The US Department of Health and Human Services (HHS) announced on April 20 that it plans to launch a cybersecurity initiative modeled on the US Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) that will be aimed at educating healthcare organizations and consumers about the risks of using mobile applications and data. The new center, which will be called the Health Cybersecurity and Communications Integration Center (HCCIC), is intended to be a collaborative effort between public and privacy industry. A similar cybersecurity initiative is being developed by the Centers for Medicare & Medicaid Services (CMS).
Chris Wlaschin, the chief information security officer for HHS, says this type of collaborative center is needed because approximately 50% of US healthcare organizations lack the adequate tools to deter and manage cyber breaches. As mobile health applications become more prevelant, the HHS sees the HCCIC as an opportunity to help developers secure patient data.
The new HHS center represents a continual effort by the federal government to address healthcare app cybersecurity. In December 2016, the FDA released guidance on “Mobile Medical Applications.” The HHS Office of Civil Rights and Federal Trade Commission have also launched online resources for medical app cybersecurity. And HHS’s Health Care Industry Cybersecurity Task Force recently submitted a draft report to Congress that laid out six “imperatives” for lawmakers and executive branch officials to consider when seeking to secure patient data, including security surrounding applications.
If you or your company is developing, or has implemented a medical app, the Dentons Privacy and Cybersecurity Group can help you navigate this constantly developing federal landscape. We will also provide further updates as the HCCIC becomes operational this summer.