Senate Expected to Consider Cyber Threat Information Sharing Bill
Key Takeaways: The Senate is considering a bill that would offer hospitals liability protection when sharing cyber threat indicators (CTIs) in an effort to improve the nation’s cyber defenses.
Why It Matters: The pace of cyberattacks on healthcare organizations is on the rise. Fear of a lawsuit from affected parties however has hospital and health systems officials are leery of sharing information with the government about threats or actual breaches. Providers also worry about the impact on public perception of the security of health information. The Cybersecurity Information Sharing Act (S.754), or CISA, would allow private entities to share threat information with the federal government for the betterment of the nation’s overall security.
CISA passed the Senate Intelligence Committee in March with broad bipartisan support and from industry. The bill would help businesses achieve timely and actionable situational awareness to improve theirs and the nation’s detection, mitigation, and response capabilities against cyber threats. CISA would create a voluntary program to help strengthen the protection and resilience of businesses’ information networks and systems against increasingly sophisticated and malicious actors.
The legislation would expand government-to-business information sharing, which is progressing but needs improvement. Further, CISA would incent businesses to share cyber threat data with appropriate industry peers and civilian government entities to bolster our critical infrastructure systems.
CHIME is a member of the Protecting America’ Cyber Networks Coalition and a supporter of the CISA legislation. We encourage you to use CHIME’s Congressional Advocacy Portal to tell your senators today about the importance of being able to share cybersecurity threats across organizations.
Harris Health System Awarded $150K to Evaluate Cyber Threat Information Sharing Needs for Hospitals
Key Takeaways: HHS Awards Information Sharing Grant to Harris Health System
Why It Matters: As the industry pushes toward greater interoperability, hospitals and health systems are only as strong as those with whom they must share patient data. The ability to share cyber threat information without fear of retribution is an important first step. Just last week, the Department of Health and Human Services (HHS) announced a one-year $150,000 grant awarded to Harris Health System in Houston to improve ways to share cybersecurity threat information and protect the healthcare sector.
The grant is extended under an executive order signed in February by President Barack Obama to encourage the development of information sharing and analysis organizations (ISAOs). These organizations will serve as go-betweens for collaboration on cybersecurity between the private sector and federal government. With the grant, Harris will work to identify the cybersecurity information needs and gaps of hospitals and other healthcare organizations across the country, to better fend of cyber threats.
CMS Extends Deadline, Seeks Feedback on MIPS RFI
Key Takeway: CMS seeks feedback on the new physician payment system. Key topics include the use of certified EHRs and meaningful use.
Why it Matters: Section 101 of Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) repeals the Sustainable Growth Rate (SGR) and replaces it with Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), and promotes the development of Alternate Payment Models (APMs).
CMS published an RFI on October 1, seeking input on 127 questions pertaining to the new physician payment system. Initially, CMS planned for only a 30-day comment period, however, the agency recently announced an extension to November 17 and included a prioritized set of topics for consideration. Several items on the list could be of interest to CHIME members, including:
- Reporting Mechanism Available for Quality Performance Category of MIPS
- Data Accuracy of quality performance data for MIPS
- Use of Certified EHR Technology (CEHRT) under the Quality Performance Category for MIPS
- Should the performance score for this category be based be based solely on full achievement of meaningful use?
- Under the MIPS, what should constitute use of CEHRT for purposes of reporting quality data?
- How should CMS define “use” of certified EHR technology for participants in an APM?
- What components of certified EHR technology should APM participants be required to use?
ONC Seeks Nominations for New Workgroups
Key Takeaway: The Office of the National Coordinator for Health IT (ONC) is seeking nominations for several new workgroups.
Why it Matters: The workgroups make recommendations to the full Health IT Policy Committee which, in turn, advises the secretary of HHS. Many of the recommendations made by the HITPC have been adopted by CMS and ONC. The new workgroups include:
- Interoperability Experience Task Force: The taskforce is charged with providing recommendations on the most impactful policy, technical, and public- private approaches that could be implemented to improve the interoperability experience for providers and patients. The taskforce would be expected to scope its work to a priority set of the top 3 to 5 most important interoperability needs for these stakeholders.
- API Task Force: The taskforce will be charged with identifying: 1) security concerns and real security risks that are barriers to the widespread adoption of open APIs in healthcare; 2) privacy concerns and risks that are barriers to widespread adoption of open APIs in healthcare; and 3) priority areas for ONC to address so that consumers and providers are confident that information is appropriately private and secure.
- Certified Technology Comparison Task Force: By April 16, 2016, HHS must issue a report studying the feasibility of establishing mechanisms to help providers in selecting certified EHR technology products. The taskforce is charged with providing recommendations on the most feasible and public-private approaches that could be utilized to create and maintain such a tool.
ONC notes that if you wish to be considered for membership in any of these new working groups you will need apply or update your information by logging into their website. You may do so by updating the application section labeled “Please select up to five Workgroups of interests.*” The new Task Forces mentioned above are now listed there.