DeSalvo, Reider Announce Departures from ONC
Key Takeaway: National Coordinator Karen DeSalvo, M.D. and Deputy National Coordinator Jacob Reider, M.D. join the growing ranks of leaders who have recently departed from the Office of the National Coordinator of Health IT (ONC).
Why it Matters: Since passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act, the ONC has been the nation’s chief health IT strategist and primary health IT cheerleader. With the loss of several top officials at ONC, questions over its future, its funding and its role in coordinating health IT policy are circling in the nation’s capitol.
Health IT leaders were shocked last week to learn the top two health IT officials from the Obama administration are leaving their posts. Late Thursday afternoon, Dr. DeSalvo announced to staff her “immediate” reassignment to the Office of the Assistant Secretary for Health to help manage the national response to Ebola. While many health IT leaders identified DeSalvo’s experience with disaster response and preparedness – citing her work during and after Hurricane Katrina – few could say why she was tapped for the job. It also remained unclear whether DeSalvo would return to her post as National Coordinator.
DeSalvo is leaving the office at a critical time, with MU attestation numbers below historic levels, and big policy priorities related to interoperability and Stage 3 yet to be finalized. So far, fewer than 10 percent of hospitals scheduled to meet Stage 2 meaningful use have done so in 2014; physicians are in their last reporting period, but fewer than 2 percent have met that goal this year. With the development of an interoperability and patient safety center roadmap still in the beginning stages, it remains unclear what impact the loss of leadership will have.
Shortly after DeSalvo’s announcement, Deputy National Coordinator Jacob Reider circulated an email to ONC staff announcing his departure from ONC. In the last six months, ONC has lost Chief Privacy Officer Joy Pritts, Chief Science Officer Doug Fridsma, Chief Nursing Officer Judy Murphy and Director of the Office of Consumer eHealth Lygeia Riccardi.
Federal Government Eyes Cybersecurity Policy, Sets Stage for 2015
Key Takeaway: Several federal agencies, including the Department of Homeland Security (DHS) the Food & Drug Administration (FDA) and Department of Justice (DoJ) are actively investigating potential cybersecurity vulnerabilities with medical devices or pursuing policy discussions related to cybersecurity in healthcare.
Why It Matters: Administrative agencies and federal lawmakers are beginning to get serious about cybersecurity, all but ensuring that regulations or legislation will be enacted next year. While legislation and agency action has been more preparatory to date, healthcare organizations would be well-advised to ensure that senior leadership prioritize cybersecurity, or else face the prospects of regulations requiring action in the near future.
Federal regulators are either actively pursuing cybersecurity investigations related to medical devices or trying to better understand the landscape of cybersecurity in healthcare. During the first part of last week, CHIME and AEHIS participated in an FDA workshop focused on the challenges and solutions of cybersecurity in healthcare. Members of medical device manufacturers, hospital chief security officers, security experts and government officials agreed that healthcare needs to be doing more to combat and respond to cyber-threats; however, it became clear that different stakeholders view the challenge – and therefore the solutions – differently. Healthcare providers focused on the need to have more cybersecurity “baked” into devices and more support from manufacturers. They also highlighted a need to have better cybersecurity “hygiene” internally by taking basic steps to bolster their resiliency, such as making sure that network devices are not also available through unsecured public wireless networks. Meanwhile, device manufacturers said the government needs to provide a space for competitors to share information on vulnerabilities. While both groups admitted there is an element of “shared responsibility,” delineating which party has more or less responsibility for cybersecurity was a more difficult aspect of the conversation.
The FDA recently published medical device cybersecurity guidance and is looking to leverage NIST’s Cybersecurity Framework to help healthcare organizations prepare for and mitigate the impact of cyber attacks.