Cyber-Experts put Healthcare Sector 'On Notice'
Key Takeaway: Mock cyber attacks have revealed insufficient capacity to share information among healthcare organizations, the government and cybersecurity officials. And the Federal Bureau of Investigation (FBI) is warning providers of increased likelihood of targeted attacks.
Why it Matters: Federal and private sector efforts are underway to help the healthcare sector manage targeted cyber attacks. If the private sector fails to coordinate and share information on cyber incidents, federal action – specifically, legislation and regulation – are likely in the near future.
According to a private notice being circulated by the FBI, “The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors; therefore the possibility of increased cyber intrusions is likely.” This comes amid the public release of results from a mock cyber-attack exercise conducted by HHS and the Health Information Trust Alliance (HITRUST), revealing poor communication and information sharing protocols among, and within, healthcare organizations. The mock cyber attack simulated attacks on information technology systems, medical devices and communications systems in several healthcare organizations and on HHS information systems. The exercise revealed that:
- Organizations that participate in cybersecurity exercises are more prepared for a cyber attack.
- An organization's preparedness benefits from improved threat intelligence process capabilities and increased engagement with other healthcare organizations.
- Organizations need greater freedom to communicate and collaborate during a cyber attack.
- Incident response coordination and collaboration capabilities are crucial.
Further, officials at HITRUST said the federal voluntary cybersecurity framework is insufficient “to support healthcare organizations in the current cyber threat landscape.”
Medical Errors a Significant Cause of Death; IT Prevention Role Identified
Key Takeaway: A report compiled by Senator Barbara Boxer (D-Calif.) suggests that from 210,000 to 440,000 Americans die annually from medical errors and other preventable harm at hospitals.
Why it Matters: The report list six recommendations, one of which asks federal regulators to incorporate a standard way of reporting medical errors in Stage 3 Meaningful Use and to bolster development of clinical quality measures to better track error reduction efforts.
According to a new report from Sen. Boxer’s office, hospital-related errors and other preventable harm trail only cancer and heart disease as a leading cause of death in the United States. The Senator’s office surveyed nearly 150 hospitals in California and found that most hospitals have identified and are addressing the most common medical errors. The report also found that hospitals are “pursuing unique approaches to preventing” common errors, some of which are highlighted in the report. Six major recommendations in the report suggest that:
- Federal patient safety programs should focus their efforts on the Partnership for Prevention’s list of the nine most common medical errors
- HHS should work with Congress to develop more robust quality measures for error reduction
- Stage 3 Meaningful Use should require the use of AHRQ Common Formats to collect data on errors
- Surveyors and accreditors should evaluate whether hospitals are meeting Medicare conditions of participation by assessing their use of AHRQ’s Common Formats
- Congress should review whistleblower protections for medical staff
Federal regulators should examine the Hospital Patient Safety Initiative’s new survey tools and determine their impact on increasing staff reporting of medical errors
CMS Rethinking ICD-10 Approach, Vows to Enforce ICD-10 Ban
Key Takeaway: The Centers for Medicare and Medicaid Services (CMS) officials note the agency’s readiness to accept ICD-10 codes and their firm commitment to enforce the ban for at least another year.
Next Steps: CMS will issue guidance for providers and payers within the next few weeks, although it remains to be seen if any additional money will be designated for testing or benchmarking.
In statements made during AHIMA’s ICD-10 Summit in Baltimore, Maryland last week, CMS officials noted the agency’s readiness to accept ICD-10 codes and their firm commitment to enforce the ban for at least another year. Officials said they were surprised with the congressional mandate to delay enforcement of ICD-10 from October 1, 2014, to at least October 2015, and they indicated that a new compliance deadline would be coming “in the very near future.” When asked about the agency’s readiness, CMS was quick to note they were on track to meet the October 2014 deadline and that “most” state Medicaid agencies were similarly positioned. However, officials in Baltimore said the delay would not necessarily translate to more opportunities for healthcare organizations to test their coding systems for ICD-10 readiness. “Obviously, in an ideal world, everyone would get to test, but we only have so much money to support that kind of testing,” said Denise Buenning, acting deputy director of the Office of eHealth Standards and Services.
Register Now for Second Annual CHIME Public Policy Event in Washington, DC
Make plans to attend the CHIME Second Annual Public Policy Forum being held from 12 to 2 p.m. on Wednesday, April 30, in Washington. CHIME President and CEO Russ Branzell, along with six CHIME members active in the public policy arena, will be presenting on the topic of Connected and Converging Health: Patient generated health data, telehealth, and taking care to the patient; and the next phase of healthcare transformation.
Edited for style by Gabriel Perna