HHS Health Care Cybersecurity Performance Goals: Proposed Incentives, Penalties and Compliance Standards Review

The U.S. Department of Health and Human Services has proposed financial incentives worth $1.3bn to hospitals that meet “essential” and “enhanced” cybersecurity goals. Penalties could also be enforced for those that fail to comply. Hospitals’ cybersecurity strategies will be measured against the Homeland Security’s Cybersecurity and Infrastructure Security Agency framework and penalties could reduce Medicare Hospital Insurance Trust Fund payments. High-need hospitals could access the funding from 2027.Hospitals that fail to implement enhanced standards could face penalties from 2031.