HIMSS has responded to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency’s (CISA) request for information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
HIMSS noted that it is especially important for CISA to consider the follow areas when creating policies related to cybersecurity information sharing as mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
The detailed data reported must be balanced against what is already mandated under existing laws, such as the Health Insurance Portability and Accountability Act (HIPAA), and any future federal reporting requirements.
Data reporting requirements should be balanced and factor several considerations.
Various healthcare organizations, including but not limited to small and medium healthcare stakeholders, may not have the resources to report granular data or to meet the relatively short timeframes required by CISA.
It is vital to require confidential handling of the reported information as it relates to national security concerns of protecting critical infrastructure and constituent entities.
HIMSS appreciated the opportunity to comment on the request for information as CISA collects input from the public, in part, to develop regulations required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
HIMSS looks forward to continuing to be a trusted stakeholder and resource and welcomes the opportunity to discuss healthcare cybersecurity with the Department of Homeland Security Cybersecurity.
Read HIMSS’s full comment letter on the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
At HIMSS, our vision is to realize the full health potential of every human, everywhere. Be part of the community that’s transforming the global health ecosystem with courage, curiosity and determination.