AEHIS Board Chair to Address Cybersecurity at Hearing on Capitol Hill

ANN ARBOR, MI, June 5, 2018 –  Erik Decker, the Board Chair for the Association for Executives in Healthcare Information Security (AEHIS),  will testify Wednesday on behalf of AEHIS before the House Committee on Energy and Commerce on legislation that would reauthorize key preparedness and response programs, which for the first time would include cybersecurity threats. Decker is one of six witnesses invited to serve as a witness at the hearing.

“I appreciate the opportunity to discuss the need for maturing healthcare’s cybersecurity resiliency and response across our nation,” said Decker, the chief security and privacy officer at University of Chicago Medicine. “We believe that it is imperative that we continue to establish, modernize and mature the industry’s resilience, and response, to these evolving cybersecurity threats.”

Wednesday’s hearing will focus on the Pandemic and All-Hazards Preparedness Reauthorization Act of 2018 (PAHPA), which reauthorizes certain programs under the Public Health Service Act and Federal Food, Drug, and Cosmetic Act. The draft legislation being considered includes amendments that recognize the threat that cyberattacks pose on patient safety and security, the need for a coordinated response and other improvements.

AEHIS and the College of Healthcare Information Management Executives (CHIME) support PAHPA and commend the committee for recognizing the potentially widespread damage that cyber incidents can inflict on the healthcare industry and patients. AEHIS and CHIME members have identified several challenges that have been of concern, including who leads the U.S. Department of Health and Human Services’ (HHS) cybersecurity programs, the proper channels for communicating cybersecurity-related issues and concerns that sharing information might trigger an enforcement action through a regulatory body in HHS. PAHPA addresses many of those challenges, Decker explained in a written statement, including:

  • The digital transformation of the healthcare industry that requires complicated technical platforms to achieve desired clinical outcomes;
  • The identification of modern day cybersecurity threats, and how these threats can cause significant harm to the healthcare and public health sector, and this digital platform;
  • The need for maturation of cybersecurity resiliency and capability within the industry, specifically relating to cyber programs and medical device security;
  • leveraging the Assistant Secretary for Preparedness and Response as the Sector Specific Agency, encouragING the coordination and deconfliction of best practices, guidance and enforcement expectations among the various HHS operating divisions such as the Office of Civil Rights, the Food and Drug Administration, the Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health IT; and
  • The need for further incentivize the industry to adopt cybersecurity best practices.

The hearing will be live streamed, beginning at 10 a.m. ET. For more information, and to access the hearing once it starts, go here.

The Association for Executives in Healthcare Information Security (AEHIS) was launched in 2014 to provide an education and networking platform to healthcare’s senior IT security leaders. With nearly 850 members, AEHIS is advancing the role of the chief information security officer (CISO) through education, collaboration, exchange of best practices and advocacy in support of secure health information for the protection of both healthcare organizations and consumers. For more Information, please visit


The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs) and other senior healthcare IT leaders. With more than 2,600 members in 51 countries and over 150 healthcare IT vendors and professional services firms, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate the effective use of information management to improve the health and healthcare in the communities they serve. For more information, please visit

Candace Stuart
Director of Communications and Public Relations, CHIME
[email protected]