HIMSS News

The Cybersecurity State of Play: Legislative Update

As a result of numerous high profile public and private sector data breaches, cybersecurity has become a hot topic of discussion on Capitol Hill.  Recently the House passed two cybersecurity information sharing bills - H.R. 1560, the Protecting Cyber Networks Act (PCNA), and H.R. 1731, the National Cybersecurity Protection Advancement Act (NCPAA) of 2015 that were products of the House Permanent Subcommittee (HPSCI) on Intelligence and Homeland Security committees respectively.  Both measures cleared committee and passed on the House floor with large bipartisan support.  Sharing cybersecurity threats with appropriate government agencies is voluntary, not required, for organizations in both bills.

The future success of cybersecurity legislation now rests in the hands of the Senate.  As previously reported, the Cybersecurity Information Sharing Act (CISA) of 2015 was approved by the Senate Select Committee on Intelligence (SSCI) in March of this year.  Despite strong bipartisan and bicameral support, Senate leaders have not yet indicated when the full Senate may consider the CISA bill.  Assuming the Senate is ultimately able to vote on and pass the CISA bill before the end of the year, the Senate and House would then need to reconcile the differences between their versions in a conference committee comprised of representatives from both legislative bodies.  That compromise version would then need to be voted on again and pass both the House and Senate before being sent to President Obama to sign into law.

The HIMSS Congressional Affairs team has been working to educate Congressional offices on the impacts that cybersecurity threats pose to the healthcare information technology community.  As a member of the Protecting America’s Cyber Networks Coalition, HIMSS works closely with the U.S. Chamber of Commerce and other leading businesses and associations, representing nearly every sector of the U.S. economy, committed to helping protect America’s businesses and critical infrastructure from cyber threats.