The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs?
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?
Maybe a smart question: Is there an opportunity to be smarter?
While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.
John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.
Listen in to learn more about the RFI and the role you can have in shaping its outcome.
Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.
Note: This story contains promotional content. Learn more.
____________________________
Guests
John Houston
Vice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC]
On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/
Michael Parisi, VP of Adoption, @HITRUST
____________________________
Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfi
Be sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.
____________________________
Resources
Individuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health
____________________________
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity
____________________________
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story