Senate Scores with CISA
By Tamer Abouras
If you happen to be on the cybersecurity beat — health information or otherwise — you know that there’s been no shortage of timely news, almost daily, about hacking and data vulnerabilities for some time now.
The numbers being what they are, with a staggering 90% of healthcare organizations having endured some kind of data breach, there is constant discussion about what can be done to tighten up security and ensure that users’ private information — valued at as much as ten times that of stolen credit card information — is as safe as it possibly can be.
There’s no doubt that the United States Congress has heard the constant humdrum of complaints and concerns, as beleaguered health information organizations and healthcare providers nervously try to work under the constant specter of unseen attackers. And this week, the Senate took a large step towards potentially mitigating these issues.
According to HealthITSecurity.com, the Senate passed on Tuesday, October 27 the Cybersecurity Information Sharing Act 2015 (CISA). With its passage the Act, which was written by Health, Education, Labor and Pensions (HELP) committee Chairman Lamar Alexander (R-TN) and Ranking Member Patty Murray (D-WA), will create a free-flowing exchange of information pertaining to cybersecurity threats within the healthcare industry.
SEE ALSO: Cyber Security in Healthcare
According to a CHIME press release, the bill needs only the signature of President Obama to become law and subsequently be implemented.
In a nutshell, the system created as a result of this bill’s passage forms a network where cybersecurity and health information professionals will be able to connect with each other and exchange information about threats, increasing the likelihood of the industry as a whole being more sufficiently prepared for future attacks.
As you might expect, both CHIME and the Association for Executives in Health Information Security (AEHIS) were both very supportive of the bill and were especially happy to see several of their own contributions to it in the language of the finalized version.
“CHIME and AEHIS are especially encouraged that the Senate-approved bill includes language that would establish a cybersecurity framework specifically focused on healthcare and instructs the Department of Health and Human Services to identify a specific leader on cyber preparedness,” CHIME stated in its aforementioned press release. “In fact, CHIME and AEHIS have been leading advocates for much of the healthcare-specific language included in the Senate-passed CISA bill.”
The Healthcare Information and Management Systems Society (HIMSS) and The Health Information Trust Alliance (HITRUST) also voiced their support for CISA.
So, after several weeks of dour and dreary news on the health information security front, this represents a small bright spot. Keeping health data completely safe might be something of a white whale, but that doesn’t mean the pursuit isn’t worthwhile.
When it comes to cybersecurity, no news probably would be good news.