Executive Order to Promote Cyberthreat Info Sharing
Key Takeaway: President Obama, last Friday, signed an executive order to promote more information sharing about cyberthreats – both within the private sector and between the government and private sector.
Why it Matters: This is the latest in a series of steps taken by the Obama administration to focus on cybersecurity, going back to February 2013. When viewed alongside congressional efforts, there appear to be consensus on a number of items – including the need to bolster information sharing organizations and develop information sharing protocols.
Last week, President Obama signed an executive order (EO) promoting private sector cybersecurity information sharing during the first White House summit on Cybersecurity and Consumer Protection at Stanford University. According to the EO, “The purpose of this order is to encourage the voluntary formation of such organizations, to establish mechanisms to continually improve the capabilities and functions of these organizations, and to better allow these organizations to partner with the Federal Government on a voluntary basis.”
The main provisions of the EO include provisions directing the Department of Homeland Security to encourage development and formation of private-sector or non-profit sector Information Sharing and Analysis Organizations (ISAOs) and tasks the National Cybersecurity and Communications Integration Center (NCCIC) with coordinating ISAOs. A second provision of the EO tasks the Secretary of Homeland Security with entering into an agreement with a nongovernmental organization to serve as the ISAO Standards Organization which “shall identify a common set of voluntary standards or guidelines for the creation and functioning of ISAOs under this order.” The Standards Organization is tasked to develop:
- Standards to further robust information sharing related to cybersecurity risks and incidents with ISAOs and among ISAOs and to foster development and adoption of automated mechanisms for information sharing;
- Baseline standards that ISAOs should possess and be able to demonstrate;
- The standards will also touch on contractual agreements, business processes, operating procedures, technical means, and privacy protections, such as minimization, for ISAO operation and ISAO member participation.
For more information, see this fact sheet developed by the White House.
Legislation and Politics
House Subcommittee Considers ICD-10 Readiness, Leadership Signals No Further Delay
Key Takeaway: At the House Energy and Commerce Subcommittee on Health hearing last week, subcommittee leadership emphatically stated they will not support any further delays to the implementation of ICD-10.
Why It Matters: At the Examining ICD-10 Implementation hearing, both Chairman Joe Pitts (R-PA-16) and Ranking Member Gene Green (D-TX-29) voiced their sincere opposition to any delay of ICD-10 implementation beyond October 1, 2015.
Questioning from critics on the subcommittee shifted from past calls for other delays to ensuring CMS and providers were properly prepared for the October 1, 2015 deadline. Instead, these critics, including members of the GOP Doctors Caucus, called on CMS to publically state their contingency plans for provider payments if the implementation of ICD-10 does not go as smoothly as industry stakeholders expect.
The calls for no further delay were only augmented with the GAO report released on February 6, 2014, stating the Office’s confidence in CMS readiness for an October 1, 2015 implementation was high. Senate Finance Committee Chairman Orrin Hatch (R-UT) and Ranking Member Ron Wyden (D-OR) requested the study and were pleased with the results, calling for implementation to move forward as scheduled.
While no legislation has been introduced to mandate another implementation delay, we expect the conversation to continue as Congress pursues the latest iteration of a temporary “doc fix” or preventive measure to avoid provider reimbursement cuts under Medicare’s Sustainable Growth Rate (SGR).
CMS to Penalize Doctors $200M for Meaningful Use Struggles in 2014
Key Takeaway: CMS distributed slightly more than $400 million in incentive payments to providers in the Meaningful Use Program in 2014, while the agency saved more than $200 million in provider penalties.
Why It Matters: Last week, CMS announced that 9 out of 10 hospitals participated in Meaningful Use Program and had 2014 CERT.
According to CMS, the participation rates varied significantly in the meaningful use program by hospital type in 2014. Nearly 90 percent of the 1300 eligible critical access hospitals successfully participated in the Meaningful Use Program in 2014. Notably, only 55 percent of the 100 children's hospitals eligible to participate in the meaningful use program successfully met the program requirements in 2014.