In 2019, before the rule change, Medicare paid about $250 million for these types of skin substitute bandages. However, total spending rose about 40-fold in 2024 to over $10 billion.
Realizing this was a problem, the Biden administration introduced a new policy in April 2024 that would cover the bandages for certain types of leg and foot ulcers, only for bandages that had gone through high-quality testing and had shown an advantage over standard bandaging. The policy was supposed to go into effect this February.
But when the Trump administration took office, the policy was delayed as part of a blanket freeze on new regulations. And in April, the administration announced that the policy would be delayed until 2026. The Times noted that Trump had received a large campaign donation from a leading bandage maker and has subsequently defended the bandages on social media on at least two occasions.
But this week, the administration seems to have reconsidered. In the new proposed policies, the Trump administration proposed a flat rate of about $809 per square inch, which would go into effect in January 2026.
In a statement to the Times this week, a spokesperson for a bandage industry trade group said: “If this exceedingly low payment rate were to take effect, companies producing skin substitutes would no longer be able to cover their production costs, and providers would not be able to afford to treat their patients.”
Last week, Health Secretary and anti-vaccine advocate Robert F. Kennedy Jr. announced the Trump administration would hack off nearly a quarter of employees at the Department of Health and Human Services, which oversees critical agencies including the Food and Drug Administration (FDA), the Centers for Disease Control and Prevention (CDC), the National Institutes of Health (NIH), and the Centers for Medicare and Medicaid Services (CMS).
The downsizing includes pushing out about 10,000 full-time employees through early retirements, deferred resignations, and other efforts. Another 10,000 will be laid off in a brutal restructuring, bringing the total HHS workforce from 82,000 to 62,000.
“This will be a painful period,” Kennedy said in a video announcement last week. Early yesterday morning, the pain began.
It begins
At the FDA—which will lose 3,500 employees, about 19 percent of staff—some employees learned they were being laid off from security guards after their badges no longer worked when they showed up to their offices, according to Stat. At CMS—which will lose 300 employees, about 4 percent—laid-off employees were instructed to file any discrimination complaints they may have with Anita Pinder, identified as the director of CMS’s Office of Equal Opportunity and Civil Rights. However, Pinder died last year, The Washington Post noted.
At the NIH—which is set to lose 1,200 employees, about 6 percent—new director Jay Bhattacharya sent and email to staff saying he would implement new policies “humanely,” while calling the layoffs a “significant reduction.” Five NIH institute directors and at least two other senior leaders have been ousted, in addition to hundreds of lower-level employees. Bhattacharya wrote that the remaining staff will have to find new ways to carry out “key NIH administrative functions, including communications, legislative affairs, procurement, and human resources.”
At CDC—which will lose 2,400 employees, about 18 percent—the cuts slashed employees working in chronic disease prevention, sexually transmitted diseases, HIV, tuberculosis, global health, environmental health, occupational safety and health, maternal and child health, birth defects, violence prevention, health equity, communications, and science policy.
Some leaders and workers at the CDC and NIH were reportedly reassigned or offered transfers to work at the Indian Health Services (IHS), an HHS division that provides medical and health services to Native American tribes. The transfers, which could require employees to move to a remote branch, are seen as another way to force workers out.
Thousands of sites running WordPress remain unpatched against a critical security flaw in a widely used plugin that was being actively exploited in attacks that allow for unauthenticated execution of malicious code, security researchers said.
The vulnerability, tracked as CVE-2024-11972, is found in Hunk Companion, a plugin that runs on 10,000 sites that use the WordPress content management system. The vulnerability, which carries a severity rating of 9.8 out of a possible 10, was patched earlier this week. At the time this post went live on Ars, figures provided on the Hunk Companion page indicated that less than 12 percent of users had installed the patch, meaning nearly 9,000 sites could be next to be targeted.
Significant, multifaceted threat
“This vulnerability represents a significant and multifaceted threat, targeting sites that use both a ThemeHunk theme and the Hunk Companion plugin,” Daniel Rodriguez, a researcher with WordPress security firm WP Scan, wrote. “With over 10,000 active installations, this exposed thousands of websites to anonymous, unauthenticated attacks capable of severely compromising their integrity.”
Rodriquez said WP Scan discovered the vulnerability while analyzing the compromise of a customer’s site. The firm found that the initial vector was CVE-2024-11972. The exploit allowed the hackers behind the attack to cause vulnerable sites to automatically navigate to wordpress.org and download WP Query Console, a plugin that hasn’t been updated in years.
In a disturbing sign of the times, Medicare this week implemented a change to its claims-processing system that adds two extra digits to money amounts, expanding the fields from eight digits to 10. The change now allows for billing and payment totals of up to $99,999,999.99, or a penny shy of $100 million.
In a notice released last month, the Centers for Medicare & Medicaid Services (CMS) explained the change, writing, “With the increase of Part B procedures/treatments exceeding the $999,999.99 limitation, CMS is implementing the expansion of display screens for monetary amount fields related to billing and payment within [the Fiscal Intermediary Shared System (FISS)] to accept and process up to 10 digits ($99,999,999.99).”
The FISS is the processing system used by hospitals and doctors’ offices to process Medicare claims.
Stat news, which first reported the update, noted that it’s not the first time CMS has struggled to make room for ever-increasing drug and treatment prices in its claims processing systems. In 2022, the agency had to give technical advice to doctors submitting claims for chimeric antigen receptor (CAR) T-cell therapy, which is used to treat blood cancers. CAR T-cell therapies run around half a million dollars, or eight digits. But in a different claims processing system, called the Multi-Carrier System (MCS), the money amount fields only included seven digits. In that case, rather than expanding the field, the CMS requested that doctors divide the bill by either five or 10, depending on the size, and then bill Medicare five or 10 separate times for a single claim.
CAR T-cell therapies aren’t the only treatments with eye-popping price points these days. Just last month, the drug Lenmeldy, a lifesaving gene therapy for a tragic childhood condition, set the current record for the highest drug price in the world at $4.25 million. Before Lenmeldy arrived, the hemophilia B drug Hemgenix held that record, with its price set at $3.5 million.
While these advanced therapies come with mind-boggling prices, prescription drug costs in the US are a problem across the board. In a KFF poll published in August, 28 percent of US adults reported difficulty affording their prescription medication, while 31 percent reported not taking their medicine as prescribed in the past year due to the cost. A federal report from 2022 found that Americans pay nearly three times more for prescription drugs than people in 33 other wealthy countries.
Enlarge/ A nursing home resident is pushed along a corridor by a nurse.
Health insurance companies cannot use algorithms or artificial intelligence to determine care or deny coverage to members on Medicare Advantage plans, the Centers for Medicare & Medicaid Services (CMS) clarified in a memo sent to all Medicare Advantage insurers.
The memo—formatted like an FAQ on Medicare Advantage (MA) plan rules—comes just months after patients filed lawsuits claiming that UnitedHealth and Humana have been using a deeply flawed, AI-powered tool to deny care to elderly patients on MA plans. The lawsuits, which seek class-action status, center on the same AI tool, called nH Predict, used by both insurers and developed by NaviHealth, a UnitedHealth subsidiary.
According to the lawsuits, nH Predict produces draconian estimates for how long a patient will need post-acute care in facilities like skilled nursing homes and rehabilitation centers after an acute injury, illness, or event, like a fall or a stroke. And NaviHealth employees face discipline for deviating from the estimates, even though they often don’t match prescribing physicians’ recommendations or Medicare coverage rules. For instance, while MA plans typically provide up to 100 days of covered care in a nursing home after a three-day hospital stay, using nH Predict, patients on UnitedHealth’s MA plan rarely stay in nursing homes for more than 14 days before receiving payment denials, the lawsuits allege.
Specific warning
It’s unclear how nH Predict works exactly, but it reportedly uses a database of 6 million patients to develop its predictions. Still, according to people familiar with the software, it only accounts for a small set of patient factors, not a full look at a patient’s individual circumstances.
This is a clear no-no, according to the CMS’s memo. For coverage decisions, insurers must “base the decision on the individual patient’s circumstances, so an algorithm that determines coverage based on a larger data set instead of the individual patient’s medical history, the physician’s recommendations, or clinical notes would not be compliant,” the CMS wrote.
The CMS then provided a hypothetical that matches the circumstances laid out in the lawsuits, writing:
In an example involving a decision to terminate post-acute care services, an algorithm or software tool can be used to assist providers or MA plans in predicting a potential length of stay, but that prediction alone cannot be used as the basis to terminate post-acute care services.
Instead, the CMS wrote, in order for an insurer to end coverage, the individual patient’s condition must be reassessed, and denial must be based on coverage criteria that is publicly posted on a website that is not password protected. In addition, insurers who deny care “must supply a specific and detailed explanation why services are either no longer reasonable and necessary or are no longer covered, including a description of the applicable coverage criteria and rules.”
In the lawsuits, patients claimed that when coverage of their physician-recommended care was unexpectedly wrongfully denied, insurers didn’t give them full explanations.
Fidelity
In all, the CMS finds that AI tools can be used by insurers when evaluating coverage—but really only as a check to make sure the insurer is following the rules. An “algorithm or software tool should only be used to ensure fidelity,” with coverage criteria, the CMS wrote. And, because “publicly posted coverage criteria are static and unchanging, artificial intelligence cannot be used to shift the coverage criteria over time” or apply hidden coverage criteria.
The CMS sidesteps any debate about what qualifies as artificial intelligence by offering a broad warning about algorithms and artificial intelligence. “There are many overlapping terms used in the context of rapidly developing software tools,” the CMS wrote.
Algorithms can imply a decisional flow chart of a series of if-then statements (i.e., if the patient has a certain diagnosis, they should be able to receive a test), as well as predictive algorithms (predicting the likelihood of a future admission, for example). Artificial intelligence has been defined as a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. Artificial intelligence systems use machine- and human-based inputs to perceive real and virtual environments; abstract such perceptions into models through analysis in an automated manner; and use model inference to formulate options for information or action.
The CMS also openly worried that the use of either of these types of tools can reinforce discrimination and biases—which has already happened with racial bias. The CMS warned insurers to ensure any AI tool or algorithm they use “is not perpetuating or exacerbating existing bias, or introducing new biases.”
While the memo overall was an explicit clarification of existing MA rules, the CMS ended by putting insurers on notice that it is increasing its audit activities and “will be monitoring closely whether MA plans are utilizing and applying internal coverage criteria that are not found in Medicare laws.” Non-compliance can result in warning letters, corrective action plans, monetary penalties, and enrollment and marketing sanctions.
