CHIME, AEHIS Voice Support for Medical Device Cybersecurity Act | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

CHIME, AEHIS Voice Support for Medical Device Cybersecurity Act

August 2, 2017
by Rajiv Leventhal
| Reprints

Two healthcare IT industry groups—CHIME and AEHIS—have voiced their support for a bill that would aim to make the cybersecurity capabilities of medical devices more transparent to providers, and which would clarify expectations concerning security enhancements and maintenance of medical devices.

The legislation, (S.1656), the Medical Device Cybersecurity Act of 2017, was introduced by Senator Richard Blumenthal (D-CT) last week. The bill also establishes a cybersecurity emergency response team.

The Department of Health and Human Services’ (HHS) Health Care Industry Cybersecurity Task Force report, delivered to Congress in June, highlighted the critical state of the healthcare industry’s cybersecurity posture. Among many other issues, the report offered a number of suggestions to improve medical device cybersecurity, some of which have been included in the Medical Device Cybersecurity Act of 2017.

Drilling down, the Medical Device Cybersecurity Act of 2017 seeks to improve medical device security with actions such as:

• Increasing transparency of medical device security by creating a cyber report card for devices and mandating testing prior to sale

• Bolstering remote access protections for medical devices in and outside of the hospital

• Ensuring crucial cybersecurity fixes or updates remain free and do not require FDA recertification

Recent statements by Liz Johnson, CHIME (the College of Healthcare Information Management Executives) board chair and CIO of Acute Care Hospitals and Applied Clinical Informatics at Tenet Healthcare and Deborah Stevens, AEHIS (the Association for Executives in Healthcare Information Security) board chair and chief security officer at Tufts Health Plan showed support for the legislation.

“CHIME members continue to identify cybersecurity as their top priority. The potential risks that networked medical devices pose to patients have been of great concern for our membership,” said Johnson. “We appreciate Senator Blumenthal’s leadership and interest in this complicated issue as providers try to ensure that patients get the benefits that medical devices offer without exposing them to potential safety risks. CHIME is pleased to endorse this legislation. We look forward to continuing a dialogue with members of Congress, the administration and industry partners on this critical issue.”

Added Stevens, “The recent cyber attacks underscore the importance of this legislation. WannaCry and Petya shined a bright light on the vulnerabilities in the healthcare sector and more specifically with medical devices. On behalf of the AEHIS membership we applaud Senator Blumenthal for taking on this important issue.”

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Class Action Lawsuit Claims eClinicalWorks Deficiencies Led to Inaccurate Medical Records

A class action lawsuit filed Thursday in the U.S. District Court in the Southern District of New York alleges that electronic health records vendor eClinicalWorks failed “millions of patients by failing to maintain the integrity of patients’ records.”

HHS Secretary Names Three Members to HIT Advisory Committee

The U.S. Department of Health and Human Services (HHS) Acting Secretary Eric D. Hargan named three members to the Health Information Technology Advisory Committee (HITAC), established by the 21st Century Cures Act.

Survey Gauges Health System Preparedness for Quality Payment Program

A new survey indicates that most healthcare organizations are relying on EHRs and population health management solutions for quality performance management. However, survey respondents also report low satisfaction with these solutions, which puts organizations at risk of falling short of their goals for maximizing payment incentives.

House Committee Examining Personnel and Organizational Changes at HHS Cybersecurity Center

The House Committee on Energy and Commerce is examining whether the U.S. Department of Health and Human Services (HHS) retaliated against two key HHS cybersecurity officials and whether those actions weakened the federal agency’s role in responding to healthcare cybersecurity incidents.

Large Physician Group Joins Michigan’s Growing Statewide HIE Network

Oakland Physician Network Services (OPNS) has joined the Michigan Health Information Network Shared Services (MiHIN), a statewide health information network that continues to grow with now its 13th health information exchange qualified organization.

Survey Indicates Major Jump in Telemedicine Adoption in Past Three Years

A new survey shows broad acceptance of telemedicine services among health care executives and providers compared to just three years ago as 76 percent of healthcare professionals said their organizations currently offer or plan to offer telemedicine services.