Congress needs to elevate the position of the CISO at the Department of Health and Human Services so that the job not only has responsibilities within the agency but also an official role in helping the healthcare sector improve its cybersecurity, says Samantha Burch of the Healthcare Information and Management Systems Society.
Elevating the HHS CISO role to be a peer of the HHS CIO was one of several core recommendations made by HIMSS, a non-profit association representing more than 68,000 health IT and security professionals in North America, as part of its annual "Congressional asks," Burch explains in an interview with Information Security Media Group.
"This year we focused on what we thought was a critical ... and that's ensuring that the leadership was there at HHS to help the sector have a more proactive stance on cyber - that external-facing role," she says. "And the way we structured this was the elevation of the HHS CISO. We think it's very critical that there be someone at HHS for the healthcare sector to reach out to that has authority both internally within the department, but also who is in a position to work externally to help the sector improve."
Last year, Congress had been exploring legislation - the HHS Data Protection Act - to "elevate and empower" the HHS CISO role with the creation of a new "Office of the CISO" within HHS. Under that proposal, the HHS CISO - who would be appointed by the president - would become "an organizational peer" to HHS' CIO. Under the current structure, the CISO reports to the CIO.
While that bill did not advance, "HIMSS was very supportive of it," Burch says. "We're looking again to work with bill sponsors to see whether a bill can be introduced in this Congress. We think it's important both for the purposes of elevating security within the department and creating an official within HHS that is the go-to person for the sector when it comes to cyber."
Patient ID Matching
On another matter that HIMSS has singled out as important, Burch says there are signs of progress on improving matching the right patients to the right records.
For instance, just last week, a bipartisan group of five senators requested that the Government Accountability Office produce clear recommendations for how HHS' Office of the National Coordinator for Health IT can take steps to help develop improved patient matching (see Senators Portray Patient Matching as Urgent Issue).
In the interview, Burch also discusses:
- HIMSS' recommendations to Congress regarding telehealth;
- What HIMSS sees as priorities regarding healthcare IT infrastructure;
- Other HIMSS legislative priorities.
As senior director of Congressional affairs, Burch leads HIMSS' efforts to identify, establish and strengthen partnerships with key Congressional offices and committees to advance health IT policy. Before joining HIMSS, Burch served as vice president of legislation and health IT at the Federation of American Hospitals and as a healthcare aide and press secretary for Rep. Al Green, D-Texas. She also worked with the American Cancer Society, AcademyHealth and as a policy fellow with the Ohio Department of Health.