Expressing concern on the surge in cyber threats in the country, the College of Healthcare Information Management Executives (CHIME) Board Chair, Marc Probst said in a recent interview that the focus of Federal efforts and HHS should be coordination and not organizational reporting designs.
Probst, who is also the Vice President and Chief Information Officer at Intermountain Healthcare, Salt Lake City, said, “Just as healthcare institutions must coordinate efforts to thwart cyber threats, it is vital that the Department of Health and Humans Services have a coordinated plan to address threats to the data and systems used and housed by the department.”
At present, the House Energy and Commerce Subcommittee on Health is evaluating how the Department of Health and Humans Services (HHS) streamlines its cybersecurity measures and is inviting comments on the HHS Data Protection Act (H.R. 5068). Probst was a member of the panel testifying in the House.
The legislation also aims to change the current reporting system at HHS, and make the HHS Chief Information Security Officer (CISO) a presidential appointment. This would remove all the security responsibilities from the HHS CIO. Probst warned the subcommittee members against the same, and has asked them to carefully evaluate all the potential negative consequences of making CISO a presidential appointee.
He highlighted that the CISO reporting structures differ vastly across the healthcare arena. According to him, coordination across the industry is more important, and he asked subcommittee members to view the same with due concern. Around 81 percent of healthcare units and insurance companies had encountered data security issues in the past couple of years, and the HHS Data Protection Act should be able to deal with that in an efficient manner.
Probst also underlined that the 2015 Cybersecurity Act requires HHS to appoint a person to coordinate and take required measures to fight data security threats by the end of 2016. HHS also needs to present a report to Congress detailing the same, along with a counteract plan from each relevant department explaining what should be done to prevent cybersecurity attacks in the healthcare sector.