President's Cybersecurity Proposals to Promote Info Sharing through 'Targeted Liability Protection'
Key Takeaway: During his State of the Union address, President Obama called on lawmakers to pass comprehensive cybersecurity legislation that would focus on: increased information sharing, modernization of law enforcement agencies, and national data breach reporting. The administration is looking to incentivize participation in information sharing networks through targeted liability protection.
Why it Matters: The President's cybersecurity proposals align and reinforce past congressional efforts and raise prospects of passing substantive legislation in the 114th Congress. CHIME is actively working with policymakers to help them understand cybersecurity in the context of healthcare delivery; contact Jeff Smith if you'd like to learn more.
President Obama called for strengthening cybersecurity in his State of the Union speech last week, but his administration supplemented the State of the Union shout out with a multi-pronged legislative proposal. The President called on Congress to enable more cybersecurity information sharing; modernize law enforcement authorities and create a national data breach notification protocol. The President's proposal seeks to encourage the private sector to share threat information with the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC), which will then siphon credible information to relevant federal agencies and with private sector-developed and operated Information Sharing and Analysis Organizations (ISAOs). ISAOs are new designations that administration officials hope can be trusted private-sector brokers of cyber threat information. The administration has also proposed to provide "targeted liability protection for companies that share information" with the NCCIC and ISAOs.
The Administration's proposals on law enforcement would allow for the prosecution of the sale of botnets, criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity.
Meanwhile, the President's plans on breach notification would likely put other sectors of the economy on equal footing with healthcare by harmonizing state laws and requiring businesses that have suffered an intrusion to notify consumers if their data has been compromised. The proposal "puts in place a single clear and timely notice requirement to ensure that companies notify their employees and customers about security breaches." Scattered pieces of legislation introduced last year contained similar elements to the President's proposals, raising the likelihood of substantive progress on these issues in the current Congress.
CHIME Supports AMA Letter to Improve ONC Certification Program
Key Takeaway: A group of 35 provider organizations, including CHIME, sent a letter to the Office of the National Coordinator for Health IT (ONC) urging the current certification program to better align end-to-end testing to focus on electronic health record (EHR) usability, interoperability and safety.
Why it Matters: The letter makes several recommendations that users of certified technology believe should be incorporated into ONC's next round of program enhancements. This is the first time that so many provider groups have developed consensus around the need for more robust testing and shown support for ONC plans to decouple EHR certification from Meaningful Use.
In a letter sent to ONC last week, providers urged officials to retool the federal health IT certification program to focus more on ways to improve patient safety, usability and interoperability. Specifically, letter signatories recommended ONC make the following changes to EHR certification: