1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection



Similar documents
S. ll IN THE SENATE OF THE UNITED STATES A BILL

[STAFF WORKING DRAFT]

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

S AN ACT. To codify an existing operations center for cybersecurity.

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

1st Session NATIONAL CYBERSECURITY PROTECTION ADVANCEMENT ACT OF 2015

One Hundred Thirteenth Congress of the United States of America

S. ll. To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

H. R. ll IN THE HOUSE OF REPRESENTATIVES A BILL

Public Law th Congress An Act

Public Law th Congress An Act

One Hundred Thirteenth Congress of the United States of America

S. ll. To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

H. R. ll. To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

S AN ACT. Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

DIVISION N CYBERSECURITY ACT OF 2015

Legislative Language

No. 33 February 19, The President

S. ll IN THE SENATE OF THE UNITED STATES

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

DIVISION N CYBERSECURITY ACT OF 2015

Cybersecurity and Information Sharing: Comparison of H.R and H.R. 1731

Public Law th Congress An Act

S. ll [Report No. 114 lll]

H. R. 624 IN THE SENATE OF THE UNITED STATES. APRIL 22, 2013 Received; read twice and referred to the Select Committee on Intelligence AN ACT

TITLE III INFORMATION SECURITY

How To Codify A Cybersecurity Operations Center

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

September 28, MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

S. 754 AN ACT. Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

S. ll. To amend the Homeland Security Act of 2002 to secure critical infrastructure against electromagnetic threats, and for other purposes.

Legislative Language

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

One Hundred Seventh Congress of the United States of America

H. R. ll IN THE HOUSE OF REPRESENTATIVES A BILL

Cyber Legislation & Policy Developments 2014

S. 799 AN ACT. To address problems related to prenatal opioid use.

United States House of Representatives United States House of Representatives. Washington, DC Washington, DC 20515

One Hundred Tenth Congress of the United States of America

S. [ ] IN THE SENATE OF THE UNITED STATES. February, 2014, from the Committee on Health, Education, Labor and Pensions, introduced the following bill.

TITLE I 911 SERVICES AND IP ENABLED VOICE SERVICE PROVIDERS

In the Senate of the United States, AMENDMENT:

H. R. 219 AN ACT. To improve and streamline disaster assistance for Hurricane Sandy, and for other purposes.

H. R To enhance cybersecurity information sharing and coordination at ports in the United States, and for other purposes.

INTERIOR FRANCHISE FUND PERMANENT AUTHORITY TO OPERATE

S. ll. To amend the Public Health Service Act with respect to health information technology. IN THE SENATE OF THE UNITED STATES A BILL

S. ll. To improve enforcement efforts related to prescription drug diversion and abuse, and for other purposes. IN THE SENATE OF THE UNITED STATES

SECTION 1. SHORT TITLE.

H. R IN THE HOUSE OF REPRESENTATIVES

PART D HEALTH CARE QUALITY IMPROVEMENT Subpart I Quality Measure Development

One Hundred Eleventh Congress of the United States of America

Billing Code: 3510-EA

Public Law th Congress An Act

Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance

What are you trying to secure against Cyber Attack?

PATIENT SAFETY AND QUALITY IMPROVEMENT ACT OF 2005

2d Session CYBER INTELLIGENCE SHARING AND PROTECTION ACT

DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION

S. ll IN THE SENATE OF THE UNITED STATES A BILL

Sea Grant College Program

An Act. To provide for a coordinated Federal program to ensure continued United States leadership in high-performance computing.

Nationwide Cyber Security Review (NCSR) Frequently Asked Questions

BROADBAND DATA SERVICES IMPROVEMENT

HOMELAND SECURITY ACT OF 2002 [As Amended Through P.L , Enacted January 14, 2013]

The Department of Homeland Security The Department of Justice

Docket No. DHS , Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

Public Law th Congress An Act

Public Law th Congress An Act

One Hundred Seventh Congress of the United States of America

OFFICE OF THE LEGISLATIVE COUNSEL SANDRA L. STROKOFF, Legislative Counsel EDWARD G. GROSSMAN, Deputy Legislative Counsel

[DISCUSSION DRAFT] ELECTRONIC HEALTH RECORDS.

CHAPTER Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033

S IN THE SENATE OF THE UNITED STATES

TRAUMATIC BRAIN INJURY ACT OF 2008

TITLE I STANDARDS DEVELOPMENT ORGANIZATION ADVANCEMENT ACT OF 2004

H. R [Report No ]

Cyber After Snowden. Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program

28 USC 532. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

S IN THE SENATE OF THE UNITED STATES

THE PEOPLE OF THE STATE OF MICHIGAN ENACT:

S. 146 IN THE SENATE OF THE UNITED STATES

IN THE SENATE OF THE UNITED STATES

Sec. 247d-6. Public health countermeasures to a bioterrorist attack. (a) All-hazards public health and medical response curricula and training

Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence

S [Report No ] To promote and enhance public safety and to encourage the rapid deployment of IP-enabled voice services.

One Hundred Ninth Congress of the United States of America

1st Session Part 1 HOMELAND SECURITY UNIVERSITY-BASED CENTERS REVIEW ACT

PUBLIC LAW ^JULY 29, STAT. 1445

How To Support High Performance Computing

HOMELAND SECURITY ACT OF 2002 [Public Law ] [As Amended Through P.L , Enacted November 05, 2015]

BSA GLOBAL CYBERSECURITY FRAMEWORK

PUBLIC LAW JAN. 2, An Act

How To Write A National Cybersecurity Act

(Senate Bill 896) Military Personnel and Veteran Owned Small Business No Interest Loan Program and Fund

S. 681 IN THE SENATE OF THE UNITED STATES

Public Law th Congress An Act

PUBLIC LAW OCT. 30, 1998 FEDERAL EMPLOYEES LIFE INSURANCE IMPROVEMENT ACT

TITLE VI NATIONAL EMERGENCY MANAGEMENT

PUBLIC LAW NOV. 15, 1995 MIGRANT AND SEASONAL AGRICULTURAL WORKERS COMPENSATION

Transcription:

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to () require a State to report data under subsection (a); or () require a non-federal entity (as defined in section 0) to (A) adopt a recommended measure developed under subsection (b); or (B) follow the result of the activities carried out under subsection (c), including any methods developed under such subsection. SEC. 0. IMPROVING CYBERSECURITY IN THE HEALTH CARE INDUSTRY. (a) DEFINITIONS. In this section: () APPROPRIATE CONGRESSIONAL COMMIT- TEES. The term appropriate congressional committees means (A) the Committee on Health, Education, Labor, and Pensions, the Committee on Homeland Security and Governmental Affairs, and the Select Committee on Intelligence of the Senate; and (B) the Committee on Energy and Commerce, the Committee on Homeland Security, December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 and the Permanent Select Committee on Intelligence of the House of Representatives. () BUSINESS ASSOCIATE. The term business associate has the meaning given such term in section 0.0 of title, Code of Federal Regulations (as in effect on the day before the date of the enactment of this Act). () COVERED ENTITY. The term covered entity has the meaning given such term in section 0.0 of title, Code of Federal Regulations (as in effect on the day before the date of the enactment of this Act). () CYBERSECURITY THREAT; CYBER THREAT INDICATOR; DEFENSIVE MEASURE; FEDERAL ENTI- TY; NON-FEDERAL ENTITY; PRIVATE ENTITY. The terms cybersecurity threat, cyber threat indicator, defensive measure, Federal entity, non-federal entity, and private entity have the meanings given such terms in section 0 of this division. () HEALTH CARE CLEARINGHOUSE; HEALTH CARE PROVIDER; HEALTH PLAN. The terms health care clearinghouse, health care provider, and health plan have the meanings given such terms in section 0.0 of title, Code of Federal December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 Regulations (as in effect on the day before the date of the enactment of this Act). () HEALTH CARE INDUSTRY STAKEHOLDER. The term health care industry stakeholder means any (A) health plan, health care clearinghouse, or health care provider; (B) advocate for patients or consumers; (C) pharmacist; (D) developer or vendor of health information technology; (E) laboratory; (F) pharmaceutical or medical device manufacturer; or (G) additional stakeholder the Secretary determines necessary for purposes of subsection (b)(), (c)(), (c)(), or (d)(). () SECRETARY. The term Secretary means the Secretary of Health and Human Services. (b) REPORT. () IN GENERAL. Not later than year after the date of enactment of this Act, the Secretary shall submit to the Committee on Health, Education, Labor, and Pensions of the Senate and the Committee on Energy and Commerce of the House December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 of Representatives a report on the preparedness of the Department of Health and Human Services and health care industry stakeholders in responding to cybersecurity threats. () CONTENTS OF REPORT. With respect to the internal response of the Department of Health and Human Services to emerging cybersecurity threats, the report under paragraph () shall include (A) a clear statement of the official within the Department of Health and Human Services to be responsible for leading and coordinating efforts of the Department regarding cybersecurity threats in the health care industry; and (B) a plan from each relevant operating division and subdivision of the Department of Health and Human Services on how such division or subdivision will address cybersecurity threats in the health care industry, including a clear delineation of how each such division or subdivision will divide responsibility among the personnel of such division or subdivision and communicate with other such divisions and sub- December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 divisions regarding efforts to address such threats. (c) HEALTH CARE INDUSTRY CYBERSECURITY TASK FORCE. () IN GENERAL. Not later than 0 days after the date of the enactment of this Act, the Secretary, in consultation with the Director of the National Institute of Standards and Technology and the Secretary of Homeland Security, shall convene health care industry stakeholders, cybersecurity experts, and any Federal agencies or entities the Secretary determines appropriate to establish a task force to (A) analyze how industries, other than the health care industry, have implemented strategies and safeguards for addressing cybersecurity threats within their respective industries; (B) analyze challenges and barriers private entities (excluding any State, tribal, or local government) in the health care industry face securing themselves against cyber attacks; (C) review challenges that covered entities and business associates face in securing networked medical devices and other software December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 or systems that connect to an electronic health record; (D) provide the Secretary with information to disseminate to health care industry stakeholders of all sizes for purposes of improving their preparedness for, and response to, cybersecurity threats affecting the health care industry; (E) establish a plan for implementing title I of this division, so that the Federal Government and health care industry stakeholders may in real time, share actionable cyber threat indicators and defensive measures; and (F) report to the appropriate congressional committees on the findings and recommendations of the task force regarding carrying out subparagraphs (A) through (E). () TERMINATION. The task force established under this subsection shall terminate on the date that is year after the date on which such task force is established. () DISSEMINATION. Not later than 0 days after the termination of the task force established under this subsection, the Secretary shall disseminate the information described in paragraph ()(D) December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 to health care industry stakeholders in accordance with such paragraph. (d) ALIGNING HEALTH CARE INDUSTRY SECURITY APPROACHES. () IN GENERAL. The Secretary shall establish, through a collaborative process with the Secretary of Homeland Security, health care industry stakeholders, the Director of the National Institute of Standards and Technology, and any Federal entity or non-federal entity the Secretary determines appropriate, a common set of voluntary, consensusbased, and industry-led guidelines, best practices, methodologies, procedures, and processes that (A) serve as a resource for cost-effectively reducing cybersecurity risks for a range of health care organizations; (B) support voluntary adoption and implementation efforts to improve safeguards to address cybersecurity threats; (C) are consistent with (i) the standards, guidelines, best practices, methodologies, procedures, and processes developed under section (c)() of the National Institute of Standards and Technology Act ( U.S.C. (c)()); December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (ii) the security and privacy regulations promulgated under section (c) of the Health Insurance Portability and Accountability Act of ( U.S.C. d note); and (iii) the provisions of the Health Information Technology for Economic and Clinical Health Act (title XIII of division A, and title IV of division B, of Public Law ), and the amendments made by such Act; and (D) are updated on a regular basis and applicable to a range of health care organizations. () LIMITATION. Nothing in this subsection shall be interpreted as granting the Secretary authority to (A) provide for audits to ensure that health care organizations are in compliance with this subsection; or (B) mandate, direct, or condition the award of any Federal grant, contract, or purchase, on compliance with this subsection. () NO LIABILITY FOR NONPARTICIPATION. Nothing in this section shall be construed to subject a health care industry stakeholder to liability for December, (:0 a.m.)

U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 choosing not to engage in the voluntary activities authorized or guidelines developed under this subsection. (e) INCORPORATING ONGOING ACTIVITIES. In carrying out the activities under this section, the Secretary may incorporate activities that are ongoing as of the day before the date of enactment of this Act and that are consistent with the objectives of this section. (f) RULE OF CONSTRUCTION. Nothing in this section shall be construed to limit the antitrust exemption under section 0(e) or the protection from liability under section 0. SEC. 0. FEDERAL COMPUTER SECURITY. (a) DEFINITIONS. In this section: () COVERED SYSTEM. The term covered system shall mean a national security system as defined in section 0 of title 0, United States Code, or a Federal computer system that provides access to personally identifiable information. () COVERED AGENCY. The term covered agency means an agency that operates a covered system. () LOGICAL ACCESS CONTROL. The term logical access control means a process of granting December, (:0 a.m.)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information