Device cybersecurity top of mind

With help from Arthur Allen ( @arthurallen202 ) and Mohana Ravindranath ( @ravindranize )

DEVICE CYBERSECURITY TOP OF MIND: Medical devices, potentially so porous against malware and other outside attackers, received top-of-mind consideration with a policy rollout from FDA commissioner Scott Gottlieb and an announcement from a health trade group Tuesday.

Gottlieb plan: Gottlieb started with a blitz, rolling out a new medical device plan and, separately, appearing before the House Budget Committee to discuss the agency’s fiscal year 2019 budget request.

While the agency has used its oversight authority in recent years to shore up insufficient digital defenses, Gottlieb’s announcement signals an acceleration of that agenda. The plan says that the agency will consider placing new responsibilities on manufacturers, both before and after their devices hit the market. That could include requiring the capability to update device software for security flaws, and to provide for coordinated disclosure of vulnerabilities once discovered, among other initiatives. The agency is also considering forming a public-private partnership, called the CyberMed Safety Analysis Board, to help analyze and investigate cybersecurity issues in devices.

The cybersecurity provisions earned some praise from one interested party. The Association for Executives in Healthcare Information Security – a trade group consisting of health care information security executives – declared its support in a statement Tuesday night, with Eric Decker, the group’s chair, saying, “We believe all parties understand this challenge is a shared responsibility; today’s FDA announcement is an important step toward furthering this goal.”

Of course, Gottlieb’s announcements include several other relevant ideas — touts for unique device identifiers, real-world evidence, and the NEST post-market surveillance system, among others — but the cybersecurity part grabbed our attention.

Trade group announcement: Meanwhile, the Healthcare Supply Chain Association issued cybersecurity recommendations for its members — purchasers — to consider when procuring medical devices. The 12-point list includes suggestions like adhering to FDA guidance, and warranty and liability provisions.

SENATE COMMITTEES GEAR UP: Senate committees are gearing up for a welter of activity in the coming days. Here’s what to keep an eye on:

Further advances on Veterans Affairs: VA secretary nominee Ronny Jackson met with Senate Veterans Affairs Committee ranking member Jon Tester Tuesday. While Tester didn’t definitively reject Jackson, he didn’t sound wholly convinced by the White House doctor, saying in a video statement that he had “some concerns” about “whether he’s fit to run the second-largest agency in the government” and “to whether he’s willing to put his vision for the VA above folks in the White House who want to politicize the VA.” The confirmation hearing will be April 25.

Senate HELP Committee continues opioid, other work: The Senate HELP Committee is set to vote on four bills April 24, a committee spokesman announced today. Chief among those bills is The Opioid Crisis Response Act of 2018 ( S. 2680 (115)). That bill would boost prescription drug monitoring program data-sharing, ease some privacy requirements, and establish new registries while beefing up data-collection related to opioids.

While not opioids-related, also of note is Sen. Lisa Murkowski and Bob Menendez’s Firefighter Cancer Registry Act ( S. 382 (115)). The bill’s purpose and goals are pretty much described by the title.

There’s some action occurring in parallel with the vote announcement. Sens. Bill Cassidy and Chris Murphy unveiled another new bill Tuesday requiring HHS to annually inform providers about allowable disclosures of patient information during medical emergencies.

Gearing down: Meanwhile, HHS Secretary Alex Azar had to postpone a Thursday appearance before the Senate Labor-HHS Appropriations subcommittee to discuss the department’s budget request, due to his bout with diverticulitis.

eHealth tweet of the day: Zackary Berger, MD @ZackBergerMDPhD
EPIC: good MORNIN champ

me: what

EPIC: meet my relative! this is PDMP. simpler than me but necessary

me: nice to meet you!

PDMP:

PDMP:

me: why doesn’t she say anything

EPIC: she tunes out sometimes

me: when?

EPIC: basically when you need her

me: family habit

EPIC: right?

WEDNESDAY: Hello there, readers! Your correspondent has been back from Morocco just about a week and he’s hoping he’s not missed out on too much happening in our little corner of the world. What did you think was important recently? Tell him at [email protected]. Get in the social groove at @ravindranize, @athurallen202, @DariusTahir, @POLITICOPro, @Morning_eHealth.

POLITICO Space is our new weekly briefing on the policies and personalities shaping the second space age. Sign up today.

E&C LOOKS INTO INTERNET, HEALTH: The House Energy and Commerce committee Tuesday debated paid prioritization, a practice wherein telecom companies allow certain types of internet traffic to go faster in exchange for a fee. It’s a highly relevant topic these days, as the FCC is preparing to apply a “ light-touch” regulatory scheme to the internet by repealing an Obama-era ban on that practice. For eHealth, it’s a sensitive subject: startups worry they’ll be forced to pay tolls for fast service.

Telemedicine made a few appearances in the often contentious Energy and Commerce hearing, during which Republican reps. including Greg Walden and Marsha Blackburn argued in favor of prioritization while Democrats Mike Doyle and Frank Pallone advocated for reinstituting net neutrality.

Asked by Democratic Rep. Jerry McNerney if the rollback of net neutrality rules could affect veterans’ access to telemedicine, Matt Wood of Free Press noted that customers should be aware of potential downstream charges resulting from prioritization. Paul Schroeder from Aira, a company that provides video streams to remote agents who can guide blind customers in real time, told McNerney he wasn’t sure FCC ruling would affect Aira’s business. But he added that without partnerships like Aira’s with AT&T — which gives the company access to a high-speed network — underserved customers likely wouldn’t receive a high-quality service.

AMIA wary: In comments submitted to the committee, the American Medical Informatics Association “strongly urge[d] caution,” noting that access to affordable broadband with open terms of service is a key to health. The group went on to advocate for “measured experimentation,” with “important oversight mechanisms in place to mitigate growing health disparities among those that can afford to participate in our increasingly digital health system, and those who cannot.”

ALSO IN THE HOUSE: The House Veterans Affairs Committee discussed a prescription drug monitoring program bill — the Veterans Opioid Abuse Prevention Act ( H.R. 3832 (115)) — Tuesday. The bill would direct the VA’s Secretary to sign a memorandum of understanding with a nationwide PDMP network to facilitate more data-sharing. The bill is supported by the American Legion, the Paralyzed Veterans of America, and the Veterans of Foreign Wars. The Disabled American Veterans doesn’t formally support the bill, but was favorably disposed to its goals.

MORE VA UPHEAVAL: The department’s acting chief information officer, Scott Blackburn, announced his departure Tuesday night on Twitter. Our colleague Arthur Allen reports that his colleagues in the department expected Blackburn to exit following David Shulkin’s ejection, but were surprised by the suddenness of the announcement. Of course, with a switchover to Cerner expected to occur, a void at that part of the org chart is conspicuous. Pros can get the rest here.

KENNEDY’S OPIOIDS WORK BLURS LINES: Former Rep. Patrick Kennedy, an outspoken advocate on mental and behavioral health, has been profiting from work that blurs the lines between lobbying and advocacy, our Health colleague Adam Cancryn reports. Kennedy has drawn more than $1 million over the past few years from his not-for-profit, Kennedy Forum, while also earning money from a string of startups and private firms – including prominent digital health startup Pear Therapeutics, a company probably best known to Morning eHealth readers for its part in FDA’s pre-certification pilot.

Kennedy says his advocacy is on behalf of evidence-based treatment and therapies. “We’re about promoting policy and it so happens that in the case of supporting that policy, some people benefit and so they support our efforts,” Kennedy said. “But to say that we’re doing what we’re doing to kind of promote them, that’s not my MO.” Pros can get the rest here.

HITAC PREVIEW: As noted earlier in Morning eHealth, the Health IT Advisory Committee will be convening. Among other subjects, members will be voting on recommendations from the US Core Data for Interoperability Task Force. (You can see the slides for the presentation, as well as the recommendations themselves, here and here.)

HIGH-LEVEL DEVELOPMENTS: A few developments at the higher levels of Congress and the White House to keep abreast of:

No budget re-do, says McConnell: Sen. Mitch McConnell shut the door on proposals to trim $60 billion from the just-passed spending agreement in a Fox News appearance. The White House had been mulling using a “rescission package” to cut out billions from the budget.

Guidance up for grabs?: Early in the Trump administration, the legislature went on a binge of regulatory roll-backs, using the formerly obscure Congressional Review Act to stamp out several late Obama-administration rules.

Our Finance colleague Zachary Wambrodt reports that some Senators are plotting to use that same act to target agency guidances. The test case will be a Consumer Financial Protection Bureau guidance on racial discrimination in auto-lending from 2013, but at least in theory the procedure could be used on many other guidances. Keep in mind that many HHS agencies have availed themselves of guidance from time to time, which means large swathes of policy could — in theory — be targeted.

FCC WATCH: Commissioner Mignon Clyburn announced her departure Tuesday, our Tech colleague Margaret Harding McGill reported. Clyburn was a proponent of the FCC’s CONNECT2HEALTH initiative, which considered how the commission’s communications bailiwick might be used to improve health — for example through telemedicine and connected medical devices. Her replacement has not yet been officially announced, but Senate Minority Leader Chuck Schumer has recommended Geoffrey Starks, currently an FCC staffer, for the post. Members of the Congressional Black Caucus who pitched for Starks in a March letter to Schumer favorably noted his familiarity with health care issues. Typically, the President defers to the Senate Minority Leader’s recommendation in nominating commissioners for the agency’s minority-party seats.

WHAT WE’RE CLICKING ON:

Does health informatics have a replication crisis?

A Pew Charitable Trusts infographic on more usable EHRs.

A Health Affairs blog post on the new bundled payments announcement.

CORRECTION: The April 17 edition of Morning eHealth misstated the journal in which a new study on smartphone apps was published. It was JAMA Internal Medicine.