FDA cyber workshop recap

With help from Mohana Ravindranath (@ravindranize)

Editor’s Note: This edition of Morning eHealth is published weekdays at 10 a.m. POLITICO Pro eHealth subscribers hold exclusive early access to the newsletter each morning at 6 a.m. To learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services, click here.

Snow and cold are enveloping most of the country but they can’t chill an important day of news. Let’s fill you in:

Cyber recap: Day one of FDA’s cyber workshop had a tighter schedule than a short-order cook’s, with FDA reiterating its 2019 plans and participants talking about familiar themes.

HCCI loses key sponsor: The Health Care Cost Institute and United Healthcare are announcing a “sunsetting” of their data collaboration this morning, Morning eHealth can report first.

Apple-Aetna app: Apple and Aetna are rolling out an app for the insurer’s members that the companies say will encourage users to reach fitness and other wellness goals. Apps and wearables of this type don’t necessarily have a great history, so we’ll keep an eye on the actual performance.

eHealth tweet of the day: Protik Islam-Jakobsson @ikitorp “Genuinely believe our EHR system contains dedicated code for checking to make sure it crashes at least once every morning.”

WEDNESDAY: Another day, another day of D.C. drivers paralyzed by a round of light snow. (At least, it’s only lightly falling from your correspondent’s living room window as he writes this.) Share stories of ineptitude caused by piddling obstacles at [email protected]. Make fun of the D.C. populace’s perpetual confusion and ignorance when responding to winter socially at @arthurallen202, @dariustahir, @ravindranize, @POLITICOPro and @Morning_eHealth.

Get “Freezin’ for a Reason” on Saturday with Special Olympics DC. POLITICO is thrilled to partner with the “Polar Plunge,” an annual event that supports more than 1,600 Special Olympics DC athletes on Saturday, Feb. 2. Attendees will enjoy ICE YARDS festivities, including icy cocktails and local D.C. brews, fun activities, live music, an ice bar, food from neighborhood restaurants, D.C.’s largest group shotski attempt and so much more! Visit dcpolarplunge.org to register as an individual, as a team or join an existing team and take the plunge.

CYBER RECAP: FDA endeavored to keep things to a tight schedule Tuesday at its cybersecurity-in-medical-devices workshop due to the aforementioned dusting of snow, which was very thoughtful of them. Nevertheless, agency and other participants shared some interesting tidbits:

Plans: Suzanne Schwartz, one of the agency’s top cybersecurity officials, announced that FDA would be expanding its presence at the DefCon cybersecurity conference, while also reaffirming some previously announced plans to convene a public-private partnership to help coordinate responses to cybersecurity problems and introduce new information-sharing organizations.

Private-sector: Meanwhile, the workshop also brought together representatives from provider organizations, software and cybersecurity groups, and medical device manufacturers. Manufacturers were happy to reaffirm their commitment to strong cybersecurity practices, including cooperating with friendly hackers and outside researchers (who use hacking principles to probe and patch weaknesses in devices).

On the provider end, some representatives said FDA’s new guidances were proving helpful, pointing specifically to the “bill of materials,” which requires manufacturers to describe the software configurations of their devices. (For example, what operating system it runs.) Some providers said they’re monitoring reports of deficiencies – and changing procurement orders based on those reports.

One more note: while experts have frequently stressed the importance of patching devices, providers noted that’s not enough. Updating device software can interrupt connections with alarms or other gadgets, which means providers and manufacturers have to be deliberate about these changes.

New fundraising round: Medigate, a startup seeking to bolster medical device cybsecurity, announced it had garnered $15 million in new funding Tuesday.

HCCI-UNITED SPLIT COMING: The Health Care Cost Institute, a research group, and United Healthcare are sunsetting their data collaboration agreement, Morning eHealth can report first today. HCCI, which includes claims data from multiple payors, has partnerships with researchers inquiring into costs in the health care system. The Institute plans on approving up to ten new projects between now and June 30; researchers can access the group’s dataset, with the United data, until Dec. 31, 2022.

HCCI will continue to get data from other partners, including Aetna, Humana and Kaiser Permanente.

WHAT TO WATCH FROM APPLE AND AETNA: A new partnership between Apple and Aetna may bring us closer to a world in which smartwatches quietly and constantly observe us, periodically nudging us to make lifestyle changes.

The tech company and insurer are collaborating on iPhone and Apple Watch app called Attain, which could integrate detailed information about wearers’ health, including heart rhythm and step count, with claims data to come up with personalized recommendations for exercise or preventive health steps.

Wearables have, of course, had a mixed record in durably inspiring more exercise, and some might be nervous about the prospect of all this data sloshing around. (Here’s a look at Apple and Aetna’s privacy policy for Attain: h/t The Washington Post’s Brian Fung.)

ICYMI: SHAREHOLDERS DROP ATHENAHEALTH SUIT: Shareholders have droppedthree class-action lawsuits against the board of EHR and practice management software company athenahealth, which they argued weren’t transparent about details of a $5.7 billion sale to Elliott Management and Veritas Capital.

PERSONNEL MOVES: Partners HealthCare CEO David Torchiana on Tuesday abruptly announced his departure, effective April ... Karen DeSalvo will be advising early-stage digital health, device and diagnostic investor firm LRVHealth

BUDGET AND APPROPRIATIONS STUFF: The Trump administration won’t be submitting its budget request for 2020 this week, our colleagues Jennifer Scholtes and Caitlin Emma report. … Meanwhile Senate Majority Leader Mitch McConnell signaled his willingness to consider legislation that would prevent budget shutdowns, our colleague Marianne LeVine reports.

COMMENT SEASON CONTINUES: Comments continue to flow in response to ONC’s request for information on reducing burdens for health IT. Among the more notable: the Partnership to Amend 42 CFR Part 2, which urges HHS to figure out ways to more closely align the privacy regulations (which governs some substance use disorder health data) with HIPAA (which governs the health sector more broadly). Advocates like the Partnership have been pressing their case all over Washington, though they weren’t able to get a legislative solution through the previous Congress.

CMS QUALITY CONFERENCE: Up in Baltimore, CMS was describing its efforts to improve quality in health care.

Agency administrator Seema Verma emphasized her institution’s tech bona fides during her remarks, touting the new eMedicare app. The app currently shows coverage; Verma said updates would allow beneficiaries to compare quality. Verma also said the agency would be pushing price transparency further; it’s previously required hospitals to post their so-called “chargemasters,” which are prices before negotiation.

PRIVACY WATCH: Former acting FTC chair Maureen Ohlhausen said she wasn’t sure about giving the agency broad enforcement powers for a privacy bill, our Tech colleague Cristiano Lima reported.

“I think Congress should make some of the harder decisions there and then give the FTC maybe a little bit more authority to ... fill in some of the details, but not just wide-open rulemaking authority because I think that could be a challenge,” Ohlhausen, a Republican, said. She also said she preferred a single national privacy standard, rather than allowing states to have separate standards.

Generally, Democrats prefer a tougher FTC and allowance for states to devise tougher privacy standards; Republicans prefer a single, less restrictive standard. Any privacy bill may have collateral effects on health care, regulating currently ungoverned health data, while potentially rearranging the HIPAA structure.

The race is on to provide “ingestibles,” Stat News reports.

The HIPAA Journal analyzes 2018 in health care data breaches.