A federal hearing on standardizing and modernizing health IT resulted in calls for latest or better legislation to fill in gaps in cybersecurity law.
In a joint hearing before the U.S. House's Subcommittee on Information Technology and Subcommittee on Health Care, Benefits and Administrative Rules, Rep. Ted Lieu (D-Calif.) pointed out that ransomware attacks against health-care institutions, involving the one perpetrated against Hollywood Presbyterian Medical Center, are not covered in the year 2009 HITECH (Health Information Technology for Economic and Clinical Health) Act, which promotes the adoption of electronic health records.
“HITECH law has cybersecurity needs and requires notification for information breaches, but the law says nothing about notification for data that is frozen or held hostage where it is stored,” claimed Lieu, noting that the health-care industry requirements "some combination of regulation and forcible guidance to protect the public."a
No comments:
Post a Comment