In this month's newsletter, we address the issue of patient safety and cyber risk, which has become an increasingly important topic as ransomware attacks threaten the availability of critical data and services. In addition, we provide recommendations on how to ensure your incident response plan is incident ready. We also highlight upcoming educational presentations that will share insight on how to manage an Office for Civil Rights' Corrective Action Plan and what OCR's recent enforcement activity means going forward. Links to recent articles of note from around the industry are included as well.
Lessons from Real-Life Crash Courses in Patient Safety and Cybersecurity
Comprehensive privacy and security measures need an evolving focus, one that incorporates attention to compliance, security, enterprise cyber risk management, patient safety, and medical professional liability.
As a healthcare entity, your responsibilities are three-fold:
Ensure there’s not an unauthorized disclosure of or access to this information.
Ensure that an unauthorized person cannot modify, delete, or change this information.
Ensure the information is accessible and accurate when it’s needed and it remains stored where it should be.
You can remember these core responsibilities simply as: Avoid the compromise of CIA— confidentiality, integrity, and availability.
Incident response, even with effective planning, can be stressful. That stress is heightened with attacks that happen outside of normal operating hours. And even for those that may originate during the business day, response and recovery can rack up hundreds—or more—hours, late nights, weekends, and holidays. Not to mention the financial expenses that can quickly add up during incident response, sometimes exceeding hundreds of thousands of dollars for a single entity.
So what can you do to help reduce some of this stress so you are prepared for incidents no matter when or where a disruption occurs?
See below for a list of upcoming virtual educational sessions designed to provide clarity on key risk and compliance challenges and opportunities facing healthcare organizations. Click the image to learn more about a particular event.
If the time we have scheduled is not convenient with your schedule, register anyway and we will be sure to send you the webinar recording.
Visit our library of On-Demand Webinars for a wealth of additional content you can review at your convenience.
FEATURED WEB EVENT | NOVEMBER 11, 2020
When the Office for Civil Rights (OCR) discovers HIPAA violations and offers a settlement that an organization accepts, three things typically happen: a resolution agreement, payment of money, and a corrective action plan (CAP). While the dollar amounts can be large, the more painful part may be the CAP. Compliance with the CAP is mandatory, burdensome, and constantly monitored.
In a CHIME20 Digital Recharge presentation that is part of the event's Cybersecurity Challenges track, Mark Ballister, CISO for the University of Rochester Medical Center (URMC), and Jon Moore, Chief Risk Officer and Senior Vice President of Consulting Services for Clearwater, will discuss how URMC is approaching/managing its CAP and the steps the organization is taking to ensure OCR’s expectations are met.