Initiative to Help Small Healthcare Providers with HIPAA Compliance Launched by HITRUST/AMA

HIPAA Compliance

A new initiative – that will assist small healthcare providers with HIPAA compliance, cybersecurity and cyber risk management – has been revealed in a partnership between HITRUST and the American Medical Association (AMA).

Small healthcare suppliers can be particularly susceptible to cyberattacks, as they typically lack the resources to focus on cybersecurity and do not normally have the budgets available to employ skilled cybersecurity staff. This week has uemphasized the need for small practices to improve their cybersecurity defenses, with the announcement of two cyberattacks on small healthcare suppliers by the hacking group TheDarkOverlord.

Recent ransomware cyberattacks have also shown that healthcare groups of all sizes are likely to be targeted. Organizations of all sizes must use good cyber hygiene and have the right defenses in place to improve resilience against ever changing cyber threats.

HITRUST and AMA will be running two-hour workshops where physicians and other healthcare staff will be trained on key areas of risk management, HIPAA compliance, and cybersecurity, with the workshops speccially focused on small healthcare suppliers.

The initiative runs in tandem with HITRUST’s Community Extension Program that was established earlier this year, with the workshops taking place in the two hours before the HITRUST Community Extension Program events, which are taking place in 50 cities round the United States.

HITRUST outlined, “Many clinics, physician offices, and other small providers are looking for local, community-based resources to help guide them through the journey of establishing governance and risk management programs to avoid a cyber-related breach or event that would disrupt their organization and expose the confidential information of their patients or members.” One of the aims of the workshops is to make good cyber hygiene manageable for small healthcare suppliers.

These workshops will supply the information small healthcare providers need to make significant improvements to their cybersecurity tactics and help them meet the requirements of the HIPAA Security Rule.

While many topics will be tackled at the workshops, they will be primarily focused on teaching the basics of good cyber hygiene, explaining the need for cyber and HIPAA risk assessments, and will cover cost-effective technologies that can be put in place to enhance cyber security.

“Trying to determine the best way to secure my practice from cyber threats was a significant – and at times, overwhelming – undertaking,” stated Dr. J. Stefan Walker, a practicing physician in a small practice in Corpus Christi, TX. “Many existing cybersecurity resources and education programs are geared toward larger health care organizations and are not practical for a practice with only a handful of employees.” These workshops will help small healthcare groups by giving relevant, useful, and practical advice specific to practices of their size.

The first workshop is being held by Children’s Health in Dallas, TX and will be on October 9. Details of further events will be published on the HITRUST website.