Cyber attacks are on the rise in healthcare. Is your organization well equipped to manage growing risk as the industry becomes more and more digitized? Below are insights and resources to help you avoid preventable breaches, protect patients, and meet regulatory requirements, while optimizing and prioritizing cybersecurity investments.
-The Clearwater Team
Making Cyber Risk Management an Ongoing Process
The HIPAA Security Rule, as well as the National Institute of Standards and Technology (NIST) and other standards, stipulate that a risk analysis and risk management process should be ongoing, and not performed at a single point in time. However, many healthcare organizations treat risk analysis as a once and done process. The Office for Civil Rights’ “Guidance on Risk Analysis Requirements Under the HIPAA Security Rule” is based on NIST SP 800-30 Guide for Conducting Risk Assessments and further emphasizes the requirement for continuous, ongoing Cyber Risk Management.
When systems, technology, or processes change, an organization’s risk posture becomes obsolete, leaving the possibility that current controls no longer adequately address significant risk. In order for a healthcare organization to update and document its security posture appropriately, it should be conducting risk analysis as a part of its ongoing operational security program.
As we kick off the new year, Clearwater is continuing its tradition of delivering valuable educational programming. See below for a list of upcoming virtual and in-person sessions designed to provide clarity on key issues and opportunities facing healthcare organizations and help you See Cyber Risk in 2020.
January 15, 2020
Webinar: Understanding SHIELD Act Implications
This past summer, the Governor of New York signed into law the “Stop Hacks and Improve Electronic Data Security Act” (SHIELD ACT). This Act amends New York’s existing data breach notification law by expanding the definition of “Private Information” and by adding “Data Breach Security Protections” similar to those of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. It is important for healthcare organizations that own or license any computerized information of New York residents to be aware of this Act as they may need to bolster cybersecurity safeguards and they will have new reporting requirements in the event of a breach. During this HFMA Region 2 webinar (open to all) Clearwater Chief Risk Officer Jon Moore will review the key elements of the legislation and discuss its implications.
Join Clearwater for a live demonstration of the purpose-built software used by hundreds of healthcare organizations to perform an OCR-Quality Risk Analysis™.
The final month of 2019 saw another wave of notable Office for Civil Rights (OCR) activity. With the new year upon us, many healthcare organizations are wondering what we might see from OCR in 2020 in terms of enforcement activity and other initiatives. Clearwater is pleased to have Iliana Peters, JD, CISSP, attorney with Polsinelli and former OCR Acting Deputy Director, join Executive Chairman Bob Chaput for a discussion of issues and trends that security professionals should have on their radar.
Industry Event:Five Years Later: Is it Time for Healthcare to Look at the NIST Cybersecurity Framework to Support HIPAA Compliance?
Attend the 29th National HIPAA Summit, happening March 3-5, in Arlington, VA, and hear Clearwater’s Jon Moore discuss how the NIST Cybersecurity Framework provides a structure and approach to meet not just the letter of the HIPAA Security Rule but also its intent. On-site and webinar attendance options are available. Use promo code "grantor" to save $200 off the regular ticket price.