HHS Rule Changes Allow for Cybersecurity Donations
Gov Info Security
Marianne Kolbasuk McGee
Federal regulators have issued detailed final rules containing provisions that allow hospitals and healthcare delivery systems to donate cybersecurity technology, such as software, hardware and services, to physician practices.
The cybersecurity exceptions are contained in a 627-page final rule issued on Friday by the Department of Health and Human Services' Centers for Medicare and Medicaid Services and a 1,049-page final rule issued by the HHS Office of Inspector General modifying so-called Stark Law and federal anti-kickback regulations.
"We believe that a primary reason that an entity would provide cybersecurity technology and related services to a physician is to protect itself from cyberattacks," HHS writes. "However, we recognize that donated cybersecurity technology and services may have value for a physician recipient insomuch as the recipient would be able to use his or her resources for needs other than cybersecurity expenses."
HHS also notes...