CHIME, AEHIS, Offer Suggestions to Lawmakers for Improved Cybersecurity | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

CHIME, AEHIS, Offer Suggestions to Lawmakers for Improved Cybersecurity

May 20, 2016
by Rajiv Leventhal
| Reprints
Statement includes proposal for CMS to reimburse providers that display mature cyberattack readiness

The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) have written a statement to lawmakers offering suggestions for how to bolster healthcare cybersecurity.

CHIME references the recent the Ponemon Institute report that details how the cyber threat landscape has never been more dangerous. Indeed, the two healthcare associations are calling for greater collaboration between providers and medical device manufacturers and for the Food & Drug Administration (FDA) to develop standardized cybersecurity framework for medical devices, per their joint statement to the Senate Committee on the Judiciary Subcommittee on Crime and Terror.

The statement reads, “While ransomware is the topic of the day, it’s important to take a step back and remember that it is only a subset of the broader cybersecurity threats facing the industry. Additionally, it is important to note that ransomware is just a subset of malware in general, and has been a threat to all industries for over 10 years.”

CHIME and AEHIS members point to inconsistencies in the enforcement of the laws governing privacy and security as a major impediment to being able to implement sound risk mitigation strategies. “The existing enforcement paradigm is heavily focused on compliance with maintaining patient privacy, which can be a distraction or drain on already limited resources necessary to actually secure the numerous points of entry–medical devices, networks, EHRs. Variability in expectations of those that interact with healthcare data, including medical device manufacturers and business associates, will only contribute to the difficultly in securing each and every potential vulnerability,” they write.

They add, “To better safeguard healthcare systems, we must improve threat and incident information sharing across the industry. No single sector of the healthcare ecosystem can solve the problem alone. Only by pulling together and sharing best practices can we thwart cyber criminals and protect patients. This type of collaboration is vital towards remaining nimble to the threats of today, for every day a new threat is introduced into the industry.”

As such, CHIME and AEHIS offer various suggestions for lawmakers to consider as the sector matures in its efforts to improve cyber hygiene and fight bad actors:

Enabling the Use of a Healthcare-Specific Identification Solution: Reducing the reliance on SSNs and other identifiable information that help bad actors execute fraud will immediately devalue health records on the black market.

Incentives for Security: Policymakers should look for ways to encourage investment through positive incentives for those who demonstrate a minimum level of cyberattack readiness and mature information risk management programs.

Security as Factor in Reimbursement: Congress should allow CMS to consider a similar principle to value-based reimbursement modifiers to be applied to healthcare enterprises investing in security.

Reduce Regulatory Complexity: Congress should pursue legislation that harmonizes other privacy, security and information risk management requirements to eliminate the complex patchwork of regulations across industries and state lines.

Workforce Development Programs: Policymakers should support ways to develop security experts to address both cyber concerns and general information security challenges.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.