Binding cybersecurity standards are close at hand for healthcare
Hospitals that want to remain eligible for federal dollars—including CMS reimbursement—will soon need to show their cybersecurity is up to snuff.
That’s according to a senior Biden administration official who spoke on condition of anonymity with the startup news outfit The Messenger.
The official says cybersecurity policies that HHS outlined in early December will be proposed in specific terms within the next month or so.
The government’s aim is to have the new system up and running by the end of the year.
The rules will tie federal funding with “basic digital security defenses,” The Messenger reported Jan. 9.
The high-level source told the outlet the administration is “homing in on those key cybersecurity practices that we really do believe bring a meaningful impact.”
In the December document, HHS laid out its agency-wide strategy for supporting greater enforcement and accountability around healthcare cybersecurity.
The document, “Healthcare Sector Cybersecurity: Introduction to the Strategy of the U.S. Department of Health and Human Services,” gives a conceptual framework on forthcoming
“enforceable cybersecurity standards, informed by the Healthcare and Public Health sector Cybersecurity Goals [laid out in the document] that would be incorporated into existing programs, including Medicare and Medicaid and the HIPAA Security Rule.”
The Messenger, which launched last spring, reports that the proposed requirements will include deadlines for fixing software vulnerabilities as well as multifactor authentication mechanisms for password-protected online activities.
Basic security practices like these “really do shut the door to most of our cyber incidents,” the senior administration official told the outlet.