Skip to content Skip to navigation

Washington Debrief: HHS Cybersecurity Task Force Has Another In-Person Meeting

July 25, 2016
by Leslie Kriegstein, Interim Vice President of Public Policy, CHIME
| Reprints


HHS Cybersecurity Task Force Has Second In-Person Meeting

Key Takeaway: The healthcare industry cybersecurity task force mandated by the Cybersecurity Information Sharing Act of 2015 held its second in-person meeting last week.

Why it Matters: The cross-industry task force, which includes two CHIME board members, Theresa Meadows, senior vice president and chief information officer at Cook Children's Health Care System (the task force's co-chair) and David Finn, health information technology officer at Symantec Corp., has a directive to prepare recommendations for improving the cybersecurity across the healthcare sector including analyzing barriers private entities face in securing themselves from cyber-attacks, providing HHS with information to disseminate to the healthcare industry stakeholders of all size, and establishing a plan to cyber threat sharing between the federal government and the industry.

The next in-person meetings will be in October and December. After the task force has completed their analysis, they must submit a report to Congress, which they expect to occur next March. The task force will also provide guidance to HHS, who must distribute the recommendations to the healthcare industry to improve their preparedness and response to cybersecurity threats.

New HIPAA Report Examines Gaps in Oversight

Key Takeaway: HHS published new report to Congress on privacy and security, examining the Health Insurance Portability and Accountability Act (HIPAA) through the lens of non-traditional data generation and sharing such as through social media.

Why it Matters: Concerns around securing patient information continue to swirl when that information is not protected under the Health Insurance Portability and Accountability Act (HIPAA).  HHS recently published a report, “Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA,” which examines these issues. As the proliferation of mobile health increases and more consumer use aps and share information over social media. The report focuses on, “gaps in oversight between HIPAA-covered entities that collect health data from individuals and those that are not regulated by HIPAA.”  The report finds that the lack of understanding around the rules governing protecting patient information can hinder the growth and development of products that could improve patient health.

Quality Measurement

Rural Health Caucus Calls for Better Quality Measurement

Key Takeaway: Members of the Senate Rural Health Caucus, called on the Centers for Medicare and Medicaid Services (CMS) to make quality reporting programs more applicable for rural and low-volume providers.

Why It Matters: Concerns about the burden and value of the volume of federally-mandated quality reporting programs have grown louder and Congress has taken note. The members of the Senate Rural Health Caucus, requested CMS explore measures that can be leverage by rural and low-volume providers, as existing measures either warrant exclusions or are inaccurate for the services provided by such providers.

In the July 14 letter, the bipartisan group, including Senators Al Franken (D-MN), Pat Roberts (R-KS), Heidi Heitkamp (D-ND), John Barrasso (R-WY), called on CMS to:

  • Identify a set of best-available measures to address the needs of the rural population and its healthcare providers for use in the various CMS rural health programs;
  • Identify and prioritize rural-relevant gaps in measurement for this population;
  • Offer recommendations regarding alignment and coordination of measurements efforts across programs and sectors, with the goals of accelerating improvement, informing consumer choice, enhancing system efficiency, reducing provider data collection burden, and enabling value-based purchasing; and,
  • Address specific measurement topics relevant to this population, including low patient volume, appropriate risk-adjustment, access to care, and population health