skip to main content

H.R. 5068 (114th): HHS Data Protection Act

The text of the bill below is as of Apr 26, 2016 (Introduced).


I

114th CONGRESS

2d Session

H. R. 5068

IN THE HOUSE OF REPRESENTATIVES

April 26, 2016

(for himself and Ms. Matsui) introduced the following bill; which was referred to the Committee on Energy and Commerce

A BILL

To amend the Public Health Service Act to establish the Office of the Chief Information Security Officer within the Department of Health and Human Services.

1.

Short title

This Act may be cited as the HHS Data Protection Act.

2.

Chief Information Security Officer

(a)

In general

Title II of the Public Health Service Act is amended by inserting after section 229 of such Act (42 U.S.C. 237a) the following:

229A.

Chief Information Security Officer

(a)

In general

Effective on October 1, 2016, there shall be a Chief Information Security Officer of the Department of Health and Human Services. The Office of the Chief Information Security Officer shall be within the Office of the Assistant Secretary for Administration of the Department of Health and Human Services. The Chief Information Security Officer shall be appointed by the President.

(b)

Primary responsibility

The Chief Information Security Officer, in consultation with the Chief Information Officer and the General Counsel of the Department of Health and Human Services, shall have primary responsibility for the information security (including cybersecurity) programs of the Department.

(c)

Functions transferred

The Secretary shall transfer the functions, personnel, assets, and liabilities of the Chief Information Security Officer in the Office of the Chief Information Officer of the Department of Health and Human Services, as such position exists on September 30, 2016, to the Chief Information Security Officer.

.

(b)

Executive Schedule

Section 5316 of title 5, United States Code, is amended by inserting after Director, United States Fish and Wildlife Service, Department of the Interior. the following: Chief Information Security Officer, Department of Health and Human Services..

(c)

Report

Not later than 1 year after the date of enactment of this Act, the Secretary of Health and Human Services shall submit a report to the Committee on Energy and Commerce of the House of Representatives and the Committee on Health, Education, Labor and Pensions of the Senate that details—

(1)

the plan of the Chief Information Security Officer of the Department of Health and Human Services to oversee and coordinate the information security programs of the Department; and

(2)

the steps being taken within each operating division of the Department, including the steps being taken by the chief information security officer of each such division—

(A)

to implement such plan; and

(B)

to report to the Chief Information Security Officer on the status of such implementation.

(d)

No additional appropriations authorized

No additional funds are authorized to be appropriated to carry out this Act, or the amendments made by this Act. This Act, and the amendments made by this Act, shall be carried out using amounts otherwise authorized or appropriated.