How Will the Biden Administration Approach HIPAA and Cybersecurity?

February 23rd, 2021

A flurry of the Biden Administration’s changes have already received widespread attention in the past month, but what about the new Government’s approach to HIPAA and cybersecurity? These areas are also undergoing changes, but don’t have the flashiness to bring them to the front pages.

Biden’s Regulatory Freeze

After his inauguration, Biden announced a regulatory freeze on many of the changes made during the last months of the Trump Presidency. When it comes to health, this freeze could affect three major rules:

The memo instructed decision-makers to withdraw any rules that were sent to the Office of the Federal Register but had not been published. This seems to apply to the CMS Interoperability and Patient Access Final Rule. The other two rules have already been published but have yet to take effect. In these cases, Biden’s memo instructs leaders to consider postponing them for 60 days, and to also consider opening up a 30 day comment period.

At this stage, it is not known what the eventual results will be for these rules. It is likely that most HIPAA enforcement will continue as is, because the issue hasn’t really been politicized by either side.

Biden’s New Hires

On the cybersecurity front, the Biden Administration is hiring a range of new cybersecurity officials, most with government experience in information security roles. According to Reuters, the leading candidate for Cyber Director is Jen Easterly. Easterly is a former high-ranking NSA and NSC official who has since worked as the head of firm resilience at Morgan Stanley.

Rob Silvers, a former Obama Administration official, will become the director of the Cybersecurity Infrastructure Security Agency. Anne Neuberger, a former senior NSA official, is the National Security Advisor for Cyber and Emerging Technology. A number of others appointees with national security experience are set to take over senior cybersecurity roles.

Resources for Cybersecurity Included in the COVID-19 Relief Budget

The Biden Administration’s $1.9 trillion proposal for COVID-19 relief includes $9 billion for the U.S. Cybersecurity and Infrastructure Agency and the General Services Administration. In both cases, the money is set aside for IT and cybersecurity modernization efforts.

The Administration also plans to set aside:

  • $690 million for a CISA project to improve incident response and monitoring throughout federal agencies.
  • $300 million for other IT initiatives in the General Services Administration.
  • $200 million for hiring cybersecurity experts in the Digital Service unit at the White House, as well as in the Office of the U.S. Chief Information Security Officer.

New Cybersecurity Initiative

At the beginning of February, Biden announced that his administration was launching an urgent initiative to improve cybersecurity, stating that, “We’ve elevated the status of cyber issues within our government.” He said that the initiative planned to improve the nation’s “…capability, readiness and resilience in cyberspace.” He did not elaborate on the specifics, other than by mentioning some of the topics we have already discussed.

At this stage, it is still too early to tell how Biden plans to approach cybersecurity. The security landscape and threat environment continue to evolve every day. We can only hope that his administration gives these issues the resources and attention that they need.

While it’s hard to know how the realms of HIPAA law and cybersecurity will change in the coming years, LuxSci is committed to staying on top of compliance and securing our clients from threats. Contact our team for information on how LuxSci’s solutions can keep your organization safe.