CHIME & AEHIS Call on Feds to Have Greater Transparency on Cybersecurity
Key Takeaway: CHIME and AEHIS last week submitted comments to National Institutes of Standards and Technology (NIST) on a Request for Information (RFI) on cybersecurity.
Why it Matters: NIST in August issued a RFI -- “Information on Current and Future States of Cybersecurity in the Digital Economy” – with goal of gathering input for its upcoming recommendations for strengthening cybersecurity. CHIME and AEHIS made nine overarching recommendations on the challenges and barriers to improving the current state of healthcare, including:
- The need for federal agencies to improve transparency of known threats in order for the healthcare industry to better implement risk mitigation strategies.
- The need for more actionable and plain English guidance about current threats.
- Since a growing number of medical devices are now connected to the internet and hospital networks, cybersecurity needs to be seen as a business issue related to patient safety, not just an Information Technology problem.
We also called for changes affecting the way compliance enforcement is handled, need for under-resourced providers, greater attention to maximizing protections afforded by Business Associate Agreements, patient safety, and the need to prioritize healthcare as a critical infrastructure.
FTC Hearing on Ransomware
Key Takeaway: Federal Trade Commission (FTC) tackles ransomware.
Why it Matters: In a signal that cybersecurity remains a growing concern for policymakers, the FTC last week hosted a special symposium on ransomware. A recording of the webinar can be found here. The commission explored a number of topics, including:
- How do ransomware extortionists gain access to consumer and business computers?
- What role can consumer and business education play in preventing ransomware infections?
- Are there steps consumers and businesses should be taking to reduce the risk of ransomware or to decrease its impact?
- Are there technological measures that computer operating system and web browser designers can take to prevent ransomware?
- Are there browser plug-ins or other tools that consumers and businesses can employ that will warn if their data is about to be encrypted?
- What can be learned from criminal law enforcement’s efforts to combat ransomware?
- If you fall prey to ransomware, should you pay the ransom?
- If you pay the ransom, how likely are you to receive the decryption key and be able to view your files?
- What happens if you don’t pay the ransom? Are your files lost forever?
The FTC is accepting comments on these topics through October 7.
CHIME Comments on OPPS Rule, Applaud 90-day Reporting, MU changes
Key Takeaway: CHIME submited comments on the Centers for Medicare and Medicaid Services (CMS) proposed hospital outpatient prospective payment system rule (OPPS).
Why it Matters: CMS’ proposed rule called for numerous changes to the Meaningful Use program for hospitals providing some much needed relief for both 2016 and later years. CHIME strongly supports the changes CMS has called for, while also highlighting additional areas that we feel warrant changes. We called on CMS to:
- Finalize the proposal for a 90-day reporting period for 2016 as quickly as possible and adopt a likeminded policy for future years as well;
- Reconsider the full-year reporting for electronic clinical quality measures (eCQMs) for hospitals and adopt a quarter reporting period instead;
- Align regulatory requirements for clinicians and hospitals in the Medicare and Medicaid programs as closely as possible in order to maximize the greatest degree of flexibility;
- Develop education tools for providers to help them navigate different sets of rules (i.e. Merit-based Incentive Program (MIPS) and Medicare versus Medicaid);
- Only require provider use of new technologies when:
- They have become widely available and their functionality has been proven to improve patient care (i.e. application programming interfaces (APIs) and patient-generated data (PGD)); and
- Assuming new technologies are found to be effective, do not require a full-year reporting for any new Meaningful Use measures in order to give both vendors and providers time to adapt to the new criteria.
- Reduce thresholds for hospitals for ePrescribing; the timeframe upon which information must be made available to patients upon discharge; secure messaging; patient-generated data (PGD); and public health and clinical data registry reporting; and
- Any mandates for using registries must be preceded by proven, common data standards that are broadly available in the EHRs and implemented by the registries.
CMS Announces More Flexibility under MACRA
Key Takeaway: CMS posted a blog outlining more flexible options under the Medicare Access & CHIP Reauthorization Act of 2015 (MACRA), teeing up forthcoming changes in the final rule.
Why it Matters: In advance of the publication of the final rule on MACRA and the Merit-Based Incentive Payment System (MIPS), CMS Administrator Andy Slavitt posted a blog last week outlining four different ways clinicians will be able to maximize flexibility under the new Quality Payment Program:
- Option 1: Test the Quality Payment Program. Requires submission of some data starting January 1, 2017, to avoid penalties and is designed to help clinicians acclimate to the new system.
- Option 2: Participate for part of the calendar year. Allows clinicians to participate after January 1. Data must be submitted but would not be for the entire year while allowing clinicians to quality for a small incentive payment.
- Option 3: Participate for the full calendar year. Clinicians who are ready to participate in the program and start submitting data can qualify for a modest incentive payment
- Option 4: Participate in an Advanced Alternative Payment Model (APMs) in 2017. Those clinicians who receive enough Medicare payments or see enough Medicare patients through APMs could qualify for a 5 percent incentive payment in 2019.
Congressional Leaders Weigh-In on Forthcoming MACRA Rules
Key Takeaway: Leaders of the House Ways & Means and Energy & Commerce committees penned a letter to HHS Secretary Sylvia Burwell urging for adoption of final MACRA rules that create greater flexibility for physicians as they adapt to new reimbursement models.
Why It Matters: Stakeholders expect that the first performance year for the new Medicare physician reimbursement models is 2017. Congress, along with the provider community, are concerned that the Centers for Medicare and Medicaid Services (CMS) will not allow enough flexibility for Medicare physicians as they transition into the new reimbursement programs given the expedited timeline that accompanies the 2017 start date.
CHIME Joins Letter to CMS to Improve Reimbursement for Telehealth Services
Key Takeaway: CHIME signed a comment letter to the CMS promoting telehealth reimbursement expansion.
Why it Matters: CHIME joined 24 other organizations in responding to CMS’ physician fee schedule proposed rule where we called for reimbursement policies that are more supportive of telehealth and other connected health technologies. Medicare telehealth reimbursement policies have trailed other payers’. The letter urged CMS to consider how these technologies, if reimbursement is expanded, can better facilitate coordinated care and savings. The letter noted, for instance:
Despite the proven benefits of connected health technology to the American healthcare system, these solutions are largely ignored by the current Medicare system in their rule making. For example, according to the CMS, traditional fee-for-service Medicare “telehealth” reimbursement totaled a mere $13.9 million in calendar year 2014, largely an effect of CMS’ continued use of a now 16-year-old definition and its refusal to waive the backwards and outdated restrictions in Section 1834(m) on “telehealth.” Furthermore, remote monitoring technologies, which are dependent on technologies excluded from telehealth services, are unreasonably restrained by CMS’ decision to bundle monitoring with other codes, resulting in a lack of reimbursement for remote monitoring solutions.
Patient Identification/Precision Medicine Announcements
Key Takeaway: The Obama administration made two announcements on precision medicine last week. Successfully matching patients to their records remains critical to advancing this effort forward.
Why it Matters: Precision medicine remains a top priority for the White House and they recognize that data interoperability is a cornerstone to its success. CHIME continues to assert that the ability to uniquely identify a patient is pivotal to addresses a fundamental challenge to interoperability and thus to the success of precision medicine efforts. Last week the White House:
- Published a 72-page report on their Cancer Moonshot Initiative which strives to accelerate work to advance cancer research work that typically would have taken ten years, in five. A blue ribbon panel made numerous recommendations including several aimed at data.
- A Frontiers conference that will be hosted on October 13th in Pittsburgh that will be attended by the President and co-hosted by the University of Pittsburgh and Carnegie Mellon University. The conference will focus on the future of innovation including advances in precision medicine and healthcare innovation.