NEW RESOURCE: CDC and FDA Recommendation to Pause Use of Johnson & Johnson COVID-19 Vaccine (Talking Points)

Resource Search Results

Menu

Edit Your Search


New Search

View MyCitations

s

Displaying records 1 through 20 of 24 found.

21st Century CURES Act and Information blocking - How to Avoid Blocking Interoperable EHI.: HITEQ Highlights Webinar (2021). In this webinar, the HITEQ Center discusses the 21st Century CURES act (CURES act), specifically focused on how it defined interoperability and information blocking and how that relates to health centers. With HHS recently extending the provider compliance date to April 5, 2021, we review how ONC’s final rules defined information blocking requirements and exceptions. We discuss common scenarios and health center policy practices that might be considered information blocking, and how they can reduce health center risks with early planning and policy definitions. More Details...

Data Integration Best Practices for Health Centers & Homeless Services Publication: Health Center Focus Group Recommendations on Data Integration (2020). Health centers use data and technology to improve health outcomes of patients, speed administrative processes, and collect patients’ health and housing histories. This report advances strategies for large and small health centers to match data with homeless service systems to identify and coordinate care for high utilizers of crisis care systems. More Details...

Addressing Intimate Partner Violence and Human Trafficking in the Health Center Setting: HITEQ Highlights Webinar (2020). The coronavirus pandemic and consequent stay-at-home orders may increase danger for those at risk for or experiencing intimate partner violence and human trafficking (IPV/HT). Due to COVID-19, many health centers have shifted health encounters to virtual platforms, which offer unique opportunities to provide trauma-informed care and connect in new ways with those who may be experiencing abuse. Yet, telehealth and virtual visits also present health centers with new challenges related to privacy, safety and digital health equity. More Details...

Patient Confidentiality and Telehealth Package (2020). This packet contains guidance on immediate and long-term telehealth/patient confidentiality questions relevant to federally qualified health centers (FQHCs) across the country. The resources contained within aim to provide risk management considerations for a sustainable telehealth program. More Details...

Cybersecurity Checklist for Health Center Staff Working Remotely (2020). This PDF checklist, developed by HITEQ, provides a guide for health center staff to mitigate cybersecurity risks and threats during times of emergency and incident response that have them working remotely from the health center. More Details...

HITEQ Highlights: Health Center Defense Against the Dark Web: Strategies for Building Security Awareness, Education, and Compliance in 2020 (2020). This HITEQ Center webinar explored key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. This webinar sought to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection were covered with an emphasis on health center-wide information protection. More Details...

Cyber Security Risks — COVID-19: Best Practices for Health Center Staff Working Remotely (2020). The number of COVID-19 cases continue to increase throughout the United States, requiring more and more of our health systems to rely on employees working from home at times. While some of us are required to "shelter-in-place," unfortunately that shelter can create increased risks such as cyber security breaches. With good planning, policies, and employee and family education, health centers can minimize risk and support their employees while working remotely. This presentation will inform your Health Center remote workers on best practices for increasing cybersecurity at home. More Details...

The Roadmap to Becoming a Data-Driven Organization ll: Aligning your Data Strategy and Strategic Plan (2020). This webinar will discuss how to develop an organizational strategy that focuses on data health centers need to achieve their short term and long term goals. Participants will learn how to utilize data to create a strategic plan by creating models that are used to predict, track and optimize health center outcomes. More Details...

Patient Confidentiality & COVID-19 (2020). In this complimentary webinar, we will review the permitted uses and disclosures of patient information during emergencies under both HIPAA and Part 2 and discuss the most recent updates from OCR and SAMHSA. We will also provide responses to health center’s most frequently asked questions and suggest best practices to ensure on-going compliance during this challenging period. More Details...

Strategic Cybersecurity Breach Protection and Incident Response: Guidance and Resources for Health Centers (2019). This is Part 2 of HITEQ's Health Center Defense Against the Dark Web presentation series. This presentation provides general knowledge about breach mitigation and planning strategies for incident response. More Details...

Health Center Defense Against the Dark Web Presentation: Strategies for Building Security Awareness, Education and Compliance (2019). This cybersecurity presentation explores key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. Part 1 of this series will seek to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection will be covered with an emphasis on health center-wide information protection. More Details...

Creating and Managing Strong Passwords at Your Health Center: Guidance in relation to updated NIST security requirements and HIPAA (2018). Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  Question: Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  After consulting with HITEQ cybersecurity experts and consultants who have helped publish cybersecurity guidelines, the recommendations outlined below were communicated. Answer: The short answer is Yes. HIPAA is not prescriptive and takes the general stance that authentication mechanisms should be “reasonable and appropriate” for the risk they present. Being able to say that you are implementing NIST Standards is a good way to show that you are implementing “reasonable and appropriate” controls. Some standards are relaxed in regards to password change and complexity, those items shouldn’t be taken in isolation. The additional controls in the 800-63 recommendations should also be put in place and can include: Having users check passwords against password lists from breaches e.g., https://haveibeenpwned.com/Passwords  Increasing the length requirements Getting rid of password reminder questions Increasing usability Further Guidance from NCCIC/US-CERT: NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping them confidential can make it more difficult for others to access your information. NCCIC/US-CERT recommends users take the following actions: Use multi-factor authentication when available. Use different passwords on different systems and accounts. Don't use passwords that are based on personal information that can be easily accessed or guessed. Use the longest password or passphrase permissible by each password system. Don't use words that can be found in any dictionary of any language. Refer to Tips on Choosing and Protecting Passwords and Supplementing Passwords for best practices and additional information. More Details...

Ransomware Guidance Presentation for Health Centers: Updated with Ransomware Strategies from CISA (2019). This ransomware guidance presentation for health centers, updated with ransomware strategies from CISA, provides information about ransomware, HIPPA implications, recent examples from the news, and suggested resources. More Details...

Center of Excellence for Protected Health Information: FOCUS: PHI is a SAMHSA-funded source for clear and accurate information about patient privacy and confidentiality (2019). Clear and accurate information about confidentiality is important to ensure that patient privacy is protected and that privacy laws are not erroneously interpreted to prevent disclosure of patient information. Individuals living with mental illness or substance use disorders may not seek care without guarantees of confidentiality and privacy protections. Clarifying privacy protections and promoting communication of patient records is critical for improving patients’ access to care and quality of treatment once in care. The Center for Excellence for Protected Health information is supported by SAMHSA and includes key resources around privacy and confidentiality. More Details...

Compliance with 42 CFR Part 2: A Case Study with Community Medical Centers, Inc. (2019). Health centers are actively expanding the substance use treatment services they offer in the community to address access to care for opioid use disorders, and more broadly to address better screening, referral and timely access to all substance use disorder (SUD) treatment. This case study is an example of how a health center is assessing operations to comply with 42 CFR Part 2, with a particular focus on changes to their health information technology (IT) systems. It includes a 42 CFR Part 2 Regulatory Checklist that health centers may find particularly helpful to review. More Details...

Health Center Security & Compliance System Implementation Guide: 1/1/2019 (2019). This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. Newer and rurally located Health Centers can especially benefit from guidance and decision support that assists them in determining how to implement systems in a manner that meets compliance requirements and doesn’t expose information to undue security risk. Identifying and managing these types of risk can be especially important when procuring new Health IT e.g. EHRs, Medical Devices, Data Warehouses for the Health Center. This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. Every time a Health Center adopts and implements newly procured technology, they could be exposing themselves to compliance gaps and security risks. Often these topics are addressed after the solution is implemented and are an after-thought. Unfortunately, the later in the adoption process that security is considered, the costlier it becomes to address as it may require redesign or reconfiguration of software, systems, and processes. Especially important for covered entities, like Health Centers, is for this process to meet the regulations outlined within HIPAA. Throughout this document, the related HIPAA requirements are highlighted within each section so as to better understand where this process sits within broader security risk assessment SRA practices. In the Appendix of this guide is an EHR/Health IT Systems checklist that can be used as an implementation interview guide when procuring new resources. This guide can help organizations identify security concerns and design the appropriate solution starting at the design and vendor-selection phase, thereby increasing the likelihood that security will be considered fully throughout the implementation process. Download the full toolkit below, which includes the following sections: System overview Information classification and inventory Business Associate Agreements and Contracts Risk Analysis Identity management Encryption Auditing and logging Contingency planning Workstation requirements Patching Security testing Vendor and developer access Physical security Network segmentation More Details...

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (2019). Cyber threats to healthcare entities put patient health, business continuity, and IT systems at risk. Under the auspices of the Cybersecurity Act of 2015 (CSA), Section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity. More Details...

Security Risk Assessment: A HITEQ Privacy & Security Resource - New Templates Added May 2017 (2017). To successfully attest, providers must conduct a security risk assessment (SRA), implement updates as needed, and correctly identify security deficiencies. By conducting an SRA regularly, providers can identify and document potential threats and vulnerabilities related to data security, and develop a plan of action to mitigate them. More Details...

Privacy and Security: What You Need to Know (2017). This is the first webinar in a 2-part series on Privacy and Security. Webinar 1 will focus on everything you need to know as a Health Center regarding Privacy and Security, including information on HIPAA, Privacy Practices, Business Associate Agreements, Policies and Procedures, and more. More Details...

Privacy and Security: How to Prevent a Cyberattack (2017). This is the second webinar in a 2-part series on Privacy and Security. Webinar 2 will focus on ways you can prevent a cyber-attack on your Health Center. More Details...

This project is supported by the Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) as part of an award totaling $6,375,000 with 0 percentage financed with non-governmental sources. The contents are those of the author(s) and do not necessarily represent the official views of, nor an endorsement, by HRSA, HHS, or the U.S. Government. For more information, please visit HRSA.gov.