Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · H.R. 10455 (Introduced in House) — To direct the Secretary of Health and Human Services to establish the Health Sector Cybersecurity Coordination Center... · Sec. 5

Sec. 5. Standards for medical devices and information security networks in hospitals

402 words·~2 min read·/bill/118/hr/10455/ih/section-5

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 1 year after the date of the enactment of this Act, the Director of the National Institute of Standards and Technology, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency and the heads of appropriate Federal agencies, shall develop standards for the protection of information security networks and digital medical devices in hospitals. In developing standards under subsection (a), the Director shall take into consideration— current Federal standards and guidelines, including— standards and guidelines developed under section 4 of the Internet of Things Cybersecurity Improvement Act of 2020 (15 U.S.C. 278g–b); standards promulgated under section 405(d) of the Cybersecurity Act of 2015 ( 6 U.S.C. 1533 ); and standards developed by the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security with respect to critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act ( 42 U.S.C. 5195c(e) ); and general security practices, including— network segmentation between medical devices and patient information; and the methods used to detect medical devices connected to the internal network of a hospital.
Section 1866(a)(1) of the Social Security Act ( 42 U.S.C. 1395cc(a)(1) ) is amended— in subparagraph (X), by striking and at the end; in subparagraph (Y)(ii)(V), by striking the period and inserting , and ; and by inserting after subparagraph
(Y)the following new subparagraph: in the case of a hospital or a critical access hospital, beginning on the date that is 2 years after the date of the enactment of this subparagraph, to comply with the standards developed under section 5(a) of the Healthcare Cybersecurity Improvement Act. . Section 1902(a) of the Social Security Act ( 42 U.S.C. 1396a(a) ) is amended— in paragraph (86), by striking and at the end; in paragraph (87)(D), by striking the period and inserting ; and ; and by inserting after paragraph
(87)the following new paragraph: provide that, beginning on the date that is 2 years after the date of the enactment of this paragraph, no hospital be eligible to participate under the plan (or a waiver of such plan) unless such hospital complies with the standards developed under section 5(a) of the Healthcare Cybersecurity Improvement Act. . Not later than 5 years after the date on which the Secretary publishes the standards under subsection (a), and not less frequently than once every 5 years thereafter, the Secretary, shall review and revise such standards, as appropriate.
Connectionstraces to 5
Citation graph
cites case law
Sec. 5
Standards for medical devices and information security networks in hospitals
U.S.C.§ 278g
U.S.C.§ 1533
U.S.C.§ 5195c
U.S.C.§ 1395cc
U.S.C.§ 1396a
Cites 5Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.