HHS update on WannaCry and new OCR resources on reporting after cyberattacks
The AMA recently notified physicians of a global ransomware attack known as WannaCry, which jeopardized the security of computers and medical devices. The U.S. Department of Health and Human Services (HHS) is cautioning providers that it is aware of two large, multistate hospital systems that are continuing to face significant challenges to operations because of the WannaCry malware.
This is not a new WannaCry attack, but rather an effect of the virus remaining on a machine even after the machine's Windows software is patched and anti-virus software has been run. Those two activities block the virus from executing its encryption stage. However, the virus may still disrupt Windows operating systems in varying ways. For example, it may cause the device to reboot or display a "blue screen." HHS states that the virus will not spread from a machine where it still exists to a patched machine.
HHS also released new emergency contact information for the U.S. Food and Drug Administration (FDA) in the event that a practice experiences a suspected cyberattack affecting medical devices: (866) 300-4374. Reports of impact on multiple devices should be aggregated at a system/facility level.
Finally, the HHS Office of Civil Rights has released an infographic and quick-response checklist (PDF) to explain the steps a covered entity should take in response to a cyber-related security incident. It notes that covered entities must presume protected health information that is improperly accessed, acquired, used or disclosed at the time of a cyber-related security incident is a breach unless:
- The information was encrypted by the covered entity at the time of the incident.
- The entity determines through a written risk assessment that there was a low probability that the information was compromised during the breach.
New tool available to test EHR interoperability
The ability to exchange and display relevant patient information is a major factor in how well an electronic health record (EHR) system works in your practice and supports patient care. Many physicians send and receive "summary of care" documents; however, these documents are often very long and important information—like office notes and findings—is not integrated back in to the patient's record. These issues are often a result of the EHR vendor's conformance to federal technical standards.
The AMA is a strong proponent of increasing the usability and interoperability of EHRs and continues to call on the Office of the National Coordinator for Health IT (ONC)—which manages the federal process for certifying EHRs for use in programs like Meaningful Use and the Quality Payment Program (QPP)—to require EHRs better conform to national interoperability standards.
Recently, ONC created a new scorecard tool for EHR interoperability. The ONC One Click Scorecard is designed specifically to test the quality of documents used to exchange patient health information between EHRs. This tool is the health IT equivalent of an internet speed test. The scorecard can help uncover if your EHR is properly configured to send, receive and display medical documents. In addition to providing both a numerical and letter grade, the scorecard provides a user-friendly, categorized report that pinpoints areas for improvement.
Communicating the grade and areas for improvement back to your EHR vendor can help them improve your EHR's interoperability and usability. For more information in this new tool and how to use it, please visit ONC's scorecard website and a recent ONC blog post about the tool.
AMA makes recommendations to president's opioid crisis commission
In March, President Trump established a commission to recommend federal strategies for ending the epidemic of opioid overdose deaths. Chaired by New Jersey Gov. Chris Christie, the commission will hold its first meeting on June 16, followed by a teleconference on June 26 to review a draft interim report. Commission members include Massachusetts Gov. Charlie Baker, North Carolina Gov. Roy Cooper and former Rhode Island Congressman Patrick Kennedy.
The AMA recently wrote to the commission offering eight recommendations (PDF) for federal policy and action, including:
- Increasing access to evidence-based treatment for opioid use disorders.
- Implementing the National Pain Strategy.
- Removing barriers to electronic prescribing of controlling substances.
- Improving access to the overdose reversal drug naloxone.
- Integrating solutions to the opioid epidemic into federal payment programs.
The AMA also urged the commission to support continued Medicaid coverage for patients who need treatment for pain and/or opioid use disorder. Information about the commission and its meetings is available on the White House website.
