President announces cybersecurity plan; AHA comments on NIST framework
AHA News Now
Feb 9, 2016
President Obama today announced a federal plan to enhance cybersecurity, which includes a new Commerce Department commission that will recommend by December how to strengthen cybersecurity in the public and private sectors. Among other actions, the plan calls on health insurers and health care stakeholders to “enhance their data stewardship practices,” and seeks feedback to inform further development of the National Institute of Standards and Technology’s cybersecurity framework for critical infrastructure. In comments submitted to NIST today, Ashley Thompson, AHA senior vice president of public policy analysis and development, said the framework is an important reference for owners and operators of critical infrastructure, but that “challenges remain in making information and resources actionable at the front lines of health care.” To improve the framework, AHA suggests the agency add resources such as guidance scaled to smaller health care providers, and case studies and profiles of those who have made effective use of the framework. It also recommends mapping the framework to requirements under the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act, to ensure that “contradictory and duplicative requirements are avoided and synergies are created.” AHA also recommends that the framework remain in the public domain, “with no cost or other barriers to its use.” The president’s fiscal year 2017 budget request calls for $19 billion in federal funding to enhance cybersecurity.