Latest News

Training and Monitoring

As part of a cybersecurity program, insurers must designate one or more employees who are responsible for the information security program, as well as identify foreseeable internal or external threats that could result in an unauthorized access, transmission, disclosure, misuse, alteration, or destruction of nonpublic information, including information accessible to, or held by, third-party service providers. In addition, insurers must provide employee training and management, and implement safeguards to manage threats and assess the effectiveness of the safeguards' systems and procedures at least annually.

Insurers must submit a written statement to the Superintendent of Insurance by February 15th of each year, unless otherwise specified. The statement must certify that the insurer is in compliance with state cyber regulations.

Investigation of Events

In the event a cybersecurity event has occurred, a licensee, an insurer or third-party service provider must conduct a prompt investigation. This investigation must include:

Licensees must maintain records concerning all cybersecurity events for a period of at least 5 years from the date of the cybersecurity event and must produce those records upon demand of the Superintendent of Insurance.

Exemptions

The following are exempt from cybersecurity regulations:

If a previously exempt insurer no longer qualifies for an exemption, the insurer may continue business without an Information Security Program for no more than 180 days. After this period has elapsed, the insurer must comply with state cyber requirements.

Definitions

Cybersecurity event: any effort to obtain unauthorized access to an information system or nonpublic information stored on the information system. Cybersecurity events do not include instances in which acquired nonpublic information is returned, destroyed, or not used.

Encrypted: transformation of data to obscure meaning without the use of a protective process or key.

Information system: an organized system that collects, maintains, and transmits electronic nonpublic information.

Nonpublic information: any business-related information that is not publicly available information that if misused could jeopardize a covered entity's security and operations; any personally identifiable information (such as social security number, driver's license, or credit card numbers); and any information (other than age and gender) related to health care.

Multi-Factor Authentication: authentication through verification of at least two factors:

Publicly available information: information lawfully available to the general public from federal, state, or local government records, distributed media, or disclosures required by federal, state, or local law. Information may be considered publicly available if an insurer determines it's of the type available to the public and the consumer has not denied making it public.

Risk assessment: evaluation of potential risks to the privacy of nonpublic information.

Third-party service provider: contracted person other than an insurer who is permitted to access nonpublic information for the purposes of maintaining, processing, or storing information.

HEALTH ONLY

Medical Plans

C. Cost Containment in Health Care Delivery

Prior Authorization Procedures

A prior authorization requirement refers to any health care service, device, or drug which requires the approval of the insurer or plan prior to being performed, received, or prescribed.

If a policy issued by an accident and sickness insurer or public employee benefit plan requires prior authorization, the following conditions must be met:

After an authorization request has been submitted, the insurer must:

• 48 hours for urgent care services; and
• 10 days for all other requests;

Insurers must provide prior authorization approval for chronic condition related drugs, for a period of 12 months or the last day of the insured's eligibility under the policy, whichever is less. If the insured's chronic condition has not changed after the approval period has ended, the insurer may require a health care practitioner to submit additional information on the continued chronic condition. If the practitioner does not respond within 5 days of the request, the 12-month approval will be terminated. If the drug is no longer approved or safe under state or federal regulatory guidelines, the 12-month approval with terminate.

Exclusions to the 12-month approval period include:

In addition to chronic conditions, an insurer or public employee benefit plan may provide a 12-month approval for the treatment of rare medical conditions. A "rare medical condition" refers to any disease or condition that affects fewer than 200,000 individuals in the United States. Controlled substances are excluded.

In a situation where prior authorization was requested but not received, the insurer may permit a retrospective claim review. For a retrospective claim review to occur, the new service must be directly related to another prior approval service received, not known as needed at the time of the original prior authorization, and the need for the new service was revealed during the original prior authorization.

If an insurer enacts new prior authorization requirements, the insurer must provide all participating health care practitioners with a "Notice of Changes to Prior Authorization Requirements," no later than 30 days prior to the updated requirements. Notices are not required to list out changes, but must provide a source where practitioners may review the list of changes.

Health Insuring Corporations (HICs)

A. General Characteristics

Primary Care Physician vs. Referral Physician

When an individual becomes a member of the HIC, he or she will choose a primary care physician (PCP), who will serve as a gatekeeper. The primary care physician will be regularly compensated for being responsible for the care of that member, whether care is provided or not. It should be in the primary care physician’s best interest to keep this member healthy to prevent future time for treatment of disease.

In order for the member to get to see a specialist, the PCP must refer the member. In many HICs, there is a financial cost to the primary care physician for referring a patient to the more expensive specialist, thus the primary care physician may be inclined to use an alternative treatment before approving a referral.

Insurance for Senior Citizens and Special Needs Individuals

A. Medicare

4. Part C – Medicare Advantage

A Medicare Medical Savings Account (MSA) is a consumer-directed Medicare Advantage Plan that combines a high-deductible insurance plan with a medical savings account. The high-deductible insurance plan portion of an MSA covers costs once a high yearly deductible has been met. Medicare deposits money into the savings account, which can be used to pay health care costs, prior to meeting the deductible requirement.

In addition to coverage provided by Medicare Advantage Plans, Medicare MSAs may cover the following extra benefits for an extra cost:

Medicare MSAs do not cover Medicare Part D - Prescription Drug Insurance.

Enrollment Timelines

The enrollment period for a Medicare Advantage Plan is dependent on eligibility factors and current Medicare coverage.

Newly eligible individuals may sign up for a Medicare Advantage Plan 3 months before turning age 65 and up to 3 months after turning age 65. Depending on the elected date, coverage will begin:

If an individual is eligible for Medicare as a result of a disability, he or she may join 3 months before the individual's 25th month of receiving Social Security or Railroad Retirement Board (RRB) disability benefits, or up to 3 months after. Coverage begins:

If an individual already has Medicare Part A coverage and has enrolled in Medicare Part B during the general enrollment period, they may sign up for a Medicare Advantage Plan between April 1st and June 30th.

During the Open Enrollment for Medicare Advantage and Medicare Prescription Drug Coverage (October 15th to December 7th), individuals may do the following:

During the Medicare Advantage Open Enrollment Period (January 1st to March 31st), enrolled individuals may:

If an individual enrolled in a Medicare Advantage Plan during their initial Enrollment Period, they may switch to another Medicare Advantage plan or disenroll within the first 3 months of coverage.

If already enrolled in an Original Medicare plan, individuals are prohibited from switching to a Medicare Advantage plan, joining a Prescription Drug Plan, or switching from one Medicare Prescription Drug Plan to another during the Medicare Advantage Open Enrollment Period.

Coverages and Cost-Sharing Amounts

Cost sharing refers to the allocation of funds for healthcare and prescriptions through copayments, coinsurance, and deductibles. Out-of-pocket costs under Medicare Advantage vary by plan and are dependent on the following factors:

Excluded from supplementary benefits under a Medicare Advantage plan are the following:

5. Part D – Prescription Drug Insurance

Coverage, Formulary, Tiering

Each Medicare drug plan must provide at least a standard level of coverage set by Medicare. Plans can vary the list of prescription drugs they cover and how they place drugs into different "tiers" on their drug lists (called formularies).

As defined by Medicare, a formulary is a list of prescription drugs covered by a prescription drug plan, also known as a drug list. Each plan has its own formulary that must be filed annually. Whenever the plan makes changes to the formulary, the insureds must be notified. Medicare drug plans categorize drugs into different tiers, each with a different cost. Drugs in a lower tier will cost less than drugs in a higher tier. A formulary must include at least 2 drugs in each treatment category, but it is not required to include all drugs.

To lower costs, many plans place drugs into different "tiers" on their formularies (drug lists). Each tier costs a different amount. A drug in a lower tier will cost the insured less than a drug in a higher tier. Here is an example of how a plan may divide its drugs into tiers:

Limitations - Prior Authorization, Step Therapy, Quantity Limits

Prior authorization means approval from a Medicare drug plan before insureds may fill their prescription in order for the prescription to be covered by the plan. Medicare drug plan may require prior authorization for certain drugs.

Step therapy is a type of prior authorization. In most cases, Medicare requires the insured to first try a certain, less expensive drug on the plan's Formulary that has been proven effective for most people with the same condition before the insured can move up a "step" to a more expensive drug. For example, some plans may require to first try a generic drug (if available), then a less expensive brand-name drug on their drug list before the insured can get a similar, more expensive, brand-name drug covered.

Quantity limits: for safety and cost reasons, plans may limit the amount of drugs they cover over a certain period of time. For example, most people prescribed heartburn medication take 1 tablet per day for 4 weeks. Therefore, a plan may cover only an initial 30-day supply of heartburn medication.

If the prescriber believes that it is medically necessary for the insured to be on a particular drug even though the insured doesn't meet the prior authorization criteria, the insured and the prescriber can contact the plan to request an exception. The prescriber must give a statement supporting the request. If the request is approved, the plan will cover the particular drug, even without prior authorization for the drug, or without trying a less expensive drug first.

Preferred Network Pharmacies

A pharmacy that is part of a Medicare drug plan's network is called a preferred cost sharing pharmacy. Insureds may pay lower out-of-pockets costs (such as copayment or coinsurance) for some of their prescription drugs if they get them from a preferred cost sharing pharmacy instead of a standard cost sharing pharmacy.

Low-Income Subsidy

The Medicare Prescription Drug Improvement and Modernization Act of 2003 (MMA) provides assistance to low-income individuals through federal government subsidies. These subsidies cover premiums, deductibles, and copyments under Medicare Part D. Individuals may apply for a Low-Income Subsidy (LIS) through the Social Security Administration (SSA) or through the State Medicaid agency.

During the application process, the applicant's income (aong with the applicant's spouse's income if married) is compared to the Federal Poverty Level (FPL). Included in the applicant's income are resources or assets that can be readily converted into cash within 20 days, along with property outside of the applicant's primary residence.

To qualify for full low-income subsidies, applicants must meet the following requirements:

To qualify for partial low-income subsidies, applicants must meet the following requirements: