Skip to content Skip to navigation

Washington Debrief: More Cyber Attacks Forthcoming, Warns OCR

September 29, 2014
by Jeff Smith, Vice President of Public Policy at CHIME
| Reprints
Jeff Smith, Vice President of Public Policy at CHIME

Top News

Cyber Security Gets Spotlight during Washington Summit, Agencies Plan Next Steps

Key Takeaway:  Federal officials in the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) last week expressed their expectations that the healthcare sector will endure increased cyber attacks in the coming year.  Meanwhile, officials at the FDA announced a new partnership with a Department of Homeland Security-supported organization and separately announced plans to hold a summit on device cybersecurity in October.

Why it Matters:  The increased volume of conversation concerning cyber security from officials in the healthcare sector indicates raised visibility by Health Insurance Portability and Accountability Act (HIPAA) enforcers, which are expected to lead to more audits and more penalties for non-compliance.

A joint summit held by the HHS OCR and the National Institute of Standards and Technology (NIST) revealed that federal officials believe cyber attacks in the healthcare sector will rise in the coming year.  Officials pointed to the need for covered entities to perform regular HIPAA security audits of their health IT systems, indicating plans for increased scrutiny of provider security practices.

In related news the Food and Drug Administration (FDA) signed a memorandum of understanding (MOU) between its Center for Devices and Radiological Health and the National Health Information Sharing & Analysis Center (NH-ISAC), a nonprofit dedicated to security intelligence and information sharing.  The MOU would help the two identify and mitigate cyber security threats to medical devices. “The parties intend to work together to establish how stakeholders can interface with FDA regarding medical device or health care cyber security vulnerability information-sharing,” the memo states. “This collaboration will help inform a common understanding of that risk threshold upon which exploit of a vulnerability might impact on patient safety and/or public health.”

Separately, the FDA announced  a two-day workshop October 21 and 22 to gather input from the health community regarding the cyber security of medical devices.  The workshop seeks to “catalyze collaboration among all healthcare and public health stakeholders…to identify barriers to promoting cooperation; discuss innovative strategies to address challenges that may jeopardize critical infrastructure; and enable proactive development of analytical tools, processes, and best practices by the stakeholder community to strengthen medical device cyber security.  Interested individuals should register for the event here.

Legislation & Politics

ACO Bill Would Increase Telemedicine Coverage

Key Takeaway: Reps. Diane Black (R-TN) and Peter Welch (D-VT) introduced the Accountable Care Organization ACO) Improvement Act of 2014, HR 5558 (, last week to expand ACO coverage for remote patient monitoring and store and forward image sharing technologies with the goal of improving care coordination.

Why It Matters: Rep. Diane Black, a nurse for over 40 years, has become a champion of health IT over the last few years. This bill not only supports the transition from fee-for-service to value-based reimbursement, but also the utilization of health IT to eliminate waste in the healthcare system and improve outcomes.

According to a statement ( released by both offices, the bill has 3 areas of focus:

  1.  Additional incentives emphasizing health outcomes over services performed
  2.  Increasing collaboration between patients and their doctors
  3.  Provide ACOs with additional tools needed for success

To address these focus areas, the bill would expand telehealth as described above, allow patients to choose the primary care physician within the ACO they are assigned, and increase Medicare data sharing among other things.


Advocates Reiterate Need for Timely Implementation of ICD-10; Survey Data Indicates Continued Readiness Lag

Key Takeaway: Hoping to avoid a third delay, ICD-10 proponents took to Capitol Hill this week, arguing that further delays in the adoption of the system would waste hundreds of millions of dollars and damage efforts to improve the health system. Meanwhile, new survey data released by the Workgroup for Electronic Data Interchange (WEDI) indicates little progress has been made towards implementation and testing of ICD-10 by providers.