Senate Bill Calls for Health-Specific Cyber Framework
Key Takeaway: A provision included in the Cybersecurity Information Sharing Act or “CISA” directs the Department of Health and Human Services to work with the National Institute for Standards and Technology (NIST) and the Department of Homeland Security (DHS.)
Why It Matters: CHIME and AEHIS members have called on Congress and HHS over the last few years to provide additional resources to the nation’s hospitals and health systems to assist them in improving their cyber readiness. As an important piece of the nation’s critical infrastructure, it is vital that healthcare organizations have the tools and information they need to identify and more effectively defend against growing cyber threats.
An important first step to improving the nation's defenses is the ability to share cyber threat information in a trusted environment without risking patient confidence in our systems. The Cybersecurity Information Sharing Act (S.754), or CISA, would allow private entities to share threat information with the federal government for the betterment of the nation's overall security.
Further, Section 405 of the Manager’s Amendment contains provisions that are critical for ensuring the nation’s hospitals and health systems are better equipped with the resources they need to secure patient information. Just two weeks ago in a congressional briefing, CHIME members called on the federal government to work with healthcare stakeholders to develop industry-specific standards for protecting health information from cyber criminals.
Section 405 entitled, “Improving Cybersecurity in the Health Care Industry,” (beginning on page 101) has three major provisions:
- Requests a report to be submitted to Congress outlining what official within HHS is responsible for leading and coordinating efforts regarding cybersecurity
- The creation of a taskforce of healthcare industry stakeholders to analyze the unique nature of healthcare relative to cybersecurity
- Directs HHS to work with NIST, DHS, industry stakeholders to determine an appropriate single, voluntary framework that establishes a common set of security practices and standards that pertain to healthcare organizations, supports the voluntary adoption and implementation efforts to improve safeguards and is consistently updated and made applicable to the range of healthcare organizations.
CHIME is a member of the Protecting America' Cyber Networks Coalition and a supporter of the CISA legislation. We encourage you to use CHIME's Congressional Advocacy Portal to tell your senators today about the importance of being able to share cybersecurity threats across organizations.
House Bill would Eliminate Meaningful Use Penalties
Key Takeaways: The “Putting Patients and Providers Ahead of Compressed Regulatory Timelines Act of 2015” or “Meaningful Use Act” introduced last week, would eliminate meaningful use penalties and reimburse providers who have been subject to such penalties in 2015.
Why It Matters: Congressional interest in the meaningful use program continues to grow, as the latest legislative push from Representative Steve King (R-IA-04) would eliminate meaningful use penalties for hospitals and physicians.
In a statement accompanying the introduction of the bill, Rep. King said, “The significant and ongoing financial cost of compliance is a deal breaker for many providers who simply cannot handle the financial burden and risks associated with EHRs. The demands of this onerous program means fewer dollars for staff and supplies necessary to attend to patients.”
The legislation is cosponsored by Representatives Marsha Blackburn (R-TN-07) and Ryan Zinke (R-MT-AL).