Healthcare sector offers proposals to align CISA incident reporting regulation with HIPAA requirements

Harmonizing CISA’s upcoming regime with federal and state healthcare privacy laws should be addressed as the rulemaking process for incident reporting moves forward, according to health sector groups.

The Federation of American Hospitals brings up the Health Insurance Portability and Accountability Act in the context of timing to submit incident reports to CISA, in recent comments to the cyber agency.

“Covered entities need the latitude to coordinate with law enforcement in determining the timing of a covered incident report, as...