AEHIS Board Chair Talks Cyber Preparedness to Congress

By Leslie Krigstein, Vice President, Legislative Affairs, and Chris Cook, Vice President, AEHIS, AEHIT, AEHIA

On June 6, AEHIS Board Chair Erik Decker testified before the House Committee on Energy and Commerce on draft legislation that recognizes the importance of ensuring the nation’s health systems are better prepared and able to respond to cybersecurity incidents. Speaking on behalf of AEHIS and CHIME, he supported provisions that for the first time would include cybersecurity threats in the Pandemic and All-Hazards Preparedness Reauthorization Act of 2018 (PAHPA).

PAHPA reauthorizes certain programs under the Public Health Service Act and Federal Food, Drug, and Cosmetic Act. The draft legislation being considered includes amendments that recognize the threat that cyberattacks pose on patient safety and security, the need for a coordinated response and other improvements. In particular, they amend the Public Health Service Act to include “cybersecurity” in both “Improving State and Local Public Health Security” (42 U.S.C. 247d-3a) and “Partnerships for State and Regional Preparedness to Improve Surge Capacity” (42 U.S.C. 247d-3b.)

In his written and oral testimony as well as in a follow-up letter, Decker shared members’ perspective, including:

  • Continued concerns about the threats to patient care and safety that cybersecurity attacks pose in an era of ubiquitous connectivity
  • The need to clarify where cybersecurity is to be managed within the Department of Health and Human Services (HHS) and proper channels for communicating cybersecurity-related issues and concerns
  • The importance of adequately funding and appropriately staffing the Office of the Assistant Secretary for Preparedness and Response (ASPR), or whatever office is selected to manage cybersecurity for HHS, to match the added functionality

Cybersecurity is a priority topic for the CHIME and AEHIS public policy programs and AEHIS members have been valuable contributors to efforts to educate policy makers about the potential impact of their decisions. The upcoming CHIME Advocacy Summit, scheduled for Oct 3-5 in Washington, D.C., will feature CHIME and AEHIS policy leaders as well as top government and agency figures. (For more information and to register, go here.)

AEHIS and CHIME applaud the committee for recognizing the potentially widespread damage that cyber incidents can inflict on the healthcare industry and patients. We have been emphasizing that improving the cybersecurity posture of the healthcare industry is an important, but resource-intensive process, and that it is critical that these policy proposals be funded properly. We also have emphasized that recognition of their potential of cybersecurity threats to disrupt healthcare delivery should be a consideration in the next iteration of the National Health Security Strategy.

The Energy and Commerce hearing is available online here. The cybersecurity segment of the hearing occurs near the end, starting near the at 2:48 mark. Decker’s written testimony is posted here.

More AEHIS News