With nearly 100% of community health centers utilizing electronic health records (EHR) to care for patients, focus has pivoted from implementation and new workflow development to enhancement in order to drive value and reflect patient needs and population trends. EHR technology presents potential opportunities and significant constraints. Providers frequently document and share potentially sensitive information in the EHR, such as risk for intimate partner violence (IPV), consistent offers of pre-exposure prophylaxis (PrEP), or patient sexual orientation and gender identity (SOGI). Capturing such information can be immensely helpful in providing care tailored to individuals’ needs, but additionally challenges teams to develop workflows that keep the data private rather than risk harm to patients through improper or unintended disclosure.

This resource provides guidance to health centers for implementing FHIR in compliance with the Information Blocking Rule.  

The Office of the National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Act Information Blocking Rule (Info Blocking Rule) prohibits covered actors – including health care providers, health IT developers of certified health IT, and health information exchanges/health information networks– from engaging in practices likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information (EHI). The Info Blocking Rule includes eight exceptions that provide actors with certainty that, when their practice interferes with the access, exchange, or use of EHI and meets the conditions of one or more exception, such practice will not be considered information blocking. An actor’s practice that does not meet all the conditions of an exception will be evaluated on a case-by-case basis to determine whether information blocking has occurred.

In an increasingly connected healthcare landscape, health centers face a dual challenge: the rising tide of cyber threats and the need to comply with stringent data protection regulations, all while managing limited resources. The ever-evolving nature of cyberattacks and the complexity of compliance requirements make it essential for health centers to prioritize cybersecurity tasks effectively.
Many Health Center leaders, IT Managers, and Compliance Directors are trying to ensure that they are properly addressing the ongoing tasks related to compliance and security. This guide provides the baseline of day-to-day tasks that health center IT and Compliance staff should consider to protect their systems and comply with regulatory requirements.

This training guide provides patients with knowledge and awareness about cybersecurity threats to protect their personal health data and to minimize risks from computer viruses and malware.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative addressed health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

This series will equip health centers and their staff to:  

1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
4. Adopt cybersecurity risk management paradigms and incident response planning templates.

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative addressed health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

This series will equip health centers and their staff to:  

1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
4. Adopt cybersecurity risk management paradigms and incident response planning templates.

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative addressed health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

This series equipped health centers and their staff to:  

1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
4. Adopt cybersecurity risk management paradigms and incident response planning templates.

This learning collaborative provided participating health centers a series of four structured virtual learning sessions where they engaged with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative will address health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

This series will equip health centers and their staff to:  

1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
4. Adopt cybersecurity risk management paradigms and incident response planning templates.

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.