Healthcare Cybersecurity Act of 2022

Michael Stiglianese
May 16, 2023 5:15:55 PM

Healthcare Cybersecurity Act of 2022

The Healthcare Cybersecurity Act of 2022 is an important step in improving the cybersecurity of the healthcare and public health sector. The law will help to protect patient data, public health, and the healthcare system from cyberattacks. Healthcare providers must take steps to comply with the law to ensure that they are doing their part to protect patients and the healthcare system.

Healthcare Provider Responsibilities Under the Act

The Healthcare Cybersecurity Act of 2022 (H.R. 8806) imposes a number of new responsibilities on healthcare providers. These responsibilities include:

  • Developing and implementing a written cybersecurity plan. The plan must include a risk assessment, a list of cybersecurity controls, and a process for monitoring and improving the plan.
  • Implementing security measures to protect electronic health records (EHRs). These measures must include access controls, encryption, and incident response plans.
  • Reporting cybersecurity incidents to HHS. Healthcare providers must report any cybersecurity incidents that affect the confidentiality, integrity, or availability of EHRs or other healthcare data.
  • Training employees on cybersecurity best practices. Healthcare providers must train their employees on how to protect healthcare data from cyberattacks.
  • Conducting cybersecurity exercises and drills. Healthcare providers must conduct regular cybersecurity exercises and drills to test their cybersecurity plans and procedures.

How to Comply with the Act

There are a number of steps that healthcare providers can take to comply with the Healthcare Cybersecurity Act of 2022. These steps include:

  • Developing a written cybersecurity plan. The plan should include a risk assessment, a list of cybersecurity controls, and a process for monitoring and improving the plan.
  • Implementing security measures to protect EHRs. Healthcare providers should implement security measures to protect EHRs, such as access controls, encryption, and incident response plans.
  • Reporting cybersecurity incidents to HHS. Healthcare providers should report any cybersecurity incidents that affect the confidentiality, integrity, or availability of EHRs or other healthcare data to HHS.
  • Training employees on cybersecurity best practices. Healthcare providers should train their employees on how to protect healthcare data from cyberattacks.
  • Conducting cybersecurity exercises and drills. Healthcare providers should conduct regular cybersecurity exercises and drills to test their cybersecurity plans and procedures.

Conclusion

The Healthcare Cybersecurity Act of 2022 is an important step in improving the cybersecurity of the healthcare and public health sector. The law will help to protect patient data, public health, and the healthcare system from cyberattacks. Healthcare providers should take steps to comply with the law to protect their patients and their organizations.

Get more insights from the TetherView team and join in on the conversation:

Subscribe to our Newsletter
Register for a Workshop
Follow us on LinkedIn

Read On

Streamlining Operations: Reducing Complexity with the Digital Bunker

In today’s rapidly evolving business landscape, the ability to streamline operations and optimize...

Why WFH is Here to Stay - TetherView

For the past 15 years, organizations have made a slow move towards enabling employees to work from...

Why CFOs Should Book a Microsoft 365 Assessment with TetherView

As a Chief Financial Officer (CFO), your strategic decisions impact the financial health of the...