Risk Management

HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing Requirements

At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly… more