AHA encourages NIST to keep cybersecurity framework flexible, voluntary
AHA News Now
Dec 11, 2013
The AHA today applauded the National Institute of Standards and Technology for consulting with the private sector in developing its preliminary framework for reducing cybersecurity risks to critical infrastructure, and urged that the final framework remain flexible and voluntary for hospitals and others that own or operate critical infrastructure in this diverse sector. The final framework also should consider how to reconcile disparate cybersecurity implementation standards, allow sufficient time to implement changes, and reference existing information security rules applicable to health care organizations, especially Health Insurance Portability and Accountability Act and HITECH Act requirements, wrote Linda Fishman, AHA senior vice president of public policy analysis and development. The president directed NIST to develop the framework in February.