HHS, industry leaders release voluntary cybersecurity practices for healthcare

Amid widespread concerns about hacking threats and privacy, HHS and industry leaders released voluntary cybersecurity practices to help protect healthcare organizations from threats and keep patient information safe.

The voluntary practices come several months after cybersecurity and hacking threats was named the top technology hazard healthcare organizations will face in 2019. Additionally, in a recent study, researchers used machine learning to reidentify the health data of some children and adults, signaling a need for legislation that better protects and ensures the privacy of people’s health data.

“Cybersecurity is everyone’s responsibility," Janet Vogel, HHS acting chief information security officer, said in a prepared statement. "It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively."

The cybersecurity practices explore the most relevant and current threats to the healthcare industry, call on industry stakeholders to take protective and preventive cybersecurity measures and provide resources for organizations to assess their own cybersecurity posture and develop policies and procedures. The document also includes two technical volumes geared toward IT and IT security professionals that focus on cybersecurity practices for small, medium and large healthcare organizations.

The cybersecurity practices were an industry-led effort in response to a mandate that required the development of practical cybersecurity guidelines to reduce risks for the healthcare industry. The two-year effort brought together more than 150 cybersecurity and healthcare experts from the industry and government, according to HHS.

“The healthcare industry is truly a varied digital ecosystem," Erik Decker, industry co-lead and chief information security and privacy officer for the University of Chicago Medicine, said in a prepared statement. 'We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” 

""

Danielle covers Clinical Innovation & Technology as a senior news writer for TriMed Media. Previously, she worked as a news reporter in northeast Missouri and earned a journalism degree from the University of Illinois at Urbana-Champaign. She's also a huge fan of the Chicago Cubs, Bears and Bulls. 

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”