In the world of public policy, there’s never a dull moment. As soon as one initiative gets put on the backburner, another — or, more realistically, a cluster of others — moves quickly to the front. It’s particularly true in health IT, where federal mandates have dominated the conversation and change has become the new normal.
But although it often takes a gargantuan effort to achieve even a small victory, it’s all worth it for Mari Savickis and Leslie Krigstein, who head up CHIME’s advocacy team. And in fact, the “elation” they felt after CMS announced its decision to delay the 2015 CEHRT requirements quickly gave way to a renewed focus on other key priorities, such as cybersecurity and patient data matching.
Recently, healthsystemCIO.com spoke with Savickis, VP of Federal Affairs, and Krigstein, who heads up Congressional Affairs, about their feelings on CMS’ decision — and what it took to move the needle; how CHIME is “diving deeper” to create a cybersecurity framework; how they’ve dealt with the adjustment period that comes with a new administration; and what they enjoy most about their work.
- Patient ID: The “missing link”
- Working with NCVHS
- AEHIS’ “deep dive into cybersecurity”
- Implementation guides for the NIST framework
- Knowledge sharing with cyber – “It’s going to take a huge shift in mindset.”
- Cletis Earle’s testimony
- The CIO’s burden
- “We’re glad the House has taken this up.”
We’re optimistic; we believe they’re listening to what we’re saying in terms of this being a credible issue, and we hope something will get done in the future. But for now, the fact that they’re aware of the issue and it’s being talked about is very encouraging.
The contracts our members have signed might include provisions that restrict what they can and can’t say, and so it’s not entirely cut and dry. And so yes, there are going to be people who are fearful they will bring reputational harm to the organization, but we’re working to try to bring down some of those barriers.
It was the broader recognition that organizations have been asked so often to go too far, too fast, and we’ve either lost people in that Meaningful Use journey, or we have folks who are doing asked to do things they’re not comfortable with.
To know you have a program that’s improving outcomes, reducing travel times, and improving patient satisfaction, and you have to shift those resources away from that and into something that hasn’t paid as many dividends as we would have hoped, that isn’t the right message.
Gamble: From speaking to you both in the past, I know patient data matching has really emerged as a top priority for CHIME. Where do things stand now in that regard?
Savickis: Leslie has done a phenomenal job pushing this forward on the Hill. It’s been a long road, and patient identification has really begun to highlight this piece of what we call the interoperability puzzle. Patient identification, from the vantage point of our members, really is the missing link — without it, you can’t solve interoperability, which is why CHIME has invested so many resources through our challenge to locate a solution in the private sector. This is really a big issue for us, and we’ll continue to chip away it.
And it’s not easy, that’s for sure. The National Committee for Vital and Health Statistics (NCVHS), which is the advisory body to HHS on health information policy, has jurisdiction on patient identification, since it is a HIPAA standard. And so we’ve sent letters asking them to pay more attention to this issue, but it’s been a challenge. Although Leslie has laid a lot of groundwork through advocacy efforts, it’s been hard to get HHS to talk about this, because they really feel their hands are tied. But we’ve asked them to consider the report language that’s being used and to just look at the issue of patient matching.
So we’re hoping NCVHS will take this up, possibly in the form of a panel at an upcoming hearing. If that happens, we’ll get that information out far and wide. We’re optimistic; we believe they’re listening to what we’re saying in terms of this being a credible issue, and we hope something will get done in the future. But for now, the fact that they’re aware of the issue and it’s being talked about is very encouraging.
Again, Leslie has really been able to really galvanize the healthcare community stakeholders and highlight the prominence of this topic. There are many organizations who support the work she’s done around patient identification, and we are starting to see some movement on the federal side.
Gamble: That definitely seems encouraging. What about cybersecurity? What are you seeing right now in terms of guidance?
Savickis: HHS has created a joint public and private workgroup where both the government and private sector are investing resources to share learnings. There are a number of workgroups underneath this umbrella that have recently been established, and although some of these groups have been in existence the past, now we’re starting to see a more formalized effort.
Our sister organization, AEHIS, which is constituted mainly of CISOs, has workgroups that are doing a deep dive into cybersecurity — and that includes both AEHIS and CHIME members. One of the workgroups is tackling a piece of Cybersecurity Information Sharing Act (CISA); CHIME has done a lot of advocacy with CISA and has been instrumental in getting some of the provisions in around health care passed back in 2015. Now, we’re seeing the fruits of that labor.
We have an AEHIS member who is co-chairing the 405D workgroup, which is tasked with creating an implementation guide for the NIST cybersecurity framework. That particular framework can be used as a jumping-off point for creating a cybersecurity plan of action, but it’s not specific to health care. And so each critical infrastructure — and healthcare is one of them — is in need of a framework that digs a little deeper and helps organizations operationalize their cybersecurity plan. The new workgroup, 405D, is designed to create an implementation guide that can be used by stakeholders to stand up a cybersecurity program.
So we’re seeing action on the federal government side to operationalize some of the provisions and statutes. We’re very pleased to see that.
Kate: We recently spoke with Cletis Earle, who is of course the incoming CHIME Board Chair, about the need for collaboration when it comes to cybersecurity. He talked about the need to get people out of the mindset of not talking about security, which has been a challenge. Is that something you’re seeing?
Savickis: Cletis is amazing, and we’re so excited to work with him more. But yes, when it comes to information sharing in cybersecurity, it’s a very complicated landscape. We’re working with AEHIS to try to deconstruct any perceived or real barriers that stand in the way of sharing, while at the same time making sure we’re not tripping over the language in contracts.
For example, the contracts our members have signed with manufacturers and vendors might include provisions that restrict what they can and can’t say, and so it’s not entirely cut and dry. And so yes, there are going to be people who are fearful they will bring reputational harm to the organization, but we’re working with people like Cletis to try to bring down some of those barriers.
Krigstein: That’s exactly right. There is still that stigma. And with the implications and risk of reputational harm, it’s definitely going to take a huge shift in mindset and mentality. It’s a work in progress. We’ve seen growth, at least in some pockets, in the number of folks who are willing to participate. We’re seeing organizations like the National Health Information Sharing & Analysis Center (NH-ISAC) grow in terms of membership size.
It’s been the nature of our industry, which is so highly regulated, to be somewhat closed off, and we have a lot of institutional and historic boundaries we have to surpass. As Mari said, Cletis has definitely taken a leadership role in engaging with not just health organizations but even the federal government to move this along. And that goes a long way.
Gamble: Right. Can you talk about the testimony he gave on the Hill a few weeks ago?
Krigstein: Absolutely. One of the few things we’ve seen acted upon among the larger healthcare reform conversation was a bill that was introduced into the house — H.R. 3120 — which would remove the escalation clause in the HITECH statute, meaning the measures of the EHR Incentive Program would no longer need to become more stringent over time. The goal is to lend more flexibility for the Secretary of HHS to not feel compelled to move ahead with the program and escalate measures, as they have to date.
At a hearing on bipartisan Medicare policies, Cletis was one of many witness voicing CHIME’s support for this particular bill, which was introduced by Congressman Michael Burgess, the Health Subcommittee Chairman; Congresswoman Debbie Dingell from Ann Arbor, Michigan, Pat Tiberi, the Health Subcommittee Chairman on the Ways and Means side; and Mike Thompson, a Democratic member of the Ways and Means Health Subcommittee.
They’re optimistic about being able to fully advance the bill when they return from recess, so we’ll see what happens. But beyond that, it was the broader recognition that organizations have been asked so often to go too far, too fast, and we’ve either lost people in that Meaningful Use journey, or we have folks who are doing asked to do things they’re not comfortable with, or go ahead with solutions that they feel haven’t been tested adequately. In preparation for the hearing, we heard from members who feel they have to choose between IT programs that have been successful, or moving ahead with Meaningful Use. One of our members who is from a rural area said, ‘We have to look at canceling or indefinitely postponing a very successful postop telehealth program, because we need those resources and that manpower to get ready for Meaningful Use.’
If you think about the concept of unintended consequences, to know you have a program that’s improving outcomes, reducing travel times, and improving patient satisfaction, and you have to shift those resources away from that and into something that hasn’t paid as many dividends as we would have hoped, that isn’t the right message. And I don’t think it’s the intention of Congress, nor the administration.
These are stories coming right from our members. That’s compelling, and I believe that’s what made the House jump to action in considering this bipartisan bill. For a long time, we had a difficult time getting bipartisan support for making changes to the Meaningful Use program, and now we’re finally seeing that shift. Cletis did a fantastic job. We’re really pleased that the House has taken this up, and we’re hopeful that the Senate will take this, or even a broader set of Meaningful Use reform policies up when they get back from summer recess.
Gamble: And when does summer recess end?
Krigstein: They come back after Labor Day. Once that happens, it’ll be very interesting to see if there’s a change in tenor, and exactly where health care falls on the docket, whether it’s reform, or opportunities like telehealth, Meaningful Use policy, or cybersecurity. For us, it’ll be interesting to see if there’s more air in the room, so to speak, and bandwidth on staffers’ agendas to be able to consider some of these policies, because one thing we have to remember is that Congressional offices are very small. They have one or maybe two staffers that handle health care, and they’ve just been really bogged down by the larger reform conversations, naturally. Personally, I’m hopeful that upon their return, there will be some opportunities.