In May 2017, section 405(d) was formed by Health and Human Services (HHS) as a task group to focus on the five most prevalent cybersecurity threats that organizations of varying sizes and backgrounds face today. As part of this work, they developed ten recognized security practices (RSPs) / controls to create a safer, more compliant IT infrastructure and help healthcare organizations (small, medium, and large) to reduce cybersecurity risks.
The new health industry cybersecurity practices rule (HICP) requires that when calculating fines, evaluating audits, or reviewing proposed mitigation steps, HHS consider whether covered entities and business associates adequately demonstrated that they had RSPs in place for at least 12 months.
The healthcare IT world has changed dramatically in recent years, with an increasing number of cyberattacks. As a result, ensuring organizations have safe cybernetworks no longer falls solely on IT staff but is also the responsibility of leaders across the organization. That’s where ComplyAssistant’s HICP Risk Register tool becomes an invaluable device for your toolkit.
HICP breaks out risks for organizations into five threats:
With ComplyAssistant’s HICP Risk Register tool, a user selects one of the five threats and places it on the Risk Register to evaluate it accordingly. The platform then filters the threat through custom settings and capabilities, such as likelihood and impact.
From there, users can assign controls to various threats to mitigate the risk of the threat occurring. These controls are best practices designed by the Section 405(d) taskforce and based on a set of voluntary, consensus-based principles and practices to improve cybersecurity in the healthcare sector.
Using the list of provided controls, users can meet HICP compliance requirements based on their organization's size—small, medium, or large. Each control is sorted by relevance, size, and scope to meet the regulations.
Tell us a bit about yourself and one of our experts will contact you: