New effort seeks to aid small doc practices with cyber security

Register now

HITRUST has teamed up with the American Medical Association to offer a series of workshops in 50 cities focused on educating physicians and small practices on risk management and security.

The organizations have scheduled 14 workshops, with cities and dates available here. Issues to be covered include performing cyber and HIPAA risk assessments, fundamentals of good cyber hygiene, implementing cost-effective and manageable cyber security solutions, and lessons learned from other practices.

The need for practices to do security risk assessments is particularly high, because part of the Merit-based Incentive Payment System (MIPS)—one of the payment approaches under MACRA—mandates that physician group practices have an assessment to measure security risks and then document steps to prevent data losses.

Lacking a risk assessment could cost practices 25 percent of their payment under the MIPS program. Practices that say they have done the assessment, but are later audited and are found to have not been truthful, may face fines for inaccurate attestation.

The two-hour workshops will focus on actionable takeaways along with targeted guidance to small practices lacking resources. The first is scheduled on October 9 at Children’s Health in Dallas. The organization was an early adopter of the HITRUST CyberAid program focusing on small organizations, of which more than 50 practices affiliated with Children’s Health participated with no undetected and unmitigated cyber events, says Pamela Arora, senior vice president and chief information officer.

“We see partnering with physician clinics in the community as a crucial way for us to help them better protect their organizations against cyber threats and in turn that protects the entire healthcare community,” Arora adds.

HITRUST, a coalition of stakeholders working to better secure protected health information, earlier this year launched a Community Extension Program with hospitals and payers collaborating to develop a risk management program and create best data security policies, an effort that remains ongoing.

For reprint and licensing requests for this article, click here.