CHIME, AEHIS Support Bill that Protects Providers Following Recognized Security Practices

ANN ARBOR, MI, Dec. 10, 2020 – The U.S. House of Representatives on Wednesday passed a bill that gives much-needed protection to providers who follow recognized security practices to fend off cyberattacks. The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) welcome the move and commend lawmakers for taking this historic step.

 

Cyberthreats are growing in volume and sophistication and are a risk to patient safety. In response to an escalation of cyberattacks on healthcare organizations, federal authorities issued an alert in late October warning that they had credible intelligence of a pending ransomware attack that affected several hospitals in the U.S. Yet providers who have been acting in good faith by following best security practices remain at risk of being penalized by the Office for Civil Rights for a breach.

 

“This bill offers much needed relief to providers by giving credit for best practices like those developed under the public-private efforts of the Joint Cybersecurity Working Group known as 405d,” said Erik Decker, a member of AEHIS, the industry lead for the 405d work and chief security and privacy officer at University of Chicago Medicine.

 

CHIME and AEHIS strongly support the bill and have long advocated for legislation that credits providers for following best cybersecurity practices. Both organizations have supported the National Institute of Standards and Technology Cybersecurity Framework and have helped lead the 405d efforts, which resulted in publicly available and voluntary best practices for use by providers of all sizes.

 

“The importance of this bill can’t be overstated,” said Russell P. Branzell, president and CEO of CHIME. “It moves us away from the punitive environment that victimized hospitals by acknowledging their work to better their cyber posture. We look forward to working with policymakers to get this legislation signed into law.”

 

The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs), chief innovation officers (CIOs), chief digital officers (CDOs) and other senior healthcare IT leaders. With more than 5,000 members in 56 countries plus two U.S. territories and over 150 healthcare IT business partners and professional services firms, CHIME and its three associations provide a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate, exchange best practices, address professional development needs and advocate the effective use of information management to improve the health and care in the communities they serve. For more information, please visit chimecentral.org.

 

The Association for Executives in Healthcare Information Security (AEHIS) was launched in 2014 to provide an education and networking platform to healthcare’s senior IT security leaders. With more than 900 members, AEHIS is advancing the role of the chief information security officer (CISO) through education, collaboration, exchange of best practices and advocacy in support of secure health information for the protection of both healthcare organizations and consumers. For more Information, please visit aehis.org. 

 

Candace Stuart

Director of Communications and Public Relations, CHIME

734.665.0000