The size and scope of your Medicare practice will impact your IT security. There’s no denying the influence technology has had on medicine. Health IT offers a kaleidoscope of tools that improve efficiency, engage patients, and promote clinical coordination. Yet, as the digitization of healthcare has evolved, cybercrime has grown with it, making cybersecurity one of the top concerns in the industry. HHS Offers an IT Olive Branch Often, HHS plays the heavy in the health IT narrative, enforcing regulations and pushing tough policy initiatives. However, according to a new agency offering, the feds want to help you combat cyberattacks and improve your practice digital acumen. “Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” says Janet Vogel, HHS acting chief information security officer in a release on the subject. Nuts and bolts: HHS issued new guidance on nipping cyber threats in the bud with a four-volume release, “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients.” Mandated by the Cybersecurity Act of 2015 Section 405(d), the IT opus comes from the “public-private partnership” of150 industry insiders’ collaborative research to promote cybersecurity, an HHS release suggested. The “405(d) Task Group” maintains that in compiling the HICP, the group realized there is not a one-size-fits-all methodology for approaching cybersecurity in healthcare. In fact, they found that each organization has a particular list of “attributes, strengths, and vulnerabilities;” therefore, their cybersecurity strategies must be tailored “to their unique needs,” indicated the report. But, the report does not propose to overwrite past rules, nor is it to be considered a “de facto set of requirements,” HHS warned. Instead, “the report cautions that identifying the size of an organization is not as simple as it may seem, and it provides a table to guide organizations in their evaluation,” write attorneys Kathryn Carey and Aleksandra Vold with national law firm Baker Hostetler in online legal analysis. Check Out the Report’s Hot Topics Consider this vital advice from the HICP report: Tips abound throughout the 34-page document. Highlights include: Endpoint: “We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” noted Erik Decker, industry co-lead and chief information security and privacy officer for the University of Chicago Medicine. “That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” Resources: See the HHS release at www.hhs.gov/about/news/2018/12/28/hhs-in-partnership-with-industry-releases-voluntary-cybersecurity-practices-for-the-health-industry.html. Read the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” at www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.pdf.