Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy
  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

A Bipartisan Effort to Focus on Healthcare Cybersecurity

Share

House Energy and Commerce Committee members Reps. Billy Long (R-Mo.) and Doris Matsui (D-Calif.) introduced the HHS Cybersecurity Modernization Act earlier this month in a bipartisan effort to address cybersecurity threats to the Department of Health and Human Services (HHS).  Representatives Long and Matsui have both described the bill, H.R. 4191, as a stepping-stone towards improving cybersecurity at HHS and the health care industry at large. However, the bill does not authorize any additional appropriations to do so.

The proposal would amend Title II of the Public Health Service Act by adding a section that:

  1. Authorizes the Secretary of HHS to designate an officer with the primary responsibility of overlooking HHS information security programs, including cybersecurity, and who will report directly to either the Secretary or his or her designee. As a reminder, earlier this year, the Healthcare Cybersecurity Task Force, a working group created under Section 405 of the Cybersecurity Act of 2015, recommended such a leadership position to supervise and oversee industry efforts. (For additional information, read our team’s insights on the task force’s report  and the big take-aways for the health care industry.)
  2. Provides the Secretary the authority to transfer, and in effect consolidate, the function and role of the HHS Chief Information Security Officer with the new officer position.
  3. Directs the Secretary of HHS to develop and submit a plan to the House Committee on Energy and Commerce and the Senate Committee on Health, Education, Labor, and Pensions on how HHS will prepare for and respond to cybersecurity threats. The plan must:
  • Describe how HHS and its agencies will coordinate to maintain the security and integrity of their respective information systems, and how they will provide regulation, guidance, information, education, training and assistance to the health care industry, and any anticipated challenges in doing so.
  • Differentiate between HHS’s role in regulating the health care industry and its role as a coordinator, namely the Sector-Specific Agency, for the health care industry.

The bill’s introduction came on the heels of the departure of Deven McGraw, deputy director for health information privacy for HHS’s Office for Civil Rights (HHS-OCR).  Illiana Peters is currently the acting deputy director for health information privacy at HHS-OCR.  Peters’ appointment combined with the push to improve health care cybersecurity under H.R. 4191 indicates a great likelihood that HHS-OCR is zeroing in on health care cybersecurity.

If you have questions about health care cybersecurity, please contact any member of Drinker Biddle’s Health Care Group or Information, Privacy, Security and Governance Group.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Sumaya M. Noush

Sumaya Noush counsels health care clients on strategic and operational matters, including transactions, corporate governance and regulatory compliance. View Sumaya's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

November 16, 2017
Written by: Sumaya M. Noush
Category: Cybersecurity, Health Care, HHS, HHS/OCR, Privacy

Post navigation

Previous Previous post: A.G. Schneiderman Announces SHIELD Act to Protect New Yorkers
Next Next post: FDA Approves First Digital Pill

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT