Congress has long attempted to grapple with issues of cyber-security, both within the healthcare field, and generally in the United States. The Health Insurance Portability and Accountability Act (HIPAA), as well as the Health Information Technology for Economic and Clinical Health Act (HITECH) have provided significant compliance requirements for healthcare entities in the area of data security. For the last eight years, though, a united Congress has not addressed whether or not there should be a federal standard for how companies as a whole manage electronic data. Additionally, there is yet to be a federal law that addresses curtailing attempted foreign disruption of both government and private industry.
Ironically, it is possible that a divided Congress may do more to move the needle on cybersecurity than the current one? On most controversial issues, tax cuts, healthcare, there will likely be little to no movement due to partisan gridlock. However, issues like privacy tend to have bipartisan support, so there may be movement forward on the issue.
The issue of an overarching federal privacy regulation has been spurred on by the European Union’s General Data Privacy Regulation (GDPR) enacted earlier this year. It has caused all companies that do business in Europe to take a deep, hard look at their data infrastructure, and, in some cases, make significant investments in order to come into compliance. Additionally, states such as California enacted what is considered our country’s first laws to provide consumers with greater control of what companies may do with their data. In some ways, the California law contains similar aspects to the EU’s GDPR regulations.
Up until now, certain congressional committees have held hearings with tech industry representatives to discuss what a privacy framework might come to look like. Of course, as of yet, no proposed legislation has resulted from those conversations. With calls for action in the last several months from some industry giants such as Google and Microsoft, bipartisan action may not be far behind.