Skip to content Skip to navigation

House Introduces HHS Data Protection Act of 2016

April 27, 2016
by Rajiv Leventhal
| Reprints

Two House Energy and Commerce Committee members have introduced a bill that would reform the Department of Health and Human Services (HHS) to designate the HHS Chief Information Security Officer (CISO) as the primary authority on all matters of information security at the agency.

The bill, the “HHS Data Protection Act of 2016,” is from representatives Billy Long (R-MO) and Doris Matsui (D-CA).  Following their investigation into the vulnerability of federal agency networks, The House Energy & Commerce Committee released their “Information Security at the Department of Health and Human Services” study last August. Among the results was proof that five HHS operating divisions had been breached using unsophisticated means, and further non-public HHS Office of Inspector General (OIG) reports detailing seven years of deficiencies across HHS’s information security programs, according to statement from the office of Congressman Long.

The bill calls for the position of HHS CISO, to be appointed by the president, to begin on Oct. 1, 2016. “The Secretary shall transfer the functions, personnel, assets, and liabilities of the Chief Information Security Officer in the Office of the Chief Information Officer of the Department of Health and Human Services as such position on September 30, 2016 to the Chief Information Security Officer,” the bill states.

What’s more, Long said the study also demonstrates that throughout HHS and its operating divisions, when information security is put under the purview of the chief information officer, operations become the priority concern while security becomes a secondary interest. Included in the report are a number of recommendations to improve information security at HHS and its operating divisions.

“It is impossible to completely eradicate the threat of cyber attacks, but the American people deserve to know that their sensitive information is being safeguarded with the utmost security,” Long said in a statement. “In light of recent data breaches across America’s federal agencies, we have the responsibility to root out vulnerabilities and maximize data protection to give them that peace of mind.”

Congresswoman Matsui added, “The integration of information technology into nearly every aspect of our daily lives means our security landscape has changed dramatically. As the network of cyber criminals becomes increasingly sophisticated, our operational structures and strategies must evolve accordingly. This common sense legislation incentivizes best security practices and encourages organizational efficiencies as our federal agencies continue to confront the modern threat environment.”

The HHS Data Protection Act follows the report’s recommendation to make the Chief Information Security Officer the “primary authority for information security” and moving all information security functions to the general or chief counsel’s office, where reducing and mitigating risk is the primary function.



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.