HITRUST Praises House Efforts on Cybersecurity Measures

April 23, 2015 in News

On Thursday, the Health Information Trust Alliance in a release praised the House’s passage of a cybersecurity bill (HR 1560) and a forthcoming vote on a counterpart bill (HR 1731), Politico‘s “Morning eHealth” reports (Gold et al., “Morning eHealth,” Politico, 4/23).

Cybersecurity has received attention following recent major cyberattacks, including a breach at Anthem that exposed records of about 80 million people and a recent attack on Sony Pictures Entertainment that involved some health information.

HR 1560 Details

The House voted 307 to 116 to pass the measure, which aims to encourage companies to allow federal cybercrime investigators access to their computer networks and records.

Under the bill, companies would receive legal liability protections if they share cyberthreat information with each other or the government. Companies that share data with the government would receive protections after the data have been washed twice for personal information (Steinhauer, New York Times, 4/22). First, the data would be scrubbed by a civilian agency — rather than the Department of Defense or the National Security Agency (Kelly, USA Today, 4/22). After the data have been scrubbed by a civilian agency, it would be scrubbed by the governmental entity that receives it.

The Obama administration has supported the bill but warned that the liability protections could be too wide-ranging and backfire by stopping companies from reporting cyberthreats (New York Times, 4/22).

HR 1731 Bill Details

On Thursday, the House is expected to take up the National Cybersecurity Protection Advancement Act, which would require private-sector companies to send their information first to the Department of Homeland Security. The House Homeland Security Committee last week approved the measure.

According to USA Today, lawmakers plan to combine the bills and work with the Senate — which has crafted its own cybersecurity-information sharing bill (S 754) — to create a compromise bill. The final bill would by subject to approval in both chambers (USA Today, 4/22).

HITRUST Comments

HITRUST CEO Dan Nutkis applauded the measures. He said, “These bills effectively do two things. First, they formalize the process for information sharing and encourage private entities to share amongst themselves and with the government. And second, they provide legal certainty that companies sharing that information have safe harbor against frivolous lawsuits when voluntarily sharing and receiving threat indicators and defensive measures in real time and taking actions to mitigate cyberattacks” (“Morning eHealth,” Politico, 4/23).

Breach Notification Bill

Meanwhile, a separate bill (HR 1770) that would create a national data breach policy has received criticism from some who see the policy as looser than existing state regulations, the Los Angeles Times reports.

The bill — written by Reps. Marsha Blackburn (R-Tenn.) and Peter Welch (D-Vt.) — aims to “replace the current patchwork of laws with a single, national standard for protection and notification.” Some have raised concerns that the federal law would pre-empt existing state laws that are stronger and more comprehensive.

For example, under current California law, Anthem had to disclose its breach because California’s law requires notification when a resident’s personal information is “acquired, or reasonably believed to have been acquired, by an unauthorized person.” The federal bill would require notification if the company finds “a reasonable risk” of “identity theft, economic loss or economic harm.” The bill does not define reasonable risk, and it could be up to the company to determine reasonable risk on their own, the Los Angeles Times reports (Lazarus, Los Angeles Times, 4/21).

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/F7oS6diSNG0/hitrust-praises-house-efforts-on-cybersecurity-measures

Be Sociable, Share!
Bookmark and Share

Leave a reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>