The Healthcare Information and Management Systems Society (HIMSS) are calling on the Department of Health and Human Services to elect a national cyber leader who would facilitate in an elevated chief information security officer position.
In specific, a latest HIMSS policy paper touts an expanded position for the HHS chief information security officer, with responsibilities inside the organization but also working with outside healthcare stakeholders to instruct cyber security attempts. Leo Scanlon is the present CISO at HHS. In accordance to HIMSS, they need a national cyber leader.
To become less of a target, HIMSS calls on entire stakeholders to exchange data on cyber risks, threat actors, susceptibilities and mitigation attempts. This level of collaboration, which Scanlon or another CISO could assist with, could eliminate policy, cultural and financial roadblocks that inhibit establishment of latest cyber security solutions.
The association also is pitching for adoption of a universal privacy and security framework across the company. Particularly, it suggests the NIST Cybersecurity Framework.
HIMSS doesn’t find a mandate for use of the NIST Cybersecurity Security Framework, as its members have made it obvious that they are overwhelmed with plans and do not need new rules or laws, claims Lee Kim, director of privacy and security at HIMSS.
Moreover, setting a mandated security framework in law wouldn’t be practical, Kim further adds. “We’ve observed how steadily regulations and laws get written and put into force. By that period, the threat landscape will have completely changed.”
The policy statement, Kim points out, is aspirational with a message that the industry requires getting better and increase its cyber protection capabilities.
Any framework should involve model cybersecurity architectures, risk assessments, business associate agreements, support of individual privacy/security rights, and a national strategy for patient identification and matching.
Particular aims for national cyber leader to target involve expanding the pool of qualified cyber personnel, making sure the adequate risk and asset response, advancing education, accepting lessons from HITECH-funded Regional Extension Centers to impress small providers and timely sharing of threat data, among others. The HIMSS position statement is present here.
No comments:
Post a Comment