FWIW: Any day I get to send an XKCD cartoon to a federal agency like CMS is a good day. #CMSRFI
03.06.2025 12:15 β π 0 π 0 π¬ 0 π 0FWIW: Any day I get to send an XKCD cartoon to a federal agency like CMS is a good day. #CMSRFI
03.06.2025 12:15 β π 0 π 0 π¬ 0 π 0
From: https://xkcd.com/927 Situation: There are 14 competing standards. 14?! Ridiculous! We need to develop one universal standard that covers everyone's use cases. Yeah! Soon: Situation: There are 15 competing standards. Fortunately, the charging one has been solved now that we've all standardized on mini-USB. Or is it micro-USB? Shit.
I will share one though, on PC-10f (re: TEFCA)
f. Are there redundant standards, ... that should be consolidated?
There are always redundancies. QTF R1 is different from QTF R2, yet provides similar data, just at different granularity. Donβt try to consolidate standards. That just leads to:
So, what I'm actually doing right now is writing my responses to the #CMSRFI in a Word Document. I'll ship it out as BlueSky posts when I can. I do have some #HL7 #Connectathon stuff going on over the next two days, so probably towards the end of the week.
03.06.2025 12:06 β π 0 π 0 π¬ 1 π 0
Commenting on the #CMSRFI is a little bit different than commenting on regulation. It's just a bunch of questions to respond to. I've gathered them up in a Google Doc you can download here: docs.google.com/document/d/1...
02.06.2025 13:28 β π 0 π 0 π¬ 1 π 0
I've been doing regulatory tweet throughs of CMS and ASTP (formerly ONC) rules for years. Today, I'm doing the same for the CMS RFI on the Health Technology Ecosystem (see www.federalregister.gov/documents/20...) but on BlueSky first. The hashtag for this will be #CMSRFI.
02.06.2025 13:17 β π 2 π 0 π¬ 1 π 0Yeah! Something I've been working towards for the last 5 years is going to happen. That's it, that's the subtweet. Sorry I cannot say more. ππ₯³πΎ
28.05.2025 15:13 β π 1 π 0 π¬ 0 π 0
PointClickCare's Dean Slawson talks about making AI Trustworthy.
www.healthcareittoday.com/2025/03/19/a...
FeedSpot Top Healthcare Technology Blog
I guess I've still got it. I was just notified that I'm on the FeedSpot Top 100 Healthcare Technology blogs. bloggers.feedspot.com/healthcare_t...
10.04.2025 20:27 β π 3 π 0 π¬ 1 π 0
Our team needs an outstanding Senior Health IT Policy and Communications Manager to work with us. You will get to work with me and our highly skilled team of professionals who work with Federal, State and regional agencies in Healthcare IT.
Apply here: jobs.lever.co/pointclickca...
Are you attending #HIMSS25? Do you want to learn more about our Data Modernization tools? Catch up with me there, book a meeting via the HIMSS App, or through DMs here.
27.02.2025 02:09 β π 1 π 0 π¬ 0 π 0
Today I got to use an Apple Vision Pro for like 30 minutes, and I came away with two, immediate thoughts right in a row:
1.)
βThis is, without doubt, one of the most stunning new technologies Iβve ever used. Absolutely extraordinary.β
2.)
βI have absolutely zero uses for this in my work or lifeβ
I passed the test. Was there ever any doubt? Yes, actually. It's a challenging credential to earn.
09.01.2025 16:16 β π 2 π 0 π¬ 1 π 0You could ask ChatGPT for a 500-word summary of the new #HIPAA NPRM or you could just read mine: motorcycleguy.blogspot.com/2025/01/hipa...
08.01.2025 22:29 β π 2 π 0 π¬ 1 π 0That's the end for now on my read of changes in #HIPAA. There will be more as I must do deeper analysis on at least 3 sections.
08.01.2025 22:17 β π 2 π 0 π¬ 0 π 0
Finally, #HIPAA 164.320 Severability adds a clause that basically says:
If anything here is invalid or unenforceable, etc... it shall be interpreted to give the maximum effect & if necessary will be held separate so as to not affect anything else we said you gotta do.
#HIPAA 164.318 Transition was previously about Compliance deadlines & remains so, but in proposed rule, the text gets more convoluted and has to do with existing renewals and deeming compliance based on existing contracts. Get your lawyers to explain it, I'm not gonna.
08.01.2025 22:17 β π 0 π 0 π¬ 1 π 0#HIPAA 164.316 Documentation requirements is largely unchanged but somewhat restructured. The maintenance of documentation is strengthened from as needed to at least annually.
08.01.2025 22:17 β π 0 π 0 π¬ 1 π 0Which brings us to section 314 Organizational requirements. I would say this is largely unchanged except the new requirement that any time an organization activates its contingency plan it must notify the organization or group health plan it has a BAA with w/in 24 hours.
08.01.2025 22:17 β π 0 π 0 π¬ 1 π 0OK, #HIPAA Section 312 Technical Safeguards adds a lot of new content and is going to require deeper analysis.
08.01.2025 22:17 β π 0 π 0 π¬ 1 π 0
Moving on to #HIPAA Section 310, Physical Safeguards
Mostly the same, ADDED annual maintenance requirement to each standard whereby you must review & test policies & procedures at least annually.
And implementation specs for workstation use & technology assets (a.k.a., devices)
#HIPAA Section Β§β164.308 Administrative safeguards is very little like its predecessor, although I imagine it includes all of the requirements of that, plus a lot more.
I'm going to do a deeper review of the changes to #HIPAA 45 CFR 164.308 later.
In #HIPAA, Β§β164.306 Security standards: General rules is revised a bit, but mostly unchanged EXCEPT
(b)(2)(v) is added to require consideration effectiveness of the measure AND
(c) requires both standards & implementation specifications and (d) drops [THIS IS A BIG CHANGE].
Finally, 3 #HIPAA definitions changed:
Access: Add delete, transmit, substitute "component of an information system" for "system resource"
Malicious software: includes "firmware" with more description of the intent or impact
Technical Safeguards: Clarified & included technical controls as a subtype
With respect to "Reasonably educated", that includes neither lawyers nor regulatory pedants. Both are over-educated and so might actually care about the improved text in #HIPAA
Some #HIPAA definitions were clarified, but not really functionally changed from the perspective of a reasonably educated person.
* Administrative safeguards
* Information System
* Password
* Physical Safeguards
* Security or Security Measures
* Security Incident
* Workstation
Definitions were added for the following key #HIPAA terms:
* Deploy
* Implement
* Multifactor authentication
* Risk
* Technical Controls
* Vulnerability
And then we get to Subpart C, which is the remainder of the #HIPAA proposed rule changes
First, the definitions get an update ...
In the proposed #HIPAA security rule, A minor change to 45 CFR 160.103 simplifies the text of but expands the definition for Electronic Media.
08.01.2025 22:13 β π 0 π 0 π¬ 1 π 0
If you've been or catching up from hiding under a rock and getting back out from under after the holidays, there's a new #HIPAA Security Rule out for review.
www.federalregister.gov/documents/20...
Firing lasers⦠pew, pew, pew.
02.01.2025 08:48 β π 2 π 0 π¬ 0 π 0