This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong
interview in action from the:
Special thanks to our cDW, Rubrik, Sectra and Trellix for choosing to invest in our mission to develop the next generation of health leaders.
You can check them out on our website this week, health.com, now onto this interview.
A ll right. Here we are. Another interview in action, and it would not be a chime vibe event without catching up with uh, Mariska chime. What's your official title?
I mean, I answer to au Yes. I mean, usually What's your unofficial title then? My unofficial title is au I am the Vice President of Public Policy first time, so I head up our government affairs.
you hang out on the hill. Tabs on what's going on.
I mean, kind of, I mean, it's, the pandemic's been hard,
right? It's hard. You're not, it's remote now. Yeah. It's weird. It's still weird. But you, you are keeping up to speed on what's going on. So what's top of mind right
Cybersecurity job one every day a time. So that's our top advocacy issue. It continues to be, so today happens to be the day that it's the effective date for a very important piece of legislation.
It was in the omnibus, which for those of you who are like, what the heck is the omnibus? It was the funding package for fiscal year 23. Yes, I know The fiscal year starts on October 1st and we're late. That's. So it funded it and included in it was the Patch Act. If you know what the Patch Act is, go to your local browser and look it up.
So today's the first day, and there's a notice in the Federal Register, full disclosure, it was published this morning, 8 45. I haven't read it. However, this is where like the rubber is gonna meet the road and there's gonna be greater oversight of medical device manufacturers by the FDA set in short.
Interesting. Yeah. Big deal, right? From a cybersecurity. From a, yes. Sorry. From a cybersecurity.
So the patch Act is interesting. So the problem we've always had with these medical devices is actually the FDA was part of the problem, right? So they said this is FDA approved, and then we would say, Hey, it's running Windows nt, or Windows 95 or Windows 98, and they'd say, yeah, you can't touch it.
It's FDA approved. If you patch
those, days are over. Those days are over. So anytime you're gonna get some sort of excuse that says, oh, you're gonna break our FDA clearance? No, that's, you're gonna end up in the naughty house if you.
How are they gonna oversee this?
So as a cio, as a ciso who oversees, I mean, I don't remember the number of devices, but it's in the thousands of devices that we were overseeing. Yeah. That are our biomed devices and whatnot. Now the good news is today there's a lot of really good tools out there. There's Ordr there's Medigate there's arm, I mean, there's a lot of.
We'll tell you, we couldn't even get an accurate inventory back in the day. But we're gonna be required to do that now, I would assume.
Well, I mean, first of all, I mean I think that providers struggle because I'm not the technical person. I relay what they tell me. They say we struggle with asset inventory.
It is a huge issue is knowing what's on your network. Right? So that is obviously under the purview. However, if you don't have a software bill of materials, you're not really sure what's going on. So this is gonna tighten this up, right? And they're gonna have to put this stuff. on the FDA website, they're gonna have to put more things in reporting when they're submitting for their pre-market.
There's a whole bunch of more oversight that's coming to bear and the FDA actually for the past two years, maybe even more, has asked Congress like, Hey, could you give us some more authority? Could you pretty please wish to go and talk to we more authority? And guess what their wishes and dreams have come True.
, I mean, this is very important. And so, I think this is the start of the implementation of the statute. And again, I haven't read the notice yet, but there are things in there, like there's actually teeth. to this There's fines associated with non-compliance. Back to your original question, like, how does this affect my members?
It will make the job of the CIO in the CISO's life a little bit easier.
Easier, right? Because I mean, certain health systems, you just go in, they understand security and you say, Hey, we need funding for this. And they say, yes, but the reason you have to have a, a bill like this or have it attached to the omnibus.
Is because too many health systems are saying, yeah, we'll get to that when we're required to get to it. And so as a, as cio, I know that kind of backstop is helpful. Now I walk in and go, look, we have to do this.
So there's a lot of reasons why hospitals, health system providers may not necessarily be doing, like, everything I'm air quoting everything they should be doing around cyber. It would be disingenuous for me to suggest that there aren't some who are not paying enough attention. That's certainly an issue. However, there's also like resources. I mean, we didn't have enough resources before the pandemic. Right. You know, Workforce. I, I keep saying like, if you can't have the clinicians showing up for work, no one's gonna care about cybersecurity cuz they can't even keep their doors open.
Right. So we have a lot of financial constraints. That's one thing that. Fighting for, I mean, I think it's gonna be a really tough year in Capitol Hill because they want to go back to pre pandemic funding level. Some of the Republicans do, and so it's gonna present challenges across the entire like economy.
Who's gonna get that extra money? We of course, would like to see some resources for providers because it comes down to patient safety and national security. But are we gonna be successful? I don't know. I think it's a really, really hard, I think it's really hard to get money this. For anything.
So, but I have to just, if, you know, if you sit here and like wallow in your misery of like, what you didn't get you're not celebrating like the incremental things that we did get. And so the patch act is a good thing and so it will help. But I mean, we are gonna have to navigate this and HHS and Congress, Evenson Warner, who's the chairman of Senate Intelligence c.
Yeah, he's very focused on cyber. They're looking at standards, AK mandates, and we are willing to accept mandates cuz frankly we probably need them. However, it's gonna be really hard and I'm being like really hard to impose that without some sort of financial assistance because it is a shared responsibility.
Yeah. all right, we'll get back to our show in just a minute. We're excited. We have a great webinar for you in May on May 4th at one o'clock Eastern Time. It is part of our leadership series on modern data strategies in healthcare. In this webinar, we're going to explore data driven approaches to healthcare and how they can improve patient outcomes, increase efficiency and reduce cost, which are also critical at this time.
In this juncture in healthcare, our expert speakers will explore data governance, analytics, strateg. anything that can help healthcare providers gain actionable insights from healthcare data. We would love to have you there and we're excited about it. You can register on our website.
Just hit the leadership series, modern Data Strategies. It's gonna be in the top right hand corner of our website this week, health.com. you can discover how we are going to use data to be more efficient, effective in the modern healthcare system. we would love to have you join us again.
Hit the website this week, health.com. Top right hand corner. Sign up today. Hope to see you there. Now back to the show,
Yeah. Senator Warner is really advancing the cybersecurity. He's carrying the flag right now. Yes. How much is Chime informing that? How much is our membership informing that?
Well, after my three all-nighters in December to write our AK quasi manifesto his paper was really called that a messaging document.
It was long, it was like 28. So we wrote a very thoughtful and I think meaningful response back. I mean, he certainly has opened the door on a number of things like cyber insurance, right? Yeah. He's starting the conversation. He really, the whole, it was a smorgasborg of like options. And so we gave 'em like all of our thoughts and I think we were thought maybe something would shake out in q1, but we're almost in a Q1 and it hasn't happened.
But I think possibly they may be waiting to see what HHS is moving on some things. And so I think they want to see what HHS does. So there's some of that. Sinking up and, then the Biden administration released like their big cyber plan recently. There's a lot of irons in the fire here.
Cybersecurity is job one. What's job two, three, and four?
Well, I mean, on any given day, it just sort of depends like what would be sliding into slot two. But I think we have some space on telehealth. Pandemic is ending. Everyone pandemic is ending. It's over May 11th.
Right. So then, Yeah, so the public health emergency dollars go away, but a lot of that was shored up last year.thorities all the way through:
Like say some all providers using FaceTime, that stuff's going away. Like, you know, That's an ocr. Flexibility. So we'll be looking at that and just making sure there's so many policies that were loosened up. So that's one thing. Privacy, and, I mean, you and I have talked about privacy. We need a national privacy law, everyone we do.
And that is still, I think, in play and I think there's a growing nexus between what policy makers are doing on cyber and privacy. It hasn't yet happened. They may be looking maybe at children first, which is fine. You can just start somewhere. So we look at privacy. We wanna make sure there's no duplication of effort when it comes to what a HIPAA covered Indy would have to do.
We already have a lot of stuff we have to do. Right. So there's that. There's interoperability, 21st Century. First Century. You wanna ask me about that? I mean, yeah.
Well, I mean, 21st Century Cures is interesting cuz. It feels like we're in the implementation phase. We're looking at carrots and sticks at this point.
So I would assume this is top of mind if I were to walk into most health systems. But to be honest with you, when I have the conversation with CIOs they're focused on financial pressure. They're focused on,
yeah, it really, I mean, honestly, that goes back to my original statement is like, they were worried, late last year when.
I guess it was EHI definition changed and now you have to comply with information blocking in a more meaningful manner. What does this mean? There's a lot of unanswered questions and there was a fair amount of handwringing and anxiety leading up to that date. We asked the government to extend it a little bit more, to provide some more clarification.
They declined. It's not that surprising, but you know, I mean some of this is gonna be happening to be ironed out and as someone who went through like the whole HIPAA implement, if they do it the same way, you're not gonna go immediately find if you do something wrong.
Right. Right. It would've to be fairly egregious. Yeah. For you to really invoke that kind of wrath. So I think there'll be some lessons learned and there will be some folks who do the wrong thing and they'll have to be learning from those mistakes. But you're exactly really like they're, every CIO I've talked to while I've been here is like financial pressure.
National patient id, any movement there?
No. The answer is hard. No. On on that, guess what, we're still stuck in the same place we were. So we are examining,
I'm not laughing at this. I, the situation, I'm struggling at the way you said it. It's like, no hard. No,
No. That's, we're not, that's still not happening.
And , for the past few years, I've, pushed our, folks internally to say, okay, so if we. Removed Section five 10, super unsexy way of saying patient identifier standard. If we can't get that removed, what else could we do? So we are looking at some things last year we supported some like digital pieces, digital identification pieces, which may not be specific to healthcare, but have a use case in healthcare.
The banks are really into this. , and who's the champion Actually interesting. Represent Foster. Same person who championed for patient id. Nice nexus there. So we're just looking at where else we can move. And I have some irons that far. I'm not ready to talk about them yet, but we are looking at maybe, again, if you can't go over the mountain, go around it.
Curious, is this what you thought you'd be doing when you went to college and
No. I think I slept through social studies just to be clear. And I didn't care about it at all. I went in as an art major. Sometimes I feel like my creative side is a little malnourished, but you know, I mean, then I took a government affairs class in college and I got an, I was like, okay, this works.
Let's do this.
No, it's, I mean, , it's, I appreciate all the work that you're doing. How's the conference been? I saw you were doing
That calls under what I tell other duties as assigned Amari teaching yoga. Okay. All right. Yeah. But you look like you've done it before. I do. I, it's my.
Yeah. That's what I do for fun in my spare time. But I teach on the side just more for fun. Was that attended Well, or? I, well, day one was I will let people deduce why deci was not well attended. Shocking. I know.
then the. We have black rose last night, and probably less at, did you do it this
I, no I was like I'm draw on the line.
just no. Just the first few days. Well, I, Hey, I appreciate all the work that you're doing here. Thank you for your time.
Oh, gimme a hug, bill. Thanks for, thanks. Okay.
Another great interview. I wanna thank everybody who spent time with us at the conference. I love hearing from people on the front lines and it's phenomenal that they've taken the time to share their wisdom and experience with the community. It is greatly appreciated.
We wanna thank our partners, CDW, Rubrik, Sectra and Trellix, who invest in our mission to develop the next generation of health leaders. Thanks for listening. That's all for now.