Data Storyteller

The exercise cards in this set present scenarios and response-related questions designed to provide a quick (5–10 minute) method for health center staff to: Refresh knowledge of the content in their emergency and cyber incident response plans; Examine and troubleshoot procedures in their emergency and cyber incident response plans; Identify improvements to their emergency and cyber incident response plans; and Increase staff capacity to operationalize the actions outlined in their emergency and cyber incident response plans. The scenarios and questions on these cards can serve as a starting point to spark discussions amongst your team about scenarios and responses that are specific to the context of your health center (e.g., what extreme weather events are most common in your area?). The first five cases describe environmental scenarios, and the last two cases describe cybersecurity scenarios.

Many health centers struggle to reap the benefits of technological advancement and investments in health information technology (health IT), while others embrace them and reap rewards. Interoperability is one such example; requiring health centers assess systems, relationships, and implementation.

There are keys to successful interoperability implementation for which health centers must develop processes, stand up infrastructure (within the system, internally and externally, and organization), and then take action.

Process refers to structured processes, policies, and procedures within the health center.

Infrastructure refers to structural capacity and ability within the health center’s technology and staffing structure.

Action refers to full implementation to the point of active and ongoing use and engagement.

This scorecard encourages health centers to consider their processes, infrastructure, and action in a number of key areas. Each area key to interoperability are to be self-graded on a scale of 1 through 5, where 1 is poorly or not yet developed and 5 is well developed. Health centers can also use this to guide discussions and monitor progress over time.

This HITEQ Center webinar explored key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. This webinar sought to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection were covered with an emphasis on health center-wide information protection.

To successfully attest, providers must conduct a security risk assessment (SRA), implement updates as needed, and correctly identify security deficiencies. By conducting an SRA regularly, providers can identify and document potential threats and vulnerabilities related to data security, and develop a plan of action to mitigate them.

Since 2010, the healthcare industry has seen a remarkable increase in the use of technology in the administration and delivery in healthcare. This has led to a mass migration of data from paper charts and isolated systems to Electronic Medical Records (EMRs) and interconnected systems that transmit patient health and financial information across trusted and untrusted networks. While this has been a boon for the industry in its ability to provide timely information to those who need it the most, this transition has introduced a great deal of risk to the confidentiality and integrity of the information. Coupled with the fact that the information can be quickly monetized by criminals through insurance fraud and identity theft, the ecosystem is target-rich.