Companies that collect and store personal medical data have a rare opportunity over the coming month to shape future cybersecurity regulation by the US Department of Health and Human Services, rather than just being subject to it. The Office for Civil Rights within HHS, which enforces privacy and security rules for health