Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents may require an organization to confirm whether it is processing their personal information and to receive a copy of their personal data in electronic form.

Covered organizations will be required to provide consumers with a conspicuous privacy notice disclosing the categories of personal data collected or shared with third parties and the consumers’ rights to control use of their personal data. Significantly, covered businesses must conduct documented risk assessments to identify the personal data to be collected and weigh the risks in collection and mitigation of those risks through privacy and cybersecurity safeguards.

Washington’s proposal follows the recent enactment of the California Consumer Privacy Act (see EBG’s Act Now AdvisoryCalifornia’s Consumer Privacy Act What Employer’s Need to Know). Washington’s legislation, however, will grant rights beyond those contained in the California Act and is more closely aligned with the GDPR’s framework. The heightened protections are grounded in the sponsors’ recognition of the detrimental effect of data breaches and the resulting loss of privacy. The Act cites to the GDPR as providing for “the strongest privacy protections in the world” and adopts the GDPR’s expansive definition of “personal data” – any information relating to any identified or identifiable natural person.

Businesses that process the personal data of more than 100,000 Washington residents are covered, as well as “data brokers” that derive 50 percent of their revenue from the brokered sale of personal information. Notably, “data sets” (i.e., Protected Health Information (“PHI”)) regulated by the federal Health Insurance Portability and Accountability Act of 1996, Health Information Technology for Economic and Clinical Health (“HITECH”) Act, or the Gramm-Leach-Bliley Act of 1999 are not covered. Financial and health care institutions may need to comply as to other personal data not protected under these statutes. If a health care or financial institution collects or processes other personal data and meets the thresholds above, then it is likely covered.

Employers should take note that data sets maintained only for employment records purposes are excluded. Notably, the Act excludes from coverage “an employee or contractor of a business acting in their role as an employee or contractor.” The Act will impact organizations that use facial recognition technology for profiling consumers with effects on “employment purposes” and “health care services” requiring human review prior to final decisions. Organizations who contract with facial recognition firms may see pass through contractual restrictions prohibiting use for unlawful bias.

There is no private right of action. Enforcement actions may be brought by the Attorney General to obtain injunctive relief and to impose civil penalties. If enacted, the Act, scheduled to become effective December 31, 2020, will have wide-ranging impacts requiring significant advance planning, risk assessments and consideration of privacy and security by design principles.

James D. Schutzer is the Vice President at JDM Benefits, a consulting group that provides strategic benefits services to small and mid-size employers. His career in healthcare spans over 20 years and has included leadership roles in employee benefits and insurance sales. He spent 10 years working in sales for carriers like Wellpoint and Oxford Health Plans. Jamie frequently presents and lectures to many organizations on the topic of the Affordable Care Act and sat on the New York State Health Benefit Exchange Regional Advisory Council. In addition, Jamie is the Immediate Past President of New York State Association of Health Underwriters (NYSAHU) as well as Legislative Co-Chair, and is an Executive Committee member of the Business Council of Westchester, and currently serves as Treasurer. In December 2015, Jamie was named in the Employee Benefit Adviser as one of the 14 politically active brokers to know across the U.S.

While attempts to fully repeal and replace the Affordable Care Act in 2017 did not come to fruition, several developments are taking on momentum which will surely shape the ability of employers to sponsor insured health plans for their employees in the future. From the repeal of the individual mandate penalty, expansion of association health plans, State proposals to increase taxes on insurers, referenced-based pricing and new “blockchain” models to purchase services directly for employees, the insured markets will be under increasing stress to survive. It is possible that these trends will accelerate the collapse of the insurance markets and usher in a government provided single payer system, and/or self-directed mode of procuring healthcare via blockchain technology.  I recently sat down with James Schutzer to discuss the evolving landscape in employer-provided group healthcare and obtain his insights regarding how these changes will impact costs and the future of employer-provided health insurance.

Michelle Capezza: How do you see the repeal of the individual mandate impacting the insurance markets and the ability of employers to obtain affordable insurance plans for their employees?

James Schutzer: For starters, the individual mandate penalty lacked the teeth from the beginning and I think it is still difficult to ascertain how many people enrolled in health insurance to avoid the penalty. There are different reports out in the market which argue the point from both sides. As an employee benefits advisor, I have seen a slight uptick in enrollment in employer sponsored coverage for the reason that employees want to avoid the individual mandate penalty. Therefore, I do not see the elimination of the individual mandate having a significant impact in the employer sponsored market. Plus, the employer mandate still exists as of this time and Applicable Large Employers are required to offer insurance or pay a penalty.

MC: For employers that seek to utilize the new rules expanding the ability to form association health plans (AHPs), how will this increase the adverse selection issues already straining insurance markets?

JS: One concern related to AHP’s is that they can possibly siphon off the “perceived” good risk leaving the older and sicker members in the small group market. This will certainly create a death spiral. Another concern is that employers can jump in and out of the small group market based on medical needs. I believe the proposed regulations try to address and prevent this type of behavior. I know the National Association of Insurance Commissioners has come out in opposition to AHP’s.

MC: How do you see these developments impacting an employer’s decision to sponsor a high deductible health plan with access to a health savings account for its employees versus self-funding a plan? Are these still viable modes of delivering employer-sponsored health coverage to employees?

JS: High deductible health plans with a health savings account are still growing but I have seen the pace slow down the last couple of years. One important piece which is still not readily available is the price transparency tools which enable people to be better healthcare consumers. On the other hand, we are seeing more employers testing the waters with partially self insured plans. There are many benefits to this strategy but it does come with risks. It is critical that the employer completely understands the inner workings of being partially self insured. Picking the right individual and aggregate stop loss, provider network, pharmacy benefit manager among other things is vital to the success of the plan.

MC: What is your view regarding the viability of referenced-based pricing models for employer-provided health insurance?

JS: Referenced based pricing (RBP) is a newer concept that is starting to break into the Northeast. This market is generally slower to adapt to change but RBP is proving to save employers money in other parts of the country. Hospital and major surgical costs have exploded and RBP is trying to tackle this issue head on by identifying the true cost basis and providing payment based on this data. Employers with a partially self funded plan rely on a “leased” network for their discounts when their employees utilize healthcare. This contracted rate is what the employer is responsible to pay (outside of the employee’s copay, deductible, etc). RBP looks to further peel back layers of hospital and high cost surgical claims and offer a more “fair” payment. In return, the employer’s costs are lowered. The one challenge to RBP is the potential for balanced billing but there are RBP vendors employers can work with to assist in defending the payment.

MC: Given the complexities of these markets and programs, it is no wonder blockchain is being applied to healthcare, and household name employers are beginning to develop models to contract directly with healthcare service providers and pharmaceutical companies and use their own technology to administer claims. It seems that if more transparency in pricing can be obtained, this would lend itself to blockchain purchases. How do you see this evolving, and do you think an AHP could operate this way?

JS: Yes, the blockchain phenomenon is creeping into healthcare. As I mentioned before, transparency is so badly needed in healthcare and blockchain might be the right conduit to deliver it. Healthcare is the only area I can think of where you do not know the cost of the service until after it has been performed. Although some progress has been made over time, there is still plenty of work to be done. Can you imagine needing a hip replacement and having the ability to price out the surgery in advance? But something which cannot be overlooked are the outcomes and the data to support this is sorely needed as well. Blockchain can definitely have an impact here as well as data can be easily accessible.

MC: As more individual data is collected via electronic medical records, and through direct blockchain purchasing developments, and other technology based tracking and healthcare delivery systems, do you see such Big Data being collated, analyzed and utilized to drive value based pricing initiatives and influence certain healthy behaviors?

JS: As I mentioned above, data is a key to bending the healthcare cost curve. I recently bought a new television and the research I was able to do online was remarkable. Brand, dimensions, reviews, prices…all at my fingertips. It would be a game changer if this type of data becomes available in the healthcare industry.

MC: Given these developments, do you see a potential for the pendulum to swing to a U.S. government-provided system of healthcare, requiring all employers and individuals to pay into such a system with increased payroll and income taxes, and perhaps requiring individuals to use blockchain technology to self direct their allotted government healthcare dollars to purchase healthcare services?

JS: I believe we must leave healthcare in the hands of the free market system as opposed to the government. I believe we are in the very early stages of a sea change in the healthcare industry. The current system is just not sustainable in the long run and although we can put band aids on the problem ultimately, there must be some major changes in the delivery system. We have the tools….now we have to figure out how to use them to our advantage.

MC: Thank you. Clearly there are many approaches to providing and obtaining health insurance. As cost pressures increase and the desire for transparency rises, it will be important to monitor which path stands.