During his 14-year tenure with HIMSS, Tom Leary has seen quite a bit of change, particularly when it comes to IT’s role in transforming care. And there was never a more pivotal time than his first three years, when the number of pieces of legislation impacting health IT rose from 1 to 98. Since then, the organization’s influence has only increased, and at the center of it is the Government Relations team, a group that works to leverage the knowledge and experience of CIOs and other leaders to inform policy development.
Recently, we spoke with Leary about the legislative and regulatory wish lists HIMSS has created, which covers a range of topics, including cybersecurity and telehealth components; the relationships his team is building with Secretary Tom Price, Dr. Don Rucker, and other key players; the process they use to draft responses to regulatory requirements; and what he believes makes the health IT community so “unique.”
- His role with HIMSS
- Responding to regulatory requirements — “It’s enjoyable because we have such a diverse membership.”
- Regulatory & legislative wish list
- “Health IT is an absolute growth opportunity for the individual.”
- Elevating the CISO role
- The cybersecurity talent gap — “We need smart, trained, certified individuals.”
- A robust dialogue on patient data matching
The pipeline for both vendors and developers to get through certification and then be able to implement it safely and make sure all the bugs are out before it impacts patients is long. That’s really what’s driving our recommendation that they move the start date.
There’s some interest within the energy and commerce committee around elevating the CISO to a higher level; making it more an internal and external role to help healthcare get to a level of expertise and information sharing that is enjoyed by other sectors of society.
If there are lessons learned — both through advancements in care, as well as the development of the MU program — that have led to advancements, there should be an economic opportunity for US vendors to be able to export to other parts of the world.
The national strategy has been hampered by appropriations since fiscal year 1999; we believe technology has advanced in a such a way over those 18 years that it’s time to get on with a robust dialogue on patient data matching.
Gamble: Hi Tom, thanks so much for taking some time to speak with healthsystemCIO.com. To start, can you describe your role and responsibilities as vice president of Government Relations at HIMSS?
Leary: Absolutely. I’ve had the privilege to serve in this role for about four years now. My focus, through the government relations team, is to provide an opportunity for our team and our membership to educate and inform all levels of government. As VP, I work in collaboration with the Congressional Affairs Team, Federal Affairs Team, and State Affairs Team to leverage the subject matter expertise of our membership and our team members across HIMSS to inform policy development. The other part of my role is the Executive Director of the Institute of the HIMSS Foundation, which is the education arm for HIMSS. It’s been a nice expansion over the last few years.
Gamble: Who do you report to in your role?
Leary: I report directly to my good friend and mentor, Carla Smith, who is Executive Vice President for HIMSS North America (she, of course, reports to Steve Lieber). There are six of us at the VP level who report to Carla.
Gamble: Okay. So one of the functions of the Government Relations team is responding to regulatory requirements. Can you talk about this process — who you reach out to and how you work to craft a response?
Leary: It’s actually rather enjoyable from the HIMSS perspective, because we have such a diverse membership. What we normally do is, if there is a broad-topic regulation, such as Meaningful Use, we’ll develop a workgroup within HIMSS that has at least one representative from each committee, task force, and roundtable. And that workgroup will get together on a series of phone calls and hash out what HIMSS’ perspective will be, based on our public policy principles that have been developed over time, plus the experiences of those subject matter experts within the field. For example, the quality committee will include members of the privacy and security committees, so we can that broad scope.
In the past, we’ve brought in large and small hospital providers, as well as the ambulatory perspective, to make sure we really represent the overall constituency of the membership. That group develops a draft response that then goes to the full committee structure, which usually has between three and five days to review it before it goes to the board of directors. The board of directors will review it based on public policy principles that have been developed, as well as anything that outside of that realm, whether it’s a new regulation the government is trying to espouse, or an idea we’re suggesting that’s outside of those principles. They will then approve or make recommended changes, and then ultimately the board chair and CEO, Steve Lieber, who will sign off on the final recommended letter back to the government. So, it’s anywhere between a three-week and a two-month process depending on the size of the regulation, but the intention is to get that full constituency involved.
Now, with something that’s specific to privacy and security, or specific to quality such as the NIST framework, you wouldn’t necessarily expect the ambulatory committee or to have as much expertise as our privacy and security committee. So we’ll leverage one specific committee to develop a response, but then it goes through the regular three- to five-day review with other committees for comment and then to the board of directors.
Gamble: How long have you had this process in place?
Leary: We’ve had it for about 10 years. Early in my tenure, we presented something to the board that two membership components didn’t agree to, and that didn’t go well. And so we established this very effective process.
Gamble: I can imagine it’s been a work in progress, and is open to tweaks here and there to improve it.
Leary: Yes, absolutely.
Gamble: Looking at what you’re focused on now, what are some of the big priorities on HIMSS’ regulatory wish list, and how is HIMSS is working to advance them?
Leary: From a regulatory perspective, right off the bat we have a letter to HHS Secretary Tom Price suggesting an extension of the deadline for 2015 certification. It was submitted to the government a few weeks ago. What we’re hearing from the membership — and what we’ve seen based on our own experiences — is that a good number of both vendors and provider organizations are very much interested in achieving 2015 certification, but the pipeline for both vendors and developers to get through certification and then be able to implement it safely and make sure all the bugs are out before it impacts patients is long. That’s really what’s driving our recommendation that they move the start date from January 1 to July 1.
From a regulatory prospective, we’re very supportive of any and all ways in which health IT can support value-based care delivery. The idea of going back to a process that isn’t value-based doesn’t seem practical; therefore, the more health IT can be leveraged to support quality metrics gathering and the interoperability component of being able to share the data with your neighbor or with the government is something we see as a priority.
The other area that’s very much front of mind from a regulatory perspective is job creation and economic opportunities for both individuals and for companies. According to the Department of Commerce, 95 percent of the world’s population is outside of the United States, so if there are lessons learned — both through advancements in care, as well as the development of the Meaningful Use program — that have led to advancements, there should be an economic opportunity for US vendors to be able to export to other parts of the world.
At the same time, health IT is an absolute growth opportunity for the individual. I recently spoke on a workforce development webinar with the Pennsylvania Central and Western Pennsylvania Chapter about encouraging those who are looking for a career change — especially veterans — to embrace health IT as an opportunity. The Trump administration has talked about more economic opportunity for the individual, and we think health IT is one of those areas.
Gamble: What about from a legislative prospective — what are the top areas of focus there?
Leary: From a legislative perspective there are three key areas, the first of which is cybersecurity. This has been top of mind for Congress for the last couple of years, dating back to the HIMSS Congressional ask from 2015, which really laid the foundation for the provisions in the cyber security act that are specific to healthcare. We anticipate recommendations from the Health Care Industry Cybersecurity Task Force in the late spring or early summer. As part of that, HIMSS has recommended a Cyber Call to Action; we’re really pushing forward, specifically around advancements with the NIST cybersecurity framework.
Secondly, there’s some interest within the energy and commerce committee around elevating the chief information security officer to a higher level; making it more an internal and external role to help healthcare get to a level of expertise and information sharing that is enjoyed by other sectors of society.
And finally, we’re looking at health IT not only as a job and as a career opportunity for individuals, but more specifically, cybersecurity. According to the FBI, we’re the number one targeted sector. We need smart, trained, certified individuals in the cyber sector thinking about healthcare. So that’s a big push.
Telehealth is another big push for us. We anticipate the CONNECT for Health Act to be introduced again and we’ll be actively supporting that legislation, which calls for advancement in infrastructure in telehealth. Just as importantly, it looks for ways in which Medicare can reimburse telehealth services in a broader way, specifically around remote patient monitoring and more distance-based engagement between the patient and the provider.
Finally, we’re also pushing the patient data matching issue and coming up with a national strategy. HIMSS recently co-led a letter to the appropriators that calls for creating ways for HHS to be able to engage with the private sector and with others within the healthcare community around patient data matching strategies. The national strategy has been hampered by appropriations since fiscal year 1999; we believe technology has advanced in a such a way over those 18 years that it’s time to get on with a robust dialogue on patient data matching.