[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5068 Introduced in House (IH)]

<DOC>






114th CONGRESS
  2d Session
                                H. R. 5068

 To amend the Public Health Service Act to establish the Office of the 
Chief Information Security Officer within the Department of Health and 
                            Human Services.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             April 26, 2016

 Mr. Long (for himself and Ms. Matsui) introduced the following bill; 
       which was referred to the Committee on Energy and Commerce

_______________________________________________________________________

                                 A BILL


 
 To amend the Public Health Service Act to establish the Office of the 
Chief Information Security Officer within the Department of Health and 
                            Human Services.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``HHS Data Protection Act''.

SEC. 2. CHIEF INFORMATION SECURITY OFFICER.

    (a) In General.--Title II of the Public Health Service Act is 
amended by inserting after section 229 of such Act (42 U.S.C. 237a) the 
following:

``SEC. 229A. CHIEF INFORMATION SECURITY OFFICER.

    ``(a) In General.--Effective on October 1, 2016, there shall be a 
Chief Information Security Officer of the Department of Health and 
Human Services. The Office of the Chief Information Security Officer 
shall be within the Office of the Assistant Secretary for 
Administration of the Department of Health and Human Services. The 
Chief Information Security Officer shall be appointed by the President.
    ``(b) Primary Responsibility.--The Chief Information Security 
Officer, in consultation with the Chief Information Officer and the 
General Counsel of the Department of Health and Human Services, shall 
have primary responsibility for the information security (including 
cybersecurity) programs of the Department.
    ``(c) Functions Transferred.--The Secretary shall transfer the 
functions, personnel, assets, and liabilities of the Chief Information 
Security Officer in the Office of the Chief Information Officer of the 
Department of Health and Human Services, as such position exists on 
September 30, 2016, to the Chief Information Security Officer.''.
    (b) Executive Schedule.--Section 5316 of title 5, United States 
Code, is amended by inserting after ``Director, United States Fish and 
Wildlife Service, Department of the Interior.'' the following: ``Chief 
Information Security Officer, Department of Health and Human 
Services.''.
    (c) Report.--Not later than 1 year after the date of enactment of 
this Act, the Secretary of Health and Human Services shall submit a 
report to the Committee on Energy and Commerce of the House of 
Representatives and the Committee on Health, Education, Labor and 
Pensions of the Senate that details--
            (1) the plan of the Chief Information Security Officer of 
        the Department of Health and Human Services to oversee and 
        coordinate the information security programs of the Department; 
        and
            (2) the steps being taken within each operating division of 
        the Department, including the steps being taken by the chief 
        information security officer of each such division--
                    (A) to implement such plan; and
                    (B) to report to the Chief Information Security 
                Officer on the status of such implementation.
    (d) No Additional Appropriations Authorized.--No additional funds 
are authorized to be appropriated to carry out this Act, or the 
amendments made by this Act. This Act, and the amendments made by this 
Act, shall be carried out using amounts otherwise authorized or 
appropriated.
                                 <all>