A new bill looks to elevate cybersecurity leadership at HHS

Under a new bill, an HHS cybersecurity officer would report directly to the secretary.

A bipartisan bill introduced in the House would reorganize cybersecurity leadership at the Department of Health and Human Services.

The HHS Cybersecurity Modernization Act (PDF), introduced to the House Committee on Energy and Commerce by Rep. Billy Long, R-Mo., and Rep. Doris Matsui, D-Calif., would give the HHS secretary the authority to designate a person primarily responsible for information security. That person would report directly to the secretary.

Under the current HHS leadership structure, the chief information security officer reports to the chief information officer. Earlier this year, the HHS Cybersecurity Task Force recommended creating a cybersecurity leadership role in the agency to oversee industry efforts.

If passed the bill would encourage HHS “to implement the appropriate internal infrastructure that will ensure the agency is prepared to lead the healthcare industry in cybersecurity,” Matsui said in a statement.

RELATED: HIMSS officials hopeful their 3 congressional 'asks' will progress in the coming months

That type of restructuring aligns with one of HIMSS' three congressional priorities. Tom Leary, vice president for government relations for HIMSS North America, recently told FierceHealthcare that boosting the CISO position would give the agency a point person—both externally and internally—to address industry threats and coordinate prevention efforts.

Leslie Krigstein, the vice president of congressional affairs for the College of Healthcare Information Management Executives (CHIME), also expressed her support for the bill.

In addition to restructuring HHS leadership, the bill would require the agency to submit a report detailing its internal response to cybersecurity threats, as well as its ability to provide guidance, information, and training to the healthcare industry. The report would also address any conflicts that might arise as a result of the agency's dual role as a regulator and an industry coordinator.