Take Note – New Health Reform Changes Coming in 2013

Given the results of the recent national election, the Patient Protection and Affordable Care Act (PPACA) – also known as “Obamacare” or the “healthcare reform law” – is here to stay. As insurance professionals, it’s our job to understand how the PPACA will affect our clients and help them navigate the new regulations.

Many of the biggest changes mandated by the Act, including tax credits to help people buy coverage, won’t be fully implemented until 2014. Until then, here’s an overview of the changes the PPACA will bring in 2013, and why next fall’s open enrollment season will be so significant.

Plan Summaries

One change that many consumers will welcome – and that should be helpful to you in educating your clients – are clear, easy-to-comprehend summaries of what a plan does and doesn’t cover, making it much easier to do side-by-side comparisons of competing plans. Carriers are also supposed to provide “jargon guides” that give plain-English definitions of terms such as “copayment,” “coinsurance” and “deductible.”

Higher Premiums

Yes, employers and healthcare consumers should be prepared for “sticker shock” when shopping for coverage in 2013. Carriers are already anticipating higher costs of care again in 2013 and, subsequently, will raise premiums; as a result, employers will be looking at options for increasing employee contributions. However, the rate at which employer healthcare costs are expected to rise in 2013 should be slightly lower than in previous years.

Annual Spending Limits

Consumers suffering from costly and/or chronic medical conditions will want to know that limits on how much a carrier will pay for individual care will rise from $1.25 million in 2012 to $2 million in 2013. And, the limit will be eliminated entirely in 2014.

Flexible Spending Account (FSA) Limits

FSAs – which allow health plan members to set aside pre-tax money for prescriptions, physician visit copayments and other out-of-pocket health costs – will be limited to $2,500 for 2013. Unlike health savings accounts, where money can be left indefinitely until needed, FSA money must be spent within a year or the balance is forfeited.

Health Insurance CO-OPs – The federal government has funded approximately 20 Consumer-Oriented and -Operated Plans, known as CO-OPs, across the country, including one in Colorado, where Alliance is based. CO-OPs are essentially nonprofit health plans that include consumers on their boards of directors and strive to deliver higher quality care for lower costs than traditional health insurers. These organizations are preparing to be fully operational in time for the fall 2013 open enrollment season. As an agent, you may want to begin vetting your local CO-OP to determine whether this is an option you can recommend to your clients late next year. Your managing general agency (MGA) likely has an eye on these entities already and can offer you guidance.

Health Insurance Exchanges – As mandated by the PPACA, health insurance exchanges are online marketplaces where individuals and small businesses can shop for, compare and purchase health insurance – sort of an Expedia or Travelocity for health insurance. Some states are taking the initiative to build their own exchanges, which are permitted by federal law but subject to certain guidelines. These exchanges, if ready, will be in play for the 2013 open enrollment season, so be sure to follow their progress and ask, locally, how agents will be rewarded for bringing business through the exchange. States that choose not to create their own exchanges by 2014 will be required to use the federal exchange.

Learn More

Addressing IT’s Cyber Security Headache

A global data storm

According to a report compiled by the America National Standards Institute (ANSI), the Internet Security Alliance (ISA) and The Santa Fe Group/Shared Assessments Program Healthcare Working Group – nearly 39.5 million Electronic Health Records (EHRs) were breached between 2005 and 2008.

Between September 2011 and November 2011, a government benefits program suffered the theft of EHRs of 4.9 million military personnel, the health information of 4 million patients of a reputable West Coast healthcare system were stolen electronically and a major academic medical center inadvertently disclosed the EHRs of 20,000 of its patients.

Clearly, Cyber Security is at the heart of the Global data storm, with similar data breaches reported from all corners of the planet.

How to navigate the Cyber-threat landscape

No organization can afford to ignore the consequences of a data breach and the time for action is now.

As Larry Clinton (President and CEO of the Internet Security Alliance states: “Cyber Security is not an IT issue, it’s an enterprise-wide risk management issue that needs to be addressed in a much broader sense.”

Cyber Security: How to reduce data vulnerability & cyber security threats with an endpoint backup solution

1) No user involvement in data backups

The reality is that users should not be involved in the security of business critical data. When organizations rely on a data backup policy where users are instructed to backup to a central server, they expose themselves to data loss risks.

To reduce cyber security threats and form a solid data security infrastructure, enterprises need to first completely remove the user from the data backup process by implementing an endpoint data backup solution that is:

Centrally managed and configured
Centrally deployed
Transparent, with no user interruption, increasing user adoption

Removing user involvement in data backups and putting IT in control is vital for effective data security and foundational protection against cyber security threats.

2) Central control over data backups

Central control over data backups not only ensures that user data is secure and available for recovery in the event of a laptop or desktop being compromised by a virus or other failure, it increases endpoint security and disaster recovery preparedness and decreases the risk of cyber threats.

In order to enforce the company’s data backup policy, IT needs to have a complete oversight over the endpoint data backup environment.

Some Data Protection solutions give IT central control over endpoint business data by providing the ability to:

Centrally deploy the User Agent software, automating installation and ensuring user adoption.
Centrally define policies over what data needs to be backed up, from which users, and when
Pinpoint potential data loss risk areas quickly and act on it
Manage backups centrally and report on protection ratings and areas of concern
Prove compliance and the efficiency of Disaster Recovery Planning with intuitive data reports
Automate the backup process, further ensuring that user data is backed up and secure

This means the organization has full control over data backup selection, quotas, schedule options and settings.

3) Centralized & granular data access control

Central control over user data backups is a paramount foundational consideration when addressing cyber security. However, once the data is backed up and secure, controlling access to this data is an equally important measure.

More granular and refined data access and web security policies are a certain requirement for enterprise data protection and preventing cyber security attacks.

MessageLabs Intelligence 2010 Annual Cyber Security report shows an average of 30 custom policy rules per organization in 2010; with a rise to 50 this year.

Company policy should limit access to secure data based on business roles.

This ensures central control over endpoint user data with controlled and customisable access to confidential data. With certain data protection solutions, an encryption key is uniquely generated per user to ensure that access to data remains on a ‘per user’ level. This greatly reduces the threat of cyber security attacks.

To access a user’s data requires the uniquely generated encryption key for that user to be entered. This key is safe guarded in the Encryption Key Safe. The Encryption Key Safe safeguards each user’s unique encryption key in the event of a user requiring access to their data.

These data protection solutions provide the ability for authorized personnel to be granted ‘Security Officer’ rights over encryption keys enabling them to retrieve keys when required. This ensures granular access to confidential information and central control over who can view confidential user data.

4) Data encryption

Research shows that attacks on thousands of business computers are becoming less frequent, with targeted attacks on a single company or even one individual, becoming increasingly common. These attacks require access to this individual or organization’s data.

To prevent such an attack and effectively protect user data from any unauthorised access, enterprises need to implement appropriate security measures. Controlled access is a partial measure and should form part of addressing security in information architecture, another one of these measures is reliable and secure data encryption.

Local Disc Encryption: Products like Safeboot, PGP and open source options like TrueCrypt encrypt the data on an individual’s notebook or desktop, in addition to the data being backed up and encrypted by an effective data backup and recovery software solution.

Backup encryption: The backup and recovery solution you use should automatically encrypt your data. This is an especially important feature when it comes to compliance and data breach notifications. Anyone with IT access can access data stored on the server, which is why encryption of user data is vital in preserving data integrity.

Find a solution that is a certified Cryptography Service Provider. This means that the backup data for each user is encrypted using Blowfish 448bit (CBC mode) before being transmitted to the server.

Effective encryption aids in ensuring that confidential user information can’t be accessed by unauthorised parties.

5) The ability to track data changes

For many institutions, security threats and suspected breaches in data security where a document has been changed or edited are difficult to prove as they don’t have access to previous versions of user data.

A recent example of this is a financial institution suspected unauthorised access to their books where changes were made to spreadsheets. Unfortunately, as they couldn’t restore previous versions of their data they could not legally prove their case.

A backup solution that provides previous versions of files to be restored removes this risk, improves corporate governance compliance and provides an audit trail.

Ensure you employ a solution that allows authorised access to previously backed up versions of user documents through file versioning, giving organizations the ability to restore older versions of files as well as track and monitor data changes. This is a huge security advantage for enterprises in instances such as

Corporate governance compliance
Proving legal disputes
Monitoring and validating a user data security breach

With access to this information, enterprises have greater control over data, and security risks are substantially reduced as past versions of user files can be easily restored.

6) Safe & simple data recovery

Despite high-profile news coverage of botnet attacks, botnets showed as the top concern of only 14 percent of respondents in the 2010 CDW Security Straw Poll, however if user data has been compromised or a user machine has been infected by a virus, data recovery is a of obvious importance.

Products like Net Trace also allow for asset tracking and remote deletion of the information – but then the data is lost forever. If your endpoint business data is backed up you can go ahead, destroy the data on the user’s machine in the knowledge that the business data is accessible and can be restored.

An endpoint solution that provides simplified, safe and reliable data recovery is paramount for enterprises, ensuring authorised data recovery, increased operational benefits and reduced required resources- ultimately lowering overhead costs.

An effective data protection solution should ensure simple, fast and safe data recovery with:

Fast, wizard-driven restores
Unattended data restore
File versioning, recover previous versions of data
Ability to restore data to original location on new machine or Operating System
Protecting data from unauthorized recovery
Ensure you employ a solution that allows users to quickly and easily recover their own data by using the self service recovery feature in the User Agent.

The fact of the matter is that today’s legacy solutions struggle to provide an answer to the problem of endpoint data protection because vendors attempt to adapt antiquated technology, instead of building the correct solution from the ground up.

Some business backup management statistics to consider

Data doubles every 18 months

At least 14% of corporate employees now work remotely

At least 28% of all corporate data resides exclusively on its laptops (and increasingly on other endpoint devices). This is alarming because it opens the user (and company) to one point of failure.