Bipartisan House bill would designate cybersecurity chief for HHS

The legislation would adjust the structure of HHS’ cybersecurity personnel and assign a single officer to cybersecurity who would report to the secretary.
Privacy & Security
Global
Government & Policy
By Jessica Davis , Senior Editor | November 1, 2017 | 4:54 PM

Reps. Billy Long, R-Missouri, and Doris Matsui, D-California, introduced a bill Wednesday that would allow the Department of Health and Human Services to restructure its cybersecurity personnel and allow the secretary to assign a single officer focused on cybersecurity.

Currently, HHS’ chief of security reports to its chief information officer. The CIO reports to the assistant secretary for administration.

In 2015, the U.S. House Committee on Energy and Commerce sought to change that structure, by placing the CISO and CIO on equal ground.

[Also: State, local health agencies moving faster towards cloud, mobile, cybersecurity]

It recommended HHS reorganize its structure to move the CISO under General Counsel -- and the same level as the CIO, citing “systemic weaknesses in the traditional CIO-CISO organizational structure.”

Such a move would address issues with the current structure that keep the CISO from equal footing with the CIO.

The proposed bill would also require HHS to develop and submit a cybersecurity plan that describes how the agency intends to protect internal data and software from compromise and how it will assist other organizations within the healthcare system.

[Also: OCR privacy chief steps down to work on Silicon Valley startup]

Further, HHS would have to show how it plans to differentiate those two roles.

“Patients deserve to know that their medical information is safe, and hospitals, manufacturers and insurance companies that handle patient data need guidance to ensure they are following best practices,” said Matsui.

“This bill builds on the legislation Congressman Long and I introduced last Congress, further encouraging HHS to implement the appropriate internal infrastructure that will ensure the agency is prepared to lead the healthcare industry in cybersecurity,” she added

This is not the first congressional bill to zero-in on HHS’ infrastructure.

After the WannaCry attacks, a House Science subcommittee expressed concern that the agency’s plan to form a Health Cybersecurity and Communications Integration Center would be redundant, as the Department of Homeland Security already has a similar hub in place.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topic:
Government & Policy,
Privacy & Security

More Regional News

surgeons operating on a patient
Mayo Clinic develops postoperative AI tool to enhance SSI identification
By Andrea Fox |
Dr. Matt Crowson of Wolters Kluwer Health on genai
'Enter generative AI not as a moonshot but as digital duct tape'
By Bill Siwicki |
woman receives a shot from a male clinician
Most hospitals still deal with public health reporting challenges, even with automation
By Andrea Fox |