The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Health Information Security (AEHIS) today welcomed passage of the Cybersecurity Information Sharing Act of 2015 (CISA) by the Senate. Once enacted by the president, CISA will represent a significant advancement in cybersecurity and better enable the nation’s chief information officers (CIO) and chief Information security officers (CISO) to better protect patient health information.
CISA will allow CIOs and CISOs to share threats and vulnerabilities through a secure national information-sharing infrastructure with the necessary liability protections in place and will not risk patient trust. As an important piece of the nation’s critical infrastructure, it is vital that healthcare organizations have the tools and information they need to identify and more effectively defend against growing cyber threats.
CHIME and AEHIS are especially encouraged that the Senate-approved bill includes language that would establish a cybersecurity framework specifically focused on healthcare and instructs the Department of Health and Human Services to identify a specific leader on cyber preparedness. Earlier this month, CHIME held a briefing calling on the federal government to work with healthcare stakeholders to develop industry-specific standards for protecting health information from cyber criminals. In fact, CHIME and AEHIS have been leading advocates for much of the healthcare-specific language included in the Senate-passed CISA bill, including:
HHS should convene healthcare industry stakeholders to develop industry-specific standards for protecting health information from cyber criminals and other sources of threats.
HHS should promote better cybersecurity information sharing between the private sector and government, and enhance collaboration and information sharing amongst the private sector.
Congress should pursue legislative action to strengthen information-sharing networks across public and private stakeholders, with emphasis on healthcare.
“The nation’s CIOs and CISOs have been assigned the daunting task of securing patient information in a highly digital environment. Threats are evolving and there’s no respite on the horizon. We’ve seen bad actors target large insures, academic medical centers and community hospitals alike. We need to ensure our CIOs and CIOs have the resources they need, including the ability to share cyber threat information, to protect patient data,” says Russell Branzell, FCHIME, CHCIO, President and CEO, CHIME.
Healthcare providers and vendors are working to create an infrastructure that supports a more connected delivery system, where patient medical records can be accessed by clinicians when and where they are needed. CHIME applauds lawmakers for recognizing the unique nature of healthcare and laying the foundation needed to combat cybercrime and maintain patient trust.
“Federal leadership is critical for ensuring the nation’s hospitals and health systems, big and small, urban and rural, are better equipped with the resources they need to secure patient information. The healthcare sector has become a prime target for bad actors and it’s important that the federal government works in conjunction with the industry to ensure provider organizations understand best practices to protecting patient data,” says Charles E. Christian, FCHIME, LCHIME, CHCIO, Chair, CHIME board of trustees.