Develop a cohesive plan for implementing this report’s recommendations and develop appropriate metrics to measure data security implementation progress.

Conduct a risk analysis, similar to the National Infrastructure Protection Plan, with an overlay for health care cybersecurity and privacy. Based upon the analysis, develop a comprehensive cybersecurity roadmap for the HPH Sector.

Establish an ongoing public-private forum, similar to this Task Force, to further the discussions of health care industry cybersecurity as the industry evolves. The Task Force members found this engagement with federal partners beneficial to understand our common cybersecurity challenges and concerns.

HHS leadership should partner more closely with existing DHS efforts with the insurance industry in helping identify a roadmap to enable private insurance approaches in the health care industry. The sometimes-conflicting roles of HHS as a regulatory body and facilitator for improved security could be mitigated by encouraging an industry-based insurance market.

Enable an ongoing conversation and develop strategies to identify resources and incentives that would help to overcome the barriers faced by small and rural organizations.