HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HHS Awards Grants to Improve Cyber Information Sharing Ecosystem

The Department of Health and Human Services (HHS) has announced that cooperative agreements totaling $350,000 have been awarded to The National Health Information Sharing and Analysis Center (NH-ISAC) in Florida. NH-ISAC will serve as an information sharing and analysis organization (ISAO) for the health care and public health sector.

The funding has been provided as part of the HHS effort to improve the sharing of cyber threat information and is intended to better protect the healthcare industry against cyberattacks.

NH-ISAC was awarded cooperative agreements by the Office of the National Coordinator for Health Information Technology (ONC) and the HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR).

Under the cooperative agreement from the ONC, NH-ISAC is required to share threat information bi-directionally with the Health and Public Health sector and the HHS. NH-ISAC has been tasked with providing cybersecurity information and education on the latest cyber threats to all healthcare industry stakeholders. Threat information will be sent by the HHS to the ISAO, which will be responsible for disseminating that information to healthcare organizations.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Healthcare organizations will also be able to share threat information with NH-ISAC, which will be responsible for sharing the information with other healthcare organizations and the HHS.

The cooperative agreement awarded by ASPR is intended to help build the infrastructure to enable the organization to share cyber threat information with healthcare organizations.

By creating the infrastructure to enable efficient sharing of threat information, and appointing a single entity through which information can be shared, the HHS will be able to communicate the latest cyber threats efficiently to the full range of healthcare stakeholders.

Many large healthcare organizations are already contracted with ISAOs and are receiving threat intelligence information; however, the new approach will ensure that all healthcare organizations, including small healthcare providers, have access to the information they need to take steps to prevent cyberattacks and data breaches.

Dr. Nicole Lurie, HHS’ assistant secretary for preparedness and response explained that “These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the health care and public health sector, he went on to say, “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.