If you’ve been to a doctor some time over the last 28 years you probably recognize the acronym HIPAA, or the Health Insurance Portability and Accountability Act.  HIPAA sets certain standards for healthcare providers when it comes to the privacy and security of medical information, including your right to share that information with parties you choose and the provider’s responsibility to not share that information with anyone other than those parties—including hackers.

While HIPAA has improved the way medical information is handled and stored there have been a number of high-profile breaches targeting the healthcare industry, which has led the Department of Health and Human Services (HHS) to seek more power when it comes to setting and enforcing cybersecurity standards.

If it becomes law, the Health Infrastructure Security and Accountability Act would empower HHS to set mandatory standards for cybersecurity and require yearly auditing to verify compliance with those standards.  Failure to maintain compliance could be painful, as the bill would also remove the cap on fines established previously by HIPAA. 

While the fate of this specific piece of legislation is unclear HHS is already working on ways to boost cybersecurity through its existing programs, making it seem likely that the healthcare industry will soon be looking at tougher compliance standards in one form or another.