WASHINGTON, DC - House Energy and Commerce Committee members Rep. Billy Long (R-MO) and Rep. Doris Matsui (D-CA) today introduced H.R. ____, the HHS Data Protection Act. The bipartisan legislation is the result of the committee’s investigation on how to improve cybersecurity at HHS. The legislation will establish the Office of the Chief Information Security Officer (CISO) within HHS, elevating the HHS CISO from where the position currently sits underneath HHS’ Chief Information Officer (CIO).
In December 2013, the committee commenced an investigation into information security at FDA, following a breach of its internal network just two months earlier. That investigation revealed several other information security incidents across HHS, and identified pervasive and persistent deficiencies across the department and its operating divisions’ information security programs. To address these deficiencies, the report recommended that HHS separate the CISO from the CIO to ensure that information security is appropriately prioritized.
“We’ve developed a thoughtful solution to improve cybersecurity at HHS, based on committee findings. We must do all we can to ensure greater security of the government’s health networks and Americans’ sensitive data," said Long and Matsui. “This legislation is a critical step toward safeguarding the delicate information countless Americans have entrusted in HHS’s hands."
