Washington Debrief: Ransomware Subject of Senate Hearing

Oct. 5, 2016
The Senate Committee on the Judiciary examined what authority the nation’s law enforcement agencies need to pursue botnets and to prosecute those illegally accessing or manipulating data.

Congressional Affairs

Ransomware Subject of Senate Hearing

Key Takeaway: Recognizing that hospitals and health systems are not the bad actor in incidents such as ransomware attacks, the Senate Committee on the Judiciary examined what authority the nation’s law enforcement agencies need to pursue botnets and to prosecute those illegally accessing or manipulating data.

Why It Matters: Congress has taken a great interest of the past few years in how to better protect data, whether it be health, financial or otherwise. The Subcommittee on Crime and Terrorism, led by Senators Lindsay Graham (R-SC) and Sheldon Whitehouse (D-RI), explored how the nation could hold these bad actors criminally liable if patient lives are jeopardized by a ransomware or other malware attack. Senator Graham cited that “locking down a hospital” via a ransomware attack is not just an issue of money, it puts lives at risk.

While the hearing was not specifically focused on healthcare, given the recent coverage of ransomware incidences in the healthcare industry, College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) submitted a statement for the hearing record outlining the current state of the industry’s cybersecurity readiness and provided suggestions on how to better position the nation’s health systems to fend off such attacks.

The House Committee on Energy and Commerce will discuss the cyber readiness of the Department of Health and Human Services (HHS) through the lens of a bill (H.R. 5068) during a hearing on Wednesday, May 25. The HHS Data Protection Act would move the Chief Information Security Officer (CISO) position away from reporting to the Chief Information Officer (CIO), instead making it a position equal to the CIO and directs that the CISO report to Assistant Secretary for Administration at HHS.

Congress Keeps Pressure on VA to Outline Future EHR plans

Key Takeaway: The Military Construction and Veterans Affairs (MilCon/VA) spending legislation that was passed by the House and Senate last week requires the Department of Veterans Affairs (VA) to report to Congress a plan for keeping its VistA electronic record or moving to a new system. The plan must include a proposal with metrics, time frames and a cost estimate.

Why It Matters: The House passed a bill (H.R. 4974) on a 295-129 vote, the Senate voted 89-8 last Thursday to pass the 2017 VA spending bill that includes $260 million for the VA to modernize its EHR.

As has been in past VA spending bills, Congress will withhold a certain amount of the department's IT budget until it submits progress reports on meeting interoperability with the Department of Defense (DOD) EHR system.

Federal Affairs

Scuttlebutt on APIs

Why it Matters: The chatter on APIs continue to take center stage in Washington.

Key Takeaway: Meaningful Use Stage 3 and MACRA will require the use of APIs so that patients can more easily access their health information.  The precision medicine effort of the White House has also pinned its hopes on use of APIs to facilitate data sharing. There are no requirements in the 2015 version of CEHRT for standardizing APIs, which is expected to create challenges for the desired state of seamless data exchange. With providers being required to enable APIs to facilitate patient access, concerns abound around introducing more security threats into an already taxed environment.  Here are some highlights on APIs from this week:

FDA and EHRs for Clinical Trial Use

Key Takeaway: FDA publishes draft guidance involving EHRs and clinical trials

Why it Matters: This guidance is intended to assist sponsors, clinical investigators, contract research organizations, institutional review boards (IRBs), and other interested parties on the use of electronic health record (EHR) data in FDA-regulated clinical investigations. This guidance provides recommendations on:

  • Deciding whether and how to use EHRs as a source of data in clinical investigation
  • Using EHRs that are interoperable with electronic systems supporting clinical investigations
  • Ensuring the quality and the integrity of EHR data that are collected and used as electronic source data in clinical investigations

Comments are due to the FDA on July 18, 2016.

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...