Submit the keyword or topic you are searching for

  1. Home
  2. Health
  3. HIPAA Gets a Potential Counterpart in HISAA
Health

HIPAA Gets a Potential Counterpart in HISAA

Americans hear about cybersecurity incidents on a frequent basis. As the adage goes, it is not a matter of “if” a breach or security hack occurs; it is a matter of “when.” At no time was that more evident earlier this year when the healthcare industry was hit with the widespread ransomware attack on Change Healthcare, a subsidiary of the United Health Group. Because of the nature of the Change Healthcare shutdown and its impact across the industry, the U.S. Department of Health & Human Services (HHS) and its HIPAA enforcement arm, the Office for Civil Rights (OCR), conducted investigations and issued FAQ responses for those impacted by the cybersecurity event.In further response, Senators Ron Wyden (D-OR) and Mark Warner (R-VA) introduced the Health Infrastructure Security and Accountability Act (HISAA) on September 26, 2024. Like HIPAA and HITECH before it, which established minimum levels of protection for healthcare information, HISAA looks to reshape how healthcare... Read the complete article here...© 2024 Winstead PC.

featured-image

Americans hear about cybersecurity incidents on a frequent basis. As the adage goes, it is not a matter of “if” a breach or security hack occurs; it is a matter of “when.” At no time was that more evident earlier this year when the healthcare industry was hit with the widespread ransomware attack on Change Healthcare, a subsidiary of the United Health Group.

Because of the nature of the Change Healthcare shutdown and its impact across the industry, the U.S. Department of Health & Human Services (HHS) and its HIPAA enforcement arm, the Office for Civil Rights (OCR), conducted investigations and issued FAQ responses for those impacted by the cybersecurity event.



In further response, Senators Ron Wyden (D-OR) and Mark Warner (R-VA) introduced the Health Infrastructure Security and Accountability Act (HISAA) on September 26, 2024. Like HIPAA and HITECH before it, which established minimum levels of protection for healthcare information, HISAA looks to reshape how healthcare organizations address cybersecurity by enacting mandatory minimum security standards to protect healthcare information and by providing initial financial support to facilitate compliance. A copy of the legislative text can be found here , and a one-page summary of the bill can be found here .

To date, HIPAA and HITECH require covered entities and business associates to develop, implement, and maintain reasonable and appropriate “administrative, technical, physical” safeguards to protect electronic Protected Health Information or e-PHI. However, the safeguards do not specify minimum requirements; instead, they prescribe standards intended to be scalable, depending on the specific needs, resources, and capabilities of the respective organization. What this means is that e-PHI stored or exchanged among interconnected networks are subject to systems with often different levels of sophistication or protection.

Given the considerable time, effort, and resources dedicated to HIPAA/HITECH compliance, many consider the current state of voluntary safeguards as inadequate. This is especially the case since regulations under the HIPAA Security Rule have not been updated since 2013. As a result, Senators Wyden and Warner introduced HISAA in an effort to bring the patchwork of healthcare data security standards under one minimum umbrella and to require healthcare organizations to remain on top of software systems and cybersecurity standards.

Key pieces of HISAA, as proposed, include: While HISAA will establish a baseline of cybersecurity requirements, compliance with those requirements will require a significant investment of time and resources in devices and operating systems/software, training, and personnel. Even with the proposed funding, this could result in substantial challenges for smaller and rural facilities to comply. Moreover, healthcare providers will need to prioritize items such as encryption, multi-factor authentication, real-time monitoring, comprehensive response and remediation plans, and robust training and exercises to support compliance efforts.

Finally, at this juncture, the more important issue is for healthcare organizations to recognize their responsibilities in maintaining effective cybersecurity practices and to stay updated on any potential changes to these requirements. Since HISAA was introduced in the latter days of a hectic (and historic) election season, we will monitor its progress as the current Congress winds down in 2024 and the new Congress readies for action with a new administration in 2025..

My Protein Germany

Myprotein UK

Menkind UK

Top News

Storm Bert tracker LIVE: Met Office weather warnings as 70mph winds to batter Britain

Storm Bert, the second storm of the year, will hit the UK to...

Ukraine says new missile fired by Russia flew for 15 minutes, faster than Mach 11

Galloway Hoard to go on display in Australia at start of international tour

Israel army says killed five Hamas militants in north Gaza raid

Related Posts

post-thumbnail
Health

How To Prevent Pancreatic Cancer? Early Detection and Genetic Risks Key to Better Outcomes

post-thumbnail
Health

Amneal files again for FDA approval of first dihydroergotamine autoinjector

post-thumbnail
Health

Short-term menopausal hormone therapy shows no long-term cognitive effects

post-thumbnail
Health

Restaurant review: I didn’t think a beer-paired dinner was for me – but this tasting menu is a triumph

post-thumbnail
Health

Need extra support? Get 30% off Brooklyn Bedding's Titan Plus mattress in huge Black Friday sale

post-thumbnail
Health

Senior managers at Hong Kong public hospitals may be held responsible for blunders

post-thumbnail
Health

Cetuximab performs better than durvalumab in treating head and neck cancers

post-thumbnail
Health

Natural, Scientifically Supported Dandruff Treatments