Need Assistance?

Would you like more assistance regarding Health IT Enabled QI strategies or support in using any of the included resource sets?

Request Support

Upcoming Events

HITEQ On the Horizon: Demystifying Current and Future Clinical Quality Measure Reporting: UDS+ and the Adult Weight Screening and Follow-up Measure Roundtable (5/16/2024 12:00 PM - 1:00 PM (UTC-05:00) Eastern Time (US & Canada))
HITEQ On the Horizon: Environmental Preparedness for Health Centers (5/21/2024 1:00 PM - 2:00 PM (UTC-05:00) Eastern Time (US & Canada))
Digital Health Strategy to Enable Comprehensive Care: The Importance of Digital Health in Health Centers (5/23/2024 12:00 PM - 1:30 PM (UTC-05:00) Eastern Time (US & Canada))

The Quadruple Aim

: A Conceptual Framework
Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim
Learn More >

Overview

Successful use of Health IT enabled Quality Improvement requires a strong organizational foundation. This includes understanding motivating factors as well as barriers, communicating the value of using Health IT to improve quality and outcomes, and building buy in and commitment throughout all levels of the organization. Resources in this section provide ideas and guidance on how to navigate this critical first step.

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

HITEQ Center / Friday, May 10, 2019

/ Categories: Privacy and Security, Privacy & Security Best Practices, HIPAA, Security Risk Analysis, Breach Mitigation & Response

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

A publication of the Cybersecurity Act of 2015, Section 405(d) Task Group

The HIPAA Security Rule establishes the requirements for protection of electronic patient health information. The safeguards identified are made up of three domains that include administrative, physical, and technical safeguards that need to be addressed. The technical safeguards as defined within 45 CFR §164.312 of the HIPAA Security Rule can be some of the most difficult to comprehend and implement for smaller Health Centers with lower levels of IT and security staffing. Resources and tools that help Health Centers better process and implement these security requirements are much needed and require well-documented methods for planning and maintaining critical security controls.

Toward this objective, in 2017, HHS established the CSA 405(d) Task Group, which leveraged the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership and was made up of over 100 participants and experts across domains that include cybersecurity, privacy, healthcare practitioners, and Health IT organizations.

In December of 2018 this task force published the Health Industry Cyber Preparedness (HICP) document, which is a cyber-preparedness “cookbook” designed to assist small providers in prioritizing cybersecurity threats and implementing controls to address them.

The publication includes a main document, two technical volumes, and a set of resources and templates that include:

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP): The HICP examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats.
Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations: Technical Volume 1 discusses the ten Cybersecurity Practices along with Sub-Practices for small health care organizations.
Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations: Technical Volume 2 discusses the ten Cybersecurity Practices along with Sub-Practices for medium and large health care organizations.
Resources and Templates: The Resources and Templates portion includes a variety of cybersecurity resources and templates for end users to reference.

Print

28801

Tags: SRA HIPAA OCR cybersecurity Security Rule HICP Cybersecurity Act of 2015 breach protection HHS 405(d)

Intended Audience

CIO, CSO, CISO, Health Center Leadership, Security Staff

Documents to download

HICP-Main-508(.pdf, 1.8 MB) - 444 download(s)
HICP-Resources-Templates-Appendix-E-Toolkit(.xlsm, 133.65 KB) - 462 download(s)

Resource Links

A link to the Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients resourcesHealth Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP), the primary publication of the Cybersecurity Act of 2015, Section 405(d) Task Group, aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector. It seeks to aid healthcare and public health organizations to develop meaningful cybersecurity objectives and outcomes.

Related Resources

Acknowledgements

This resource collection was compiled by the HITEQ Center staff with guidance from HITEQ Advisory Committee members and collaborators of the HITEQ Center.

Establishing the Foundation for HIT Enabled QI

A Conceptual Framework