General cybersecurity guidance would suggest that Health IT breach should not be considered a matter of “if”, but rather a matter of “when”. How Health Centers prepare and respond to an episode of a breach is just as important as defending itself from the breach.

It is of critical importance to motivate and educate healthcare professionals on current critical privacy and security concepts and methods for defense of health data. Aspects of security awareness training, breach protection, incident response, and related topics all play a role toward organization-wide information protection. Healthcare cybersecurity is the ultimate team sport. The responsibility goes beyond the IT staff and includes front and back office staff, doctors and nurses, patients, executives, and the board of directors. The attached presentation is directed to all levels of the healthcare organization so that they may be proactive and aware.

Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user. 

Many times when we think of mobile health it is in the terms of patient engagement and communication, but it is important for Health Centers to also be familiar with privacy and security concerns as it relates to mobile devices used by providers and staff.

The National Cybersecurity Center of Excellence (NCCOE) has recently provided two new resources that cover movile device security and a catalogue of currently known threats. Both items are available for download from the NCCOE website.

A well-done security risk assessment (SRA) will identify security vulnerabilities across the breadth of a healthcare organization's health information systems. Factors will include policy, organizational and technical related requirements to privacy and security measures. ONC, in recognizing the complexity of this task for small to medium healthcare providers developed a toolkit to assist in conducting SRAs.

From the ONC YouTube website:

HIPAA requires practices to assess their PHI as part of their risk management process. Learn more about a risk assessment and how your practice can benefit.

The National Institute for Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) are pleased to co-host the 9th annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, on October 19-20, 2016 at the Capital Hilton, Washington, D.C.

The conference will explore the current healthcare cybersecurity landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. It will highlight the present state of healthcare cybersecurity, and practical strategies, tips and techniques for implementing the HIPAA Security Rule.