Because the Director of the Workplace for Civil Rights (OCR) on the U.S. Division of Health and Human Companies (HHS), I’m happy with my crew’s work in the direction of rising cybersecurity consciousness final month, and in reality, each month. OCR enforces the Health Insurance coverage Portability and Accountability Act’s (HIPAA) Privateness, Safety, and Enforcement Guidelines to guard people’ Health Information non-public and safe.
To maintain people’ protected Health Information protected, a company should have robust cybersecurity measures. When a HIPAA regulated entity understands and has good cybersecurity practices in place, this lowers the danger of protected Health Information turning into compromised. To advertise these good practices, OCR affords assets to the general public and lined entities that tackle trending cybersecurity matters. Though robust cybersecurity habits must be year-round, OCR celebrated October’s Cybersecurity Consciousness Month with gusto within the following methods:
- Useful resource Paperwork on Telehealth: OCR issued two useful resource paperwork to advertise cybersecurity in telehealth for various audiences.
- E-newsletter on Sanctions Insurance policies: OCR incessantly publishes Cybersecurity Newsletters to maintain the general public knowledgeable of essentially the most up-to-date cybersecurity matters. In October, OCR put out a e-newsletter on “How Sanction Insurance policies Can Assist HIPAA Compliance”. A corporation’s sanction insurance policies may be an vital software for supporting accountability and bettering cybersecurity and knowledge safety. The e-newsletter relayed what the capabilities, the content material, and execution of what such a coverage would possibly seem like.
- Movies on Defending Towards Cyber-Assaults: OCR launched two movies, in English and Spanish, on the HIPAA Safety Rule and the way IT can assist regulated entities defend in opposition to cyber-attacks. The movies focus on actual world cyber-attack tendencies, primarily based on OCR’s expertise with its breach studies and enforcement, together with methods to detect and mitigate widespread cyber-attacks.
- Settlements: OCR introduced its first ever settlement regarding a ransomware assault. Ransomware is a kind of malware (malicious software program) designed to disclaim entry to a consumer’s knowledge, normally by encrypting the information with a key recognized solely to the hacker who deployed the malware, till a ransom is paid. This settlement with a enterprise affiliate highlights how ransomware assaults are more and more widespread and concentrating on the Health Care system.
- Webinar on Threat Evaluation: To cap off Cybersecurity Consciousness Month, OCR hosted a webinar titled “The HIPAA Security Rule Risk Analysis Requirement”, to an viewers of over 4,000 registrants. A threat evaluation is a key and mandatory step for efficient cybersecurity and HIPAA Safety Rule compliance. This webinar mentioned what’s required to conduct an correct and thorough threat evaluation to protected Health Information.
- Cybersecurity Coaching: All through October, OCR’s eight regional places of work performed cybersecurity coaching for big hospitals, small medical suppliers, enterprise associates, state Health departments, and state social service companies to help them in complying with their cybersecurity obligations within the face of adjusting hostile threats.
We encourage your efforts to maintain your group in compliance with HIPAA, and a part of that effort is having robust cybersecurity measures. Keep tuned for future OCR bulletins in assist of HIPAA and cybersecurity, and please make use of our free cybersecurity assets.
Extra Sources: