Skip to Main Content
Don't have an account? Create Account

HHS Releases Cybersecurity Resources for HIPAA-Covered Entities

The Department of Health and Human Services Office for Civil Rights (OCR) has developed new resources to explain the steps to take in response to a cybersecurity incident.

The resources — designed for entities covered by the Health Insurance Portability and Accountability Act or their business associates — include a cybersecurity checklist and corresponding infographic. The checklist directs affected organizations on:

  • executing response and mitigation procedures and contingency plans;
  • reporting the crime to law enforcement agencies;
  • reporting cyber threat indicators to federal agencies and information-sharing and analysis organizations; and
  • reporting breaches to OCR as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals.

America’s Essential Hospitals has established a resource page dedicated to cybersecurity threats. Visit this page for new and updated information.

Contact Director of Policy Erin O’Malley at eomalley@essentialhospitals.org or 202.585.0127 with questions.

Share

About the Author

Michelle Rosenfeld is senior writer/editor at America's Essential Hospitals.