AHA Testifies on Regulatory Burden, Cybersecurity

The AHA today discussed the need to reduce the regulatory burden on providers to improve patient care during a House Committee on Oversight and Government Reform Subcommittee on Intergovernmental Affairs hearing.
 
“A reduction in administrative burden will enable providers to focus on patients, not paperwork, and reinvest resources in improving care, improving health and reducing costs,” said John Riggi, AHA senior advisor for cybersecurity and risk.
 
Riggi said that “while federal regulation is necessary to ensure that health care patients receive safe, high-quality care, in recent years, clinical staff — doctors, nurses and caregivers — find themselves devoting more time to regulatory compliance, taking them away from patient care. Some of these rules do not improve care, and all of them raise costs.”
 
Specifically, Riggi discussed an AHA report on regulatory burden, which, among other findings, revealed that health systems, hospitals and post-acute care providers must comply with 629 discrete regulatory requirements across nine domains and spend nearly $39 billion a year solely on the administrative activities related to regulatory compliance. In addition, he said, an average-size hospital dedicates 59 full-time equivalents to regulatory compliance, over one-quarter of which are doctors and nurses, pulling clinical staff away from patient care responsibilities.
 
In AHA’s written statement for the hearing, Riggi also discussed the unique cybersecurity challenges confronting the health care sector, and how hospitals and health systems are responding.
 
“Hospitals and health systems have made great strides to defend their networks, secure patient data, preserve the efficient delivery of health care services, and most importantly, protect patient safety,” Riggi said. “However, we cannot do it alone. We need more active support from the government to defend patients from cyber threats … a ‘whole of nation approach’ is what is truly needed.”