These proposals will not only help improve the cybersecurity of federal agencies, but will also trickle down to other sectors including the healthcare industry. Ultimately, what will have the biggest impact on healthcare cybersecurity is the passing of the new HIPAA Safe Harbor, HR 7898.
“This legislation is helpful in that it encourages, but does not mandate, covered entities and business associates to adopt more comprehensive frameworks. HHS’ Office for Civil Rights would then take this into account as a show of information security good faith,” stated privacy attorney Adam Greene of the law firm Davis Wright Tremaine
“The bill seems likely to encourage CEs or BAs to adopt more robust information management programs. A covered entity or business associate that chose to implement the NIST or other cybersecurity framework would likely be looking at additional and more enhanced processes and security measures to align its practices with these recognized practices, above and beyond what HIPAA requires, and provide an additional defense in the event of a security incident or breach,” stated Regulatory attorney Krystyna Monticello of the law firm Attorneys at Oscislawski.