XS
SM
MD
LG
XL
News & Knowledge
Health Policy

Perspectives on New HHS Cybersecurity Guidance

doctor works on a tablet
By: Sam Cohen
2 Minute Read

As healthcare organizations remain prime targets for hackers and cyber attacks, data security remains a top concern for practices and hospitals across the country. According to reports from the U.S. Office for Civil Rights (OCR), more than 13 million patients nationwide were affected by data breaches in 2018 alone. To help healthcare providers secure HIPAA-protected patient information, the U.S. Department of Health and Human Services (HHS) recently issued new guidance that outlines best practices for maintaining high-quality cybersecurity to avoid potential data breach.

This newly released guide is based on the work of a specialized task force made up on more than 150 industry and government cybersecurity and healthcare experts, and it includes four individual documents:

An accompanying Cybersecurity Practices Assessments Toolkit is currently in development, but it has not yet been finalized. Healthcare providers can receive an advance copy of this tool by emailing CISA405d@hhs.gov​.

In addition to providing background information about the effects of cyberattacks and data breaches on the healthcare industry, the Main Guidance Document details five major threats to healthcare data security. For each item, the document lists related vulnerabilities, potential consequences, and practices that can help minimize the threat.

The outlined threat reduction techniques are directly tied to ten categories of cybersecurity practices (and related sub-practices) as identified by the task force. The Small Organization Guidance and Large Organization Guidance contain more in-depth discussion of these cybersecurity practices as they may relate to the size and complexity of each intended audience.

This cybersecurity guidance is a valuable tool for practices looking to implement new data security strategies or strengthen existing policies.

As part of the periodic review of data privacy and security policies and procedures, practice leaders should use these documents alongside other cybersecurity guidance material published by OCR to ensure they are addressing critical threats and implementing appropriate security measures.

Data privacy and security are important issues for every healthcare organization, and practice leaders should take advantage of all available resources to develop effective policies and procedures. Curi members seeking additional assistance are encouraged to consult the HIPAA Final Rule Guide or reach out to our Claims and Risk Management Departments at 800.662.7917.

Disclaimer: This post is written in general terms and is not a substitute for legal advice or intended to create an attorney-client relationship.

Picture of the author
Sam Cohen
Sam Cohen is Curi’s Senior Vice President of Health Policy. Curi members may contact him directly at sam.cohen@curi.com and 919.878.7602. Readers also can follow him on Twitter @samuel_c_cohen.

Visit the new Curi Blog

READ NEXT