HITRUST states support for threat information sharing legislation

Since 2007, HITRUST has endeavored to elevate the level of information protection by ensuring greater collaboration between the healthcare industry and government. We have tremendous experience as a federally recognized Information Sharing and Analysis Organization (ISAO) and have many valuable lessons to share. This week the House of Representatives is considering two very important measures.  These bills effectively do two things.  First, they formalize the process for information sharing and encourage private entities to share amongst themselves and with the government.  And second, they provide legal certainty that companies sharing that information have safe harbor against frivolous lawsuits when voluntarily sharing and receiving threat indicators and defensive measures in real time and taking actions to mitigate cyberattacks.

In the last two months, over 500 new healthcare organizations have joined HITRUST CTX, the healthcare sector's most active cyber threat exchange.  These measures enable us to do more to elevate the cyber posture for the healthcare industry which is something we fully support.

Both measures go far in addressing information sharing priorities and provide clarity for healthcare companies.  HITRUST opposes any amendments that would weaken significant provisions in either bill including the need to safeguard privacy and civil liberties, weaken liability protection for information sharing and establish appropriate roles for government agencies and departments.