Blog Logo
Blog Logo

Michael A. Cassidy

Shareholder

Contact information

BOOKMARK SHARE
View All News & Insights
BACK TO Michael A.’S PROFILE

2022 Budget Bill Includes Mandatory Healthcare Cyber Incident Reporting

Michael A. Cassidy, mcassidy@tuckerlaw.com, (412) 594-5515

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), was passed as part of the consolidated Budget Act for 2022, which also included the telehealth provisions.

The definition of “covered entity” in the Act is far greater than covered entity as defined by HIPAA.  Covered entity as per CIRCIA includes all of the entities identified by presidential policy directives as “designated critical infrastructure sector” entities.

However, the recent Medicare Compliance Reporter indicates that this will require hospitals to report cyber breaches in 72 hours and ransom payments within 24 hours to DHS.

The legislation gives the Cybersecurity and Infrastructure Security Agency (CISA) at DHS 24 months to propose implementing regulations, which then must be finalized 18 months thereafter, so we are looking at a window of approximately 3 and a half years at this point.

For more information on this, contact Mike Cassidy at mcassidy@tuckerlaw.com. Visit our Med Law Blog here.

April 04, 2022

Serving our clients successfully since 1900

The same attributes that have anchored over a century of success are still our guiding principles today.

Stay up-to-date on the latest News & Insights by subscribing to our alerts

Enter your email address below and be notified when we post new information.