Learn best practices for your needs. Along with electronic health records (EHR) and other information technology (IT) benefits, such as improved efficiency, clinical coordination, and patient engagement, those same technologies have also created an opportunity for criminal activities. That’s why cybersecurity has become one of the top concerns in healthcare management, and is extremely important for your general surgery practice. HHS Offers Direction Despite Health and Human Services’ (HHS’) reputation for implementing tough policy initiatives and enforcing regulations for IT, according to a new agency offering, the feds want to help you combat cyber attacks and improve digital acumen for your practice. “Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” says Janet Vogel, HHS acting chief information security officer in a release on the subject. Nuts and bolts: HHS recently issued a four-volume release, “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients.” Mandated by the Cybersecurity Act of 2015 Section 405(d), the IT opus comes from the “public-private partnership” of 150 industry insiders’ collaborative research to promote cybersecurity, an HHS release suggested. The “405(d) Task Group” maintains that in compiling the HICP, the group realized that there is not a one-size-fits-all methodology for approaching cybersecurity in healthcare. In fact, they found that each organization has a particular list of “attributes, strengths, and vulnerabilities;” therefore, their cybersecurity strategies must be tailored “to their unique needs,” indicated the report. But the report does not propose to overwrite past rules, nor is it to be considered a “de facto set of requirements,” HHS warned. Instead, “the report cautions that identifying the size of an organization is not as simple as it may seem, and it provides a table to guide organizations in their evaluation,” write attorneys Kathryn Carey and Aleksandra Vold with national law firm Baker Hostetler in legal analysis. Check Out the Report’s Hot Topics Here is an overview of the HICP report: Tips abound throughout the 34-page document. Highlights include: Endpoint: “We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” noted Erik Decker, industry co-lead and chief information security and privacy officer for the University of Chicago Medicine. “That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” Resources: See the HHS release at www.hhs.gov/about/news/2018/12/28/hhs-in-partnership-with-industry-releases-voluntary-cybersecurity-practices-for-the-health-industry.html. Read the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” at www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.pdf.