Wondering what the HITRUST/AMA workshop partnership means for your business? Here’s a brief primer on the new workshops being rolled out, and what you can do to increase cybersecurity.
Cyber risk is everywhere. While we all know it’s real, it’s hard to conceptualize in real-world terms. Instead, we remember that one time that Target got hacked. Or we imagine some sort of cartoon supervillain with a mask and cape, and a black uniform covered in green 1’s and 0’s.
Okay, so that’s a little extreme. It is true, however, that many people are so overwhelmed by the nebulous idea of cybercrime that they aren’t really sure what to do about it. That’s where we come in, with a stated mission of providing insurance, retirement and investment organizations with cutting-edge, trustworthy and secure software. Here at Kraft Technology Group we take the utmost caution to ensure our clients’ information is safe, and that the vital information they safeguard for others – health and financial documents – is always secure.
Naturally, when we heard that the Health Information Trust Alliance (HITRUST) was partnering with the American Medical Association (AMA) to provide physicians and their staff with information risk management training, we just had to tune in. We’re guessing, if you’re in a profession that exposes you to sensitive client information, you’re pretty curious too.
So just what exactly is going on with this partnership, and what can we learn from it?
The HITRUST/AMA Cyber Risk Management Education Partnership
If you started to get a little drowsy while reading the words “cyber risk management education partnership,” that’s okay. You’re only human, and the fundamentals of managing risk in our increasingly digital world are pretty nebulous.
HITRUST and the AMA recognize that too few businesses – even larger ones – have adequate cyber protection and risk management plans in place, often because the requirements are unclear and companies have little to no budget dedicated to these endeavors. Even when they do, it’s not always obvious how to proceed with a plan that will address not only short-term risks but longer-term issues as they develop.
In response, the two organizations are teaming up to provide a series of workshops around the country. The first and most important point to understand is that in the last few years, cyber attackers have set their sights increasingly on the healthcare industry. While it might seem counterintuitive to steal healthcare information – is Grandpa Jim’s asthma record really worth hacking into a system for? – there actually exist compelling reasons for hackers to do so.
Much of the data that exists in electronic health records (EHRs) can be monetized, including social security numbers, financial information, and insurance policy data. The results? Identity theft, false insurance claims and in some cases, severe monetary consequences. The motivation to hack investment accounts is even more obvious, with many of the same results. (In a phrase: It’s not good.)
Cleanliness Is Next to … Financial Security?
They say cleanliness is next to godliness, but HITRUST and the AMA are taking a slightly different tack: Cleanliness is next to fiscal safety. As a healthcare or financial institution in Nashville, there is much you can do to ensure impeccable “cyber hygiene.” The workshop teaches actionable steps to take, such as:
How to perform a cyber risk assessment
How to assess HIPAA protocols to ensure you stay in compliance when it comes to safeguarding medical information
The basics of good cyber hygiene, including daily risk management routines, safe online behaviors, and periodic risk assessments
How to implement effective cyber risk management strategies on a budget
Case studies from a variety of medical practices
One of the main purposes of the workshop is to address the options for smaller businesses, which don’t have the major risk management departments larger organizations can afford. Even without the larger budgets and staffing, however, smaller practices can do a lot to mitigate risk. If you’re a larger business, never fear: You can learn plenty from this workshop as well. Whether or not you go, speaking with an administration software provider can help you learn even more.
How Can You Implement Principles of Good Cyber Hygiene in Your Business?
So how can you meaningfully address this risk when receiving managed IT services in Nashville? Your approach must encompass more than information technology solutions; you must also take care to incorporate the highest level of financial and medical data security.
What you need are meaningful ways to address this risk that don’t break the bank. Here’s where we once again look to the HITRUST/AMA partnership for guidance on how to move forward with a safe, repeatable and flexible cyber hygiene plan that will keep your clients’ information safe and your business in good standing.
First and foremost, you do have the option of attending the workshops. The first American Medical Association Cyber Clinic, hosted by Children’s Health will be held in Dallas, with workshops to follow in at least 50 cities across the nation over the following year. If you don’t want to wait for the workshops to roll out in your area, you can book a ticket to the event now.
Whether or not you opt to participate, it’s a very good idea to get in touch with your managed IT provider and ask about cyber hygiene right away. A good administration services company will have the fundamentals of cyber risk management down to a science (like we do) and have the ability to further customize your IT plan to meet your organization’s specific requirements. Moreover, they should specialize in your field – in this case, medical – to ensure they’re up-to-date on the current risks and best solutions with which to help mitigate them.
If you’re curious to learn more about how you can make your systems watertight, as well as increase the security of your EHR and general online behavior, it’s time to get in touch with a professional today. Whether you already work with us here at Kraft Technology Group (hi!) or are looking for a new provider (welcome!) we can help. Get in touch via email@example.com or (615) 600-4411 to safeguard your client data, provide for the long-term safety of your business and get the peace of mind you deserve today.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.