The Department of Health and Human Services has started compiling principles and best practices for cybersecurity in health care.
“We had an information day … and we are kicking off next week,” said Julie Anne Chua, from the office of the department’s chief information officer. She spoke at a cybersecurity workshop at the National Institute of Standards and Technology.
HHS took the initiative after urging from Congress in recent cyber legislation.
Section 405d of the 2015 Cybersecurity Act — passed as part of the massive omnibus appropriations nearly 18 months ago — is titled “Aligning health care industry security approaches.” It mandates the HHS secretary “to lead a task group to put together a set of voluntary, consensus-based principles and best practices for cybersecurity in the health sector,” explained Chua.
As the law requires, it will be consistent with the NIST Cybersecurity Framework and the privacy and security provisions of the Health Insurance Portability and Accountability Act, known as HIPAA.
Read more about the new guidelines in Shaun Waterman’s coverage on CyberScoop.