Cybersecurity can only be reached in a culture where privacy and security are esteemed. Each of us have a significant role to play in establishing such a culture.
Four things that can help provider practices in particular build a privacy and security culture:
- ONC Educational Resources
- Risk Assessments
- National Institute of Standards and Technology (NIST) Cybersecurity Framework
- MMY Consulting
The Office of the National Coordinator for Health Information Technology (ONC) focuses on helping our health care providers in small practices; discover how to adopt a culture of privacy and security.
The National Institute of Standards and Technology (NIST) has developed a Cybersecurity Framework that offers a set of standards, best practices, and methods for addressing cyber risk. Its risk management style lines up with the HIPAA risk assessment. The Cybersecurity Framework provides a launching site for health care providers to contemplate the cyber risks applicable to their specific situation. Providers are encouraged to apply only the security measures or controls in the Framework that address their specific need.
“ONC, NIST and OCR are working closely to develop additional resources to help providers and their offices better understand how the Framework connects with HIPAA Security Rule requirements. ONC is committed to promoting the use of the Framework and emphasizing the relevance of cybersecurity risk to the healthcare environment.”
“Viewing educational resources, conducting risk assessments, and adopting the Cybersecurity Framework are about more than gaining HIPAA compliance or Meaningful Use incentives. The end goal is a growing culture of privacy and security, where PHI is protected and secure and cybersecurity is realized. If providers have this mindset, we are headed in a secure direction.”
We at MMY understand the current challenges and data security risks that threaten your culture. See what a significant role we can play today.