House Introduces HHS Data Protection Act of 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

House Introduces HHS Data Protection Act of 2016

April 27, 2016
by Rajiv Leventhal
| Reprints

Two House Energy and Commerce Committee members have introduced a bill that would reform the Department of Health and Human Services (HHS) to designate the HHS Chief Information Security Officer (CISO) as the primary authority on all matters of information security at the agency.

The bill, the “HHS Data Protection Act of 2016,” is from representatives Billy Long (R-MO) and Doris Matsui (D-CA).  Following their investigation into the vulnerability of federal agency networks, The House Energy & Commerce Committee released their “Information Security at the Department of Health and Human Services” study last August. Among the results was proof that five HHS operating divisions had been breached using unsophisticated means, and further non-public HHS Office of Inspector General (OIG) reports detailing seven years of deficiencies across HHS’s information security programs, according to statement from the office of Congressman Long.

The bill calls for the position of HHS CISO, to be appointed by the president, to begin on Oct. 1, 2016. “The Secretary shall transfer the functions, personnel, assets, and liabilities of the Chief Information Security Officer in the Office of the Chief Information Officer of the Department of Health and Human Services as such position on September 30, 2016 to the Chief Information Security Officer,” the bill states.

What’s more, Long said the study also demonstrates that throughout HHS and its operating divisions, when information security is put under the purview of the chief information officer, operations become the priority concern while security becomes a secondary interest. Included in the report are a number of recommendations to improve information security at HHS and its operating divisions.

“It is impossible to completely eradicate the threat of cyber attacks, but the American people deserve to know that their sensitive information is being safeguarded with the utmost security,” Long said in a statement. “In light of recent data breaches across America’s federal agencies, we have the responsibility to root out vulnerabilities and maximize data protection to give them that peace of mind.”

Congresswoman Matsui added, “The integration of information technology into nearly every aspect of our daily lives means our security landscape has changed dramatically. As the network of cyber criminals becomes increasingly sophisticated, our operational structures and strategies must evolve accordingly. This common sense legislation incentivizes best security practices and encourages organizational efficiencies as our federal agencies continue to confront the modern threat environment.”

The HHS Data Protection Act follows the report’s recommendation to make the Chief Information Security Officer the “primary authority for information security” and moving all information security functions to the general or chief counsel’s office, where reducing and mitigating risk is the primary function.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.