Premier Offers Recommendations on Proposed HIPAA Security Rule
Premier submitted comments on the Health Insurance Portability and Accountability Act (HIPAA) Security Standards for the Protection of Electronic Protected Health Information proposed rule. In its letter, Premier recommends that the Administration focus its regulatory efforts on actions that will help providers – particularly under-resourced and rural providers – combat the significant increases in cyberattacks that threaten electronic protected health information. Specifically, Premier recommends that the Administration focus its regulatory efforts on the following:
Working closely with healthcare sector stakeholders to learn from and build upon private sector innovation in cybersecurity;
Collaborating with private sector experts to develop baseline cybersecurity standards that are rooted in specificity, evolvability and maturity;
Anchoring guidance to National Institute of Standards and Technology (NIST) standards, which are widely used and developed through public-private consultation;
Designing standards that are supported by a business case to naturally incentivize adoption of a market-driven solution; and
Refraining from expanding the authority of regulatory sub-agencies such as the HHS Office of Civil Rights to interfere in private contracts.
