Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE +
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
May 03, 2017 01:00 AM

Cybersecurity task force seeks new security framework, exemption to the Stark law

Rachel Z. Arndt
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    In a draft of a cybersecurity report to be released later this month, the Health Care Industry Cybersecurity Task Force called on the government to create new policies that would help healthcare organizations strengthen their cybersecurity.

    While some of the details of the report's six "imperatives" were vague—a call for more awareness, for instance—others were directed at specific standards and laws that might have more apparent effects across the industry. These include a new cybersecurity framework specific to healthcare and amendments to the Physician Self-Referral Law (Stark Law) and the Anti-Kickback Statute to allow healthcare organizations to assist physicians with cybersecurity. These, along with other imperatives set out in the report, would "help to increase awareness, manage threats, reduce risks and vulnerabilities, and implement protections not currently present across a majority of the health care industry."

    That's especially necessary given the push of late of providers to share more information, said Mari Savickis, vice president of federal affairs at the College of Healthcare Information Management Executives. "As providers have been pushed to share more information more quickly, that increases the threat landscape for providers and for patients," she said.

    Steve Bunnell, a partner at O'Melveny and former general counsel of the U.S. Department of Homeland Security, agreed, and said that it's hard to have a nimble information-sharing healthcare system without increasing cybersecurity risks. "To a certain extent, we're trying to have our cake and eat it too," he said.

    One way to help keep the industry secure is through security frameworks. Along with the National Institute of Standards and Technology Cybersecurity Framework, which is already broadly used by providers—75% of respondents to a recent KLAS-CHIME study said they follow the NIST guidelines—the industry would benefit from a complementary framework of its own, the task force said, arguing that healthcare is a unique industry with varying resource capabilities, legacy systems that will be used for years to come, and the need to share data for patient-centered care.

    "The NIST framework is so broad and used across all sectors," said Leslie Krigstein, vice president of congressional affairs at CHIME, "so something that is healthcare-specific would be a welcome addition to our resource kit."

    The new framework, which would be created by the Department of Health and Human Services, would build on the NIST framework and the HIPAA security rule to give healthcare its own lexicon, standards, guidelines, and best practices. "We all know that the HIPAA security rule is not, nor was it envisioned to be, adequate to address information technology security requirements of the total enterprise," said Mac McMillan, president and chief strategy officer of CynergisTek. "It's past time for healthcare to adopt a more appropriate framework for security."

    The framework would also be helpful for making cybersecurity more tangible, Krigstein said. "This would be very valuable in the sense that you could have something to measure against."

    The recommendation for a healthcare-specific cybersecurity framework came under the broader recommendation to set out clearer leadership, governance, and expectations for cybersecurity in the healthcare industry. Under that heading, the report's authors also called for a cybersecurity leader role in HHS, a person who would create goals and priorities for the industry and participate in international policymaking, and other responsibilities.

    The task force also called for changes to the Stark law and Anti-Kickback Statute. Because cybersecurity is so dependent on all the players in the networked industry, even organizations that put strong cybersecurity policies and software in place are vulnerable due to connections with less-secure providers. Therefore, the task force asked Congress to amend the Stark law and Anti-Kickback Statute to allow healthcare organizations to help physicians implement cybersecurity software, much as they have with electronic health records.

    The intention may be strong, but the effects could be weaker, Bunnell said. "I have not heard that specific excuse as a reason companies don't share," he said. "But any change that does happen because of that change [to the laws] will be positive."

    The task force—mandated by the Cybersecurity Act of 2015—is officially sending its report, dated May 15, 2017, to the chairmen of the House and Senate committees on Homeland Security and intelligence; the Senate Health, Education, Labor, and Pensions Committee; and the House Committee on Energy and Commerce. It will be up to Congress, the CMS, the Office of the National Coordinator for Health Information Technology, HHS, FDA, and other groups to act on the recommendations.

    It's important that law- and policymakers act quickly, Bunnell said. "The threat environment evolves more quickly than the policy and legal responses do. My concern is that people don't actually do anything and just continue talking about the issue. There really is urgency," he said.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Record 16.3M people enroll in ACA plans
    Record 16.3M people enroll in ACA plans
    367749098.jpg
    US health officials propose annual COVID-19 vaccination for most Americans
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE +
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing