Skip to content Skip to navigation

Washington Debrief: Senate Leaders Say Cybersecurity Legislation Must Pass This Year

November 3, 2014
by Jeff Smith, Vice President of Public Policy at CHIME
| Reprints
Jeff Smith, Vice President of Public Policy at CHIME

Top News

Senate Leaders Say Cybersecurity Legislation Must Pass This Year

Key Takeaway: Senate Intelligence Committee leadership expressed the need to pass cybersecurity legislation before Congress adjourns in December.

Why It Matters: There is growing urgency to pass cybersecurity legislation this year, according to senior lawmakers in the Senate. Legislation addressing legal protections that incentivize cyber threat data sharing across stakeholders, including the government, is a priority for the Senate Intelligence Committee, according to Chairwoman Sen. Dianne Feinstein (D-CA) and Ranking Member Saxby Chambliss (R-GA).

During a session at The Third Annual Cybersecurity Summit hosted by the U.S. Chamber of Commerce last week, both Senators Feinstein and Chambliss stressed the need for immediate legislative action before the end of the 113th Congress.

The Senate Intelligence Committee approved the Cybersecurity Information Sharing Act of 2014 (S. 2588) earlier this year, which would improve the nation’s cybersecurity through enhanced sharing of information about cyber threats. The House passed the companion legislation, the Cyber Intelligence Sharing and Protection Act (H.R. 624) in April 2013.

Those interested in learning more about what colleagues are doing to prevent cyber attacks, and discussing the challenges and latest trends in cyber security can join CHIME for our next regional LEAD Forum on December 9 in Houston, TX. Save the Date!


Privacy and Security Workgroup Looks at Big Data

Key Takeaway: The Office of the National Coordinator for Health IT (ONC) Privacy and Security Workgroup sought to shed some light on big data policy last week at their FACA meeting.

Why It Matters: Many areas related to EHRs and big data have yet to receive official policy recommendations from ONC or its workgroups. These areas include, but are not limited to, consent policies and privacy when sharing patient data, personalized medicine, health data in mobile apps (consumer-generated data) and encryption.

In the five years after the passage of the Health Information Technology for Clinical and Economic Health (HITECH) Act, the nation has seen rapid adoption of health information technology. The Meaningful Use program has mapped out specific uses for EHRs to qualify for program incentives and avoid penalties; however, many EHR functionalities have been left out of the program. Patient consent, for instance, has not been mandated by the program, yet each state has rules in place that require patient consent for sharing personal health data, especially for sensitive health data like behavioral and mental  health data, among other things. Organizations have had to rely on paper solutions to capture consent because many EHRs do not have consent functionality built into the system. Further, there are no clear consent rules related to providing patient data for research.

With all eyes on interoperability, many of these issues need to be addressed by policymakers through the creation of standards and definitions. According to the meeting slides,

  • “There is no rigorous definition of big data”
  • “. . . Big data refers to things one can do at a large scale that cannot be done at a smaller one, to extract insights or create new forms of value, in ways that change markets, organizations, the relationship between citizens and governments, and more.”
  • “At its core, big data is about predictions . . . It’s about applying math to huge quantities of data in order to infer probabilities . . . .”

To address these issues, the workgroup will try to address the following policy questions:

  • “Are updates or additional policies needed to address ethical privacy frameworks and research standards?”
  • “What policies and technologies exist to protect the privacy of databases?”
  • “Recognizing the limitations of current guidance, what are additional solutions for the de-identification of data?”

Health IT Certification Body to Shutter Due to Regulatory Uncertainty

Key Takeaway: On November 14, the Certification Commission for Health Information Technology (CCHIT) will close its doors because of the slow pace of 2014 edition technology and uncertainty for Stage 3, the organization said last week.

Why It Matters: CCHIT has been certifying EHRs since before the HITECH Act was passed, and even though they had a track-record of success, the independent testing and certification body was unable to create a business plan for the future.

With the rapid turnover of top ONC officials over the last two years, it’s not surprising to see an organizations move away from the certification process. With the massive reach of the certification program, but no clear steps toward the next stage of Meaningful Use, other organizations may follow. CCHIT will pass their assets to HIMSS after their closure.

CHIME News & Notes

CHIME Launches 2 Organizations to Serve Chief Technology Officers and Chief Application Officers