The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. How does it impact cybersecurity and risk management programs? Why do (should) CISOs care about this? Are we about to throw more money at this problem?

Maybe a smart question: Is there an opportunity to be smarter?

While all are important, that final question is certainly the most valid question. But, the details of the provisions will come when the community feedback comes in. The thing to make note of as you listen to this episode is that there's an opportunity to shape these provisions for the better of the overall healthcare ecosystem, moving beyond lowest common denominator frameworks, standards, and controls.

John Houston and Michael Parisi share their thoughts in the current state of cyber risk management affairs, the opportunity to do more in the RFI and potential responses coming in from the community, and how John's experience with an advanced, mature risk management program at UPMC can help set the bar for what's possible — not just from a guidance or framework perspective, but from a fiscally responsible, scalable, operational perspective.

Listen in to learn more about the RFI and the role you can have in shaping its outcome.

Not in the healthcare space? You should still pay attention. There's a lot going on in the healthcare sector that other industries can leverage.

Note: This story contains promotional content. Learn more.

____________________________

Guests

John Houston Vice President, Information Security and Privacy; Associate Counsel at UPMC [@UPMC] On Linkedin | https://www.linkedin.com/in/john-houston-5b9915b/

Michael Parisi, VP of Adoption, @HITRUST ____________________________

Catch the webcast and the podcast here: https://itspm.ag/hitrust-hhs-ocr-hitech-rfi

Be sure to visit HITRUST at https://itspm.ag/itsphitweb to learn more about their offering.

____________________________

Resources

News Release: https://www.hhs.gov/about/news/2022/04/06/hhs-ocr-seeks-public-comment-on-recognized-security-practices-sharing-civil-money-penalties-monetary-settlements-under-hitech-act.html

Individuals seeking more information about the RFI or how to provide written or electronic comments to OCR should visit the Federal Register to learn more: https://www.federalregister.gov/documents/2022/04/06/2022-07210/considerations-for-implementing-the-health-information-technology-for-economic-and-clinical-health

____________________________

To see and hear more Redefining Security content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity

____________________________

Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

Release date

Lydbog: 23. maj 2022