How CISA will help the healthcare industry

The Cybersecurity Information Sharing Act (CISA), passed by the Senate last month, contains provisions especially important to the healthcare industry, Samantha Burch, senior director of congressional affairs for the Healthcare Information and Management Systems Society (HIMSS), says in an interview.

The legislation is similar to two bills passed in the House previously, but HIMSS would like the Senate version to be the foundation for the final version sent to President Obama, she tells HealthcareInfoSecurity.com.

She says the bill addresses:

  • The need to define the role of the Department of Health and Human Services in cybersecurity
  • The unique needs of healthcare
  • What the sector needs in terms of minimum standards and best practices to move to the next level of cybersecurity

It sets up a task force that looks at challenges and barriers in the sector and lessons learned in other sectors, and also will examine "how we ensure that cyberthreat information is getting from the government to healthcare organizations in real or near real time--information that's actionable and can be accessed at no cost," she says, pointing out that small and medium-sized providers in the healthcare industry can't afford to be members of the pay-to-play information sharing groups.

The College of Healthcare Information Management Executives and the Health Information Trust Alliance praised the Senate bill, though it has come under criticism from privacy advocates and some tech companies.

In addition to providing for increased data-sharing among healthcare organization, the bill provides "safe harbor" from litigation when sharing threat information and when implementing plans to mitigate attacks.

Sen. Charles Schumer (D-N.Y.) called the hack of Excellus BlueCross BlueShield the latest example of why Congress needs to act on cybersecurity. Fellow insurers Anthem, Premera Blue Cross and CareFirst all have experienced cyberattacks this year.

To learn more:
- listen to the interview