Senators Introduce Bill for Stricter Cybersecurity Standards in Healthcare
Health & WellnessUS News

Senators Introduce Bill for Stricter Cybersecurity Standards in Healthcare

135

TL/DR –

Senators Ron Wyden and Mark Warner have proposed the Health Infrastructure Security and Accountability Act, aiming to implement minimum cybersecurity norms within the healthcare industry. The bill includes the requirement for annual independent security audits, eliminating limits on fines under the Health Insurance Portability and Accountability Act (HIPAA), and imposing potential jail time for CEOs who lie about their cybersecurity practices. The legislation will also allocate $1.3 billion to help hospitals meet enhanced cybersecurity standards.

Health Infrastructure Security and Accountability Act to Enhance Cybersecurity in Healthcare

Senators Ron Wyden (D-Ore.) and Mark Warner (D-Va.) have introduced the Health Infrastructure Security and Accountability Act, aimed at establishing minimum cybersecurity standards in the healthcare sector. The bill would enforce these standards on providers, health plans, clearinghouses, and business associates, strengthening security in the healthcare ecosystem.

This proposed Act would also eliminate the current cap on HIPAA fines, creating a stronger deterrent against large corporations neglecting robust cybersecurity measures. This is in response to the recent Change Healthcare cyberattack, which underscored the dangers of single points of failure in the US healthcare system.

Key Provisions of the Health Infrastructure Security and Accountability Act

The Act outlines several essential healthcare cybersecurity topics, requiring the HHS secretary to develop and enforce minimum and enhanced security measures within two years. It would also mandate businesses to perform annual independent security audits and stress tests to assess their resilience after a cybersecurity incident.

Additionally, the bill seeks to hold corporations accountable by requiring executive compliance certification annually. It also grants the HHS secretary the authority to provide advanced and accelerated Medicare payments during disruptions to the healthcare system, akin to the response following the Change Healthcare cyberattack.

The Act also proposes a substantial $800 million upfront investment for rural and urban safety-net hospitals, along with an added $500 million for all hospitals, to adopt these enhanced cybersecurity standards.

Senators Stress the Importance of Enhanced Healthcare Cybersecurity

Both Wyden and Warner have consistently emphasized the need for improved healthcare cybersecurity standards. Warner released a policy options paper in November 2022, addressing the cybersecurity threats facing the sector.

In the aftermath of the Change Healthcare cyberattack, Wyden urged the Federal Trade Commission and the Securities and Exchange Commission to investigate UnitedHealth Group to ascertain any potential breaches of federal laws.

\”Cyberattacks on our healthcare institutions threaten patients’ personal data and delay vital medical care, directly endangering lives and long-term health,\” Warner said. He stressed the need for healthcare providers and vendors to prioritize cybersecurity and patient safety.

The Health Infrastructure Security and Accountability Act, if passed, will enforce clearer cybersecurity standards in the healthcare sector, holding larger healthcare corporations accountable for security lapses.


Read More Health & Wellness News ; US News

You might also like More from author