Sens. Ron Wyden, D-Ore., and Mark Warner, D-Va., have introduced a bill that would direct the Department of Health and Human Services to establish and implement mandatory minimum cybersecurity standards for healthcare providers, clearinghouses, health plans and business associates, including those for key entities that are important to national security.
The Senate Finance Committee said Thursday the proposed Health Infrastructure Security and Accountability Act would provide upfront investment payments worth $800 million for rural and urban safety net hospitals and $500 million to all hospitals to implement improved cybersecurity standards.
The legislation would require HHS to audit the data security practices of at least 20 regulated entities each year and support the department’s security oversight and enforcement activities through a user fee on all regulated institutions.
Under the proposed measure, business associates and covered entities would be required to perform independent cybersecurity audits each year and stress tests to determine their capability to quickly restore service following a cyber incident.
The bill would also remove the statutory caps on the department’s fining authority, require top executives to annually certify compliance with requirements to strengthen corporate accountability and codify the HHS secretary’s authority to provide accelerated and advanced Medicare payments in the event of a healthcare system disruption caused by a cyberattack.
“With hacks already targeting institutions across the country, it’s time to go beyond voluntary standards and ensure health care providers and vendors get serious about cybersecurity and patient safety. I’m glad to introduce legislation that would mandate sensible cybersecurity protocols while also getting resources to rural and underserved hospitals to ensure they have the funding to meet these new standards,” Warner said.
Join the Potomac Officers Club’s 2024 Healthcare Summit on Dec. 11, and explore the transformative trends and innovations shaping the future of the U.S. healthcare sector. Register now!