DeSalvo, Reider Announce Departures from ONC
Key Takeaway: National Coordinator Karen DeSalvo, M.D. and Deputy National Coordinator Jacob Reider, M.D. join the growing ranks of leaders who have recently departed from the Office of the National Coordinator of Health IT (ONC).
Why it Matters: Since passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act, the ONC has been the nation’s chief health IT strategist and primary health IT cheerleader. With the loss of several top officials at ONC, questions over its future, its funding and its role in coordinating health IT policy are circling in the nation’s capitol.
Health IT leaders were shocked last week to learn the top two health IT officials from the Obama administration are leaving their posts. Late Thursday afternoon, Dr. DeSalvo announced to staff her “immediate” reassignment to the Office of the Assistant Secretary for Health to help manage the national response to Ebola. While many health IT leaders identified DeSalvo’s experience with disaster response and preparedness – citing her work during and after Hurricane Katrina – few could say why she was tapped for the job. It also remained unclear whether DeSalvo would return to her post as National Coordinator.
DeSalvo is leaving the office at a critical time, with MU attestation numbers below historic levels, and big policy priorities related to interoperability and Stage 3 yet to be finalized. So far, fewer than 10 percent of hospitals scheduled to meet Stage 2 meaningful use have done so in 2014; physicians are in their last reporting period, but fewer than 2 percent have met that goal this year. With the development of an interoperability and patient safety center roadmap still in the beginning stages, it remains unclear what impact the loss of leadership will have.
Shortly after DeSalvo’s announcement, Deputy National Coordinator Jacob Reider circulated an email to ONC staff announcing his departure from ONC. In the last six months, ONC has lost Chief Privacy Officer Joy Pritts, Chief Science Officer Doug Fridsma, Chief Nursing Officer Judy Murphy and Director of the Office of Consumer eHealth Lygeia Riccardi.
Federal Government Eyes Cybersecurity Policy, Sets Stage for 2015
Key Takeaway: Several federal agencies, including the Department of Homeland Security (DHS) the Food & Drug Administration (FDA) and Department of Justice (DoJ) are actively investigating potential cybersecurity vulnerabilities with medical devices or pursuing policy discussions related to cybersecurity in healthcare.
Why It Matters: Administrative agencies and federal lawmakers are beginning to get serious about cybersecurity, all but ensuring that regulations or legislation will be enacted next year. While legislation and agency action has been more preparatory to date, healthcare organizations would be well-advised to ensure that senior leadership prioritize cybersecurity, or else face the prospects of regulations requiring action in the near future.
Federal regulators are either actively pursuing cybersecurity investigations related to medical devices or trying to better understand the landscape of cybersecurity in healthcare. During the first part of last week, CHIME and AEHIS participated in an FDA workshop focused on the challenges and solutions of cybersecurity in healthcare. Members of medical device manufacturers, hospital chief security officers, security experts and government officials agreed that healthcare needs to be doing more to combat and respond to cyber-threats; however, it became clear that different stakeholders view the challenge – and therefore the solutions – differently. Healthcare providers focused on the need to have more cybersecurity “baked” into devices and more support from manufacturers. They also highlighted a need to have better cybersecurity “hygiene” internally by taking basic steps to bolster their resiliency, such as making sure that network devices are not also available through unsecured public wireless networks. Meanwhile, device manufacturers said the government needs to provide a space for competitors to share information on vulnerabilities. While both groups admitted there is an element of “shared responsibility,” delineating which party has more or less responsibility for cybersecurity was a more difficult aspect of the conversation.
The FDA recently published medical device cybersecurity guidance and is looking to leverage NIST’s Cybersecurity Framework to help healthcare organizations prepare for and mitigate the impact of cyber attacks.
Later in the week, news surfaced that the Department of Homeland Security was actively investigating a dozen instances of medical device tampering, including products made by Hospira, Medtronic and an implantable heart device made by St. Jude Medical. DHS officials said they had been investigating cases for the last two years and clarified that a DHS review does not suggest any wrongdoing on the company's part, but rather that the agency is examining a potential vulnerability to try to help address the issue. Department of Justice officials also announced that the DOJ was pivoting some of their investigative personal from foreign spies to cybersecurity, a further indication of increased visibility on the issue.
ONC Leadership Discuss Interoperability Plan, Patient Safety Center
Key Takeaway: ONC National Coordinator Karen DeSalvo reiterated the office’s commitment to interoperability and patient safety at the annual WEDI Conference, shortly before she announced her move within HHS. Meanwhile, work related to ONC’s Patient Safety Center has begun with an announcement of a public-private partnership to be led by RTI International.
Why It Matters: Interoperability and patient safety will be among ONC’s top priorities in 2015. CHIME members who are interested in lending their experience to the development of the interoperability roadmap or the patient safety center roadmap are encouraged to contact CHIME staff in Washington.
The WEDI Conference brought stakeholders together to discuss health information exchange last week, giving DeSalvo an opportunity to share information on the Interoperability Roadmap last week to the Standards and Policy committees. DeSalvo discussed the five building blocks for interoperability as outlined in the Interoperability Roadmap and highlighted ONC’s work to develop a public-private partnership for interoperability. She also mentioned the recent contract given to RTI International to work on their Health IT Safety Center, which would also feature a public-private partnership.
CHIME has been asked to fill a seat on the public-private advisory group to RTI International; interested members should contact Jeff Smith here.
Legislation & Politics
Republican Leaders Outline Agenda Priorities as Election Day Approaches
Key Takeaway: Republican heavyweights in the House and Senate have outlined their agendas for the 114th Congress, just weeks away from the mid-term election, referencing a renewed focus on FDA regulation and cyber security policies.
Why It Matters: Healthcare IT leaders wondering what the upcoming elections might mean for health IT policy should anticipate a bevy of issues to surface, including the role of FDA in regulating EHRs, cybersecurity policy in healthcare and interoperability.
Last week, newly selected House Majority Leader Kevin McCarthy (R-CA) and Senator Orrin Hatch (R-UT), who stands to assume the role as Senate Finance Committee Chairman should the Republicans gain the majority in the Senate, announced their proposed priorities for the 114th Congress. Both leaders pointed to the need for regulation that both incentivizes and protects innovation.
Majority Leader McCarthy pointed to the need for FDA regulation among other red-tape reducing legislative initiatives. As the current chairman of the Senate Republican High-Tech Task Force, Senator Hatch emphasized the need for improved cyber security through incentives to encourage the private sector to share cyber-threat information with the government.
Edited by Gabriel Perna for style