Health Industry Cybersecurity Practices: Where Cyber Safety Meets Patient Safety

Posted by Ken Reiher

Overview and Background

Health Industry Cybersecurity Practices (HICP) is a product of the U.S. Department of Health and Human Services 405(d) Program. Its aims are to raise awareness, deliver proven cybersecurity practices, and move toward consistency in mitigating the most pertinent cybersecurity threats to the healthcare sector. It seeks to aid healthcare and public health (HPH) organizations in developing meaningful cybersecurity objectives and outcomes.

The 405(d) Program started as a mandate from Congress under the Cybersecurity Act of 2015 (CSA), Section 405(d) to improve cybersecurity in the healthcare and public health sector. Originally, the team had one goal: to create a document that developed cybersecurity awareness and provided best practices for allaying the most pertinent cyber issues within the healthcare sector to date. As a result, the 405(d) Task Group, which is a collaborative effort of members from the Department of Health and Human Services (HHS), Health Sector Coordinating Council, and cybersecurity and healthcare experts, established the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients and its accompanying two tech volumes.

HICP Importance and Benefits

Cybersecurity has become more complicated since the advent of the 405(d) Program. HHS continues to maintain a full view of the intersection between cybersecurity and healthcare, including data protection and response to cyber threats. In turn, the 405(d) Program provides organizations across the U.S. with resources and recommendations on how to mitigate and prepare for cybersecurity threats.

The HICP includes:

  • The Main Document—provides an overview of the 5 threats facing the healthcare sector and instructions on how to use this publication.
  • Technical Volume 1—provides the 10 cybersecurity practices and many subpractices for small entities, which can be implemented to combat the 5 threats.
  • Technical Volume 2—provides the 10 cybersecurity practices and many subpractices for medium and large entities, which can be implemented to combat the 5 threats.

HICP 2023 Updates

The 2023 edition of HICP includes new top five threats and many new mitigating practices that your organization should implement to keep patients safe. A breakdown of these items can be found in the HHS 405(d) 2023 HICP update blog post.

How can ComplyAssistant help with Health Industry Cybersecurity Practices?

  • Most important, our president and CEO Gerry Blass is a 405(d) ambassador and member of the 405(d) Task Group. This means he is part of the group responsible for the development of products such as HICP and other resources. The Task Group works to update, revise, and create official 405(d) products to provide effective and current cybersecurity practices. He brings this expertise to his role at ComplyAssistant and applies his knowledge to advance offerings to our clients.
  • Our healthcare compliance consultants are a valuable resource for our clients, as they serve as valued subject matter experts (SMEs) on information security. They can design and implement the best solutions to meet the company’s security needs.
  • We also offer customizable and comprehensive healthcare compliance software, which is innovative, intuitive, and simple to use. It is built and maintained utilizing AGILE methodology, which means that we continually upgrade, enhance, and release new capabilities. Furthermore, because our software is cloud-based, you won’t have to worry about maintaining any additional local hardware or technology.

To learn more, contact us for a complimentary evaluation.