HSCC Publishes Privacy and Security Coordination Guide
The Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, a public-private industry council of more than 400 healthcare providers, pharmaceutical and medtech companies, payers, health IT entities, and government agencies, has released a new guide for healthcare organizations to help coordinate privacy and security functions to improve efficiencies, effectiveness, and overall compliance.
The HSCC said it has found significant evidence that neither regulation nor enterprise and risk management programs are approaching privacy and security with coherent and coordinated policy and practice. Privacy roles are concerned with supporting compliance with laws, regulations, standards, and practices, monitoring internal policies and procedures, identifying gaps, and establishing new policies concerning the handling of electronic and physical healthcare data. Security roles are concerned with identifying vulnerabilities and risks and implementing technical, physical, and administrative safeguards to ensure the confidentiality, integrity, and availability of electronic healthcare data. Within the healthcare sector, privacy and security often function within separate and distinct silos, even though privacy and security have a great deal in common.
The guidance is intended to help organizations identify factors that contribute to disharmony between their privacy and security efforts. Conflicting priorities can lead to a disconnect between privacy and security, which increases organizational risk. The guidance is aimed at privacy and security officers and their teams, and others who are looking to develop best practices for their privacy and security programs and provides practical recommendations for collaborative practices to get privacy and security teams working together more proactively and cohesively.
