-
Medical Bill Shock and Imperfect Moral Hazard
Authors:
Alex Hoagland,
David M. Anderson,
Ed Zhu
Abstract:
Consumers are sensitive to medical prices when consuming care, but delays in price information may distort moral hazard. We study how medical bills affect household spillover spending following utilization, leveraging variation in insurer claim processing times. Households increase spending by 22\% after a scheduled service, but then reduce spending by 11\% after the bill arrives. Observed bill ef…
▽ More
Consumers are sensitive to medical prices when consuming care, but delays in price information may distort moral hazard. We study how medical bills affect household spillover spending following utilization, leveraging variation in insurer claim processing times. Households increase spending by 22\% after a scheduled service, but then reduce spending by 11\% after the bill arrives. Observed bill effects are consistent with resolving price uncertainty; bill effects are strongest when pricing information is particularly salient. A model of demand for healthcare with delayed pricing information suggests households misperceive pricing signals prior to bills, and that correcting these perceptions reduce average (median) spending by 16\% (7\%) annually.
△ Less
Submitted 4 March, 2024; v1 submitted 2 November, 2022;
originally announced November 2022.
-
Specifying and Implementing Security Policies Using LaSCO, the Language for Security Constraints on Objects
Authors:
James A. Hoagland
Abstract:
In this dissertation, we present LaSCO, the Language for Security Constraints on Objects, a new approach to expressing security policies using policy graphs and present a method for enforcing policies so expressed. Other approaches for stating security policies fall short of what is desirable with respect to either policy clarity, executability, or the precision with which a policy may be expres…
▽ More
In this dissertation, we present LaSCO, the Language for Security Constraints on Objects, a new approach to expressing security policies using policy graphs and present a method for enforcing policies so expressed. Other approaches for stating security policies fall short of what is desirable with respect to either policy clarity, executability, or the precision with which a policy may be expressed. However, LaSCO is designed to have those three desirable properties of a security policy language as well as: relevance for many different systems, statement of policies at an appropriate level of detail, user friendliness for both casual and expert users, and amenability to formal reasoning. In LaSCO, the constraints of a policy are stated as directed graphs annotated with expressions describing the situation under which the policy applies and what the requirement is. LaSCO may be used for such diverse applications as executing programs, file systems, operating systems, distributed systems, and networks.
Formal operational semantics have been defined for LaSCO. An architecture for implementing LaSCO on any system, is presented along with an implementation of the system-independent portion in Perl. Using this, we have implemented LaSCO for Java programs, preventing Java programs from violating policy. A GUI to facilitate writing policies is provided. We have studied applying LaSCO to a network as viewed by GrIDS, a distributed intrusion detection system for large networks, and propose a design. We conclude that LaSCO has characteristics that enable its use on different types of systems throughout the process of precisely expressing a policy, understanding the implications of a policy, and implementing it on a system.
△ Less
Submitted 15 March, 2000;
originally announced March 2000.
-
Security Policy Specification Using a Graphical Approach
Authors:
James A. Hoagland,
Raju Pandey,
Karl N. Levitt
Abstract:
A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enfo…
▽ More
A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enforcement of the policy, e.g., using wrappers around legacy systems or after the fact with an intrusion detection system, and (3) other formal manipulation of policies, e.g., the composition of policies. We present LaSCO, the Language for Security Constraints on Objects, in which a policy consists of two parts: the domain (assumptions about the system) and the requirement (what is allowed assuming the domain is satisfied). Thus policies defined in LaSCO have the appearance of conditional access control statements. LaSCO policies are specified as expressions in logic and as directed graphs, giving a visual view of policy. LaSCO has a simple semantics in first order logic (which we provide), thus permitting policies we write, even for complex policies, to be very perspicuous. LaSCO has syntax to express many of the situations we have found to be useful on policies or, more interesting, the composition of policies. LaSCO has an object-oriented structure, permitting it to be useful to describe policies on the objects and methods of an application written in an object-oriented language, in addition to the traditional policies on operating system objects. A LaSCO specification can be automatically translated into executable code that checks an invocation of a program with respect to a policy. The implementation of LaSCO is in Java, and generates wrappers to check Java programs with respect to a policy.
△ Less
Submitted 30 September, 1998;
originally announced September 1998.
