The U.S. Department of Health and Human Services would be on the hook for convening a cybersecurity task force and submitting a report to Congress next year on the ability of the agency, and the healthcare industry at large, to respond to cybersecurity threats, under an omnibus funding bill unveiled Wednesday morning.
That language is part of a larger cybersecurity bill included in the omnibus bill, which encourages businesses to share information on hackers with the government, according to a report from The Hill. The omnibus bill did not include any alterations to the Meaningful Use program, according to Politico, and kept funding for the Office of the National Coordinator for Health IT relatively flat.
In consultation with the director of the National Institute of Standards and Technology and the Secretary of Homeland Security, HHS would be required to form the taskforce within 90 days of enactment of the bill. That taskforce would examine how industries other than healthcare deal with cybersecurity threats.
The task force would also be in charge of:
- Analyzing challenges for private healthcare entities to securing themselves against cybersecurity attacks
- Reviewing hurdles for covered entities and business associates for securing networked medical devices and software that connects to electronic health record systems
- Providing the HHS secretary with information to disseminate to industry stakeholders on preparing for and dealing with digital threats
The taskforce would be responsible for implementation of the aforementioned report, which HHS would need to deliver to the Senate's Committee on Health, Education, Labor and Pensions, as well as the House Committee on Energy and Commerce, within one year of the bill's enactment.
The report must include:
- Acknowledgement of the individual charged with leading efforts against cybersecurity threats in the healthcare industry
- Plans from each relevant operating division or subdivision within HHS on how they intend to combat cybersecurity threats