House subcommittee offers legislation to bolster health IT cybersecurity
A subcommittee of the U.S. House of Representatives last week passed the Cybersecurity Coordination and Awareness Act of 2009, which included an amendment requiring the National Institute of Standards and Technology (NIST) to add health IT systems to its cybersecurity research and development.

Reps. David Wu, D-Ore., and Adrian Smith, R-Neb., of the House Committee on Science and Technology's Subcommittee on Technology and Innovation, said the insertion will make health IT systems part of the NIST’s effort to reform the existing IT systems and infrastructure standards.

The bill requires NIST to improve on security after Congress described the current IT systems as being “vulnerable” and having “suffered intrusions,” where hundreds of millions of dollars and sensitive military information were unlawfully accessed.

“As we work to increase adoption of health IT in our medical system, it is important to recognize that the increased digitization and sharing of records must be accompanied by adequate privacy safeguards. Ensuring that we advance technologies and methods used to protect privacy should be central to NIST’s work in health IT,” said Wu.

NIST will implement a plan to develop a long-term assessment of secure IT systems by implementing a cybersecurity awareness and education program, creating and testing new cybersecurity technologies and updating technical terms to reflect technologies and networked systems.

“The convergence of telecommunication, Internet and video devices requires a corresponding convergence in cybersecurity technical standards development. A coordinated policy will ensure that these representatives operate with the overarching need of the U.S. infrastructure in mind,” said Wu.

According to the bill, the plan will focus on “innovative, transformational technologies with the potential to enhance the security, reliability, resilience and trustworthiness of the digital infrastructure.”

The previous focus on cybersecurity research was short-term, according to the legislation, and “lacked the prioritization and coordination necessary to address the long-term challenge of ensuring a secure and reliable IT and communications infrastructure."

The bill will be forwarded to the House Science and Technology Committee.