Following the passage in the U.S. Senate on Oct. 27 of legislation that will enable information-sharing to support cybersecurity, the leading associations of CIOs and CISOs (chief information security officers) in the U.S. applauded Senate leaders for passage of the bill.
A joint statement released Tuesday evening said, ”The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Health Information Security (AEHIS) today welcomed passage of the Cybersecurity Information Sharing Act of 2015 (CISA) by the Senate. Once enacted by the president, CISA will represent a significant advancement in cybersecurity and better enable the nation's chief information officers (CIO) and chief Information security officers (CISO) to better protect patient health information.”
The statement went on to say, “CISA will allow CIOs and CISOs to share threats and vulnerabilities through a secure national information-sharing infrastructure with the necessary liability protections in place and will not risk patient trust. As an important piece of the nation's critical infrastructure, it is vital that healthcare organizations have the tools and information they need to identify and more effectively defend against growing cyber threats.”
What’s more, the statement went on to say, “CHIME and AEHIS are especially encouraged that the Senate-approved bill includes language that would establish a cybersecurity framework specifically focused on healthcare and instructs the Department of Health and Human Services to identify a specific leader on cyber preparedness.”
And it quoted CHIME president and CEO Russell Branzell as saying that "The nation's CIOs and CISOs have been assigned the daunting task of securing patient information in a highly digital environment. Threats are evolving and there's no respite on the horizon. We've seen bad actors target large insurers, academic medical centers and community hospitals alike,” Branzell said. “We need to ensure our CIOs and CIOs have the resources they need, including the ability to share cyber threat information, to protect patient data.”
The associations’ statement added that they urged the Department of Health and Human Services to convene healthcare industry stakeholders “to develop industry-specific standards for protecting health information from cyber criminals and other sources of threats”; and urged HHS “to promote better cybersecurity information sharing between the private sector and government, and enhance collaboration and information sharing amongst the private sector.” And the associations urged Congress to “pursue legislative action to strengthen information-sharing networks across public and private stakeholders, with emphasis on healthcare.”
Healthcare Informatics will continue to update readers on new developments in this story.