The latest version of the NIST Cybersecurity Framework addresses supply chain cybersecurity and offers a more comprehensive treatment of identity management.
As a first line of defense, the National Institute of Standards and Technology’s Cybersecurity Framework helps federal, state and local governments — as well as organizations across all industry sectors — manage cybersecurity-related risk.
Version 1.1 is an update to the original released in February 2014 and is meant to serve as a living document where changes can be made as cyber environments and risks shift.
The two versions are fully compatible. The additions, including new categories and subcategories, do not invalidate uses or work products in the first version of the Framework. “We didn’t want to change the framework substantially so the two frameworks could work with each other,” NIST Cybersecurity Framework Program Manager Matt Barrett said during an April 27 webinar on the Framework update.
The changes to the framework are based on feedback collected through public calls for comments, questions received by team members and workshops held in 2016 and 2017.
Changes include adding a new category for managing supply chain risk, that includes an assessment process for commercial off-the-shelf IT products and services.
Eight subcategories were added, and language was refined in several places, such as clarifying what “compliance” means for various stakeholders. A new section on self-assessment for cybersecurity risk was added, and the access control category has also been changed to better account for authentication, authorization and identity proofing.
In addition, information has been added to implementation tiers and profiles to reflect considerations within an organization’s risk management program. Another subcategory has also been added to address coordinated vulnerability disclosure.
NIST refines Cybersecurity Framework Read Version 1.1 of the Framework click here.
A recent Black Book survey found that 85 percent of physicians depend on their core health system to enable EHR interoperability.
EHR Interoperability Issues Plague 36% of Medical Record Admins
Physicians who are not on the same EHR platform report having EHR interoperability issues and that they cannot use patient data from external sources.
– There has been small improvement in medical record administrators being able to exchange patient health records with other providers, with 36 percent stating they have EHR interoperability issues with that task, according to recent Black Book research.
Forty-one percent of medical record administrators reported the same data exchange issues in 2016.
The majority of network physicians – 85 percent – said they depend on their core EHR health system to enable interoperability, Black Book found. This helps providers as they work to improve initiatives in population health, precision medicine and value-based payment models.
For the report, Black Book interviewed just over 3,000 crowdsourced, current hospital EHR users.
“In 2018, 57 percent of hospital network physician practices operating on assorted EHRs report they continue to lack the financial and technical expertise to adopt complex interoperability which are compulsory to attain higher reimbursements built into value-based care initiatives by both public and private payers,” Black Book Research Managing Partner Doug Brown said in a statement.
Approximately one-quarter of surveyed physicians said they still cannot utilize a lot of meaningful patient information received electronically from external sources as currently shared outside siloed EHRs.
For Q1 2018, 62 percent of hospitals are not using information outside of their own EHR because external provider data is not available in their EHR systems’ workflow. One-third of respondents also said that the data that they can view cannot be trusted because of the disparate systems between providers.
Just over one-quarter – 27 percent – of medical record administrators said transferred patient data was not presented in a useful format. In 2017, 22 percent reported the same issue.
Seventy-eight percent of hospitals said they have not prioritized or budgeted more meaningful improvements in patient engagement, interoperability or patient communications for 2018.
However, 92 percent of younger healthcare consumers were dissatisfied with their inpatient provider experience where complete medical records were not offered. Eighty-five percent of younger healthcare consumers reported dissatisfaction when telehealth options were not offered.
Healthcare consumers under the age of 40 were also more likely to desire reliable technological options at their provider, the report found. Eighty-nine percent of those respondents said they are unsatisfied with an organization’s technology capabilities, while 84 percent said they are looking for the most technologically advanced and electronically communicative provider.
“Healthcare consumers more frequently interact through electronic media in 2018, and while they value contact with their providers, they don’t have the patience for lacks in hospital interoperability, incorrect billing and access to scheduling and results,” Brown explained.
The majority of consumers – 80 percent – were also more likely to blame the hospital system itself instead of the EHR systems or financial technology for a lack of patient record portability and access.
Black Book also found that 69 percent of healthcare consumers cited business office and insurance processes as the most important moment when overall satisfaction of a hospital organization is concluded. This was for cases when patient care met patient expectations.
“Part of this is probably due in part to patient expectations that have been set beyond most hospital’s technological capabilities for interoperability with both other providers and payors,” Brown stated.
He added that healthcare IT systems’ revenue cycle management channels had the lowest positive experience.
Respondents said Epic and athenahealth offer equally efficient health data exchange, but Epic EHRs were much easier to use than athenahealth EHRs once retrieved.
Both Epic and athenahealth let users share EHRs without investing as much effort, the report showed. Epic clients have to put forth the least amount of effort, as it has a quick verification process and users can take advantage of Care Everywhere, eHealth Exchange, and Carequality.
In comparison, eClinicalWorks, GE Healthcare, Greenway Health, MEDITECH, NextGen Healthcare, and Allscripts reportedly provided interoperability experiences that require “heavy lift, custom connections to external EMRs and HIEs.”
“Traditionally, patient-record sharing has been accomplished with expensive, custom-made point-to-point connections between healthcare organizations as well as local and regional HIE networks,” report authors explained.
“Fortunately, additional options are taking shape where EMR vendors build ‘plug-and-play’ connectivity into their EMR products, enabling quick, easy, and inexpensive connections between providers across national networks.”