.st0{fill:#FFFFFF;}

Podcast

Erik Decker – HICP and Cybersecurity Outlooks – Ep 284 

 December 18, 2020

By  Donna Grindle

Share0
Tweet0
Share0

The value of the HICP guides is really beginning to be realized as we approach the 2nd anniversary of it’s release. Erik Decker, Chief Information Security Officer and Chief Privacy Officer, University of Chicago Medical Center (and 405d Task Force industry lead and co-chair) was kind enough to join us again to discuss what’s coming next for HICP and what he sees in healthcare cybersecurity management as we head into 2021.

Erik Decker HICP 405d and HPH council logos

A 5 star review is all we ask from our listeners.
Apple PodcastsGoogle PodcastPlayer EmbedShare Review Us on Apple PodcastsListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotify
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

Erik Decker – HICP and Cybersecurity Outlooks – Ep 284

The HIPAA Boot Camp

Virtual Edition Feb 23-25, 2021

Share Help Me With HIPAA with one person this week!

Thanks to our donors.  We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

Erik Decker – HICP and Cybersecurity Outlooks

[08:28]
I feel a little bit like a doomsayer here, but one of the things I’ve been talking about for several years has been my biggest fear is an attack against a regional system, not not a specific hospital system, but many hospital systems within a particular region. And what kind of harm that could do. And, you know, just at the end of October, that’s what we started seeing. It didn’t happen necessarily regionally, but it happened nationally.Erik Decker
[14:21]
.. a tidbit about how these threat actors work. This is actually one of those cases where it’s a multi crime syndicate organization, where it’s one organization, it breaks in and gets their credentials, gets the privileges, and then they sell them off to the ransomers or those who want to use that to then deploy their ransom and extortion actions. So this is not even that we’re just talking about single groups here that are doing these things. Erik Decker
[18:00] This episode was recorded a week or so before the news from FireEye and SolarWinds about the major breach we are learning about right now. We had a very relevant conversation about supply chain cybersecurity. As Erik called it, the overall ecosystem has to be considered today when you are doing your risk assessment and risk management.

[18:00] If you aren’t familiar with the history behind HICP, Erik is one of the original members of the teams dealing with healthcare cybersecurity under 405d. He shares where it started. Understanding the real value of what was created and continues to be updated by the task groups. We are both members of the group. If you want to learn more or volunteer send us an email or direct to cisa405d@hhs.gov and they will send you the application form.

Follow the group on Twitter at @ask405d (and other social media sites) to get the additional information and updates as we roll them out. Of course, we will be doing that here especially on the parts that we are involved in developing.

If you want to learn more about or do more with any of the HICP tools let us know. We are eager to share ideas for how to use it and other ways to get the word out. Let us know!

The next information due out very soon is educational tools. Right now you can access the bimonthly newsletter The 4059(d) Post at https://healthsectorcouncil.org/the405dpost/ that includes articles from taskforce members about current cybersecurity news and issues.

[39:52]  It is important to note that we are updating HICP after two years because so much has already changed in cybersecurity and healthcare also. A lot of things are changing including how we must work together to take care of the network.

“Cyber safety is patient safety” is really the core to what the tech team’s part of the big picture of keeping healthcare and businesses running. We want to be part of that change to make sure we provide the support we need to those who are providing care.

[46:12] We just covered information blocking but what is happening from Erik’s viewpoint at the big Medical Center perspective.

I like to think of 21st Century Cures Act as meaningful use 3.0. Erik Decker

Big discussions going on right now about timing of releasing information to patients without any consultation with providers. There are big patient care situations that must be evaluated in the big picture of releasing records to patients.

“Maybe 21st Century Cures will be the death of the fax” in healthcare was a point we all agree would be awesome.

We also discussed the new CMS ruling about cybersecurity donations. He has some interesting insights into how they may be addressed.

Go to top

Every time we have Erik Decker join us we have a great conversation. We will definitely have him back in 2021 as more of these things roll out from HICP.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word.  As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Listener Survey

Special thanks to our sponsors Security First IT and Kardon.

Share 0
Tweet 0
Share 0

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: