Senate Bill to Set Cybersecurity Standards for U.S. Health Care System Introduced

On September 26, Senate Finance Committee Chair Ron Wyden (D-OR) and Sen. Mark Warner (D-VA) announced legislation to improve cybersecurity in the U.S. health care system. The bill, the Health Infrastructure Security and Accountability Act, would require the Department of Health and Human Services (HHS) to develop and enforce minimum cybersecurity standards for health care providers, health plans, clearinghouses and business associates. The news announcement calls out "megacorporations like United Health" as failing to stem the tide of cyberattacks that are breaching individual privacy and causing major disruptions to care across the country, but the proposed requirements would affect the full range of HIPAA covered entities.

Among other elements, the bill would require HHS to adopt within two years minimum and enhanced mandatory security requirements to protect health information, protect patient safety, and ensure the availability and resiliency of health care information systems and health care transactions.

LeadingAge will provide a detailed analysis of the proposal in the coming days. A one-page summary of the bill can be found here, and a section-by-section summary can be found here.