HHS Agencies Budget Proposal focuses on Health IT and Cybersecurity

The administration is seeking fiscal 2023 budget increases for the Department of Health and Human Services, including a boost in funding for various cybersecurity initiatives including medical device security and regulatory and enforcement efforts related to secure health data exchange and related issues.

Among other security-related initiatives across various HHS offices and agencies, the budget in brief document says that HHS's budget includes $161 million for the HHS Cybersecurity Program to strengthen HHS's cybersecurity posture across the department, including $50 million to implement zero trust architecture and security logging.

For fiscal 2023, the Food and Drug Administration is requesting a total budget of $8.4 billion, a nearly 34% - or $2.1 billion - increase over the agency's fiscal 2022 appropriated funding level for investments in critical public health modernization, core food safety and medical product safety programs and other vital public health infrastructure, HHS's budget document says.

Dedicated base funding for a cybersecurity program will allow the FDA to hire additional staff to recruit and develop greater cyber expertise within the devices program, as well as administer grants and contracts to develop infrastructure geared toward addressing emerging cybersecurity challenges, the document says.

For the Office of the National Coordinator for Health IT, HHS is seeking a fiscal 2023 budget of $104 million at the program level, an increase of $40 million above fiscal 2022 enacted.

The proposed budget includes $52 million for ONC’s standards, certification and interoperability work - an increase of $20 million above fiscal 2022 enacted. ONC's certification work will focus on implementing rule-making and investing in standards updates to increase interoperability and improve equity through health IT activities.

The budget also includes a legislative proposal to provide ONC with the authority to create an advisory process to issue opinions on information blocking practices.

HHS's information blocking rule, which was called for under the 21st Century Cures Act and went into effect for compliance in April 2021, generally prohibits healthcare providers, health IT developers and health information exchanges from knowingly interfering with the access, exchange or use of electronic health information.

Under the rule, individuals or entities can request advisory opinions from ONC concerning whether the requestor's practice or proposed practice is considered "information blocking."

HHS's watchdog agency, the Office of Inspector General, is responsible for enforcing the information blocking regulations.

The budget proposals also promote and support ONC's Trusted Exchange Framework and Common Agreement. TEFCA is a set of foundational principles that established an advanced health IT infrastructure enabling different health information exchanges and networks to securely exchange patients' clinical information.

The proposed fiscal 2023 budget provides $39 million for ONC, an increase of $18 million above fiscal 2022 enacted, to advance the implementation of the Common Agreement through the three-year Fast Healthcare Interoperability Resources road map published at the beginning of 2022, the budget brief document says.

With a $26.3 million increase in FY 2023, OIG will invest $20 million in the cybersecurity improvements and information blocking rule enforcement activities requested in FY 2022. The boost in OIG funding also will pay for investigative and enforcement activities related to compliance with HHS's information blocking rule, according to the document.

HHS budget 2023 includes a boost in funding for cybersecurity initiatives and regulatory and enforcement efforts related to secure health data exchange.