The American Hospital Association says the newly released U.S. Department of Health and Human Services’ healthcare sector cybersecurity strategy paper, which outlines the agency’s “ongoing and planned steps to improve cyber resiliency and protect patient safety,” would have counterproductive consequences on hospitals after cyberattacks.
WHY IT MATTERS
In its strategy paper, HHS calls for new cybersecurity requirements for hospitals and outlines voluntary healthcare-specific cybersecurity performance goals.
HHS also said it would work with Congress to develop funding and incentives for domestic hospitals to improve cybersecurity through Medicare and Medicaid. It said CMS is working on and will propose new cybersecurity requirements for hospitals through Medicare and Medicaid and the Office for Civil Rights will begin adding new cybersecurity requirements to the Health Insurance Portability and Accountability Act Security Rule in the spring of 2024.
“Funding and voluntary goals alone will not drive the cyber-related behavioral change needed across the healthcare sector,” HHS said in the policy announcement released Wednesday.
By developing enforceable cybersecurity standards and strengthening its role, HHS said it will enforce new cybersecurity requirements “through the imposition of financial consequences for hospitals.”
“HHS will also continue to work with Congress to increase civil monetary penalties for HIPAA violations and increase resources for HHS to investigate potential HIPAA violations, conduct proactive audits and scale outreach and technical assistance for low-resourced organizations to improve HIPAA compliance,” the agency said.
As Rick Pollack, AHA’s president and CEO, told Healthcare IT News by email on Thursday: “No organization, including federal agencies, is or can be immune from cyberattacks.”
AHA’s response to HHS on its strategy to enhance healthcare cybersecurity was twofold.
The hospital organization welcomes both federal expertise and funding investments that help hospitals an ..
Support the originator by clicking the read the rest link below.
