Cybersecurity Is Patient Safety, Says US Senator –

Healthcare , Industry Specific , Legislation & Litigation
Decrying cybersecurity’s status in healthcare as a second tier issue, a U.S. senator is suggesting that medical practices participating in Medicare come under a mandate to apply minimum security practices as standard operating procedure.
See Also: OnDemand | API Protection – The Strategy of Protecting Your APIs
Such a mandate would have a far-reaching effect on the medical industry given Medicare’s sizable share of healthcare spending in the United States – about 20 percent, according to government estimates.
The suggestion – it stops short of a fully endorsed proposal – comes in a report issued by Sen. Mark Warner, a Virginia Democrat active in tech policy. “The transition to better cybersecurity has been painfully slow and inadequate,” he said in a statement.
Medicare already imposes standards onto participating practices such as measure to prevent the spread of hospital-acquired infections or have emergency power sources.
“Many stakeholders believe cybersecurity is as important as those two examples, and that some minimum level of cybersecurity hygiene practices should be included in these regulations,” the report says.
Medicare, in turn, likely ought to determine how to incorporate cybersecurity costs into payment formulas, the report adds.
Warner’s office is seeking comment by Dec. 1 on the report’s proposed policy options with the goal of introducing legislation in the next two years.

Additional Policy Proposals

Modifying Medicare’s conditions of participation and payment formula are only two of dozens of proposals contained in the report. They include:
Greg Garcia, executive director of the Healthcare and Public Health Sector Coordinating Council, a public-private group that advises HHS on cybersecurity issues, says Warner’s staff briefed council members of the proposals.
Warner “is right that cybersecurity is patient safety,” Garcia says.
Denise Anderson, president and CEO of the Health-Information Sharing and Analysis Center, says new healthcare cybersecurity policy should take into account small- and medium-sized businesses.*
“Financial incentives, training and favorable regulatory relief to share threats, vulnerabilities and incidents – especially in automated ways – will go a long way to help protect all organizations,” she says.
“The most effective new laws and regulations will be those that promote cooperation and disclosure, rather than imposing penalties,” says regulatory attorney Erik Weinick of law firm Otterbourg P.C.*
*Update Nov. 3, 2022 19:39 UTC: Adds comments from Denise Anderson and Erik Weinick.
Executive Editor, HealthcareInfoSecurity, ISMG
McGee is executive editor of Information Security Media Group’s media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek’s healthcare IT media site.

Covering topics in risk management, compliance, fraud, and information security.
By submitting this form you agree to our Privacy & GDPR Statement

Anti-Phishing, DMARC
Fraud Management & Cybercrime
Fraud Management & Cybercrime
Vendor Risk Management
Fraud Management & Cybercrime
Pfizer – Tampa, FL
KPMG – Montvale, NJ
DraftKings – Ontario, CA
Continue »
90 minutes · Premium OnDemand 
From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 – the bible of risk assessment and management – will share his unique insights on how to:
Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)
Was added to your briefcase
Cybersecurity Is Patient Safety, Says US Senator
Cybersecurity Is Patient Safety, Says US Senator
Sign in now
Need help registering?
Contact support
Complete your profile and stay up to date
Contact Support
Create an ISMG account now
Create an ISMG account now
Need help registering?
Contact support
Sign in now
Need help registering?
Contact support
Sign in now
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page