Privacy & Security
NACHC is Tracking the Impact of the Change Healthcare Cyberattack
Community Health Centers are experiencing disruptions as a result of the recent cyberattack on Change Healthcare, a health care technology company that is part of Optum and owned by UnitedHealth Group. Click here to learn more.
Information Blocking
The Office of the National Coordinator for Health Information Technology (ONC) issued a Proposed Rule, 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. ONC released a final rule in March 2020, published in the Federal Register May 2020.The Final Rule commonly referred to as the Information Blocking Final Rule or the Information Blocking Rule 2020 officially defines information blocking as a practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information. See below information to learn more about the Information Blocking final rule and how your organization can stay compliant.
Resources:
- Information Blocking Resource Center
- Health Information Management System Society (HIMSS): Compliance with ONC’s Interoperability Regulation
- [Webinar] HITEQ Information Blocking
Security Risk Assessment
Due to the fact that health centers utilize Electronic Health Records (EHR), they must follow security mandates set by the Health Information Portability and Accountability Act of 1996 (HIPAA) to ensure electronic health information has been protected. A security risk assessment helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organization’s protected health information could be at risk. The below links will provide educational resources and tools that you can utilize in your health center.
Resources:
Breach Mitigation & Response
NACHC continues to raise awareness amongst health centers to ensure that they have appropriate cybersecurity mitigation measures in place. A continual review of your emergency preparedness plans should include approaches to address cybersecurity attacks and/or breaches. With the heightened use of virtual platforms for telehealth and more robust electronic health record systems, there is a greater need for more vigilance around cyber threats.
We encourage your immediate attention and local efforts to assess your organization’s security infrastructure. For additional technical assistance, please refer to the cybersecurity resource(s) listed below to ensure your organization is prepared and ready to mitigate such cyberthreats and/or attacks should they occur.
Resources:
- 405(d): Aligning Health Care Industry Security Approaches
- NACHC Webinar: Understanding the Cybersecurity Essentials
- NACHC Webinar: Cybersecurity Risk & Preparation
- NACHC’s Emergency Management Resources for Health Centers
- HITEQ (Health Information Technology, Evaluation and Quality Center)
- US CERT (Dept of Homeland Security’s Computer Emergency Readiness team)
Primary Care Associations (PCAs) may have a designated Emergency Management point of contact to assist you with State-issued alerts or local issues. Find a state-by-state listing of PCAs here. Additional technical assistance documents can be found on the Cybersecurity section of the Health Center Resource Clearinghouse here.
For additional Training and Technical Assistance resources on emergency preparedness, check out the Health Center Resource Clearinghouse
Latest
-
Sep 11, 2024 Heat-Related Illness Management in EHR Systems -
Aug 07, 2024 E-Consult Medicaid Fee Schedule- January 2024
