ARTICLE
9 January 2019

HHS Releases Voluntary Healthcare Cybersecurity Practices

HK
Holland & Knight

Contributor

Holland & Knight is a global law firm with nearly 2,000 lawyers in offices throughout the world. Our attorneys provide representation in litigation, business, real estate, healthcare and governmental law. Interdisciplinary practice groups and industry-based teams provide clients with access to attorneys throughout the firm, regardless of location.
On Dec. 28, 2018, the U.S. Department of Health and Human Services (HHS) announced the release of voluntary cybersecurity practices and tools for the healthcare industry.
United States Technology

Shannon B. Hartsfield is a partner in Holland & Knight's Tallahassee office

On Dec. 28, 2018, the U.S. Department of Health and Human Services (HHS) announced the release of voluntary cybersecurity practices and tools for the healthcare industry. The documents were the result of Section 405(d) of the Cybersecurity Act of 2015 and developed by a task group of 103 members and tested by more than 120 stakeholders, including clinicians and IT professionals.

That federal law required HHS to develop guidelines and best practices in collaboration with the Secretary of Homeland Security, National Institute of Standards and Technology (NIST), healthcare industry stakeholders and others. The practices are required to be consistent with NIST standards, as well as HIPAA and the HITECH Act, and should be updated on a regular basis. The documents include a primary overview publication that explores current threats and how to mitigate them. They also include two technical volumes – one for small healthcare organizations and one for medium and large organizations- that discuss cybersecurity practices for those entities.

The task group also provided a number of resources and templates, including suggestions for listing and prioritizing threats, draft policies and links to a number of third party resources.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More