Washington Debrief: Senate Leaders Say Cybersecurity Legislation Must Pass This Year

Senate Leaders Say Cybersecurity Legislation Must Pass This Year

Key Takeaway: Senate Intelligence Committee leadership expressed the need to pass cybersecurity legislation before Congress adjourns in December.

Why It Matters: There is growing urgency to pass cybersecurity legislation this year, according to senior lawmakers in the Senate. Legislation addressing legal protections that incentivize cyber threat data sharing across stakeholders, including the government, is a priority for the Senate Intelligence Committee, according to Chairwoman Sen. Dianne Feinstein (D-CA) and Ranking Member Saxby Chambliss (R-GA).

During a session at The Third Annual Cybersecurity Summit hosted by the U.S. Chamber of Commerce last week, both Senators Feinstein and Chambliss stressed the need for immediate legislative action before the end of the 113^th Congress.

The Senate Intelligence Committee approved the Cybersecurity Information Sharing Act of 2014 (S. 2588) earlier this year, which would improve the nation’s cybersecurity through enhanced sharing of information about cyber threats. The House passed the companion legislation, the Cyber Intelligence Sharing and Protection Act (H.R. 624) in April 2013.

Those interested in learning more about what colleagues are doing to prevent cyber attacks, and discussing the challenges and latest trends in cyber security can join CHIME for our next regional LEAD Forum on December 9 in Houston, TX. Save the Date!

Privacy and Security Workgroup Looks at Big Data

Key Takeaway: The Office of the National Coordinator for Health IT (ONC) Privacy and Security Workgroup sought to shed some light on big data policy last week at their FACA meeting.

Why It Matters: Many areas related to EHRs and big data have yet to receive official policy recommendations from ONC or its workgroups. These areas include, but are not limited to, consent policies and privacy when sharing patient data, personalized medicine, health data in mobile apps (consumer-generated data) and encryption.

In the five years after the passage of the Health Information Technology for Clinical and Economic Health (HITECH) Act, the nation has seen rapid adoption of health information technology. The Meaningful Use program has mapped out specific uses for EHRs to qualify for program incentives and avoid penalties; however, many EHR functionalities have been left out of the program. Patient consent, for instance, has not been mandated by the program, yet each state has rules in place that require patient consent for sharing personal health data, especially for sensitive health data like behavioral and mental  health data, among other things. Organizations have had to rely on paper solutions to capture consent because many EHRs do not have consent functionality built into the system. Further, there are no clear consent rules related to providing patient data for research.

With all eyes on interoperability, many of these issues need to be addressed by policymakers through the creation of standards and definitions. According to the meeting slides,

• “There is no rigorous definition of big data”
• “. . . Big data refers to things one can do at a large scale that cannot be done at a smaller one, to extract insights or create new forms of value, in ways that change markets, organizations, the relationship between citizens and governments, and more.”
• “At its core, big data is about predictions . . . It’s about applying math to huge quantities of data in order to infer probabilities . . . .”

To address these issues, the workgroup will try to address the following policy questions:

• “Are updates or additional policies needed to address ethical privacy frameworks and research standards?”
• “What policies and technologies exist to protect the privacy of databases?”
• “Recognizing the limitations of current guidance, what are additional solutions for the de-identification of data?”

Health IT Certification Body to Shutter Due to Regulatory Uncertainty

Key Takeaway: On November 14, the Certification Commission for Health Information Technology (CCHIT) will close its doors because of the slow pace of 2014 edition technology and uncertainty for Stage 3, the organization said last week.

Why It Matters: CCHIT has been certifying EHRs since before the HITECH Act was passed, and even though they had a track-record of success, the independent testing and certification body was unable to create a business plan for the future.

With the rapid turnover of top ONC officials over the last two years, it’s not surprising to see an organizations move away from the certification process. With the massive reach of the certification program, but no clear steps toward the next stage of Meaningful Use, other organizations may follow. CCHIT will pass their assets to HIMSS after their closure.

CHIME Launches 2 Organizations to Serve Chief Technology Officers and Chief Application Officers

Key Takeaway:  CHIME announced last week the launch of two new organizations to serve the education and professional development needs of healthcare executives in senior technology and application roles.

Why it Matters:  The Association for Executives in Healthcare Information Technology (AEHIT) and the Association for Executives in Healthcare Information Applications (AEHIA) are the first professional organizations representing chief technology officers (CTOs) and chief application officers (CAOs) in the healthcare setting. These organizations will address an unmet need in the industry by providing educational resources on important healthcare technology and IT application-focused issues, as well as an environment where CTOs and CAOs can communicate with, inform, and educate one another.

“Both of these new organizations will help strengthen the CTO and CAO roles in order to meet the challenges created by the rapid and unprecedented changes in healthcare technology,” said CHIME Executive Vice President of Membership and Professional Development George W. McCulloch, FCHIME, CHCIO. “Our goal is to provide the education and collaboration necessary for these leaders so they can solve issues, share best practices, and form meaningful supportive relationships with their peers.”

These follow the recent creation and launch of the Association for Executives in Healthcare Information Security (AEHIS) to serve healthcare CSOs.

Interested CTOs and CAOs who apply and are accepted before Dec. 31, 2014 will be recognized as founding members and will receive a one-year complimentary membership. For more information, please visit www.aehit.org and www.aehia.org. 

Edited by Gabriel Perna for style