Want to add a member of your team to our distribution list? Email at policy@chimecentral.org

Webinars & Member Engagement

Two Cheat Sheets on CIRCIA Proposed Rule

Key Takeaway: We have two comprehensive cheat sheets on the recently released proposed rule implementing CIRCIA. This concise cheat sheet provides a high-level understanding of the proposal's key provisions and implications for the Healthcare and Public Health (HPH) Sector. For those seeking an in-depth dive, our longer cheat sheet delves into the details of this proposal.

Why It Matters: The Public Policy team will be holding workgroup calls to gather feedback to inform our comment letter on the proposed rule. Please email policy@chimecentral.org to sign up for either of the below dates and times! You can also email your feedback directly anytime.



• Monday, April 22 at 3:00 - 4:00 p.m. ET
• Thursday, May 2 at 2:30 - 3:30 p.m. ET

CHIME’s New Cheat Sheet on Quantum Computing



Key Takeaway: CHIME has released a new cheat sheet on Quantum Computing. It covers this revolutionary technological advancement, discussing various topics including the challenges of quantum computing and its applications in healthcare. You can find it here.

Why It Matters: It includes the latest updates on how quantum computing is federally funded, the legislation behind it, and how it's implemented. Quantum computing has the transformative capability to tackle many critical issues – and for healthcare, it has the potential to revolutionize various aspects of diagnosis, treatment, and data security.

Congressional

Congress Returns from Recess



Key Takeaway: Lawmakers will return to Washington this week to kick off the spring and summer work periods. With the Senate returning today, and the House tomorrow – the House Republican Steering Committee is expected to meet to consider and vote on a new chair of the Appropriations Committee.

Why It Matters: With FY 2024 spending packages wrapped up, appropriators will now turn their attention to FY 2025 matters. Congress may punt government funding into the "lame duck" session following the November 2024 election. Also happening this week, the House Energy and Commerce Subcommittee on Health will hold a hearing to discuss legislative proposals to support patient access to telehealth services.

Federal

CHIME Signs Onto Stakeholder Letter to the DEA on Prescribing Via Telehealth



Key Takeaway: CHIME and over 200 stakeholders have signed on to a joint stakeholder letter calling on the Drug Enforcement Administration (DEA) to issue a revised proposed rule to permit and regulate the prescribing of controlled substances through telehealth as soon as possible to ensure adequate time for patients to continue existing care. You can find the letter here.

Why It Matters: A timely release of this proposed rule is critical – it will help to ensure clinicians and patients can continue with their existing care, which is crucial for access to mental health, substance use disorder (SUD), and other telehealth services.

Cybersecurity

HC3 Releases Sector Alert on Help Desk Social Engineering



Key Takeaway: The Health Sector Cybersecurity Coordination Center (HC3) has recently observed threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations. They released a new Sector Alert – “Social Engineering Attacks Targeting IT Help Desks in the Health Sector,” which you can find here.

Why It Matters: Threat actors continue to evolve their tactics, techniques, and procedures (TTPs) to achieve their goals. HC3 recommends various mitigations outlined in this alert, which involve user awareness training, as well as policies and procedures for increased security for identity verification with help desk requests. 

TEFCA Cyber Cheat Sheet



Key Takeaway: Check out our new cheat sheet on the cyber components contained in the Trusted Exchange and Common Agreement (TEFCA) – a voluntary framework that establishes a universal floor for interoperability across the country.

Why It Matters: The Common Agreement contains various cyber requirements for those QHINs joining the network including defining a cyber incident, individual access services, third-party certification, and more. Plans are underway to update both documents shortly to Version 2.

NIST’s Incident Response Recommendations and Considerations for Cybersecurity Risk Management

Key Takeaway: The National Institute of Standards and Technology (NIST) is releasing the initial public draft of Special Publication (SP) 800-61r3 (Revision 3), Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A Cybersecurity Framework (CSF) 2.0 Community Profile, for public comment. It aims to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities, as described by CSF 2.0.

Why It Matters: This publication can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery activities. The public comment period for this draft is open through May 20, 2024. For more information, check out the Incident Response project page here.

405(d) Program Releases Healthcare Threat Identification Poster



Key Takeaway: The 405(d) Program has released a new poster on Healthcare Threat Identification. You can download it here, and the Spanish version is available here.

Why It Matters: It is important for healthcare organizations to recognize and mitigate threats that exist at multiple levels. This poster illustrates common threats and vulnerabilities that organizations face, along with the corresponding mitigation tactics. 405(d) encourages everyone to download and share the poster to increase cyber and patient safety.

Artificial Intelligence

U.S. and UK Announce Partnership on Science of AI Safety



Key Takeaway: The U.S. and UK have signed a Memorandum of Understanding (MOU) which will see them work together to develop tests for the most advanced AI models; you can find the press release here. This partnership will see both countries working to align their scientific approaches and working closely to accelerate and rapidly iterate robust suites of evaluations for AI models, systems, and agents. 

Why It Matters: The U.S. and UK AI Safety Institutes have laid out plans to build a common approach to AI safety testing and to share their capabilities to ensure these risks can be tackled effectively. They intend to perform at least one joint testing exercise on a publicly accessible model. They also intend to tap into a collective pool of expertise by exploring personnel exchanges between the Institutes.