Health Care Drama, Cyber Risk Take Center Stage
It’s not often that the hottest topic in pharmacy law also dominates front pages and newscasts across the country. But that was precisely the case when pharmacy attorneys and executives gathered at Quarles & Brady’s 3rd Annual Pharmacy Law Symposium in Chicago.
On the very morning that Senate Republicans’ plan to repeal the Affordable Care Act (ACA) collapsed, Quarles partner Bill Toman helped symposium attendees see through the fog of political confusion to understand what remains at stake, and what might unfold in the coming weeks. Following Toman, partners Jeffrey Davis and Alexandra Shortridge provided a powerful reminder that, whatever the situation in Washington, the topic of cyber risk remains as hot as any in the health care industry.
Noting that he had come to discuss “the nuclear meltdown of hot topics,” Toman led the panel by noting the reason he was there: Pharmaceutical companies, like most businesses in the health care space, reaped enormous benefits from the additional insurance coverage the ACA provided. At the same time, the GOP’s replacement plan would have eliminated some provisions that these companies generally didn’t care for, including the ACA’s branded prescription drug tax.
But with the GOP plans very much in doubt, Toman outlined the potential paths forward. The Trump administration, he noted, could abandon repeal-and-replace in favor of taking steps to alter the ACA in ways more amendable to Republicans. The Department of Health and Human Services, for instance, could grant waivers that allow states more freedom in administering Medicaid programs. Or the administration could undertake to rewrite the ACA’s copious administrative regulations.
“There are a lot of possibilities for remaking portions of it,” Toman said, including a few being floated by a group of Democrats in the House of Representatives. But Toman doesn’t expect any of those options to get far, given the withering criticism leveled at the ACA over the past several years by both President Trump and Congressional Republicans. Instead, Toman said the administration could choose to, in the president’s words, “let Obamacare fail.”
However, Toman noted that several steps the administration had taken – reducing marketing resources for ACA exchanges and leaving the DHHS massively understaffed, for example – would make it hard to pin the ACA’s demise on Democrats, as the president has predicted. Indeed, in the hours after Toman addressed the symposium, Trump changed tack, urging lawmakers to revive their efforts to pass a replacement health care plan.
The greatest difficulty in all of this for the pharmacy business is the unprecedented uncertainty swirling around health policy, Toman said. And, he noted that this is not likely to change in time to secure the next coverage year, saying that at this point, even if lawmakers manage to pass a health care bill, it will likely come after insurers have already signed exchange contracts and set rates for 2018.
Cyber Risk: Growing, Potentially Catastrophic – But Insurable
Even as they try to keep up with the befuddling health care debate, pharmacy executives and lawyers can’t take their eye off the threat of a cyber-attack. It’s a risk that, particularly in pharmacy and other health care industries, could prove catastrophic for any company.
But it’s also an insurable risk, and one that companies can and should be covered against. That was the message Davis and Shortridge delivered before offering a wealth of insights about the challenges and uncertainties surrounding insurance coverage for data breaches and other cyber-attacks.
Many cyber risks can be covered in various forms of traditional business insurance. Commercial property insurance, directors-and-officers coverage and commercial general liability coverage all carry important provisions for protecting against loss in a cyber-attack, Davis said. After describing the canopy of coverage traditional policies can create, Davis reviewed the increasingly prevalent use of policies designed specifically to data breaches and cyber incidents.
“The market for cyber insurance is really growing,” he said. “And it’s a critical part of your risk management today.”
Ultimately, however, he said companies must take a holistic look at how they’re covered. Shortridge echoed that sentiment in reviewing the case law surrounding coverage of cyber-attacks. But courts have had surprisingly few opportunities to weigh in on the terms of cyber insurance, she said. That could be because insurance companies are, for the time being, reluctant to deny coverage.
“They want these products to be seen as valuable,” she said. “So it’s possible that we’re in a honeymoon period where the insurers are paying out claims in the name of creating good will. But we shouldn’t expect that to last.”