Bradley attorney Amy Leopard was quoted in Law360 on how recent healthcare cybersecurity standards could redefine “reasonable.” The voluntary standards recently unveiled by the U.S. Department of Health and Human Services are likely to unofficially set a new “reasonable security” standard that could fuel both private litigation and more formal policy making efforts. The guide offers 10 practices to help reduce the risks of cyberthreats facing the industry. While the guidance may be a useful road map for industry professionals, the proposed standards don’t come without liability risks.
"As these security expectations are put out there in the public domain, even though they're not law, all tides rise and the standard of care elevates," said Leopard. "And as you push the standard of care up, it becomes the waterline for everyone."
Leopard also explained how policymaking could be influenced by the new guidelines.
“Hopefully the next phase of policymaking will be to harmonize some of this complexity, and this guidance could prove to be helpful by focusing on what security measures are most important and prioritizing resources," said Leopard.
The complete article, “Health Cybersecurity Guide Could Redefine ‘Reasonable’,” first appeared in Law360 on January 3, 2019.