Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · SUPPORT for Patients and Communities Reauthorization Act of 2025 · Sec. 108

Sec. 108. PROTECTING SUICIDE PREVENTION LIFELINE FROM CYBERSECURITY INCIDENTS

648 words·~3 min read·/statute-compilations/comps-18296/sec-108

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 108 PROTECTING SUICIDE PREVENTION LIFELINE FROM CYBERSECURITY INCIDENTS ###
(a)National Suicide Prevention Lifeline Program Section 520E-3(b) of the Public Health Service Act (42 U.S.C. 290bb-36c(b)) is amended— ####
(1)in paragraph (4), by striking “and” at the end; ####
(2)in paragraph (5), by striking the period at the end and inserting “; and”; and ####
(3)by adding at the end the following: > > #### “(6) > > taking such steps as may be necessary to ensure the suicide prevention hotline is protected from cybersecurity incidents and eliminates known cybersecurity vulnerabilities.” > . ###
(b)Reporting Section 520E-3 of the Public Health Service Act (42 U.S.C. 290bb-36c) is amended— ####
(1)by redesignating subsection
(f)as subsection (g); and ####
(2)by inserting after subsection
(e)the following: > > ### “(f) Cybersecurity Reporting > > > #### “(1) Notification > > > ##### “(A) In general > > The program’s network administrator receiving Federal funding pursuant to subsection
(a)shall report to the Assistant Secretary, in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws— > > > ###### “(i) > > any identified cybersecurity vulnerabilities to the program within a reasonable amount of time after identification of such a vulnerability; and > > > ###### “(ii) > > any identified cybersecurity incidents to the program within a reasonable amount of time after identification of such incident. > > > ##### “(B) Local and regional crisis centers > > Local and regional crisis centers participating in the program shall report to the program’s network administrator identified under subparagraph (A), in a manner that protects personal privacy, consistent with applicable Federal and State privacy laws— > > > ###### “(i) > > any identified cybersecurity vulnerabilities to the program within a reasonable amount of time after identification of such vulnerability; and > > > ###### “(ii) > > any identified cybersecurity incidents to the program within a reasonable amount of time after identification of such incident. > > > #### “(2) Notification > > If the program’s network administrator receiving funding pursuant to subsection
(a)discovers, or is informed by a local or regional crisis center pursuant to paragraph (1)(B) of, a cybersecurity vulnerability or incident, within a reasonable amount of time after such discovery or receipt of information, such entity shall report the vulnerability or incident to the Assistant Secretary. > > > #### “(3) Clarification > > > ##### “(A) Oversight > > > ###### “(i) Local and regional crisis centers > > Except as provided in clause (ii), local and regional crisis centers participating in the program shall oversee all technology each center employs in the provision of services as a participant in the program. > > > ###### “(ii) Network administrator > > The program’s network administrator receiving Federal funding pursuant to subsection
(a)shall oversee the technology each crisis center employs in the provision of services as a participant in the program if such oversight responsibilities are established in the applicable network participation agreement. > > > ##### “(B) Supplement, not supplant > > The cybersecurity incident reporting requirements under this subsection shall supplement, and not supplant, cybersecurity incident reporting requirements under other provisions of applicable Federal law that are in effect on the date of the enactment of the SUPPORT for Patients and Communities Reauthorization Act of 2025.” > . ###
(c)Study Not later than 180 days after the date of the enactment of this Act, the Comptroller General of the United States shall— ####
(1)conduct and complete a study that evaluates cybersecurity risks and vulnerabilities associated with the 9-8-8 National Suicide Prevention Lifeline; and ####
(2)submit a report on the findings of such study to the Committee on Health, Education, Labor, and Pensions of the Senate and the Committee on Energy and Commerce of the House of Representatives.
Connectionstraces to 1
Citation graph
cites case law
Sec. 108
PROTECTING SUICIDE PREVENTION LIFELINE FROM CYBERSECURITY INCIDENTS
U.S.C.§ 290bb–36c
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.