Skip to content Skip to navigation

Washington Debrief: CMS Rethinking ICD-10 Approach

April 28, 2014
by Jeff Smith, Senior Director of Federal Affairs
| Reprints
Jeff Smith, Senior Director of Federal Affairs

Cyber-Experts put Healthcare Sector 'On Notice'

Key Takeaway: Mock cyber attacks have revealed insufficient capacity to share information among healthcare organizations, the government and cybersecurity officials. And the Federal Bureau of Investigation (FBI) is warning providers of increased likelihood of targeted attacks.

Why it Matters: Federal and private sector efforts are underway to help the healthcare sector manage targeted cyber attacks. If the private sector fails to coordinate and share information on cyber incidents, federal action – specifically, legislation and regulation – are likely in the near future.

According to a private notice being circulated by the FBI, “The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors; therefore the possibility of increased cyber intrusions is likely.” This comes amid the public release of results from a mock cyber-attack exercise conducted by HHS and the Health Information Trust Alliance (HITRUST), revealing poor communication and information sharing protocols among, and within, healthcare organizations. The mock cyber attack simulated attacks on information technology systems, medical devices and communications systems in several healthcare organizations and on HHS information systems. The exercise revealed that:

  • Organizations that participate in cybersecurity exercises are more prepared for a cyber attack.
  • An organization's preparedness benefits from improved threat intelligence process capabilities and increased engagement with other healthcare organizations.
  • Organizations need greater freedom to communicate and collaborate during a cyber attack.
  • Incident response coordination and collaboration capabilities are crucial.

Further, officials at HITRUST said the federal voluntary cybersecurity framework is insufficient “to support healthcare organizations in the current cyber threat landscape.”

Medical Errors a Significant Cause of Death; IT Prevention Role Identified

Key Takeaway: A report compiled by Senator Barbara Boxer (D-Calif.) suggests that from 210,000 to 440,000 Americans die annually from medical errors and other preventable harm at hospitals.

Why it Matters: The report list six recommendations, one of which asks federal regulators to incorporate a standard way of reporting medical errors in Stage 3 Meaningful Use and to bolster development of clinical quality measures to better track error reduction efforts.

According to a new report from Sen. Boxer’s office, hospital-related errors and other preventable harm trail only cancer and heart disease as a leading cause of death in the United States. The Senator’s office surveyed nearly 150 hospitals in California and found that most hospitals have identified and are addressing the most common medical errors. The report also found that hospitals are “pursuing unique approaches to preventing” common errors, some of which are highlighted in the report. Six major recommendations in the report suggest that: