Legislation Proposed to Bolster Digital Protections in Healthcare Sector
In a bid to bolster the security of protected health information (PHI), the US Department of Health and Human Services (HHS) has announced plans to update the HIPAA Security Rule. The updated rule, effective from January 2025, requires healthcare providers to implement enhanced security measures, including a specific level of authentication for accessing relevant IT systems. This is aimed at preventing unauthorised access and ensuring the confidentiality of PHI.
The updated rule also mandates the continuous testing of security measures to ensure they remain effective against evolving threats. To support this effort, the Cybersecurity and Infrastructure Security Agency (CISA) will provide training to the owners and operators of healthcare organizations on how to mitigate risks and test their security measures.
The collaboration between CISA and HHS includes facilitating the sharing of cyber threat intelligence between the agency and department. This collaboration is expected to strengthen the healthcare sector's defences against cyber attacks.
CISA will submit reports to Congress on the support and activities it has provided to the healthcare and public health sector. The reports will provide transparency and accountability, ensuring the public is informed about the measures being taken to protect their PHI.
In a significant move, an objective criteria for determining high-risk assets in the healthcare sector is being established. Owners and operators of these assets will be notified, allowing them to take immediate action to secure their systems.
The Healthcare Cybersecurity Bill, introduced by Congressman Jason Crow (D-CO) on June 10, 2022, requires CISA and HHS to collaborate on improving cybersecurity in both the healthcare and public health sectors. The bill aims to expand the federal government's role in preventing and responding to data breaches of Americans' medical data.
Congressman Brian Fitzpatrick (R-PA) commented that the Healthcare Cybersecurity Bill empowers CISA and HHS to coordinate real-time threat sharing, expand cybersecurity training for providers, and establish a dedicated liaison to bolster response.
The bill also outlines the Director of CISA's responsibility for coordinating cooperation between CISA and HHS within the health and public health sector. This coordination is crucial in addressing the unique cybersecurity challenges faced by the healthcare sector.
The collaboration between CISA and HHS comes in the wake of a significant disruption to patient care caused by the Change Healthcare incident. In January 2025, 190 million US citizens' personal and medical data records were impacted by the Change Healthcare ransomware attack in 2024.
The HHS and CISA are also creating a healthcare sector-specific risk management plan, including evaluating best practices for government support of security. This plan is expected to provide a comprehensive approach to improving the cybersecurity posture of the healthcare sector.
The updates to the HIPAA Security Rule and the passage of the Healthcare Cybersecurity Bill mark a significant step forward in protecting the privacy and security of Americans' medical data. The collaboration between CISA and HHS is expected to strengthen the healthcare sector's defences against cyber attacks and ensure the confidentiality, integrity, and availability of PHI.
Read also:
- Trump's SNAP reductions and New York City Council's grocery delivery legislation: Problems for city residents highlighted
- Reducing dental expenses for elderlies in Sweden: Over 50% cut in charges for pensioners by the government
- Forty-year-old diet: A list of meal choices to savor
- Exiled Life's Conundrum: A Blend of Liberation, Disillusionment, and Distress
