Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · S. 5218 (Introduced in Senate) — To amend titles XI and XVIII of the Social Security Act to strengthen, increase oversight of, and compliance with, se... · Sec. 101

Sec. 101. Security requirements

670 words·~3 min read·/bill/118/s/5218/is/section-101

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Section 1173(d)(1) of the Social Security Act ( 42 U.S.C. 1320d–2(d)(1) ) is amended— in subparagraph (A), by redesignating clauses
(i)through
(v)as subclauses
(I)through
(V)respectively and indenting appropriately; by redesignating subparagraphs
(A)and
(B)as clauses
(i)and
(ii)respectively and indenting appropriately; by striking and inserting the following: Security Standards .—The Secretary Minimum Security Standards.— The Secretary ; in subparagraph (A), as added by paragraph (3)— in clause (i)(V), by striking and at the end; in clause (ii), by striking the period at the end and inserting ; and ; and by adding at the end the following new clause: include minimum and enhanced security requirements adopted under subparagraph
(B); and by adding at the end the following new subparagraph: Subject to clauses
(iii)and (iv), in order to protect health information, protect patient safety, and ensure the availability and resiliency of health care information systems and health care transactions, the Secretary shall adopt— minimum security requirements for covered entities and business associates; and enhanced security requirements for covered entities and business associates that— are of systemic importance, as determined by the Secretary; or are important to national security, as determined by the Secretary, in consultation with the Director of Cybersecurity and Infrastructure Security Agency and the Director of National Intelligence. The Secretary shall, at a time and in a manner determined appropriate by the Secretary, notify each covered entity and business associate that is subject to the enhanced security requirements under clause (i)(II). There shall be no administrative or judicial review under section 1869, 1878, or otherwise of the methodology the Secretary uses to determine whether a covered entity or business associate is subject to the enhanced security requirements under clause (i)(II). In addition to the factors described in subparagraph (A)(i), in developing— the minimum security requirements under clause (i)(I), the Secretary shall, in consultation with the Director of Cybersecurity and Infrastructure Security Agency and the Director of National Intelligence, design the requirements to prevent— cyber incidents utilizing the tools and strategies used to target covered entities or business associates; the potential harms, as defined by the Secretary, to national security that could result from a cyber incident involving a covered entity or business associate; the potential harms, as defined by the Secretary, to patients that could result from a cyber incident involving a covered entity or business associate; and other potential harms from cyber incidents, as determined appropriate by the Secretary; and the enhanced security requirements under clause (i)(II), the Secretary shall, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency and the Director of National Intelligence, design the requirements to prevent the potential harms described in subclause
(I)and protect against the specific threats the covered entities and business associates described in such clause face. The Secretary shall review and update the minimum and enhanced security requirements adopted under clause
(i)not less frequently than every 2 years. The requirements under this subparagraph shall take effect on the date that is 2 years after the date of enactment of this subparagraph. Not later than 18 months after the date of enactment of this subparagraph, the Secretary shall promulgate regulations to carry out this subparagraph. For purposes of this subsection: The term business associate has the meaning given such term in section 160.103 of title 45, Code of Federal Regulations (or a successor regulation). The term covered entity has the meaning given that term in section 160.103 of title 45, Code of Federal Regulations (or a successor regulation). The term systemic importance means, with respect to a covered entity or business associate, that the failure of, or a disruption to, such entity or associate would have a debilitating impact on access to health care or the stability of the health care system of the United States (as determined by the Secretary). . Section 1173(d)(2)(A) of the Social Security Act ( 42 U.S.C. 1320d–2(d)(2)(A) ) is amended by striking the integrity and confidentiality and inserting “the availability, integrity, and confidentiality.
Connections2 off-index
2 references not yet in our index
  • 42 USC 1320d–2(d)(1)
  • 42 USC 1320d–2(d)(2)(A)
Citation graph
cites case law
Sec. 101
Security requirements
Cite42 USC 1320d–2(d)(1)
Cite42 USC 1320d–2(d)(2)(A)
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.