Big Dilemmas for Web Security

The federal government is getting into the fray over internet security in a national crisis.  (See Yahoo Article here)  A Senate committee considered and then promptly dropped language in a cybercrime bill that would have authorized the President to shut down internet traffic to compromised web sites.  This comes in the larger context of trying to set policy on technical security for the nation, in light of our increasing dependency on the framework created by the internet.  Assuming that the shutdown of a web site was technically feasible, a war-time President would likely have the authority to do so, whether Congress passed a law about it or not.  See U.S. Const. Art. II Sect. 2 cl. 1.  As a practical matter, if the President could allow for the rounding up of U.S. citizens during World War II solely because of their race, I think the President can safely assume that shutting down a web site would be constitutional.  See Korematsu.

The difficulty today, however, is that following 9/11, President Bush asserted that we are constantly at war with terrorists.  Unlike a more traditional notion of war which has a relatively clear start and end, defining war in this manner means that the President is constantly acting within his war powers.  I don’t think the founders of our nation intended for us to have a king, or contemplated that we would be in a constant state of war.  And the danger is that the President would exercise the power to shut down certain web sites deemed a security risk, without much recourse for the web site owner.  So sites that might have an infection could be shut down, but so could those that disagreed with Presidential policies.

The risk to our internet infrastructure is real.  The authors of computer viruses today have come a long way from the kids of the 1990’s that were trying to annoy you.  Major web sites like and malicious ads on Google’s AdWords have been infected with viruses that would then attack users of that web site, potentially infecting many millions of computers.  Our ability to effectively respond to such problems is directly related to how well we prepare for their realization.  Perhaps instead of delegating such broad authority to the President, we should instead work on delegating power to act under more specific circumstances which would better balance the free speech rights of web site operators against the technical security needs of the nation.

Rescuecom v. Google: Trademark Infringement

In a recent post on Google’s use of trademark words as advertising search terms, one of the questions I raised was whether Google was really any different than a newspaper that might run an ad that was infringing on a third party’s trademark.  Rescuecom, Corp. v. Google, Inc. may help to provide some insight into this question.

In Rescuecom, the Court of Appeals for the Second Circuit was asked to determine if the plaintiff had alleged a cause of action for trademark infringement against Google.  Rescuecom alleged that some of its competitors were purchasing its trademark as a keyword that would trigger the competitor’s ad when a google user searched with Rescuecom’s trademark.  For fun, I searched with this trademark but got no advertisements on google or yahoo.  I guess that the competitors got shut down by all of the litigation that was ongoing in this matter.

In any event, the Court goes on to discuss whether google’s practice of offering trademarks for auction to competitors could be infringement by google.  The Court noodle’s through the complaint in this manner: (a) most of google’s revenue comes from advertising, (b) google has a financial stake in the effectiveness of the advertisements it runs for advertisers, (c) trademarks of well known companies have value as keywords for advertisers, therefore, google can be liable for trademark infringement if the trademark is “used in commerce” as that is defined in section 1127 of the Lanham Act, and the use is likely to cause confusion on the part of users of google’s search engine when those users are presented with advertisements from competitors to the trademark holder.

The Court does not fully explain the logic in (b) above.  For those that use google’s AdWords, an advertiser can create an ad and determine when that ad will display on google’s web site based on keywords that are used by google users to search for web content.  For example, if you were looking for Starbucks and used that trademark as a search term in google, google will return web pages it thinks are relevant to that result, along with advertisements that are tied to that search term.  Advertisers can place a bid on the maximum amount they will pay for a click on their ad.  So, if there were multiple advertisers with “Starbucks” as their keyword, the one with the highest bid would display at the top of the list of advertisements (usually in the right hand column, but google also has ads at the top of the search results listing on the left periodically).  Clicking on an advertisement will take the user to the advertiser’s web page, which will not necessarily be Starbucks’ home page.

Google also benefits from a competitor outbidding the trademark holder per click through the AdWords system.  So if Starbucks and I both decided to run an ad in AdWords based on the trademark “Starbucks,” I could force Starbucks to increase the amount it would pay per click by automatically increasing my bid for the same keyword.  Google, in fact, has a tool to allow bids to automatically change based on the market for a keyword.

Consumers, I suppose, could be confused by this.  Rescuecom alleged that consumers were likely to be confused (and they were losing business to their competitors as a result) by the ads because they display in a “manner which would [not] clearly identify them as purchased ads…”  Rescuecom, at *6.  And the competitors that were using Rescuecom’s mark were in the same business as Rescuecom, and I seriously doubt they would put a link at the top of their page that would say “Looking for Rescuecom Corp?  Here is a link to their page.”  I suppose if I wished to sell my “Karbucks” brand coffee, the easiest way to advertise it would be to buy the trademark “Starbucks” on AdWords, and just have a very large marketing budget to bid on that keyword.  Maybe that is the reason that Starbucks coffee is around $12-$15 per pound – the AdWords bids keep going up because of competing trademark infringers!

I suppose that google could use the existing trademark database, TESS, which is maintained by the US Patent and Trademark Office, and simply prevent anyone (or anyone other than the current trademark holder) from bidding on a particular registered and active trademark.  Factually, there is also a question of whether much of google’s advertising money comes from the mis-use of trademarks.  For example, I do have the word Starbucks in an ad that I have run, but the link in my ad takes you to an article on my blog about another trademark infringement case against a Starbucks competitor.  I’m not selling coffee on my blog (at least not yet), so no danger of infringement.  When I originally created the ad, there was a lag before approval of it, where I presume that google at least had the opportunity to check to see if I was trying to infringe Starbucks’ mark.  Stay tuned!

Google AdWords and Trademarks as Search Terms

Google has been sued by a number of trademark holders on the grounds that competitors can establish an adwords account with Google and bid on trademarks as search terms that users of the search engine may use to search.  The consequence is that a high bidder on a trademark search term may see ads from AdWords paid for by competitors of the trademark holder.

Suit was brought to the EU.  A ruling is expected next year.  However, a senior judge on the EU Court reviewing the complaint, offering a non-binding assessment of the situation, stated that Google’s AdWords service probably falls within an “information society services” exemption for trademark infringement, so long as Google remains “neutral” about the information that it provides to search users.  (See the Article on Yahoo News here)

AdWords itself works by allowing advertisers to bid on particular keyword search terms.  A high bidder’s display ad will appear next to google search results, (sometimes at the top, but more often in the right hand column on the search results list).  For example, a google search for “Louis Vuitton” returns the official web site of the corporation as the first result in the left hand column of results.  However, advertisers selling knock-offs and fakes appear in the right hand column, taking users off to unapproved web sites offering products that compete (mostly on price) with the trademarked item searched for by the user. was one of the advertisers when I searched today; they appear to be offering “Louis Vuitton” products at 60-90% off the list price.  According to, LV offers their products for sale exclusively through their web site, and through  (See the information here on the LV website, FAQ | Questions About Louis Vuitton) does not appear to be a legitimate LV reseller, and they are not the only advertiser that pops up on a search for the trademark “louis vuitton.”

Trademark law in the U.S. is governed by the Lanham Act, codified in 15 U.S.C. 1051 et seq.  Sections 1114 and 1125 are the typical basis for bringing a trademark infringement claim against an alleged infringer of one’s trademark.  Section 1114(1)(a) requires that an infringer use a registered mark in commerce in connection with the sale or advertising of a good that is likely to cause confusion on the part of the prospective buyer of the thing advertised.  Louis Vuitton has a registered word mark, (registration number 2904197), filed in 2003 and registered in late 2004 in the U.S. that it uses worldwide to indicate that LV is the maker of the thing to which the trade mark is affixed.  Another party offering for sale a bag identified as “Louis Vuitton” without permission of the LV is likely an infringer of LV’s trade mark.

The question is whether Google could also be a trademark infringer by selling ad placement services to the infringing advertiser.  Google does benefit from the auction of trademark terms available for advertising on its site.  To the best of my knowledge, Google does not take down advertisements that might be infringing or that would direct a search user away from the legitimate business web site of the trademark holder whose trademark is being used as a keyword.  On the other hand, Google does not write the infringing ads, either.  Arguably, Google is not selling goods with a false designation mark or causing the advertisements to be created by the actual infringer.  In this way, Google is similar to a newspaper that sells classified ad space to advertisers.  I don’t think that a newspaper would be liable for trademark infringement for running the ad of a third party that was infringing on another’s mark or might confuse customers about whose products were being advertised.  Does AdWords work that much differently to expose Google to heightened or joint liability with infringers?

iPhone Security and Corporate Networks

Some brouhaha has been brewing over how the iPhone addresses encryption with Microsoft Exchange.  (See the Article Here on Infoworld).  According to InfoWorld, iPhones prior to version 3.1 of the OS did not accurately report whether they supported encryption locally of data stored on the iPhone.  For some corporate networks, encryption is mandated for devices controlled by the organization that are connected to their Exchange servers.  Apparently, prior to 3.1 of the OS, the iPhone would report that it was encrypted, regardless of whether it was or not, as a way to ensure that the iPhone would connect to the Exchange server.

This fact apparently has some IT and compliance staff in a tizzy, because they may have introduced a number of these devices over blackberrys on the basis that the iPhone would comply with a local encryption policy or organizational requirement.  For example, the Health Insurance Portability and Accountability Act (HIPAA) security regulations, in the technical standards, do address the need for encryption of protected health information (PHI) transmitted over networks.  For some organizations, in order to simplify regulatory compliance, establishing a universal mandate that there be encryption between devices outside of the corporate LAN and sensitive servers in the LAN may be the most sensible approach.  Of course, if we are talking about email, email received and read is generally not encrypted to begin with, whether it is sensitive or not.  That’s because most users of email  find it too complicated to digitally sign an email with their own personal certificate and ensure that the receiving party had a way to decrypt the message with the typical certificate exchange approach to email encryption.

Microsoft Exchange does allow for the transfer of other information (like calendars and tasks), but I would seriously doubt many health organizations use the Microsoft calendar to manage patient appointments or would be putting PHI into either of these data types.  Most of the PHI action in health care facilities is within their charting and practice management systems.  Neither usually integrate or are based on Microsoft Exchange.  So, to establish a blanket policy requiring that remote devices controlled by the organization be encrypted to connect to corporate resources can be a reasonable approach, but the reality is that HIPAA doesn’t automatically mandate that for iPhones.

There should be a documented risk assessment for iPhones that connect to the corporate network which would evaluate the risk of loss of PHI against the cost of mitigating that by encryption (and perhaps other mechanisms like remote wipe).  Encryption should be used if there is a substantial risk of PHI being lost from an iPhone being stolen.  But to establish that, the risk analysis would need to evaluate how often these devices are lost per total phones per year, and how many of the lost phones actually had PHI on them.  My guess is that the likelihood of this would generally be small for most organizations.  The issue, then, is how to make your compliance plan flexible but also enforceable and effective at protecting your PHI.  And that, my friends, is the art of information security!

Linden Labs and Virtual Sex Toys? Huh?

Oh, yeah, there is a lot of kinky virtual sex going on in Second Life.  And to support all of that activity, there are apparently a lot of vendors selling knock-offs of the “real” virtual sex toys of one vendor who is mad enough to sue.  (See Wired Article)

Yes, a few years ago, Linden Labs set up a special “mature” designation for areas in its virtual worlds that were aimed at “adult” conduct, so those under 18 and others with sensitive eyes  would not be offended by what they found.  However, probably much like the real world, virtual sex is rampant in Second Life.  As a consequence, there is a heavy trade in sex-related objects.  According to the plaintiff, Eros Products LLC, his SexGen products line has sold about $1 million (that’s U.S. dollars) within Second Life over the past five years.  (A copy of the Complaint is here)

Vicarious and contributory liability for copyright infringement is recognized by the courts as a cause of action under federal law.  This kind of liability has been raised in recent years by the various music file sharing services that came and went, such as Napster (originally a file sharing service without any copyright licensing from the music companies that owned the music being shared), Gnutella, and Limewire.  Each of these services were held to be liable for the file sharing of their users, in part based on the notion of vicarious liability.  Cases prior to Napster et al. that addressed this kind of liability along two lines: landlord-tenants where the landlord exercised no control over the leased premises, and dance-hall cases where the operator of the hall controlled the premises and obtained a direct financial benefit from the infringing performances.  Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d 259 (9th Cir. 1996).  Under common law, landlords have not been held to have copyright liability where dance-hall operators have.

In Fonovisa, the defendant operated a “swap meet” where the operator rented stalls to individuals who were selling unlicensed copies of bootlegged music owned by the plaintiff.    For the swap meet operator to be liable, the plaintiff had to prove that the operator controlled the marketplace and obtained a direct financial benefit from the sales of infringing works.  The Court sided with the plaintiff in this case, even though Cherry Auction did not receive a commission from the sales of the infringing materials.

Assuming that Eros Products LLC (and other plaintiffs that may join the suit should the court certify this as a class action) can prove that they are the valid owner of the copyrighted works, the question for the court is whether Linden Labs can meet the standard for contributory liability.  Linden Labs is a virtual landlord in the sense that users of Second Life pay an annual subscription in order to “own” virtual real estate within the virtual world.  The right to own this virtual property is limited by payment of the subscription.  You will note, however, that there are plenty of users that do not acquire any virtual real estate in Second Life – and for them, there is no fee to participate.

However, Linden Labs also charges fees for the conversion of Linden Dollars into U.S. Dollars through the Linden Exchange.  For infringers seeking to sell pirated works in the virtual world, the real benefit to them is the ability to take the proceeds of those sales and convert them back into hard currency for use in the real world.  Approximately 250 Linden Dollars are worth a U.S. Dollar (the trading in this currency fluctuates).  In order to convert Linden Dollars back to U.S. Dollars, Linden Labs charges a fee of 3.5% of the value of the transaction.  So, indirectly, Linden Labs benefits from the sale of infringing goods every time that the infringer converts his Linden Dollar proceeds to hard currency.

There is a question, however, of whether Linden Labs is merely a landlord who relinquished control to his infringing tenant.  Eros Products LLC claims that Linden Labs did exercise control over the activities of its users because all of the virtual worlds within Second Life are ultimately housed on servers controlled by Linden Labs.  Pl.’s Complaint at ¶ 127-128.  And furthermore, Linden Labs has ultimate control over its software that operates Second Life, and I suppose that Linden Labs could alter its software to prevent copyright infringement if it wished to do so (how, exactly, is another story).  Factually, however, I think this is going to be tough to prove.  Unlike Grokster, who marketed itself as the successor to Napster for those looking to willfully infringe on the copyrights of others, Linden Labs has not marketed itself as a safe haven for willful copyright infringers.  On the contrary, Linden Labs gave some thought to copyright in its license agreement, granting its users rights in the works they create in-world.  (See Terms of Service here at section 3.2)

The other question is whether Linden Labs, in light of the DMCA, fits within the safe harbor established for internet service providers, shielding it from liability for the infringing acts of its users.  More on that in another post.  Stay tuned!

IT Changing the Law Profession?

There are an incredible number of lawyers in the United States today – estimated at more than 1 million and growing, based on the number of students enrolling in law schools across the country. Technology is changing how we do law.

The number of lawyers providing legal services has pushed lawyers to become specialists so that individual attorneys can differentiate themselves within the legal services market.  The ABA, which claims a membership in excess of 400,000 members, is probably the largest association of attorneys in the U.S.  There are about 35 different sections of law that an attorney could join, with several subsections and numerous committees within each section of law – all representing a specialty area of knowledge.

As a result of its size, the ABA has a global reach and has an impact on legislation at the state and federal level.  The ABA also presents opportunities for attorneys to meet and work with other attorneys, and to learn about a legal issue or area from an expert in the field.  These learning and working opportunities have been expanded by technology.  For example, ABA’s web site contains a substantial amount of knowledge and information for attorneys.  ABA committees regularly meet by phone to plan for events and activities.  In fact, last year I attended a conference in Second Life on the use of virtual worlds by attorneys and professionals.

Legal research and management has also been changed by the advent of Westlaw and Lexis, giving attorneys access to an unprecedented amount of information (if you can afford the costs for searching their databases) without the need to travel to a library or to purchase a private library.  And Google, blogs, twitter, youtube, facebook, and linkedin have all added another layer of interaction and knowledge sharing.  The question for attorneys is whether there is more to come.

Specialization inherently requires specialized knowledge that is generally unique or rare in the market, allowing the owner of that knowledge to exploit it.  The general knowledge of an attorney of the legal system in general is not very rare – most attorneys have the same or similar working knowledge of the courts, research tools, and document formatting as a result of the standardization of law school curricula across the country.  While there is some degree of differentiation between attorneys in terms of skill in these basic knowledge areas, the difference between attorneys here is not enough to impact the market for legal services substantially.

However, there are relatively few experts in equestrian law, for example.  Within the MSBA solo listserv, I can think of only one attorney in Maryland that specializes in this area.  So, if you have an issue with a horse, that’s the attorney to call.  There are relatively few attorneys that specialize in non-profits.  And there is long list of specialists in other areas.  Statutes sometimes create specialists.  For example, when the Copyright Act was revised in 1976, there were initially few experts of the revised Act.  As time has progressed, more attorneys have entered the field of copyright law so that now there are a fair number of attorneys that can help you register a copyrighted work or litigate an infringement claim.

This move towards specialization within the market also tends to lead towards competition, which pushes down the value of legal services in a particular area as there are more market entrants in the area of specialty.  So, the value of registering a copyright at the Copyright Office, beyond the fee charged by the Office for the registration, is not very high.  Plenty of attorneys can help a client fill out the form and attach the appropriate number of examples of the work and mail it to the Copyright Office.

This trend led one author, Richard Susskind, to write The End of Lawyers? Rethinking the Nature of Legal Services.  The book discusses the tendency for legal work to go from “bespoke” or a highly specialized experience for each client (like trial litigation) to commodity (such as tax compliance software developed by Anderson & Cooper and now marketed by Deloitte Touche) with time as the result of developments in information technology.  Richard Granat, a Maryland attorney who works from Florida, has developed “Direct Law,” which is an automated document assembly system for attorneys and is available on a subscription basis.  This system utilizes specialized knowledge in order to automate legal service delivery by establishing business rules that are defined by a specialist attorney and writing those rules into the application that is used to assemble the documents.

There will be more of this sort of thing over time, which will expand the supply of attorneys that can deliver more specialized legal services.  Increasing supply inevitably leads to a lowering of the cost per transaction to clients, while still maintaining a minimum level of quality as the information system consistently enforces the applicable business rules.  In turn, this pushes more attorneys to find a new specialized area, creating another market for automation.  Maybe Ray Kurzweil is right – in the future, we will all be small business owners that employ automated systems to generate revenue.  I suspect that some attorneys fear this future will make them unemployed.  What do you think?

Snow Leopard (OS X 10.6)

Apple released Snow Leopard this past Friday, August 28, to the general public.  Version 10.6 of their operating system has been billed as primarily a “behind the scenes” improvement in OS X, building on the technology that runs Apple’s computers and smartphones today.  (See Wired Article)  I decided I would go ahead and install 10.6 on my first generation Intel Macbook and also on my Macbook Air.

So far, so good.  I use Parallels to operate a virtual Windows XP machine.  Parallels 3 is not compatible with OS X 10.6.  I therefore upgraded to version 4 of Parallels, and my virtual machine works again.  I did run into some problems getting the upgrade to run (my VM was left in a paused state before the upgrade, and I could not open it in Snow Leopard to stop it.  There is a workaround available for this on Parallels web site if you search for it in help).  And, sadly, my venerable Lexmark Z715 lacks drivers in 10.6, and none are available (or planned by Lexmark).  But my Z1420 does work just fine, so I can still print to my heart’s content at the office.  Perhaps I will finally break down and get a new printer for the home office.

Other than the few incompatible items listed above, the OS X install was itself rather smooth and did result in saving me between 7 and 10 gigabytes of hard drive space.  In addition, because a number of the processes that run in 10.6 are 64-bit, they run considerably quicker than the prior versions of these items.  64-bit programs take advantage of being able to send instructions that are twice as large as older software to the central processor.  Safari opens more quickly and is more responsive than pre-upgrade, and other software like Mail, iPhoto, and iTunes all are much more efficient, as is Finder.

I am still using Microsoft Word 2004, and unfortunately, Word does not get noticeably quicker under Snow Leopard.  It appears that this version of Office is running as “Power PC” rather than a native 64-bit application, but then it was slow in 10.5 as well.  The Office suite has always run faster on Windows.  Personally, I think Microsoft is just trying to tell us all that we should use their products on Windows.  Perhaps the next major release of this package will be an improvement.

Others have written about the new features and what went where in 10.6.  (See Wired; Leopard Tricks Tips and Tools)   Overall, I think 10.6 is a nice upgrade and worth the $30 for a license.  Compared to other, more disastrous upgrades from our friends at Microsoft, most will not have an issue going from 10.5 to 10.6.  Good luck.

Update September 9

I am still running Snow Leopard on my Macbook and Macbook Air.  I have run into compatibility issues with Quickbooks for Mac 2009 – the program mostly works except it crashes when I attempt to record deposits.  I understand from Intuit’s web site that they are working on a patch for compatibility issues with their product.

I have also noticed that periodically mail gets upset and downloads a duplicate copy of message in my gmail account.  Closing and re-opening the application seems to solve this issue, even though I have no idea why it does that.

Because my Lexmark Z715 no longer works with OS X 10.6, I tried my other handy printer – an HP J3680 all in one printer.  The HP web site claims that the drivers for the J3600 series printers were included with the 10.6 upgrade, but when you check this claim against the Apple support web site, the J3600 series is notably missing from the compatible list.  So when I try to add this printer to my MBA, OS X tries to connect me to Apple to get a mysterious update that will provide the driver.  Needless to say, no update is forthcoming.  Perhaps HP will fix their driver for this printer series, which would save me the trouble of buying a new printer for home.

In spite of these issues, I still think the upgrade was a reasonable one.  Compared to other upgrades, the inconvenience has been generally small, and besides, the problems seem to be tied to some of the big vendors for software and hardware that ought to be more on the ball.  Isn’t that what the Microsoft people always say when stuff stops working after an upgrade?

Update September 15

Intuit released and re-released a patch which has addressed the issues I had with Quickbooks 2009 on OS X 10.6, so all is now well with that program.

In addition, I noticed last night that I was able to connect to the HP J3680 at home, though I am not able to use this printer through my older airport express.  It works just fine, however, shared through my other Macbook, and I am also now able to scan pdf files to the Macbook from this printer.

The upgrade has gone relatively smoothly, all things considered, and now that I can print again at home, I am gearing up to destroy a forest!

Health Policy & U.S. Healthcare

I usually do not write about health policy in the U.S. because it is somewhat outside of my area of expertise, but I have been thinking about the issues with health care reform this year and thought I would provide some analysis.  Watching the news, there seems to be a lot of resistance to health care reform this year.  The cost for reform is one of the big stumbling blocks – given the actual price tag to the country that was floated by the various agencies charged with analyzing such things.  However, if you think about it, our current, unreformed system of health care results in the insured paying for more than their own care.

For one, let’s talk about the uninsured.  There are approximately 50 million Americans that lack health coverage today in the U.S.  This does not mean that this people do not get any health care.  To the contrary, well over 10 million Americans get health care from Federally Qualified Health Centers (FQHCs), a significant proportion of which are people without health insurance.  In addition, there are a substantial number of other health care entities that provide health care to the uninsured at low or no cost, but are not yet federally qualified to do so.  FQHCs are funded by the federal government today, at a cost of about $2 billion.  We taxpayers pay for this.  We are subsidizing this care today.  Other entities that provide free or subsidized care do so through private grants, which some of us subsidize today through charitable donations, the United Way, or so forth.

Second, some have been claiming that health reform in the U.S. will just lead to a lot of people waiting around to get health care.  At least in Maryland, by law, emergency rooms are required to treat whoever shows up in them, whether the patient is having a cardiac arrest or just has the flu.  (See Md. Health-General Code Ann. 19-3a-02(b)(2)(vi) for freestanding emergency centers).  Because of this, there are a fair number of patients that present to the ER who are uninsured.  As an aside, economically speaking, emergency rooms tend to be loss leaders for the inpatient facilities to which they are attached.  What this means is that the ER’s costs are not fully borne by the ER revenue stream from patients and insurers; much of the cost is actually covered by the patients that the ER can admit to the main hospital after initial workup and treatment by the ER physician.  However, that also means that uninsured patients who present to the ER for a non-emergency health condition pass costs along to the main hospital which must be covered by inpatient operations, and by extension to those of us that are insured and go to that hospital.

For example, an uninsured patient that presents with the flu at the ER is treated and sent home.  They may pay little or nothing for the visit, but the visit actually costs $800.  The hospital covers this cost by charging a bit more for every patient who is actually admitted on a per day basis (or other costs that are charged in units).  Some admitted patients won’t be able to pay either, so those that can also end up paying a bit more to cover uninsured admitted patients and uninsured ER-only patients.  So if you have private insurance today, your rates are set in part based on the actual costs of providing health care to uninsured patients who can’t afford to pay on their own, because the hospital has to pass the costs of treating these patients to someone who can pay the hospital.

If health reform meant that everyone would now go to their local ER, regardless of what the condition or illness was, this would be a bad idea.  Any time that I have been to an emergency room, there is a queue; the waiting room is always full no matter the time or the season.  However, if health reform actually could redirect patients that do not have emergency health issues to an alternate resource that they could actually afford and would see them, this would help improve an existing “wait problem” for care today, while simultaneously reducing the actual costs borne by hospitals for non-emergent ER visits (which should mean that we can pay less per visit to the inpatient section of the hospital).

And speaking of waiting around – the truth is that even insured people tend to wait for health resources to be available under the current U.S. system of care delivery.  Many doctors have 3-6 week lead times for scheduling in advance, their schedules are crowded with overbooks and double books, they often run late because of inefficiencies with the schedule and with administrative tasks; in short, competent physicians usually have too much demand for their services.  This causes queuing.  Health reform may not really be able to address this problem head on.  Part of it is a technology issue; there could probably be developed a more sophisticated scheduling algorithm that would help to improve scheduling patients for care delivery, and allow for overflow to other providers, etc.  But part of the problem is insufficient health care delivery points on the map.  We apparently need more physicians to treat us.

Third, there are a fair number of U.S. personal bankruptcies each year (granting that the rates have been higher than normal this year because of the recession).  Lack of insurance and a large, unpaid medical bill are a primary cause of personal bankruptcies.  On the surface, if you haven’t filed bankruptcy yourself you might think that this has no effect on you.  But bankruptcy is a bad thing generally.  For one thing, the person who files for protection and has a $100,000 medical bill they have no hope of paying is injured because the cost to them for credit post-bankruptcy is considerably higher than pre-bankruptcy.  In addition, a bankruptcy will limit the person’s job opportunities, will probably prevent them from gaining security clearance for sensitive jobs in the government, and otherwise limits their economic productivity within the U.S. economy, all of which is bad for the economy and for all of us.

But, in addition, that bankrupt’s medical bills are very unlikely to be paid through the bankruptcy proceeding.  The hospital is likely an unsecured creditor, and they are at the end of the line with their hand out to the bankruptcy trustee.  That “bad debt” is a cost to the medical provider, who will pass it along to patients in the future that will pay for medical care in the form of slightly higher unit costs.

The more bankruptcy filings, the more unsecured creditors that aren’t made whole who are health care providers, the higher the costs of care for everybody else.  So again, us taxpayers are by and large the same people who actually end up paying the medical bills of the bankrupt, either out of our own pockets when we go to the hospital, or through higher health insurance premiums that our employers pass on to us each year, or through our taxes (think Medicaid and Medicare, both of which pay for inpatient stays, both of which are paid for by taxes, and both of which are billed at increasing rates by hospitals, in part to cover overall costs of providing care to patients without insurance who lead to bad debt for the hospital).

Fourth, there was this whole “death panels” claim about health reform, whereby the government was going to establish panels that would deny care to the elderly because they were too expensive.  Of course, this is silly.  If we were going to have such things, we would have a better name for them (maybe, “end of life decision making committee” or better yet “pull the plug on granny committee”, or something else that would be more catchy and might be more alliterative).  But, really, this is tied into the idea that the government, through health reform, would stop a person’s doctor from treating the patient appropriately, perhaps because of cost, or just because the government bureaucrat was a nasty person.  The whole matter is rather bizarre.

But, it also doesn’t speak to what goes on today.  For example, there are committees that determine the priority and qualifications for patients to receive replacement organs because there is a long line and a short supply of organs available.  Plenty of patients die each year for lack of an available replacement organ that was needed.  (See this article for 2008 statistics on this issue)  I don’t know that we call the committees “death panels,” but it is a classic example of a pre-existing queue that results in health care rationing.

Health insurance companies also make decisions about what they will pay for and what they will not.  As far as I know, health insurers don’t decide to pull the plug on the elderly per se, but health plans do make choices for their insured patients about what services the patients will pay for out of pocket (or not receive at all if too expensive for the patient), what drugs are on and off the formulary (you may have to take the generic version of a pill, even if you’d rather take the brand name, for example), along with a host of other choices made ultimately to reduce overall costs to the plan.  In our market system, I suppose you can change plans if you choose to, but because your health plan is often tied to your employer, that would usually mean changing jobs – which is not a very practical way to change your health plan.

So, this whole “death panels” thing is really about trying to “ration” care to patients so that more people get the basics, most likely at the expense of others that can pay for optional services.  I’m sure that isn’t very palatable to patients with the means to pay for their thirteenth tummy tuck, but this is also, more or less, the status quo.  Health care is rationed today by our insurers for most Americans.  If health reform led to a more rational way to provide basic health care to more Americans, it would be the right thing.

And here is the other side to this: let’s say that we did institute a governmental body that would “ration” care.  Such an entity is governed directly by the U.S. constitution and federal law.  Do you really think that such a group would implement the “no life support for patients over 75” rule?  Really?

To summarize, the U.S. spends about 16% of GDP on health care, which is substantially more than most other places in the world.  Approximately $2.4 trillion (that is trillion with a “t”) is spent each year on this, or the total economic output of Italy.  And ultimately, this money comes out of the pockets of those who can actually afford to pay for health care.  By design, that means that those who can’t afford health care are being subsidized today by those that can.  The challenge for health reform is to do a better job at cost redistribution than our present system, either by spreading out costs over a much larger pool (such as all 300 million Americans, rather than over the much smaller pools of employer-sponsored health plans today), increasing efficient delivery of health care (through technology that saves time or increases accuracy and reduces risk of harm), and/or perhaps encouraging more supply of health care  providers to help meet the existing demand for services.

We’ll see what happens.  Stay tuned for developments.

Reducing Health Care Inefficiencies

Can Health IT save us from ourselves?  See the Yahoo Article on another assessment of health care spending in the U.S. and how much money is wasted in service delivery costs.  According to this article, about 1/2 of the spending of the U.S. on health care is wasted in inefficient use of resources.  Now, if you read the article, you will note that the top 8 items on their list only add up to about $600 billion, where the claim is that $1.2 trillion is lost (and you would think that a bunch of accountants could add, so maybe the journalists misread the fine print on the analysis), but even if you accept that much as the cost of inefficiency, that is more than it costs for the Medicare program in the U.S.

One of the big items on the list is inefficiencies with insurers who “magically deny” claims or otherwise require far too much in order for a provider to get paid appropriately.  I find it interesting that this remains on the list of problems.  In 1996, HIPAA was originally passed by Congress.  Part of HIPAA was to mandate that, through regulation, standards be developed for the electronic transfer of information between insurers and providers of health care, including claims.  The regulations eventually required that all or substantially all providers be able to submit claims electronically, which, one would expect, would be more efficient than the manual processing of paper claim forms.

So, if the auditors suggest that we still are wasting $200 billion per year on inefficient data exchanges with insurers, perhaps this deserves more focus.

Getting paid by insurers happens at the end of the process of service delivery to patients by providers.  At the beginning, patients present to the doctor’s office with a problem, see a Medical Assistant or Nurse for preliminary weights and measures (like blood pressure and weight, etc.), see the physician, CRNP or physician’s assistant, who may then refer the patient to another provider, write a prescription, make other suggestions to the patient, require that the patient get lab work to rule out certain causes, and so on.  At the conclusion of the visit, the physician will document, diagnose, and generate a financial transaction that must be processed and submitted to an insurer for payment.

The patient then will see other providers, the lab, the pharmacy, and perhaps come back for a follow-up visit with the physician.  All of the steps in the process involve data transfer between several information systems, often housed in several different facilities, with different standards and different purposes.  A key for a physician to get paid at all is to have accurate insurance information about the patient.  Surprisingly, patients are not necessarily the best source of this information.  However, insurers are apparently no better at knowing this on average.  Otherwise, it would follow that we would already have regional databases or a national database of eligibility data available for all providers.  I assert this because the standards for eligibility data have been around for a fair amount of time in the form of the ANSI X12 standard, but still there is a fair amount of lost dollars in the claims processing area of health care.

Perhaps this is so because providers want to get paid but insurers don’t have a good reason to pay them.  Insurers do benefit from holding onto capital to accrue interest on it.  The longer an insurer can do this, the more interest on the investment they collect, which goes straight to their bottom line.  ARRA’s incentive system requires that physicians meaningfully use health IT and participate in some form of a health information exchange.  But there is no comparable set of incentives for insurers to participate in HIE’s, or to incentive providers.

For example, this could be achieved by insurers preferring providers with health IT in place compared to those that don’t.  Another example would be for insurers to pay incentives to providers for a higher degree of clinical outcomes (only possible if the providers can produce useful and independently verifiable data such as lab information, which is really only possible through the use of an HIE).  The market may figure this out on its own, but I honestly doubt it.  Perhaps the feds will pick up on this market failure and intervene to start improving efficiencies in this area in either health reform now or in ARRA part II in the next several years.