President's Cybersecurity Proposals to Promote Info Sharing through 'Targeted Liability Protection'
Key Takeaway: During his State of the Union address, President Obama called on lawmakers to pass comprehensive cybersecurity legislation that would focus on: increased information sharing, modernization of law enforcement agencies, and national data breach reporting. The administration is looking to incentivize participation in information sharing networks through targeted liability protection.
Why it Matters: The President's cybersecurity proposals align and reinforce past congressional efforts and raise prospects of passing substantive legislation in the 114th Congress. CHIME is actively working with policymakers to help them understand cybersecurity in the context of healthcare delivery; contact Jeff Smith if you'd like to learn more.
President Obama called for strengthening cybersecurity in his State of the Union speech last week, but his administration supplemented the State of the Union shout out with a multi-pronged legislative proposal. The President called on Congress to enable more cybersecurity information sharing; modernize law enforcement authorities and create a national data breach notification protocol. The President's proposal seeks to encourage the private sector to share threat information with the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC), which will then siphon credible information to relevant federal agencies and with private sector-developed and operated Information Sharing and Analysis Organizations (ISAOs). ISAOs are new designations that administration officials hope can be trusted private-sector brokers of cyber threat information. The administration has also proposed to provide "targeted liability protection for companies that share information" with the NCCIC and ISAOs.
The Administration's proposals on law enforcement would allow for the prosecution of the sale of botnets, criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity.
Meanwhile, the President's plans on breach notification would likely put other sectors of the economy on equal footing with healthcare by harmonizing state laws and requiring businesses that have suffered an intrusion to notify consumers if their data has been compromised. The proposal "puts in place a single clear and timely notice requirement to ensure that companies notify their employees and customers about security breaches." Scattered pieces of legislation introduced last year contained similar elements to the President's proposals, raising the likelihood of substantive progress on these issues in the current Congress.
CHIME Supports AMA Letter to Improve ONC Certification Program
Key Takeaway: A group of 35 provider organizations, including CHIME, sent a letter to the Office of the National Coordinator for Health IT (ONC) urging the current certification program to better align end-to-end testing to focus on electronic health record (EHR) usability, interoperability and safety.
Why it Matters: The letter makes several recommendations that users of certified technology believe should be incorporated into ONC's next round of program enhancements. This is the first time that so many provider groups have developed consensus around the need for more robust testing and shown support for ONC plans to decouple EHR certification from Meaningful Use.
In a letter sent to ONC last week, providers urged officials to retool the federal health IT certification program to focus more on ways to improve patient safety, usability and interoperability. Specifically, letter signatories recommended ONC make the following changes to EHR certification:
- Decouple EHR certification from the Meaningful Use program;
- Re-consider alternative software testing methods;
- Establish greater transparency and uniformity on UCD testing and process results;
- Incorporate exception handling into EHR certification;
- Develop Consolidated-Clinical Document Architecture (C-CDA) guidance and tests to support exchange;
- Seek further stakeholder feedback; and
- Increase education on EHR implementation.
Additional recommendations asked ONC to work more closely with the National Strategy for Trusted Identities in Cyberspace (NSTIC) to address authentication difficulties faced by medical professionals. The letter also emphasized the need to do "exception handling" and "scenario-based testing," saying "the best way to ensure high-performing EHRs and to minimize errors is to rigorously test them against a multitude of clinical scenarios that represent the variety of workflows seen in acute and ambulatory care settings."
A copy of the letter can be found here.
New ONC Chief Health Information Officer to Aid Interoperability Efforts
Key Takeaway: Michael McCoy, M.D. has been named as ONC's Chief Health Information Officer (CHIO) to spearhead interoperability efforts and lead development of ONC clinical policy for standards and regulatory matters.
Why it Matters: Dr. McCoy is the first senior hire ONC has made since Doug Fridsma, M.D., Ph.D. who departed late last year. Dr. McCoy comes to ONC with several years experience in health IT as both a physician and developer.
ONC chief Karen DeSalvo, M.D. announced last week that Michael James McCoy, M.D. an obstetrician / gynecologist with more than 10 years' experience in health IT, will join ONC as the agency's first chief health information officer. Dr. McCoy has been involved with standards development through the Integrating the Healthcare Enterprise (IHE) Patient Care Coordination domain, and the IHE International Board of Directors. And he served as Catholic Health East's first chief medical information officer (CMIO).
In a statement CHIME officials said the organization welcomes the addition of an executive with experience working alongside providers and health IT developers. "The task Dr. McCoy has been charged-interoperability-is a daunting one, which will require bureaucratic, technical and implementation expertise," CHIME President and CEO Russell Branzell said. "We believe Dr. McCoy has the much-needed skills to help the nation achieve widespread interoperability and we stand ready to assist the ONC and Dr. McCoy in this important endeavor."
Legislation & Politics
House Committee Discusses Potential for SGR Fix during Two Day Hearing
Key Takeaways: The House Energy and Commerce Committee Subcommittee on Health held their first hearing of 2015 last week to discuss policy proposals to replace Medicare's Sustainable Growth Rate (SGR.)
Why It Matters: This hearing kicked off another in a long line of discussions, spanning more than 12 years on how to avoid Medicare physician reimbursement cuts required by law. Despite promising policy ideas, such as alternative payment models and streamlined quality measurement programs, the most recent patch came last March after lawmakers we unable to address the persistent political problem of how to pay for a permanent solution.
Last week, the Energy and Commerce Heath Subcommittee heard from two panels of witnesses, including a former Senator and Administration official as well as provider group representatives. All parties agreed that an immediate, permanent fix to the Sustainable Growth Rate (SGR) is needed, but disagreed on whether or not is must be paid for, and if so, where the funds would come from.
Both committee members and witnesses alike acknowledged the lack of care coordination within Medicare as a potential area for significant cost savings. There was consensus that widespread use of EHRs would enhance care coordination throughout the program.
In his written testimony, Richard Umbdenstock, President and Chief Executive Officer of the American Hospital Association (AHA), pointed to both the burden and promise of EHRs. He called for the standardization of health technologies and nationwide interoperability. He emphasized that hospitals have seen more than $121 billion in cuts since 2010, while being asked to comply with a growing number of regulatory requirements. Barbara McAneny, M.D., Chair of the American Medical Association (AMA) Board of Trustees, offered the organization's support for the legislation introduced last Congress, as it would streamline key features of the CMS quality reporting programs into one single, more practical program that offers greater flexibility for physicians to be rewarded for providing quality care.
Legislation to repeal the SGR has not yet been introduced into the 114th Congress and substantial discrepancies remain between Republicans and Democrats on how to address the extreme cost of the Medicare payment reform package. The current patch expires on March 31, 2015.
Edited by Gabriel Perna for style