Skip to content Skip to navigation

Washington Debrief: President Signs Healthcare Cybersecurity Language into Law

December 21, 2015
by Leslie Kriegstein, Interim Vice President of Public Policy, CHIME
| Reprints

Note: The next Washington Debrief will be published on January 11, 2016

Congressional Affairs

President Signs Healthcare Cybersecurity Language into Law

Key Takeaway: The massive government spending package that was enacted late last Friday included language to enable cyber threat information sharing and directives to the Department of Health and Human Services (HHS) to better equip the healthcare sector to combat cyber attacks.

Why It Matters: Congress responded to pleas from the provider community for additional resources to improve preparedness against cyber threats. The language included in the funding package seeks to improve clarity on who within the HHS leads cyber efforts and how sub-agencies should coordinate for the benefit of all stakeholders.

The law also called for the creation of a healthcare industry cybersecurity task force within 90 days of enactment to: analyze how other industries have implemented strategies and safeguards for addressing cybersecurity threats within their respective industries; evaluate challenges to securing healthcare entities; review challenges with securing networked medical devices; and, what’s needed to implement cyber threat information sharing within the healthcare sector.

Further, Section 405 directs the secretary of HHS, working with other federal and non-federal entities, to develop a common set of voluntary, consensus-based, and industry-led guidelines, best practices, methodologies, procedures and processes that can serve as a resource for reducing cybersecurity risks for a range of healthcare organizations.

A draft of the healthcare-specific language was first included in the Senate’s Cybersecurity Information Sharing Act of 2015 when it passed in November (neither of the House-passed bills included health-specific directives), but the healthcare language was edited and ultimately included in the Omnibus spending package.

Congress Passes Bill to Expand CMS’ Authority to Grant Hardship Exemptions for 2015 Program Year

Key Takeaway: Before adjourning for 2015, one of the final acts of Congress was to pass legislation to expand the authority of the Centers for Medicare and Medicaid Services (CMS) to grant hardship exemptions to Meaningful Use participants for the 2015 program year.

Why It Matters: Passage of this narrowly focused legislation is indicative of the growing bipartisan interest in Meaningful Use on Capitol Hill. Concerns about the delay in the release of the rules were voiced by Senate Health, Education, Labor & Pensions Committee Chairman Lamar Alexander (R-TN), echoed in a bipartisan letter signed by 116 members of the House, and again reiterated in a GOP Doctors Caucus letter sent to Speaker Paul Ryan (R-WI) in early December.

The legislation, S. 2425, championed by Senators Rob Portman (R-OH) and Robert P. Casey, Jr. (D-PA), and modeled after legislation (H.R. 3940) introduced into the House by Rep. Tom Price, M.D. (R-GA), would allow eligible hospitals and eligible physicians who find it impossible to comply with the modified Stage 2 rule released into the final 90-day reporting period of 2015 to apply under the "unforeseen circumstances" category. The legislation enables CMS to grant hardships not just on a case-by-case basis, but also to "categories" with the deadline of March 15, 2016 for EPs and April 1, 2016 for EHs, after which time CMS would still have the case-by-case authority to grant hardship exemptions until July 1, 2016.

Senate Finance Committee Outlines Policies to Combat Chronic Illness

Key Takeaway: Bipartisan Chronic Care Working Group outline addresses telehealth.

Why It Matters: The working group recognized the need to address the increased role health information technology plays in the delivery of patient care, especially to those with chronic conditions.

The 30-page policy options document released last week includes expanding telehealth services to patients with chronic conditions, Medicare Advantage enrollees, Accountable Care Organizations, as well as stroke and behavioral health patients.

The committee’s considerations are aligned with the comments CHIME submitted to the workgroup in June, which called on the committee to foster policies that bolster care coordination and telehealth services in the treatment of patients with chronic conditions. CHIME’s response also reminded the committee the importance of robust interoperability, including the need for a national patient identification solution, to facilitate improve care for chronically ill patients.

Committee has requested stakeholder feedback on the proposed policy options to be submitted via email to by January 26, 2016.

Federal Affairs

Health IT Policy Committee Sends Report to Congress on Interoperability