Skip to Main Content
Don't have an account? Create Account
Don't have an account? Create Account

HHS Releases Cybersecurity Resources for HIPAA-Covered Entities

The Department of Health and Human Services Office for Civil Rights (OCR) has developed new resources to explain the steps to take in response to a cybersecurity incident.

The resources — designed for entities covered by the Health Insurance Portability and Accountability Act or their business associates — include a cybersecurity checklist and corresponding infographic. The checklist directs affected organizations on:

  • executing response and mitigation procedures and contingency plans;
  • reporting the crime to law enforcement agencies;
  • reporting cyber threat indicators to federal agencies and information-sharing and analysis organizations; and
  • reporting breaches to OCR as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals.

America’s Essential Hospitals has established a resource page dedicated to cybersecurity threats. Visit this page for new and updated information.

Contact Director of Policy Erin O’Malley at or 202.585.0127 with questions.


About the Author

Michelle Rosenfeld is manager of communications at America's Essential Hospitals.

Previous Next
Test Caption
Test Description goes like this