HIMSS Delivers Comments to DHS on Cyber Incident Reporting for Critical Infrastructure Act of 2022

HIMSS has responded  to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency’s (CISA)  request for information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022.  

HIMSS noted that it is especially important for CISA to consider the follow areas when creating policies related to cybersecurity information sharing as mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022. 

Reducing reporting redundancy 

The detailed data reported must be balanced against what is already mandated under existing laws, such as the Health Insurance Portability and Accountability Act (HIPAA), and any future federal reporting requirements.  

Balanced reporting requirements 

Data reporting requirements should be balanced and factor several considerations.  

Granularity of reporting 

Various healthcare organizations, including but not limited to small and medium healthcare stakeholders, may not have the resources to report granular data or to meet the relatively short timeframes required by CISA.  

Confidential handling and protection of reported information 

It is vital to require confidential handling of the reported information as it relates to national security concerns of protecting critical infrastructure and constituent entities.  

HIMSS appreciated the opportunity to comment on the request for information as CISA collects input from the public, in part, to develop regulations required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022. 

HIMSS looks forward to continuing to be a trusted stakeholder and resource and welcomes the opportunity to discuss healthcare cybersecurity with the Department of Homeland Security Cybersecurity.  

Read HIMSS’s full comment letter on the Cyber Incident Reporting for Critical Infrastructure Act of 2022.