Sign In
Search Icon
Menu Icon


Health Care and Public Health Sector Cybersecurity Framework Implementation Guide

The National Infrastructure Protection Plan (NIPP), developed under Presidential Policy Directive 21[11] (PPD-21), called for public and private sector collaboration to improve the security and resilience of the nation's critical infrastructure in 16 critical infrastructure sectors. Under the NIPP, HHS is responsible for coordinating critical infrastructure security and resilience activities for the Health Care and Public Health (HPH) Sector. Under the NIPP's Critical Infrastructure Partnership Advisory Council (CIPAC), a structure administered by The Department of Homeland Security (DHS) to allow for interaction on critical infrastructure security and resilience matters among public and private sector partners, The Department of Health and Human Services (HHS) leads a Government Coordinating Council (GCC) of Federal, State, Local, Tribal, and Territorial (SLTT) representatives that partner with a self-governed Sector Coordinating Council (SCC) of private sector health care organizations.

The HPH SCC is recognized by the HHS Secretary as the critical infrastructure industry partner with the government under PPD-21 for coordinating strategic and policy approaches to preparing for, responding to, and recovering from significant cyber and physical threats to the sector. These include natural, technological, and manmade disasters, and national or regional health crises. The HPH SCC represents the major health care associations and their stakeholders, including publicly accessible health care facilities and private practices, health plans and payers, blood, lab, pharmacy and other suppliers, funeral homes and mass fatality managers, research centers, manufacturers, and other physical assets and vast, complex public-private information technology systems required to support care delivery and the rapid, secure transmission and storage of large amounts of HPH data.

Together, these public and private sector partners combine to form the HPH Sector Critical Infrastructure Partnership, which established CIPAC and, supporting the work of CIPAC, several joint working groups (WGs), including the Health Care and Public Health Sector Coordinating Council's Joint Cybersecurity Working Group (HSCC JCWG) (formerly the Joint HPH Cybersecurity WG).

The HSCC JCWG collaborates with HHS and other federal agencies (such as DHS) to develop and encourage adoption of recommendations and guidance for policy, regulatory and market-driven strategies to facilitate collective mitigation of cybersecurity threats to the sector that affect patient safety, security, and privacy, and consequently, national confidence in the health care system.

<< Back                                                                                                                                                                              Next >>

11 The White House (2013, Feb 12). Presidential Policy Directive—Critical Infrastructure Security and Resilience.

CIP Right-Nav