Events Calendar

Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
26
27
28
29
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Events

Articles

New HHS Cybersecurity Initiative: Too Little Too Late?

HHS

After years of increasingly dangerous data security and privacy breaches across the American healthcare environment, HHS has decided to take preventative action. On July 25, HHS announced it will fund a new resource that will share “the most up-to-date cyber threat information across the health and public health sectors and will better equip health systems to identify potential threats and further protect electronic health information.”

This is a step forward in strengthening healthcare’s war against cyber criminals, since thus far health-related organizations have been on their own in dealing with them. But the fine print behind the HHS initiative predicts a painfully long and arguably underfunded project that will take years until we see much benefit. Here’s why.

HHS announced that it is offering coordinated grant opportunities through ONC and the office of the Assistant Secretary for Preparedness and Response (ASPR), to provide a “concerted, centralized effort needed to protect the country’s healthcare environment and data.” The dual grants will be awarded to an existing Information Sharing and Analysis Center (ISAC) that is already providing outreach and technical assistance to participating organizations on cybersecurity threats specific to the health care and public health sectors. The grants will  support expansion of the ISAC’s outreach and education capabilities to meet these goals:

  • Provide more and better information and education on cyber threats to health data
  • Increase education outreach on cyber threats
  • Help equip affected organizations with tools to take action on threats
  • Facilitate information sharing across the healthcare and public health sector and federal cybersecurity partners

Karen DeSalvo, chief of ONC, said “Establishing robust threat information sharing infrastructure and capability within the health care and public health sector is crucial to the privacy and security of health information, which is foundational to the digital health system.”

The two grants (see Grants.gov) will award the winner a combined $250,000 for the first year of what is described as a five-year initiative with a total of approximately $1.25 million to be provided “subject to the availability of funds and satisfactory performance of the recipient….” Entries by qualified non-profit organizations must be submitted by late August, 2016.

Here’s HHS’ plan: (Or, if you want to skip the year-by-year details, jump down a few paragraphs for a summary.)

  • Year 1 (2017): The awardee is to deliver a gap analysis of information sharing within the hospital / public health sector (HPH), develop a concept of operations for sharing between HPH and the federal government, and start developing plans based on this concept.
  • Year 2 (2018): Based on the approved concept, the selected ISAC will coordinate with HHS and the HPH sector to expand its communications reach to be able to share threat information beyond its current membership base to the entire HPH Sector. This effort is expected to include expanding the ISAC’s IT and communications infrastructure. The ISAC will also develop a business plan using a tiered membership fee structure for members to receive full outreach benefits. Options for basic information will be created for non-paying members.The ISAC will also work on coordinating communications structures with other organizations including federal cybersecurity partners.
  • Year 3 (2019): The ISAC will continue to “develop, implement, evaluate, and refine operational information sharing plans.”
  • Year 3 – 5 (2019 – 2021): By this time, the ISAC is expected to begin serving as the main point of contact to support, promote, and enhance information sharing, including being the conduit for private sector entities to share cybersecurity information with federal investigative operations. It also will become the lead organization coordinating analysis and response activities for HPH sector cyber incidents, including developing comprehensive analytical products and creating a more complete picture of cyber threats.

The summary:

It’s fair to say that creating and deploying a nationwide health cybersecurity protection program will not be a simple endeavor. Nevertheless, the outlined project suggests that few if any benefits will be realized by the health care community for up to  three years, as the grant awardee works with HHS  through a painstaking process of gap analysis, concept building, plan design and infrastructure expansion. Further, the funds HHS is allocating seem paltry in comparison to the project’s ambitious size and complexity. It is also worth noting that the objective to eventually share program costs with the private sector through a tiered membership fee structure will prevent many organizations who need the most help from getting it.

In the meantime — right now — many hospitals, practices and other healthcare providers don’t have the resources or information they need to protect themselves from cyber attacks. Healthcare records for one in three Americans were breached in 2015, a dramatic increase over 2014.  Over 80 percent of healthcare executive respondents to a recent Modern Healthcare survey said they expect more cybersecurity attacks in 2016. So far this year, their fears have been justified.

Assistant Secretary for Preparedness and Response Nicole Lurie said during the HHS announcement that with this new bi-directional initiative shared by the federal government and the health care / public health sector, HHS hopes “to build the capacity to better prevent, detect and respond to cyberattacks.”

No one can disagree with that sentiment. But the overall project carries a major downside: no near term benefits. This initiative will proceed over a long, dangerous five year period of innumerable cyber threats. What about solutions for today and tomorrow?

Vice President, Industry Relations

D’Arcy Guerin Gue is a co-founder of Phoenix, with over 25 years of experience in executive leadership, strategic planning, IT services, knowledge leadership, and industry  relations —  with a special focus on patient engagement and federal compliance issues.

Source

HIMSS Special Part 1: HIT Visionary Zach Fox
Check out industry insight from HIT visionary and DrFirst Executive VP and GM, Zach Fox. Visit DrFirst at HIMSS Booth 6232.
We respect your privacy. Your information is safe and will never be shared.
Don't miss out. Subscribe today.
×
×
WordPress Popup
HIMSS Special Part 1: HIT Visionary David Lareau
Check out industry insight from HIT visionary and Medicomp CEO, David Lareau. Visit Medicomp at HIMSS Booth 3421
We respect your privacy. Your information is safe and will never be shared.
Don't miss out. Subscribe today.
×
×
WordPress Popup
casipoldiyarbetetabetetabetw88w88w88betfokusbetfokuslordbahisparobetparobetbuzbahisbullbahiscasino sérieuxcasino sérieuxcasino sérieuxcasino sérieuxcasino en ligne populairemeilleur site de jeux casino en lignemeilleur site de jeux casino en lignecasino en ligne en francecasino en ligne en francecasino en ligne de confiancebetbinanstwinplayistanbulbahisistanbulbahisistanbulbahisparis sportifs hors arjelonwin üyeliksahabet üyelikrestbet girişpulibetsüperbetinbtcbahiscanlı casino sitelerionline casino1xbet mobilligobet mobilcapitolbetmostbet üyelikbizbet üyelikgobahis girişmatbet girişikimisli girişbordobet girişbetcio girişalfabahisalfabahisbetgoowinxbetwinxbetwinxbetwinxbetbetkanyontaksimbetrexabetrexabetrexabetenobahisbookmaker hors arjelparis sportifs en Italieparier sur les cornersparier sur le nombre de tirsmystake chickenparis hippiques en ligneplinko francecasino diceBetzinoVasyCbetCasino Lucky8betkanyonbetkanyontaksimbettaksimbettaksimbettaksimbetbetistbetistbetistenobahisenobahisenobahisbetkolikbetkoliksmartbahissmartbahissmartbahistrendbettrendbetgamabetgamabetgamabetgamabetaspercasinoaspercasinoaspercasinonisanbetnisanbetnewbahismelbetonbahisbetonredbetonredromabettipobettipobetefes casinobetandreasfixbetbetbababetbababuzbahisbuzbahisbullbahisbullbahisbetsofbetsofall right casinokombinebetbetbinansbetbinansbetbinansmaksatbahisbetbabaorisbetorisbetbizimbahissiyahbethayalbahishayalbahishilbetsantosbettingsantosbettingsantosbettingsantosbettingnerobetnerobetswordbetswordbetswordbetinbahislevabetlevabetlevabetcasiveracasiveracasiverakordonbetkareasbetprincessbetkikbetkikbetkikbetbetmarketbetmarketbetmarketyapbahsinibetingoasyabahishipercasinocasinoperbahisnowsüpertotobetalibahisfaulbetfaulbetrelaxbahisbetingoasyabahiscasinopercasinoperbahisnowbahisnowpiyasabetpiyasabetyonjabetcasinoslotbetibombetibomredwinbitslercresus casinocresus casino aviscresus casino gratuitcresus casino connexioncresus casino connexioncresus casino connexioncresus casino applicationwild sultanwild sultan casino en lignewild sultan aviswild sultan francewild sultan bonuswild sultan vipwild sultan viptortuga casinotortuga casinotortuga casino en lignetortuga casino avistortuga casino bonus sans dépôttortuga casino applicationtortuga casino applicationmadnixmadnix casino avismadnix casino avismadnix casino en lignemadnix casino en lignemadnix casino bonus sans dépôtmadnix casino bonus sans dépôtmadnix casino retraitmadnix casino mon comptemadnix casino mon comptewinouiwinouiwinoui casinowinoui casino connexionwinoui casino connexion