WASHINGTON DC USA -- HEALTHCARE UPDATE NEWS SERVICE™ -- FEBRUARY 1, 2023: To improve health outcomes, patients and providers need access to individual information to make important, quick decisions about healthcare. The proliferation of new technologies and the shift to electronic health records has been accompanied by cybersecurity challenges and concerns.

The EHI community continues its work of protecting the privacy of individuals by supporting the efforts of providers and vendors to ensure that patient information is both protected and secure. With this in mind, we have added some new resources to our website to help educate our members on the latest issues and best practices for protecting personal and organizational data.

Podcast: A Conversation with John Riggi on Cybersecurity Risks Facing Health Systems
During this two-part episode, we had the pleasure of speaking with John Riggi, national advisor for cybersecurity and risk at the American Hospital Association about the current state of cybersecurity risks and threats facing health systems.

A leading expert in the field, John addresses the types of attacks we're experiencing, where they are coming from, and the motives for attacks.

In addition, as cyber threats increase and become more widespread, John discusses how executives can prepare and prioritize readiness for an attack response.

---

Executive Spotlight: A Deep Dive Into Upcoming Cybersecurity Legislation With Healthcare Executives
In 2022, Executives for Health Innovation (EHI) convened a small group of cybersecurity experts, regulators, and policy experts to discuss cybersecurity concerns facing the healthcare industry.

During this impressive roundtable, the group identified the top concerns driving executives, including:

• New guidance and regulations related to medical devices, healthcare systems, and patient data;
• The current legislative challenges facing Congress; and
• Recent FDA draft guidance and pending legislation.

 A summary of the key concerns and highlights from the discussion are offered in this report.

---

Protecting Health Data Outside the Healthcare System
Since the early 2000s, the Health Insurance Portability and Accountability Act (HIPAA) has been the nation’s primary health privacy law, protecting patient data held by the healthcare system – hospitals, doctors, clinics, and health insurers. With the explosive proliferation of digital technologies, an ever-increasing amount of health data is generated by consumers themselves. This data is both held and used by companies that are not bound by the obligations of HIPAA, leaving that data largely under-protected and under-regulated.

With the generous support of the Robert Wood Johnson Foundation (RWJF), the Executives for Health Innovation and the Center for Democracy & Technology (CDT) released the Consumer Privacy Framework for Health Data (the Framework) in February of 2021. The Framework outlines the current gaps in legal protections and discusses how non-HIPAA-covered health data should be used, accessed, and disclosed. A second round of funding from RWJF led to the development of the final report, The Case for Accountability: Protecting Health Data Outside the Healthcare System, authored by EHI.

The Final Report
EHI’s report makes the case for why a robust accountability mechanism is needed to govern the use of health data held and used by health tech companies. In the absence of new federal data privacy legislation, EHI has put forward a private-sector solution – a neutral, independently run self-regulatory program that will oversee the data use policies and procedures of Framework members.

Self-Regulatory Program
In January 2022, EHI launched a Request for Proposals from organizations interested in housing and running the Framework’s self-regulatory program. After careful consideration of the proposals submitted by an independent, objective committee of experts, EHI announced that it had selected BBB National Programs to implement and house this new program, overseeing compliance with the Framework and protecting consumer health data not bound by the obligations of HIPAA

---

FOR E-MAIL ADDRESS CHANGE, ADD OR DELETE REQUESTS:

For changes or additions, please email your request to: listmgr@HealthcareUpdateNewsService.com.

For removal of your e-mail address, please click the "SafeUnsubscribe" link located in the footer of this message below to automatically remove your address from the list.