Centra State Healthcare System
AtlantiCare Healthcare
Inspira Health Network
Penn Medicine
Christian Health Care Center
Metrohealth: University Of Michigan Health

Software that manages cybersecurity threats and patient safety, all in one platform

In May 2017, section 405(d) was formed by Health and Human Services (HHS) as a task group to focus on the five most prevalent cybersecurity threats that organizations of varying sizes and backgrounds face today. As part of this work, they developed ten recommended security practices (RSPs) / controls to create a safer, more compliant IT infrastructure and help healthcare organizations (small, medium, and large) to reduce cybersecurity risks.

The new health industry cybersecurity practices rule (HICP) requires that when calculating fines, evaluating audits, or reviewing proposed mitigation steps, HHS consider whether covered entities and business associates adequately demonstrated that they had RSPs in place for at least 12 months.

By documenting and demonstrating evidence of compliance for 12 months, covered entities and business associates could receive:

  • Mitigated HIPAA fines
  • Favorable and early termination of the HIPAA Audit
  • Mitigated remedies in a HIPAA resolution agreement with HHS

The healthcare IT world has changed dramatically in recent years, with an increasing number of cyberattacks. As a result, ensuring organizations have safe cybernetworks no longer falls solely on IT staff but is also the responsibility of leaders across the organization. That’s where ComplyAssistant’s HICP Risk Register tool becomes an invaluable device for your toolkit.

HICP Compliance No Matter the Threat

HICP breaks out risks for organizations into five threats:

  • E-mail phishing attacks
  • Ransomware attacks
  • Connected medical device attacks that may affect patient safety
  • Loss or theft of equipment or data
  • Insider, accidental, or intentional data loss

Filter the Threat

With ComplyAssistant’s HICP Risk Register tool, a user selects one of the five threats and places it on the Risk Register to evaluate it accordingly. The platform then filters the threat through custom settings and capabilities, such as likelihood and impact.

HICP risk register

Control the Threat

From there, users can assign controls to various threats to mitigate the risk of the threat occurring. These controls are best practices designed by the Section 405(d) taskforce and based on a set of voluntary, consensus-based principles and practices to improve cybersecurity in the healthcare sector.

HICP controls

Mitigate the Threat

Using the list of provided controls, users can meet HICP compliance requirements based on their organization's size—small, medium, or large. Each control is sorted by relevance, size, and scope to meet the regulations.

HICP compliance software
Ready to see how ComplyAssistant can help you manage HICP compliance?

Tell us a bit about yourself and one of our experts will contact you: