Authors:
Jesse Daniels
and
Sajal Bhatia
Affiliation:
School of Computer Science and Engineering, Sacred Heart University, Fairfield, CT, U.S.A.
Keyword(s):
Healthcare, Regulation, Security, Privacy, HIPAA, Stark Law, HITECH, Legislation, Medical Devices, FDA.
Abstract:
Healthcare is a rapidly growing industry that is continuously expanding with technological advances. Similar to many other critical industries, healthcare faces an onslaught of daily cybersecurity challenges, however is largely at a disadvantage due to outdated and antiquated legislation. As of 2019, no legislation or regulatory body in healthcare adequately cover the needs of cybersecurity. However, regulations have forced healthcare to deploy technology at an expansive rate as well as having them deploy FDA, a regulatory body, approved medical devices from the assembly line that are inherently insecure. By looking at reported incidents, the authors will examine modifications to legislation in healthcare and the impact on cybersecurity-related events facing the organizational vertical. Legislation such as the Ethics in Patient Referrals Act of 1989 adversely impacts healthcare as cybersecurity is not considered a “service,” and as such, cannot be shared between two healthcare organi
zations. By bringing light to the inadequacies of cybersecurity in legislation and regulation of the United States healthcare system, the paper aim to bring cybersecurity to the forefront of future legislation and regulation.
(More)