The Cybersecurity Information Sharing Act (CISA) passed the Senate 74 to 21 on Tuesday; if the bill becomes law, it will have bearing on the healthcare industry's approach to security and privacy of patient data.
Section 405 of the Act, which was co-authored by Senate health committee Chairman Lamar Alexander (R-Tenn.), centers on the role of the U.S. Department of Health and Human Services in cybersecurity, as well as the role that providers play.
Some of the provisions in the section would require:
- HHS to choose an official to oversee the agency's cybersecurity efforts
- Creation of a task force of health leaders and cybersecurity experts to identify the biggest challenges in the industry
- The task force to create a central resource to distribute cyber-intelligence from the government to healthcare organizations "in near real time"
The College of Healthcare Information Management Executives praised the Senate passage of the act, with leaders saying in an announcement that "CISA will represent a significant advancement in cybersecurity and better enable the nation's chief information officers and chief information security officers to better protect patient health information."
The Health Information Trust Alliance (HITRUST) also emailed a statement about CISA to FierceHealthIT. The organization said the act "formalizes the process for information sharing, encouraging private entities to share amongst themselves and with the government." In addition, HITRUST said the legislation offers companies safe harbor against "frivolous lawsuits" when they share threat information and when implementing plans to mitigate attacks.
A recent report from peer360 found that CIOs see improving information security as their No. 1 priority. Large healthcare organizations, more likely to be hacker targets, also put a higher premium on improving security, FierceHealthIT reported.
However, there are still a few more barriers to CISA becoming law. The most recent version of CISA is similar to legislation that was passed in the House earlier this year. Lawmakers will need to resolve differences between both bills in order for the legislation to move forward, WIRED reports.