Skip to content Skip to navigation

Washington Debrief: Senate Expected to Consider Cyber Threat Information Sharing Bill

October 21, 2015
by Leslie Kriegstein, Interim Vice President of Public Policy, CHIME
| Reprints

Congressional Affairs

Senate Expected to Consider Cyber Threat Information Sharing Bill

Key Takeaways: The Senate is considering a bill that would offer hospitals liability protection when sharing cyber threat indicators (CTIs) in an effort to improve the nation’s cyber defenses.

Why It Matters: The pace of cyberattacks on healthcare organizations is on the rise. Fear of a lawsuit from affected parties however has hospital and health systems officials are leery of sharing information with the government about threats or actual breaches. Providers also worry about the impact on public perception of the security of health information. The Cybersecurity Information Sharing Act (S.754), or CISA, would allow private entities to share threat information with the federal government for the betterment of the nation’s overall security.

CISA passed the Senate Intelligence Committee in March with broad bipartisan support and from industry. The bill would help businesses achieve timely and actionable situational awareness to improve theirs and the nation’s detection, mitigation, and response capabilities against cyber threats. CISA would create a voluntary program to help strengthen the protection and resilience of businesses’ information networks and systems against increasingly sophisticated and malicious actors.

The legislation would expand government-to-business information sharing, which is progressing but needs improvement. Further, CISA would incent businesses to share cyber threat data with appropriate industry peers and civilian government entities to bolster our critical infrastructure systems.

CHIME is a member of the Protecting America’ Cyber Networks Coalition and a supporter of the CISA legislation. We encourage you to use CHIME’s Congressional Advocacy Portal to tell your senators today about the importance of being able to share cybersecurity threats across organizations.

Leslie Kriegstein

Federal Affairs

Harris Health System Awarded $150K to Evaluate Cyber Threat Information Sharing Needs for Hospitals

Key Takeaways: HHS Awards Information Sharing Grant to Harris Health System

Why It Matters:  As the industry pushes toward greater interoperability, hospitals and health systems are only as strong as those with whom they must share patient data. The ability to share cyber threat information without fear of retribution is an important first step. Just last week, the Department of Health and Human Services (HHS) announced a one-year $150,000 grant awarded to Harris Health System in Houston to improve ways to share cybersecurity threat information and protect the healthcare sector.

The grant is extended under an executive order signed in February by President Barack Obama to encourage the development of information sharing and analysis organizations (ISAOs). These organizations will serve as go-betweens for collaboration on cybersecurity between the private sector and federal government. With the grant, Harris will work to identify the cybersecurity information needs and gaps of hospitals and other healthcare organizations across the country, to better fend of cyber threats.

CMS Extends Deadline, Seeks Feedback on MIPS RFI

Key Takeway:  CMS seeks feedback on the new physician payment system. Key topics include the use of certified EHRs and meaningful use. 

Why it Matters:  Section 101 of Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) repeals the Sustainable Growth Rate (SGR) and replaces it with Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), and promotes the development of Alternate Payment Models (APMs).

CMS published an RFI on October 1, seeking input on 127 questions pertaining to the new physician payment system.  Initially, CMS planned for only a 30-day comment period, however, the agency recently announced an extension to November 17 and included a prioritized set of topics for consideration.  Several items on the list could be of interest to CHIME members, including:

  • Reporting Mechanism Available for Quality Performance Category of MIPS
  • Data Accuracy of quality performance data for MIPS
  • Use of Certified EHR Technology (CEHRT) under the Quality Performance Category for MIPS
  • Should the performance score for this category be based be based solely on full achievement of meaningful use?
  • Under the MIPS, what should constitute use of CEHRT for purposes of reporting quality data?
  • How should CMS define “use” of certified EHR technology for participants in an APM?
  • What components of certified EHR technology should APM participants be required to use?

ONC Seeks Nominations for New Workgroups

Key Takeaway: The Office of the National Coordinator for Health IT (ONC) is seeking nominations for several new workgroups. 

Why it Matters:  The workgroups make recommendations to the full Health IT Policy Committee which, in turn, advises the secretary of HHS.  Many of the recommendations made by the HITPC have been adopted by CMS and ONC.  The new workgroups include: