Following breaches affecting the healthcare industry, Senators Lamar Alexander (R-TN) and Patty Murray (D-WA), respectively the Chairman and Ranking Member of the Committee on Health, Education, Labor and Pensions, have submitted a request to the Government Accountability Office (GAO) for a study on the cybersecurity of health data. The senators asserted that current legal safeguards and standards have failed to prevent recent cyber attacks on healthcare information technology (IT) systems.

The senators asked the GAO to conduct a study focusing on five major topics: (1) cyber threats to health IT systems and their potential consequences; (2) whether any “gaps or ambiguities” exist in the current regulatory framework for health IT, including privacy and security rules promulgated under the Health Insurance Portability and Accountability Act (HIPAA); (3) federal agencies’ oversight and enforcement of such privacy and security rules; (4) adoption by the health industry of cybersecurity standards from the National Institute of Standards and Technology; and (5) case studies of the effectiveness of selected organizations’ privacy and information security controls for health data.

The request for a GAO study follows the formation of a bipartisan working group by the same senators earlier this year to focus on oversight of health IT security.