CHIME, AEHIS Voice Support for Medical Device Cybersecurity Act | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

CHIME, AEHIS Voice Support for Medical Device Cybersecurity Act

August 2, 2017
by Rajiv Leventhal
| Reprints

Two healthcare IT industry groups—CHIME and AEHIS—have voiced their support for a bill that would aim to make the cybersecurity capabilities of medical devices more transparent to providers, and which would clarify expectations concerning security enhancements and maintenance of medical devices.

The legislation, (S.1656), the Medical Device Cybersecurity Act of 2017, was introduced by Senator Richard Blumenthal (D-CT) last week. The bill also establishes a cybersecurity emergency response team.

The Department of Health and Human Services’ (HHS) Health Care Industry Cybersecurity Task Force report, delivered to Congress in June, highlighted the critical state of the healthcare industry’s cybersecurity posture. Among many other issues, the report offered a number of suggestions to improve medical device cybersecurity, some of which have been included in the Medical Device Cybersecurity Act of 2017.

Drilling down, the Medical Device Cybersecurity Act of 2017 seeks to improve medical device security with actions such as:

• Increasing transparency of medical device security by creating a cyber report card for devices and mandating testing prior to sale

• Bolstering remote access protections for medical devices in and outside of the hospital

• Ensuring crucial cybersecurity fixes or updates remain free and do not require FDA recertification

Recent statements by Liz Johnson, CHIME (the College of Healthcare Information Management Executives) board chair and CIO of Acute Care Hospitals and Applied Clinical Informatics at Tenet Healthcare and Deborah Stevens, AEHIS (the Association for Executives in Healthcare Information Security) board chair and chief security officer at Tufts Health Plan showed support for the legislation.

“CHIME members continue to identify cybersecurity as their top priority. The potential risks that networked medical devices pose to patients have been of great concern for our membership,” said Johnson. “We appreciate Senator Blumenthal’s leadership and interest in this complicated issue as providers try to ensure that patients get the benefits that medical devices offer without exposing them to potential safety risks. CHIME is pleased to endorse this legislation. We look forward to continuing a dialogue with members of Congress, the administration and industry partners on this critical issue.”

Added Stevens, “The recent cyber attacks underscore the importance of this legislation. WannaCry and Petya shined a bright light on the vulnerabilities in the healthcare sector and more specifically with medical devices. On behalf of the AEHIS membership we applaud Senator Blumenthal for taking on this important issue.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Seven PA Health Systems Partnering on Healthy Food Access Pilot

Seven health systems in the Philadelphia are are partnering with community organizations, public health departments and insurers on a Healthy Food Access Pilot aimed at addressing food insecurity in the region.

Independence Health, Comcast to Partner on Healthcare Technology Platform

Independence Health Group, parent of Independence Blue Cross, and Comcast announced a partnership to launch a patient-centered technology and communications platform that seeks to improve the overall efficiency and experience of the care delivery process between providers and patients.

Health IT Trade Groups Push CMS for MIPS 90-Day Reporting Period

MGMA, AMA and 47 other physician organizations have sent a letter to CMS, calling for the federal agency to reduce the burden of the Merit-based Incentive Payment System (MIPS) by shortening the quality data reporting period from 365 to 90 days.

VA Chief Information Officer Scott Blackburn Resigns

The Department of Veterans Affairs’ (VA) acting chief information officer (CIO), Scott Blackburn, has resigned from his position, effective immediately.

HIT Advisory Committee Advances Recommendations on Core Data for Interoperability

The Health Information Technology Advisory Committee, a federal advisory committee to the Office of the National Coordinator for Health IT (ONC), voted Wednesday to approve nine recommendations to update the list of data elements that vendors must exchange to be considered interoperable.

ACP Study: Only 37 Percent of MIPS Measures Are Valid

A new study from the American College of Physicians Performance Measurement Committee rated as valid only 37 percent of the 86 Quality Payment Program measures for 2017 deemed relevant to ambulatory general internal medicine.