House Introduces HHS Data Protection Act of 2016

April 27, 2016
Two House Energy and Commerce Committee members have introduced a bill that would reform the Department of Health and Human Services (HHS) to designate the HHS Chief Information Security Officer (CISO) as the primary authority on all matters of information security at the agency.

Two House Energy and Commerce Committee members have introduced a bill that would reform the Department of Health and Human Services (HHS) to designate the HHS Chief Information Security Officer (CISO) as the primary authority on all matters of information security at the agency.

The bill, the “HHS Data Protection Act of 2016,” is from representatives Billy Long (R-MO) and Doris Matsui (D-CA).  Following their investigation into the vulnerability of federal agency networks, The House Energy & Commerce Committee released their “Information Security at the Department of Health and Human Services” study last August. Among the results was proof that five HHS operating divisions had been breached using unsophisticated means, and further non-public HHS Office of Inspector General (OIG) reports detailing seven years of deficiencies across HHS’s information security programs, according to statement from the office of Congressman Long.

The bill calls for the position of HHS CISO, to be appointed by the president, to begin on Oct. 1, 2016. “The Secretary shall transfer the functions, personnel, assets, and liabilities of the Chief Information Security Officer in the Office of the Chief Information Officer of the Department of Health and Human Services as such position on September 30, 2016 to the Chief Information Security Officer,” the bill states.

What’s more, Long said the study also demonstrates that throughout HHS and its operating divisions, when information security is put under the purview of the chief information officer, operations become the priority concern while security becomes a secondary interest. Included in the report are a number of recommendations to improve information security at HHS and its operating divisions.

“It is impossible to completely eradicate the threat of cyber attacks, but the American people deserve to know that their sensitive information is being safeguarded with the utmost security,” Long said in a statement. “In light of recent data breaches across America’s federal agencies, we have the responsibility to root out vulnerabilities and maximize data protection to give them that peace of mind.”

Congresswoman Matsui added, “The integration of information technology into nearly every aspect of our daily lives means our security landscape has changed dramatically. As the network of cyber criminals becomes increasingly sophisticated, our operational structures and strategies must evolve accordingly. This common sense legislation incentivizes best security practices and encourages organizational efficiencies as our federal agencies continue to confront the modern threat environment.”

The HHS Data Protection Act follows the report’s recommendation to make the Chief Information Security Officer the “primary authority for information security” and moving all information security functions to the general or chief counsel’s office, where reducing and mitigating risk is the primary function.

Sponsored Recommendations

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow

Addressing Revenue Leakage in Hospitals

Learn how ReadySet Surgical helps hospitals stop the loss of earned money because of billing inefficiencies, processing and coding of surgical instruments. And helps reduce surgical...

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...