HITRUST/AMA Begin Project to Assist Small Healthcare Firms with HIPAA Compliance

HITRUST has revealed it will be working with the American Medical Association (AMA) for a new project that will assist small healthcare companies with HIPAA compliance, cybersecurity and cyber risk management.

Small healthcare providers can be more exposed to cyberattacks, as they usually lack the resources to dedicate to cybersecurity and do not tend to have the budgets at their disposal to employ skilled cybersecurity staff. This week has highlighted the need for small practices to strengthen their cybersecurity defenses, with the announcement of two cyberattacks on small healthcare providers by the hacking group TheDarkOverlord.

Recent ransomware attacks have also pointed to the fact that healthcare organizations of all sizes are likely to be attacked. Organizations, both big and small, must practice good cyber hygiene and have the right defenses in place to improve resilience against constantly changing cyber threats.

HITRUST and AMA will be holding 2-hour workshops where physicians and other healthcare workers will be trained on key areas of risk management, HIPAA compliance, and cybersecurity, with the workshops mainly focused on small healthcare firms.

The project runs in tandem with HITRUST’s Community Extension Program that was initiated earlier this year, with the workshops taking place in the two hours before to the HITRUST Community Extension Program events, which are being held in 50 cities across the United States.

HITRUST commented, “Many clinics, physician offices, and other small providers are looking for local, community-based resources to help guide them through the journey of establishing governance and risk management programs to avoid a cyber-related breach or event that would disrupt their organization and expose the confidential information of their patients or members.” One of the targets of the workshops is to make good cyber hygiene achieveable for small healthcare firms.

These workshops will supply the information small healthcare firms need to make vital improvements to their cybersecurity posture and help them meet the requirements of the HIPAA Security Rule.

While many areas will be covered in the workshops, they will be mainly focused on teaching the bacis of good cyber hygiene, explaining the need for cyber and HIPAA risk assessments and will include cost-effective technologies that can be put in place to improve cyber security.

“Trying to determine the best way to secure my practice from cyber threats was a significant – and at times, overwhelming – undertaking,” commented Dr. J. Stefan Walker, a working physician in a small practice in Corpus Christi, TX. “Many existing cybersecurity resources and education programs are geared toward larger health care organizations and are not practical for a practice with only a handful of employees.” These workshops will assist small healthcare firms by providing relevant, useful, and practical advice specific to practices of their size.

The first workshop is being held at Children’s Health in Dallas, TX and will happen on October 9. Details of further events will be revealed on the HITRUST web portal.

Author: Maria Perez