ACTIVITY

State of Play: The White House has released a new cybersecurity strategy that includes five components to secure the full benefits of a safe, secure digital ecosystem for all Americans. The House Committee on Oversight and Accountability Subcommittee on Cybersecurity, Information Technology, and Government Innovation held a hearing on this new strategy. President Biden’s fiscal year 2024 budget includes increased funding for the Cybersecurity and Infrastructure Security Agency (CISA). The Administration for Strategic and Preparedness Response (ASPR) has released a cybersecurity framework and implementation guide. The Health and Human Services (HHS) Office for Civil Rights (OCR) is creating three new divisions to conduct better enforcement to protect health data and privacy. OCR shared two reports to Congress on steps taken by the office to investigate complaints, breach reports, and compliance reviews of potential Health Insurance Portability and Accountability Act (HIPAA) violations in 2021. The Federal Trade Commission (FTC) has requested more funding to step up its work on health privacy regulation and has made protecting online health data a priority of its enforcement agenda. The HHS Office of the National Coordinator (ONC) has released a long anticipated proposed rule implementing provisions of the 21^st Century CURES Act on health data, technology, and interoperability (HTI-1). Six organizations will facilitate the secure sharing of patients’ health data as qualified health information networks under the 21^st Century Cures-mandated Trusted Exchange Framework and Common Agreement (TEFCA).

2024

March

• CMS Statement on Change Healthcare Cyberattack | CMS 
  CMS Issues Statement and Guidance for Medicare Advantage Organizations, Part D Sponsors, and Medicare-Medicaid Plans Addressing Impacts Related to the Cyberattack on Change Healthcare

February

• Fact Sheet 42 CFR Part 2 Final Rule  | HHS.gov
  On February 8, 2024, the U.S. Department of Health & Human Services (HHS) through the Substance Abuse and Mental Health Services Administration (SAMHSA) and the Office for Civil Rights announced a final rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 CFR part 2 (“Part 2”). With this final rule, HHS is implementing the confidentiality provisions of section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act – PDF (enacted March 27, 2020), which require the Department to align certain aspects of Part 2 with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules and the Health Information Technology for Economic and Clinical Health Act (HITECH).

2023

December

• The Confidentiality Coalition submitted this letter in response to the 21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking Proposed Rule
• FACT SHEET: Biden-Harris Administration Announces Voluntary Commitments from Leading Healthcare Companies to Harness the Potential and Manage the Risks Posed by AI | HHS.gov
  Biden-Harris Administration Announces Voluntary Commitments from Leading Healthcare Companies to Harness the Potential and Manage the Risks Posed by AI. 

September

• The Confidentiality Coalition submitted this letter in response to Sen. Cassidy’s Request for Information on leveraging technology to improve patient care, while safeguarding the privacy of this data

August

• Confidentiality Coalition comment letter to the Federal Trade Commission on the Health Breach Notification Rule.

June

• Confidentiality Coalition comment letter to HHS ONC on its HTI-1 proposed rule.
• Confidentiality Coalition letter to OCR on Reproductive Health Privacy.

May

• On May 18, Peter Fatelnig, Minister-Counsellor for digital economy policies at the Delegation of the European Union to the United States, spoke on EU artificial intelligence policy.

April

• April 19, 2023
  Confidentiality Coalition Webinar:
  The Past, Present, and Future of Health Privacy Policy
  Webinar video
  Presentation slides

March

• Confidentiality Coalition letter to CMS on advancing interoperability.
• Confidentiality Coalition letter to the National Telecommunications and Information Administration on privacy, equity and civil rights.
• On March 23, Greg Garcia, Executive Director, Cyber Security, Healthcare and Public Health Sector Coordinating Council, spoke on health cybersecurity policy issues.

February

• February 22, 2023
  Confidentiality Coalition Webinar:
  Cybersecurity Playbook for Healthcare
  Webinar video
  Presentation slides
• Confidentiality Coalition comments in advance of the House E&C Subcommittee on Consumer Protection & Commerce hearing on, “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy.”
• Confidentiality Coalition response to the Federal Communications Commission on their proposal to update data breach reporting requirements.

January

• On January 19, Colleen Nguyen and Sean Sweeney with Sen. Mark Warner (D-VA) gave a presentation to the Confidentiality Coalition on Sen. Warner’s cybersecurity priorities.

2022

December

• On December 1, the Confidentiality Coalition submitted comments to Sen. Mark Warner (D-VA) on his healthcare cybersecurity white paper.

November

• On November 14, the Confidentiality Coalition submitted comments to the Cybersecurity and Infrastructure Security Agency (CISA) on their request for information on implmenting breah reporting legislation.
• On November 14, the Confidentiality Coalition submitted comments to the Federal Insurance Office (FIO) on steps to provide catastrophic insurance coverage for cyber incidents.
• On November 3, the Confidentiality Coalition held a walkthrough on the Federal Trade Commission’s (FTC) advanced notice of proposed rulemaking on commercial surveillance.

October

• On October 31, the Confidentiality Coalition submitted comments to the Federal Trade Commission (FTC) on their advanced notice of proposed rulemaking on commercial surveillance.

September

• On September 21, Melanie Fontes-Rainer, Director of the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) gave a presentation to the Confidentiality Coalition on OCR’s strategic priorities.

July

• On July 21, Jon Warner, US President for the Organisation for the Review of Health and Care Apps (ORCHA) gave a presentation to the Confidentiality Coalition on tools to protect patient privacy when using health apps.

June

• On June 21, the Confidentiality Coalition  held a walkthrough of H.R. 8152, the American Data Privacy and Protection Act.
• On June 13, the Confidentiality Coalition sent a letter to the House Committee on Energy and Commerce Subcommittee on Consumer Protection & Commerce for their hearing on, “Protecting America’s Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security.”
• On June 6, the Confidentiality Coalition submitted comments to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) on its request for information Regarding Considerations for implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act.

May

• On May 19, Nigel Cory with the Information Technology & Innovation Foundation (ITIF) gave a presentation to the Confidentiality Coalition on global health and genomic data localization and governance.
• On May 12, the Confidentiality Coalition sent a letter to the Senate  Committee on Health, Education, Labor and Pensions (HELP) for their hearing on, “Cybersecurity in the Health and Education Sectors.”
• On May 5, the Confidentiality Coalition submitted comments to the Securities and Exchange Commission (SEC) on their proposed rule on cybersecurity incident reporting.
• On May 4, the Healthcare Leadership Council and the Confidentiality Coalition held a joint webinar on, “Healthcare Privacy and Security 101.” Panelists included representatives from AHIP, IQVIA and Mayo Clinic.

April

• On April 25, the Confidentiality Coalition submitted comments to the National Institute of Standards and Technology (NIST) on their request for information on revisions to the NIST Cybersecurity Framework.

March

• On March 24, Jeff Rothblum with the Senate Homeland Security and Governmental Affairs Committee (HSGAC) gave a presentation to the Confidentiality Coalition on legislative activity to strengthen cybersecurity infrastructure.
• On March 24, the Confidentiality Coalition and the Workgroup for Electronic Data Interchange wrote the Department of Health and Human Services (HHS) and the Department of Commerce encouraging the protection of patient data collected via third-party applications.
• On March 11, the Confidentiality Coalition submitted comments to the Federal Trade Commission (FTC) and the Department of Justice (DOJ) information on their request for information on merger enforcement.

February

• On February 17, the Confidentiality Coalition hosted a presentation and discussion on proposals to impose civil monetary penalties (CMPs) for violations of the HIPAA Privacy Rule.

January

• On January 20, Rob Tennant Vice President for Federal Affairs with the Workgroup for Electronic Data Interchange (WEDI) gave a presentation to the Confidentiality Coalition on legislative and regulatory advocacy on privacy for 2022.