Tag: 2013 News

As tech launches go, Obamacare has been pretty bumpy, if not a downright Fail Whale-style debacle according to a report in Bloomberg Businessweek. The federally run website was unresponsive for much of Tuesday morning, and only four of 15 exchange websites being run by states and the District of Columbia were working from 9:30 a.m. to 10:30 a.m. In the days before the launch, meanwhile, insurers complained about errors in the premiums that shoppers would see online and certain functions had to be delayed because the software that determined eligibility remained a work-in-progress.

“Like every new law, there will be glitches we’ll fix,” President Obama said during a Rose Garden speech. “This morning the [federal] site has been running more slowly than it normally will. The reason is more than one million people visited healthcare.gov before 7 this morning. There were five times more users this morning than had ever been on healthcare.gov at one time.”

The San Jose Mercury News reported that the widely anticipated rollout of California’s online health insurance exchange witnessed sluggish access and spotty problems Tuesday, but that didn’t stop state officials from labeling it “a historic day” that will begin to allow millions of Californians to access quality health care for the first time. For many, the array of plans and prices offered under Obamacare proved to be a welcome surprise, but others experienced sticker shock from significantly higher costs.

On the first day of a six-month open enrollment period, the California website received one million page views in the first hour, followed by 800,000 page views every hour after, according to Covered California staff. The computer system that was designed to accommodate 2,000 concurrent users was getting 3,000, officials said, while the exchange’s two operative call centers in the state received nearly 9,000 calls by noon. But there were problems. Users reported “horrendously slow” response times, with Web pages sometimes never loading. Some of the problems mimicked those around the country, where a combination of high demand and technical glitches seemed to overwhelm other online systems early in the day. But California’s exchange didn’t crash.

Covered California officials estimate that during the initial open-enrollment period, which ends March 31, they will enroll 500,000 to 700,000 Californians who are eligible for subsidies to make their care more affordable.

New York officials said roughly two million people had visited their state-run site by mid-afternoon.

However, Washington state residents going to their state-run exchange were greeted with the words “Connection Refused.” Officials said the problems impacted only some visitors, but the site appeared down into Tuesday evening.

In Oregon, which has one of the country’s 16 state-based exchanges, ;glitches also materialized.Visitors were told: “Online enrollment is coming soon! Sign up to receive an email notification when it’s available.” Officials had warned earlier this week visitors would need an insurance agent or another third party to sign up in the first several weeks.

The Division of Workers’ Compensation (DWC) has posted a 15-day notice of modification to the proposed utilization review (UR) and independent medical review (IMR) regulations to the DWC website. Members of the public are invited to present written comments regarding the proposed modifications to dwcrules@dir.ca.gov until 5 p.m. on October 11. The number of proposed changes are extensive. The following are some examples.

The new proposed rules set forth a revised Request for Authorization form (DWC Form RFA), emphasizing that it must be signed by the employee’s treating physician. There is a statement on the DWC Form RFA that it is not a separately reimbursable report under the Official Medical Fee Schedule.

One of the proposed changes that may be of concern to claim administrators is Section 9792.9.1(c)(2), Under this proposed language, a non-conforming request for authorization (i.e., an incomplete Form RFA or request that does not use the form) must be returned to the requesting physician within three business days or else be considered as complete and subject to all applicable timeframes and requirements. This provisions would seem to place a substantial burden on claim administrators. It would seem that a Request for Authorization buried in any document forwarded by a treating physician would have to be identified (by reading carefully every single word in the document) and then this obscure language would rise to the level of an official Request for Authorization unless the administrator objected in three days. It is difficult to see how a claim department could meet this burden.

Section 9792.10.4 of the proposed changes allow the independent review organization delegated the responsibility by the Administrative Director to conduct independent medical review pursuant to Labor Code section 139.5 (IMRO) may consolidate two or more eligible applications for independent medical review by a single employee for resolution in a single determination if the applications involve the same requesting physician and the same date of injury.

The new proposed regulations implement new procedures to impose sanctions. Section 9792.10.6(j) provides that upon receipt of credible information that the claims administrator has failed to has failed to comply with its obligations under the independent medical review requirements the Administrative Director shall, concurrent or subsequent to the issuance of the final determination issued by the independent review organization, issue an order to show cause for the assessment of administrative penalties against the claims administrator under new section 9792.12(c). Section Section 9792.10.7 provides that upon receipt of credible information that the claims administrator has failed to implement the final determination, the Administrative Director shall issue an order to show cause for the assessment of administrative penalties against the claims administrator under new section 9792.12(c).

Section 9792.12(c) is a new subdivision to provide for Independent Medical Review Administrative Penalties. The subdivision lists specific violations and the amount to be assessed as an administrative penalty for each.

The notice, text of the regulations, and forms can be found on the proposed regulations page.

A new study reported in SC Magazine says that as the number of individuals impacted by medical identity theft continues to climb, so does the number of victims fooled by spurious emails and websites designed to purloin their sensitive information.

According to the “2013 Survey on Medical Identity Theft,” the number of people who’ve fallen victim to this type of fraud has increased by 19 percent since last year, accounting for more than 1.8 million victims in 2013. More than 300,000 new medical identity theft cases cropped up during the one-year period, the study found. The survey was conducted by the Ponemon Institute and sponsored by the Medical Identity Fraud Alliance (MIFA) and data breach prevention firm ID Experts.

The study, in its fourth year, surveyed nearly 800 adults in the U.S. who self-reported that they, or their close family members, were victims of medical identity theft.  Along with the rise in medical identity fraud, experts also saw a significant uptick in dubious websites being erected by saboteurs and spam emails being sent – all with the intent of tricking individuals into giving up their medical information.

Between 2012 and 2013, the percentage of medical identity theft victims reporting spoofed websites and phishing emails as the likely cause of their troubles doubled. This year, eight percent of respondents cited the cyber schemes as the cause of their issues, while only four percent of victims reported the same in 2012.

In the report, medical identity theft was defined as a person using an individual’s name or personal identity “to fraudulently receive medical service, prescription drugs and goods, including attempts to commit fraudulent billing.”

Larry Ponemon, chairman and founder of the Ponemon Institute, told SCMagazine.com earlier this week that in this study, and in other Ponemon studies, the frequency of spear phishing targeting medical identity theft victims has gone up. Furthermore, spear phishing, attempts to infiltrate an individual’s network or steal their data by crafting a targeted ruse they are likely to open via email, is likely under-reported among medical identity theft victims, Ponemon added.

“A lot of people aren’t even aware that they have fallen for a phishing scam because they were so sophisticated,” he said. “The ability to record it is difficult because people aren’t even aware that it’s happened to them.”

In the study, the groups also found that seven percent of medical identity theft victims believed a data breach suffered by their health care provider, insurer or related organizations, was the cause of fraud. Last year, six percent of respondents cited those reasons as the cause.

Fred F. Hafezi, M.D. is currently listed on the DWC QME database as a spine specialist with offices in Azusa and Ontario California. The Medical Board of California reflects that he holds Physicians and Surgeons certificate G19337 originally issued in October 1970. The Board records reflect that he is certified in Orthopedic Surgery.

Medical Board records also reflect that on June 25, 2013 the office of the Attorney General of California filed an Accusation against Dr. Hafezi asking that the Board revoke or suspend his Physician and Surgeon’s Certificate,

In support of this request, the Accusation alleged that “on April 25, 2013, in the case of The People of the State of California v. Farhad Fred Hafezi, Los Angeles County Superior Court case number KA090841, Respondent (Hafezi) was ordered, as part of his sentence, to register as a sex offender pursuant to the provisions of Penal Code section 290. As a result of his being ordered to register as a sex offender, Respondent’s Physician’s and Surgeons’ Certificate No. 019337 is subject to mandatory revocation pursuant to the provisions of Business and Professions Code Section 2232.”

The Accusation continues to allege the circumstances of the criminal prosecution. “Respondent was charged with several counts of oral copulation, contact with a minor with intent to commit a sexual offense, unlawful sexual intercourse with a person under the age of 18, all violations of the Penal Code. On April 1, 2011, Respondent did an “open plea” and pled nolo contendere to all 4 counts. Then on May 26, 2011, Respondent withdrew his plea of guilty. On April 5, 2013, the court denied Respondent’s motion to withdraw his guilty plea. As a result of his plea, he now stands convicted of several counts of oral copulation and a count of unlawful sexual intercourse with a person under 18. Respondent was sentenced on May 23, 2013. Imposition of sentence was suspended, and Respondent was placed on formal probation for 36 months, ordered to serve 180 days in the Los Angeles County Jail and required to register as a sex offender pursuant to Penal Code section 290. Respondent is currently out of jail as he was given credit for time served for his county jail sentence.”

On August 6, 2013, while being represented in the Matter of the Accusation by the Law Offices of Richard A. Moss, Hafezi and his attorney signed a Stipulation for Restricted Practice. The purpose of the Stipulation was to restrict his Physicians and Surgeons certificate pursuant to Government Code section 11529.

Pursuant to the Stipulation, on August 16, Hafezi was ordered to “cease performing any activity for which a license as a physician is required in the State o! California with the sole and singular exception he may complete reports on patients seen as workers compensation referrals who were referred to him prior to the date of endorsement of this Stipulation by the administrative law judge.”

It is further stipulated and agreed that the Stipulation would be posted on the Boards website as a public document. The Stipulation is to remain in effect until completion of the administrative proceedings against him, and the issuance of a final decision of the Medical Board thereon.

A Medical Board “Action Report” dated July 1997 reflects prior discipline for Dr. Hafezi based upon Business and Professions Code §2234(b)(c)(d) “Negligent and incompetent treatment of a patient with a back injury.”

An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity.

Two of the hacked servers were inside the networks of Atlanta, Ga.-based LexisNexis Inc., a company that maintains the world’s largest electronic database for legal and public-records related information. LexisNexis is also widely used by members of the workers’ compensation community for legal research.

Contacted about the findings, LexisNexis confirmed that the two systems listed in the botnet interface were public-facing LexisNexis Web servers that had been compromised.

A tiny unauthorized program called “nbc.exe” was placed on the servers as far back as April 10, 2013, suggesting the intruders have had access to the company’s internal networks for at least the past five months. The program was designed to open an encrypted channel of communications from within LexisNexis’s internal systems to the botnet controller on the public Internet.

An initial analysis of the malicious bot program installed on the hacked servers reveals that it was carefully engineered to avoid detection by antivirus tools. A review of the bot malware in early September using Virustotal.com – which scrutinizes submitted files for signs of malicious behavior by scanning them with antivirus software from nearly four dozen security firms simultaneously – gave it a clean bill of health: none of the 46 top anti-malware tools on the market today detected it as malicious.

All three victim companies said they are working with federal authorities and third-party forensics firms in the early stages of determining how far the breaches extend, and whether indeed any sensitive information was accessed and exfiltrated from their networks.

For its part, LexisNexis confirmed that the compromises appear to have begun in April of this year, but said it found “no evidence that customer or consumer data were reached or retrieved,” via the hacked systems. The company indicated that it was still in the process of investigating whether other systems on its network may have been compromised by the intrusion.

“Immediately upon becoming aware of this matter, we contacted the FBI and initiated a comprehensive investigation working with a leading third party forensic investigation firm,” said Aurobindo Sundaram, vice president of information assurance and data protection at Reed Elsevier, the parent company of LexisNexis. “In that investigation, we have identified an intrusion targeting our data but to date have found no evidence that customer or consumer data were reached or retrieved. Because this matter is actively being investigated by law enforcement, I can’t provide further information at this time.”