Blog

405(d) and HIPAA: Roadmapping your Cybersecurity and Compliance Journey

HIPAA compliance is a foundational requirement for any healthcare organization. However, the ever-increasing complexity and frequency of cyber-attacks require healthcare organizations to invest more resources in cybersecurity and risk management strategies to further protect their digital assets and data.

The 405(d) HICP security practices were architected by the Department of Health and Human Services (HHS) and prompted by recent White House Executive Orders encouraging critical infrastructure industries to better address cybersecurity threats. The 405(d) practices build upon the HIPAA Security Rule with a prescriptive set of best practices scalable to any size health system, hospital, or provider network.

A sound approach for many healthcare organizations will be to build upon their current HIPAA Security program to incorporate 405(d) best practices aligned to their organizational profile and risk tolerance. So how do you advance your cybersecurity program and develop a roadmap for 405(d) and HIPAA? Join us on Tuesday, September 20 at 1pm ET as we discuss how to best scope and prioritize your security practices based on risk management principles, level of effort, and budget as part of your journey to cybersecurity maturity.

Key Learnings:

  • Classifying your organization using the 405(d)-HICP Threat Mitigation Matrix
  • Inter-connecting HIPAA Security with 405(d)Incorporating compliance mandates and cybersecurity frameworks into a holistic cybersecurity and compliance program
  • How to roadmap your journey to adopting 405(d)

 

About the Author
Avatar photo

Greg Brock

Chief Technology Officer
Greg Brock, Chief Technology Officer of Intraprise Health, has over 31 years of experience in the design, development, and delivery of advanced software solutions for space, government defense, and healthcare service industries. See full bio