Analysis: Cybersecurity Law's Impact on Healthcare HIMSS Legislative Expert Outlines Key Provisions and Their Implications
Analysis: Cybersecurity Law's Impact on Healthcare
Samantha Burch of HIMSS

The Cybersecurity Act of 2015 that President Obama signed into law last week is a critical first step toward helping the healthcare sector defend against breaches - and it will prove especially helpful to smaller organizations, says legislative expert Samantha Burch. She's senior director of Congressional affairs at the Healthcare Information and Management Systems Society.

"It really sets up rules of the road in terms of how [cyberthreat] information should be shared," she says. "It sets up for the first time what the underlying infrastructure would look like for the sharing of cyberthreat information, which HIMSS thinks is really an important first step ... to get better cyber information to the private sector, including healthcare organizations."

The new law, previously known as the Cybersecurity Information Sharing Act, contains three main provisions related to the healthcare sector, Burch says in an interview with Information Security Media Group. Those provisions include the development of:

  • A plan within each division of the Department of Health and Human Services spelling out responsibilities for addressing cyberthreats in the healthcare sector;
  • An HHS industry task force to examine, among other things, the cyber challenges facing the healthcare sector, as well as lessons the sector can learn from other industries;
  • A common set of voluntary consensus-based guidelines, best practices and methodologies to help healthcare organizations better address cyberthreats.

"The goal...is really to ensure that the tools and resources get to healthcare organizations to help them improve their cybersecurity," she says.

New Resources

A pipeline for making cyberthreat information readily available to the healthcare sector will be particularly beneficial to smaller healthcare entities, she says, because many cannot afford to pay the fees to join private cyber information sharing and analysis organizations.

"There's a really big need, especially in smaller and medium-sized provider organizations that may not be as resourced as the larger health systems [and that] may not have the sophistication and staff resources internally; we believe [they] can really benefit from having the tools and resources available to them."

In the interview, Burch also discusses:

  • Why the healthcare sector needs the government to develop a better way to provide timely alerts on emerging cyberthreats;
  • Ways the new law could potentially impact the healthcare sector in the longer term;
  • What action healthcare organizations should take in light of the new legislation.

As senior director of Congressional affairs, Burch leads HIMSS' efforts to identify, establish and strengthen partnerships with key Congressional offices and committees to advance health IT policy. Before joining HIMSS, Burch served as vice president of legislation and health IT at the Federation of American Hospitals and as a healthcare aide and press secretary for Rep. Al Green, D-Texas. She also worked with the American Cancer Society, AcademyHealth and as a policy fellow with the Ohio Department of Health.

Around the Network