On March 16, 2016, via an online blog announcement, Department of Health & Human Services (“HHS”) Acting Deputy Secretary Mary Wakefield announced the formation of a Health Care Industry Cybersecurity Task Force (“Task Force”). 

The Cybersecurity Information Sharing Act of 2015 tasked HHS with the creation of the Task Force, which will focus on evaluating HHS’ own cybersecurity preparedness, analyzing challenges for private healthcare entities to secure against cybersecurity attacks, and improving the safety and security of electronic health information and medical devices across the American health care system. Task Force membership includes 21 individuals representing a wide variety of organizations and companies within the private and public sectors, including hospitals, insurers, patient advocates, security researchers, pharmacy and pharmaceutical companies, medical device manufacturers, laboratories, and health information technology developers and vendors. 

The announcement closely follows remarks by HHS Secretary Sylvia Burwell at the 2016 conference of the Healthcare Information and Management Systems Society, held on February 29, 2016. During her remarks, Burwell commented that the “bedrock of an interoperable health information technology system is privacy and security.” To further efforts to create such a system, Burwell highlighted the forthcoming Task Force, commenting that it would “bring together leading thinkers in government and the private sector to develop strategies for addressing our shared cybersecurity challenge.” The Task Force’s work will culminate in a report that is expected to be completed in the next year. 

Reporter, Ehren K. Halse, San Francisco, +1 415 318 1216, ehalse@kslaw.com.