healthcarereimagined

By NATALIE ALMSJUNE 3, 2022

One recommendation: establish cyber excepted service authorities, like the Department of Homeland Security’s newly launched cyber hiring initiative, government-wide.

An expert panel is calling on the White House-based Office of the National Cyber Director to steer a governmentwide cybersecurity workforce strategy to address long-standing workforce shortages.

The report, issued Thursday, comes from an offshoot of the congressionally chartered Cyberspace Solarium Commission called CSC 2.0, housed at the nonprofit Foundation for the Defense of Democracies. 

It’s a “blueprint to help address the problem,” CSC 2.0 co-chair, Rep.Mike Gallagher (R-Wis.), told FCW.

The panel wants National Cyber Director Chris Inglis to use his position to review agencies’ cyber budgets, revamp hiring mechanisms across the government and potentially even work with Congress to establish expected service authorities for cyber personnel across the government.

“I think we should be concerned about the jobs that have cyber [or] IT in them that go unfilled,” said Inglis, himself a member of the original Solarium Commission, during a Thursday panel discussion held by the Foundation for the Defense of Democracies.

His role, he continued, is making sure that authorities and resources are aligned across the government.

“We have to make sure we first have a strategy that defines what’s missing,” Inglis said. “We then have to make use of all the parts that are already there and connect them to that strategy.”

There are nearly 600,000 cyber job openings nationwide, and for the government alone, there are almost 39,000 job openings, according to the National Institute of Standards and Technology-based CyberSeek.

Currently, the government’s strategy is ad hoc. Federal hiring practices are onerous, and degree and level of experience requirements for jobs often block out entry-level hires. The government’s existing cyber workforce is also less diverse than the rest of the federal workforce.

As with another cyber workforce report issued this year by a different expert panel at the National Academy of Public Administration (NAPA), the latest recommendations call on Inglis to coordinate existing, disparate efforts with new leadership and coordination structures.

One key focus is chronic problems with actually hiring cyber workers into government using antiquated and bulky processes.

“We all know how many jobs we’d like to fill, but there aren’t any vehicles, or many vehicles, that essentially would take that aspiration and meaningfully assist people” to be hired into government jobs, said Inglis, continuing to point to qualification requirements and saying that the government needs to be more flexible and invest in early career hires. “People who show up today at the front door of a government organization with a bachelor of science in computer science, but no experience in hand, typically are turned away,” he said.

The report’s authors recommend various fixes, such as working with the Office of Personnel Management to modernize cybersecurity job codes or expand existing direct hire authorities. 

The preference is a third option, though, something report co-author and CSC 2.0 director, Mark Montgomery, called the “Rosetta Stone.”

That recommendation is that Inglis push Congress to authorize governmentwide excepted service authorities for cyber personnel, a category distinct from the competitive service — the majority of rank-and-file feds, governed by particular civil service rules for hiring, firing and pay — or the administrators of the senior executive service.

The report references the Department of Homeland Security’s Cybersecurity Talent Management System, an excepted service system for cyber professionals that launched last fall, but has struggled to scale, only onboarding in a few new hires thus far. 

The Department of Defense has similar hiring authorities.

“In essence, this option would take the authorities that underpin CTMS and CES and expand them to the whole of the federal government,” the report states. “This option would maximize the federal government’s flexibility in hiring and managing cyber talent, by creating systems built for the cyber workforce.”

Such a move would likely face opposition, Montgomery said Thursday.

“This will be tough. There will be people who fight this both in Congress and in federal government organizations. And it’s going to cost money, but … no one ever thought fixing federal cybersecurity workforce was going to be a cheap endeavor,” he said. “We really do have to come up with a new hiring mechanism.”

The recent NAPA report also referenced CTMS, saying that it should be evaluated and, if successful, scaled to other agencies.

The CSC 2.0 also pushes Inglis to use his office’s congressional mandate to assess the effectiveness of cyber policies and annual budget proposals from agencies, and the double-hatting of one top official, Chris DeRusha, as the deputy cyber director and federal chief information security officer out of the Office of Management and Budget, to “review and align” agencies’ cybersecurity workforce budgets alongside OMB.

Finally, one of the top challenges is data about the government’s cyber workforce, which is inconsistent and siloed within agencies, said Montgomery. 

The NAPA study recommended a cybersecurity data bureau, while this latest report calls for Inglis to focus accountability for existing data mandates and for Congress to extend and amend the law governing data collection on the government’s cyber workers, the Federal Cybersecurity Workforce Assessment Act of 2015.

Article link: https://www.nextgov.com/cybersecurity/2022/06/solarium-successor-wants-white-house-lead-cyber-workforce-strategy/367728/

By MARIAM BAKSHJUNE 6, 2022 04:17 PM ET

An effort to update the framework for securing critical infrastructure from cyberattack is coming face to face with issues that have plagued the Commerce agency from the beginning.

It’s time the National Institute of Standards and Technology point to how organizations should be assessing the risk they’re associating with systems when deciding what security controls to implement for their protection, according to the Defense Department.   

“Enhance Section 4.0 (Self-Assessing Cybersecurity Risk with the Framework) to integrate guidance on how [Special Publication 800-30, revision 1] can be leveraged to perform the risk measurement to assign a value,” wrote Michele Iversen, director of risk assessment and operational integration at DOD’s chief information office for cybersecurity. “It appears that [the Cybersecurity Framework] depends on measuring, or assessing risk, but [avoids] alignment to the NIST standard commonly used to assess cybersecurity risks.”

Iversen’s comment is in response to a request for information NIST issued toward a second update of the agency’s landmark cybersecurity framework. NIST on Friday released a summary of the comments it’s received—over 130, mostly from industry—since the request in February.

Originally issued in 2014, the Cybersecurity Framework, or CSF, points to various security controls organizations should consider implementing. But the document leaves it up to the user to determine which of those to prioritize, depending on how much risk they’re looking to address, or are willing to accept. And the question of how to measure whether use of the framework was successful was never really answered.

“Further guidance for measuring the performance of an entity in establishing and improving a cybersecurity program was a key need expressed in the RFI responses,” NIST wrote. “As with previous RFIs, comments on drafts, and discussions at NIST forums, metrics and measurement remain a lively topic among respondents. Many recognize that cybersecurity program implementation and improvement are not a pass/fail exercise, and that an effective program must be able to assess, coordinate and report measurable activities. Others stated that such detailed metrics, such as specific control objectives, ‘defeat the broad applicability and flexibility that make the CSF valuable.’”

That tension between the desire for broad applicability and specific guidance is another general challenge for the framework, with groups like BSA | The Software Alliance asking for examples of how federal agencies have used it, as required.

“The level of detail and specificity in the CSF reflects the scalability and flexibility necessary to meet the needs of a wide range of stakeholders—small and large organizations in various sectors,” NIST wrote. “There were more than 500 references in the comments supporting the need for more guidance to support CSF implementation, and many users expressed a desire for greater detail in the CSF while maintaining a non-prescriptive approach. Identifying the proper balance between simplicity and detail in updates to the CSF is a key takeaway that will need further discussion.”

From DOD’s perspective, measurement is “NIST’s core competency” and the agency should be doing more to facilitate whole-of-government risk assessments which also consider the supply chain components of commercial information and communications technology. 

“The current practice of departments and agencies developing their own overlays results in variability … The individual department or agency may be operating at low risk to their mission w/o realizing how others may be impacted by the residual risks that they manage,” read the Defense Department comments. “Whole-of-government activities (national security, national commerce, etc.) need a capstone resource to enable integrated risk assessments grounded in the broader/shared uncertainties associated with observation and measurement particularly for their common operating space of ICT, cyber and cyber-security.”

Article link: https://www.nextgov.com/cybersecurity/2022/06/dod-recommends-nist-align-frameworks-cybersecurity-risk-management/367815/

By ADAM MAZMANIANJUNE 3, 2022

The commercial electronic health record system being introduced by the Department of Veterans Affairs is proving difficult and expensive to adapt to the agency’s data reporting requirements.

The Cerner electronic health records system the Department of Veterans Affairs acquired for $10 billion over 10 years to replace its homegrown Vista software is falling short on data reporting requirements, according to a watchdog report.

The VA’s Office of Inspector General reported on Wednesday that the Mann-Grandstaff Medical Center in Spokane, Washington, the first site to implement the new health record system, isn’t providing metrics needed to support the hospital’s accreditation. A loss in accreditation “may affect patient’s trust in the facility and can also hinder the facility’s ability to recruit quality staff who may prefer to work for an accredited facility,” the report states.

The OIG found that “gaps in available quality and patient safety metrics, more than a year after go-live, hindered publication of quality and patient safety metrics as legislatively required.”

The go-live for the Cerner software at Mann-Grandstaff took place in October 2020. Several oversight reports from VA’s watchdog have identified multiple issues relating to workflows, training, patient safety and more. The project, which is expected to cost at least $21 billion overall, includes a $10 billion contract with Cerner for software, storage and services.

Related articles

VA’s new health record still putting patients at risk

VA plans new health record deployments, despite critical watchdog reports

A Veterans Health Administration official interviewed for the report told the OIG that the agency decided to try to produce reports internally after learning that Cerner would charge $12 million for 50 metrics reports and noted that Cerner did not appear to have the expertise sought by VHA when it came to metrics.

Cerner has “had lots of people leave, lots of buyouts,” the official was quoted as saying in the report. “So sometimes you’ll get somebody that has 20 years. Sometimes you’ll get somebody that just came out of college. We would get stuff when we were validating [metrics reports created by Cerner] that didn’t work right off the bat. Had spelling errors, you know, just simple, simple things.”

Cerner was recently acquired by Oracle for approximately $28.3 billion. Oracle announced on Wednesday that the deal was cleared by U.S. antitrust regulators.

The OIG report included two recommendations for VA Deputy Secretary Donald Remy, whose position includes executive oversight of the Electronic Health Record Modernization program. The report requests that Remy evaluate gaps in metrics and examine issues around the availability of data and taking corrective action as needed. VA agreed with both recommendations and expects to complete the work by October 2022.

In reply comments, Remy noted that many of the problems flagged in the report, which was based on an investigation conducted from July to October 2021, have already been addressed.

Article link: https://fcw.com/it-modernization/2022/06/data-gap-poses-risks-launch-site-vas-new-health-record/367753/

By FRANK KONKELJUNE 3, 2022

The watchdog recommends synchronizing federal broadband efforts.

Despite tens of billions of dollars in fundingand numerous efforts to improve internet availability across America, millions of Americans still lack broadband internet, according to a new audit from the Government Accountability Office.

Released May 31, the audit posits reasons why the federal government’s broadband efforts haven’t been more successful.

“Federal broadband efforts are fragmented and overlapping, with more than 100 programs administered by 15 agencies,” auditors stated. “Many programs have broadband as their main purpose, and several overlap because they can be used for the purpose of broadband deployment.”

The audit indicates the federal government invested more than $44 billion in broadband from 2015 to 2020. However, the audit makes clear that many efforts are disjointed and suffer programmatic differences. In one example, the National Telecommunications and Information Administration, which is responsible for coordinating telecommunications matters across the executive branch and improving broadband coordination, “did not identify which statutory provisions limit alignment nor recommend any changes” when it led an interagency group that reviewed differing broadband programs in 2018.

“Improved alignment is needed to help address fragmentation and overlap. Without legislative proposals for Congress to consider, agencies may continue to face limitations in aligning programs to close the digital divide,” auditors state.

The auditors also make the case for a new national broadband strategy with “clear roles, goals, objectives and performance measures.”

“In 2021, the Executive Office of the President, through the National Economic Council and in collaboration with other White House offices, took the lead for coordinating broadband programs,” the audit states. “The Executive Office of the President has not decided if a national strategy is needed, but it is well positioned to develop and implement one. A strategy to help better align programs could also include legislative proposals for Congress. Without such a strategy, federal broadband efforts will not be fully coordinated, and thereby continue to risk overlap and duplication of effort.”

GAO issued three recommendations. NTIA agreed with such recommendations to identify statutory limitations to program alignment and develop legislative proposals. The Executive Office of the President did not take a position on GAO’s recommendation to develop a national broadband strategy.

Article link: https://www.nextgov.com/it-modernization/2022/06/gao-federal-broadband-efforts-fragmented-overlapping/367684/

By Luis Monzon – June 2, 2022

US-based software provider Oracle Corporation has announced that all required antitrust approvals have been obtained for its proposed acquisition of American health ICT company Cerner, including European Commission clearance. Oracle is expected to acquire Cerner for $28.3-billion, according to Gulf Business.

Cerner is a leading provider of digital information systems used within hospitals and health systems to enable medical professionals to deliver better healthcare to individual patients and communities.

Oracle expects to complete the tender offer promptly following the expiration of that offer at midnight Eastern time on June 6, 2022. Completion of the tender offer remains subject to the conditions described in the tender offer statement on Schedule TO filed by Oracle with the U.S. Securities and Exchange Commission on January 19, 2022, as amended.

Oracle Chairman and CTO Larry Ellison will discuss the Cerner acquisition and Oracle’s new suite of cloud-based health management applications at an online event on June 9, 2022.

“Working together, Cerner and Oracle have the capability to transform healthcare delivery by providing medical professionals with a new generation of healthcare information systems,” said Ellison about the acquisition.

“Better information enables better treatment decisions resulting in better patient outcomes. Our new, easy-to-use systems are designed to lower the administrative workload burdening our medical professionals while improving patient privacy and lowering overall healthcare costs.”

“We expect this acquisition to be substantially accretive to Oracle’s earnings on a non-GAAP basis in fiscal year 2023,” said Safra Catz, CEO, Oracle.

“Healthcare is the world’s largest and most important vertical market—$3.8 trillion last year in the United States alone. We expect Cerner to be a huge growth engine for years to come.”

“Cerner has been a leader in helping digitize medical care, and now it’s time to realize the real promise of that work with the care delivery tools that get information to the right caregivers at the right time,” said David Feinberg, CEO and President, Cerner.

“Joining Oracle as a dedicated Industry Business Unit provides an unprecedented opportunity to accelerate our work modernizing electronic health records, improving the caregiver experience, and enabling more connected, high-quality and efficient patient care.”

---

Edited by Luis Monzon

Article link: https://www.itnewsafrica.com/2022/06/oracles-purchase-of-cerner-gets-green-light/

By FRANK KONKELFEBRUARY 9, 2022

The request specifically calls out “dangers” in multiple federal agencies operating Clearview AI’s facial recognition technology.

A bicameral cadre of lawmakers Wednesday called on the departments of Justice, Homeland Security, Defense, Interior and Health and Human Services to cease their use of facial recognition technology—specifically calling concern to their use of Clearview AI’s tools.

“Facial recognition tools pose a serious threat to the public’s civil liberties and privacy rights, and Clearview AI’s product is particularly dangerous,” the lawmakers wrote in a letter to agency secretaries. “We urge you to immediately stop the Department’s use of facial recognition technology, including Clearview AI’s tools.”

The letter follows the IRS’ decision to move away from forcing Americans to verify their identities by taking selfies through the ID.me service in order to file tax returns, aftersignificant public backlash.

However, the IRS is only one of several large federal agencies that employ facial recognition tools, according to a 92-page report the Government Accountability Office published last June. According to GAO—Congress’ investigative arm—10 federal agencies deployed systems made by Clearview AI, whose controversial software allows users to match photos of unknown people to their online images. Among the agencies using Clearview AI’s software were the Bureau of Alcohol, Tobacco, Firearms and Explosives; FBI; Capitol Police; Marshals Service; Park Police; Customs and Border Protection and Border Patrol; and the U.S. Postal Inspection Service. Agencies reported using various public- and private-sector biometrics tools for a variety of purposes, including surveillance, traveler verification, COVID-19 response and research, and development projects.

Critics have contended facial recognition tools violate Americans’ privacy rights, particularly among minorities.

“Use of increasingly powerful technologies like Clearview AI’s have the concerning potential to violate Americans’ privacy rights and exacerbate existing injustices,” the lawmakers wrote. “Facial recognition technology like Clearview’s poses unique threats to marginalized communities in ways that extend beyond the tools’ inaccuracy issues. Communities of color are systematically subjected to over-policing, and the proliferation of biometric surveillance tools is, therefore, likely to disproportionately infringe upon the privacy of individuals in Black, Brown and immigrant communities.”

The letter was authored by Sens. Ed Markey, D-Mass., and Jeff Merkley, D-Ore., and Reps. Pramila Jayapal, D-Wash., and Ayanna Pressley, D-Mass. Over the summer, Pressley introduced legislation that would ban the use of facial recognition in public housing due to privacy concerns.

Article link: https://www.nextgov.com/policy/2022/02/lawmakers-call-end-governments-use-facial-recognition-tech/361781/

By Joe Gould Jun 1, 12:31 PM

LONDON ― The U.S. military may need to reorganize to fight future wars, which will be profoundly changed by artificial intelligence, robotics and other advanced technologies, according to Army Gen. Mark Milley, chairman of the Joint Chiefs of Staff.

The nation’s top military officer said during a trip to Europe this week that he’s working on recommendations that could lead to a high-level reorganization. After launching Army Futures Command in 2018 to drive modernization when he was that service’s chief of staff, Milley said he’s mulling a similar effort for the joint force.

“You’re going to have to do really fundamental changes to our military in order to take advantage of this change in the character of war. In order to do that, you need organizations to drive that,” he told reporters. “You look at what the Army did with Army Futures Command, for example. Can that be done at the joint level, at the DoD level?”

How Army Futures Command could be adapted across the services, which have innovation efforts of their own, is unclear, and Milley wasn’t ready to say whether he’d be proposing an umbrella “Joint Futures Command.” Army civilian leaders have movedsome of the service’s command’s powers back to its senior civilian acquisitions office, though it shepherded 24 modernization programs since its inception.

The comments follow a warning he gave graduating cadets at the U.S. Military Academy at West Point last week that the military’s technological edge is in danger. No longer the unchallenged global power, America is being tested in Europe by Russian aggression and in Asia by China’s dramatic economic and military growth.

“We’re going to have to really think hard about fundamental shifts to our military,” Milley said in London. “The country that maximizes development of these technologies with their doctrines and organizations, in the time we have available, could be decisive in the next conflict … I would suggest, in 10 to 15 years, you have to do these fundamental changes.”

The Pentagon has been trumpeting its stepped up investments in emerging technologies and last week made its latest tech-focused organizational move. An Emerging Capabilities Policy Office will help integrate autonomous systems, hypersonic tech, directed-energy weapons, and other innovations into the department strategy, planning guidance and budget processes.

The principal military advisor to the president and the secretary of defense, Milley said he is also thinking through the implications of emerging technologies, following the lead of Defense Secretary Lloyd Austin. The military is examining options for operational design and structure of the force ― its brigades, divisions and fleets ― but also its institutions.

“The institutions we have today may or may not be optimally designed to leverage these technologies,” he said.

Drawing a parallel with the horse bit and stirrups that allowed for mounted warfare some 3,000 years ago, Milley said that the existing technology behind Fitbits and iPhones allow soldiers to sense their environment like never before while accurate, long-range precision munitions let them destroy targets like never before.

Coupled with AI’s potential to speed battlefield decision-making and the robotics and the autonomous technologies that are transforming the character of labor, militaries and warfare could be entirely transformed. Trucking, which is already adapting to driverless vehicles, and other industries that lend themselves to robotics will fundamentally change, Milley said.

“With respect to the military, that’s no less true. We have a wide variety of tasks that can be and probably will be conducted by some form of robot,” he said. “The unmanned aerial vehicle is an example, but you could see in the future, pilotless air forces ― manned/unmanned teaming where you have one aircraft that’s got a human in it and the rest of the squadron are robots.

“You could see tank formations where maybe one armored vehicle is manned and the rest are robotic,” Milley said. “You could see a sailor-less Navy where one or two ships are command-type ships and the rest are all robotic ships.”

With the potential to reduce casualties and manpower costs, and revamp logistics, the implications are “almost infinite,” he said, adding that the Pentagon should be investing in those technologies, and changing the concepts of how it fights, its doctrine, organizations, leadership development.

“I believe we that we are in a fundamental change in the character of war, and by that I mean how you fight, where you fight, the doctrine, the equipment, the tactics, techniques and procedures, and so on,” Milley said. “We’re in the middle of a real, unbelievable fundamental change, which is probably the biggest fundamental change in the history of warfare.”

With Jen Judson in Washington, D.C.

Article link: https://www.c4isrnet.com/congress/2022/06/01/us-military-may-need-innovation-overhaul-to-fight-future-wars-milley-says/?

About Joe Gould

Joe Gould is senior Pentagon reporter for Defense News, covering the intersection of national security policy, politics and the defense industry.

By CHIP GEORGE MAY 27, 2022

The U.S. federal government is ahead of other industries in the adoption of multicloud, which is imperative to mission success.

To say the U.S. federal government has made significant digital strides in recent years would be an understatement. As one of the few industries responsible for managing an overabundance of sensitive data and mission-critical applications that hundreds of millions of constituents depend on—all while using and modernizing decades-old legacy IT infrastructure to do so—the U.S. federal government’s rapid acceleration of its digital transformations is quite phenomenal. 

Especially impressive are the federal government’s strides in public cloud and multicloud IT infrastructures. Findings from the fourth annual Public Sector Enterprise Cloud Index from Nutanix show that the federal government and public education sub-sectors lead the charge in the adoption of public cloud services—which deliver IT services to organizations directly over the internet—as well as the deployment of multicloud—an IT environment that embodies two or more different clouds, private and/or public. With federal agencies now racing ahead of other industries in cloud-smart agility, they have the opportunity to meet soaring increases in demand, new mandates and new missions, as well as collaborate with global mission partners to protect and serve the public. However, there are two key challenges posing a threat to their cloud-smart progress that agencies should tackle in the year ahead:  

Manageability 

The ECI revealed that the federal government has unusually high multicloud usage with a penetration level of 47%—11% higher than the global average. This is a promising sign as multicloud promotes agility, performance, cost savings and time savings to ultimately allow agencies to be responsible stewards of resources.

However, management across cloud borders is complex and remains a major challenge for public sector organizations, with 85% agreeing that to succeed, their organizations need to simplify the management of multiple clouds. To address this challenge, 75% agree that a hybrid multicloud model, an IT operating model with multiple clouds both private and public with interoperability between, is ideal. In the year ahead, federal government organizations should look to hybrid multicloud solutions. 

Application mobility

Moving an application to a different IT infrastructure, or application mobility, is a critical multicloud and cloud-smart optimization enabler. At the same time, application mobility is also cited by nearly two-thirds (63%) of federal government ECI respondents as a multicloud challenge. With the majority of ECI respondents saying that moving apps can be time-consuming and costly, it’s expected that the adoption of containers and other AI-driven, hybrid multicloud tools will rise alongside multicloud deployments to enable apps to run and move nearly anywhere. Looking ahead, by the time most federal government ECI respondents are ready for these tools on a large scale, they’ll likely have more options available than are on the market today.

As federal government and other public sector organizations continue their cloud journeys, it’s clear that there is no one-size-fits-all approach to the cloud, making hybrid multicloud the ideal IT environment according to 75% of ECI respondents. This model will help address some of the key challenges of multicloud deployments by providing a unified cloud environment on which security and data governance policies can be applied uniformly.

Article link: https://www.nextgov.com/ideas/2022/05/federal-government-must-overcome-2-challenges-advance-cloud-smart-strategies/367243/

Chip George is the vice president of Public Sector at Nutanix. He has more than 20 years’ experience working in government markets for various technology companies and started his career in the United States Navy as a Nuclear Submarine Officer on the USS Philadelphia (SSN 690).

The latest in a series of efforts, ID advocates ask congressional appropriations committees to end the ban on government support for a national ID standard.

May 16 22

Dozens of healthcare organizations are yet again urging Congress to not impede efforts to create a national unique patient identifier.

In a letter sent to the House and Senate appropriations committees, some 119 organizations ask legislators to not include language in any legislative proposal that would prohibit the Department of Health and Human Services from spending federal money “to promulgate or adopt a national unique patient health identifier standard.”

HIPAA, enacted in 1996, called for creation of a national patient identifier. Since 1999, however, Congress has prevented federal agencies from pursuing an identifier, citing concern about patient privacy risks. But a growing phalanx of healthcare organizations says an ID would lead to far better healthcare coordination, which was lacking in dealing with the COVID-19 pandemic.

---

Dr. John Lee, CMIO, Allegheny Health Network

“If you have dozens of different ways of identifying patients, you don’t have a system.”

---

The lack of a uniform patient ID also results in expensive and unnecessary records duplication that puts patient safety at risk, according to the Patient ID Now Coalition, which includes the College of Healthcare Information Management Executives, and others that signed the letter.

Earlier efforts fall short

Last fall, the latest in a long series of efforts to eliminate roadblocks to federal involvement in the creation of a national patient ID approach fell short. A draft funding bill by the Senate Appropriations Committee sought to remove the ban, but final language was amended to contain the ban. The House Appropriations Committee has removed the ban from its bill the last three fiscal years.

The healthcare organizations’ letter, addressed to heads of both the House and Senate appropriations panels, calls the ban “archaic” and urges that it be removed from FY 2023 budgets for the departments of Health and Human Services, Labor, Education and related agencies.

“We urge the (committees) to continue the bipartisan support of repeal in Congress and ensure that Section 510, the archaic funding ban on a national unique health identifier, is NOT included in the FY2023 Labor, Health and Human Services, Education, and Related Agencies Appropriations bill,” the letter states.

Removing the language in Section 510 will enable HHS to evaluate patient identification solutions and collaborate with the private sector to identify a national strategy for patient identification that both protects privacy and is cost-effective and secure, the organizations contend.

Negative effects

The letter – as well as a May 11 presentation hosted by CHIME and the Patient ID Now Coalition – describe the challenges caused by the lack of a unified system for identifying patients and matching them to all their electronic records from various sources.

The letter contends: “Without the ability of clinicians to correctly connect a patient with their medical record, lives have been lost and medical errors have needlessly occurred. These are situations that could have been avoided had patients been able to be accurately identified and matched with their records.”

The ECRI Institute has listed patient misidentification among its top 10 threats to patient safety, the letter notes.

In addition to the safety concerns, the current hodge-podge approach to patient identification places an unnecessary burden and significant costs on all players in the healthcare industry, the letter states.

“The expense of repeated medical care due to duplicate records costs an average of $1,950 per patient inpatient stay, and over $1,700 per emergency department visit,” the letter-writers contend. “Some 35 percent of all denied claims result from inaccurate patient identification, costing the average hospital $2.5 million and the U.S. healthcare system over $6.7 billion annually.”

Healthcare organizations shoulder the burden of trying to match patients to records and unravel confusion from duplicate records, says Rachel Podczervinski, vice president for professional services at Just Associates, a consultancy. The increase in the number of mergers and acquisitions among providers, as well as increased use of portals, telehealth and patient self-scheduling, has exacerbated patient matching challenges.

Mistakes in merging records “are a major risk to patient safety,” she adds. “If you pull up someone else’s record who has similar (demographic) information and attach them to someone’s records, that person will be treated based on information in that other record. You have the potential to kill a patient because, for example, you have the wrong blood type and you may give them the wrong blood product.”

Patient self-registration has resulted in more record duplication she adds, noting that one system with which she works recorded one patient with 24 different identities linked to separate registrations. Such instances have increased because of the pandemic and the increase in virtual care.

Clinicians and reform face problems

Clinicians are already facing more data from electronic records systems, and confusion about matching patients to all those records is complicating their efforts to effectively use the information that systems contain, says John Lee, MD, chief medical information officer of Allegheny Health Network.

“There are a lot of changes that are occurring in the healthcare system,” Lee explains. “The biggest thing is the volume of data that we’re being exposed to. It’s a fallacy to think that if you just know the patient in front of you, then you can take care of that patient.

“What we’re limited by now is that we have too much information. The only way to parse and organize that information is by having a better patient ID system. That’s where it starts.”

---

Organizations use algorithms to match patients to all the right records, but that’s not always an effective approach.

---

The transition to value-based care also will be impeded by the lack of a national patient ID because identity verification is a necessary component for achieving population health efforts, Lee says. “If we want to get off of fee-for-service, we need to develop a much more accurate patient identification system. Right now, (identification is) wholly inadequate,” he says. Precision medicine requires precise patient identification, he contends.

Some patients are more affected by the lack of a patient identifier than others. For example, pediatric patients, especially those with complex care needs who are seeing a variety of specialists, are particularly at risk of misidentification, Karen Wilding, vice president and chief value officer at Nemours Children’s Health, points out.

Organizations use algorithms to match patients to all the right records, but that’s not always an effective approach. For example, migrant workers often don’t have Social Security numbers or permanent addresses, and certain populations from other countries often don’t know their birthdates and are assigned Jan. 1 as the date, with an estimate for which year they were born, Podczervinski says.

Government needs to be at the table

The healthcare organizations prodding Congress say the government doesn’t necessarily have to be the developer of a unified patient ID system. But because the government is a major healthcare payer and provider, it needs to be at the table and provide the broad strokes that will unify divergent and conflicting patient ID approaches.

“The government has a role in maybe not being the arbiter, but setting a foundation and structure upon which other things can reside,” Lee contends. “This way, it’s not a free-for-all for everyone trying to identify someone – we need standard ‘rules of the road.’ Based on the current interpretation of Section 510, the government cannot even come up with the rules of the road, because that involves money. We need it to say that this is the framework; these are the guardrails.

“If you have dozens of different ways (of identifying patients), you don’t have a system then. The opportunity to fix this is sitting in front of our face.”

Article link: https://healthdatamanagement.com/articles/more-than-100-organizations-urge-congress-to-pave-way-for-a-national-patient-id/

Federal agencies planning to adopt 5G technologies now have a new tool to vet the security of the technology: go.usa.gov/xJrDf

With our partners at the Department of Defense Office of the Undersecretary of Defense for Research & Engineering and the Department of Homeland Security Science and Technology Directorate, we released a five-step “5G Security Evaluation Process” agencies can use to evaluate the security of their 5G technologies. It is a flexible, adaptive and repeatable approach to evaluating the security and resiliency of 5G and next-generation network deployments.

The process allows agencies to conduct the Prepare step of the National Institute of Standards and Technology’s Risk Management Framework for system authorization and to identify gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies.

Additionally, it identifies important threat frameworks, 5G system security considerations, industry security specifications, federal security guidance documents and relevant methodologies for cyber assessment of 5G systems.

Read our blog for more information: go.usa.gov/xJrDf

Original release date: May 26, 2022

---

By Eric Goldstein, Executive Assistant Director for Cybersecurity

Federal agencies, along with many other organizations across the public and private sectors, are expected to adopt 5G technology that will provide new features, capabilities and services to transform their mission and business operations. These new benefits will be achieved from the numerous 5G usage scenarios delivered through the technology’s low-, mid- and high-band radio spectrum, network slicing and edge computing. However, a security assessment is required before any agency 5G technology adoptions can be granted authorization to operate. 

Today, CISA – along with its partners from the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s (DoD) Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) – is excited to introduce a proposed five-step 5G Security Evaluation Process that is derived from research and security analyses. This process allows agencies to conduct the Prepare step of the National Institute of Standards and Technology’s Risk Management Framework (RMF) for system authorization.  

Figure 1. Proposed 5G Security Evaluation Process

The jointly proposed process, “5G Security Evaluation Process Investigation,” was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies. It identifies important threat frameworks, 5G system security considerations, industry security specifications, federal security guidance documents, and relevant methodologies to conduct cybersecurity assessments of 5G systems. 

In addition, the proposed process calls for flexibility in the federal government’s 5G cybersecurity assessment approach to account for the continual introduction of new 5G standards, deployment features and policies, and the constant identification of new threat vectors. 

The intent of this joint security evaluation process is to provide a uniform and flexible approach that federal agencies can use to evaluate, understand, and address security and resilience assessment gaps with their technology assessment standards and policies. As the nation’s cyber defense agency, CISA views a repeatable process agencies can use during the RMF Prepare step as an essential tool for new federal 5G implementations. Such a process will provide assurance that the government enterprise system is protected and cybercriminals cannot gain backdoor entry into agency networks through 5G technology. 

Agencies and organizations are encouraged to review and provide comment on the “5G Security Evaluation Process Investigation.” This feedback will be used to assess need for additional security recommendations and guidance publications for federal agency adoptions of 5G technologies.  

The deadline for providing comment is June 27, 2022, and comments should be submitted to: QSMO@CISA.dhs.gov. We look forward to receiving and reviewing your feedback on this important 5G security effort.

Article link: https://www.cisa.gov/blog/2022/05/26/cisa-dhs-st-dod-introduce-results-assessment-5g-security-evaluation-process