Page 58 - Cyber Defense eMagazine forJune 2021
P. 58

In February 2016, the OCR published a crosswalk, connecting the HIPAA Security Rule with the National
            Institute  of  Standards  and  Technology’s  (NIST)  Cybersecurity  Framework.  This  document  maps  the
            overlaps between the two frameworks and as the Security Rule offers flexible and scalable guidance,
            aligning  it  with  the  NIST  Cybersecurity  Framework  allows  Covered  Entities  to  identify  and  correct
            vulnerabilities  in  their  cybersecurity.  By  complying  with  NIST’s  Cybersecurity  Framework  and
            implementing the necessary HIPAA safeguards, healthcare organizations can protect themselves from
            even the most serious data breaches and subsequent consequences, while ensuring HIPAA compliance.

            Moving forwards, the events of 2020 look set to change the way we approach data security and we can
            anticipate reforms being made to legislation in 2021. The HHS has already hinted change may be on the
            horizon for the Privacy Rule, perhaps plans for the Security Rule are also being considered.

            The  last  major  overhaul  to  HIPAA  legislation  was  in  2013,  with  the  Final  Omnibus  Rule.  This  rule
            introduced many of the privacy and security recommendations of HITECH. However, much has changed
            to the cybersecurity landscape since 2013, and the threats facing healthcare organizations today are far
            more advanced. Considering ransomware, the onslaught of this malware happened well after 2013. So
            it is conceivable why some people are calling for a major shakeup.

            Looking at the healthcare technology  trends, cybersecurity will remain a key focus of the healthcare
            industry over the coming year, as we learn from our experiences during the pandemic and look to better
            protect our valuable patient data, including big data analytics as this becomes more commonplace. It
            remains to be seen whether the OCR will take this opportunity to update HIPAA regulations, taking into
            account the evolution in cyberattacks that were not accounted for when the law was enacted.




            About the Author
            Dr. Rachael Bailey, Healthcare IT Content Consultant at Atlantic.Net.

            A graduate of the University of Chester and postgraduate of the University
            of Liverpool, with a Ph.D. in Gastroenterology and Cell Biology and a First-
            class degree in Biomedical Sciences.  An experienced and passionate
            medical writer and an expert in writing scientific documents, regulatory-
            related  documents,  and  articles  discussing  US  Healthcare  and
            Compliance.
            Rachael can be reached online at website https://www.atlantic.net/




















            Cyber Defense eMagazine – June 2021 Edition                                                                                                                                                                                                58
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.
   53   54   55   56   57   58   59   60   61   62   63