Healthcare Cybersecurity Act of 2022
The Healthcare Cybersecurity Act of 2022 is an important step in improving the cybersecurity of the healthcare and public health sector. The law will help to protect patient data, public health, and the healthcare system from cyberattacks. Healthcare providers must take steps to comply with the law to ensure that they are doing their part to protect patients and the healthcare system.
Healthcare Provider Responsibilities Under the Act
The Healthcare Cybersecurity Act of 2022 (H.R. 8806) imposes a number of new responsibilities on healthcare providers. These responsibilities include:
- Developing and implementing a written cybersecurity plan. The plan must include a risk assessment, a list of cybersecurity controls, and a process for monitoring and improving the plan.
- Implementing security measures to protect electronic health records (EHRs). These measures must include access controls, encryption, and incident response plans.
- Reporting cybersecurity incidents to HHS. Healthcare providers must report any cybersecurity incidents that affect the confidentiality, integrity, or availability of EHRs or other healthcare data.
- Training employees on cybersecurity best practices. Healthcare providers must train their employees on how to protect healthcare data from cyberattacks.
- Conducting cybersecurity exercises and drills. Healthcare providers must conduct regular cybersecurity exercises and drills to test their cybersecurity plans and procedures.
How to Comply with the Act
There are a number of steps that healthcare providers can take to comply with the Healthcare Cybersecurity Act of 2022. These steps include:
- Developing a written cybersecurity plan. The plan should include a risk assessment, a list of cybersecurity controls, and a process for monitoring and improving the plan.
- Implementing security measures to protect EHRs. Healthcare providers should implement security measures to protect EHRs, such as access controls, encryption, and incident response plans.
- Reporting cybersecurity incidents to HHS. Healthcare providers should report any cybersecurity incidents that affect the confidentiality, integrity, or availability of EHRs or other healthcare data to HHS.
- Training employees on cybersecurity best practices. Healthcare providers should train their employees on how to protect healthcare data from cyberattacks.
- Conducting cybersecurity exercises and drills. Healthcare providers should conduct regular cybersecurity exercises and drills to test their cybersecurity plans and procedures.
Conclusion
The Healthcare Cybersecurity Act of 2022 is an important step in improving the cybersecurity of the healthcare and public health sector. The law will help to protect patient data, public health, and the healthcare system from cyberattacks. Healthcare providers should take steps to comply with the law to protect their patients and their organizations.
Get more insights from the TetherView team and join in on the conversation:
Subscribe to our Newsletter
Register for a Workshop
Follow us on LinkedIn