After more than a year at work, the Health Care Industry Cybersecurity Task Force in June issued its report on what providers must do to better safeguard patient data.
The task force, established by Congress in its Cybersecurity Act of 2015, is comprised of 21 leaders in health IT and related areas and was charged with addressing the cybersecurity challenges in healthcare today.Among its many highlights, the report cited a survey of 200 healthcare providers by research firm KLAS that said “many respondents widely reported that their electronic health records (EHRs) placed little attention on cybersecurity. Providers also report that many device manufacturers treat security as either an afterthought or that the attention is woefully inadequate.”
Rather than accepting that scenario, physicians should see the report as a call to action, said Robert M. Tennant, MA, director of health information technology policy for the Medical Group Management Association.
He said in light of the report, physicians should evaluate the safeguards they use to protect their EHRs against hackers. They should also revisit the plans they have in place to protect their data against the more mundane, but very real, threats that can disrupt their practices.
“You have to think more generally about how you, as a physician, are protecting your most important business asset: your practice data,” Tennant said. “This is a growing problem, and practices have to be vigilant and do whatever they have to do to mitigate threats and preserve business continuity.”
The 96-page report provides a snapshot of the current state of cybersecurity and runs through numerous imperatives, recommendations and action items.