Washington Debrief: NIST Releases Draft Cyber Threat Information Sharing Guide | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Washington Debrief: NIST Releases Draft Cyber Threat Information Sharing Guide

November 17, 2014
by Jeff Smith, Vice President of Public Policy at CHIME
| Reprints
Jeff Smith, Vice President of Public Policy at CHIME

NIST Releases Draft Cyber Threat Information Sharing Guide

Key Takeaway: One priority in cyber security regulation, both for federal agencies and in Congress, is facilitating the sharing of cyber threat information. The goal of the National Institute of Standards and Technology’s (NIST) Guide to Cyber Threat Information Sharing is to enable organizations to use cyber threat information to strengthen defensive strategies and make necessary systemic changes before a breach can occur.

Why It Matters: Few of the nation’s critical infrastructure sectors have well-established threat intelligence sharing protocols, including healthcare. This work is meant to help coordinate cyber threat-sharing networks as they develop.

The guide examines the benefits and challenges of coordinating and sharing threat intelligence; presents the strengths and weaknesses of a variety of information sharing models; and introduces scenarios that demonstrate real-world applications of threat information sharing. The draft guide was developed to assist organizations in establishing incident-response capabilities that leverage collective knowledge by sharing threat intelligence and through ongoing coordination. Guidelines for coordinated incident management, including the production and use of data, are also embedded within the draft document.

On Capitol Hill, House and Senate leaders have echoed the need for improved threat information sharing, increasing the likelihood that legislation will be considered before the end of the 113th Congress. The Senate Intelligence Committee approved the Cyber Security Information Sharing Act of 2014 (S. 2588) earlier this year, which would improve the nation’s cyber security through enhanced sharing of information about cyber threats. The House passed companion legislation, the Cyber Intelligence Sharing and Protection Act (H.R. 624) in April 2013.

Those interested in learning more about what colleagues are doing to prevent cyber attacks, and discussing the challenges and latest trends in cyber security can join CHIME for our next regional LEAD Forum on December 9 in Houston, TX. Save the Date!


ONC Outlines Health IT-Enabled Quality Improvement Initiatives

Key Takeaway: While quality measurement has a long history in healthcare, the Office of the National Coordinator for Health IT (ONC) released its vision for an ecosystem of health IT-enabled quality improvement, calling for an alignment of clinical decision support (CDS) and clinical quality measurement (CQM) at a minimum.

Why it Matters: Electronically specified CQMs, or eCQMs, remain a challenge for providers looking to report quality measures through their EHRs. This vision paper could help spur more focus on eCQM development and help coordinate a complicated environment of quality reporting programs for hospitals and physicians.

In an attempt to outline a path toward national quality improvement through health IT, ONC last week released a vision paper entitled, “Health IT Enabled Quality Improvement: A Vision to Achieve Better Health and Health Care.” This vision paper is independent of ONC’s Interoperability vision paper, “Connecting Health and Care for the Nation: A Ten Year Vision to Achieve an Interoperable Health IT Infrastructure,” to which CHIME submitted comments in September. The vision paper outlines several guiding principles including interoperability, protect privacy and security, a national quality strategy, empower all members of the healthcare ecosystem, build on existing health IT infrastructure, alignment and simplification and focus on value, while setting three-, six- and 10-year milestones for nationwide quality improvement through health IT.

Under the three-year vision, ONC references support for the alignment of quality reporting programs to reduce the collection and reporting burden on providers and hospitals. ONC is focused on supporting a coordinated, technical measurement infrastructure. Using the S&I Framework, Clinical Quality Framework (CQF) Initiative, ONC and CMS, in partnership with HL7, will harmonize and contribute to the development of standards for expressing and sharing CDS interventions and CQMs.

ONC welcome stakeholder feedback on the Quality Improvement Plan.

IOM Proposes 12 Behavioral Health Measures for EHRs

Key Takeaway: The Institute of Medicine (IOM) released a report commissioned by the Centers for Medicare and Medicaid Services (CMS), Centers for Disease Control (CDC), National Institutes for Health (NIH) and others last week, recommending that electronic health records (EHRs) track physical activity, and social and behavioral data to help improve health outcomes.

Why It Matters: Despite the slight increase in burden on physicians to capture more patient information, and the privacy and security concerns around sharing sensitive patient information, IOM believes that collecting 12 new behavioral health measures in an EHR will help provide patients with better quality care. Hospitals and physicians can expect at least some of these criteria to be included in the Meaningful Use Stage 3 NPRM expected sometime this winter.

EHRs continue to be at the center of discussions on how to improve outcomes and lower healthcare costs. To reduce the burden of information collection on providers, the report suggests that providers allow patients to share information via a personal health record. It remains to be seen if that will be a viable option, because many EHRs have issues integrating patient-generated data.

The indicators will help physicians gauge the progress of specific treatment plans, and will help them make changes in treatment if they observe changes in any of these areas. The suggested areas include:

  • Alcohol use
  • Race and ethnicity
  • Residential address
  • Tobacco use and exposure
  • Census tract-median income
  • Depression
  • Education
  • Financial resource strain
  • Intimate partner violence
  • Physical activity
  • Social connections and social isolation
  • Stress

Alcohol use, race and ethnicity, residential address, and tobacco use and exposure are already widely captured because of requirements of the meaningful use program, but it looks as though the other eight measures may not be widely measured until 2017, the start of Stage 3.

IOM released a broader report in April entitled Capturing Social and Behavioral Domains in Electronic Health Records: Phase 1 (http://www.nap.edu/catalog.php?record_id=18709), which outlined 17 behavioral health measures for further study. That report led to more focused recommendations for Stage 3 in this, the second iteration.

CHIME News and Notes

ICD-10 Coalition Pens Letter to Congressional Leadership

A coalition of ICD-10 supporters, including providers, payers and health IT vendors, sent congressional leaders a letter last week reiterating the need to keep firm the October 1, 2015, compliance date. “The Coalition for ICD-10, a broad constituency of organizations from across the health care spectrum, strongly supports the recently announced Oct. 1, 2015, ICD-10 compliance date and opposes any steps to delay this implementation date,” the letter said. “ICD-10 implementation delays have been disruptive and costly,” the letter continues. “We urge Congress to avoid any further delays of this needed coding update.”

For access to the full letter, click here.

Edited by Gabriel Perna for style

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on