HHS Continues its work on Cybersecurity Guidance

HIMSS led in the advocacy effort to Congress around the health care section of the Cybersecurity Act of 2015 which was signed into law by President Obama in December of 2015 and included Section 405 which was titled, “Improving Cybersecurity in the Healthcare Industry.”  One of first actions taken by under this new law was the formation of the Health Care Industry Cybersecurity Taskforce (HCIC) and their resulting recommendation that came out earlier this year.

While the HCIC was winding down their work on its report earlier this summer, the Department of Health and Human Services (HHS) was standing up another task group to work on Part D of Section 405 that focuses on “Aligning Health Care Industry Security Approaches.”  This Section 405d Task Group has been tasked with determining “appropriate, common set of voluntary, consensus-based, and industry-led guidelines, best practices, methodologies, procedures, and processes.”  Over the course of the summer, the Task Group has meet a number of times face to face, such as this week, as well as virtually in order to put together an initial guidance document in hopes of releasing it later this fall.

This initial guidance document is just the beginning of the process by which HHS is hoping to fulfill its mandate from the Cybersecurity Act of 2015.  Once they document is released HHS will be looking to get “pre-testing” and feedback with target audiences it they find the guidance document helpful and useful.  HIMSS will continue to be an industry leader and will be looking to our members to help “test” the document such that we can provide the best feedback to HHS.  As this work continues to proceed, the HIMSS Government Relations team will help keep our members informed.