CYBER DRAMA TEED UP ON HILL TODAY: The drama surrounding the Healthcare Cybersecurity and Communications Integration Center begins a new act today, as the House Energy and Commerce health subcommittee holds a hearing on the reauthorization of the Pandemic and All-Hazards Act, S. 2852 (115). The hearing follows a tetchy letter, sent Tuesday, from Energy and Commerce plus Senate HELP Committee leadership.

As long-time readers know, the HCCIC has been mired in a convoluted imbroglio first reported in-depth by your correspondent. The center’s been dealing with allegations of ethical improprieties by its former leadership, plus broad turnover of cybersecurity leadership in the department.

Here’s this week’s drama. Tuesday, the bicameral, bipartisan leaders of the two committees sent a letter to HHS asking, essentially: “What’s the deal?” The leaders specifically dwell on industry’s confusion at the lack of direction for the HCCIC, HHS’s lack of clarity about its plans and a report on cybersecurity best practices that’s not yet been produced.

Then there’s today’s hearing, which discusses the re-authorization of the Pandemic and All-Hazards Act. Said reauthorization includes a section on the HCCIC designating it the lead with the department for cybersecurity incidents.

Testifying is Association for Executives in Healthcare Information Security advisory board chair Eric Decker, who serves as Chief Security and Privacy Officer at the University of Chicago. Decker says that the report discussed earlier is on schedule for the end of 2018. While it’s not apparently finished, Decker moots providing incentives for best cybersecurity practices, such as subsidization and safe harbor from enforcement actions.

The bill being considered by the committee reorganizes HCCIC, moving it from HHS’s Office of the Chief Information Officer to its Office of the Assistant Secretary for Preparedness and Response (ASPR), which deals with public health emergencies. That could be a big shift in policy, one health care cyber exec told your correspondent: ASPR might not have the relevant tech expertise to manage a cybersecurity initiative.

Leslie Krigstein, of the College of Health Information Management Executives, told your correspondent that the group hasn’t yet vetted the idea with its broader membership. But, she continued, the organization would like a “single operating division that we can look to for cybersecurity leadership and we’d hope it wouldn’t be a regulator.”

HHS said they intend to respond to the letter in a timely fashion. We’ve got people on the ground monitoring the hearing.

— Also in Congress: The Senate Finance Committee opioid mark up has postponed. The panel, which originally planned to mark up its opioid bills this week, is now expected to take up the measures – which include legislation on telehealth, among other policies – g next week, sources tell Morning eHealth. A date has not been set.

eHealth tweet of the day: Bijan Salehizadeh @bijans “‘Gamification’ was just mentioned on a major medical device company analyst day presentation. HC seems always 10 years behind. I expect AI/ML mentions on medical analyst day presentations in 2028.”

WEDNESDAY: Your correspondent relishes one aspect of adulthood: the unquestioned right to control music playlists. Whereas there was previously always one superior authority in any previous musical situation — someone with a driver’s license, say — now your correspondent is in command. Suggest songs you can have a conversation to at [email protected]. Discuss music socially at @ArthurAllen202, @dariustahir, @ravindranize, @POLITICOPro, @Morning_eHealth.

AZAR ON INTEROPERABILITY — NOT A MICROMANAGER: HHS secretary Alex Azar reprised his de-regulatory message to health trade groups Tuesday, emphasizing that the department will provide incentives but will not micromanage in its campaign to make patient, pricing and quality data more interoperable.

Azar has consistently stated the importance of interoperability, and did so again in Tuesday’s prepared remarks before American Health Care Association/National Center for Assisted Living. He referenced his recent hospital visit for diverticulitis, during which he was forced to send his medical history, medication list and other data to each new care provider.

“I’m active and relatively young. Imagine if I’d been a much older patient, like those so many of you serve, or one who required a caregiver or family member to assist in my understanding of the system,” he said.

CERNER DEAL FUNDING MOVES FORWARD: With White House support, a Senate Appropriations subcommittee Tuesday moved forward $1.2 billion in funding for fiscal year 2019 for the transformation of the VA’s electronic health record system. The administration was less enthusiastic with other aspects of the VA spending bill, particularly the committee’s refusal to merge community care and Veterans Health Administration spending budgets. The administration says merging the two would give more flexibility to local VA operations, but some members of Congress worried that such a move could end up diverting funds away from VA facilities. Here’s the White House statement on the funding bill.

MEDICARE TRUSTEES REPORT: The annual report from Medicare trustees on the fiscal health of the program came out Tuesday, and while most of the headlines focused on projections that the benchmark hospital trust fund’s expiration three years earlier than previously projected, one small note got less attention. With a hat tip to Cristina Boccuti, it appears the trustees are lowering projections of physician participation in risk-bearing advanced payment models for 2019.

UDI COMMENTS: A group of eminent researchers from Yale School of Medicine are peeved at continued resistance to the use of unique device identifiers in the health care system. Despite UDI’s potential use in detecting safety and performance issues in medical devices, it has had “limited effect,” they write in the latest issue of Annals of Internal Medicine.

“Health systems have not made the necessary investments to alter workflows and capture the UDI in EHRs, often leaving the field blank,” the researchers continue, and it’s unclear whether CMS will approve the modification to include the identifier in claims forms. While the authors acknowledge financial costs associated with changing software, and changes to workflows, they argue the benefits to inventory management and comparative effectiveness research would outweigh the costs.

“[W]e must surmount resistance within our health systems to altering status quo workflows and building interfaces for different information systems,” they conclude.

“This is more complicated than i could have imagined before seeing from FDA perspective,” tweeted former agency commissioner Robert Califf, about the article. “but it is intolerable to be unable to identify what devices are in which pts. we have to get this fixed.”

PERSONNEL NOTES: Suzanne Bakken, of the Columbia University School of Nursing, was named editor-in-chief of the Journal of the American Medical Informatics Association Tuesday.

GENEALOGY BREACH: Consumer genealogy company MyHeritage announced that the data of 92 million users had been breached earlier this week. While the company stores DNA and family tree data, it believes less sensitive data — users’ emails — was the only information exposed. It’s hired an independent cybersecurity firm to investigate.

WHAT WE’RE CLICKING ON

— Can health care funders use technology to combat sexual assault?

— CNBC pulls back the curtain on Amazon’s “Grand Challenge” team – whose members are developing technology for cancer research and diagnosis

— South Carolina prisons are switching EHRs and focusing on telehealth.

— JAMA article describes the shift from ICD-9 to ICD-10.

Follow us on Twitter


• Mohana Ravindranath @ravindranize
• Darius Tahir @dariustahir

Follow Us