On Wednesday, June 6, the House Energy & Commerce Committee held a hearing on “Examining the Reauthorization of the Pandemic and All-Hazards Preparedness Act (PAHPA)”.
Included in the bill were a number of cybersecurity provisions, most notably elevating the threat of cyber attacks by classifying it as a hazard, and moving the Healthcare Cybersecurity Communications and Integration Center (HCCIC) from the Office of the Chief Information Officer to the Assistant Secretary for Preparedness and Response (ASPR), which deals with public health emergencies. Finding ways to enhance our nation’s cyber readiness and help the healthcare sector better defend itself against increasingly sophisticated and growing cybersecurity threats has long been a priority for HIMSS. Witnesses and members of Congress expressed both concern and support for these components of the reauthorization of PAHPA.
Testifying at the hearing were federal representatives from the CDC, FDA, ASPR, and an industry panel. Health Subcommittee member, Representative Bob Latta (R-OH), brought up cybersecurity threat concerns and asked about the priority of cybersecurity within HHS, as well as the designation of who would lead the HHS cybersecurity program. Due to a recent worldwide cybersecurity threat to the healthcare sector, Dr. Robert Kadlec, Assistant Secretary for Preparedness and Response, emphasized the importance of recognizing the threat of cyberattacks on patient safety. He also stated to the record that the deputy secretary performed a vital role in ensuring the cybersecurity piece remains “on the forefront” and was a suitable lead for the cybersecurity program. Ranking Member Frank Pallone (D-NJ) expressed some concerns about the intent of the bill and giving ASPR additional responsibilities, as well as the release of the bill and the legislative process so far. The Full Committee will continue to examine this as part of the effort to reauthorize PAHPA before the end of 2018.