The Department of Health and Human Services (HHS) has released Best Practice guidelines for 2019. These are designed to help your practice establish security protocols for protecting patient data and are expected to become widespread in 2019 as practices adopt them, making them new industry standards.
HHS Best Practices
HHS is committed to protecting sensitive patient information by providing strong cybersecurity technology, making cyber awareness training a priority for medical staff, and adding key control measures. Federal regulators are seeking a formal security program that includes a customized incident response plan, something that will require the involvement of multiple personnel – not just IT, but HR departments and legal teams, as well. A failure to implement this plan will result in negative consequences for the practice – an indication of how seriously HHS is taking the cybersecurity threat.
This more stringent oversight isn’t limited to the Federal government. Regulators at the state and local levels are also taking a more active approach to ensuring the health care industry takes the steps necessary to improve data security.
Implementing such a plan is not without its share of challenges. Smaller health organizations are especially at risk, giving the penchant for hackers to focus their efforts on smaller practices, who are less likely to have strong cybersecurity protection in place…making their date “easy pickings.”
Fortunately, the best practices HHS is promoting are fairly inexpensive to implement and provide an excellent starting point for organizations unfamiliar with the intricacies of adopting a cybersecurity plan.
Practices must be willing to commit to a thorough understanding of where data is kept and the threats and vulnerabilities they face prior to establishing a procedure. It is helpful to develop and foster a culture of cyber-awareness to get everybody thinking about overall risks and how a security breach would affect data (is it deleted. or has it been manipulated in some fashion?) and impact patient care. All practices, large and small, should follow certain protocols to make sure they are prepared for a possible data breach. Regular cybersecurity drills will go a long way toward making the workplace safer and more prepared in the event of an attack. Simply letting all employees know the task of protecting sensitive data does not fall entirely on the IT department will help create a sense of urgency necessary in thwarting off future attacks.