Healthcare News & Insights

What the feds are planning next for cybersecurity

It should come as no surprise that the feds are worried about cybersecurity. But what can providers expect this year from the government to put the brakes on this growing issue? 

178390103For one, hospital leaders will likely see more legislation on the subject.

President Obama has already announced a proposal meant to increase cybersecurity legislation, reports iHealthBeat.

Transparency proposal

The proposal follows the cyberattack on Sony Pictures, which, among other things, exposed employees information, such as their date of birth, health conditions and health costs.

The plan would let the government give liability protections to organizations that share cyberthreat information with the feds in a timely manner. To qualify though, facilities and companies would have to remove any personal data that could be used to identify individuals from the information.

Additionally, the proposal gives the Department of Homeland Security (DHS) expanded power to reach out to organizations and share cyberthreat information with other federal agencies. It also expands the Federal Trade Commission (FTC) authority to levy penalties against organizations that it deems aren’t doing enough to protect personal data and protected health information (PHI).

Another section of the plan requires the DHS and Department of Justice to develop cybersecurity guidelines, particularly on how facilities should use, store and destroy data.

President Obama’s proposal sends a message to providers that transparency about threats and cybersecurity practices is crucial for reducing breach risks. Hospital leaders should follow suit and reach out to their healthcare partners to establish procedures for sharing information and best practices.

Commitment to compliance

The president’s plan is in line with several other agencies’ plans, but makes cybersecurity a major priority in 2015.

The Department for Health & Human Services (HHS) and the Security and Exchange Commission (SEC) both made announcements recently about their plans to increase scrutiny of hospitals’ PHI security.

The SEC is planning on examining organizations cybersecurity controls and preparedness across various industries. Furthermore, the SEC expects organizations’ board members and higher-ups to be involved with cybersecurity efforts.

HHS warned it also plans to increase HIPAA enforcement and scrutiny.

Last year saw a big uptick in the amount of breaches facilities experienced and the number of patients affected.  As a result, HHS and its Office for Civil Rights (OCR) are renewing their commitment to look for unpatched vulnerabilities and unprotected software, which could be compromised by malware and other viruses.

The OCR still hasn’t set a definitive date for when HIPAA audits will resume, but has warned providers to watch its website in the coming weeks for more information.

With so many eyes watching what steps your facility takes to guard PHI, it’s crucial that hospital leaders also make cybersecurity a priority this year. It’s important that any security efforts have backing from the C-suite.

Consider creating a cybersecurity tasks force for your facility to manage tasks like regular risk-assessments, investigating threats, and gathering and sharing best security practices.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.