During the final days of 2018, several actions were taken by the U.S. Department of Health and Human Services that should be of interest to HIMSS members.
Healthcare Community Cybersecurity Tools
HIMSS and other stakeholders were leaders in advocating for the legislative requirement in the Cybersecurity Act of 2015, for the Department of Health and Human Services (HHS) create the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication which was released at the end of 2018. The four-volume report seeks to raise cybersecurity awareness for executives, health care practitioners, providers, and health delivery organizations, including hospitals and is applicable to health organizations of all types and sizes across the industry.
The publication resulted from an industry-led effort in response to a mandate from the Section 405(d) of the Cybersecurity Act of 2015, which focused on developing practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. This publication marks the culmination of a two-year effort that brought together over 150 cybersecurity and healthcare experts from industry, including HIMSS staff and membership, and the government.
The publication consists of four volumes:
- The Main document of the publication explores the five most relevant and current threats to the industry and recommends 10 Cybersecurity Practices to help mitigate these threats.
- Technical Volume 1 discusses how these 10 cybersecurity practices apply to small healthcare organizations. It is intended for IT and IT security professionals.
- Technical Volume 2 discusses how these 10 cybersecurity practices apply to medium and large healthcare organizations. It is intended for IT and IT security professionals.
- Resources and Templates provides additional materials that organizations can leverage to develop policies and procedures as well as assess their own cybersecurity posture, through a Cybersecurity Practices Assessment Toolkit.
Medicare Advantage and Telehealth
Also during those final days of 2018, HIMSS joined PCHAlliance to offer comments to the Centers for Medicare and Medicaid Services (CMS) on Policy and Technical Changes to the Medicare Advantage, Medicare Prescription Drug Benefit, Program of All-inclusive Care for the Elderly (PACE), Medicaid Fee-For-Service, and Medicaid Managed Care Programs for Years 2020 and 2021 proposed rule, specifically the parts focused on the “Requirements for Medicare Advantage Plans Offering Additional Telehealth Benefits.”
HIMSS and PCHAlliance appreciated CMS’ leadership and diligent work to modernize Medicare Advantage (MA) and advance connected health for Medicare beneficiaries. Our organizations supported the proposed rule’s provision allowing MA Plans—as part of the basic benefit package—to offer additional telehealth benefits beyond what is currently allowable under the original Medicare telehealth benefit. In the letter, HIMSS and PCHAlliance were heartened to see CMS’ analysis of the impact of “additional telehealth benefits” as it wisely included and documented savings associated with reduced travel time, more efficient care delivery, as well as acknowledged the real potential for connected care to prevent disease progression and promote better health.