Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
1
2
3
4
5
6
7
8
12:00 AM - DEVICE TALKS
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
2
3
4
DEVICE TALKS
DEVICE TALKS
2018-10-08 - 2018-10-10    
All Day
Westin Boston Waterfront 425 Summer Street, Boston, Massachusetts 02446, United States
DEVICE TALKS BOSTON 2018: BIGGER AND BETTER THAN EVER! Join us Oct. 8-10 for the 7th annual DeviceTalks Boston, back in the city where it [...]
More Info
6th Annual HealthIMPACT Midwest
6th Annual HealthIMPACT Midwest
2018-10-10    
All Day
REV1 VENTURES COLUMBUS, OH The Provider-Patient Experience Summit - Disrupting Delivery without Disrupting Care HealthIMPACT Midwest is focused on technologies impacting clinician satisfaction and performance. [...]
More Info
3rd International Conference on Environmental Health & Preventive Medicine
15 Oct
2018-10-15 - 2018-10-16    
All Day
Conference Series Ltd invites all the participants from all over the world to attend “3rd International Conference on Environmental Health” during October 15-16, 2018 in Warsaw, Poland which includes prompt keynote [...]
More Info
CONNECTED HEALTH CONFERENCE 2018
17 Oct
2018-10-17 - 2018-10-19    
7:00 am - 6:00 pm
CONNECTED HEALTH CONFERENCE
BALANCING TECHNOLOGY AND THE HUMAN ELEMENT In an era when digital technologies enable individuals to track health statistics such as daily activity and vital signs, [...]
More Info
Epigenetics Congress 2018
Epigenetics Congress 2018
2018-10-25 - 2018-10-26    
All Day
Istanbul
Conference: 5th World Congress on Epigenetics and Chromosome Date: October 25-26, 2018 Place: Istanbul, Turkey Email: epigeneticscongress@gmail.com About Conference: Epigenetics congress 2018 invites all the [...]
More Info
Events on 2018-10-08
DEVICE TALKS
DEVICE TALKS
8 Oct 18
425 Summer Street
Events on 2018-10-10
6th Annual HealthIMPACT Midwest
6th Annual HealthIMPACT Midwest
10 Oct 18
Events on 2018-10-15
15 Oct
3rd International Conference on Environmental Health & Preventive Medicine
15 Oct 18
Events on 2018-10-17
17 Oct
CONNECTED HEALTH CONFERENCE 2018
17 Oct 18
Boston
Events on 2018-10-25
Epigenetics Congress 2018
Epigenetics Congress 2018
25 Oct 18
Istanbul
Latest News

EHNAC Applauds HCIC Task Force Report and Recommendations

June 20, 2017

June 2017 report aligns with industry’s need for actionable methods for an overhaul to cybersecurity through scalability and education and communication

FARMINGTON, Conn. – June 20, 2017 – The Electronic Healthcare Network Accreditation Commission (EHNAC), a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data, today announced its support of the Health Care Industry Cybersecurity (HCIC) Task Force’s June 2 report to Congress titled Report on Improving Cybersecurity in the Health Care Industry and the recommendations therein.

 

The Health Care Industry Cybersecurity (HCIC) Task Force was established by the Department of Health and Human Services (HHS) in March 2016 per the Cybersecurity Act of 2015, Section 405(c). EHNAC applauds HHS and the expert panel of subject matter experts on the HCIC Task Force who contributed to develop these recommendations to strengthen the privacy and security of U.S. healthcare data. The pace of technology is rapidly changing which coincides with increased threats and actual breach incidents occurring.

“The incidence of cyberattacks across healthcare have more than doubled in the last five years, and it’s estimated that data breaches cost the healthcare industry $6.2 billion annually,” said Lee Barrett, executive director, EHNAC. “This report – and most importantly its recommendations for action contained in Appendix A – together with the National Institute of Standards and Technology (NIST) framework, and the important work of accrediting and certification bodies such as HITRUST and EHNAC, can collectively contribute to transform the HCIC recommendations into attainable and operational actions across the healthcare industry.”

Most importantly, the HCIC has identified within the report and recommendations the following premises:

  • Solutions must be appropriate for all healthcare organizations from the smallest single provider office to the most sophisticated and regulated business environment. EHNAC’s multiple accreditation programs specialize in being flexible and scalable, whether dealing with a small office or a complex business.
  • Many regulations and best practices (including but not limited to HIPAA, ISO, NIST, FEDRAMP and others) already set forth methods to strengthen data protection. These should be further leveraged to apply to cybersecurity risk in areas that are not currently subject to such regulations (such as the Internet of Things and current wearable health/medical devices). In this mode, current standards and proven best practices could be extended. Much of the effort ahead is based upon our ability to identify those standards and best practices across our industry and communicate and educate others effectively about them.

Specific examples where the HCIC Report recommends scalability are as follows:

  • Recommendation 1.2 Action Item 1.2.3 – Industry and government should partner to establish an evaluation mechanism and prioritized best practices to support the range of small to large organizations to consistently apply the NIST Cybersecurity Framework.
  • Recommendation 1.4 Action Item 1.4.1 – Industry should establish scalable best practices for governance of cybersecurity across the health care industry.
  • Recommendation 3.4 Action Item 3.4.3 – Federal regulatory agencies should provide additional guidance to service providers (including HHS-compliant Business Associate Agreements) that wish to align their security management practices with HIPAA and create increased awareness among health care providers that alternative technologies exist to store, access share, and process their data.
  • Recommendation 3.4 Action Item 3.4.4 – Industry should develop user cases and contracts tailored for these small and medium-sized organizations.

Specific examples where the HCIC Report recommends education and communication are as follows:

  • Recommendation 4.1 Action Item 4.1.1 – Trade and professional associations should ensure cyber workforce training and education focuses on corporate officers and boards of Directors communication.
  • Recommendation 4.1 Action Item 4.1.2 – Trade and professional associations in the health care industry should develop materials for CISOs and security leaders to better communicate with executive level leadership and Boards of Directors regarding security risks, priorities, and cyber hygiene posture.

For more information on EHNAC’s cybersecurity efforts within the industry, see the primer on “Cybersecurity Protection in Healthcare: How Accreditation Can Mitigate Your Risk” on the EHNAC website.

 

About EHNAC

 

The Electronic Healthcare Network Accreditation Commission (EHNAC) is a voluntary, self-governing standards development organization (SDO) established to develop standard criteria and accredit organizations that electronically exchange healthcare data. These entities include accountable care organizations, data registries, electronic health networks, EPCS vendors, e-prescribing solution providers, financial services firms, health information exchanges, health information service providers, management service organizations, medical billers, outsourced service providers, payers, practice management system vendors and third-party administrators. The Commission is an authorized HITRUST CSF Assessor, making it the only organization with the ability to provide both EHNAC accreditation and HITRUST CSF certification.

EHNAC was founded in 1993 and is a tax-exempt 501(c)(6) nonprofit organization. Guided by peer evaluation, the EHNAC accreditation process promotes quality service, innovation, cooperation and open competition in healthcare. To learn more, visit www.ehnac.org, contact info@ehnac.org, or follow us on Twitter, LinkedIn and YouTube.

 

###

Post Views: 571