Last month Congress passed a cybersecurity bill as part of the 2016 Omnibus budget. The bill formalizes the information sharing process among industry and government and recognizes the importance of a healthcare industry specific cybersecurity approach. The $1 trillion spending and tax bill includes cybersecurity recommendations that closely follow those from HIMSS and other groups who have pushed fo rmore support to combat cyber threats.
The legislation calls for the creation of a healthcare industry cybersecurity task force to be established within the law’s first 90 days. This task force will look at how other business sectors combat cyber threats, and what technical issues and other challenges make healthcare particularly vulnerable to attacks. It also calls on HHS to work with the Department of Homeland Security and the National Institute of Standards and Technology (NIST) to create voluntary, cost-effective guidelines and best practices for healthcare organizations to follow to reduce risk of cyberattacks. EHR and interoperability issues will also be looked at closely.
It is clear that the issue of cybersecurity in healthcare has never been more important. A recent infographic published by PwC shows the estimated cost of a major healthcare breach at $200 per patient.
To help healthcare providers and organizations understand the impact of cybersecurity, we are hosting an upcoming webinar featuring five industry thought leaders. You can learn more or register for Cybersecurity and Healthcare: A Panel Discussion with Industry Thought Leaders. The webinar is complimentary.
Details of the event:
MODERATOR: Healthcare attorney Matt Fisher, associate with Mirick O’Connell
PANELISTS:
• Mac McMillan, CEO CynergisTek/Chair HIMSS Privacy and Security Policy Task Force
• Iliana L. Peters, Sr. Advisor HIPAA Compliance/Enforcement HHS Office for Civil Rights
• Lee Barrett, Executive Director of EHNAC
• Mark Eggleston, VP/CISOand Privacy Officer for Health Partners Plans
On this webinar these five industry leaders discuss and share their thoughts on the impact of cybersecurity on healthcare organizations including:
• Top priorities for organizations
• What can be done to prevent outside attacks
• What is being done on the BYOD front
• What is being done about internal threats to systems
Q&A from the audience will follow the discussion.
Matt Fisher, Esq. is an associate with Mirick O’Connell. He is the chair of the firm’s Health Law Group and a member of the firm’s Business Group. Matt focuses his practice on health law and all areas of corporate transactions. Matt’s health law practice includes advising clients with regulatory, fraud, abuse, and compliance issues. His regulatory advice focuses on complying with requirements of HIPAA and the Stark Law, Anti-Kickback Statute, fraud and abuse regulations. He is chair of the American Bar Association’s Health Law Section’s Web and Technology Committee. Matt was named a Massachusetts “Super Lawyer” by Boston magazine and Law & Politics in 2013 and 2014.
Iliana L. Peters, J.D., LL.M., is the Senior Advisor for HIPAA Compliance and Enforcement at the HHS Office for Civil Rights. In this role, Ms. Peters is the national lead for OCR enforcement of the HIPAA Rules, and works closely with OCR’s ten regional offices to promote compliance with and enforcement of the HIPAA Rules. Additionally, she supports many other OCR policy and outreach initiatives, including rulemakings, compliance initiatives with other federal agencies, and training, including of the State Attorneys General. Prior to joining the team in D.C., Ms. Peters worked as an investigator in Region VI in Dallas, Texas. Ms. Peters received her Law Degree from Duke and her Masters of Law in Health Care Law from the University of Houston’s Health Law and Policy Institute. Prior to joining OCR, she worked in private practice in Texas.
Mac McMillan, FHIMSS, CISM, is co-founder and CEO of CynergisTek, Inc., an authority in information security, privacy, audit and regulatory compliance in healthcare. He is the current Chair of the HIMSS Privacy & Security Policy Task Force. McMillan brings nearly 40 years of combined intelligence, security countermeasures and consulting experience from positions with both government and private sector positions and has worked in the healthcare industry since his retirement from the federal government in 2000. McMillan served as Director of Security for two separate Defense Agencies, and sat on numerous interagency intelligence and security countermeasures committees while serving in the U.S. government. He currently sits on several advisory boards, including CHIME, AEHIS, HIT Exchange and HealthTech Industry, as well as HCPro Editorial Advisory Board and HealthCare’s Most Wired™ Survey Advisory Board.
Lee Barrett is executive director of EHNAC, a federally recognized, standards development organization designed to improve transactional quality, operational efficiency and data security in healthcare. He speaks nationally on a variety of e-Health/e-Commerce and industry topics and is involved in a number of industry coalitions promoting the use and implementation of both administrative and clinical transactions, including the development and proliferation of electronic health records (EHR) and “Meaningful Use” including the National Health Information Network (NIHN) and Health Information Exchanges (HIEs). Mr. Barrett continues to work on key e-Health industry initiatives that lay the foundation for health information technology – including support and implementation of the American Reinvestment and Recovery Act (ARRA), Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Act (HITECH).
Mark Eggleston, CISSP, GSEC, CHPS, is the VP and Chief Information Security Officer and Privacy Officer for Health Partners Plans. Mark’s background includes the development of an internal compliance approach, complete with policies and tools, to ensure a geographically dispersed healthcare provider organization (across 19 states) were HIPAA compliant. Serving as a consultant, program manager and project manager across the provider organization, he also researched, wrote and communicated corporate policies, procedures, guidelines and forms to meet federally mandated privacy and security requirements. More recently, he has applied his HIPAA expertise to a local health plan by developing a privacy and security compliance program, maintaining compliance with HIPAA’s privacy, security and standardized transaction regulations. Other successful endeavors have included the implementation of a quarterly vulnerability and penetration test and regular audits of role based access across disparate systems.
