If you were a surgeon, would you contract work with an assistant surgeon who is an out-of-network provider and whose costs are not contained by local insurance companies?

The surprise charges can be especially significant because, as in Mr. Drier’s case, they may involve out-of-network providers who bill 20 to 40 times the usual local rates and often collect the full amount, or a substantial portion.

Before his three-hour neck surgery for herniated disks in December, Peter Drier, 37, signed a pile of consent forms. A bank technology manager who had researched his insurance coverage, Mr. Drier was prepared when the bills started arriving: $56,000 from Lenox Hill Hospital in Manhattan, $4,300 from the anesthesiologist and even $133,000 from his orthopedist, who he knew would accept a fraction of that fee.

He was blindsided, though, by a bill of about $117,000 from an “assistant surgeon,” a Queens-based neurosurgeon whom Mr. Drier did not recall meeting.

“I thought I understood the risks,” Mr. Drier, who lives in New York City, said later. “But this was just so wrong — I had no choice and no negotiating power.”

In operating rooms and on hospital wards across the country, physicians and other health providers typically help one another in patient care. But in an increasingly common practice that some medical experts call drive-by doctoring, assistants, consultants and other hospital employees are charging patients or their insurers hefty fees. They may be called in when the need for them is questionable. And patients usually do not realize they have been involved or are charging until the bill arrives.

The practice increases revenue for physicians and other health care workers at a time when insurers are cutting down reimbursement for many services. The surprise charges can be especially significant because, as in Mr. Drier’s case, they may involve out-of-network providers who bill 20 to 40 times the usual local rates and often collect the full amount, or a substantial portion.

“The notion is you can make end runs around price controls by increasing the number of things you do and bill for,” said Dr. Darshak Sanghavi, a health policy expert at the Brookings Institution until recently. This contributes to the nation’s $2.8 trillion in annual health costs.

Insurers, saying the surprise charges have proliferated, have filed lawsuits challenging them. In recent years, unexpected out-of-network charges have become the top complaint to the New York State agency that regulates insurance companies. Multiple state health insurance commissioners have tried to limit patients’ liability, but lobbying by the health care industry sometimes stymies their efforts.

“This has gotten really bad, and it’s wrong,” said James J. Donelon, the Republican insurance commissioner of Louisiana. “But when you try to address it as a policy maker, you run into a hornet’s nest of financial interests.”

In Mr. Drier’s case, the primary surgeon, Dr. Nathaniel L. Tindel, had said he would accept a negotiated fee determined through Mr. Drier’s insurance company, which ended up being about $6,200. (Mr. Drier had to pay $3,000 of that to meet his deductible.) But the assistant, Dr. Harrison T. Mu, was out of network and sent the $117,000 bill. Insurance experts say surgeons and assistants sometimes share proceeds from operations, but Dr. Tindel’s office says he and Dr. Mu do not. Dr. Mu’s office did not respond to requests for comment.

The phenomenon can take many forms. In some instances, a patient may be lying on a gurney in the emergency room or in a hospital bed, unaware that all of the people in white coats or scrubs who turn up at the bedside will charge for their services. At times, a fully trained physician is called in when a resident or a nurse, who would not charge, would have sufficed. Services that were once included in the daily hospital rate are now often provided by contractors, and even many emergency rooms are staffed by out-of-network physicians who bill separately.

Patricia Kaufman’s bills after a recent back operation at a Long Island hospital were rife with such charges, said her husband, Alan, who spent days sorting them out. Two plastic surgeons billed more than $250,000 to sew up the incision, a task done by a resident during previous operations for Ms. Kaufman’s chronic neurological condition.

In the days after the operation, “a parade of doctors came by saying, ‘How are you,’ and they could be out of network or in network,” Mr. Kaufman said. “And then you get their bills. Who called them? Who are they?”

Doctors’ offices often pursue patients for payment. Ms. Kaufman’s insurer paid about $10,000 to the plastic surgeons, who then sent a bill for the remainder. The couple, of Highland Park, N.J., refused to pay.

When insurers intervene in a particular case, they say they have limited ability to fight back. Insurance examiners “are not in the room on the day of surgery to see the second surgeon walk into the room or why they were needed,” said Clare Krusing, a spokeswoman for America’s Health Insurance Plans, an industry group. And current laws do not require hospitals that join an insurance network to provide in-network doctors, labs or X-rays, for example.

So sometimes insurers just pay — to protect their customers, they say — which encourages the practice. When Mr. Drier complained to his insurer, Anthem Blue Cross Blue Shield, that he should not have to pay the out-of-network assistant surgeon, Anthem agreed it was not his responsibility. Instead, the company cut a check to Dr. Mu for $116,862, the full amount.

Unexpected Fees

When Mr. Drier agreed to surgery in December, he was not in a good position to bargain or shop around. Several weeks earlier, he had woken up to excruciating pain in his upper back and numbness and weakness in two fingers of his left hand, which persisted. A scan showed that one of the disks that normally serve as cushions between vertebrae was herniated and pushing on a nerve. With a busy job and social life, he was living on painkillers.

The rate of spinal surgery in the United States is about twice that in Europe and Canada, and five times that in Britain, said Dr. Richard A. Deyo of Oregon Health and Science University, who studies international comparisons. Studies are limited but have generally concluded that after two years, patients who have surgery for disk problems do no better than those treated with painkillers and physical therapy — although the pain, which can be debilitating, resolves far more rapidly with surgery.

The United States has more neurosurgeons per capita than almost any other developed country, and they compete with orthopedists for spinal surgery. At the same time, Medicare and private insurers have reduced payments to surgeons. The average base salary for neurosurgeons decreased to $590,000 in 2014 from $630,000 in 2010, according to Merritt Hawkins, a physician staffing firm.

To counter that trend, some spinal surgeons have turned to consultants — including a Long Island company called Business Dynamics RCM and a subsidiary, the Business of Spine — that offer advice on how to increase revenue through “innovative” coding, claim generation and collection services.

Some strategies used by surgeons, including billing large amounts for a second surgeon in the room or declaring an operation an emergency, raise serious questions. The indications for immediate spinal surgery, such as loss of bladder function or rapidly progressive paralysis, are rare. But insurers are more likely to reimburse a hospital or surgeon with whom they do not have a contract if a case is labeled an emergency.


What would you do if you were on the Home Depot credit card security team and managers failed to take any of your warnings seriously?

The risks were clear to computer experts inside Home Depot: The home improvement chain, they warned for years, might be easy prey for hackers.

But despite alarms as far back as 2008, Home Depot was slow to raise its defenses, according to former employees. On Thursday, the company confirmed what many had feared: The biggest data breach in retailing history had compromised 56 million of its customers’ credit cards. The data has popped up on black markets and, by one estimate, could be used to make $3 billion in illegal purchases.

Yet long before the attack came to light this month, Home Depot’s handling of its computer security was a record of missteps, the former employees said. Interviews with former members of the company’s cybersecurity team — who spoke on the condition they not be named, because they still work in the industry — suggest the company was slow to respond to early threats and only belatedly took action.

In recent years, Home Depot relied on outdated software to protect its network and scanned systems that handled customer information irregularly, those people said. Some members of its security team left as managers dismissed their concerns. Others wondered how Home Depot met industry standards for protecting customer data. One went so far as to warn friends to use cash, rather than credit cards, at the company’s stores.

Then, in 2012, Home Depot hired a computer engineer to help oversee security at its 2,200 stores. But this year, as hacks struck other retailers, that engineer was sentenced to four years in prison for deliberately disabling computers at the company where he previously worked.

Company officials said the malware used against Home Depot had not been seen before and would have been difficult to detect. Home Depot said on Thursday that it had patched any holes and that it is now safe for customers to shop there.

Any card used there between April and Sept. 2 might be vulnerable to being used fraudulently. Stephen Holmes, a Home Depot spokesman, said the company improved its security this year by encrypting register systems and switching to a new smart-chip-based payment standard in all stores.

“Our guiding principle is to do what’s right by our customers,” Mr. Holmes said. The company maintains “robust security systems,” he said.

Thefts like the one that hit Home Depot — and an ever-growing list of merchants including Albertsons, UPS, Goodwill Industries and Neiman Marcus — are the “new normal,” according to security experts. These people say retailers have not only been complacent about security, they have also been reluctant to share information with one another.

Government officials estimate that as many as 1,000 retailers have been infiltrated by variations of the malware that first struck another big retailer, Target, late last year, and then Home Depot this year. They say many companies do not even know they have been breached.

“This is happening to so many companies now, it is getting hard to keep track,” said Paul Kocher, the founder and chief scientist at the Cryptography Research division of Rambus.

Still, security experts were flabbergasted that Home Depot, one of the world’s largest retailers, was caught so flat-footed after the breach at Target, which resulted in the theft of data on more than 40 million cards before the holiday season.

After the Target theft, Home Depot’s chief executive, Frank Blake, assembled a team to determine how to protect the company’s network from a similar attack, said one person briefed on the project. In January, Home Depot brought experts in from Voltage Security, a data security company in California, these people said. By April, the company started introducing in some of its stores enhanced encryption that scrambled payment information the moment a card was swiped.

But criminals were already deep in Home Depot’s systems. By the time the company learned on Sept. 2 from banks and law enforcement that it had been breached, hackers had been stealing millions of customers’ card information, unnoticed for months. The rollout of the company’s new encryption was not completed until last week.

The retail industry is rushing to respond by forming threat-sharing associations — Home Depot was a founding member of one such group created earlier this year — and adopting new encryption and payment system they hope will thwart hackers.

But getting those efforts up and running could take months.

Several people who have worked in Home Depot’s security group in recent years said managers failed to take such threats as seriously as they should have. They said managers relied on outdated Symantec antivirus software from 2007 and did not continuously monitor the network for unusual behavior, such as a strange server talking to its checkout registers.

Also, the company performed vulnerability scans irregularly on the dozen or so computer systems inside its stores and often scanned only a small number of stores. Credit card industry security rules require large retailers like Home Depot to conduct such scans at least once a quarter, using technologies approved by the Payment Card Industry Security Standards Council, which develops technical requirements for its members’ data security programs. The P.C.I. Council requires that approved, third-party quality security assessors perform routine tests to ensure that merchants are compliant.

And yet, two former employees said, while Home Depot data centers in Austin, Tex., and Atlanta were scanned, more than a dozen systems handling customer information were not assessed and were off limits to much of the security staff. A spokeswoman for the P.C.I. Council in Wakefield, Mass., declined to comment on Home Depot specifically.

“Scanning is the easiest part of compliance,” said Avivah Litan, a cybersecurity analyst at Gartner, a research firm. “There are a lot of services that do this. They hardly cost any money. And they can be run cheaply from the cloud.”

Home Depot said the industry standards included an exception from scanning store systems that are separated from larger corporate networks, and it said the company had complied with P.C.I. standards since 2009.

In 2012, Home Depot hired Ricky Joe Mitchell, a security engineer, who was swiftly promoted under Jeff Mitchell, a senior director of information technology security, to a job in which he oversaw security systems at Home Depot’s stores. (The men are not related.)

But Ricky Joe Mitchell did not last long at Home Depot. Before joining the company, he was fired by EnerVest Operating, an oil and gas company, and, before he left, he disabled EnerVest’s computers for a month. He was sentenced to four years in federal prison in April.

Several former Home Depot employees said they were not surprised the company had been hacked. They said that over the years, when they sought new software and training, managers came back with the same response: “We sell hammers.”

What would you do if you were a Forest Service Employee and observed a woman being sexually harassed or verbally taunted? If a manager, how do you change the “frat boy” culture?

Current and former female firefighters of the United States Forest Service have filed a complaint with the Department of Agriculture alleging that they suffered job discrimination, harassment and sexual abuse at the hands of male co-workers and that top agency officials failed to stop it.

The women said the complaint, the first step in a potential class-action lawsuit, was filed late last month on behalf of hundreds of women who worked in the Forest Service’s Region 5, which encompasses more than 20 million acres in 18 national forests in California. The seven women who are the lead complainants said they faced retaliation when they reported the offenses to superiors.

The complaint was the latest in a number of race and gender disputes in the Agriculture Department, the parent agency of the Forest Service. In recent years the department has settled a class-action suit brought by Native American farmers, offered payments to Hispanic and female farmers who alleged discrimination and approved a $1.15 billion settlement with black farmers, decades after the farmers said that they were denied loans and subject to racial discrimination in agriculture programs.

In response to the firefighters, a Forest Service official said the agency would review the complaint and was focused on correcting any problems. “The Forest Service takes these and all allegations of civil rights violations very seriously and is committed to providing a work environment that is free of harassment and discrimination,” said Lenise Lago, the Forest Service’s deputy chief of business operations.

But advocates for past complainants said problems remain.

“There is something about the culture at the agency, maybe because so many of its programs are in rural areas, where most of the offices are staffed by white men who think this is acceptable behavior,” said John Boyd, a Virginia farmer and president of the National Black Farmers Association, who led the fight for black farmer compensation. “The Obama administration has tried its best to deal with this issue, but it’s entrenched because the bureaucrats outlast administrations.”

One of the current complainants, Alicia Dabney, a former firefighter in the Sequoia National Forest in Centerville, Calif., said in an interview that she was the subject of repeated verbal abuse and physical taunts. “It was a frat boy atmosphere,” said Ms. Dabney, who was usually the only woman on her 20-person crew. “You are often isolated because where you work is so remote.”

Ms. Dabney said that her supervisor, who is still employed by the Forest Service, put her in a chokehold and tried to rape her in 2012. In another instance, she said, fliers with the words “Alicia Dabney is a whore” were left on the floor of the fire station.

She said that after she reported the harassment, the Forest Service fired her in 2012, citing what her superiors said was her failure to disclose her past criminal record on her job application. Ms. Dabney said that the agency had long known about her record and that “this was dredged up after I complained.”

Darlene Hall, another complainant, who is a still a Forest Service firefighter, said that she had been subjected to abusive language from some of the men she supervised. “I had one instance where a man who worked under me came into my office and just started cursing at me,” she said. “He was threatening, and I was afraid because you’re out there alone.” Ms. Hall said that she reported the incident to supervisors but that nothing was done and she was denied promotions as a result.

Asked to respond to the allegations of Ms. Dabney and Ms. Hall, the Forest Service said that it was reviewing their complaints.

Agency officials acknowledged that there had been past discrimination problems in Region 5 but said they had eased in recent years. Discrimination findings fell from 12 last year to one so far this year, they said.

The current gender discrimination complaint is similar to ones filed in the 1970s and 1990s by female workers in Region 5 who said they were denied promotions and harassed by male co-workers. As part of the settlements stemming from those complaints, the Agriculture Department required the Forest Service in California to hire more women and to put in place civil rights enforcement programs, sensitivity training and a unit to investigate and resolve sexual harassment and hostile environment claims.

According to the agency, women now represent about 12 percent of the fire service in Region 5 and nearly 24 percent of the fire leadership positions. Four of nine regional fire directors are women, including the director for Region 5.

The complaint filed with the Agriculture Department is the first step in what could be a long process. The department has 180 days to investigate and potentially settle the claim, but if there is no resolution it will go to the Equal Employment Opportunity Commission for another investigation and potential settlement. If there is no resolution at the commission, the complaint could go to federal court.

If you owned a trucking business, would you employ a trucker who fulfilled all of the federal regulations for becoming a truck driver, which is 10 hours of classroom learning and no truck driving experience? What if the job applicant also took a written test and a brief drive with a truck around a closed area, is that sufficient to hire him or her?

Despite being ordered twice by Congress to come up with training requirements for commercial truck drivers, the Transportation Department has yet to do so, leaving Americans sharing the road with big-rig operators who spend only 10 hours in a classroom before hitting the highways.

On Thursday, a group of safety advocates and the Teamsters union sued the Federal Motor Carrier Safety Administration in federal court, saying the agency had dragged its feet on the long-overdue rules, breaking deadlines since 1993, most recently last year.

“There’s just no excuse anymore,” said Henry Jasny, general counsel at Advocates for Highway and Auto Safety, one of the groups filing suit. “This should be basic stuff. People are dying because of the lack of training out there.”

While overall automobile fatalities in the United States have been down in recent years, deaths and injuries involving large trucks have been rising. Fatalities were up 4 percent in 2012, and injuries by 18 percent, for a total of about 4,000 deaths and roughly 70,000 injuries. According to Transportation Department data, an additional 200,000 accidents with large trucks caused damage but no injuries.

Mr. Jasny said new drivers spend barely more than a day in the classroom for training after they complete the relatively simple process of getting a commercial driver’s license.

“They pass a written test, drive a truck around the parking lot for 10 minutes to get their C.D.L. and they’re basically able to go out,” he said. “That’s just not acceptable.”

In a statement Thursday, the Federal Motor Carrier Safety Administration said that “safety is our top priority” and that the agency was engaging in a collaborative process designed to “implement entry-level driver training that includes behind-the-wheel instruction for operating large trucks and buses.”

In 2012, Congress passed its most recent safety legislation, known as MAP-21, and lawmakers originally ordered the Transportation Department to come up with standards in 1993.

When a decade later the agency instituted only a 10-hour classroom requirement, critics took notice and a federal court ruled the standard inadequate. But despite widespread industry acquiescence to stricter requirements — most national trucking companies already offer more extensive training — the rules have never been updated.

The lawsuit accuses the safety agency of ignoring congressional mandates and the recent 2013 deadline.

“Enough is enough,” said Adina Rosenbaum, a lawyer for Public Citizen, which is among the groups filing the lawsuit. “Twenty years, two lawsuits and two congressional mandates have not been successful at prodding the D.O.T. into issuing the entry-level driver training rule. The court should step in and order the agency to act.”

Truck drivers can obtain a nationwide commercial driver’s license through their home state. That generally requires a written test and brief drive around a closed area, similar to the process of getting a regular driver’s license.

While many national trucking companies train new drivers for several weeks, using a combination of classes and driving with a senior operator, the federal requirements still call for only 10 hours, none on the road.

“It’s the fly-by-night schools, the diploma mills that we’re really worried about,” Mr. Jasny said. “Independent drivers, where they take a quick training course and suddenly they’re driving next to you in an 80,000-pound truck.”