Bill Overview
Title: Ensuring Cybersecurity at the NIH Act of 2022
Description: This bill tasks the National Institutes of Health with strengthening information security protections for its data and systems, including through developing and implementing relevant policies, standards, and guidelines.
Sponsors: Rep. Griffith, H. Morgan [R-VA-9]
Target Audience
Population: People involved with or impacted by NIH data systems worldwide
Estimated Size: 500000
- The National Institutes of Health (NIH) is a significant research institution in the U.S., so the primary group affected involves individuals whose data may be handled by the NIH.
- This includes researchers, patients in clinical trials, and possibly broader public health data repositories managed by the NIH.
- Strengthening cybersecurity can also improve the security and reliability of NIH's communications and collaborations with global health organizations.
- The NIH is a part of the federal government, impacting federal employees due to compliance and operational changes.
Reasoning
- The policy's primary direct impact will be on individuals involved with the NIH, such as employees and researchers relying on its systems for data security. Secondary impact extends to clinical trial participants and the broader scientific community due to improved data integrity and security.
- The budget constraints suggest that the implementation may initially impact certain critical areas, possibly focusing heavily on internal NIH measures before extending comprehensive outreach to associated data systems.
- Considering cybersecurity is primarily a back-end issue, its immediate perception might largely be among those directly interfacing with NIH data systems on a regular basis rather than the general public.
- Given the NIH's integral role in health research, bolstering its cyber-infrastructure can indirectly benefit the public's trust and cooperation in healthcare studies and trials, contributing to long-term wellbeing.
- Impacts may range from medium-to-high for direct stakeholders but lower and delayed for indirect beneficiaries such as the public, for whom the policy might translate into improved trust in data handled by government entities.
Simulated Interviews
NIH Research Scientist (Bethesda, MD)
Age: 33 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 20.0 years
Commonness: 8/20
Statement of Opinion:
- I feel reassured that NIH is taking steps to enhance cybersecurity. With frequent cyber threats, this initiative is essential.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 6 |
| Year 10 | 9 | 5 |
| Year 20 | 9 | 5 |
Clinical Trial Participant (San Diego, CA)
Age: 45 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 10.0 years
Commonness: 7/20
Statement of Opinion:
- Ensuring the security of my medical data is crucial. I trust NIH more if they improve cybersecurity.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 4 |
| Year 3 | 6 | 4 |
| Year 5 | 7 | 4 |
| Year 10 | 7 | 3 |
| Year 20 | 7 | 3 |
PhD Student (Austin, TX)
Age: 29 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 15.0 years
Commonness: 5/20
Statement of Opinion:
- Access to secure databases is important for my research. This policy could make collaboration smoother and safer.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 5 |
| Year 5 | 8 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 9 | 4 |
NIH Administrative Staff (Worcester, MA)
Age: 58 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 20.0 years
Commonness: 8/20
Statement of Opinion:
- Enhancing cybersecurity will significantly alleviate my operational challenges and reduce risks of breaches.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 9 | 6 |
| Year 3 | 9 | 5 |
| Year 5 | 9 | 4 |
| Year 10 | 10 | 4 |
| Year 20 | 10 | 3 |
Healthcare Data Analyst (New York, NY)
Age: 40 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 10.0 years
Commonness: 6/20
Statement of Opinion:
- Cybersecurity enhancements could improve data reliability, vital for my work on public health policies.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 9 | 5 |
Public Health Student (Los Angeles, CA)
Age: 23 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 10/20
Statement of Opinion:
- While not directly impacted immediately, enhanced cybersecurity is good preparation for my future career.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
Private Sector Bioinformatics (Raleigh, NC)
Age: 38 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 6/20
Statement of Opinion:
- Cybersecurity improvements will reassure clients about data safety, though it's more indirect for me personally.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 5 |
NIH External Grant Reviewer (Atlanta, GA)
Age: 50 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 15.0 years
Commonness: 8/20
Statement of Opinion:
- A focus on cybersecurity is key to maintaining our integrity and ensuring reliable compliance checks.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 9 | 6 |
| Year 5 | 9 | 5 |
| Year 10 | 9 | 5 |
| Year 20 | 9 | 5 |
Retired NIH Employee (Chicago, IL)
Age: 65 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 4/20
Statement of Opinion:
- I'm proud to see continuing commitment to cybersecurity. It reflects well on NIH even after my retirement.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 4 |
| Year 20 | 7 | 4 |
Freelance Writer on Healthcare Topics (Seattle, WA)
Age: 26 | Gender: other
Wellbeing Before Policy: 5
Duration of Impact: 3.0 years
Commonness: 5/20
Statement of Opinion:
- Cybersecurity stories aren't as dramatic but crucial; a sturdy digital foundation at NIH is comforting.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 6 | 5 |
| Year 20 | 6 | 4 |
Cost Estimates
Year 1: $12500000 (Low: $10000000, High: $15000000)
Year 2: $10000000 (Low: $8000000, High: $12000000)
Year 3: $10000000 (Low: $8000000, High: $12000000)
Year 5: $10000000 (Low: $8000000, High: $12000000)
Year 10: $12000000 (Low: $10000000, High: $14000000)
Year 100: $20000000 (Low: $15000000, High: $25000000)
Key Considerations
- NIH is pivotal in medical research; strengthening its cybersecurity fortifies the protection of sensitive data.
- The continuous cyber threat landscape necessitates adaptive security measures, increasing costs over time.
- Legality and compliance are critical, as federal agencies need to adhere to stringent data protection regulations.
- Protecting health data supports public confidence in medical research and NIH operations.