The Washington Debrief will not be published on February 26 or March 4 due to ViVE. Publication will resume on March 11. | |
Webinars & Member Engagement | |
|
Add This Policy Session to Your ViVE 2024 Agenda!
Key Takeaway: Don’t miss the chance to hear from CHIME’s Policy Steering Committee at ViVE (Feb. 25-28 in LA) during a Star Wars themed policy session, “The Providers Strike Back: Policy Jedi Masters” on Monday, February 26th at 10:00 a.m. PT. Additional details on this session and more can be found here in the final agenda.
Why It Matters: In a galaxy not so far away, c-suite healthcare executives are staring down forthcoming cyber mandates, an AI policy plot, and the next saga of interoperability policies within the vast universe of digital health and health IT. CHIME's Policy Steering Committee under the Rebel Alliance, will have you on the edge of your seat as they decipher the policies coming from our nation's capital. These policy Jedi knights will share their hyperspace policy maneuvers and tactics and how they are shaping the future of the healthcare galaxy to restore the Republic. Come prepared to learn from the best. May the force be with you!
| |
|
LTPAC Health IT Collaborative Webinar on Information Blocking
Key Takeaway: The LTPAC Health IT Collaborative of which CHIME has been a long-standing member, is hosting a webinar featuring ONC speakers on the topic of Information Blocking. The webinar will be on Thurs., Feb. 22nd from 1:00-2:15 p.m. ET.
Why It Matters: The webinar is open to CHIME members. Register here.
| |
|
Reps. Kelly and Foster Introduce MATCH IT Act to Improve Patient Matching
Key Takeaway: Last week, Reps. Mike Kelly (R-PA) and Bill Foster (D-IL) introduced H.R. 7379, the Patient Matching and Transparency in Certified Health IT (MATCH IT) Act of 2024, with CHIME’s support. You can find the bill text here and CHIME’s press release here.
Why It Matters: The bill would create an industry standard definition for the term “patient match rate” — to allow measurement of patient match rates across the healthcare system — and would improve standardization of patients’ demographic elements entered into certified health IT products to ensure patients are accurately matched with the correct medical record. Please contact Cassie Ballard at cballard@chimecentral.org if your organization would like to endorse this bill or if you would like to learn more.
| |
|
Bipartisan AI Workforce Bill Introduced in Senate
Key Takeaway: Last week, Senators Eric Schmitt (R-MO) and Gary Peters (D-MI) introduced S. 3792, the AI and Critical Technology Workforce Framework Act, to strengthen America’s workforce pipeline in artificial intelligence (AI), cybersecurity, and other critical technologies.
Why It Matters: According to Sen. Schmitt’s press release, the bill would:
- Direct the National Institute of Standards and Technology (NIST) to develop an AI workforce framework and identify and report to Congress on other critical or emerging technology areas that could benefit from workforce frameworks, with a focus on ensuring that the frameworks are useful for individuals from nontraditional backgrounds and education;
- Require the National Initiative for Cybersecurity Education (NICE) cybersecurity framework to be updated with input from industry, academia, and government agencies to reflect changes in the cybersecurity sector;
- Encourage NIST to offer career resources and guidance to students and adults about careers in cybersecurity.
| |
|
TEFCA Adds Two New QHINS
Key Takeaway: The Department of Health and Human Services (HHS), through the Office of the National Coordinator for Health IT (ONC), announced that two additional organizations, CommonWell Health Alliance and Kno2, have been designated as Qualified Health Information Networks (QHINs) governed by the Trusted Exchange Framework and Common Agreement (TEFCA). This brings the total number of QHINs to seven; you can find the press release here.
Why It Matters: ONC has led a multi-year, public-private process alongside its Recognized Coordinating Entity (RCE), The Sequoia Project, to implement TEFCA, which was included in the 21st Century Cures Act to support nationwide interoperability. TEFCA became operational in December of last year, with the designation of the first five QHINs –eHealth Exchange, Epic Nexus, Health Gorilla, KONZA, and MedAllies.
| |
|
New Publications from NIST Including One on HIPAA Security Rule
Key Takeaway: This month NIST has published several special publications in their 800 series which includes information of interest to the computer security community. See below for details. The entire list of recent publications can be found here.
Why It Matters: The Health Sector Coordinating Council’s Cybersecurity Working Group (HSCC CWG) of which CHIME is an active member, commented on the below HIPAA Security Rule document. They requested NIST place more emphasis on helping smaller providers and NIST agreed – the new document reflects more resources listed for these entities.
· Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide
- This publication, revised in collaboration with the HHS Office for Civil Rights, provides guidance for regulated entities on assessing and managing risks to electronic Protected Health Information (ePHI), identifies typical activities that a regulated entity might consider implementing as part of an information security program, and presents guidance that regulated entities can utilize in whole or in part to help improve their cybersecurity posture and assist with achieving compliance with the HIPAA Security Rule.
· Special Publication (SP) 800-223, High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture
-
This publication provides guidance on standardizing and facilitating the sharing of high-performance computing (HPC) security postures by introducing a zone-based HPC system reference architecture that captures common features of HPC systems and serves as a foundation for a system lexicon. The document also delves into HPC system threat analysis, security postures, challenges, and recommendations. Additional information can be found here.
· Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines
- This document outlines strategies for integrating software supply chain (SSC) security measures into continuous integration and continuous deployment (CI/CD) pipelines.
| |
|
CISA Releases JCDC’s 2024 Priorities
Key Takeaway: The Cybersecurity and Infrastructure Security Agency (CISA) has released the Joint Cyber Defense Collaborative’s (JCDC) 2024 Priorities. The JCDC is comprised of public and private partners, and the 2024 Priorities build on the 2023 Planning Agenda by aligning resources and strategic direction to “develop high-impact and collaborative solutions to the most pressing cybersecurity challenges.”
Why It Matters: The three focused goals of the 2024 Priorities are to: 1) defend against Advanced Persistent Threat (APT) operations; 2) raise critical infrastructure’s cybersecurity baseline; and 3) anticipate emerging technology and risks. CISA encourages organizations to review the priorities and their blog post here to drive a unified cybersecurity effort.
| |
|
HC3 Releases Threat Briefing on Russian Threat Actors Targeting HPH Sector
Key Takeaway: The Health Sector Cybersecurity Coordination Center (HC3) has released a threat briefing titled “Russian Threat Actors Targeting the Healthcare and Public Health (HPH) Sector.” It provides an overview of various Russian threat actors, their motivations for targeting U.S. critical infrastructure, and includes best practices and mitigation techniques.
Why It Matters: Russian threat actors have been targeting U.S. critical infrastructure for decades, motivated by opportunities for financial gain and geopolitical reasons. They specifically focus on the HPH sector because it is considered a "soft target" with a higher likelihood of ransom payment. For the 13th consecutive year, the healthcare industry has witnessed the highest data breach costs among all sectors. HC3 urges organizations to read the briefing to gain awareness and apply the correct mitigations for future cyber incidents.
| |
|
eHealth Exchange Accepting Applications for HIE and Public Health Incentive Program
Key Takeaway: eHealth Exchange is currently accepting applications for their health information exchange (HIE) and Public Health Incentive Program. Learn more here.
Why It Matters: The HIE and Public Health Incentive Program seeks to accelerate public health interoperability using scalable solutions and is offering a financial incentive for the first 5 HIEs or state/local public health agencies that sign up.
| |
|
2024 ISA Reference Edition is Now Available
Key Takeaway: The 2024 Interoperability Standards Advisory (ISA) is now available. View the PDF version here. Additional resources can be found here.
Why It Matters: Notable updates to this edition include the addition of: Administrative Transactions: Price Transparency section; updates to standards across Administrative Transaction sections; and the inclusion of new standards across Pharmacy Interoperability pages.
| |
|
OIG Audit on Evaluation and Management Services
Key Takeaway: According to an audit from the HHS Office of the Inspector General (OIG), physicians and other practitioners that provided Evaluation and Management (E/M) services via telehealth during the first 9 months of the pandemic (March 2020 through November 2020) generally complied with Medicare requirements.
Why It Matters: Of the 110 providers sampled, 105 complied with Medicare requirements. Since providers generally met Medicare requirements when billing for E/M services provided via telehealth and unallowable payments identified resulted primarily from clerical errors or the inability to access records, there were no recommendations made in the report.
| |
College of Healthcare Information Management Executives (CHIME)
| | | | |
