David Harlow: CISA provides few privacy, security benefits

The multi-agency task force required by the Cybersecurity Information Sharing Act (CISA) merely would require the Department of Health and Human Services to do what it's already doing or at least should be doing, David Harlow, a Boston-based health attorney and FierceHealthIT Editorial Advisory Board member, writes in a recent post to his HealthBlawg.

HHS, together with the director of the National Institute of Standards and Technology and the Secretary of Homeland Security, would be required to form the task force to examine how industries other than healthcare deal with cybersecurity threats. It would be required to submit a report to Congress annually on the ability of the agency and the healthcare industry at large to respond to cybersecurity threats.

"CISA appears to be more of a victory by fearmongers than anything else," Harlow writes. "It creates a framework that provides few, if any, privacy and security benefits to the general public, and instead creates a framework for interagency sharing of information that makes it more likely, rather than less likely, for private information to be inappropriately accessed."

He calls the legislation "too little, too late," and says that while there is room for improvement, savvy organizations already are doing good work in this area. Harlow adds that he sees little improvement coming from this task force.

The College of Healthcare Information Management Executives (CHIME) and the Healthcare Information and Management Systems Society (HIMSS) both have lauded CISA.

Samantha Burch, senior director of congressional affairs for HIMSS, said in a recent interview that the legislation addresses the need to define HHS's role in cybersecurity, the unique needs of healthcare and the need to define minimum standards and best practices to move to the next level.

To learn more:
- read the blog post