New Bipartisan Bill Would Create Cybersecurity Position at HHS

At a time when large-scale data breaches have frequently dominated headlines, experts have repeatedly warned that many health care organizations are not well prepared for cyberattacks, with some calling on the government to do more to provide support. Now, two Members of Congress are seeking to ensure that the Department of Health and Human Services (HHS) makes cybersecurity a priority. As Fierce Healthcare first reported, Rep. Billy Long (R-MO) and Rep. Doris Matsui (D-CA) have introduced legislation, the HHS Cybersecurity Modernization Act, that would create a leadership position at the agency with specific responsibility for information security. “As technology plays an increasingly important role in our health care system, we must ensure that our data security practices keep pace,” said Rep. Matsui in a statement. “Patients deserve to know that their medical information is safe, and hospitals, manufacturers and insurance companies that handle patient data need guidance to ensure they are following best practices.”

The legislation would officially authorize the HHS Secretary to designate an individual with “primary responsibility for the information security (including cybersecurity) programs of the Department,” per its text. In addition, the agency would be required to submit an official plan to Congress on its preparations for potential health care cyberattacks. Rep. Long and Rep. Matsui also introduced a version of the legislation in the previous Congress; the current version, per Rep. Matsui, “builds on” the earlier bill. Said Rep. Long, “Cybersecurity threats are nothing new, but how we respond to them needs to improve and this bill is an important step in strengthening our cybersecurity efforts at HHS and in the health care community.”

Some health IT advocacy groups are already weighing in to express support for the legislation. College of Healthcare Information Management Executives (CHIME) VP of Government Affairs Leslie Krigstein, for her part, praised Reps. Long and Matsui on Twitter “for their continued leadership in health care cybersecurity.” The bill is also in keeping with one of the items on the “wish list” that Healthcare Information and Management Systems Society (HIMSS) had put together for Congress earlier this fall—the “[elevation of] the Chief Information Security Officer (CISO) as a peer of the HHS Chief Information Officer (CIO).” Further, such a change had been recommended in a June report from the HHS Cybersecurity Task Force.

Click here to read the Fierce Healthcare article on the Long-Matsui cybersecurity legislation.

Click here to read the press release from Rep. Doris Matsui and Rep. Billy Long on the cybersecurity legislation.

Click here to read the full text of the Long-Matsui cybersecurity legislation.


Leave a Reply