal drug market. It has recommended that long-term pharmacies collect leftover drugs by placing boxes in nursing homes that must be emptied at least every three days, but that creates expense, hassle and potential liability.

Some advocates say the makers of the drugs should be responsible for disposing or recycling them. Scott Cassel, CEO of the Product Stewardship Institute, a nonprofit organization dedicated to reducing the environmental impact of consumer products, said the producers of batteries, electronics, paint and other products are required by law in some areas to pay for the safe disposal of their products. Similar laws require drug makers to pay for the destruction of leftover household drugs in two states and about a dozen counties, but no laws address nursing homes.

Coggins, who leads the pharmacy services for the Diversicare chain, said people in the nursing home industry would like to do something about the waste. But their options are dictated by laws and regulations, and there's been a lack of investment in cost-effective solutions like the one in Iowa.

About half the states where Diversicare operates allow the donation of unused drugs, but the programs required too much work sorting and inventorying the drugs without any reimbursement, he said. "It's like people have created legislation and it's a feel-good thing, but nobody's come back to see why it's not working."

Diversicare avoids flushing drugs whenever possible, Coggins said, but it still occurs sometimes. The organization has switched to a product called Rx Destroyer that chemically deactivates the medication so it can be put in the trash, he said, but even that is controversial because it goes into a landfill.

In many nursing homes, flushing is just part of the routine.

"Oh my goodness, it's so sad," said Jennifer Ramsey, a nurse who formerly worked as a house supervisor for a nursing home in South Haven, Mississippi. Once a month she and another nurse would gather all the unused blister packs of medication, she said, piles of them, probably worth tens of thousands of dollars. Then they would pop the pills one by one into the toilet.

"You would spend almost your whole eight-hour day doing it," Ramsey recalled.

Ramsey now works for the nonprofit Good Shepherd Pharmacy in Memphis. In Tennessee, the law requires nursing homes to destroy unused drugs on site. Good Shepherd's founder is pressing to change the law so the drugs can be saved and donated.

In March, state Rep. Cameron Sexton, a Republican whose wife is a pharmacist, introduced a bill that would allow unexpired medications to be donated in Tennessee. "Unfortunately, we don't have a process set up to do that so all these drugs have to be destroyed," he said.

Perhaps the most graphic way to see the waste firsthand is a visit to the Curtis Bay Medical Waste facility on the south side of Baltimore, home of the largest incinerator of its kind in the country.

Here Curtis Bay's fleet of trucks delivers load after load of unused, unexpired drugs from hundreds of nursing homes and other facilities and clinics up and down the East Coast. Drugs also come from medical waste companies like SteriCycle and Daniels Sharpsmart. In 2015, 204 tons of non-hazardous pharmaceutical waste came from the Daniels location in the Bronx, according to records filed in New York. Such waste includes not only drugs tossed by nursing homes, but also those from hospitals, doctors' offices and other facilities.

Inside Curtis Bay, the drugs are processed and destroyed in an area the size of several hockey rinks. A conveyor belt about 15 feet off the ground snakes through the facility loaded with hundreds of boxes of pharmaceutical and medical waste 2014 all leading to the two incineration chambers.

On a recent visit, the chamber was over 2,000 degrees, a heat that could be felt from 20 feet away.

From a platform above the incinerator's maw, you can watch as thousands of dollars of potentially lifesaving pills and medications tumble, box by box, into the steaming opening. Then they are shoveled into the blaze.

Experts say incineration is the least environmentally objectionable end-of-life option for unused drugs. But it's also the most expensive destruction method -- from 50 cents to a dollar per pound, paid for by the facilities themselves -- which is why many nursing homes resort to flushing.

Nursing homes save the disposal fees in Iowa, because they can donate them to SafeNetRx, where they benefit needy patients like Max Armstrong.

The 82-year-old suffers from multiple chronic conditions -- emphysema, congestive heart failure and more. The ailments were manageable until 2015, when he suffered blood clots in his leg and lung. Doctors put him on the generic blood thinner warfarin, but it "almost killed me," he said, so he switched to Xarelto, a newer brand name drug that costs about $700 a month.

The total tab for the Xarelto and the other 14 medications Armstrong must take each month would cost at least $1,200, according to his daughter. Armstrong, whose savings took a hit during the financial crisis, lives on $1,158 a month in Social Security.

It's "stupid" to throw away drugs that can keep so many other people healthy, Armstrong said. "There's a lot of people out there in this world who need help."

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


We Fact-Checked Lawmakers' Letters To Constituents on Health Care

[Editor's Note: today's guest post, by the reporters at ProPublica, explores the problem of "fake news" and whether elected officials contribute to the problem while discussing health care legislation. The article was originally published yesterday, and is reprinted with permission. Interested persons wanting to help ProPublica's ongoing fact-checking efforts can share with ProPublica messages you have received from your elected officials.]

by Charles Ornstein, ProPublica

When Louisiana resident Andrea Mongler wrote to her senator, Bill Cassidy, in support of the Affordable Care Act, she wasn't surprised to get an email back detailing the law's faults. Cassidy, a Republican who is also a physician, has been a vocal critic.

"Obamacare" he wrote in January, "does not lower costs or improve quality, but rather it raises taxes and allows a presidentially handpicked 'Health Choices Commissioner' to determine what coverage and treatments are available to you."

There's one problem with Cassidy's ominous-sounding assertion: It's false.

The Affordable Care Act, commonly called Obamacare, includes no "Health Choices Commissioner." Another bill introduced in Congress in 2009 did include such a position, but the bill died 2014 and besides, the job as outlined in that legislation didn't have the powers Cassidy ascribed to it.

As the debate to repeal the law heats up in Congress, constituents are flooding their representatives with notes of support or concern, and the lawmakers are responding, sometimes with form letters that are misleading. A review of more than 200 such letters by ProPublica and its partners at Kaiser Health News, Stat and Vox, found dozens of errors and mis-characterizations about the ACA and its proposed replacement. The legislators have cited wrong statistics, conflated health care terms and made statements that don't stand up to verification.

It's not clear if this is intentional or if the lawmakers and their staffs don't understand the current law or the proposals to alter it. Either way, the issue of what is wrong -- and right -- about the current system has become critical as the House prepares to vote on the GOP's replacement bill today.

"If you get something like that in writing from your U.S. senator, you should be able to just believe that," said Mongler, 34, a freelance writer and editor who is pursuing a master's degree in public health. "I hate that people are being fed falsehoods, and a lot of people are buying it and not questioning it. It's far beyond politics as usual."

Cassidy's staff did not respond to questions about his letter.

Political debates about complex policy issues are prone to hyperbole and health care is no exception. And to be sure, many of the assertions in the lawmakers' letters are at least partially based in fact.

Democrats, for instance, have been emphasizing to their constituents that millions of previously uninsured people now have medical coverage thanks to the law. They say insurance companies can no longer discriminate against millions of patients with pre-existing conditions. And they credit the law with allowing adults under age 26 to stay on their parents' health plans. All true.

For their part, Republicans criticize the law for not living up to its promises. They say former President Obama pledged that people could keep their health plans and doctors and premiums would go down. Neither has happened. They also say that insurers are dropping out of the market and that monthly premiums and deductibles (the amount people must pay before their coverage kicks in) have gone up. All true.

But elected officials in both parties have incorrectly cited statistics and left out important context. We decided to take a closer look after finding misleading statements in an email Senator Roy Blunt (R-Missouri) sent to his constituents. We solicited letters from the public and found a wealth of misinformation, from statements that were simply misleading to whoppers. More Republicans fudged than Democrats, though both had their moments.

An aide to Rep. Dana Rohrabacher (R-California) defended his hyperbole as "within the range of respected interpretations."

"Do most people pay that much attention to what their congressman says? Probably not," said Sherry Glied, dean of New York University's Robert F. Wagner Graduate School of Public Service, who served as an assistant Health and Human Services secretary from 2010 to 2012. "But I think misinformation or inaccurate information is a bad thing and not knowing what you're voting on is a really bad thing."

We reviewed the emails and letters sent by 51 senators and 134 members of the House within the past few months. Here are some of the most glaring errors and omissions:

Rep. Pat Tiberi (R-Ohio) incorrectly cited the number of Ohio counties that had only one insurer on the Affordable Care Act insurance exchange.

What he wrote: "In Ohio, almost one third of counties will have only one insurer participating in the exchange."

What's misleading: In fact, only 23 percent (less than one quarter) had only one option, according to an analysis by the Kaiser Family Foundation.

His response: A Tiberi spokesperson defended the statement. "The letter says 'almost' because only 9 more counties in Ohio need to start offering only 1 plan on the exchanges to be one third."

Why his response is misleading: Ohio has 88 counties. A 10 percent difference is not "almost."

Representative Kevin Yoder (R-Kansas) said that the quality of health care in the country has declined because of the ACA, offering no proof.

What he wrote: "Quality of care has decreased as doctors have been burdened with increased regulations on their profession."

Why it's misleading: Some data shows that health care has improved after the passage of the ACA. Patients are less likely to be readmitted to a hospital within 30 days after they have been discharged, for instance. Also, payments have been increasingly linked to patients' outcomes rather than just the quantity of services delivered. A 2016 report by the Commonwealth Fund, a health care nonprofit think tank, found that the quality care has improved in many communities following the ACA.

His response: None.

Representative Anna Eshoo (D-California) misstated the percentage of Medicaid spending that covers the cost of long-term care, such as nursing home stays.

What she wrote: "It's important to note that 60 percent of Medicaid goes to long-term care and with the evisceration of it in the bill, this critical coverage is severely compromised."

What's misleading: Medicaid does not spend 60 percent of its budget on long-term care. The figure is closer to a quarter, according to the Center on Budget and Policy Priorities, a liberal think tank. Medicaid does, however, cover more than 60 percent of all nursing home residents.

Her response: Eshoo's office said the statistic was based on a subset of enrollees who are dually enrolled in Medicaid and Medicare. For this smaller group, 62 percent of Medicaid expenditures were for long-term support services, according to the Kaiser Family Foundation.

What's misleading about the response: Eshoo's letter makes no reference to this population, but instead refers to the 75 million Americans on Medicaid.

Representative Chuck Fleischmann (R-Tennessee) pointed to the number of uninsured Americans as a failure of the ACA, without noting that the law had dramatically reduced the number of uninsured.

What he wrote: "According to the U.S. Census Bureau, approximately thirty-three million Americans are still living without health care coverage and many more have coverage that does not adequately meet their health care needs."

Why it's misleading: The actual number of uninsured in 2015 was about 29 million, a drop of 4 million from the prior year, the Census Bureau reported in September. Fleischmann's number was from the previous year.

Beyond that, reducing the number of uninsured by more than 12 million people from 2013 to 2015 has been seen as a success of Obamacare. And the Republican repeal-and-replace bill is projected to increase the number of uninsured.

His response: None.

Rep. Joseph P. Kennedy III (D-Massachusetts) overstated the number of young adults who were able to stay on their parents' health plan as a result of the law.

What he wrote: The ACA "allowed 6.1 million young adults to remain covered by their parents' insurance plans."

What's misleading: A 2016 report by the U.S. Department of Health and Human Services, released during the Obama administration, however, pegged the number at 2.3 million.

Kennedy may have gotten to 6.1 million by including 3.8 million young adults who gained health insurance coverage through insurance marketplaces from October 2013 through early 2016.

His response: A spokeswoman for Kennedy said the office had indeed added those two numbers together and would fix future letters.

Representative Blaine Luetkemeyer (R-Missouri.) said that 75 percent of health insurance marketplaces run by states have failed. They have not.

What he said: "Nearly 75 percent of state-run exchanges have already collapsed, forcing more than 800,000 Americans to find new coverage."

What's misleading: When the ACA first launched, 16 states and the District of Columbia opted to set up their own exchanges for residents to purchase insurance, instead of using the federal marketplace, known as Healthcare.gov.

Of the 16, four state exchanges, in Oregon, Hawaii, New Mexico and Nevada, failed, and Kentucky plans to close its exchange this year, according to a report by the House Energy and Commerce Committee. While the report casts doubt on the viability of other state exchanges, it is clear that 3/4 have not failed.

His response: None.

Representative Dana Rohrabacher (R-California) overstated that the ACA "distorted labor markets," prompting employers to shift workers from full-time jobs to part-time jobs.

What he said: "It has also, through the requirement that employees that work thirty hours or more be considered full time and thus be offered health insurance by their employer, distorted the labor market."

What's misleading: A number of studies have found little to back up that assertion. A 2016 study published by the journal Health Affairs examined data on hours worked, reason for working part time, age, education and health insurance status. "We found only limited evidence to support this speculation" that the law led to an increase in part-time employment, the authors wrote. Another study found much the same.

In addition, PolitiFact labeled as false a statement last June by President Donald Trump in which he said, "Because of Obamacare, you have so many part-time jobs."

His response: Rohrabacher spokesman Ken Grubbs said the congressman's statement was based on an article that said, "Are Republicans right that employers are capping workers' hours to avoid offering health insurance? The evidence suggests the answer is 'yes,' although the number of workers affected is fairly small."

We pointed out that "fairly small" was hardly akin to distorting the labor market. To which Grubbs replied, "The congressman's letter is well within the range of respected interpretations. That employers would react to Obamacare's impact in such way is so obvious, so nearly axiomatic, that it is pointless to get lost in the weeds," Grubbs said.

Representative Mike Bishop (R-Michigan) appears to have cited a speculative 2013 report by a GOP-led House committee as evidence of current and future premium increases under the ACA.

What he wrote: "Health insurance premiums are slated to increase significantly. Existing customers can expect an average increase of 73 percent, while the average change due to Obamacare for those purchasing a new plan will be a 96 percent increase in premiums. The average cost for a new customer in the individual market is expected to rise $1,812 per year."

What's misleading: The figures seem to have come from a report issued before the Obamacare insurance marketplaces launched and before 2014 premiums had been announced. The letter implies these figures are current. In fact, premium increases by and large have been moderate under Obamacare. The average monthly premium for a benchmark plan, upon which federal subsidies are calculated, increased about 2 percent from 2014 to 2015; 7 percent from 2015 to 2016; and 25 percent this year, for states that take part in the federal insurance marketplace.

His response: None

Representative Dan Newhouse (R-Washington) misstated the reasons why Medicaid costs per person were higher than expected in 2015.

What he wrote: "A Medicaid actuarial report from August 2016 found that the average cost per enrollee was 49 percent higher than estimated just a year prior 2014 in large part due to beneficiaries seeking care at more expensive hospital emergency rooms due to difficulty finding a doctor and long waits for appointments."

What's misleading: The report did not blame the higher costs on the difficulty patients had finding doctors. Among the reasons the report did cite: patients who were sicker than anticipated and required a raft of services after being previously uninsured. The report also noted that costs are expected to decrease in the future.

His response: None

Senator Dick Durbin (D-Ill.) wrongly stated that family premiums are declining under Obamacare.

What he wrote: "Families are seeing lower premiums on their insurance, seniors are saving money on prescription drug costs, and hospital readmission rates are dropping."

What's misleading: Durbin's second and third points are true. The first, however, is misleading. Family insurance premiums have increased in recent years, although with government subsidies, some low- and middle-income families may be paying less for their health coverage than they once did.

His response: Durbin's office said it based its statement on an analysis published in the journal Health Affairs that said that individual health insurance premiums dropped between 2013 and 2014, the year that Obamacare insurance marketplaces began. It also pointed to a Washington Post opinion piece that said that premiums under the law are lower than they would have been without the law.

Why his response is misleading: The Post piece his office cites states clearly, "Yes, insurance premiums are going up, both in the health care exchanges and in the employer-based insurance market."

Representative Susan Brooks (R-Ind.) told constituents that premiums nationwide were slated to jump from 2016 to 2017, but failed to mention that premiums for some plans in her home state actually decreased.

What she wrote: "Since the enactment of the ACA, deductibles are up, on average, 63 percent. To make matters worse, monthly premiums for the "bronze plan" rose 21 percent from 2016 to 2017. 2026 Families and individuals covered through their employer are forced to make the difficult choice: pay their premium each month or pay their bills."

What's misleading: Brooks accurately cited national data from the website HealthPocket, but her statement is misleading. Indiana was one of two states in which the premium for a benchmark health plan -- the plan used to calculate federal subsidies -- actually went down between 2016 and 2017. Moreover, more than 80 percent of marketplace consumers in Indiana receive subsidies that lowered their premium costs. The HealthPocket figures refer to people who do not qualify for those subsidies.

Her response: Brooks' office referred to a press release from Indiana's Department of Insurance, which took issue with an Indianapolis Star story about premiums going down. The release, from October, when Vice President Mike Pence was Indiana's governor, said that the average premiums would go up more than 18 percent over 2016 rates based on enrollment at that time. In addition, the release noted, 68,000 Indiana residents lost their health plans when their insurers withdrew from the market.

Why her response is misleading: For Indiana consumers who shopped around, which many did, there was an opportunity to find a cheaper plan.

Senator Ron Wyden (D-Ore.) incorrectly said that the Republican bill to repeal Obamacare would cut funding for seniors in nursing homes.

What he wrote: "It's terrible for seniors. Trumpcare forces older Americans to pay 5 times the amount younger Americans will -- an age tax -- and slashes Medicaid benefits for nursing home care that two out of three Americans in nursing homes rely on."

What's misleading: Wyden is correct that the GOP bill, known as the American Health Care Act, would allow insurance companies to charge older adults five times higher premiums than younger ones, compared to three times higher premiums under the existing law. However, it does not directly slash Medicaid benefits for nursing home residents. It proposes cutting Medicaid funding and giving states a greater say in setting their own priorities. States may, as a result, end up cutting services, jeopardizing nursing home care for poor seniors, advocates say, because it is one of the most expensive parts of the program.

His response: Taylor Harvey, a spokesman for Wyden, defended the statement, noting that the GOP health bill cuts Medicaid funding by $880 billion over 10 years and places a cap on spending. "Cuts to Medicaid would force states to nickel and dime nursing homes, restricting access to care for older Americans and making it a benefit in name only," he wrote.

Why his response is misleading: The GOP bill does not spell out how states make such cuts.

Representative Derek Kilmer (D-Washington) misleadingly said premiums would rise under the Obamacare replacement bill now being considered by the House.

What he wrote: "It's about the 24 million Americans expected to lose their insurance under the Trumpcare plan and for every person who will see their insurance premiums rise 2014 on average 10-15 percent."

Why it's misleading: First, the Congressional Budget Office did estimate that the GOP legislation would cover 24 million fewer Americans by 2026. But not all of those people would "lose their insurance." Some would choose to drop coverage because the bill would no longer make it mandatory to have health insurance, as is the case now.

Second, the budget office did say that in 2018 and 2019, premiums under the GOP bill would be 15-20 percent higher than they would have been under Obamacare because the share of unhealthy patients would increase as some of those who are healthy drop out. But it noted that after that, premiums would be lower than under the ACA.

His response: None.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


The Boston Keep ACA Rally on January 15 And Senator Warren's Remarks

Crowd gathering an hour before Boston healthcare rally. January 15,, 2017. click to view larger version On Sunday January 15, 2017 I attended the healthcare rally in Boston at iconic Faneuil Hall. It was one of a dozen rallies around the United States. Several people spoke, including Boston Mayor Marty Walsh, U.S. Senator Elizabeth Warren, activist Sarah Grow, Carla Leviano, and U.S. Senator Edward Markey. The attendance was great and far exceeded the capacity for the auditorium inside Faneuil Hall, where it was originally planned.

The event continued outside with what I estimated at least five thousand people standing in the cold 27 degrees Fahrenheit temperature. This blog post contains several photographs I took. The photo on the right shows the crowd gather more than hour before the official 1:00 pm start of the rally.

Carla Lievano, a single-mother whose family is on MassHealth, is worried about losing her health benefits if the Affordable Care Act is repealed. She said:

"I could lose my health benefits... I’m very low income. I don’t know how I would take care of [my daughter]..."

Senator Warren speaking at January 15, 2017 healthcare rally in Boston. Click to view larger version Grow shared the story of her mother's battle against cancer, and how the Affordable Care Act (ACA and a//k/a Obamacare) saved her mother's life. Her mother was able to find a replacement plan under the ACA. Below is the transcript of Senator Elizabeth Warren's remarks (courtesy of the Boston Globe):

"For eight years, Republicans in Congress have complained about health care in America, heaping most of the blame on President Obama. Meanwhile, they’ve hung out on the sidelines making doomsday predictions and cheering every stumble, but refusing to lift a finger to actually improve our health care system.

The GOP is about to control the White House, Senate, and House. So what’s the first thing on their agenda? Are they working to bring down premiums and deductibles? Are they making fixes to expand the network of doctors and the number of plans people can choose from? Nope. The number one priority for congressional Republicans is repealing the Affordable Care Act and breaking up our health care system while offering zero solutions.

Their strategy? Repeal and run.

Many Massachusetts families are watching this play out, worried about what will happen — including thousands from across the Commonwealth that I joined at Faneuil Hall on Sunday to rally in support of the ACA. Hospitals and insurers are watching too, concerned that repealing the ACA will create chaos in the health insurance market and send costs spiraling out of control.

Health care reform in Massachusetts wasn’t partisan. Democrats, Republicans, business leaders, hospitals, insurers, doctors, and consumers all came together behind a commitment that every single person in our Commonwealth deserves access to affordable, high-quality care. When Republican Governor Mitt Romney signed Massachusetts health reform into law in 2006, our state took huge strides toward offering universal health care coverage and financial security to millions of Bay State residents.

That law was a major step forward. Today, more than 97 percent of Bay Staters are covered — the highest rate of any state in the country.

But Massachusetts still has a lot to lose if the ACA is repealed. One big reason for our state’s health care success is that we took advantage of the new opportunities offered under the ACA. In addition to making care more accessible and efficient, our state expanded Medicaid, using federal funds to help even more people. And we combined federal and state dollars to help reduce the cost of insurance on the Health Connector.

When the ACA passed, Massachusetts already had in place some of the best consumer protections in the nation. But the ACA still made a big difference. It strengthened protections for people in Massachusetts with pre-existing conditions, allowed for free preventive care visits, and — for the first time in our state — banned setting lifetime caps on benefits.

If the ACA is repealed, our health care system would hang in the balance. Half a million people in the Commonwealth would risk losing their coverage. People who now have an iron-clad guarantee that they can’t be turned away due to their pre-existing conditions or discriminated against because of their gender could lose that security. Preventive health care, community health centers, and rural hospitals could lose crucial support. In short, the Massachusetts health care law is a big achievement and a national model, but it also depends on the ACA and a strong partnership with the federal government.

If the cost-sharing subsidies provided by the ACA are slashed to zero, Massachusetts will have a tough time keeping down the cost of plans on the Health Connector. The state can’t make funds appear out of thin air to help families on the Medicaid expansion if Republicans yank away support. And our ability to address the opioid crisis will be severely hampered if people lose access to health insurance or if the federal funding provided through the Medicaid waiver disappears. Even in states with strong health care systems — states like Massachusetts — the ACA is critical.

The current system isn’t perfect — not by a long shot. There are important steps Congress could take to lower deductibles and premiums, to expand the network of doctors people can see on their plans, and to increase the stability and predictability of the market. We should be working together to make health care better all across the country, just like we’ve tried to do here in Massachusetts.

This doesn’t need to be a partisan fight. But if congressional Republicans continue to pursue repeal of the ACA with nothing more than vague assurances that they might — someday — think up a replacement plan, the millions of Americans who believe in guaranteeing people’s access to affordable health care will fight back every step of the way.

Repeal and run is for cowards."

Want to read more? Try these hashtags on social networking sites: #repealandrun #ourfirststand #savehealthcare #CareNotChaos. Below are more photos from Sunday's event in Boston.

Protester sign at Boston healthcare rally
Protester sign. Boston healthcare rally. 1/15/17

Protester sign at Boston healthcare rally
Protester sign at Boston healthcare rally. 1/15/17

Boston Mayor Marty Walsh speaking at healthcare rally January 15, 2017
Mayor Marty Walsh speaking at healthcare rally. 1/15/17

View of crowd at Boston healthcare rally January 15, 2017
View from crowd at Boston healthcare rally. 1/15/17


Potential Security Issues Regarding the Internet of Things

Header potential IoT device security issues

[Editor's Note: today's blog post is by guest author Cassie Phillips, a technology blogger who developed a special interest in cybersecurity after her webcam was hacked. While she’s interested to see how the Internet of Things changes how we use technology, she is very concerned about all the risks it poses.]

By Cassie Phillips

Many people and organizations have raised concerns about the potential risks related to the Internet of Things (IoT). It turns out that they were right to be concerned. Last month the France-based hosting provider, OVH, fell victim to an enormous distributed denial-of-service (DDoS) attack on the Minecraft servers that OVH was hosting.

DDoS attacks are attempts to make a resource (usually a website) inaccessible to its users through an inundation of requests, aiming to overburden the system. In the past, DDoS attacks were carried out by computers, with or without their owner’s consent. Hot Hardware reported:

“OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices… Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs.”

Before the attack on OVH, there was another DDoS attack on prominent internet security researcher Brian Krebs’ website. This attack was also carried out by IoT devices. Akamai Technologies Inc., a provider of security services worldwide for major companies, cut ties with Mr. Krebs because the DDoS attack on Krebs’ website was enormous. Josh Shaul, Akamai’s vice president, said it was the worst DDoS attack the company had ever seen.

These broad attacks prove that the IoT does pose a significant security risk. And DDoS attacks are by no means the only security risks that the IoT presents. Let’s look at what the IoT is, the risks it presents and, most importantly, how to ensure that any IoT devices you use are secure.

What Is the Internet of Things?
The IoT is the idea that any device can be designed to be able to connect to the internet and other devices. These devices include mobile phones, washing machines, refrigerators, coffee makers, televisions, home thermostats, motion sensors, headphones, Barbie dolls and baby monitors. There is no limit except the imagination.

There are even buildings, cars, and health-related implants (such as pacemakers) that can connect to the internet and to each other. All of these devices can exchange information and collect data, creating a huge pool of information and an enormous network.

What Risks Does the Internet of Things Pose?
As mentioned above, the IoT poses a few risks and concerns. There are four key risks associated with the IoT, with the first being reliability. IoT devices are not necessarily reliable. While this may not be a crisis if the device in question is a refrigerator, it is deadly if devices such as cars fail or are hacked.

The second major risk related to the IoT is privacy. Each device in a network of the IoT can collect and share data. As consumers, we don’t always know who gets this data and what it is used for. The data will almost certainly be used to track consumers’ behavior, allowing companies to target each consumer with tailor-made advertising. While this data probably won’t always be used for nefarious purposes, it can be used in a way that violates our right to privacy. According to Buzzfeed:

“ "We were sleeping in bed, and basically heard some music coming from the nursery, but then when we went into the room the music turned off,” said the anonymous mother. They tracked the IP address that had accessed their camera and discovered a website with “thousands and thousands of pictures of cameras just like their own.” Anyone could use the site to access hacked cameras and monitors located in at least 15 different countries."

This leads to the third major risk associated with the IoT, namely security. Again, each of the IoT devices collects and transmits data. If these devices are hacked, criminals will have access to vast amounts of consumers' private information. Depending on the device, criminals can learn our routines, find out what valuables we keep in our homes, gain access to information about any security measures we use, and even collect sensitive information such as financial payment information.

Another security risk is the potential for hacking medical devices and implants. According to a report by research and advisory firm, Forrester, ransomware in medical devices is the single biggest cybersecurity threat for this year. Security researchers have already managed to hack into hospitals’ networks, pacemakers and other medical devices. This will put people’s lives at risk.

The potential for cyberattacks is the fourth major risk associated with the IoT. Because all these devices are connected, they have the potential to spread malware across homes and entire companies. However, the greatest risk lies in criminals’ ability to use our IoT devices in massive cyberattacks, such as the DDoS attack on OVH. Widespread vulnerabilities are only a few missteps away, and that is a seriously concerning fact.

How to Protect Yourself When Using IoT Devices
Given the risks listed above, it’s vital that consumers learn to protect our devices, our homes, and ourselves. The following actions are all essential to your security when using IoT devices:

  • Carefully consider how much connectivity you need in your home and life. Then try to avoid any devices that unnecessarily connect to the internet. After all, you can always opt for a coffeemaker with a timer instead of one that connects to a mobile app on your phone.
  • If you do decide to buy an IoT device, be sure to find one with the best security features possible.
  • Read all the terms and conditions and privacy policies for any IoT device you intend to purchase. This will help you understand what data the device collects and what it does with the data.
  • When you buy an IoT device, change its default password immediately. This also applies to any IoT devices that you already own. Be sure to use strong passwords and manage them effectively.
  • Always keep the software on IoT devices up to date. Updates often contain essential bug fixes and security patches.
  • If your IoT device supports security software, install it. Don’t forget that your mobile phone and tablet count as IoT devices!
  • Use a reputable Virtual Private Network, such as one recommended by Secure Thoughts.
  • If your IoT device allows it, use encryption technology.
  • Switch off and unplug any IoT devices when you are not using them.
  • If your IoT device uses location data unnecessarily, turn it off if possible.
  • If your IoT device has a camera or monitor that you don’t think it needs, block the lens.

Conclusion
While it would be best if security features were built into the design of IoT devices, that’s not always the case. So it’s crucial that you implement the security ideas discussed above. Hopefully, we’ll start seeing a move toward creating an international standard for all IoT devices in the future.

Have you had any bad experiences with IoT devices? How do you think the technology is progressing? Share your thoughts in the comments section below.


FDA Releases Guidelines For Apps And Wearables For Fitness And Health

The U.S. Food and Drug Administration (FDA) released guidelines about mobile apps and wearable devices for health and fitness (Adobe PDF). The guidelines document stated that it is for clarity for industry and FDA staff, and include "nonbinding recommendations." The federal agency will not regulate mobile apps and wearables that promote general wellness or a healthy lifestyle, and are classified as "low risk." The guidelines do not apply to products (e.g., drugs, biologics, dietary supplements, foods, or cosmetics) regulated by other FDA Centers or to combination products.

The FDA's Center For Devices and Radiological Health (CDRH) defines general wellness products as:

"... products that meet the following two factors: (1) are intended for only general wellness use, as defined in this guidance, and (2) present a low risk to the safety of users and other persons. General wellness products may include exercise equipment, audio recordings, video games, software programs4 and other products that are commonly, though not exclusively, available from retail establishments (including online retailers and distributors that offer software to be directly downloaded), when consistent with the two factors above."

The guidelines provide further definitions:

"A general wellness product, for the purposes of this guidance, has (1) an intended use that relates to maintaining or encouraging a general state of health or a healthy activity, or (2) an intended use that relates the role of healthy lifestyle with helping to reduce the risk or impact of certain chronic diseases or conditions and where it is well understood and accepted that healthy lifestyle choices may play an important role in health outcomes for the disease or condition. If the product’s intended uses are not limited to the above general wellness intended uses, this guidance does not apply."

The guidelines provide a list of general wellness health outcomes: weight management, physical fitness (including recreational uses), relaxation or stress management, mental acuity, self-esteem, sleep management, and sexual function.

Typically, regulation is used to ensure that products actually do what their manufacturers and developers claim to do. The guidelines specified which claims are general wellness (e.g., the FDA will not regulate) and which claims are not (e.g., the FDA will continue to regulate). General wellness claims include claims to:

  1. Promote or maintain a healthy weight, encourage healthy eating, or assist
    with weight loss goals;
  2. Promote relaxation or manage stress;
  3. Increase, improve, or enhance the flow of qi “energy;”
  4. Improve mental acuity, instruction following, concentration, problem solving, multitasking, resource management, decision-making, pattern recognition or eye-hand coordination;
  5. Enhance learning capacity;
  6. Promote physical fitness (e.g., log, track, or trend exercise activity, measure aerobic fitness, develop or improve endurance, strength or coordination;
  7. Promote sleep management (e.g., track sleep trends);
  8. Promote self-esteem
  9. Address a specific body structure or function (e.g., increase or improve muscle size or body tone, enhance or improve sexual performance);
  10. Improve general mobility; and
  11. Enhance participation in recreational activities by monitoring the consequences (e.g., heart rate).

Some claims are categorized as "disease related." The new FDA guidelines list disease-related general wellness claims and how companies should reference those claims in product packaging and advertisements:

"A claim that a product will treat or diagnose obesity; a claim that a product will treat an eating disorder, such as anorexia; a claim that a product helps treat an anxiety disorder; a claim that a computer game will diagnose or treat autism; a claim that a product will treat muscle atrophy or erectile dysfunction; a claim to restore a structure or function impaired due to a disease or condition, e.g., a claim that a prosthetic device enables amputees to walk... disease-related general wellness claims should only be based on references where it is well understood that healthy lifestyle choices may reduce the risk or impact of a chronic disease or medical condition..."

Since the new FDA guidelines apply only to products categorized as "low risk," it is important to understand that definition:

"If the answer to any of the following questions is YES, the product is not low risk and is not covered by this guidance: 1) Is the product invasive? 2) Is the product implanted? 3) Does the product involve an intervention or technology that may pose a risk to the safety of users and other persons if specific regulatory controls are not applied, such as risks from lasers or radiation exposure? In assessing whether a product is low risk for purposes of this guidance, FDA recommends that you also consider whether CDRH actively regulates products of the same type as the product in question. For example, CDRH actively regulates external penile rigidity devices, which are devices intended to create or maintain sufficient penile rigidity for sexual intercourse, under 21 CFR 876.5020 as class II devices exempt from premarket notification with special controls..."

The guidelines listed examples of products that are low risk and those which are not. Products that are not low risk:

"Sunlamp products promoted for tanning purposes, due to risks to a user’s safety from the ultraviolet radiation, including, without limitation, an increased risk of skin cancer.

Implants promoted for improved self-image or enhanced sexual function. Implants pose risks to users such as rupture or adverse reaction to implant materials and risks associated with the implantation procedure.

A laser product that claims to improve confidence in user’s appearance by rejuvenating the skin. Although the claims of rejuvenating the skin and improving confidence in user’s appearance are general wellness claims, laser technology presents risks of skin and eye burns.

A neuro-stimulation product that claims to improve memory, due to the risks to a user’s safety from electrical stimulation.

A product that claims to enhance a user’s athletic performance by providing suggestions based on the results of relative lactic acid testing, when the product uses venipuncture to obtain the blood samples needed for testing. Such a product is not low risk because it is invasive (e.g., obtains blood samples by piercing the skin) and also because the product involves an intervention that may pose a risk to the safety of the user and other persons if specific regulatory controls are not applied (e.g., venipuncture may pose a risk of infection transmission)."

Companies and individuals can submit feedback to the FDA about these guidelines. See the guidelines document for instructions for submitting feedback. Fierce Healthcare reported:

"Epstein Becker Green health attorney Brad Thompson, who had previously commented to FierceHealthIT on the draft guidance, said in an email the final version "strikes the right balance between regulation and innovation... Over the intervening year and a half, I have talked to a lot of developers of wearable technologies and associated mobile apps and have used the draft guidance as a roadmap for how to assess FDA jurisdiction. I have found it to be extremely practical..."

A copy of the guidance document is also available here (Adobe PDF). What guidance or clarity does it provide for consumers? I guess not much regarding low risk apps and wearables. Consumers are on their own, so shop wisely and carefully. Whenever I read a document that describes itself as "nonbinding recommendations," that is worrisome.


Report: Significant Security Risks With Healthcare And Financial Services Mobile Apps

Arxan Technologies logo Arxan Technologies recently released its fifth annual report about the state of application security. This latest report also highlighted some differences between how information technology (I.T.) professionals and consumers view the security of healthcare and financial services mobile apps. Overall, Arxan found critical vulnerabilities:

"84 percent of the US FDA-approved apps tested did not adequately address at least two of the Open Web Application Security Project (OWASP) Mobile Top 10 Risks. Similarly, 80 percent of the apps tested that were formerly approved by the UK National Health Service (NHS) did not adequately address at least two of the OWASP Mobile Top 10 Risks... 95 percent of the FDA-approved apps, and 100 percent of the apps formerly approved by the NHS, lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering... 100 percent of the mobile finance apps tested, which are commonly used for mobile banking and for electronic payments, were shown to be susceptible to code tampering and reverse-engineering..."

Some background about the U.S. Food and Drug Administration (FDA). The FDA revised its guidelines for mobile medical apps in September, 2015. The top of that document clearly stated, "Contains Nonbinding Regulations." The document also explained which apps the FDA regulates (link added):

"Many mobile apps are not medical devices (meaning such mobile apps do not meet the definition of a device under section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act)), and FDA does not regulate them. Some mobile apps may meet the definition of a medical device but because they pose a lower risk to the public, FDA intends to exercise enforcement discretion over these devices (meaning it will not enforce requirements under the FD&C Act). The majority of mobile apps on the market at this time fit into these two categories. Consistent with the FDA’s existing oversight approach that considers functionality rather than platform, the FDA intends to apply its regulatory oversight to only those mobile apps that are medical devices and whose functionality could pose a risk to a patient’s safety if the mobile app were to not function as intended. This subset of mobile apps the FDA refers to as mobile medical apps."

The Arxan report found that consumers are concerned about app mobile security:

80 percent of mobile app users would change providers if they knew the apps they were using were not secure. 82 percent would change providers if they knew alternative apps offered by similar service providers were more secure."

Arxan commissioned a a third party which surveyed 1,083 persons in the United States, United Kingdom, Germany, and Japan during November, 2015. 268 survey participants were I.T. professionals and 815 participants were consumers. Also, Arxan hired Mi3 to test mobile apps during October and November, 2015. Those tests included 126 health and financial mobile apps covering both the Apple iOS and Android platforms, 19 mobile health apps approved by the FDA, and 15 mobile health apps approved3 by the UK NHS.

One difference in app security perceptions between the two groups: 82 percent of I.T. professionals believe "everything is being done to protect my apps" while only 57 percent of consumers hold that belief. To maintain privacy and protect sensitive personal information, Arxan advises consumers to:

  1. Buy apps only from reputable app stores,
  2. Don't "jail break" your mobile devices, and
  3. Demand that app developers disclose upfront the security methods and features in their apps.

The infographic below presents more results from the consolidated report. Three reports by Arxan Technologies are available: consolidated, healthcare, and financial services.

Arxan Technologies. 5th Annual State of App Security infographic
Infographic reprinted with permission.


iFit Data Breach Exposes The Sensitive Information of More Than Half A Million Users

Plenty of stationary, mobile, and wearable devices -- including their apps -- collect and store consumers' sensitive personal data, including health information. The Data Breaches blog reported a breach involving the popular mobile fitness app, iFit, affecting as many as 576,274 users. A researcher discovered the breach on December 10.

The iFit app includes customize-able workouts designed by fitness trainers. It is incorporated into wristbands, smart watches, and stationary exercise equipment such as NordicTrack. The stationary equipment includes treadmills, elliptical machines, stength-training machines, and exercise bikes used in homes and gyms. iFit also operates a wellness program with corporate partners for their employees.

The iFit Privacy policy provides a clear indication of the massive amount of data collected, archived, and reportedly exposed or stolen during this breach:

"... two types of information from users of our Site: "Personally Identifiable Information" which is information that can be used to locate you,contact you, or determine your specific identity (such as name, e-mail address, mailing address, phone number, user name, credit card information, etc.) and "Aggregate Information" which is information about your activities on the Site or in connection with the services that cannot be used to identify, locate, or contact you (such as frequency of visits to the Site, data entered when using the Site, gender, age, weight, height, food intake, activity level, interests, workout history and results, exercise equipment, Site pages most frequently accessed, browser type, links a User clicks, IP address, and other similar information)... When you register for an account (free or paid), we collect your name, a user name, a password, date of birth, current weight, target weight, height, gender, measurement system, activity level, fitness goal, intensity level, and the retail location where you purchased your iFit® equipment. When you use a credit card to pay for any of our services or products, we ask for your name, address, credit card and credit card-related information."

Besides archiving customers exercise types, date, time, geo-location, and exercise duration the app foten calculates calories burned. All of this data would be immensely valuable to insurance firms, health care organizations, and others. The data elements exposed or stolen open the breach victims to financial fraud, medical fraud, stalking, and spam.

For consumers the either want to keep their exercise activity private or expect fitness app developers to secure and protect sensitive information like health care organizations, the data breach presents a very troubling event. It is unclear if breach victims are limited to only the United States.

ICON Health and Fitness makes a lot of the exercise bikes, ellipticals, and strength-training equipment that use the iFit app.

At press time, a check of the iFit site and blog did not find any announcements of the breach. What are your opinions of the breach? Of the data collected? Of the company's post-breach response so far?


Update: FTC Complaint Against Weight-Loss Marketer For Allegedly Using "Gag Clauses"

Roca Labs Inc. logo After the U.S. Federal Trade Commission (FTC) filed a complaint against it for allegedly using gag clauses to silence negative online reviews by customers, Roca Labs, the weight-loss marketer, has responded. MediaPost's Daily Online Examiner reported:

"The company, which sells weight-loss products, argues in court papers filed earlier this month that the FTC lacks the power "to dictate the terms of private contracts between private parties." The company adds: "The FTC’s intention to ban all manner of anti disparagement clauses is overkill and appears to be a knee-jerk reaction to a particular practice of Roca Labs. ...The regulation of public comment through on-line reviews is a complicated and multi-faceted problem that must balance the rights of consumers and businesses in the ever-changing landscape of internet commerce." Roca filed its papers in response to the FTC's request for an injunction..."

Last Thursday, U.S. District Court Judge Mary Scriven in Florida issued an order granting the FTC's preliminary injunction to stop Roca labs from silencing customers' online reviews. Yelp and other review sites sided with the FTC in a friend-of-court brief.Some reviewers posted information about the FTC complaint on the Roca Labs page within the Yelp site.

For review sites to be trustworthy, they must include positive, negative, and neutral reviews of products and services. What are your opinions of gag clauses?


FTC Sues Weight-Loss Marketer For Alleged Use Of "Gag Clauses," Threats, And Lawsuits To Prevent Negative Reviews By Customers

Roca Labs Inc. logo The U.S. Federal Trade Commission (FTC) filed a complaint in Federal court against a weight-loss marketer alleging:

"...  that Roca Labs, Inc.; Roca Labs Nutraceutical USA, Inc.; and their principals have sued and threatened to sue consumers who shared their negative experiences online or complained to the Better Business Bureau, stating that the consumers violated the non-disparagement provisions of the “Terms and Conditions” they supposedly agreed to when they bought the products. The FTC alleges that these gag clause provisions, and the defendants’ related warnings, threats, and lawsuits, harm consumers by unfairly barring purchasers from sharing truthful, negative comments about the defendants and their products."

Roca labs Inc. is based in Sarasota, Florida. The complaint named both Don Juravin, President of Roca Labs Nutraceutical USA (RLNU) and owner of Roca Labs Inc. (RLI), and George C. Whiting, President, Secretary, treasurer, and Director at RLI, as a co-defendants. The websites operated by the defendants include RocaLabs.com, Mini-Gastric-Bypass.me, and GastricBypassNoSurgery.com.

I was curious what an alleged "gag clause" contains. The complaint listed one:

"You agree that regardless of your personal experience with RL, you will not disparage RL and/or any of its employees, products or services. This means that you will not speak, publish, cause to be published, print, review, blog, or otherwise write negatively about RL, or its products or employees in any way. This encompasses all forms of media, including and especially the internet. This paragraph is to protect RL and its current and future customers from the harm of libelous or slanderous content in any form, and thus, your acceptance of the [Terms] prohibits you from taking any action that negatively impacts RL, its reputation, products, services, management, or employees. We make it clear that RL and its Regimen may not be for everyone, and in that regard, the foregoing clause is meant to prevent “one person from ruining it for everyone.” Should any customer violate this provision, as determined by RL in its sole discretion, you will be provided with seventy-two (72) hours to retract the content in question. If the content remains, RL would be obliged to seek all legal remedies to protect its name, products, current customers, and future customers.

If you breach this Agreement, as determined by RL in its sole discretion, all discounts will be waived and you agree to pay the full price for your product. In addition, we retain all legal rights and remedies against the breaching customer for breach of contract and any other appropriate causes of action."

Wow! This is a stark reminder for consumers to read the terms and conditions policy at websites before purchasing online. And, it's always good to be aware of companies that allegedly uses monetary threats, lawsuits, and "gag clauses" to squash consumers from using their First Amendment rights. Some physicians have tried to squash patients' rights with a "mutual agreement to maintain privacy" document.

Download the complaint (Adobe PDF): FTC v. Roca Labs Inc. et. al.


Medical Informatics Engineering, Concentra, Employers, Data Sharing, And Privacy

Medical Informatics Engineering logo After receiving the breach notice from Medical Informatics Engineering (MIE) via postal mail, my wife and I wondered how MIE acquired her information. MIE's breach notice mentioned Concentra, a healthcare company we haven't and don't do business with. Today's blog post describes what we learned during our search for answers, and how consumers aren't in control of our sensitive personal information.

Background

The breach was massive. The Journal Gazette reported 3.1 million breach notices sent to affected consumers nationwide. The U.S. Department of Health & Human Services listed 3.9 million consumers affected.  Readers of this blog have reported breach notices received via postal mail in Alabama, California, Colorado, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Maryland, Massachusetts, New Hampshire, Tennessee, Texas, and the District of Columbia. Concentra was one of many health care providers involved.

During our search for answers, my wife contacted her employer and a local clinic. Neither does business with No More Clipboard (MIE's cloud-based service) or with Concentra. On her behalf I contacted Concentra's nearest office in Wilmington, Massachusetts. The office's administrative person searched for information about my wife in Concentra's database. No record. The administrator referred me to regional human resources representative, who confirmed the breach and suggested that Concentra may have obtained my wife's information from data-sharing during a sales pitch with employers. We continued to look for firmer answers.

Select Medical logo The HR representative referred me to Edwin Bodensiek, the Vice President of Public Relations at Select Medical, the corporation that acquired Concentra in May, 2015. Select Medical's First Quarter 2015 10-Q Filing (Adobe PDF) explained:

"[Select Medical Holdings] announced on March 23, 2015 that MJ Acquisition Corporation, a joint venture that the Company has created with Welsh, Carson, Anderson & Stowe XII, L.P. (“WCAS”), has entered into a stock purchase agreement, dated as of March 22, 2015 (the “Purchase Agreement”), as buyer with Concentra Inc. (“Concentra”) and Humana Inc. (“Humana”) to acquire all of the issued and outstanding equity securities of Concentra from Humana. Concentra, a subsidiary of Humana, is a national health care company that delivers a wide range of medical services to employers and patients, including urgent care, occupational medicine, physical therapy, primary care, and wellness programs... For all of the outstanding stock of Concentra, MJ Acquisition Corporation has agreed to pay a purchase price of $1.055 billion..."

Humana had acquired Concentra in 2010. Now, Concentra is part of Select Medical. i contacted Mr. Bodensiek asking when, why, and how Concentra obtained my wife's sensitive personal information. My wife and I weren't sure we'd get any answers, and if so how long it would take.

What We Learned

After about a month, Mr. Bodensiek called with some answers. My wife had taken a temporary part-time job in February 2014 and that second employer used the Humana Wellness (e.g., Concentra) health care services. Mr. Bodensiek explained that the second employer sent an "eligibility file" to Concentra with data about its employees that were eligible for the employer-sponsored health care plan. That's when my wife's name, address, phone, and Social Security Number were transmitted to Concentra; and then to MIE, the electronic medical records vendor for Humana Wellness. Mr. Bodensiek described this as standard business practice.

My wife and I have health care coverage elsewhere, so she never had any intentions nor did not register for health care through this second employer. My wife's situation is not unique since five percent of the U.S. workforce works two or more jobs. (Vermont, South Dakota, Nebraska, Kansas, and Maine lead the nation with people working two or more jobs.) It's great that this second employer offered health care to its employees, but not so great that employees' sensitive information was shared regardless of whether or not the employees expressed an interest in coverage.

I'd like to publicly thank Mr. Bodensiek for his hard work and diligence. He didn't have to help, but he did. It gave us a good first impression of Select Medical. Hopefully, other breach victims have had success getting answers.

Implications And Consequences

Our experience highlights a business practice consumers should know: your employer may share your information with their health care provider whether you subscribe or not, and maybe without your knowledge. Maybe this sharing was for employees' convenience (e.g., faster, easier sign-up for health care), or for the employer's convenience (e.g., minimize processing effort and expense) by sending one, massive eligibility file. Regardless, the business practice has implications and consequences.

First, when an employer's administrative process sends to their health care vendor data about all employees (without an opt-out mechanism), then more data is shared than otherwise, and the process is arguably less private. Why? The health care provider receives and archives information about both subscribers and non-subscribers; patients and non-patients. A process based upon opt-in would be better and more private, since the data shared includes employees who want to sign up for their employer's health care plan. Simply, fewer employee records with sensitive data (e.g., name, address, phone, Social Security Number) are shared, and less data for the health care provider to archive and protect (and further share with a cloud vendor).

Regarding the MIE breach, eligibility-file-sourced data about my wife was archived by MIE. That means MIE archived eligibility-file data about many other employees. So, MIE's database includes data about health-care subscribers and non-subscribers; patients and non-patients. When data breaches happen, the stolen archived data about non-subscribers opens those non-subscribers to identity theft and fraud risks. How long will this data about non-subscribers be archived? When will data about non-subscribers be deleted? Select Media didn't say. I can only assume the archiving will continue as long as they decide, either solely or in combination with their employer clients.

Second, costs matter. The more data shared, the more records the health care provider and electronic records vendor must archive and protect. When data breaches happen, more data is lost and data breach costs (e.g., investigation, breach notification, identity protection services) are greater. A 2015 study by IBM found that the average total cost of a data breach was $3.8 million, up 23 percent from 2013. Given this high cost, you'd think that employers and health care providers would work together to minimize data sharing. Probably not as long as consumers bear the risks.

Third, if my wife had signed up for health care services with Concentra, then much more sensitive information would have been stolen in the MIE breach. One may argue who is to blame for the data security failure (e.g., breach), but at the end of the day: the employer hired Concentra, and Concentra hired MIE. There is enough blame to go around.

Fourth, the MIE breach highlights some of the places employees' sensitive information can be shared without their knowledge (or consent). If the MIE breach hadn't happened, would employees know their medical records were stored in the cloud? Would employees know about the eligibility-file sharing? One wonders. Employees deserve to know upfront.

Your sensitive personal information also moves when companies (e.g., health care providers, employers, cloud vendors) buy, sell, and merge with other companies. that includes your medical records. Since eligibility-file sourced data is archived, you don't have to be a health care plan subscriber or patient.

Fifth, for information to be private there must be control. The eligibility-file sharing suggests that employers have the control and not employees. Consumers like my wife have been taken steps to protect themselves and their sensitive information by locking down their credit reports with Security Freezes. That data protection is largely undone by eligibility-file sharing with health care providers. Not good.

Consumers need a comparable mechanism to lock down their medical records and prevent eligibility-file sharing. Without a mechanism, then consumers have no control over both their medical and personal information. Without control, consumers lack privacy. You lack privacy.

It will be interesting to watch how Select Medical manages its new acquisition. The Select Medical website lists these core values:

"We deliver superior quality in all that we do. At Select Medical, we set high standards of performance for ourselves and for others. We provide superior services to our patients. We continually strive to uphold and improve our reputation for excellence.

We treat others as they would like to be treated. At Select Medical, we treat each other with respect and promote a positive environment where people feel valued. We are honest and open in our relationships and straightforward in our communications.

We are results-oriented and achieve our objectives. At Select Medical, we are focused and decisive in achieving our objectives and helping others achieve theirs. We accept responsibility for our decisions and actions. We are accountable for using our time, talents and resources effectively."

My wife and I know how we want to be treated. We wanted to be treated with respect. We know how we want our sensitive personal and health information treated:

  • Don't collect it unless we're patients,
  • Don't archive it unless we're patients,
  • Don't share it without notice and consent. Consent must be explicit, specific, for a stated duration, and for specific purposes,
  • Don't collect and archive it if you can't protect it,
  • Be transparent. Provide clear, honest answers about breach investigations and data-sharing practices,
  • Don't try to trick us with promises of convenience,
  • Hold your outsourcing vendors to the same standards,
  • Don't make consumers assume the risk. You benefited from data sharing, so you pay the costs, and
  • Two years of credit monitoring is insufficient since the risk is far longer.

What are your opinions? Does the data sharing by employers bother you?


Class-Action Lawsuits Filed Against Medical Informatics Engineering And Experian

Medical Informatics Engineering logo One result of the Medical Informatics Engineering (MIE) data breach has been a class-action lawsuit filed against MIE. The Journal Gazette reported on July 31:

"James Young, a patient whose medical information was compromised, filed the paperwork Wednesday in U.S. District Court in Fort Wayne. The Indianapolis man is seeking to create a class action, which would allow others who had personal information stolen in the data breach to join the lawsuit... Young alleges that MIE failed "to take adequate and reasonable measures to ensure its data systems were protected," failed to stop the breach and failed to notify customers ina timely manner."

In a Sunday, August 2 article, the Fort Wayne, Indiana-based Journal Gazette described the wide range of companies that access consumers' medical records:

"A lot more people than you realize, including your employer, your bank, state and federal agencies, insurance companies, drug companies, marketers, medical transcribers and the public, if your health records are subpoenaed as part of a court case. All those entities can access your records without getting special permission from you, according to Patient Privacy Rights."

Austin, Texas-based Patient Privacy Rights is an education, privacy, and advocacy organization dedicated to helping consumers regain control over their personal health information.

The Journal Gazette news article was the first report I've read disclosing the total number of breach victims. Reportedly, MIE sent 3.1 million breach notices to affected consumers nationwide. Help Net Security reported a total of nearly 5.5 million consumers in the U.S. affected. That includes 1.5 million consumers affected in Indiana, and 3.9 million consumers in other states. Compromised or stolen data goes as far back as 1997. Reportedly, the Indiana Attorney General's office has begun an investigation.

The Journal Gazette news article also discussed some of the ways stolen medical information can be misused:

"An unethical provider could bill an insurance company or the federal government for health care that it never gave you. Any amount not covered would then be billed directly to you, which could affect your credit score... Then there’s the issue of using sensitive medical information for marketing – or even for blackmail. Let’s say someone was treated for AIDS, hepatitis C or a sexually transmitted disease. A company selling prescription drugs or other products might like to target that patient for advertising. But sending brochures or coupons in the mail could tip off others about the condition. Someone with those or similar medical conditions could face discrimination in hiring..."

Experian logoIn a separate case, a class-action was filed against the credit reporting service Experian. The Krebs On Security blog reported on July 21:

"The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves... The lawsuit comes just days after a judge in New Hampshire handed down a 13-year jail sentence against Hieu Minh Ngo, a 25-year-old Vietnamese man who ran an ID theft service variously named Superget.info and findget.me. Ngo admitted hacking into or otherwise illegally gaining access to databases belonging to some of the world’s largest data brokers, including a Court Ventures— a company that Experian acquired in 2012. He got access to some 200 million consumer records by posing as a private investigator based in the United States... The class action lawsuit, filed July 17, 2015 in the U.S. District Court for the Central District of California, seeks statutory damages for Experian’s alleged violations of, among other statutes, the Fair Credit Reporting Act (FCRA)..."

I included information about both class-actions in a single blog post since both companies are of interest to consumers affected by MIE's data breach. MIE has offered breach victims two years of free credit monitoring services from Experian.


Medical Informatics Engineering Breach Highlights Breach Notice, Privacy, And Cloud-Storage Issues

Medical Informatics Engineering logo In early June,  Medical Informatics Engineering (MIE) announced a data breach where unauthorized persons accessed its systems. The breach at MIE, an electronic health records vendor used by many health providers, exposed the sensitive Protected Health Information (PHI) of an undisclosed number of patients in several states. MIE began to notify during June its corporate clients. MIE began notifying affected patients on July 17.

The July 24, 2015 MIE press release about the breach

"FORT WAYNE, Ind.--(BUSINESS WIRE--On behalf of itself, its NoMoreClipboard subsidiary and its affected clients, Medical Informatics Engineering is writing to provide updated notice of a data security compromise that has affected the security of some personal and protected health information relating to certain clients and individuals who have used a Medical Informatics Engineering electronic health record or a NoMoreClipboard personal health record or patient portal. We emphasize that the patients of only certain clients of Medical Informatics Engineering and NoMoreClipboard were affected by this compromise and those clients have all been notified."

No More Clipboard logo NoMoreClipboard.com (NMC) is a cloud-based service by MIE for storing patients' health records, and making the records easily accessible by a variety of devices: desktops, laptop,s tablets, and smart phones. The service is sold to doctors, hospitals, and related professionals.

According to its breach FAQ page, MIE's client list includes:

  • Concentra,
  • Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center (including Neurology, Physical Medicine and Neurosurgery),
  • Franciscan St. Francis Health Indianapolis,
  • Gynecology Center, Inc. Fort Wayne,
  • Rochester Medical Group,
  • RediMed,and Fort Wayne Radiology Association, LLC (including d/b/a Nuvena Vein Center and Dexa Diagnostics, Open View MRI, LLC, Breast Diagnostic Center, LLC, P.E.T. Imaging Services, LLC, MRI Center — Fort Wayne Radiology, Inc. f/k/a Advanced Imaging Systems, Inc.)

NoMoreClipboard.com's client list includes many clinics, hospitals, physicians, specialists, attorneys, schools, and more (links added):

NoMoreClipboard.com Clients Affected By Data Breach
Advanced Cardiac Care
Advanced Foot Specialists
All About Childrens Pediatric Partners, PC
Allen County Dept of Health
Allied Physicians, Inc. d/b/a Fort Wayne Neurological Center
Altagracia Medical Center
Anderson Family Medicine
Arkansas Otolaryngology, P.A.
Auburn Cardiology Associates
Basedow Family Clinic Inc.
Bastrop Medical Clinic
Batish Family Medicine
Beaver Medical
Boston Podiatry Services PC
Brian Griner M.D.
Brightstarts Pediatrics
Burnsville Medical Center
Capital Rehabilitation
Cardiovascular Consultants of Kansas
Carl Gustafson OD
Carolina Gastroenterology
Carolina Kidney & Hypertension Center
Carolinas Psychiatric Associates
Center for Advanced Spinal Surgery
Chang Neurosurgery & Spine Care
Cheyenne County Hospital
Children's Clinic of Owasso, P.C.
Clara A. Lennox MD
Claude E. Younes M.D., Inc.
CMMC
Coalville Health Center
Cornerstone Medical and Wellness, LLC
Cumberland Heart
David A. Wassil, D.O.
David M Mayer MD
Dr. Alicia Guice
Dr. Anne Hughes
Dr. Buchele
Dr. Clark
Dr. Harvey
Dr. John Labban
Dr. John Suen
Dr. Puleo
Dr. Rajesh Rana
Dr. Rustagi
Dr. Schermerhorn
Dr. Shah
Ear, Nose & Throat Associates, P.C.
East Carolina Medical Associates
Eastern Washington Dermatology Associates
Ellinwood District Hospital
Family Care Chiropractic Center
Family Practice Associates of Macomb
Family Practice of Macomb
Floyd Trillis Jr., M.D.
Fredonia Regional Hospital
Fremont Family Medicine
Generations Primary Care
Grace Community Health Center, Inc.
Grisell Memorial Hospital
Harding Pediatrics LLP
Harlan County Health System
Health Access Program
Heart Institute of Venice
Henderson Minor Outpatient Medicine
Henry County Hospital myhealth portal
Highgate Clinic
Hobart Family Medical Clinic
Howard Stierwalt, M.D.
Howard University Hospital
Hudson Essex Nephrology
Huntington Medical Associates
Huntington Medical Group
Hutchinson Regional Medical Center
Idaho Sports Medicine Institute
In Step Foot & Ankle Specialists
Independence Rehabilitation Inc
Indiana Endocrine Specialists
Indiana Internal Medicine Consultants
Indiana Ohio Heart Indiana Surgical Specialists
Indiana University
Indiana University Health Center
Indianapolis Gastroenterology and Hepatology
Internal Medicine Associates
IU — Northwest
Jackson Neurolosurgery Clinic
James E. Hunt, MD
Jasmine K. Leong MD
Jewell County Hospital
John Hiestand, M.D.
Jonathan F. Diller, M.D.
Jubilee Community Health
Kardous Primary Care
Keith A. Harvey, M.D.
Kenneth Cesa DPM
Kings Clinic and Urgent Care
Kiowa County Memorial Hospital
Kristin Egan MD
Lakeshore Family Practice
Lane County Hospital
Logan County Hospital
Margaret Mary Health
Masonboro Urgent Care
McDonough Medical Group Psychiatry
Medical Care, Inc.
Medical Center of East Houston
Medicine Lodge Memorial Hospital
MedPartners
MHP Cardiology
Michael Mann, MD, PC
Michelle Barnes Marshall, P.C.
Michiana Gastroenterology, Inc.
Minneola District Hospital
Mora Surgical Clinic
Moundridge Mercy Hospital Inc
myhealthnow
Nancy L. Carteron M.D.
Naples Heart Rhythm Specialists
Nate Delisi DO
Neighborhood Health Clinic
Neosho Memorial Regional Medical Center
Neuro Spine Pain Surgery Center
Norman G. McKoy, M.D. & Ass., P.A.
North Corridor Internal Medicine
Nova Pain Management
Novapex Franklin
Oakland Family Practice
Oakland Medical Group
Ohio Physical Medicine & Rehabilitation Inc.
On Track For Life
Ottawa County Health Center
Pareshchandra C. Patel MD
Parkview Health System, Inc. d/b/a Family Practice Associates of Huntington
Parkview Health System, Inc. d/b/a Fort Wayne Cardiology
Parrott Medical Clinic
Partners In Family Care
Personalized Health Care Of Tucson
Phillips County Hospital
Physical Medicine Consultants
Physicians of North Worchester County
Precision Weight Loss Center
Primary & Alternative Medical Center
Prince George's County Health Dept.
Rebecca J. Kurth M.D.
Relief Center Republic County Hospital
Ricardo S. Lemos MD
Richard A. Stone M.D.
Richard Ganz MD
River Primary Care
Rolando P. Oro MD, PA
Ronald Chochinov
Sabetha Community Hospital
Santa Cruz Pulmonary Medical Group
Santone Chiropractic
Sarasota Cardiovascular Group
Sarasota Center for Family Health Wellness
Sarasota Heart Center
Satanta District Hospital
Saul & Cutarelli MD's Inc.
Shaver Medical Clinic, P. A.
Skiatook Osteopathic Clinic Inc.
Sleep Centers of Fort Wayne
Smith County Hospital
Smith Family Chiropractic
Somers Eye Center
South Forsyth Family Medicine & Pediatrics
Southeast Rehabilitation Associates PC
Southgate Radiology
Southwest Internal Medicine & Pain Management
Southwest Orthopaedic Surgery Specialists, PLC
Stafford County Hospital
Stephen Helvie MD
Stephen T. Child MD
Susan A. Kubica MD
Texas Childrens Hospital
The Children's Health Place
The Heart & Vascular Specialists
The Heart and Vascular Center of Sarasota
The Imaging Center
The Johnson Center for Pelvic Health
The Medical Foundation, My Lab Results Portal
Thompson Family Chiropractic
Trego County Hospital
Union Square Dermatology
Volunteers in Medicine
Wells Chiropractic Clinic
Wichita County Health Center
William Klope MD
Wyoming Total Health Record Patient Portal
Yovanni Tineo M.D.
Zack Hall M.D.

The MIE press release included few details about exactly how hackers accessed its systems:

"On May 26, 2015, we discovered suspicious activity in one of our servers. We immediately began an investigation to identify and remediate any identified security vulnerability. Our first priority was to safeguard the security of personal and protected health information, and we have been working with a team of third-party experts to investigate the attack and enhance data security and protection. This investigation is ongoing. On May 26, 2015, we also reported this incident to law enforcement including the FBI Cyber Squad. Law enforcement is actively investigating this matter, and we are cooperating fully with law enforcement’s investigation. The investigation indicates this is a sophisticated cyber attack. Our forensic investigation indicates the unauthorized access to our network began on May 7, 2015. Our monitoring systems helped us detect this unauthorized access, and we were able to shut down the attackers as they attempted to access client data."

The breach highlights the need for greater transparency by both health care providers and the outsourcing vendors they hire. The breach also highlights the fact that medical records are stored and accessible via cloud-based services. Did you know that? I didn't before. And, this raises the question: is storage of PHI in the cloud the best and safest way?

The breach notices from MIE to consumers may create confusion, since patients don't do business directly with MIE and probably won't recognize its name. My wife received a breach notice on Friday and did not recognize MIE by name. I hadn't heard of MIE, either, so I did some online research. During June, MIE notified both the California Attorney General's office (Aobe PDF) and the New Hampshire Attorney General's office (Adobe PDF) of residents in each state affected by the data breach. MIE is represented by the law firm of Lewis, Brisbois, Bisgaard and Smith LLP (LBBS). LBBS has offices in 35 states and the District of Columbia.

MIE probably notified several other states, but many states, including the Massachusetts Attorney General's office, do not post online breach notices they receive. (They should, since it helps consumers verify breach notices.) HIPAA federal law requires certain entities to send breach notices to affected patients for breaches of unprotected data affecting more than 500 patients. At press time, a check of the Health & Human Services site did not find an MIE breach listing. When posted, it should reveal the total number of patients affected by the breach.

The breach notice my wife received was dated July 17, 2015. It repeated information already available online and offered few, new details. It began:

"My name is Eric Jones and I am co-founder and COO of Medical Informatics Engineering, a company that provides electronic medical record services to certain health care provider clients, including Concentra. On behalf of Medical Informatics Engineering, I am writing to notify you that a data security compromise occurred at medical Informatics Engineering that has affected the security of some of your personal  and protected health information. This letter contains details about the incident and our response..."

My wife didn't recognize either Concentra nor No More Clipboard by name. The notice she received listed the following patients' information as exposed or stolen:

"While investigations into this incident are ongoing, we determined the security of some personal and protected health information contained on Medical Informatics Engineering's network has been affected. The affected information: SSN, Address, Phone, Birth Date"

This seemed vague. Which address: e-mail or residential street address? Which phone: mobile, land-line, or both? Were Social Security Numbers stored in open or encrypted format? And, if not encrypted, why not? The breach notice didn't say much.

Then, there is this: the breach letter my wife received included far fewer information elements than the July 24, 2015 press release:

"The affected data relating to individuals affiliated with affected Medical Informatics Engineering clients may include an individual’s name, telephone number, mailing address, username, hashed password, security question and answer, spousal information (name and potentially date of birth), email address, date of birth, Social Security number, lab results, health insurance policy information, diagnosis, disability code, doctor’s name, medical conditions, and child’s name and birth statistics. The affected data relating to individuals who used a NoMoreClipboard portal/personal health record may include an individuals’ name, home address, Social Security number, username, hashed password, spousal information (name and potentially date of birth), security question and answer, email address, date of birth, health information, and health insurance policy information."

This raised the question: which MIE document is correct? The breach notice, the press release, or neither? The notice seemed to raise more questions than it answered, so Monday morning we called the MIE hotline listed in its breach notice. After waiting 50 minutes on hold, a representative finally answered. The phone representative identified herself and her employer, Epic Systems based in Oregon. So, MIE outsourced the hotline support portion of its post-breach response.

I asked the representative to explain exactly how MIE acquired my wife's medical records. She looked up my wife's record in their system and replied that MIE had acquired it through business with Concentra. This was puzzling since neither my wife nor I have done business with Concentra. So, I was on the phone with one subcontractor who was pointing the finger at another subcontractor. Lovely. And, nobody on the phone actually from MIE. Disappointing.

Next, I called the nearest Concentra office, which is 17 miles away in Wilmington, Massachusetts. (We live in Boston.) The person in the billing department was helpful. (She admitted that she, too, had received a breach notice from MIE.) The representative attempted to find my wife's information in Concentra's systems. As my wife and I thought: no record. We have not done any business with Concentra. Confirmed.

The Wilmington-office representative's first answer was to give me the MIE breach hotline number. I explained that I had already called the MIE hotline. Then, the representative provided a regional contact in Concentra's human resources department. I have called Tyree Wallace twice, but so far no response. Not good.

What to make of this situation? One vendor's system has errors, but I can't yet tell which: MIE or Concentra. Maybe that's a result of the hack. May be not. The whole situation reminds me of the robo-signing and residential mortgage-back securities scandals by banks, where shortcuts were taken without proper documentation and items repackaged, sold, and resold without disclosures -- nobody knew exactly what was what. An epic mess. Could a similar epic mess happened with electronic medical records? I hope not.

I reviewed the breach notice again, bu this time focused upon MIE's offer of two years of free credit monitoring services with the Experian ProtectMyID Elite service. The ProtectMyID website lists the following features:

"Credit Monitoring: You may review your credit card statements every month for purchases you didn't make. But, every day, we check your credit report for other types of fraud that are much more dangerous. We watch for 50 leading indicators of identity theft. Each one, from a new loan to medical collections, poses a unique threat to your identity that we'll help you address."

"Internet Scan: ProtectMyID continually monitors a vast number of online sources where compromised credit and debit card numbers, Social Security numbers and other personal data is found, traded or sold, helping reduce your potential exposure to identity theft."

"National Change of Address Monitoring: Your bills and monthly statements can feed criminals important account and personal information. An identity thief may steal a single piece of your mail or all of it with a fraudulent change of address request at the post office. Every day, we look for the red flags. We monitor address changes at the national and credit report levels and help you resolve any issues."

Is this a good deal? Each affected patient can decide for their self, since you know your needs best. Plus, patients' needs vary. The Internet scan and address monitoring features sound nice, but only you can determine if you need those protections. While two years of free credit monitoring is better than one year, I couldn't find an explicit statement in the site where ProtectMyID monitors credit reports at all three credit reporting agencies (e.g., Experian, Equifax, TransUnion), or only one. Monitoring only one doesn't seem like effective coverage. In 8+ years of blogging, I've learned that criminals are smart and persistent. Monitor only one branded credit report (e.g., Experians), and criminals will approach lenders who use other branded credit reports, in order to take out fraudulent loans.

So, what to make of this breach? I see several issues:

  1. Transparency matters: the MIE breach and its post-breach response highlight the importance of transparency. Health care providers and outsourced vendors should make it easy for patients to determine who has their electronic health records and why. Breach notices should clearly state both the EHR vendor's name and the health care provider each patient specifically used. Don't use vague, confusing language MIE used. (See above.) Be specific and clear in breach notices. Something like this would be better: "We acquired your electronic health records during [year] from Concentra. It was acquired for [insert reasons]."
  2. Update online policies: health care provider's websites should identify the EHR vendors by name in their policies (e.g., terms of use, privacy). EHR vendor sites should identify their clients. Why? When breaches happen, patients need to quickly and easily verify the vendor's breach notice received. When policies don't mention vendors by name, verification is harder.
  3. Effective credit monitoring: ideally, provide a free service that monitors credit reports at all three major credit reporting agencies (e.g., Equifax, Experian, and TransUnion), not one.
  4. Cloud-based EHR services: is this the best, safest way to store PHI? Cloud storage offers speed, flexibility, and storage benefits. But what about security? Can PHI be effectively secured and protected in the cloud? If you want to learn more, read this 2013 report by the Center for Democracy & technology about HIPAA compliance and cloud storage (Adobe PDF). The MIE breach highlights the risk. Time will tell if experts were correct. Time will tell if cloud-storage vendors can adequately protect electronic health records (EHR).

In my opinion: an epic fail is brewing. It seems that MIE has done, so far, the minimum with its post breach response. The efforts seem focused upon avoiding liability instead of helping affected patients. So far, MIE has failed to provide a satisfactory answer about when, how, and why it acquired my wife's electronic medical records. I look forward to more disclosures by MIE about exactly how hackers breached its system, and what it will do so this doesn't happen again.

During the next day or so, my wife and I will file a HIPAA complaint. I encourage other patients in similar situations to file complaints, too.

Did you receive a breach notice from MIE? What are your opinions of the MIE data breach and the company's response? Of the free ProtectMyID credit monitoring arranged by MIE? If you have used Concentra, what are your opinions of it?


Less Competition. Consumers Pay More And Get Less

Business leaders and economists like to promote the idea of a free marketplace, where there is plenty of competition and consumers get more benefits, such as lower prices and more choice. So, are consumers getting a good deal? The facts suggest not.

On Monday, April 27, former U.S. Labor Secretary and professor Robert Reich posted the following:

"We’re paying more and getting less because giant companies face less and less competition. For example:

1. U.S. airlines have consolidated into a handful of giant carriers that divide up routes and collude on fares. In 2005 the U.S. had nine major airlines. Now we have just four.

2. 80% of Americans are served by just one Internet Service Provider – usually Comcast, AT&T, or Time-Warner.

3. The biggest banks have become far bigger. In 1990, the five biggest held just 10% of all banking assets. Now the biggest five hold almost 45%.

4. Monsanto owns the key genetic traits in more than 90% of the soybeans and 80% of the corn planted by U.S. farmers.

5. Giant health insurers are larger; the giant hospital chains, far bigger; the most powerful digital platforms (Amazon, Facebook, Google), gigantic.

Whatever happened to antitrust enforcement?"

There are more examples. Here in the Northeast, EverSource, a publicly-traded utility holding company, provides residential energy services in Connecticut, Massachusetts, and New Hampshire. EverSource was created when Northeast Utilities merged with NSTAR Electric & Gas. Northeast Utilities included Connecticut Light & Power, Public Service of New Hampshire, Western Massachusetts Electric, and Yankee Gas. Earlier this year, electricity rates in Boston rose from 29 percent higher to 63 percent higher in February than the national average.

What are your opinions? What consolidation examples come to mind? Are we consumers getting a good deal, or are we getting screwed?