Analyzing CISA's Healthcare Sector ProvisionsLegislative Expert at HIMSS Discusses Cybersecurity Information Sharing Bill
The Cybersecurity Information Sharing Act of 2015, which the Senate recently passed, contains provisions designed to help the healthcare sector fight cyberattacks, explains Samantha Burch of the Healthcare Information and Management Systems Society, which supports the bill.
For example, the bill calls for the Department of Health and Human Services to create a task force to investigate ways to ensure cyber threat information moves efficiently from the government to healthcare organizations of all sizes. It also calls for HHS to identify standards and best practices for information sharing.
"HIMSS has been very supportive of the need to get some infrastructure in place to get cyber threat information from the government to healthcare organizations," says Burch, senior director of Congressional affairs as HIMSS, a global not-for-profit organization for those involved in healthcare IT. "At a high level, this bill begins to set up that infrastructure for all of the private sector."
Healthcare Sector Challenges
The healthcare sector has some distinct challenges that provisions of CISA can help address, Burch says in an interview with Information Security Media Group. "Healthcare is newly digitized, so it's coming to the table a little bit later in terms of setting up infrastructure" to share cyber threat information, she says.
"What we think is very important, in terms of what CISA provisions do for healthcare, is that it sets up a task force that looks at challenges and barriers in the sector and lessons learned in other sectors," she notes. In addition, the industry task force would examine "how we ensure that cyber threat information is getting from the government to healthcare organizations in real or near real time - information that's actionable and can be accessed at no cost," she says. "You have small and medium-sized providers in the healthcare industry who simply cannot afford to be members of the pay-to-play information sharing groups."
The CISA bill must be reconciled with two similar cybersecurity bills passed in April by the House of Representatives before a final vote in Congress on a consolidated measure that can be sent to the president for approval. While the Senate and House bills are similar, HIMSS supports the Senate bill as the basis for final legislation, Burch says.
In the interview (see link to audio below photo), Burch also discusses:
- The kind of cyber threat information sharing between the healthcare sector and government that CISA could potentially help facilitate;
- The potential impact of CISA on existing cyber threat information sharing organizations in the healthcare sector;
- The opposition CISA faced from some privacy advocates and segments of the technology industry, who characterized the legislation as a surveillance bill.
As senior director of Congressional affairs at HIMSS, Burch leads efforts to identify, establish and strengthen partnerships with key Congressional offices and committees to advance health IT policy. Before joining HIMSS, Burch served as vice president of legislation and health IT at the Federation of American Hospitals and as a healthcare aide and press secretary for Rep. Al Green, D-Texas. She also worked with the American Cancer Society, AcademyHealth and as a policy fellow with the Ohio Department of Health.