Last month, the Department of Health and Human Services (HHS) introduced a new strategy to enhance healthcare cybersecurity, aligning with President Biden’s National Cybersecurity Strategy. We understand the critical role healthcare providers play in safeguarding patient data and ensuring uninterrupted services. That’s why we want to share the key aspects of this new strategy with you.
1. Healthcare Cybersecurity Performance Goals (HPH CPGs):
HHS is introducing voluntary Healthcare and Public Health Sector Cybersecurity Performance Goals (HPH CPGs) to guide healthcare cybersecurity practices. These goals provide essential and enhanced guidelines to enhance the resilience of the healthcare sector, especially for hospitals and patients affected by cyber threats.
2. Resources and Incentives:
HHS is collaborating with Congress to secure additional funding and enforce new cybersecurity requirements. They are exploring potential financial consequences for hospitals that do not meet standards. In the near future, an investment program will be established to assist under-resourced hospitals in implementing security measures, along with incentives for sector-wide investment in cybersecurity.
3. Regulatory Updates and Accountability:
To reinforce cybersecurity measures, HHS plans to incorporate HPH CPGs into existing regulations and programs. Starting with new regulations proposed by the Centers for Medicare and Medicaid Services (CMS), HHS Office for Civil Rights (OCR) aims to update the HIPAA Security Rule in spring 2024, introducing new security requirements.
4. Enhanced Cybersecurity Support:
The HHS is expanding its “one-stop shop” for cybersecurity support. This includes improved coordination between regulatory departments, enhanced incident response capabilities, and promoting the use of government resources in the healthcare sector. The goal is to systematically advance cyber resilience in the healthcare sector, especially for high-risk targets like hospitals.
As you continue to provide the best patient care, we want to ensure you are well-informed about these upcoming changes in healthcare security and compliance. Stay ahead by meeting the requirements and protecting yourselves from potential penalties.
These changes in cybersecurity requirements and recommendations are going to increase the stakes in the world of healthcare provider cybersecurity. With the goal of better protecting private patient information, every covered entity under HIPAA needs to conduct their regular HIPAA Security Risk Assessment, to assess where their current cybersecurity strengths and weaknesses lie.
Medcurity offers the industry’s most intuitive Security Risk Assessment for healthcare providers and their business associates. Our easy-to-use platform is the perfect place for you to start your 2024 HIPAA compliance journey.
If you have any questions or concerns related to HIPAA compliance or this cybersecurity strategy, please don’t hesitate to reach out to our team. Together, we can strengthen the cybersecurity defenses of the healthcare sector.