House Introduces HHS Data Protection Act of 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

House Introduces HHS Data Protection Act of 2016

April 27, 2016
by Rajiv Leventhal
| Reprints

Two House Energy and Commerce Committee members have introduced a bill that would reform the Department of Health and Human Services (HHS) to designate the HHS Chief Information Security Officer (CISO) as the primary authority on all matters of information security at the agency.

The bill, the “HHS Data Protection Act of 2016,” is from representatives Billy Long (R-MO) and Doris Matsui (D-CA).  Following their investigation into the vulnerability of federal agency networks, The House Energy & Commerce Committee released their “Information Security at the Department of Health and Human Services” study last August. Among the results was proof that five HHS operating divisions had been breached using unsophisticated means, and further non-public HHS Office of Inspector General (OIG) reports detailing seven years of deficiencies across HHS’s information security programs, according to statement from the office of Congressman Long.

The bill calls for the position of HHS CISO, to be appointed by the president, to begin on Oct. 1, 2016. “The Secretary shall transfer the functions, personnel, assets, and liabilities of the Chief Information Security Officer in the Office of the Chief Information Officer of the Department of Health and Human Services as such position on September 30, 2016 to the Chief Information Security Officer,” the bill states.

What’s more, Long said the study also demonstrates that throughout HHS and its operating divisions, when information security is put under the purview of the chief information officer, operations become the priority concern while security becomes a secondary interest. Included in the report are a number of recommendations to improve information security at HHS and its operating divisions.

“It is impossible to completely eradicate the threat of cyber attacks, but the American people deserve to know that their sensitive information is being safeguarded with the utmost security,” Long said in a statement. “In light of recent data breaches across America’s federal agencies, we have the responsibility to root out vulnerabilities and maximize data protection to give them that peace of mind.”

Congresswoman Matsui added, “The integration of information technology into nearly every aspect of our daily lives means our security landscape has changed dramatically. As the network of cyber criminals becomes increasingly sophisticated, our operational structures and strategies must evolve accordingly. This common sense legislation incentivizes best security practices and encourages organizational efficiencies as our federal agencies continue to confront the modern threat environment.”

The HHS Data Protection Act follows the report’s recommendation to make the Chief Information Security Officer the “primary authority for information security” and moving all information security functions to the general or chief counsel’s office, where reducing and mitigating risk is the primary function.



Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.

HHS Announces Winning Solutions in Opioid Code-a-Thon

The U.S. Department of Health and Human Services (HHS) hosted this week a first-of-its-kind two-day Code-a-Thon to use data and technology to develop new solutions to address the opioid epidemic.

In GAO Report, More Concern over VA VistA Modernization Project

A recent Government Accountability Office (GAO) report is calling into question the more than $1 billion that has been spent to modernize the Department of Veterans Affairs' (VA) health IT system.

Lawmakers Introduce Legislation Aimed at Improving Medicare ACO Program

U.S. Representatives Peter Welch (D-VT) and Rep. Diane Black (R-TN) have introduced H.R. 4580, the ACO Improvement Act of 2017 that makes changes to the Medicare accountable care organization (ACO) program.