Binding cybersecurity standards are close at hand for healthcare

Hospitals that want to remain eligible for federal dollars—including CMS reimbursement—will soon need to show their cybersecurity is up to snuff.

That’s according to a senior Biden administration official who spoke on condition of anonymity with the startup news outfit The Messenger.

The official says cybersecurity policies that HHS outlined in early December will be proposed in specific terms within the next month or so.

The government’s aim is to have the new system up and running by the end of the year.

The rules will tie federal funding with “basic digital security defenses,” The Messenger reported Jan. 9.

The high-level source told the outlet the administration is “homing in on those key cybersecurity practices that we really do believe bring a meaningful impact.”

In the December document, HHS laid out its agency-wide strategy for supporting greater enforcement and accountability around healthcare cybersecurity.

The document, “Healthcare Sector Cybersecurity: Introduction to the Strategy of the U.S. Department of Health and Human Services,” gives a conceptual framework on forthcoming

“enforceable cybersecurity standards, informed by the Healthcare and Public Health sector Cybersecurity Goals [laid out in the document] that would be incorporated into existing programs, including Medicare and Medicaid and the HIPAA Security Rule.”

The Messenger, which launched last spring, reports that the proposed requirements will include deadlines for fixing software vulnerabilities as well as multifactor authentication mechanisms for password-protected online activities.

Basic security practices like these “really do shut the door to most of our cyber incidents,” the senior administration official told the outlet.

Read the rest.

Dave Pearson

Dave P. has worked in journalism, marketing and public relations for more than 30 years, frequently concentrating on hospitals, healthcare technology and Catholic communications. He has also specialized in fundraising communications, ghostwriting for CEOs of local, national and global charities, nonprofits and foundations.

Around the web

California-based Acutus Medical has said its ongoing agreement to manufacture and distribute left-heart access devices for Medtronic is the company's only source of revenue. 

The scam took place over a period of seven years, resulting in Medicare being billed for more than $70 million in fraudulent claims for unnecessary scans. 

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.