Skip to content Skip to navigation

Washington Debrief: NIST Releases Draft Cyber Threat Information Sharing Guide

November 17, 2014
by Jeff Smith, Vice President of Public Policy at CHIME
| Reprints
Jeff Smith, Vice President of Public Policy at CHIME

NIST Releases Draft Cyber Threat Information Sharing Guide

Key Takeaway: One priority in cyber security regulation, both for federal agencies and in Congress, is facilitating the sharing of cyber threat information. The goal of the National Institute of Standards and Technology’s (NIST) Guide to Cyber Threat Information Sharing is to enable organizations to use cyber threat information to strengthen defensive strategies and make necessary systemic changes before a breach can occur.

Why It Matters: Few of the nation’s critical infrastructure sectors have well-established threat intelligence sharing protocols, including healthcare. This work is meant to help coordinate cyber threat-sharing networks as they develop.

The guide examines the benefits and challenges of coordinating and sharing threat intelligence; presents the strengths and weaknesses of a variety of information sharing models; and introduces scenarios that demonstrate real-world applications of threat information sharing. The draft guide was developed to assist organizations in establishing incident-response capabilities that leverage collective knowledge by sharing threat intelligence and through ongoing coordination. Guidelines for coordinated incident management, including the production and use of data, are also embedded within the draft document.

On Capitol Hill, House and Senate leaders have echoed the need for improved threat information sharing, increasing the likelihood that legislation will be considered before the end of the 113th Congress. The Senate Intelligence Committee approved the Cyber Security Information Sharing Act of 2014 (S. 2588) earlier this year, which would improve the nation’s cyber security through enhanced sharing of information about cyber threats. The House passed companion legislation, the Cyber Intelligence Sharing and Protection Act (H.R. 624) in April 2013.

Those interested in learning more about what colleagues are doing to prevent cyber attacks, and discussing the challenges and latest trends in cyber security can join CHIME for our next regional LEAD Forum on December 9 in Houston, TX. Save the Date!


ONC Outlines Health IT-Enabled Quality Improvement Initiatives

Key Takeaway: While quality measurement has a long history in healthcare, the Office of the National Coordinator for Health IT (ONC) released its vision for an ecosystem of health IT-enabled quality improvement, calling for an alignment of clinical decision support (CDS) and clinical quality measurement (CQM) at a minimum.

Why it Matters: Electronically specified CQMs, or eCQMs, remain a challenge for providers looking to report quality measures through their EHRs. This vision paper could help spur more focus on eCQM development and help coordinate a complicated environment of quality reporting programs for hospitals and physicians.

In an attempt to outline a path toward national quality improvement through health IT, ONC last week released a vision paper entitled, “Health IT Enabled Quality Improvement: A Vision to Achieve Better Health and Health Care.” This vision paper is independent of ONC’s Interoperability vision paper, “Connecting Health and Care for the Nation: A Ten Year Vision to Achieve an Interoperable Health IT Infrastructure,” to which CHIME submitted comments in September. The vision paper outlines several guiding principles including interoperability, protect privacy and security, a national quality strategy, empower all members of the healthcare ecosystem, build on existing health IT infrastructure, alignment and simplification and focus on value, while setting three-, six- and 10-year milestones for nationwide quality improvement through health IT.

Under the three-year vision, ONC references support for the alignment of quality reporting programs to reduce the collection and reporting burden on providers and hospitals. ONC is focused on supporting a coordinated, technical measurement infrastructure. Using the S&I Framework, Clinical Quality Framework (CQF) Initiative, ONC and CMS, in partnership with HL7, will harmonize and contribute to the development of standards for expressing and sharing CDS interventions and CQMs.

ONC welcome stakeholder feedback on the Quality Improvement Plan.

IOM Proposes 12 Behavioral Health Measures for EHRs

Key Takeaway: The Institute of Medicine (IOM) released a report commissioned by the Centers for Medicare and Medicaid Services (CMS), Centers for Disease Control (CDC), National Institutes for Health (NIH) and others last week, recommending that electronic health records (EHRs) track physical activity, and social and behavioral data to help improve health outcomes.